last executing test programs:

8m52.200169451s ago: executing program 0 (id=766):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x0, 0x0, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil})
r3 = dup(r2)
ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f00000002c0)=0x10000)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000100)={0x1fd, 0x1, 0xd000, 0x1000, &(0x7f0000f9b000/0x1000)=nil})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

8m51.518965444s ago: executing program 0 (id=769):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000000)='./bus\x00', 0x2000082, &(0x7f0000000440)=ANY=[@ANYBLOB="6e6f6e756d7461696c3d302c757466383d312c757466383d302c6e6f6e756d7461696c3d302c636f6465706167653d3835322c696f636861727365743d6b6f6938017ba83b2d752c73686f72746e616d653d77696e6e742c756e695f786c6174653d302c6e6f6e756d7461696c3d302c73686f72746e616d653d77696e39352c757466383d312c756e695f786c6174653d312c73686f72746e616d653d6d697865642c73686f72746e616d653d77696e39352c696f636861727365743d63703933362c00"], 0x22, 0x365, &(0x7f0000000800)="$eJzs3T9onGUYAPDn+iW5JFhzg1B0Ot0EKU3EQaeEUqGYQSuH/xYPm/ondxZyeBCHXG5RipPiIujk1kHHzuIg4ubgagWpiovdCg1+cnff/b9rE/Bipb/fEB6e932+9/m+fOS+O5I3rzdi++J8XLp580YsLuZibv3setzKRSFORBId+zHRRwuT8wDAPe5WmsZfacfdZ3+y3I289gPA/1f79f/Nk/1E/gjFVx6YRUsAwIz13//n7vT+//mJ2cszawsAmKGxz/8fGxoe+Zh/rvc7AR1Ls28QAPjXvfjKq89tbEZcKBYXI6of1kv1UjzTH9+4FG9HJbbiTKzEQUTnQaHztND6+uz5zXNnii2/FaLUqqiXIqqNeqnzpLCRtOvzsRorUcjq01590qpfbdcXI2K/0V4/qrl6aT6Ws/V/Xo6tWIuVeGisPuL85rm1YnaAUrVb34hoxmL3JFr9n46V+PGNuByVuBit2n7/e6vF4tl0c6i+fjXfngcAAAAAAAAAAAAAAAAAAAAAALNwuthT6O1/k1Yb9Q8ujE4oDO2PU+oMZ/sDNTv7A6X57u48V5LR/YGG9+epl+bixH965gAAAAAAAAAAAAAAAAAAAHDvqO0uRLlS2dqp7b6/PRg0BjLvfv/Vt0vRHZrLSt9J+lXRSuYiho7TnThw5CR6S6S98jQZmpMFSUR38n756rVex4Nz8r2zGCtvBfmxoVzWU7lSOfnor59Pqvq7Fey3M0mMXZbhIJetPzBUfbCVWIyIg2lV04O1u8y5nqbptPK9z0Yz2VYMjSO3cYjguxtvPfxk7dRT7cw32UqPP7Hy0vVPv/xju1yJZufKVCoLO7WD9BBHbt0+vUyaZkEycP/ksuucm3AnTA6a/Uxzp7ZbTn768+VHPv5hZHIy+f5JBzPvTV/r69HMQifIRRS6F+FOrc5PuPknB6/d7t29R//GnfpivXxt75ffD1s18EPCRh0AAAAAAAAAAAAAAAAAAHAs+n/0OzKQpmljatXTL8y8MQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Rv3//z8QNMcyWVCI8cm94HYjxofyWzu1qYsvHeupAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwH/snAAD//1pcfGk=")
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(fcrypt)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000412ff8)="3665a1ab415b7ac7", 0x8)
r4 = accept(r3, 0x0, 0x0)
sendmmsg$alg(r4, &(0x7f0000000740)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000001c0)="564004c6852da7a299e4c397614090d1a6e12edf1767f157", 0xfcdc}], 0x1, &(0x7f0000000480)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0)
recvmsg(r4, &(0x7f000000b680)={0x0, 0x10400004, &(0x7f000000b600)=[{&(0x7f000000b4c0)=""/5, 0x4}, {&(0x7f000000b500)=""/153, 0xfb59}], 0x2}, 0x0)
sendmsg$nl_generic(r0, 0x0, 0x4040084)

8m48.608989029s ago: executing program 0 (id=775):
syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000980)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x1200800, &(0x7f00000008c0)=ANY=[@ANYBLOB="706172743d3078303030303030303030303030303031302c6e6c733d69736f383835392d332c747970653d78fa42012c666f7263652c6769643d", @ANYRESHEX=0x0, @ANYBLOB="00000000f5", @ANYRESHEX=0x0, @ANYBLOB], 0x3, 0x6ae, &(0x7f0000000e40)="$eJzs3U9sHFcdB/DvbDbrbJBSt03TgJBqNVIFjUjsrEqChNSAEMohQhFcerUSp7GySSvHRWmEyAYoSJw4oR44FKFw6AkhhFQOCFHOSEhcOOUeiRuHHABXM7O7Xtsbx25ir9t+PtJ43ts3773f/DJ/dsexNsBn1rnXsr+XIueOn79Z1u/d7XTv3e1cG5STTCVpJM16laKdFB8mZ1Mv+Xz5Yn+44mHzvHL/g6L57vudutbsL9X2jc36bTB2y15yYFjZl2SmLv53y8NuGK9aqnEuro73cFObNRbDuMuEHRskDiZtZYPeamPjkd23ft4Ce9bt+r65wXRyMPXdtbrF9a8Oj74yTN6m16be7sUBAAAAO2XsZ/lRTz3Ig9zMod0JBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4divo7A4v+0hiUZ1IMvv+/NfKd+q0Jh/uY3rlcrb771KQDAQAAAAAAAIDH8sKDPMjNHBrUV4rqd/4vVpXD1c/P5a3cyEKWciI3M5/lLGcpc0mmRwZq3ZxfXl6a29jzlyl7rqys3O73PDW256m1cfXWBzrufxps2AgAAAAAAAAAPrN+lHOrv/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC9oEj21atqOTwoT6fRTHIgSauYGW7emmiwT8BfJh0AAAAA7Lx2f32o+H9dWCmqz/xHqs/9B/JWrmc5i1lONwu5VD0LqD/1N/7R63Tv3e1cK5eNA3/j39uKoxox9bOH8TPPVls8N+xxLt/O93I8M7mQpSzm+5nPchYyk29VpfkUme4/vZi+d7edQawb4z27pnZhfWwvjJTL+I5WkbRzOYtVbCdysTUIvdHf7ujIbH9sJetmvFNmp3i1b4s5utRfl3v0i/56b5iu9nz/MCOz/dyX2Xh6NO8bc7/N42T9THNpDJ9BHV6dpayun+lj5fxgf13m+qc7m/NtPkpbm4nez8va4Og7snnOky//868XrjSuX71y+cbxvXMYfUzrj4nOSCae31ImumUmeo+RiQOPE/+T0+pno76Kbu9q+WLV91AW8528kUtZyOnMZi5nMpuv5VQ6OTWS1+c2z2t1rjW2d64d+1K/UN6TfjZyb9o1Uw9rKPP69EheR69001Xb6CurWXpmC1kqWhmfpX+NDaX5hX6hnOPHI3ecyVufibmRTDy7eSZ+/b+VJDe6168uXZl/c5M5bv354EuD8qBQnrbvrL02/+ZJ7tc29He3PF6eKf+xUt82Ro+Osu3ZQVudr6KZ1X6Hh21r73OtVqrzuW571JlajnTkzriR6rbnx87SqdqOjrSteZeTN9IdvgsBYA87+PLBVvt+++/t99o/aV9pnz/wzakzU19sZf/fmn/a97vGbxtfL17Oe/lhDk06UgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+DS48fatq/Pd7sLSHiyk8YQHvDO2aZCK+pXW3tj3T2pharMj6vdJNunemkTM7SR7InVp7sJcUxnTdH74SjtpDONJcnWPfMEdsBNOLl978+SNt299ZfHa/OsLry9cP3Xm9KunO1+du33y8mJ3Ybb+OekogZ2w+jZg0pEAAAAAAAAAAAAAW7Ubf94wZtqiN4F9BQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD6Zzr2W/b0UmZs9MVvW793tdMtlUF7dspmkkaT4QVJ8mJxNvWR6ZLjiYfO8cv+DX7307vud1bGag+0b6/r94T8rK9vci15/yUySff31o01tabyLI+P1thlYrRjuYZmwY4PEwaR9FAAA///howfX")
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0xfffffffe}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r2 = socket$igmp(0x2, 0x3, 0x2)
sendmmsg$inet(r2, &(0x7f00000045c0)=[{{&(0x7f0000000000)={0x2, 0x4e24, @broadcast}, 0x10, 0x0, 0x0, &(0x7f0000000280)=[@ip_retopts={{0x14, 0x0, 0x7, {[@timestamp={0x44, 0x4, 0xc5, 0x0, 0xf}]}}}], 0x18}}], 0x1, 0x80)

8m46.340158212s ago: executing program 0 (id=778):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000340)='./file1\x00', 0x210000, &(0x7f0000002f40)={[{@nodelalloc}, {@dioread_lock}, {@barrier_val={'barrier', 0x3d, 0x4}}, {@nolazytime}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@errors_remount}, {@stripe={'stripe', 0x3d, 0x5}}, {@bh}, {@init_itable}]}, 0xfc, 0x56f, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hzcpouowmHWsduD24F19kCCIOxD/Adx+H/4B/xUAHQ0bRBxEiN73psjZp2i4z2fL5wG3Pyb23535z7vf2nNyEBDC0jqU/chEvR8Q3ScShlnX5yFYeW9tu9eH1mXRJol7/9M8kkuyx5vZJ9vtAVnkpIn79KuJkbnO71eWV+WK5XFrM6hO1hSsT1eWVU5cWinOludLlqenpM29NT737zts9i/X1839//8ndD898fXz1u5/vH76dxNk4mK1rjeMJ3GitHCv+m5VG4+yGDSd70NggSfp9AOzKSJbno5FeAw7FSJb1wPPvy4ioA0Mqkf8wpJrjgObcvkfz4GfGgw/WJkCN2Mda48+vvTYSextzo/2ryWMzo3S+O96D9tM2fvnjzu10ia1fh9jXpQ6wIzduRsTpfH7z9T/Jrn+7d7rx4vHWNrYxbP9/oJ/upuOfN9qN/3Lr459oM/450CZ3d6N7/ufu96CZjtLx33ttx7/rl67xkaz2QmPMN5pcvFQunY6IFyPiRNS73vo4s3qv3mld6/gvXdL2m2PB7Dju5/c8vs9ssVaMiLFdhvyYBzcjXsm3iz9Z7/+kTf+nz8f5bbZxtHTn1U7rusf/dNV/initbf8/6tZk6/uTE43zYaJ5Vmz2162jv3Vqv9/xp/2/f+v4x5PW+7XVnbfx495/Sp3W7fb8H0s+a5SbSXCtWKstTkaMJR9vfnzq0b7NenP7NP4Tx7e+/rU7/9PJ1+fbjP/WkVsdNx2E/p/dUf/vvHDvoy9+6NT+9vr/zUbpRPZIdv1rLztXtnuAT/r8AQAAAAAAwCDJRcTBSHKF9XIuVyisvb/jSOzPlSvV2smLlaXLs9H4rOx4jOaad7oPtbwfYjJ7P2yzPrWhPh0RhyPi25F9jXphplKe7XfwAAAAAAAAAAAAAAAAAAAAMCAOdPj8f+r3kX4fHfDUNb7YYE+/jwLoh65f+d+Lb3oCBlLX/AeeW/Ifhpf8h+El/2F4yX8YXvIfhpf8h+El/wEAAAAAAAAAAAAAAAAAAAAAAAAAAKCnzp87ly711YfXZ9L67NXlpfnK1VOzpep8YWFppjBTWbxSmKtU5sqlwkxlodvfK1cqVyanYunaRK1UrU1Ul1cuLFSWLtcuXFoozpUulEb/l6gAAAAAAAAAAAAAAAAAAADg2VJdXpkvlsulRYWOhfdjIA7jaQa4Zle75wclCoUOhZtZ9+5srz5elAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgg/8CAAD//4yLMZo=")
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d0000000700000000000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000880)={&(0x7f0000000a80)='kfree\x00', r0}, 0x10)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

8m44.131774164s ago: executing program 0 (id=786):
syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000000000)='./bus\x00', 0x2000082, &(0x7f0000000440)=ANY=[@ANYBLOB="6e6f6e756d7461696c3d302c757466383d312c757466383d302c6e6f6e756d7461696c3d302c636f6465706167653d3835322c696f636861727365743d6b6f6938017ba83b2d752c73686f72746e616d653d77696e6e742c756e695f786c6174653d302c6e6f6e756d7461696c3d302c73686f72746e616d653d77696e39352c757466383d312c756e695f786c6174653d312c73686f72746e616d653d6d697865642c73686f72746e616d653d77696e39352c696f636861727365743d63703933362c00"], 0x22, 0x365, &(0x7f0000000800)="$eJzs3T9onGUYAPDn+iW5JFhzg1B0Ot0EKU3EQaeEUqGYQSuH/xYPm/ondxZyeBCHXG5RipPiIujk1kHHzuIg4ubgagWpiovdCg1+cnff/b9rE/Bipb/fEB6e932+9/m+fOS+O5I3rzdi++J8XLp580YsLuZibv3setzKRSFORBId+zHRRwuT8wDAPe5WmsZfacfdZ3+y3I289gPA/1f79f/Nk/1E/gjFVx6YRUsAwIz13//n7vT+//mJ2cszawsAmKGxz/8fGxoe+Zh/rvc7AR1Ls28QAPjXvfjKq89tbEZcKBYXI6of1kv1UjzTH9+4FG9HJbbiTKzEQUTnQaHztND6+uz5zXNnii2/FaLUqqiXIqqNeqnzpLCRtOvzsRorUcjq01590qpfbdcXI2K/0V4/qrl6aT6Ws/V/Xo6tWIuVeGisPuL85rm1YnaAUrVb34hoxmL3JFr9n46V+PGNuByVuBit2n7/e6vF4tl0c6i+fjXfngcAAAAAAAAAAAAAAAAAAAAAALNwuthT6O1/k1Yb9Q8ujE4oDO2PU+oMZ/sDNTv7A6X57u48V5LR/YGG9+epl+bixH965gAAAAAAAAAAAAAAAAAAAHDvqO0uRLlS2dqp7b6/PRg0BjLvfv/Vt0vRHZrLSt9J+lXRSuYiho7TnThw5CR6S6S98jQZmpMFSUR38n756rVex4Nz8r2zGCtvBfmxoVzWU7lSOfnor59Pqvq7Fey3M0mMXZbhIJetPzBUfbCVWIyIg2lV04O1u8y5nqbptPK9z0Yz2VYMjSO3cYjguxtvPfxk7dRT7cw32UqPP7Hy0vVPv/xju1yJZufKVCoLO7WD9BBHbt0+vUyaZkEycP/ksuucm3AnTA6a/Uxzp7ZbTn768+VHPv5hZHIy+f5JBzPvTV/r69HMQifIRRS6F+FOrc5PuPknB6/d7t29R//GnfpivXxt75ffD1s18EPCRh0AAAAAAAAAAAAAAAAAAHAs+n/0OzKQpmljatXTL8y8MQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Rv3//z8QNMcyWVCI8cm94HYjxofyWzu1qYsvHeupAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwH/snAAD//1pcfGk=")
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x1a, 0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, 0x0, 0x0, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(fcrypt)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000412ff8)="3665a1ab415b7ac7", 0x8)
r4 = accept(r3, 0x0, 0x0)
sendmmsg$alg(r4, &(0x7f0000000740)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000001c0)="564004c6852da7a299e4c397614090d1a6e12edf1767f157", 0xfcdc}], 0x1, &(0x7f0000000480)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0)
recvmsg(r4, &(0x7f000000b680)={0x0, 0x10400004, &(0x7f000000b600)=[{&(0x7f000000b4c0)=""/5, 0x4}, {&(0x7f000000b500)=""/153, 0xfb59}], 0x2}, 0x0)
sendmsg$nl_generic(r0, 0x0, 0x4040084)

8m39.896828805s ago: executing program 0 (id=796):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
recvmsg(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000680)=""/4096, 0x1000}, {0x0}, {0x0}, {0x0}], 0x4}, 0x100)
sendmsg$IPSET_CMD_SAVE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x8, 0x6, 0x201, 0x0, 0x0, {0x1, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x4084)

8m39.447419233s ago: executing program 32 (id=796):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
recvmsg(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000680)=""/4096, 0x1000}, {0x0}, {0x0}, {0x0}], 0x4}, 0x100)
sendmsg$IPSET_CMD_SAVE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, 0x8, 0x6, 0x201, 0x0, 0x0, {0x1, 0x0, 0xa}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x8000}, 0x4084)

8m12.373131558s ago: executing program 3 (id=844):
r0 = socket$l2tp(0x2, 0x2, 0x73)
setsockopt$inet_int(r0, 0x0, 0x2, &(0x7f0000000100)=0xbe, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
syz_mount_image$udf(&(0x7f0000000f00), &(0x7f00000000c0)='./file0\x00', 0xa00004, &(0x7f0000000100)={[{@gid_ignore}, {@iocharset={'iocharset', 0x3d, 'cp1255'}}, {@utf8}, {@uid}, {}, {@iocharset={'iocharset', 0x3d, 'cp737'}}, {@mode={'mode', 0x3d, 0x8}}, {@dmode={'dmode', 0x3d, 0x4}}, {@adinicb}, {@uid_forget}, {@lastblock={'lastblock', 0x3d, 0x7}}, {@gid_forget}, {@iocharset={'iocharset', 0x3d, 'iso8859-3'}}]}, 0x1, 0xc67, &(0x7f0000001dc0)="$eJzs3U9sHNd9B/DfG5LiSm5rJk4VJ42DTVuksmK5+hdTtgp3VdNsA8iyEIq5BeBKpNSFKZIgqUY23JbppYceAhRFDzkRaIUCKRoYTRH0yLQukFx8KHLqiWhhIyh6YIsAAVoEW8zsW3FFkZYskiIlfz429d2deW/mvZnxjCzozQsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIOJ3Xj13/ETaZEXfHjQGAHgoLox99fjJzZ7/AMBj69JW//8PAAAAAAAAAAAAAADsFymKeCpSzF1YSxPV947a+dbAjZvjI6ObVzuYqpp9Vfnyp3bi5KnTX35h+Ew3z7dmPqT+TvtsvD526Vz9ldnrc/NTCwtTk/XxmdaV2cmp+97CdutvdLQ6APXrb9yYvHp1oX7y+VN3rL459MHgE4eHzg4/e+yZbtnxkdHRsfUitd7y/Q/ckI6tRngciCKORYrnvvuT1IyIIrZ/LGoP99xvdLDqxNGqE+Mjo1VHplvNmcVy5cXugSgi6j2VGt1jtPm5iP6Bh9qHrTUilsrmlw0+WnZvbK4537w8PVW/2JxfbC22Zmcupk5ry/7Uo4gzKWI5IlYH797cQBTRHym+/eRaupzf+lEdhy9VA4O3bkexi328D2U76wMRy8UjcM72scEo4rVI8dN3j8SVfJ+p7jVfjHitzO9H3Crz5YhUXhinI97f5Dri0dQfRfxZef7PrqXJ6n7Qva+c/1r9KzNXZ3vKdu8rH/H5cNedYo+eDwc35MOxz+9NtSiiWd3x19KD/2YHAAAAAAAAAAAAAAAAgJ12MIr4TKR49V//oBpXHNW49CfPDv/u0C/2jhl/+h7bKcs+HxFLxf2NyT2QBwZeTBdT2uOxxB9ntSjiD/P4v2/udWMAAAAAAAAAAAAAAAAAAAA+1or4caR46b0jaTl65xRvzVyrX2penu7MCtud+7c7Z3q73W7XUycbOSdyLuVczrmSczVnFLl+zkbOiZxLOZdzruRczRl9uX7ORs6JnEs5l3Ou5FzNGf25fs5GzomcSzmXc67kXM0Z+2TuXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAx0kRRfw8UnzrG2spUkQ0IiaikyuDe906AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA0mIr4XqSo/17j9rL+iEjVvx1Hyl9OR+NAmZ+MxnCZL0fjXM5mlf2Nb+5B+9megVTEjyLFYO2d2yc8n/+Bzrfbl0Hcenv922f7O9nXXTn0weATh588Ozz6+ae3+pw2a8DR862ZGzfr4yOjo2M9i/vz3j/Zs2wo77fYma4TEQtvvvVGc3p6av7BP5SXwANW757Jbez9YX5I/Y9MU33YiQ/Rvy+asTd9v0NtL25O7Lry+f9+pPjN9/6t+8DvPP9r8Qudb7ef8PGzP1p//r+0cUP3+fzv31gvP//LJ8Fmz/+nepa9lH83MtAfUVu8PjdwOKK28OZbx1rXm9emrk3NnD5+/MXh4RdPHR84EFG72pqe6vm0I4cLAAAAAAAAAAAAAAAA4OFJRfx2pGj+aC3VI+JmNV5r6Ozws8ee6Yu+arzVHeO2Xx+7dK7+yuz1ufmphYWpyfr4TOvK7OTU/e6uVg33Gh8Z3ZXO3NPBXW7/wdors3Nvzreu/f7ipusP1c5dXlicb17ZfHUcjCKi0bvkaNXg8ZHRqtHTreZMVfXipoPpP7qBVMS/R4orp+vpC3lZHv+/cYR/3Hr7xdvXwtLGDe3g+P/PH1of//eJnqLlPlMq4meR4jf+/On4QtXOQ3HXMcvl/jpSHD3zuVwuDpTlum3ovFegMzKwLPvfkeLvf35n2e54yKfWy574SAf3EVCe/ycjxff+9Dvxq3nZne9/6D3/68fv0MYN7dL7Hz7Vs+zQHe8r2HbXyef/WKR4+al34teqJf/7oe//6L6x4Uin8Pr7OXbp/P9yz7KhvN9f36nOAwAAAAAAAAAAPMIGUhF/Eyl+MNqfXsjL7ufv/01u3NAu/f2vT/csm9yZ+Yru+WHbBxUAAAAA9omBVMSPI8W1xXduj6G+c/x3z/jP31of/zmSNqyt/pzvl6r3Buzkn//1Gsr7ndh+twEAAAAAAAAAAAAAAAAAAGBfSamIF/J86hPVeP7JLedTX4kUr/7nc7lcOlyW684DP1T9WrswO3Ps3PT0bC0Wm5enp+pjc80rU2XdT0WKtb/6XK5bVPOrd+eb78zxvj4X+3ykGP3bbtnOXOzduck784HX2u2IE2XZT0SK//i7O8vmqanz3NHVdk+WZf8yUnz9Hzcve3i97Kmy7HcixQ+/Xu+WPVSW7b4f9dPrZZ+/MlvswlkBAAAAAAAAAAAAAAAAAADg42YgFfEnkeK/ri/fHsuf5/8f6PlaufV2z3z/G9ys5vkfqub/3+rzg8z/X71XYGmrvQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwOMpRRFvRYq5C2tpZbD83lE735q5cXN8ZHTzagdTVbOvKl/+1E6cPHX6yy8Mn+nmh9ffaZ+J18cunau/Mnt9bn5qYWFqsj4+07oyOzl131vYbv2NjlYHoH79jRuTV68u1E8+f+qO1TeHPhh84vDQ2eFnjz3TLTs+Mjo61lOmf+CB936XtMXyA1HEX0SK5777k/SDwYgitn8s7nHt7LaDVSeOVp0YHxmtOjLdas4slisvdg9EEVHvqdToHqN7nov/a7fbD6srm2hELJXNLxt8tOze2Fxzvnl5eqp+sTm/2Fpszc5cTJ3Wlv2pRxFnUsRyRKwO3r25gSjijUjx7SfX0j8NRvR1j8OXLox99fjJrdtR7GIf70PZzvpAxHJxP+eMrQxGEf8QKX767pH458GI/uj8xBcjXivz+xG3onO+U3lhnI54f5PriEdTfxTxP+X5P7uW3h0s7wfd+8r5r9W/MnN1tqds976yzedDu93+4zL37vnwMO3ze1MtivhhdcdfS//iv2sAAAAAAAAAAAAAAACAfaSIX4kUL713JFXjg2+PKW7NXKtfal6e7gzr6479646Zbrfb7XrqZCPnRM6lnMs5V3Ku5owi18/ZKLPWbk/k70s5l3Ou5FzNGX25fl81XLHdyN8nci7lXM65knM1Z/Tn+jkbOSdyLuVczrmSczVn7JOxewAAAAAAAAAAAAAAAAAAwOOlqP5J8a1vrKX2YGd+6Yno5Ir5QB97/x8AAP//Jhb4VQ==")
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r4)
sendmsg$NLBL_CIPSOV4_C_ADD(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={0x20, r5, 0x1, 0x70bd2d, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_TAGLST={0x4}]}, 0x20}}, 0x0)
r6 = getpid()
syz_pidfd_open(r6, 0x0)
acct(&(0x7f0000000280)='./file1\x00')

8m11.316733248s ago: executing program 3 (id=847):
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f0000000640)=0x10)
r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x1fd, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x300000f, 0x11011, r3, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000080)={@random="e33110495bfd", @dev, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "a7751a", 0x0, 0x3a, 0x30d66df472e0f96c, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2}}}}, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{0x1}, &(0x7f0000000200), &(0x7f0000000280)}, 0x20)
r4 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r4, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, &(0x7f0000000240)={@hyper})
ioctl$DRM_IOCTL_GET_CLIENT(r0, 0xc0286405, &(0x7f0000000180)={0x7, 0x100, {}, {<r5=>0x0}, 0x0, 0x8})
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x0)
setresuid(0x0, 0x0, 0x0)
setreuid(r5, 0x0)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r4, 0x7a8, &(0x7f0000000300)={{@hyper, 0x800000}, @my=0x1, 0x0, 0x0, 0x2, 0xfffffffffffffffe})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r4, 0x7a8, &(0x7f00000000c0)={{@host, 0xffffffff}, @host, 0x0, 0x0, 0x1, 0x4})
close(r4)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x9, 0xfffffffffffffffd}, 0x0, 0x0, 0x0, 0x0)
r6 = socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$sock_inet_tcp_SIOCATMARK(r6, 0x8905, &(0x7f0000000500))

8m10.084856421s ago: executing program 3 (id=849):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
setxattr$security_ima(&(0x7f0000000100)='./file1\x00', &(0x7f0000000140), &(0x7f00000003c0)=ANY=[], 0x700, 0x3)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
socket$kcm(0x10, 0x2, 0x0)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8000000100081044e81f782db44b904021d080c30000000e8fe55a1190015000600142603600e1209004000f8ff0700a80016000a0004400a080000036010fab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1}, 0x4)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
connect$inet(r1, &(0x7f0000000180)={0x2, 0x4e21, @empty}, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socket(0x2d, 0x6, 0x240000f)
r2 = syz_io_uring_setup(0x10c, &(0x7f0000000380)={0x0, 0x5885, 0x10, 0x1000, 0x2c1}, &(0x7f0000000040)=<r3=>0x0, &(0x7f00000001c0))
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x2000008, &(0x7f0000000240), 0xfc, 0x54d, &(0x7f0000000e80)="$eJzs3UFvI1cdAPD/eO3d7G62SYEDVGopbNFuBWtvGtpGHMoiIThVQhTOS0i8UbROvFo77SaqIPkESAgBEie4cEHiAyChlbhwrJAqwRmkIhCiW5DgAJ3K9jiOnHHirJw46/x+0mTee+OZ/3uO33jG8zQTwJn1fETciogP0zR9MSJmsvJCNsV2Z2q97oNHby+1piTS9I1/JpFkZd1tJdn8crbaVER88+sR3032x21sbt1drNWK3XyluXav0tjcurG6trhSXamuz8/PvbLw6sLLCzdH0s4rEfHaV//64x/88muv/fYLb/3l9t+vf69Vrels+d52HFHxoIWdppcuTPWtcP8xg51GrfaUupmLw62zc4z1AQBgsNYx/sci4rMR8WLMxLmDD2cBAACAJ1D65en4XxKR5js/oBwAAAB4ghTaY2CTQjkbCzAdhUK53BnD+4m4VKjVG83P36lvrC93xsrORqlwZ7VWvZmNFZ6NUtLKz7XTvfxLffn5iHg6In40c7GdLy/Va8vj/vEDAAAAzojLfef//57pnP8DAAAAE2b24MUzJ1UPAAAA4Pgccv4PAAAATADn/wAAADDRvvH6660p7T7/evnNzY279TdvLFcbd8trG0vlpfr9e+WVen2lfc++tcO2V6vX730x1jceVJrVRrPS2Ny6vVbfWG/eXo2pE2kQAAAAsM/Tn374pyQitr90sT21nB93pYATUdxNJdk8p/f/+anO/L0TqhRwIs4N8Zr3LuSXO06AJ1uxv2BAXwcmT2ncFQDGLjlked/gnUu7qXey+WdGXycAAGC0rn0q//r/4dcFtgsnUD3gGOnEcHb1fc+nnvUDZ0f7+v+wA3kcLMBEKQ01AhCYZEe8/t/zzrAR0vRIFQIAAEZuuj0lhXL28950FArlcsSV9mMBSsmd1Vr1ZkQ8FRF/nCldaOXn2msmh54zAAAAAAAAAAAAAAAAAAAAAAAAAAAdaZpECgAAAEy0iMLfkt917uV/beaF6f7fB84n/20/Evh8RLz1szd+8mCx2bw/1yp/f7e8+dOs/KVx/IIBAAAA9Ouep7fn/xl3bQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACYNB88enupOw3x8oujivuPr0TEbF78Yky151NRiohL/0qiuGe9JCLOjSD+9k5EfDIvftKq1m7IvPijeBMOiR+z2buQF//yCOLDWfawtf+5ldf/CvF8e97X//Z0+uII4g/e/8Xu/u/cgP5/ZcgYz7z768rA+DsRzxTz9z/d+MmA+FeHjP+db21tDVqW/jziWvf7p73H2xuhl6o01+5VGptbN1bXFleqK9X1+fm5VxZeXXh54Wblzmqtmv3NjfHDZ3/z4UHtv5T7/ZdktRnc/hdyttf9Tro63Sv7/7sPHn28m9neH//61Zz4v/9F9or98QtZnM9l6SR7r9rp7c77uddzv/rDcwe1f7nX/tJR/v/XB220376O8uywHx0A4Bg0NrfuLtZq1funOnErq+3jrN46YD8drTjTiW+/fwo/bN8f6QbTNE1bn9KcRQ8jYpjtJDHilhby69NLDPynjHe/BAAAjF7voH/cNQEAAAAAAAAAAAAAAAAAAICz6yTustaJtLMbs3cL5GQUt9AGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABiJjwIAAP//VvDQMA==")
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x40, &(0x7f0000000080)=0xfffffff9, 0x0, 0x4)
io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0)

8m7.764039206s ago: executing program 3 (id=853):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
getrlimit(0x7, &(0x7f0000000040))
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = socket(0x40000000015, 0x5, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$cec(&(0x7f00000000c0), 0xffffffffffffffff, 0x8802)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_open_dev$video4linux(&(0x7f0000000380), 0x2, 0x20)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0)
r2 = socket$pppl2tp(0x18, 0x1, 0x1)
ioctl$SIOCSIFMTU(r2, 0x8923, &(0x7f0000000040)={'vlan0\x00', 0x40})
pselect6(0x40, &(0x7f00000000c0), 0x0, 0x0, 0x0, 0x0)
r3 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r3, 0x11b, 0x6, &(0x7f0000000000)=0x40000000, 0x4)
sendmsg$DEVLINK_CMD_RATE_SET(r0, &(0x7f0000000340)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x4000000}, 0xc, &(0x7f0000000180)={&(0x7f00000009c0)=ANY=[], 0x98}, 0x1, 0x0, 0x0, 0x40000000}, 0x0)
syz_open_dev$sndpcmp(&(0x7f0000000100), 0x0, 0x0)
syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x9, 0x8200)
openat$fuse(0xffffffffffffff9c, &(0x7f0000000380), 0x2, 0x0)
getsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000006c0)={{{@in6=@private2, @in=@multicast1}}, {{@in6=@initdev}}}, &(0x7f0000000500)=0xfffffea0)
mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
getsockopt$ARPT_SO_GET_ENTRIES(r0, 0x0, 0x61, &(0x7f0000000600)=ANY=[@ANYBLOB="66696c74657200000000000000000000000000000000000000000000000000008900000003ca23beb48a3cc8be547d2dbdc4bb5da43d25bdce613bee548a0bcfb6ef54171b2dc1fa2f16c892365592637d5a72beb0e94234fe66539277a385691331ab56bd7a1d2efe60e9bb440dcd9aa2e71867c1f4d61f7b9c0b4d6e16d58cff0207b3e3277d4520765b1b27bba0a886389e172e995d2713f021df1aba8306a6422d2a81469bb8b3c8c2d11c4dbfff5954dfd0158ddb81b9d014b984"], &(0x7f0000000280)=0xad)

8m6.49253931s ago: executing program 3 (id=856):
r0 = socket$l2tp(0x2, 0x2, 0x73)
setsockopt$inet_int(r0, 0x0, 0x2, &(0x7f0000000100)=0xbe, 0x4)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
syz_mount_image$udf(&(0x7f0000000f00), &(0x7f00000000c0)='./file0\x00', 0xa00004, &(0x7f0000000100)={[{@gid_ignore}, {@iocharset={'iocharset', 0x3d, 'cp1255'}}, {@utf8}, {@uid}, {}, {@iocharset={'iocharset', 0x3d, 'cp737'}}, {@mode={'mode', 0x3d, 0x8}}, {@dmode={'dmode', 0x3d, 0x4}}, {@adinicb}, {@uid_forget}, {@lastblock={'lastblock', 0x3d, 0x7}}, {@gid_forget}, {@iocharset={'iocharset', 0x3d, 'iso8859-3'}}]}, 0x1, 0xc67, &(0x7f0000001dc0)="$eJzs3U9sHNd9B/DfG5LiSm5rJk4VJ42DTVuksmK5+hdTtgp3VdNsA8iyEIq5BeBKpNSFKZIgqUY23JbppYceAhRFDzkRaIUCKRoYTRH0yLQukFx8KHLqiWhhIyh6YIsAAVoEW8zsW3FFkZYskiIlfz429d2deW/mvZnxjCzozQsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIOJ3Xj13/ETaZEXfHjQGAHgoLox99fjJzZ7/AMBj69JW//8PAAAAAAAAAAAAAADsFymKeCpSzF1YSxPV947a+dbAjZvjI6ObVzuYqpp9Vfnyp3bi5KnTX35h+Ew3z7dmPqT+TvtsvD526Vz9ldnrc/NTCwtTk/XxmdaV2cmp+97CdutvdLQ6APXrb9yYvHp1oX7y+VN3rL459MHgE4eHzg4/e+yZbtnxkdHRsfUitd7y/Q/ckI6tRngciCKORYrnvvuT1IyIIrZ/LGoP99xvdLDqxNGqE+Mjo1VHplvNmcVy5cXugSgi6j2VGt1jtPm5iP6Bh9qHrTUilsrmlw0+WnZvbK4537w8PVW/2JxfbC22Zmcupk5ry/7Uo4gzKWI5IlYH797cQBTRHym+/eRaupzf+lEdhy9VA4O3bkexi328D2U76wMRy8UjcM72scEo4rVI8dN3j8SVfJ+p7jVfjHitzO9H3Crz5YhUXhinI97f5Dri0dQfRfxZef7PrqXJ6n7Qva+c/1r9KzNXZ3vKdu8rH/H5cNedYo+eDwc35MOxz+9NtSiiWd3x19KD/2YHAAAAAAAAAAAAAAAAgJ12MIr4TKR49V//oBpXHNW49CfPDv/u0C/2jhl/+h7bKcs+HxFLxf2NyT2QBwZeTBdT2uOxxB9ntSjiD/P4v2/udWMAAAAAAAAAAAAAAAAAAAA+1or4caR46b0jaTl65xRvzVyrX2penu7MCtud+7c7Z3q73W7XUycbOSdyLuVczrmSczVnFLl+zkbOiZxLOZdzruRczRl9uX7ORs6JnEs5l3Ou5FzNGf25fs5GzomcSzmXc67kXM0Z+2TuXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAx0kRRfw8UnzrG2spUkQ0IiaikyuDe906AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA0mIr4XqSo/17j9rL+iEjVvx1Hyl9OR+NAmZ+MxnCZL0fjXM5mlf2Nb+5B+9megVTEjyLFYO2d2yc8n/+Bzrfbl0Hcenv922f7O9nXXTn0weATh588Ozz6+ae3+pw2a8DR862ZGzfr4yOjo2M9i/vz3j/Zs2wo77fYma4TEQtvvvVGc3p6av7BP5SXwANW757Jbez9YX5I/Y9MU33YiQ/Rvy+asTd9v0NtL25O7Lry+f9+pPjN9/6t+8DvPP9r8Qudb7ef8PGzP1p//r+0cUP3+fzv31gvP//LJ8Fmz/+nepa9lH83MtAfUVu8PjdwOKK28OZbx1rXm9emrk3NnD5+/MXh4RdPHR84EFG72pqe6vm0I4cLAAAAAAAAAAAAAAAA4OFJRfx2pGj+aC3VI+JmNV5r6Ozws8ee6Yu+arzVHeO2Xx+7dK7+yuz1ufmphYWpyfr4TOvK7OTU/e6uVg33Gh8Z3ZXO3NPBXW7/wdors3Nvzreu/f7ipusP1c5dXlicb17ZfHUcjCKi0bvkaNXg8ZHRqtHTreZMVfXipoPpP7qBVMS/R4orp+vpC3lZHv+/cYR/3Hr7xdvXwtLGDe3g+P/PH1of//eJnqLlPlMq4meR4jf+/On4QtXOQ3HXMcvl/jpSHD3zuVwuDpTlum3ovFegMzKwLPvfkeLvf35n2e54yKfWy574SAf3EVCe/ycjxff+9Dvxq3nZne9/6D3/68fv0MYN7dL7Hz7Vs+zQHe8r2HbXyef/WKR4+al34teqJf/7oe//6L6x4Uin8Pr7OXbp/P9yz7KhvN9f36nOAwAAAAAAAAAAPMIGUhF/Eyl+MNqfXsjL7ufv/01u3NAu/f2vT/csm9yZ+Yru+WHbBxUAAAAA9omBVMSPI8W1xXduj6G+c/x3z/jP31of/zmSNqyt/pzvl6r3Buzkn//1Gsr7ndh+twEAAAAAAAAAAAAAAAAAAGBfSamIF/J86hPVeP7JLedTX4kUr/7nc7lcOlyW684DP1T9WrswO3Ps3PT0bC0Wm5enp+pjc80rU2XdT0WKtb/6XK5bVPOrd+eb78zxvj4X+3ykGP3bbtnOXOzduck784HX2u2IE2XZT0SK//i7O8vmqanz3NHVdk+WZf8yUnz9Hzcve3i97Kmy7HcixQ+/Xu+WPVSW7b4f9dPrZZ+/MlvswlkBAAAAAAAAAAAAAAAAAADg42YgFfEnkeK/ri/fHsuf5/8f6PlaufV2z3z/G9ys5vkfqub/3+rzg8z/X71XYGmrvQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwOMpRRFvRYq5C2tpZbD83lE735q5cXN8ZHTzagdTVbOvKl/+1E6cPHX6yy8Mn+nmh9ffaZ+J18cunau/Mnt9bn5qYWFqsj4+07oyOzl131vYbv2NjlYHoH79jRuTV68u1E8+f+qO1TeHPhh84vDQ2eFnjz3TLTs+Mjo61lOmf+CB936XtMXyA1HEX0SK5777k/SDwYgitn8s7nHt7LaDVSeOVp0YHxmtOjLdas4slisvdg9EEVHvqdToHqN7nov/a7fbD6srm2hELJXNLxt8tOze2Fxzvnl5eqp+sTm/2Fpszc5cTJ3Wlv2pRxFnUsRyRKwO3r25gSjijUjx7SfX0j8NRvR1j8OXLox99fjJrdtR7GIf70PZzvpAxHJxP+eMrQxGEf8QKX767pH458GI/uj8xBcjXivz+xG3onO+U3lhnI54f5PriEdTfxTxP+X5P7uW3h0s7wfd+8r5r9W/MnN1tqds976yzedDu93+4zL37vnwMO3ze1MtivhhdcdfS//iv2sAAAAAAAAAAAAAAACAfaSIX4kUL713JFXjg2+PKW7NXKtfal6e7gzr6479646Zbrfb7XrqZCPnRM6lnMs5V3Ku5owi18/ZKLPWbk/k70s5l3Ou5FzNGX25fl81XLHdyN8nci7lXM65knM1Z/Tn+jkbOSdyLuVczrmSczVn7JOxewAAAAAAAAAAAAAAAAAAwOOlqP5J8a1vrKX2YGd+6Yno5Ir5QB97/x8AAP//Jhb4VQ==")
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f00000002c0), r4)
sendmsg$NLBL_CIPSOV4_C_ADD(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={0x20, r5, 0x1, 0x70bd2d, 0x0, {}, [@NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x3}, @NLBL_CIPSOV4_A_TAGLST={0x4}]}, 0x20}}, 0x0)
r6 = getpid()
syz_pidfd_open(r6, 0x0)
acct(&(0x7f0000000280)='./file1\x00')

8m4.532806567s ago: executing program 3 (id=858):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x4})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000002540)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000003480)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
read$FUSE(r4, &(0x7f0000000480)={0x2020}, 0x2020)
syz_mount_image$btrfs(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x16, &(0x7f00000002c0)={[{@nobarrier}, {@noflushoncommit}, {@nossd}, {@commit={'commit', 0x3d, 0x3f}}, {@nodatasum}, {@nodiscard}, {@nobarrier}, {@compress_algo={'compress', 0x3d, 'zstd'}}, {@noacl}]}, 0x9, 0x5104, &(0x7f000000a5c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75pcNWjiAAAAQF/x/90Xv1qIeT375iDN6089evBc1Xil/N8cLv+P3dJXBQAAANyMI19sf7iqXsr/reHy//htnTUAAACwFO98OPFBVb2U/2dvnP/rSf5fnS/zKx+yTj/Fv0I4NBnCxMLKXFb4ObSf7hYAAACAWyTm9D8/3flD1X6l/D9Xff//eKeDeP1/z/3/Ctf/hzDVW8ju+vdkXgAAAIB7Svl6/nh7/OzJBf2evz/s9f8P/O/gq1XHL+X//cPl/3pxeSuf/wcAAADL8F97/t/20jjVBt3//76P3v2lqn8p/7eHy/9xuab48k7E9+e9yRDWL6zkdxP8Jh5uV1KYHysUOlpJj22xR16YHy8UOuaSHpsnQ3hwYWV/Uvh/LLSTwpW1eeFIUjgdC/n50C0cSwon4pn2+dp8umnh+1jIL7CYj1dQrOleEpH0uNqvx0Lhhj3Odg8OAABwT4nhOc+yY73NkEbZ+dqgHVYP2mFk0A71QTuMJjukO/bbHmZ7C3F7+8zGpT3//8hw+T++Fflz/vpd/x/i9f/5cw271//PxkIjKczHQiu9Y0ArHiMLux/HYzRaeY8r67sFAAAAuKvF7wXqKzwPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+Ie9e42Rq7oPAH72Od6H1wtJFUKjZJPUOG7i9domD7VUWVOqRqQ064aCqohiY6/J4gU7tikxCpGxiWiEoLRBSj4UYRRFNR+gViAiKSBcpDhC5RFRFQUQKLSGKIiUkkSkCVKoZu89s3fO3Xks9hov/f0k75yZ/3neeXjOvXfOBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/n84/JWr/rZZ/OHfnvP0cxeOX7Zv/YUvX3POqY+HMDHzeEcW7ui//tbxn9959l377lt72z1Hz/1wb14uj4eB6p/O/M51sdajS0O4tyOE7jSwajAL9OT3B2N97xkM4ZQwG6iVmOzPSqQNh+/3hXAgzAZqVX2vL4TBQuD8Jx568MZq4pa+EJaHECppG89Wsjb60sAZvVmgPw1s784Cv3ojUwt8tzMLwDGLb4bai/7QRH2G4bnLNXj99Ry3jr210uF1xcRw43w/W7/AnSroTR+YOKanrVQdC6L09jjs3bYI3m2l7Xyzp634RSr/hvLGbKgSOrdMbt105fTu+EhnGB3talTTAj3PT736pc3zSS+a12HswPBxeR3e9NjyO7tWnvfoPauWv3jwI/tfOtZu/qiwSYvphVYJ+Wtu0TyP0bjPk0Xw9it9SxrxpSuEsPXzv/eZZvHS/H+4+fw/vpzjbWdd7ljr60PZ3Dw+MhgTrwxlc3MAAABYNBbDXtPtow98oll9pfn/SHvH/+Mh/3wyn432cAjjM4n9y0I4bebxLHBHbO6SZSG8fyY1UR9YnwQOh/DumcTKWlVJiSWxxEgS+MlQHhhPAkdiYCIJfCsGbk4C18XAoSSwOQYOJ4GzYyBM1Y/j94fycbQd6IuBjdlGPBTPQvjFUGwt2VbP1KoCAAA4TvLZYU/93cK5DseaIU4vD/W1yhDPwG6YoZLUkM5ga9OqhjV0t6qhs1UNtXHvbT78Us0drWounYbRUZ/h1l/+zWdDE6X5/1jz+X9ljo50lI7/h7Bh5m/M3ZlHpmvxjRN1GQAAAIBjMPC/z3+zWbw0/x9v7/z/uE+kq5A5PBJ3Q2xbFsJYfSCr9g/Lgeyo90AeAAAAgMWgdjy+dix8Kr/NTtFO59Pl/BPzzB8P/I/Pmb/38P0bm/W3NP+faO/8//7626wTR2IvvrYshCWFwA9iL6uBGSMx8ONP1gfy8R+JG+CGWFV+YkKtqhtiiY0xMJYEDjQq8cNaidPqA/mTVWt8f20cU3mJQgAAAABOuLg7IB6Xj+f/f+A3a69qVq40/984v/P/Z+bBpdP7pwdCWN0dQlf6w4BH+rOFAWNgsCNPPNCf1dWVVnVtfwhnVQeWVvV8vv5/d7rG4BN9WVUxcNoHDr56RjXxzb4QVhcDT37u9o9WE7uTQK3xv+wL4X3V0aaNf2dJ1nhP2vjXl4Tw3kKgVtUlS0KoNtabVvVQJb+OQVrVP1dCeEchUKvqY5UQ9gQAFqn4X+mW4oO79ly9bdP09OTOBUzEffh9YevU9OTo5u3TWyoN+rQl6XPdMkbXlsfU7pVvnsmXKLrg7g2D7aRrvxMcK7aV78cvnTiY34/fhXpmxrm2p+7uunTIH/pguYlQ+CbVaMidCzzk/mIls09iqf6YvzcMhCVX7prcOfrFTbt371yT/W03+9rsbzzMlG2rNem26p+rb228PBqulpV4s9tqRbGS1bsv37F6156rV01dvunSyUsnr1jzsbVjZ46tG/v4mauroxrL/rYY6oq5qk6G+sbtbY7rOA719O5CJSfiU0NCQmKxJbYPrGj6f3Jp/r+j+fw/furET/58fYZGx/+H42H+7PHZw/wbY+BAu8f/hxsdza+dGDCSBPbGwF6H+QEAAHh7iJP8uDcz7pX+6crvvNisXGn+v7e93/8fp/X/a0vXn9tomf+VscRYo/X/02X+a+v/7220/n+6zH9t/f8Db8H6/1fWAskm+YX1/wEAgLeDE7f+f8vl/dMLBJQytFzeP71AQClDy2X8271AwLzX/3/2P//qv0MTpfn/ze3N/y3cDwAAACePL//ZVb/TLF6a/x9ob/5/4tf/C43O/x9pFJhotDCg9f8AAABYpBqt/zd8ff/FzcqV5v+H2pv/x9MuOutyx1pfH8rWtAvpmnavDNV+MgAAAACLQ2cYHe1pM2/dyqjr33ybT+VLgTZLFz3/J0fnd/7/4fbm/3W/y7jpseV3dq0879HX71m1/MWDH9n/0uzxfwAAAGDhtLtfAgAAAAAAAAAAAAAAeOs9/x/71jWLl37/HzbMPN7o9//xun/x9wXvrMsda229/l9+//xP37VnZsnCR4ZC+GAxsG3ftlNCfm3+FcXAgxetfFc1sS8tcf9zZ79QTVycBj616tTXqomzksDGuEjiu9NAvKria0uTQFxe8d/TQNweh9JAbx746tJsHB3ptvrpYLatOtJt9fRgCMsKgdq2uncwa6MjHeAtSaA2wC+kgTjAP88DnWmv7hrIehUDg7HobQNZrwAAOGnFb4E9YevU9ORY/Aofb0/vrr+N6pYsu7ZcbUebzT+TL012wd0bBttJd6XfRWevNd4TKtUhrCl9XS1m6ZgZ5fGppcWme2eDIbda7a2zQbnUfDddb+MR9WUjGt28fXpLT8uBr2udZW13yyxrSpOdYpbOmU3aRi1t9KWNEbW5bdrocrzfGUZHu5JcfxCDw6FOq1dEu7/XL67z1+hVUMxzxdH9v2pWX2n+P9ze/L9SHNdr+cUA9sYr6/3dMsv8AwAAwML66vpffyP+++z1Dz/ZLG9p/j/S3vw/7sHKDwVnezsOx+v/718Wwsyl9YezwB2xuUuWhfD+mdRELJFdUP/cWGIsC9wRd5isjCU2TtRXtSQGDiWBnwzlgcNJ4EgM5HspDoZ8V87fD4Xw0ZnUhvoSO2KJ4STwmRgYSQKjMTCWBJbGwHgSeHlpHphIAv8WA2GqflvdvTTfVgAAAPORz7N66u+GdJ53qLtVho5WGfpbZehslaHSKkOjUcT7344ZepKTVzoKmXrSWvuSWkoZ4sXw592vUobww/qcacFS0/H8g9r5Bh31Ge77RHclNFGa/4+1N//vr7/NWj8S5/+z1//LAj+I3ftaPHV8JAZ+/Mn6QL5j4Eic7N5Qq2oiL5FP2m+IJcZjYCQJ7IiB8SSwcUMeOPCu+kA+0641vr/W+FReohAAAACAEy7uIIi7aeL8/7ZdXxloVi6f/4/U5v/j7c3/Y3sDxcaui7UeXRrCvR2zvakFVg1mgbgfYzD+PP49gyGcUtjBUSsx2Z+V6E0aDt/vy36h3ptW9b2+7McH8f75Tzz04I3VxC19ISwv7H2ptfFsJWujLw2c0ZsF+tPA9u4sEPf81ALf7cwCcMxqewXjCyo/1aVmeO5yDV5/b5drgqbDK+0DnSPfXL+5WiilHa75PtWa+T1tTfffctyU3h6HvdsW47tt2Lut+EUq/4byxmyoEjq3TG7ddOX07vhI8ZesJQv0PBd/pdpO+ji8Dve++d62Vkk7MJZ8fIzNXW7u12FHrO6mx5bf2bXyvEfvWbX8xYMf2f9S291oIP5Q+KFr/nXwR4XNu9AqIX/NLbrPkwmfJ4vxv4ERT1sIYcPLX7+hWbx0/H+ivfl/d3I749dxY+5aFsKHChv3kbj5/3hZ9jlYCGSfku8oB7JD7v811PCTEwAAAI632u6O2v6Cqfw2OyE8nSeX80/MM3/cXzE+Z/52+93/1xctbxYvzf83Np//L0m66fi/4/8sEMf/53Sy74pekj6w95h2RZeqY0E4/j+nk/3d5vj/nBz/d/x/Lo7/t+D4/5xO9qet9C1phy9dIYQX/+iBp5vFS/P/He3N/63/N/eifbX1/zY2Wv9vR6P1//Za/w8AAFhQDRaaS+d5pdX7ShnS1ftKGVouENhyiUHr/817/b8XTn/2N6GJ0vx/b3vz//hyGCi2vljW/xvZ0KCqm2Ngh4UBAQAAOBk12kEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAW+u+f/ifLc3iD//2nKefu3D8sn3rL3z5mnNOfTyEqZnHO7JwR//1t47//M6z79p339rb7jl67ocrebme/PZ363LHWl8fCuFA4ZHBmHhlqHpnNnD+p+/a011NPDIUwgeLgW37tp1STXxrKIQVxcCDF618VzWxLy1x/3Nnv1BNXJwGPrXq1NeqibPyQEfa3X9cmnW3I+3ujUtDWFYI1Lp72dL6qmpt/Gke6Ezb+KfBrI0YGIxFvzGYtRED07HE1JIQVneH0JVW9XAlq6orrepfKllVXWlVX66EcFYIoTut6rnerKrudOSP92ZVxcBpHzj46hnVxIHeEFYXA09+7vaPVhNfSAK1xv+iN4T3VV8yaePf7ska70kbv6UnhPeGEHrTEr/szkr0piWe7w7hHYVArfHPd4ewJ/C2ED986j7Rdu25etum6enJnQuY6M3b6gtbp6YnRzdvn95SSfrUSEch/ca1b37sz7z6pc3V2wvu3jDYTro7L9cz0+W1PXV3153svY/96i9WMvt8lOqP+XvDQFhy5a7JnaNf3LR798412d92s6/N/nbl0WxbrVks22pFsZLVuy/fsXrXnqtXTV2+6dLJSyevWPOxtWNnjq0b+/iZq6ujGsv+Nh5qb9tDvf3ED/X07kIlJ+IDQOLEJqqvy5OgGxKLOtFZ9+k2drJ/kJe+6M92tCdUZj6gS9OKYpaOmVEej0GvT4Irjv+gR+L3lJYjWlOaOJSyrG2dZV1pMjGbpS/LMvO9rjQ5LNbUObNJ4/3OMDra1Wg7DNffLW7en6Wbdx6eyjdju2kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP9jBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgWMBAAAAAGH+1mH0bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlwIAAP//5DAgkw==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0)
pwritev2(r6, &(0x7f0000000500)=[{&(0x7f0000000000)='d', 0x200200}, {0x0, 0x7fdfee00}, {&(0x7f0000000140)="d9", 0x98}], 0x2, 0x0, 0x0, 0x3)
write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0)
fchdir(0xffffffffffffffff)

7m49.248837658s ago: executing program 33 (id=858):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x800, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0)
mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a, 0x4})
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000002540)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0})
r4 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000003480)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
read$FUSE(r4, &(0x7f0000000480)={0x2020}, 0x2020)
syz_mount_image$btrfs(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x16, &(0x7f00000002c0)={[{@nobarrier}, {@noflushoncommit}, {@nossd}, {@commit={'commit', 0x3d, 0x3f}}, {@nodatasum}, {@nodiscard}, {@nobarrier}, {@compress_algo={'compress', 0x3d, 'zstd'}}, {@noacl}]}, 0x9, 0x5104, &(0x7f000000a5c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75pcNWjiAAAAQF/x/90Xv1qIeT375iDN6089evBc1Xil/N8cLv+P3dJXBQAAANyMI19sf7iqXsr/reHy//htnTUAAACwFO98OPFBVb2U/2dvnP/rSf5fnS/zKx+yTj/Fv0I4NBnCxMLKXFb4ObSf7hYAAACAWyTm9D8/3flD1X6l/D9Xff//eKeDeP1/z/3/Ctf/hzDVW8ju+vdkXgAAAIB7Svl6/nh7/OzJBf2evz/s9f8P/O/gq1XHL+X//cPl/3pxeSuf/wcAAADL8F97/t/20jjVBt3//76P3v2lqn8p/7eHy/9xuab48k7E9+e9yRDWL6zkdxP8Jh5uV1KYHysUOlpJj22xR16YHy8UOuaSHpsnQ3hwYWV/Uvh/LLSTwpW1eeFIUjgdC/n50C0cSwon4pn2+dp8umnh+1jIL7CYj1dQrOleEpH0uNqvx0Lhhj3Odg8OAABwT4nhOc+yY73NkEbZ+dqgHVYP2mFk0A71QTuMJjukO/bbHmZ7C3F7+8zGpT3//8hw+T++Fflz/vpd/x/i9f/5cw271//PxkIjKczHQiu9Y0ArHiMLux/HYzRaeY8r67sFAAAAuKvF7wXqKzwPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+Ie9e42Rq7oPAH72Od6H1wtJFUKjZJPUOG7i9domD7VUWVOqRqQ064aCqohiY6/J4gU7tikxCpGxiWiEoLRBSj4UYRRFNR+gViAiKSBcpDhC5RFRFQUQKLSGKIiUkkSkCVKoZu89s3fO3Xks9hov/f0k75yZ/3neeXjOvXfOBQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/n84/JWr/rZZ/OHfnvP0cxeOX7Zv/YUvX3POqY+HMDHzeEcW7ui//tbxn9959l377lt72z1Hz/1wb14uj4eB6p/O/M51sdajS0O4tyOE7jSwajAL9OT3B2N97xkM4ZQwG6iVmOzPSqQNh+/3hXAgzAZqVX2vL4TBQuD8Jx568MZq4pa+EJaHECppG89Wsjb60sAZvVmgPw1s784Cv3ojUwt8tzMLwDGLb4bai/7QRH2G4bnLNXj99Ry3jr210uF1xcRw43w/W7/AnSroTR+YOKanrVQdC6L09jjs3bYI3m2l7Xyzp634RSr/hvLGbKgSOrdMbt105fTu+EhnGB3talTTAj3PT736pc3zSS+a12HswPBxeR3e9NjyO7tWnvfoPauWv3jwI/tfOtZu/qiwSYvphVYJ+Wtu0TyP0bjPk0Xw9it9SxrxpSuEsPXzv/eZZvHS/H+4+fw/vpzjbWdd7ljr60PZ3Dw+MhgTrwxlc3MAAABYNBbDXtPtow98oll9pfn/SHvH/+Mh/3wyn432cAjjM4n9y0I4bebxLHBHbO6SZSG8fyY1UR9YnwQOh/DumcTKWlVJiSWxxEgS+MlQHhhPAkdiYCIJfCsGbk4C18XAoSSwOQYOJ4GzYyBM1Y/j94fycbQd6IuBjdlGPBTPQvjFUGwt2VbP1KoCAAA4TvLZYU/93cK5DseaIU4vD/W1yhDPwG6YoZLUkM5ga9OqhjV0t6qhs1UNtXHvbT78Us0drWounYbRUZ/h1l/+zWdDE6X5/1jz+X9ljo50lI7/h7Bh5m/M3ZlHpmvxjRN1GQAAAIBjMPC/z3+zWbw0/x9v7/z/uE+kq5A5PBJ3Q2xbFsJYfSCr9g/Lgeyo90AeAAAAgMWgdjy+dix8Kr/NTtFO59Pl/BPzzB8P/I/Pmb/38P0bm/W3NP+faO/8//7626wTR2IvvrYshCWFwA9iL6uBGSMx8ONP1gfy8R+JG+CGWFV+YkKtqhtiiY0xMJYEDjQq8cNaidPqA/mTVWt8f20cU3mJQgAAAABOuLg7IB6Xj+f/f+A3a69qVq40/984v/P/Z+bBpdP7pwdCWN0dQlf6w4BH+rOFAWNgsCNPPNCf1dWVVnVtfwhnVQeWVvV8vv5/d7rG4BN9WVUxcNoHDr56RjXxzb4QVhcDT37u9o9WE7uTQK3xv+wL4X3V0aaNf2dJ1nhP2vjXl4Tw3kKgVtUlS0KoNtabVvVQJb+OQVrVP1dCeEchUKvqY5UQ9gQAFqn4X+mW4oO79ly9bdP09OTOBUzEffh9YevU9OTo5u3TWyoN+rQl6XPdMkbXlsfU7pVvnsmXKLrg7g2D7aRrvxMcK7aV78cvnTiY34/fhXpmxrm2p+7uunTIH/pguYlQ+CbVaMidCzzk/mIls09iqf6YvzcMhCVX7prcOfrFTbt371yT/W03+9rsbzzMlG2rNem26p+rb228PBqulpV4s9tqRbGS1bsv37F6156rV01dvunSyUsnr1jzsbVjZ46tG/v4mauroxrL/rYY6oq5qk6G+sbtbY7rOA719O5CJSfiU0NCQmKxJbYPrGj6f3Jp/r+j+fw/furET/58fYZGx/+H42H+7PHZw/wbY+BAu8f/hxsdza+dGDCSBPbGwF6H+QEAAHh7iJP8uDcz7pX+6crvvNisXGn+v7e93/8fp/X/a0vXn9tomf+VscRYo/X/02X+a+v/7220/n+6zH9t/f8Db8H6/1fWAskm+YX1/wEAgLeDE7f+f8vl/dMLBJQytFzeP71AQClDy2X8271AwLzX/3/2P//qv0MTpfn/ze3N/y3cDwAAACePL//ZVb/TLF6a/x9ob/5/4tf/C43O/x9pFJhotDCg9f8AAABYpBqt/zd8ff/FzcqV5v+H2pv/x9MuOutyx1pfH8rWtAvpmnavDNV+MgAAAACLQ2cYHe1pM2/dyqjr33ybT+VLgTZLFz3/J0fnd/7/4fbm/3W/y7jpseV3dq0879HX71m1/MWDH9n/0uzxfwAAAGDhtLtfAgAAAAAAAAAAAAAAeOs9/x/71jWLl37/HzbMPN7o9//xun/x9wXvrMsda229/l9+//xP37VnZsnCR4ZC+GAxsG3ftlNCfm3+FcXAgxetfFc1sS8tcf9zZ79QTVycBj616tTXqomzksDGuEjiu9NAvKria0uTQFxe8d/TQNweh9JAbx746tJsHB3ptvrpYLatOtJt9fRgCMsKgdq2uncwa6MjHeAtSaA2wC+kgTjAP88DnWmv7hrIehUDg7HobQNZrwAAOGnFb4E9YevU9ORY/Aofb0/vrr+N6pYsu7ZcbUebzT+TL012wd0bBttJd6XfRWevNd4TKtUhrCl9XS1m6ZgZ5fGppcWme2eDIbda7a2zQbnUfDddb+MR9WUjGt28fXpLT8uBr2udZW13yyxrSpOdYpbOmU3aRi1t9KWNEbW5bdrocrzfGUZHu5JcfxCDw6FOq1dEu7/XL67z1+hVUMxzxdH9v2pWX2n+P9ze/L9SHNdr+cUA9sYr6/3dMsv8AwAAwML66vpffyP+++z1Dz/ZLG9p/j/S3vw/7sHKDwVnezsOx+v/718Wwsyl9YezwB2xuUuWhfD+mdRELJFdUP/cWGIsC9wRd5isjCU2TtRXtSQGDiWBnwzlgcNJ4EgM5HspDoZ8V87fD4Xw0ZnUhvoSO2KJ4STwmRgYSQKjMTCWBJbGwHgSeHlpHphIAv8WA2GqflvdvTTfVgAAAPORz7N66u+GdJ53qLtVho5WGfpbZehslaHSKkOjUcT7344ZepKTVzoKmXrSWvuSWkoZ4sXw592vUobww/qcacFS0/H8g9r5Bh31Ge77RHclNFGa/4+1N//vr7/NWj8S5/+z1//LAj+I3ftaPHV8JAZ+/Mn6QL5j4Eic7N5Qq2oiL5FP2m+IJcZjYCQJ7IiB8SSwcUMeOPCu+kA+0641vr/W+FReohAAAACAEy7uIIi7aeL8/7ZdXxloVi6f/4/U5v/j7c3/Y3sDxcaui7UeXRrCvR2zvakFVg1mgbgfYzD+PP49gyGcUtjBUSsx2Z+V6E0aDt/vy36h3ptW9b2+7McH8f75Tzz04I3VxC19ISwv7H2ptfFsJWujLw2c0ZsF+tPA9u4sEPf81ALf7cwCcMxqewXjCyo/1aVmeO5yDV5/b5drgqbDK+0DnSPfXL+5WiilHa75PtWa+T1tTfffctyU3h6HvdsW47tt2Lut+EUq/4byxmyoEjq3TG7ddOX07vhI8ZesJQv0PBd/pdpO+ji8Dve++d62Vkk7MJZ8fIzNXW7u12FHrO6mx5bf2bXyvEfvWbX8xYMf2f9S291oIP5Q+KFr/nXwR4XNu9AqIX/NLbrPkwmfJ4vxv4ERT1sIYcPLX7+hWbx0/H+ivfl/d3I749dxY+5aFsKHChv3kbj5/3hZ9jlYCGSfku8oB7JD7v811PCTEwAAAI632u6O2v6Cqfw2OyE8nSeX80/MM3/cXzE+Z/52+93/1xctbxYvzf83Np//L0m66fi/4/8sEMf/53Sy74pekj6w95h2RZeqY0E4/j+nk/3d5vj/nBz/d/x/Lo7/t+D4/5xO9qet9C1phy9dIYQX/+iBp5vFS/P/He3N/63/N/eifbX1/zY2Wv9vR6P1//Za/w8AAFhQDRaaS+d5pdX7ShnS1ftKGVouENhyiUHr/817/b8XTn/2N6GJ0vx/b3vz//hyGCi2vljW/xvZ0KCqm2Ngh4UBAQAAOBk12kEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAW+u+f/ifLc3iD//2nKefu3D8sn3rL3z5mnNOfTyEqZnHO7JwR//1t47//M6z79p339rb7jl67ocrebme/PZ363LHWl8fCuFA4ZHBmHhlqHpnNnD+p+/a011NPDIUwgeLgW37tp1STXxrKIQVxcCDF618VzWxLy1x/3Nnv1BNXJwGPrXq1NeqibPyQEfa3X9cmnW3I+3ujUtDWFYI1Lp72dL6qmpt/Gke6Ezb+KfBrI0YGIxFvzGYtRED07HE1JIQVneH0JVW9XAlq6orrepfKllVXWlVX66EcFYIoTut6rnerKrudOSP92ZVxcBpHzj46hnVxIHeEFYXA09+7vaPVhNfSAK1xv+iN4T3VV8yaePf7ska70kbv6UnhPeGEHrTEr/szkr0piWe7w7hHYVArfHPd4ewJ/C2ED986j7Rdu25etum6enJnQuY6M3b6gtbp6YnRzdvn95SSfrUSEch/ca1b37sz7z6pc3V2wvu3jDYTro7L9cz0+W1PXV3153svY/96i9WMvt8lOqP+XvDQFhy5a7JnaNf3LR798412d92s6/N/nbl0WxbrVks22pFsZLVuy/fsXrXnqtXTV2+6dLJSyevWPOxtWNnjq0b+/iZq6ujGsv+Nh5qb9tDvf3ED/X07kIlJ+IDQOLEJqqvy5OgGxKLOtFZ9+k2drJ/kJe+6M92tCdUZj6gS9OKYpaOmVEej0GvT4Irjv+gR+L3lJYjWlOaOJSyrG2dZV1pMjGbpS/LMvO9rjQ5LNbUObNJ4/3OMDra1Wg7DNffLW7en6Wbdx6eyjdju2kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP9jBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgWMBAAAAAGH+1mH0bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlwIAAP//5DAgkw==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_serviced_recursive\x00', 0x275a, 0x0)
pwritev2(r6, &(0x7f0000000500)=[{&(0x7f0000000000)='d', 0x200200}, {0x0, 0x7fdfee00}, {&(0x7f0000000140)="d9", 0x98}], 0x2, 0x0, 0x0, 0x3)
write$UHID_INPUT(0xffffffffffffffff, 0x0, 0x0)
fchdir(0xffffffffffffffff)

11.737050916s ago: executing program 6 (id=1858):
socket$nl_xfrm(0x10, 0x3, 0x6)
sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000000c0), 0x80002, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x15, 0xe, &(0x7f0000001880)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_reuseport, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x0, 0xfffffffd}, 0x10}, 0x94)
openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)}, &(0x7f0000000180)=0x10)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000240)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x100000000000001, 0x0, 0x1, 0x0)
syz_io_uring_setup(0x8d2, &(0x7f00000000c0)={0x0, 0x0, 0x400, 0x0, 0x379}, &(0x7f0000000040)=<r3=>0x0, &(0x7f0000000080))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
ioprio_set$pid(0x2, 0x0, 0x0)
r4 = syz_open_dev$sndctrl(&(0x7f0000002800), 0x1f, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r4, 0xc1105511, 0x0)

9.264816557s ago: executing program 4 (id=1862):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x50, r2, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x50}, 0x1, 0x0, 0x0, 0x91}, 0x24044884)

8.716860698s ago: executing program 4 (id=1864):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="09000000030000000800"], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="180000000000000000000000fcffff0318110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r5}, 0x10)
keyctl$restrict_keyring(0xa, 0x0, &(0x7f0000000300)='asymmetric\x00', &(0x7f0000000180)='i=Ov:cb2e\xdf\xff\xff\x04\x00\xff\xff\xff')
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00'}, 0x10)
r6 = syz_open_procfs(0x0, &(0x7f0000000400)='map_files\x00')
getdents(r6, &(0x7f0000000000)=""/42, 0x2a)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000000900010073797a300000000064000000030a01030000000000000000050000000900010073797a30000000000900030073797a300000000008000a40000000032800048008000240000000120800014000000000140003006e657464657673696d30000000000000080000000000000014000000110001"], 0xac}}, 0x4)
sendmsg$NFT_BATCH(r7, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a24000000020a01080000000000000000050000060800024000000003080002400000000014000000110001"], 0x4c}}, 0xc050)
semtimedop(0x0, &(0x7f00000003c0)=[{0x2, 0x4, 0x1800}], 0x1, 0x0)

8.384826135s ago: executing program 1 (id=1865):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="09000000030000000800000004"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xc, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r4}, 0x10)
keyctl$restrict_keyring(0xa, 0x0, &(0x7f0000000300)='asymmetric\x00', &(0x7f0000000180)='i=Ov:cb2e\xdf\xff\xff\x04\x00\xff\xff\xff')
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00'}, 0x10)
r5 = syz_open_procfs(0x0, &(0x7f0000000400)='map_files\x00')
getdents(r5, &(0x7f0000000000)=""/42, 0x2a)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000000900010073797a300000000064000000030a01030000000000000000050000000900010073797a30000000000900030073797a300000000008000a40000000032800048008000240000000120800014000000000140003006e657464657673696d30000000000000080000000000000014000000110001"], 0xac}}, 0x4)
sendmsg$NFT_BATCH(r6, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a24000000020a01080000000000000000050000060800024000000003080002400000000014000000110001"], 0x4c}}, 0xc050)
semtimedop(0x0, &(0x7f00000003c0)=[{0x2, 0x4, 0x1800}], 0x1, 0x0)

8.357273256s ago: executing program 5 (id=1866):
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{0x0}], 0x1)
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f0000000640)=0x10)
r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x1fd, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x300000f, 0x11011, r3, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000080)={@random="e33110495bfd", @dev, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "a7751a", 0x0, 0x3a, 0x30d66df472e0f96c, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2}}}}, 0x0)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{0x1, <r5=>0xffffffffffffffff}, &(0x7f0000000200), &(0x7f0000000280)}, 0x20)
write(r5, &(0x7f00000003c0)="cb22db2dc3eca9337b703a53d4828df8539d7380af7fc2bca4110a86d089df35b9f8451c6075e809b4ce118c860ceae8cc89937665c1c9044a752f13f9d1f810bdca878ab061f2390605987ba2686a325aa2936a683e4bafdd1f8e079be2e828cc276e2b86bd5e7ab2b07c6172304b091905771842674f6032e1c2edca7b8608664c337610df8ef30eeed63259a27283c7e930deb598336506e727cb", 0x9c)
r6 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r6, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r6, 0x7a0, &(0x7f0000000240)={@hyper})
ioctl$DRM_IOCTL_GET_CLIENT(r0, 0xc0286405, &(0x7f0000000180)={0x7, 0x100, {r4}, {<r7=>0x0}, 0x0, 0x8})
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x0)
setresuid(0x0, 0x0, 0x0)
setreuid(r7, 0x0)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r6, 0x7a8, &(0x7f0000000300)={{@hyper, 0x800000}, @my=0x1, 0x0, 0x0, 0x2, 0xfffffffffffffffe})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r6, 0x7a8, &(0x7f00000000c0)={{@host, 0xffffffff}, @host, 0x0, 0x0, 0x1, 0x4})
close(r6)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x9, 0xfffffffffffffffd}, 0x0, 0x0, 0x0, 0x0)
r8 = socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$sock_inet_tcp_SIOCATMARK(r8, 0x8905, &(0x7f0000000500))

7.388057066s ago: executing program 4 (id=1867):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0)
r4 = openat$cgroup_procs(0xffffffffffffffff, &(0x7f0000000040)='cgroup.threads\x00', 0x2, 0x0)
open_by_handle_at(r4, &(0x7f0000000100)=ANY=[@ANYBLOB="0c000000fe00010004"], 0x408100)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)

7.380713057s ago: executing program 1 (id=1868):
mkdirat(0xffffffffffffff9c, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x80140, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0x8004587d, &(0x7f0000000080)={@desc={0x1, 0x0, @desc2}})
truncate(&(0x7f0000000400)='./file1\x00', 0xbf39)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000400)=0x6)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000440), 0x18, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$TOKEN_CREATE(0x24, &(0x7f0000000580)={0x0, r3}, 0x8)
syz_mount_image$romfs(&(0x7f0000000140), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f00000001c0), 0x1, 0x12d, &(0x7f0000000200)="$eJzs2r9Kw1AUBvCjCEIfwamQgHXIf62DuyA4+QSG9t704o23JIK0U/EFFIfrI7i6iW4+QmafQN/AKZI2sTZ316Hfb7kfOZeTZDnTcTKVBjx3iPZm92cfm5lKu/3ocMADHtPCCRF1q1CU5YNLhvOfelHOXOOC9VqfvUSfvnAhWWj2AAAAAAAAAAAAAAAAAAAAAABYE9ZnHTojrR65kCz4Vc0n04tYSpblzROb6h0d4lodVfejlX69LyJ7vr8j9PFNVfdX6nbTaXek1Ub7fd5VOvbyydQRaZywhF2GYdT3933/IPTmvbx2R/uu/iYqyuexuU9kPy33id59c5+IOotja0fo2+t29+X/IyAgIDShPT9ouB1Zb9X8cAdKDv9wfhgTDeCffAcAAP//NHw5bA==")
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x17, &(0x7f0000000000)={&(0x7f0000000100)=@ipv4_newrule={0x24, 0x20, 0x301, 0x0, 0x25dfdbfb, {0x2, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x8}}, 0x24}}, 0x40)
sendmsg$IPSET_CMD_SAVE(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=@newlink={0x34, 0x10, 0x20, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x74, 0x0, 0x800, 0x55007}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}]}, 0x34}, 0x1, 0x0, 0x0, 0x800}, 0x0)

7.176256821s ago: executing program 6 (id=1869):
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x400c84, &(0x7f0000000340), 0x1, 0x77c, &(0x7f0000001180)="$eJzs3c9rHFUcAPDvbJKmTauJIGg9BQQNlG5Mja2CYMWDCBYKerZdNttQs8mW7KY0IaBFBC+CigdBLz37o968+uOq/4UHsVRNixUPEpnNTrttdtNsmmSr+/nAJO/NzO6b776ZeW93HjMB9KzR9E8u4mBEfJBEDDfmJxExUE/1RxxfW+/GynIxnZJYXX3t96S+zvWV5WI0vSa1v5F5NCK+fzfiUG59udXFpZlCuVyab+THa7PnxquLS4fPzhamS9OluaMTk5NHjj1z7Oj2xfrnT0sHrnz48pNfHf/7nUcuv/9DEsfjQGNZcxzbZTRGG5/JQPoR3ual7S6sy5JubwBbkh6afWtHeRyM4eirpwCA/7O3ImIVAOgp/dp/AOg52e8A11eWi9nU3V8kdtfVFyNi71r82fXNtSX9jWt2e+vXQYeuJ7ddGUkiYmQbyh+NiM++eeOLdIodug4J0MrbFyPi9Mjo+vN/sm7MQqee2mDZnsb/0TvmO//B7vk27f8826r/l7vZ/4kW/Z/BFsfuVtz1+N+3DYVsIO3/Pd80tu1GU/wNI32N3AP1Pt9AcuZsuZSe2x6MiLEYGEzzE2vrthwGNXbtn2vtym/u//3x0Zufp+Wn/2+tkfu1f/D210wVaoV7jTtz9WLEY/2t4k9u1n/Spv97cpNlvPLce5+2W5bGn8abTevjj8bopJ2xeiniiZb1f6sqkw3HJ47Xd4fxbKdo4eufPxlqV35z/adTWn72XWA3pPU/tHH8I0nzeM1q52X8eGn4u3bL7h5/6/1/T/J6PZ31Iy4UarX5iYg9yavr5x+59dosn62fxj/2eOvjf6P9P/1OeHqT8fdf+e3Lrce/s9L4pzqq/84Tl2/M9LUrf3P1P1lPjTXmbOb8t9kNvJfPDgAAAAAAAAAAAAAAAAAAAAAAAAA2KxcRByLJ5W+mc7l8fu0Z3g/HUK5cqdYOnakszE1F/VnZIzGQy251Odx0P9SJxv3ws/yRO/JPR8RDEfHx4L4ku4/iVJdjBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDM/jbP/0/9MtjtrQMAdszebm8AALDrtP8A0Hu0/wDQe7T/ANB7tP8A0Hu0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOywkydOpNPqXyvLxTQ/dX5xYaZy/vBUqTqTn10o5ouV+XP56UplulzKFyuzd3u/cqVybjLmFi6M10rV2nh1cenUbGVhrnbq7GxhunSqNLArUQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZ6qLSzOFcrk0L7GFxOr9sRndT/Q1dqc7FyUR0ekbvhBdD6ezRHJ/bMY2J7p8YgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4j/g3AAD//5EOHsI=")
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x9, 0x8, 0x6, 0x1}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000780)='ext4_unlink_exit\x00', r1}, 0x10)
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0)

6.420844007s ago: executing program 5 (id=1870):
r0 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0)
getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x7a, 0x0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x1, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r5 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
write$P9_RSTATu(r5, &(0x7f00000004c0)={0x232, 0x7d, 0x1, {{0x500, 0xf1, 0x0, 0x400, {0x0, 0x0, 0x4}, 0x0, 0x0, 0x0, 0x0, 0x1f, '\x04nodev{cvfox%\xff\xff\xff\x81\x02\x00\x00\x00\x00\x001\xff\xce\xbc\x92\x00\x00\x00', 0x38, 'pJ\x86\xce\xc6\x02\x00}\xfag>\xff\xeb\t\xb55\x1f[\xde\x05@\x00\x00\x00\x00\x18{\x82\x00\xb5\x00\x00;Y_\xcb\x14\x03CT\xb9\xfd\x9e\xf1\x96\xa5\x1c\xd5\x15z\xdc\x81\x05\xb4\x94\xe1', 0x12, '\xcf\xc2\x00\x10\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf3\x13\xf6\x00', 0x55, '\xf8\xf6i\xfbqm\xcf1^\xca\xf3\x85@\x9a\xc6[\x94\bg\x8c,;\x9e\x1dR\xc3l\xde{\xa4\xa4\x00\xb4\xb0\xb4\xf1t\xa6f\xa8R\x9aE\x1b4\a\xdb\xda\xb2\x88K\xaf\x05\x00\x00\x00\x00\x00\x00\x00G\xec!\xca\xbf\xf2\x0f\x9c\x1c\xbe6\xf4\xfd\x1aL\xc2\x80\xe8\xd4\x89\xdad\x9a7\x00'}, 0x12c, 'odev-n\xb1{#\x00\xf9\xda\xa5\xee#&n\xcf\x85\xfe\xa6^B\xd9y\xa3\xfd\xe5\xf4u\xda\xf0;\x11r\xd9{\xad\xc7\tZ\xfdv\xfeO\x04A\xf7\xf7t\x1e\xac\x03\x00\x00\xec\xff\x00\x00\xdb\xa0\xc2\xf7\xf0\x9f\xf5<~M\x1a\xd6n-\a\x01\x98\x01\x9f0\x11\x84G\xaa\x9at\xf5\x16\x85\xf5\x06\xae\x89H\x06\x87\x82g\xd5\xa1)\x8dy,J7\xf2\xe1\xcb\xbd$\x82\x92\x9a\r\x89r\xb5\xcfs.\xa5\xb0\xd7#\x85\x9d\xba?\x93\xae\xd3\xb4.\xe7\xca\xc0}\xe0\x9d\x1dh\xa6\x033\xa8\x82F}+1\xaa\xcd\xf9\x18\x85I\xb1\x12]lL\x9b\x18\xc2\xfbV\xc5}}\xc6&\xe49\a\x96\xa1\xebH\'Fi\xab\x13\xf8\xb1\x1d\x14`Y\xf3\x10\xe2cMY?\xece\xd5)\xf3\x82\x06fd\xdf$NL\x90W\np\x04\x9f9\x9f\x06\x1fu\xb7y|\xe1\xfe\x11\xea\x91\x96\t\xd5\x1aA\xdd=\xe3\x04\xbd|~\xd0\xa4V\xf0\xae\x12Qa\x05\xc9\xce\x88}\xf5\xa6\xe0\xb6\xa7}Yl\xf8\x8b\xa6\xe5\xc69|}P!\xd7\x98\x95(\xfd\x179\xe1\xc2\xd8\x7f\xff\x00'/300}}, 0x232)
getsockopt$inet_sctp_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000240)={0x0, @in6={{0xa, 0x4e22, 0x702, @mcast1, 0x6d589036}}, 0x9}, &(0x7f0000000080)=0x90)
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x10448)
getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, 0x0, &(0x7f0000000000))

6.400766587s ago: executing program 2 (id=1871):
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2)
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f0000000640)=0x10)
r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x1fd, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x300000f, 0x11011, r3, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000080)={@random="e33110495bfd", @dev, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "a7751a", 0x0, 0x3a, 0x30d66df472e0f96c, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2}}}}, 0x0)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{0x1}, &(0x7f0000000200), &(0x7f0000000280)}, 0x20)
r5 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r5, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r5, 0x7a0, &(0x7f0000000240)={@hyper})
ioctl$DRM_IOCTL_GET_CLIENT(r0, 0xc0286405, &(0x7f0000000180)={0x7, 0x100, {r4}, {<r6=>0x0}, 0x0, 0x8})
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x0)
setresuid(0x0, 0x0, 0x0)
setreuid(r6, 0x0)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r5, 0x7a8, &(0x7f0000000300)={{@hyper, 0x800000}, @my=0x1, 0x0, 0x0, 0x2, 0xfffffffffffffffe})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r5, 0x7a8, &(0x7f00000000c0)={{@host, 0xffffffff}, @host, 0x0, 0x0, 0x1, 0x4})
close(r5)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x9, 0xfffffffffffffffd}, 0x0, 0x0, 0x0, 0x0)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$sock_inet_tcp_SIOCATMARK(r7, 0x8905, &(0x7f0000000500))

6.212371751s ago: executing program 4 (id=1872):
syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
open(&(0x7f0000000100)='./cgroup\x00', 0x502, 0x3d)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40800}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
syz_open_dev$ndb(0x0, 0x0, 0x304c00)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
getpid()
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000380)={0x0, 0x4076cbba9945d516, &(0x7f0000000340)={0x0, 0x14}}, 0x0)
getsockname$packet(r2, &(0x7f0000000400)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="400000001000390400"/20, @ANYRES32=r3, @ANYBLOB="01980000000000002000128008000100677265001400028008000100", @ANYRES32=r3], 0x40}, 0x1, 0x0, 0x0, 0x4014}, 0x4c094)

5.333389979s ago: executing program 5 (id=1873):
r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000000000207d1e5a2d00000000000109022400010000000009040000010300000009210000000122080009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000140)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0)
ioctl$HIDIOCGREPORT(r1, 0x400c4807, &(0x7f0000000000)={0x2, 0x100, 0x7fff})

5.022347505s ago: executing program 1 (id=1874):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x40)
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = socket$kcm(0x10, 0x2, 0x0)
io_setup(0x2, 0x0)
syz_emit_ethernet(0x68, &(0x7f0000000040)=ANY=[@ANYBLOB="ffffffffffff0180c200000086dd6012000800323a00fe8000000000000000000000000000bbfe8000000000000000000000000000aa0200907800000000605b29ab00001100ff020000000000000000000000000001ff017109000000000000000000000001fb36"], 0x0)
r2 = socket$netlink(0x10, 0x3, 0x4)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r3, 0x0, 0x60, &(0x7f0000000240)={'filter\x00', 0xb001, 0x4, 0x388, 0x0, 0x1c4, 0x1c4, 0x2a8, 0x2a8, 0x2a8, 0x7fffffe, 0x0, {[{{@arp={@multicast1, @loopback, 0xff000000, 0xff, 0xe, 0x9, {@empty, {[0xff, 0x0, 0xff, 0xff]}}, {@mac=@remote, {[0x0, 0x0, 0xff, 0xff, 0x0, 0xff]}}, 0x8, 0x101, 0x10, 0x7, 0x3, 0x101, 'ipvlan0\x00', 'macvtap0\x00', {}, {0xff}, 0x0, 0xa}, 0xbc, 0xe0}, @unspec=@STANDARD={0x24, '\x00', 0x0, 0x1c4}}, {{@uncond, 0xbc, 0xe4, 0x0, {0x0, 0x1e03}}, @unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x46e, 0xfffc}}}, {{@uncond, 0xbc, 0xe4}, @unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x0, 0x12ed}}}], {{'\x00', 0xbc, 0xe0}, {0x24}}}}, 0x3d4)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r4 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r4, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
write(r2, &(0x7f0000000000)="29000000140005d8ff00000004eabdeb0101b6ff02159f7e5520756b1933b49db96ad24d12595fbea5", 0x29)
sendmsg$kcm(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480f0000005e140602000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0)
ioctl$PIO_CMAP(r0, 0x4b71, 0x0)
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000100), 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB='quota,grpquota_inode_hardlimit=3,noswap'])
read$FUSE(0xffffffffffffffff, &(0x7f0000002140)={0x2020}, 0x212f)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001000)={&(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10, 0x0, 0x0, &(0x7f0000000580)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {0x0, @local, @loopback}}}], 0x20}, 0x0)

3.33938448s ago: executing program 2 (id=1875):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_NEW_INTERFACE(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)={0x50, r2, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@void, @val={0x8, 0x3, r3}, @val={0xc, 0x99, {0x7ff, 0x70}}}}, [@NL80211_ATTR_IFNAME={0x14, 0x4, 'syzkaller0\x00'}, @NL80211_ATTR_IFTYPE={0x8, 0x5, 0x7}, @NL80211_ATTR_MESH_ID={0xa}]}, 0x50}, 0x1, 0x0, 0x0, 0x91}, 0x24044884)

3.254827232s ago: executing program 1 (id=1876):
r0 = syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f00000000c0)='mnt\x00', 0x4, &(0x7f0000000000), 0x0, 0x236, &(0x7f00000007c0)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=")
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r0, 0xc0506617, &(0x7f0000000700)={@id={0x2, 0x0, @a}, 0x40, 0x0, '\x00', @a})
mkdirat(0xffffffffffffff9c, &(0x7f0000000640)='mnt/encrypted_dir\x00', 0x192)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000680)='mnt/encrypted_dir\x00', 0x800, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r1, 0x800c6613, &(0x7f00000006c0)=@v2={0x2, @adiantum, 0x4, '\x00', @a})
chdir(&(0x7f00000002c0)='mnt/encrypted_dir\x00')
open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)

3.214308513s ago: executing program 6 (id=1877):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="09000000030000000800"], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="180000000000000000000000fcffff0318110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r5}, 0x10)
keyctl$restrict_keyring(0xa, 0x0, &(0x7f0000000300)='asymmetric\x00', &(0x7f0000000180)='i=Ov:cb2e\xdf\xff\xff\x04\x00\xff\xff\xff')
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00'}, 0x10)
r6 = syz_open_procfs(0x0, &(0x7f0000000400)='map_files\x00')
getdents(r6, &(0x7f0000000000)=""/42, 0x2a)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000000900010073797a300000000064000000030a01030000000000000000050000000900010073797a30000000000900030073797a300000000008000a40000000032800048008000240000000120800014000000000140003006e657464657673696d30000000000000080000000000000014000000110001"], 0xac}}, 0x4)
sendmsg$NFT_BATCH(r7, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a24000000020a01080000000000000000050000060800024000000003080002400000000014000000110001"], 0x4c}}, 0xc050)
semtimedop(0x0, &(0x7f00000003c0)=[{0x2, 0x4, 0x1800}], 0x1, 0x0)

3.026525467s ago: executing program 2 (id=1878):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="09000000030000000800000004"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xc, &(0x7f0000000740)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r4}, 0x10)
keyctl$restrict_keyring(0xa, 0x0, &(0x7f0000000300)='asymmetric\x00', &(0x7f0000000180)='i=Ov:cb2e\xdf\xff\xff\x04\x00\xff\xff\xff')
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00'}, 0x10)
r5 = syz_open_procfs(0x0, &(0x7f0000000400)='map_files\x00')
getdents(r5, &(0x7f0000000000)=""/42, 0x2a)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000000900010073797a300000000064000000030a01030000000000000000050000000900010073797a30000000000900030073797a300000000008000a40000000032800048008000240000000120800014000000000140003006e657464657673696d30000000000000080000000000000014000000110001"], 0xac}}, 0x4)
sendmsg$NFT_BATCH(r6, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a24000000020a01080000000000000000050000060800024000000003080002400000000014000000110001"], 0x4c}}, 0xc050)
semtimedop(0x0, &(0x7f00000003c0)=[{0x2, 0x4, 0x1800}], 0x1, 0x0)

1.980130889s ago: executing program 6 (id=1879):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000080), 0x48c00, 0x0)
writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100), 0x1c3902, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100000800000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000032ce8500000004000000850000000500000095"], &(0x7f0000000200)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0)
mq_timedreceive(r2, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='global_dirty_state\x00', r1}, 0x10)
sendfile(r0, r0, 0x0, 0x200000)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000000)={'wlan0\x00'})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x13}, 0x94)
pipe2$watch_queue(&(0x7f00000000c0)={0xffffffffffffffff, <r4=>0xffffffffffffffff}, 0x80)
ioctl$IOC_WATCH_QUEUE_SET_FILTER(r4, 0x5761, &(0x7f0000000240)=ANY=[@ANYBLOB="0200000000000000ff014000000000000000000000000000000000000000000000cedf3200"/75])

1.968086959s ago: executing program 2 (id=1880):
mkdir(&(0x7f00000003c0)='./file0\x00', 0x21)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mkdir(&(0x7f0000000200)='./bus\x00', 0x10)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000021c0)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chroot(&(0x7f0000000000)='./bus\x00')

1.904810421s ago: executing program 1 (id=1881):
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{0x0}, {0x0}], 0x2)
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f0000000640)=0x10)
r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x1fd, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x300000f, 0x11011, r3, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000080)={@random="e33110495bfd", @dev, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "a7751a", 0x0, 0x3a, 0x30d66df472e0f96c, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2}}}}, 0x0)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{0x1, <r5=>0xffffffffffffffff}, &(0x7f0000000200), &(0x7f0000000280)}, 0x20)
write(r5, &(0x7f00000003c0)="cb22db2dc3eca9337b703a53d4828df8539d7380af7fc2bca4110a86d089df35b9f8451c6075e809b4ce118c860ceae8cc89937665c1c9044a752f13f9d1f810bdca878ab061f2390605987ba2686a325aa2936a683e4bafdd1f8e079be2e828cc276e2b86bd5e7ab2b07c6172304b091905771842674f6032e1c2edca7b8608664c337610df8ef30eeed63259a27283c7e930deb598336506e727cb", 0x9c)
r6 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r6, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r6, 0x7a0, &(0x7f0000000240)={@hyper})
ioctl$DRM_IOCTL_GET_CLIENT(r0, 0xc0286405, &(0x7f0000000180)={0x7, 0x100, {r4}, {<r7=>0x0}, 0x0, 0x8})
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x0)
setresuid(0x0, 0x0, 0x0)
setreuid(r7, 0x0)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r6, 0x7a8, &(0x7f0000000300)={{@hyper, 0x800000}, @my=0x1, 0x0, 0x0, 0x2, 0xfffffffffffffffe})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r6, 0x7a8, &(0x7f00000000c0)={{@host, 0xffffffff}, @host, 0x0, 0x0, 0x1, 0x4})
close(r6)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x9, 0xfffffffffffffffd}, 0x0, 0x0, 0x0, 0x0)
r8 = socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$sock_inet_tcp_SIOCATMARK(r8, 0x8905, &(0x7f0000000500))

1.712736284s ago: executing program 2 (id=1882):
ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f00000003c0)={0x2d, 0x1, 0x1, "1c13ebdaf2f20d55806ba058e8edb1439bfcc1000000efffffffffffffff00", 0x494e4f4b})

1.559932888s ago: executing program 5 (id=1883):
syz_mount_image$cramfs(&(0x7f0000000000), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f00000006c0)=ANY=[], 0xfd, 0x146, &(0x7f00000002c0)="$eJzsj79LOnEcxl/39de30jQwsKAIGhLDPE9sa9BIErKDwqUp0IsCTVEIx2pu6A9wKIImcYjGhrLJUgj7O9yCxuLjXYXQ0v55LXfv1/PwcLe20g3iAxsmq6ViuWJUq0Z+bkvPpLZvbu/GhXcB/weNYrkiynmzf5+AffG0Q//E1I+ef0DBWMqVCuLuJyAIJMdg78CBitkdFc4vXMGIWi44D61J02m/uJjlpu2Q9JpO7H1cwoLYm/jZewNqdYf1Z+HQ9YwtYR3U6ovNxtNmp50Oh2aNMy01deUO2MgaTkAR+WukHX6JNBu9biezoWf0bkzTlmNqVFXjPf25k44fn2Nfdx/BjjK85xQbWThVoK5AY5D3HxQP0Lp414tel38EOPSBMpwo1veZSW434PgyfL9IJBKJRCKRSCQSiUTyVz4DAAD//0wAXes=")
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x13, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x36, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x20702, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$netlink(r1, &(0x7f0000001f80)={0x0, 0x0, &(0x7f0000001f00)=[{&(0x7f0000002840)={0x114, 0x27, 0x1, 0x0, 0x0, "", [@nested={0x101, 0x0, 0x0, 0x1, [@generic="24d4e3455c7216da3484447f8a081f930884b55764ca84de3d0e7bc8d6f29cd84ba9408cf2351604f1724e10a8fcc3988de886d82375980e92a1ba2f8410b06773cbbf6293af17222761aa1289e6a8f1d888f4809cdccfe1c8695630dcb6bad9b53d1d97f2f820a715ce709fcaa40a70dc4c98ebbe761c0eec46d4f50508215e72fc781a471b1a7c769a074f2d6388253cfdd4b0e37a788fbb7296ae39bb35439c66437fa3347adfaca46f74fbc95f1b070287096cc9bdc953ea637c118a68a8ddc03aa44e8aa8ca5dac063a05", @typed={0x2d, 0x0, 0x0, 0x0, @binary="8bb982eb4ec7e08b552a2807c00bbfbbb5369dd1e04690a1267e29e89d27673db50050419e278e6130"}]}]}, 0x114}], 0x1}, 0x0)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
execve(&(0x7f00000003c0)='./file2\x00', 0x0, 0x0)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0x2}, {0xffff, 0xffff}, {0x0, 0x6}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0xfffff4b8}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r7 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r9, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0xb, 0xd}, {}, {0x8, 0xfff1}}}, 0x24}, 0x1, 0x0, 0x0, 0x48040}, 0x40004)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r9)
ioctl$EVIOCGPROP(r2, 0x40047438, 0x0)
sendmmsg(0xffffffffffffffff, &(0x7f0000001d00), 0x0, 0x24005805)

1.559217768s ago: executing program 6 (id=1884):
openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c6261636b67726f756e645f67633d6f6e2c6e6f757365725f78617474722c6e6f71756f74612c64697361626c655f726f6c6c5f666f72776172642c67635f6d657267652c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c646973636172645f756e69743d73656374696f6e2c636865636b706f696e743d64697361626c652c6e6f696e6c696e655f64656e7472792c00ec6da92d1c80a6c720380e3c2c55bf27596d2776ce408c4bb19b149757508e1c7e919c6c2047023baa412d14fa75c8cac6e5f103e13ea52708af0a7c5da8af4ecb6612"], 0x2, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000002200), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r1 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
pwrite64(r1, &(0x7f0000000140)='2', 0x1, 0x8000c61)
ioctl$EXT4_IOC_MOVE_EXT(r1, 0x40305829, &(0x7f0000000240)={0x17c04, 0xffffffffffffffff, 0x4ffa1, 0x100000001})

1.541137028s ago: executing program 4 (id=1885):
socket$inet6_mptcp(0xa, 0x1, 0x106)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)}, {0x0}], 0x2)
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x200, 0x0)
ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f0000000640)=0x10)
r3 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x1fd, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x300000f, 0x11011, r3, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000080)={@random="e33110495bfd", @dev, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "a7751a", 0x0, 0x3a, 0x30d66df472e0f96c, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2}}}}, 0x0)
r4 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000340)={{0x1}, &(0x7f0000000200), &(0x7f0000000280)}, 0x20)
r5 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r5, 0x7a7, &(0x7f0000000040)=0x90000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r5, 0x7a0, &(0x7f0000000240)={@hyper})
ioctl$DRM_IOCTL_GET_CLIENT(r0, 0xc0286405, &(0x7f0000000180)={0x7, 0x100, {r4}, {<r6=>0x0}, 0x0, 0x8})
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x0)
setresuid(0x0, 0x0, 0x0)
setreuid(r6, 0x0)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r5, 0x7a8, &(0x7f0000000300)={{@hyper, 0x800000}, @my=0x1, 0x0, 0x0, 0x2, 0xfffffffffffffffe})
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r5, 0x7a8, &(0x7f00000000c0)={{@host, 0xffffffff}, @host, 0x0, 0x0, 0x1, 0x4})
close(r5)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x9, 0xfffffffffffffffd}, 0x0, 0x0, 0x0, 0x0)
r7 = socket$inet_mptcp(0x2, 0x1, 0x106)
ioctl$sock_inet_tcp_SIOCATMARK(r7, 0x8905, &(0x7f0000000500))

1.168836976s ago: executing program 2 (id=1886):
openat$kvm(0xffffffffffffff9c, 0x0, 0x101100, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x4e21, @multicast1}, 0x10)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x88200, 0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
mount$cgroup(0x0, 0x0, &(0x7f0000000140), 0x400, &(0x7f00000003c0)={[{@subsystem='perf_event'}]})
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(0xffffffffffffffff, 0x6, 0xd, &(0x7f0000000040)='htcp\x00', 0x5)
connect$inet(0xffffffffffffffff, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
sendto$inet(0xffffffffffffffff, &(0x7f0000000000), 0xffffffffffffff94, 0xb, 0x0, 0x0)
recvfrom$inet(0xffffffffffffffff, &(0x7f0000000080)=""/8, 0xfffffffffffffd0b, 0xc9100120, 0x0, 0xfffffffffffffd25)
socket$nl_netfilter(0x10, 0x3, 0xc)

462.266541ms ago: executing program 5 (id=1887):
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x400c84, &(0x7f0000000340), 0x1, 0x77c, &(0x7f0000001180)="$eJzs3c9rHFUcAPDvbJKmTauJIGg9BQQNlG5Mja2CYMWDCBYKerZdNttQs8mW7KY0IaBFBC+CigdBLz37o968+uOq/4UHsVRNixUPEpnNTrttdtNsmmSr+/nAJO/NzO6b776ZeW93HjMB9KzR9E8u4mBEfJBEDDfmJxExUE/1RxxfW+/GynIxnZJYXX3t96S+zvWV5WI0vSa1v5F5NCK+fzfiUG59udXFpZlCuVyab+THa7PnxquLS4fPzhamS9OluaMTk5NHjj1z7Oj2xfrnT0sHrnz48pNfHf/7nUcuv/9DEsfjQGNZcxzbZTRGG5/JQPoR3ual7S6sy5JubwBbkh6afWtHeRyM4eirpwCA/7O3ImIVAOgp/dp/AOg52e8A11eWi9nU3V8kdtfVFyNi71r82fXNtSX9jWt2e+vXQYeuJ7ddGUkiYmQbyh+NiM++eeOLdIodug4J0MrbFyPi9Mjo+vN/sm7MQqee2mDZnsb/0TvmO//B7vk27f8826r/l7vZ/4kW/Z/BFsfuVtz1+N+3DYVsIO3/Pd80tu1GU/wNI32N3AP1Pt9AcuZsuZSe2x6MiLEYGEzzE2vrthwGNXbtn2vtym/u//3x0Zufp+Wn/2+tkfu1f/D210wVaoV7jTtz9WLEY/2t4k9u1n/Spv97cpNlvPLce5+2W5bGn8abTevjj8bopJ2xeiniiZb1f6sqkw3HJ47Xd4fxbKdo4eufPxlqV35z/adTWn72XWA3pPU/tHH8I0nzeM1q52X8eGn4u3bL7h5/6/1/T/J6PZ31Iy4UarX5iYg9yavr5x+59dosn62fxj/2eOvjf6P9P/1OeHqT8fdf+e3Lrce/s9L4pzqq/84Tl2/M9LUrf3P1P1lPjTXmbOb8t9kNvJfPDgAAAAAAAAAAAAAAAAAAAAAAAAA2KxcRByLJ5W+mc7l8fu0Z3g/HUK5cqdYOnakszE1F/VnZIzGQy251Odx0P9SJxv3ws/yRO/JPR8RDEfHx4L4ku4/iVJdjBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDM/jbP/0/9MtjtrQMAdszebm8AALDrtP8A0Hu0/wDQe7T/ANB7tP8A0Hu0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOywkydOpNPqXyvLxTQ/dX5xYaZy/vBUqTqTn10o5ouV+XP56UplulzKFyuzd3u/cqVybjLmFi6M10rV2nh1cenUbGVhrnbq7GxhunSqNLArUQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAZ6qLSzOFcrk0L7GFxOr9sRndT/Q1dqc7FyUR0ekbvhBdD6ezRHJ/bMY2J7p8YgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4j/g3AAD//5EOHsI=")
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x9, 0x8, 0x6, 0x1}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000181100", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000850000002300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000780)='ext4_unlink_exit\x00', r1}, 0x10)
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0)

151.340376ms ago: executing program 6 (id=1888):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0)
ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, &(0x7f00000000c0)={'dt2815\x00', [0x4f27, 0x5, 0x10000, 0x4, 0x5, 0x8, 0x8, 0x7, 0xa, 0x200100, 0x2, 0x1, 0x6, 0x1, 0x6, 0x101, 0x0, 0x1a449, 0x0, 0x40000003, 0x89, 0x4, 0x0, 0x20001e58, 0xb, 0xe69, 0x3c, 0xb06b, 0x6, 0x0, 0xfffffff8]})

132.931227ms ago: executing program 4 (id=1889):
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000580)='./file1\x00', 0x840, &(0x7f0000000400)={[{@errors_remount}, {@min_batch_time={'min_batch_time', 0x3d, 0x5}}]}, 0x1, 0x580, &(0x7f00000005c0)="$eJzs3U1oHGUfAPD/TLJvv/K+6QvvCyo9FBUqlG6Sfmj11F7FQqEHwYuGzTaUbLIhm2gTckjvRexBVHqpNz14VDx4EC8evXpRPAvFBoWmB12Z/UjSZJMmtZvVzO8HszvPPLP7f+bjP7szPMMEkFvHs5c04umIuJxEDK6r649W5fHmfCvLi6UHy4ulJOr1K78kkUTE/eXFUnv+pPV+JCKWIuKpiPimEHEy3Ry3Nr8wMVqplGda5aHZyemh2vzCqWuTo+Pl8fLUmZdePnf+7LmR0yPrP/agvr5U2N2y3vzx1rs3v3v1zq1PPzu2VHp/NIkLMdCqW78cT1JznRTiwobpZ7sRrIeSXjeAx9LXyvMslf4fg9HXyvpO6oN72jSgy+oHIupATiXyH3Kq/T8gO/9tD3v5/+PuxeYJSBZ3pTU0a/qb1ybiYOPc5PCvyUNnJtn55tG9bCj70tKNiBju79+8/yet/e/xDT+JBtJVX19sbqjN2z9dPf5Eh+PPQPva6V/UPv6tbDr+rcXv2+L4d3mHMX5/46ePtox/I+KZjvGT1fhJh/hpRLy1w/i3X//y/FZ19Y8jTkTn+G3J9teHh65eq5SHm68dY3x14tgr2y3/4S3iN6/ZHmz8zHRa/9PRuoD2CF98+/mzS9vEf+G57bd/p/V/KCLee3Tohv/e/+S1reru3kjuZf8Cdrv9s2l3dhj/xQvHf9jhrAAAAAAAAAAAwC6kjb5sSVpcHU/TYrF5D+//4nBaqdZmT16tzk2NNfu8HY1C2u5pNdgsJ1l5pNUft10+3eqj1C6fafeT6jvUKBdL1cpYj5cdAAAAAAAAAAAAAAAAAAAA/i6ObLj//7e+xv3/Gx9XDexXWz/yG9jv5D/k18P5n/SsHcDe8/sPuVWX/5Bf8h/yS/5Dfsl/yC/5D/kl/yG/5D8AAAAAAAAAAAAAAAAAAAAAAAAAAHTF5UuXsqH+YHmxlJXH+ufnJqpvnxor1yaKk3OlYqk6M10cr1bHK+ViqTr5qO9LqtXp4Ziauz40W67NDtXmF96crM5NtZ8pWi50fYkAAAAAAAAAAAAAAAAAAADgn2cgIv4TSVqMiLRRTtNiMeLfEXE0CsnVa5XycGOeiO/7Cgey8kivGw0AAAAAAAAAAAAAAAAAAAD7TG1+YWK0UinP5GSkfzczR8TSk21G9o07mDmNiLUphda22ssVlcd9w8iGnR8AAAAAAAAAAAAAAAAAANhTazf97vQTf3S3QQAAAAAAAAAAAAAAAAAAAJBL6c9JRGTDicHnBzbW/itZ6Wu8R8Q7t698cH10dnZmJJt+b3X67Iet6ad70X5gp9p52s5jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYE1tfmFitFIpz3RxpNfLCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPA4/gwAAP//2JHUDg==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x141042, 0x0)
r1 = open(&(0x7f00000001c0)='./file1\x00', 0x20042, 0x45)
r2 = open(&(0x7f0000000200)='./file2\x00', 0x100, 0x123)
copy_file_range(r2, 0x0, r1, 0x0, 0x3df1, 0x0)
fallocate(r0, 0x0, 0xfff, 0xff9)

106.575668ms ago: executing program 1 (id=1890):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="09000000030000000800"], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xc, &(0x7f0000000740)=ANY=[@ANYBLOB="180000000000000000000000fcffff0318110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r5}, 0x10)
keyctl$restrict_keyring(0xa, 0x0, &(0x7f0000000300)='asymmetric\x00', &(0x7f0000000180)='i=Ov:cb2e\xdf\xff\xff\x04\x00\xff\xff\xff')
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00'}, 0x10)
r6 = syz_open_procfs(0x0, &(0x7f0000000400)='map_files\x00')
getdents(r6, &(0x7f0000000000)=""/42, 0x2a)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000000900010073797a300000000064000000030a01030000000000000000050000000900010073797a30000000000900030073797a300000000008000a40000000032800048008000240000000120800014000000000140003006e657464657673696d30000000000000080000000000000014000000110001"], 0xac}}, 0x4)
sendmsg$NFT_BATCH(r7, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a24000000020a01080000000000000000050000060800024000000003080002400000000014000000110001"], 0x4c}}, 0xc050)
semtimedop(0x0, &(0x7f00000003c0)=[{0x2, 0x4, 0x1800}], 0x1, 0x0)

0s ago: executing program 5 (id=1891):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x18)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="09000000030000000800000004"], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xc, &(0x7f0000000740)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r4}, 0x10)
keyctl$restrict_keyring(0xa, 0x0, &(0x7f0000000300)='asymmetric\x00', &(0x7f0000000180)='i=Ov:cb2e\xdf\xff\xff\x04\x00\xff\xff\xff')
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kfree\x00'}, 0x10)
r5 = syz_open_procfs(0x0, &(0x7f0000000400)='map_files\x00')
getdents(r5, &(0x7f0000000000)=""/42, 0x2a)
r6 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r6, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000050000000900010073797a300000000064000000030a01030000000000000000050000000900010073797a30000000000900030073797a300000000008000a40000000032800048008000240000000120800014000000000140003006e657464657673696d30000000000000080000000000000014000000110001"], 0xac}}, 0x4)
sendmsg$NFT_BATCH(r6, &(0x7f0000000cc0)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000100000a24000000020a01080000000000000000050000060800024000000003080002400000000014000000110001"], 0x4c}}, 0xc050)
semtimedop(0x0, &(0x7f00000003c0)=[{0x2, 0x4, 0x1800}], 0x1, 0x0)

kernel console output (not intermixed with test programs):

ce loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 7934 vs 220 free clusters
[  556.335825][ T4274] EXT4-fs (loop2): unmounting filesystem.
[  556.649072][ T8891] loop2: detected capacity change from 0 to 2048
[  556.843931][ T8892] binder: 8888:8892 ioctl c0306201 0 returned -14
[  558.027475][ T8891] Alternate GPT is invalid, using primary GPT.
[  558.034129][ T8891]  loop2: p1 p2 p3
[  558.638276][ T4414] udevd[4414]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory
[  558.652951][ T4459] udevd[4459]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory
[  558.689733][ T4418] udevd[4418]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  559.879574][ T8909] loop5: detected capacity change from 0 to 40427
[  559.921982][ T8909] F2FS-fs (loop5): invalid crc value
[  559.932134][ T8909] F2FS-fs (loop5): Found nat_bits in checkpoint
[  559.957511][ T8909] F2FS-fs (loop5): Start checkpoint disabled!
[  559.967974][ T8909] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  560.290633][ T8906] loop2: detected capacity change from 0 to 64
[  560.517596][ T4483] kworker/u4:12: attempt to access beyond end of device
[  560.517596][ T4483] loop5: rw=1, sector=45096, nr_sectors = 8 limit=40427
[  560.567500][ T4483] kworker/u4:12: attempt to access beyond end of device
[  560.567500][ T4483] loop5: rw=2049, sector=40960, nr_sectors = 32 limit=40427
[  562.248846][   T22] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  562.879466][ T1276] ieee802154 phy0 wpan0: encryption failed: -22
[  562.886121][ T1276] ieee802154 phy1 wpan1: encryption failed: -22
[  563.310228][   T22] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  563.328610][   T22] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xBA, skipping
[  563.348050][   T22] usb 3-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  563.359609][   T22] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  563.369007][   T22] usb 3-1: Product: syz
[  563.373209][   T22] usb 3-1: Manufacturer: syz
[  563.378478][   T22] usb 3-1: SerialNumber: syz
[  563.409467][   T22] usb 3-1: config 0 descriptor??
[  563.430029][ T8934] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  563.437419][ T8934] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  563.446376][   T22] usb 3-1: ucan: probing device on interface #0
[  563.459920][ T8947] loop5: detected capacity change from 0 to 512
[  563.472168][   T22] usb 3-1: ucan: invalid EP count (1)
[  563.477603][   T22] usb 3-1: ucan: probe failed; try to update the device firmware
[  563.563070][ T8947] EXT4-fs error (device loop5): ext4_orphan_get:1400: inode #15: comm syz.5.1025: iget: bad extended attribute block 1
[  563.617970][ T8947] EXT4-fs error (device loop5): ext4_orphan_get:1405: comm syz.5.1025: couldn't read orphan inode 15 (err -117)
[  563.666655][ T8947] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  563.806302][ T8958] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 7934 vs 220 free clusters
[  564.380554][ T7617] EXT4-fs (loop5): unmounting filesystem.
[  564.427936][ T8956] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  564.454373][ T8956] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  564.472415][ T8956] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  564.491177][ T8956] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  564.515787][ T8956] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  564.534614][ T8956] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  564.553488][ T8956] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  564.577712][ T8956] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  564.606362][ T8956] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  564.634652][ T8956] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  564.669826][ T8956] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  565.378480][   T22] usb 3-1: USB disconnect, device number 6
[  565.458685][ T8956] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  565.464771][ T8956] Bluetooth: hci5: Suspend notifier action (1) failed: -4
[  565.738785][ T4272] Bluetooth: hci2: command 0x0c1a tx timeout
[  566.499152][ T4272] Bluetooth: hci3: command 0x0c1a tx timeout
[  566.539058][ T4272] Bluetooth: hci4: command 0x0c1a tx timeout
[  566.618636][ T4272] Bluetooth: hci1: command 0x0c1a tx timeout
[  566.700853][ T4272] Bluetooth: hci5: command 0x0c1a tx timeout
[  567.002506][ T8983] loop1: detected capacity change from 0 to 40427
[  567.022421][ T8983] F2FS-fs (loop1): invalid crc value
[  567.149027][ T8983] F2FS-fs (loop1): Found nat_bits in checkpoint
[  567.183098][ T8983] F2FS-fs (loop1): Start checkpoint disabled!
[  567.229569][ T8983] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  568.539180][ T4272] Bluetooth: hci3: command 0x0406 tx timeout
[  568.618866][ T4272] Bluetooth: hci4: command 0x0406 tx timeout
[  568.698684][ T4272] Bluetooth: hci1: command 0x0406 tx timeout
[  569.120720][ T4272] Bluetooth: hci5: command 0x0406 tx timeout
[  570.137880][ T5052] kworker/u4:20: attempt to access beyond end of device
[  570.137880][ T5052] loop1: rw=1, sector=45096, nr_sectors = 8 limit=40427
[  570.211327][ T5052] kworker/u4:20: attempt to access beyond end of device
[  570.211327][ T5052] loop1: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  570.468804][  T128] usb 7-1: new full-speed USB device number 3 using dummy_hcd
[  570.824645][  T128] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  571.702180][  T128] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  571.717046][  T128] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  571.728401][  T128] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  571.750073][  T128] usb 7-1: config 0 descriptor??
[  572.240309][ T9019] loop1: detected capacity change from 0 to 2048
[  572.284039][  T128] savu 0003:1E7D:2D5A.0002: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.6-1/input0
[  572.377328][ T9019] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  572.642389][ T9024] loop4: detected capacity change from 0 to 40427
[  572.672131][ T9019] EXT4-fs error (device loop1): ext4_free_inode:355: comm syz.1.1040: bit already cleared for inode 15
[  572.690005][ T9024] F2FS-fs (loop4): invalid crc value
[  572.725155][ T9024] F2FS-fs (loop4): Found nat_bits in checkpoint
[  572.755309][ T9024] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  572.773860][ T8160] usb 7-1: USB disconnect, device number 3
[  573.623067][ T9030] fido_id[9030]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory
[  573.713790][ T4278] syz-executor: attempt to access beyond end of device
[  573.713790][ T4278] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  573.787276][ T9016] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  573.828477][ T4267] EXT4-fs (loop1): unmounting filesystem.
[  575.285466][ T9051] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1046'.
[  575.711239][ T9055] loop4: detected capacity change from 0 to 128
[  575.748989][ T9055] FAT-fs (loop4): invalid media value (0x01)
[  575.962562][ T9055] FAT-fs (loop4): Can't find a valid FAT filesystem
[  576.817218][ T9070] loop2: detected capacity change from 0 to 512
[  576.946596][ T9070] EXT4-fs error (device loop2): ext4_orphan_get:1400: inode #15: comm syz.2.1051: iget: bad extended attribute block 1
[  576.973508][ T9070] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.1051: couldn't read orphan inode 15 (err -117)
[  577.071357][ T9070] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  577.194516][ T9076] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 7934 vs 220 free clusters
[  577.727428][ T4274] EXT4-fs (loop2): unmounting filesystem.
[  578.085675][ T9090] loop2: detected capacity change from 0 to 1024
[  578.184001][ T9090] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  578.285455][ T9094] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  579.402268][ T4274] EXT4-fs (loop2): unmounting filesystem.
[  580.241883][ T9112] loop1: detected capacity change from 0 to 128
[  580.287143][ T9112] FAT-fs (loop1): invalid media value (0x01)
[  580.308688][ T9112] FAT-fs (loop1): Can't find a valid FAT filesystem
[  580.621675][ T9116] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  583.441634][ T9138] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  584.012152][ T9123] loop2: detected capacity change from 0 to 128
[  584.089716][ T9123] FAT-fs (loop2): Invalid FSINFO signature: 0x41000000, 0x61417272 (sector = 1)
[  585.883159][ T9144] loop1: detected capacity change from 0 to 40427
[  585.958899][ T9144] F2FS-fs (loop1): invalid crc value
[  586.025787][ T9144] F2FS-fs (loop1): Found nat_bits in checkpoint
[  586.057033][ T4522] FAT-fs (loop2): Invalid FSINFO signature: 0x41000000, 0x61417272 (sector = 1)
[  586.197586][ T9144] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  586.918863][ T9189] loop5: detected capacity change from 0 to 2048
[  586.998181][ T9189] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  587.066930][ T9189] EXT4-fs error (device loop5): ext4_free_inode:355: comm syz.5.1073: bit already cleared for inode 15
[  587.111608][ T4267] syz-executor: attempt to access beyond end of device
[  587.111608][ T4267] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  587.156644][ T7617] EXT4-fs (loop5): unmounting filesystem.
[  587.653499][ T9200] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  587.664199][ T9202] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  591.666859][ T9233] loop1: detected capacity change from 0 to 40427
[  591.714791][ T9233] F2FS-fs (loop1): invalid crc value
[  591.728233][ T9233] F2FS-fs (loop1): Found nat_bits in checkpoint
[  592.060444][ T9233] F2FS-fs (loop1): Start checkpoint disabled!
[  592.076181][ T9233] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  593.279995][ T9248] loop4: detected capacity change from 0 to 1024
[  594.209408][ T5037] hfsplus: b-tree write err: -5, ino 4
[  594.280966][ T4779] kworker/u4:18: attempt to access beyond end of device
[  594.280966][ T4779] loop1: rw=1, sector=45096, nr_sectors = 8 limit=40427
[  594.309752][ T4779] kworker/u4:18: attempt to access beyond end of device
[  594.309752][ T4779] loop1: rw=2049, sector=40960, nr_sectors = 32 limit=40427
[  594.718761][ T4312] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  594.918828][ T4312] usb 7-1: Using ep0 maxpacket: 8
[  594.933032][ T4312] usb 7-1: unable to get BOS descriptor or descriptor too short
[  595.047071][ T4312] usb 7-1: too many endpoints for config 4 interface 0 altsetting 102: 65, using maximum allowed: 30
[  595.199793][ T4312] usb 7-1: config 4 interface 0 altsetting 102 has 0 endpoint descriptors, different from the interface descriptor's value: 65
[  595.386734][ T4312] usb 7-1: config 4 interface 0 has no altsetting 0
[  595.501601][ T4312] usb 7-1: string descriptor 0 read error: -22
[  595.591630][ T4312] usb 7-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05
[  595.708631][ T4312] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  595.775970][ T4312] usb 7-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state
[  595.879980][ T4312] usb 7-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  595.947553][ T4312] dvbdev: DVB: registering new adapter (Sigmatek DVB-110)
[  595.979277][ T9256] usb 7-1: dvb_usb_au6610: wlen=0, aborting
[  596.023333][ T4312] usb 7-1: media controller created
[  596.248305][ T4312] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  597.696105][ T9283] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  598.140561][ T4312] zl10353_read_register: readreg error (reg=127, ret==0)
[  598.823678][ T4312] usb 7-1: USB disconnect, device number 4
[  599.845523][ T9313] loop6: detected capacity change from 0 to 1024
[  600.216389][ T9322] loop1: detected capacity change from 0 to 40427
[  600.591505][ T9322] F2FS-fs (loop1): invalid crc value
[  600.841511][ T9322] F2FS-fs (loop1): Found nat_bits in checkpoint
[  600.870391][ T9322] F2FS-fs (loop1): Start checkpoint disabled!
[  600.914765][ T9322] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  601.182155][ T4401] hfsplus: b-tree write err: -5, ino 4
[  601.492763][ T4401] kworker/u4:9: attempt to access beyond end of device
[  601.492763][ T4401] loop1: rw=1, sector=45096, nr_sectors = 8 limit=40427
[  601.586180][ T8034] kworker/u4:10: attempt to access beyond end of device
[  601.586180][ T8034] loop1: rw=2049, sector=40960, nr_sectors = 32 limit=40427
[  601.971838][ T9348] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  602.844751][ T9358] loop4: detected capacity change from 0 to 512
[  602.950171][ T9358] EXT4-fs error (device loop4): ext4_orphan_get:1400: inode #15: comm syz.4.1102: iget: bad extended attribute block 1
[  602.971678][ T9358] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.1102: couldn't read orphan inode 15 (err -117)
[  603.093691][ T9358] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  603.977668][ T9367] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 7934 vs 220 free clusters
[  604.206923][ T9338] loop2: detected capacity change from 0 to 32768
[  604.251919][ T9338] XFS (loop2): Mounting V5 Filesystem
[  604.329506][ T4278] EXT4-fs (loop4): unmounting filesystem.
[  604.499989][ T9338] XFS (loop2): AIL initialisation failed: error -12
[  605.868700][ T9338] XFS (loop2): log mount failed
[  606.262043][ T9407] loop5: detected capacity change from 0 to 1024
[  607.660596][ T9416] loop6: detected capacity change from 0 to 40427
[  607.696985][    T9] hfsplus: b-tree write err: -5, ino 4
[  607.728739][ T9416] F2FS-fs (loop6): invalid crc value
[  607.753277][ T9416] F2FS-fs (loop6): Found nat_bits in checkpoint
[  607.792337][ T9416] F2FS-fs (loop6): Start checkpoint disabled!
[  607.839177][ T9416] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6
[  611.028624][ T4273] Bluetooth: hci5: command 0x0406 tx timeout
[  611.891778][ T9451] loop2: detected capacity change from 0 to 40427
[  611.904530][ T9451] F2FS-fs (loop2): invalid crc value
[  611.958976][ T4486] kworker/u4:13: attempt to access beyond end of device
[  611.958976][ T4486] loop6: rw=1, sector=45096, nr_sectors = 8 limit=40427
[  611.989965][ T9451] F2FS-fs (loop2): Found nat_bits in checkpoint
[  612.032109][ T9451] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  612.060640][ T4398] kworker/u4:8: attempt to access beyond end of device
[  612.060640][ T4398] loop6: rw=2049, sector=40960, nr_sectors = 32 limit=40427
[  612.747266][ T4274] syz-executor: attempt to access beyond end of device
[  612.747266][ T4274] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  613.600758][ T9461] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  613.717910][ T9461] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  613.814841][ T9461] Bluetooth: hci3: Opcode 0x0406 failed: -4
[  613.917773][ T9461] Bluetooth: hci3: Suspend notifier action (1) failed: -4
[  614.042770][ T9461] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  614.174216][ T9461] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  614.309340][ T9461] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  614.373614][ T9461] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  614.380778][ T9461] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  614.388054][ T9461] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  614.395388][ T9461] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  614.401521][ T9461] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  614.407504][ T9461] Bluetooth: hci5: Suspend notifier action (1) failed: -4
[  614.492001][ T9481] loop1: detected capacity change from 0 to 64
[  614.737430][ T9487] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1121'.
[  614.760845][ T9487] IPv6: ADDRCONF(NETDEV_CHANGE): gre2: link becomes ready
[  615.025486][ T4273] Bluetooth: hci2: command 0x0c1a tx timeout
[  615.850109][ T4273] Bluetooth: hci3: command 0x0c1a tx timeout
[  615.924528][ T9467] loop5: detected capacity change from 0 to 32768
[  616.110199][ T4273] Bluetooth: hci4: command 0x0c1a tx timeout
[  617.005221][ T9502] loop2: detected capacity change from 0 to 256
[  617.012072][ T9502] exfat: Bad value for 'dmask'
[  617.031838][ T4273] Bluetooth: hci1: command 0x0c1a tx timeout
[  617.038619][ T4273] Bluetooth: hci5: command 0x0c1a tx timeout
[  617.915286][ T4272] Bluetooth: hci3: command 0x0406 tx timeout
[  618.007418][ T9508] loop4: detected capacity change from 0 to 512
[  618.100316][ T9508] EXT4-fs error (device loop4): ext4_orphan_get:1400: inode #15: comm syz.4.1129: iget: bad extended attribute block 1
[  618.218759][ T4272] Bluetooth: hci4: command 0x0406 tx timeout
[  618.225909][ T9508] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.1129: couldn't read orphan inode 15 (err -117)
[  618.307907][ T9515] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  618.424681][ T9508] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  618.743363][ T9517] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 7934 vs 220 free clusters
[  619.048101][ T4278] EXT4-fs (loop4): unmounting filesystem.
[  619.099015][ T4272] Bluetooth: hci5: command 0x0406 tx timeout
[  619.105218][ T4272] Bluetooth: hci1: command 0x0406 tx timeout
[  619.271659][ T9525] loop2: detected capacity change from 0 to 40427
[  619.301656][ T9525] F2FS-fs (loop2): invalid crc value
[  619.323239][ T9525] F2FS-fs (loop2): Found nat_bits in checkpoint
[  619.351175][ T9525] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  620.069110][ T4274] syz-executor: attempt to access beyond end of device
[  620.069110][ T4274] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  620.191225][ T9531] loop5: detected capacity change from 0 to 4096
[  624.252220][ T9580] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1143'.
[  624.275461][ T9580] IPv6: ADDRCONF(NETDEV_CHANGE): gre2: link becomes ready
[  624.379283][ T1276] ieee802154 phy0 wpan0: encryption failed: -22
[  624.385671][ T1276] ieee802154 phy1 wpan1: encryption failed: -22
[  624.567538][ T9582] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1143'.
[  625.034364][ T9587] loop5: detected capacity change from 0 to 512
[  625.870933][ T9587] EXT4-fs error (device loop5): ext4_orphan_get:1400: inode #15: comm syz.5.1144: iget: bad extended attribute block 1
[  625.940624][  T128] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  625.965592][ T9587] EXT4-fs error (device loop5): ext4_orphan_get:1405: comm syz.5.1144: couldn't read orphan inode 15 (err -117)
[  626.049847][ T9587] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  626.167537][ T9608] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 7934 vs 220 free clusters
[  626.331331][  T128] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  626.506110][ T9607] loop2: detected capacity change from 0 to 40427
[  626.513780][  T128] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xBA, skipping
[  626.538624][  T128] usb 2-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  626.558567][  T128] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  626.577015][ T9607] F2FS-fs (loop2): invalid crc value
[  626.588670][  T128] usb 2-1: Product: syz
[  626.589424][ T7617] EXT4-fs (loop5): unmounting filesystem.
[  626.596722][  T128] usb 2-1: Manufacturer: syz
[  626.605704][ T9614] loop4: detected capacity change from 0 to 512
[  626.606903][  T128] usb 2-1: SerialNumber: syz
[  626.622535][  T128] usb 2-1: config 0 descriptor??
[  626.628128][ T9600] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  626.635635][ T9600] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  626.645241][  T128] usb 2-1: ucan: probing device on interface #0
[  626.651927][  T128] usb 2-1: ucan: invalid EP count (1)
[  626.657422][  T128] usb 2-1: ucan: probe failed; try to update the device firmware
[  626.693630][ T9607] F2FS-fs (loop2): Found nat_bits in checkpoint
[  626.730787][ T9607] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  626.842132][ T9614] Quota error (device loop4): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5
[  627.359692][ T9614] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  627.374312][ T9614] EXT4-fs error (device loop4): ext4_acquire_dquot:6814: comm syz.4.1149: Failed to acquire dquot type 1
[  627.416219][ T4274] syz-executor: attempt to access beyond end of device
[  627.416219][ T4274] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  627.483469][ T9614] EXT4-fs (loop4): 1 truncate cleaned up
[  627.490680][ T9614] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  627.610531][ T9614] ext4 filesystem being mounted at /247/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  627.716030][ T9632] overlayfs: unrecognized mount option "measure" or missing value
[  628.329507][ T7750] usb 2-1: USB disconnect, device number 11
[  628.513559][ T4278] EXT4-fs (loop4): unmounting filesystem.
[  628.674614][ T9642] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1153'.
[  628.759602][ T9642] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1153'.
[  631.001256][  T128] usb 6-1: new full-speed USB device number 2 using dummy_hcd
[  631.207848][ T9672] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  631.523995][  T128] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  632.591497][  T128] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  632.657665][  T128] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  632.666803][  T128] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  632.677205][  T128] usb 6-1: config 0 descriptor??
[  632.833203][ T9680] loop6: detected capacity change from 0 to 128
[  632.885338][ T9680] FAT-fs (loop6): invalid media value (0x01)
[  632.978602][ T9680] FAT-fs (loop6): Can't find a valid FAT filesystem
[  633.078165][  T128] usbhid 6-1:0.0: can't add hid device: -71
[  633.084398][  T128] usbhid: probe of 6-1:0.0 failed with error -71
[  633.096350][  T128] usb 6-1: USB disconnect, device number 2
[  633.119769][ T9682] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  633.948698][ T4312] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  633.957112][ T9698] loop2: detected capacity change from 0 to 512
[  634.242518][ T9701] loop4: detected capacity change from 0 to 2048
[  634.264547][ T9701] hpfs: filesystem error: invalid size in superblock: ffffffff; already mounted read-only
[  635.426151][ T9698] Quota error (device loop2): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5
[  635.469976][ T9701] netlink: 'syz.4.1166': attribute type 4 has an invalid length.
[  635.563089][ T9698] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  635.698124][ T4312] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  635.734570][ T9698] EXT4-fs error (device loop2): ext4_acquire_dquot:6814: comm syz.2.1164: Failed to acquire dquot type 1
[  635.780207][ T4312] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xBA, skipping
[  635.810182][ T4312] usb 2-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  635.824882][ T4312] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  635.833134][ T4312] usb 2-1: Product: syz
[  635.837582][ T4312] usb 2-1: Manufacturer: syz
[  635.842376][ T4312] usb 2-1: SerialNumber: syz
[  635.852965][ T4312] usb 2-1: config 0 descriptor??
[  635.902433][ T9708] netlink: 'syz.5.1167': attribute type 10 has an invalid length.
[  635.920428][ T9697] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  635.927688][ T9697] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  635.947363][ T4312] usb 2-1: ucan: probing device on interface #0
[  635.968869][ T9710] tmpfs: Unknown parameter 'quota'
[  636.029859][ T4312] usb 2-1: ucan: invalid EP count (1)
[  636.164473][ T4312] usb 2-1: ucan: probe failed; try to update the device firmware
[  636.573444][ T9698] EXT4-fs (loop2): 1 truncate cleaned up
[  636.584558][ T9698] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  636.603682][ T9698] ext4 filesystem being mounted at /240/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  636.818734][ T4274] EXT4-fs (loop2): unmounting filesystem.
[  637.047353][ T9719] loop5: detected capacity change from 0 to 64
[  637.202431][ T7748] usb 2-1: USB disconnect, device number 12
[  639.495673][ T9743] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  639.505911][ T9737] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  639.782518][ T9753] loop6: detected capacity change from 0 to 128
[  640.709067][ T9753] FAT-fs (loop6): invalid media value (0x01)
[  640.715085][ T9753] FAT-fs (loop6): Can't find a valid FAT filesystem
[  640.753917][ T9761] loop1: detected capacity change from 0 to 512
[  640.953867][ T9761] Quota error (device loop1): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5
[  641.017854][ T9761] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  641.098639][ T9761] EXT4-fs error (device loop1): ext4_acquire_dquot:6814: comm syz.1.1179: Failed to acquire dquot type 1
[  641.148311][ T9761] EXT4-fs (loop1): 1 truncate cleaned up
[  641.166643][ T9761] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  641.184010][ T9761] ext4 filesystem being mounted at /227/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  641.340664][ T4267] EXT4-fs (loop1): unmounting filesystem.
[  641.705351][ T9778] loop1: detected capacity change from 0 to 64
[  641.848164][ T9768] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  641.869144][ T9768] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  641.924953][ T9768] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  641.944444][ T9768] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  641.962883][ T9768] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  642.090187][ T9768] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  642.103678][ T9768] Bluetooth: hci1: Opcode 0x0406 failed: -4
[  642.139282][ T9768] Bluetooth: hci1: Suspend notifier action (1) failed: -4
[  642.147121][ T9768] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  642.153217][ T9768] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  642.159265][ T9768] Bluetooth: hci5: Suspend notifier action (1) failed: -4
[  642.558824][  T128] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  642.793452][  T128] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  642.858745][  T128] usb 2-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xBA, skipping
[  642.913459][  T128] usb 2-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  642.951530][  T128] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  643.128761][  T128] usb 2-1: Product: syz
[  643.241774][ T9793] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1186'.
[  643.266790][ T9793] IPv6: ADDRCONF(NETDEV_CHANGE): gre3: link becomes ready
[  643.295245][ T4273] Bluetooth: hci2: command 0x0c1a tx timeout
[  643.423960][ T9796] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1186'.
[  643.626460][  T128] usb 2-1: Manufacturer: syz
[  643.633074][  T128] usb 2-1: SerialNumber: syz
[  643.640159][  T128] usb 2-1: config 0 descriptor??
[  643.645843][ T9786] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  643.653164][ T9786] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  643.673283][  T128] usb 2-1: ucan: probing device on interface #0
[  643.695339][  T128] usb 2-1: ucan: invalid EP count (1)
[  643.729435][  T128] usb 2-1: ucan: probe failed; try to update the device firmware
[  643.901424][ T4273] Bluetooth: hci3: command 0x0c1a tx timeout
[  643.978614][ T4273] Bluetooth: hci4: command 0x0c1a tx timeout
[  644.178723][ T4273] Bluetooth: hci1: command 0x0c1a tx timeout
[  644.338946][ T4273] Bluetooth: hci5: command 0x0c1a tx timeout
[  644.371217][ T9807] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  645.018017][ T7748] usb 2-1: USB disconnect, device number 13
[  646.403673][ T4272] Bluetooth: hci4: command 0x0406 tx timeout
[  646.410331][ T4273] Bluetooth: hci5: command 0x0406 tx timeout
[  646.416658][ T4273] Bluetooth: hci1: command 0x0406 tx timeout
[  646.727369][ T9835] loop6: detected capacity change from 0 to 512
[  646.847091][ T9835] Quota error (device loop6): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5
[  646.999481][ T9838] loop4: detected capacity change from 0 to 2048
[  647.006390][ T9835] Quota error (device loop6): qtree_write_dquot: Error -117 occurred while creating quota
[  647.038354][ T9835] EXT4-fs error (device loop6): ext4_acquire_dquot:6814: comm syz.6.1193: Failed to acquire dquot type 1
[  647.749414][ T9835] EXT4-fs (loop6): 1 truncate cleaned up
[  647.769629][ T9835] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  647.790700][ T9835] ext4 filesystem being mounted at /38/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  647.831002][ T9838] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  647.934782][ T9838] EXT4-fs error (device loop4): ext4_free_inode:355: comm syz.4.1196: bit already cleared for inode 15
[  647.996558][ T8153] EXT4-fs (loop6): unmounting filesystem.
[  648.189167][ T9853] loop5: detected capacity change from 0 to 40427
[  648.214929][ T9853] F2FS-fs (loop5): invalid crc value
[  648.230311][ T9853] F2FS-fs (loop5): Found nat_bits in checkpoint
[  648.277264][ T9853] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  648.973359][ T4278] EXT4-fs (loop4): unmounting filesystem.
[  648.983502][ T7617] syz-executor: attempt to access beyond end of device
[  648.983502][ T7617] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  649.273899][ T9868] loop6: detected capacity change from 0 to 40427
[  649.302025][ T9868] F2FS-fs (loop6): invalid crc value
[  649.465539][ T9868] F2FS-fs (loop6): Found nat_bits in checkpoint
[  649.498796][ T9868] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  650.133028][ T8153] syz-executor: attempt to access beyond end of device
[  650.133028][ T8153] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  651.001225][   T22] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  651.370413][   T22] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  651.425530][   T22] usb 5-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xBA, skipping
[  651.463220][   T22] usb 5-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  651.496587][   T22] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  651.543248][   T22] usb 5-1: Product: syz
[  651.547539][   T22] usb 5-1: Manufacturer: syz
[  651.559594][   T22] usb 5-1: SerialNumber: syz
[  651.589362][   T22] usb 5-1: config 0 descriptor??
[  651.594908][ T9885] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  651.602608][ T9885] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  651.629469][   T22] usb 5-1: ucan: probing device on interface #0
[  651.635864][   T22] usb 5-1: ucan: invalid EP count (1)
[  651.682105][   T22] usb 5-1: ucan: probe failed; try to update the device firmware
[  653.429144][ T4913] usb 5-1: USB disconnect, device number 13
[  653.872815][ T9935] loop1: detected capacity change from 0 to 128
[  653.926090][ T9935] FAT-fs (loop1): invalid media value (0x01)
[  653.966657][ T9935] FAT-fs (loop1): Can't find a valid FAT filesystem
[  654.680595][ T9937] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  654.945477][ T9927] loop4: detected capacity change from 0 to 32768
[  655.228069][ T9927] ocfs2: Mounting device (7,4) on (node local, slot 0) with writeback data mode.
[  655.310482][   T27] audit: type=1800 audit(1753746517.683:4): pid=9927 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1210" name="bus" dev="loop4" ino=17058 res=0 errno=0
[  655.330859][    C0] vkms_vblank_simulate: vblank timer overrun
[  655.455834][ T4278] ocfs2: Unmounting device (7,4) on (node local)
[  656.663213][ T9958] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  656.729274][ T9970] loop2: detected capacity change from 0 to 128
[  656.763328][ T9970] FAT-fs (loop2): invalid media value (0x01)
[  656.788867][ T9970] FAT-fs (loop2): Can't find a valid FAT filesystem
[  656.808786][ T9958] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  656.814927][ T9958] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  656.876938][ T9958] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  656.898655][ T9958] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  656.905946][ T9958] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  656.943851][ T9958] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  656.969802][ T9958] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  657.007707][ T9958] Bluetooth: hci5: Suspend notifier action (1) failed: -4
[  657.578737][ T9831] Bluetooth: hci2: command 0x0c1a tx timeout
[  658.858800][ T9831] Bluetooth: hci4: command 0x0c1a tx timeout
[  658.864880][ T9831] Bluetooth: hci3: command 0x0c1a tx timeout
[  658.938715][ T9831] Bluetooth: hci1: command 0x0c1a tx timeout
[  659.090282][ T9831] Bluetooth: hci5: command 0x0c1a tx timeout
[  660.530655][T10014] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  660.609766][T10017] loop6: detected capacity change from 0 to 64
[  660.710393][T10000] loop5: detected capacity change from 0 to 40427
[  660.723853][T10000] F2FS-fs (loop5): Insane cp_payload (553648128 >= 504)
[  660.735712][T10000] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  660.744368][T10000] F2FS-fs (loop5): build fault injection attr: rate: 17008, type: 0x3ffff
[  660.771530][T10000] F2FS-fs (loop5): build fault injection attr: rate: 0, type: 0x1f8
[  660.864066][T10000] F2FS-fs (loop5): invalid crc value
[  660.938622][ T9831] Bluetooth: hci4: command 0x0406 tx timeout
[  660.951013][T10000] F2FS-fs (loop5): Found nat_bits in checkpoint
[  661.100257][ T9831] Bluetooth: hci5: command 0x0406 tx timeout
[  661.243413][T10000] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  661.285673][T10000] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  661.374573][T10000] syz.5.1225: attempt to access beyond end of device
[  661.374573][T10000] loop5: rw=2049, sector=53248, nr_sectors = 8 limit=40427
[  661.513762][ T7617] syz-executor: attempt to access beyond end of device
[  661.513762][ T7617] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  663.543561][T10058] loop4: detected capacity change from 0 to 1024
[  663.803778][T10064] kAFS: unable to lookup cell '\/'
[  665.023371][ T5052] hfsplus: b-tree write err: -5, ino 4
[  665.083670][T10076] loop5: detected capacity change from 0 to 128
[  665.350820][T10076] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  665.369573][T10076] ext4 filesystem being mounted at /88/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  665.385780][T10080] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  665.440940][T10076] syz.5.1240 (pid 10076) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[  665.568380][T10085] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1242'.
[  665.586864][ T7617] EXT4-fs (loop5): unmounting filesystem.
[  665.619643][T10085] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1242'.
[  666.181083][T10094] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1245'.
[  666.249429][T10094] IPv6: ADDRCONF(NETDEV_CHANGE): gre3: link becomes ready
[  667.289284][T10114] kAFS: unable to lookup cell '\/'
[  669.108681][T10132] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1255'.
[  669.126812][T10135] loop2: detected capacity change from 0 to 1024
[  669.139428][T10132] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1255'.
[  669.423519][T10137] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  670.095666][   T56] hfsplus: b-tree write err: -5, ino 4
[  670.528662][ T4589] usb 2-1: new full-speed USB device number 14 using dummy_hcd
[  670.792857][ T4589] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  670.891990][ T4589] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  671.003244][ T4589] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  671.742283][ T4589] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  671.806516][ T4589] usb 2-1: config 0 descriptor??
[  673.292375][T10179] loop5: detected capacity change from 0 to 1024
[  673.409843][ T4589] usbhid 2-1:0.0: can't add hid device: -71
[  673.415981][ T4589] usbhid: probe of 2-1:0.0 failed with error -71
[  673.469295][ T4589] usb 2-1: USB disconnect, device number 14
[  673.737250][T10188] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  674.101919][ T5052] hfsplus: b-tree write err: -5, ino 4
[  674.832406][T10209] loop6: detected capacity change from 0 to 40427
[  674.859712][T10209] F2FS-fs (loop6): invalid crc value
[  674.884799][T10211] loop5: detected capacity change from 0 to 512
[  674.965889][T10209] F2FS-fs (loop6): Found nat_bits in checkpoint
[  675.050118][T10209] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  675.669919][T10211] Quota error (device loop5): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5
[  675.683280][T10211] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota
[  675.705139][T10211] EXT4-fs error (device loop5): ext4_acquire_dquot:6814: comm syz.5.1275: Failed to acquire dquot type 1
[  675.727670][T10211] EXT4-fs (loop5): 1 truncate cleaned up
[  675.736790][ T8153] syz-executor: attempt to access beyond end of device
[  675.736790][ T8153] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  675.766360][T10211] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  675.820420][T10211] ext4 filesystem being mounted at /96/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  675.912496][T10228] netlink: 'syz.1.1277': attribute type 10 has an invalid length.
[  676.845329][T10227] loop4: detected capacity change from 0 to 40427
[  676.870474][T10227] F2FS-fs (loop4): invalid crc value
[  676.963711][T10227] F2FS-fs (loop4): Found nat_bits in checkpoint
[  677.004169][T10227] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  677.618630][T10221] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 248: padding at end of block bitmap is not set
[  677.651890][ T4278] syz-executor: attempt to access beyond end of device
[  677.651890][ T4278] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  677.705224][ T7617] EXT4-fs (loop5): unmounting filesystem.
[  679.436012][T10242] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  679.479291][T10242] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  679.544689][T10242] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  679.551983][T10242] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  679.558086][T10242] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  679.565516][T10242] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  679.573524][T10242] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  679.579708][T10242] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  679.585786][T10242] Bluetooth: hci5: Suspend notifier action (1) failed: -4
[  679.887171][T10268] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1287'.
[  679.928070][T10268] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1287'.
[  680.296084][T10273] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  680.609960][T10276] loop5: detected capacity change from 0 to 40427
[  680.618111][ T9831] Bluetooth: hci2: command 0x0c1a tx timeout
[  680.635617][T10276] F2FS-fs (loop5): invalid crc value
[  680.653902][T10276] F2FS-fs (loop5): Found nat_bits in checkpoint
[  680.685786][T10276] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  681.420396][ T7617] syz-executor: attempt to access beyond end of device
[  681.420396][ T7617] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  681.498797][ T9831] Bluetooth: hci3: command 0x0c1a tx timeout
[  681.538948][T10257] loop2: detected capacity change from 0 to 40427
[  681.578785][ T9831] Bluetooth: hci5: command 0x0c1a tx timeout
[  681.578834][ T4273] Bluetooth: hci4: command 0x0c1a tx timeout
[  681.591182][ T4281] Bluetooth: hci1: command 0x0c1a tx timeout
[  681.677216][T10257] F2FS-fs (loop2): Insane cp_payload (553648128 >= 504)
[  681.814507][T10257] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  681.990416][T10257] F2FS-fs (loop2): build fault injection attr: rate: 17008, type: 0x3ffff
[  682.178083][T10257] F2FS-fs (loop2): build fault injection attr: rate: 0, type: 0x1f8
[  682.308263][T10257] F2FS-fs (loop2): invalid crc value
[  682.339267][T10257] F2FS-fs (loop2): Found nat_bits in checkpoint
[  683.658737][ T4281] Bluetooth: hci5: command 0x0406 tx timeout
[  683.664943][ T4273] Bluetooth: hci4: command 0x0406 tx timeout
[  684.912402][T10314] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  684.943535][T10314] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  684.983768][T10314] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  685.358871][T10314] Bluetooth: hci4: Opcode 0x0406 failed: -4
[  685.871711][T10314] Bluetooth: hci4: Suspend notifier action (1) failed: -4
[  685.894092][T10314] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  685.982178][ T1276] ieee802154 phy0 wpan0: encryption failed: -22
[  685.989134][ T1276] ieee802154 phy1 wpan1: encryption failed: -22
[  686.137020][T10314] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  686.182052][T10314] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  686.222169][T10314] Bluetooth: hci5: Suspend notifier action (1) failed: -4
[  686.245596][T10333] loop5: detected capacity change from 0 to 2048
[  686.471433][T10337] loop6: detected capacity change from 0 to 40427
[  686.591244][T10337] F2FS-fs (loop6): invalid crc value
[  686.626528][T10337] F2FS-fs (loop6): Found nat_bits in checkpoint
[  686.659491][T10337] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  687.284944][T10353] kAFS: unable to lookup cell '\/'
[  687.509747][ T4273] Bluetooth: hci2: command 0x0c1a tx timeout
[  687.568061][ T4281] Bluetooth: hci4: command 0x0c1a tx timeout
[  687.574291][ T4273] Bluetooth: hci3: command 0x0c1a tx timeout
[  687.590780][ T8153] syz-executor: attempt to access beyond end of device
[  687.590780][ T8153] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  687.633258][T10333] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  687.773418][T10333] EXT4-fs error (device loop5): ext4_free_inode:355: comm syz.5.1301: bit already cleared for inode 15
[  687.898595][ T4281] Bluetooth: hci1: command 0x0c1a tx timeout
[  688.148749][ T4281] Bluetooth: hci5: command 0x0c1a tx timeout
[  688.650439][T10363] overlayfs: failed to resolve './file0': -2
[  688.946420][ T7617] EXT4-fs (loop5): unmounting filesystem.
[  689.658790][ T4281] Bluetooth: hci4: command 0x0406 tx timeout
[  690.218893][ T4281] Bluetooth: hci5: command 0x0406 tx timeout
[  690.723373][T10374] loop4: detected capacity change from 0 to 40427
[  690.739977][T10374] F2FS-fs (loop4): invalid crc value
[  690.773786][T10374] F2FS-fs (loop4): Found nat_bits in checkpoint
[  690.808681][T10374] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  691.879066][ T4278] syz-executor: attempt to access beyond end of device
[  691.879066][ T4278] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  692.110296][T10391] kAFS: unable to lookup cell '\/'
[  692.806230][T10401] loop2: detected capacity change from 0 to 1024
[  693.204160][T10408] kAFS: unable to lookup cell '\/'
[  693.704098][ T5052] hfsplus: b-tree write err: -5, ino 4
[  694.121406][T10419] loop1: detected capacity change from 0 to 40427
[  694.185202][T10426] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1320'.
[  694.209701][T10426] IPv6: ADDRCONF(NETDEV_CHANGE): gre4: link becomes ready
[  694.222630][T10426] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1320'.
[  694.410345][T10419] F2FS-fs (loop1): invalid crc value
[  694.615480][T10414] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  694.664370][T10414] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  694.678910][T10414] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  694.709560][T10419] F2FS-fs (loop1): Found nat_bits in checkpoint
[  694.781002][T10419] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  694.809198][T10414] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  694.927101][T10414] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  695.091380][T10437] loop2: detected capacity change from 0 to 40427
[  695.498755][T10414] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  695.511150][T10437] F2FS-fs (loop2): invalid crc value
[  695.530761][T10414] Bluetooth: hci5: Suspend notifier action (1) failed: -4
[  695.559356][ T4267] syz-executor: attempt to access beyond end of device
[  695.559356][ T4267] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  695.585618][T10437] F2FS-fs (loop2): Found nat_bits in checkpoint
[  695.614210][T10437] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  696.246390][ T4281] Bluetooth: hci2: command 0x0c1a tx timeout
[  696.431634][T10446] loop6: detected capacity change from 0 to 128
[  696.458621][ T4274] syz-executor: attempt to access beyond end of device
[  696.458621][ T4274] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  696.655883][T10452] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1328'.
[  696.668290][T10452] IPv6: ADDRCONF(NETDEV_CHANGE): gre2: link becomes ready
[  696.832160][T10454] kAFS: unable to lookup cell '\/'
[  696.840815][ T4281] Bluetooth: hci4: command 0x0c1a tx timeout
[  696.848987][ T9831] Bluetooth: hci3: command 0x0c1a tx timeout
[  696.858581][ T4281] Bluetooth: hci5: command 0x0c1a tx timeout
[  696.864730][ T9831] Bluetooth: hci1: command 0x0c1a tx timeout
[  696.949985][T10446] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  697.009443][T10446] ext4 filesystem being mounted at /73/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  697.298101][ T8153] EXT4-fs (loop6): unmounting filesystem.
[  697.350500][T10459] loop4: detected capacity change from 0 to 1024
[  697.752165][ T5052] hfsplus: b-tree write err: -5, ino 4
[  698.972538][ T4281] Bluetooth: hci5: command 0x0406 tx timeout
[  699.956465][T10490] loop6: detected capacity change from 0 to 128
[  700.086166][T10490] FAT-fs (loop6): invalid media value (0x01)
[  700.108694][T10490] FAT-fs (loop6): Can't find a valid FAT filesystem
[  701.660110][T10496] loop2: detected capacity change from 0 to 64
[  702.066604][T10500] loop4: detected capacity change from 0 to 40427
[  702.105320][T10500] F2FS-fs (loop4): invalid crc value
[  702.159905][T10500] F2FS-fs (loop4): Found nat_bits in checkpoint
[  702.216636][T10500] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  702.955500][ T4278] syz-executor: attempt to access beyond end of device
[  702.955500][ T4278] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  703.165363][T10514] kAFS: unable to lookup cell '\/'
[  703.217090][T10512] kAFS: unable to lookup cell '\/'
[  704.449093][ T4589] usb 6-1: new high-speed USB device number 3 using dummy_hcd
[  704.628606][ T4589] usb 6-1: Using ep0 maxpacket: 16
[  705.299313][ T4589] usb 6-1: config 4 has an invalid interface number: 11 but max is 0
[  705.308000][ T4589] usb 6-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  705.332273][ T4589] usb 6-1: config 4 has no interface number 0
[  705.338414][ T4589] usb 6-1: too many endpoints for config 4 interface 11 altsetting 9: 34, using maximum allowed: 30
[  705.350002][ T4589] usb 6-1: config 4 interface 11 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 34
[  705.363519][ T4589] usb 6-1: config 4 interface 11 has no altsetting 0
[  705.384873][ T4589] usb 6-1: New USB device found, idVendor=5fc9, idProduct=0061, bcdDevice=16.64
[  705.418774][ T4589] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  705.426837][ T4589] usb 6-1: Product: syz
[  705.458575][ T4589] usb 6-1: Manufacturer: syz
[  705.463228][ T4589] usb 6-1: SerialNumber: syz
[  705.515099][T10534] loop2: detected capacity change from 0 to 256
[  705.688359][T10539] loop6: detected capacity change from 0 to 2048
[  705.770065][T10539] Alternate GPT is invalid, using primary GPT.
[  705.776732][T10539]  loop6: p1 p2 p3
[  705.810120][T10539] binder: 10537:10539 ioctl c0306201 0 returned -14
[  706.565633][ T4589] usb 6-1: USB disconnect, device number 3
[  707.582229][T10534] FAT-fs (loop2): Directory bread(block 64) failed
[  707.658792][T10534] FAT-fs (loop2): Directory bread(block 65) failed
[  707.665557][T10534] FAT-fs (loop2): Directory bread(block 66) failed
[  707.678671][T10534] FAT-fs (loop2): Directory bread(block 67) failed
[  707.685622][T10534] FAT-fs (loop2): Directory bread(block 68) failed
[  707.697747][T10534] FAT-fs (loop2): Directory bread(block 69) failed
[  707.741532][T10534] FAT-fs (loop2): Directory bread(block 70) failed
[  707.788579][T10534] FAT-fs (loop2): Directory bread(block 71) failed
[  707.803583][T10534] FAT-fs (loop2): Directory bread(block 72) failed
[  707.817932][ T5885] udevd[5885]: inotify_add_watch(7, /dev/loop6p3, 10) failed: No such file or directory
[  707.933299][ T4414] udevd[4414]: inotify_add_watch(7, /dev/loop6p1, 10) failed: No such file or directory
[  707.940360][T10534] FAT-fs (loop2): Directory bread(block 73) failed
[  707.951893][ T4459] udevd[4459]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[  709.008433][T10552] loop1: detected capacity change from 0 to 40427
[  709.022773][T10556] loop6: detected capacity change from 0 to 128
[  709.040298][T10552] F2FS-fs (loop1): invalid crc value
[  709.078774][T10556] FAT-fs (loop6): invalid media value (0x01)
[  709.093276][T10556] FAT-fs (loop6): Can't find a valid FAT filesystem
[  709.108233][T10552] F2FS-fs (loop1): Found nat_bits in checkpoint
[  709.155606][T10552] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  709.990256][ T4267] syz-executor: attempt to access beyond end of device
[  709.990256][ T4267] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  710.207294][T10564] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  710.328781][T10565] kAFS: unable to lookup cell '\/'
[  713.340893][T10601] loop5: detected capacity change from 0 to 256
[  714.121394][T10601] FAT-fs (loop5): Directory bread(block 64) failed
[  714.231334][T10601] FAT-fs (loop5): Directory bread(block 65) failed
[  714.248673][T10601] FAT-fs (loop5): Directory bread(block 66) failed
[  714.255447][T10601] FAT-fs (loop5): Directory bread(block 67) failed
[  714.263545][T10601] FAT-fs (loop5): Directory bread(block 68) failed
[  714.276562][T10601] FAT-fs (loop5): Directory bread(block 69) failed
[  714.626315][T10601] FAT-fs (loop5): Directory bread(block 70) failed
[  715.106408][T10601] FAT-fs (loop5): Directory bread(block 71) failed
[  715.222399][T10601] FAT-fs (loop5): Directory bread(block 72) failed
[  715.232630][T10601] FAT-fs (loop5): Directory bread(block 73) failed
[  716.065029][T10623] loop1: detected capacity change from 0 to 1024
[  716.955398][ T4401] hfsplus: b-tree write err: -5, ino 4
[  717.044769][T10627] loop6: detected capacity change from 0 to 1024
[  717.150365][T10627] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  718.134341][ T8153] EXT4-fs (loop6): unmounting filesystem.
[  719.422731][T10644] loop4: detected capacity change from 0 to 512
[  719.531924][T10644] Quota error (device loop4): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5
[  719.543101][T10644] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  719.553254][T10644] EXT4-fs error (device loop4): ext4_acquire_dquot:6814: comm syz.4.1375: Failed to acquire dquot type 1
[  719.582802][T10644] EXT4-fs (loop4): 1 truncate cleaned up
[  719.588712][T10644] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  719.597932][T10644] ext4 filesystem being mounted at /291/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  719.888946][T10659] overlayfs: missing 'lowerdir'
[  720.515196][ T4278] EXT4-fs (loop4): unmounting filesystem.
[  720.958817][   T14] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  722.680397][   T14] usb 3-1: Using ep0 maxpacket: 16
[  722.820381][   T14] usb 3-1: config 4 has an invalid interface number: 11 but max is 0
[  723.030628][T10672] binder: 10670:10672 ioctl c0306201 0 returned -14
[  724.425602][   T14] usb 3-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  724.435799][   T14] usb 3-1: config 4 has no interface number 0
[  724.441978][   T14] usb 3-1: too many endpoints for config 4 interface 11 altsetting 9: 34, using maximum allowed: 30
[  724.459163][   T14] usb 3-1: config 4 interface 11 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 34
[  724.472348][   T14] usb 3-1: config 4 interface 11 has no altsetting 0
[  724.488203][   T14] usb 3-1: string descriptor 0 read error: -71
[  724.494651][   T14] usb 3-1: New USB device found, idVendor=5fc9, idProduct=0061, bcdDevice=16.64
[  724.504373][   T14] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  724.514350][   T14] usb 3-1: can't set config #4, error -71
[  724.521481][   T14] usb 3-1: USB disconnect, device number 7
[  724.596709][T10676] loop1: detected capacity change from 0 to 1024
[  724.668904][T10681] loop6: detected capacity change from 0 to 256
[  724.728610][T10681] FAT-fs (loop6): Directory bread(block 64) failed
[  724.746163][T10683] loop5: detected capacity change from 0 to 2048
[  724.809052][T10681] FAT-fs (loop6): Directory bread(block 65) failed
[  724.836218][T10684] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  724.859246][T10681] FAT-fs (loop6): Directory bread(block 66) failed
[  725.073470][T10681] FAT-fs (loop6): Directory bread(block 67) failed
[  725.415386][T10681] FAT-fs (loop6): Directory bread(block 68) failed
[  725.454393][T10681] FAT-fs (loop6): Directory bread(block 69) failed
[  725.489489][T10683] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  725.637844][T10681] FAT-fs (loop6): Directory bread(block 70) failed
[  725.680052][T10681] FAT-fs (loop6): Directory bread(block 71) failed
[  725.786882][ T4398] hfsplus: b-tree write err: -5, ino 4
[  725.815264][T10681] FAT-fs (loop6): Directory bread(block 72) failed
[  725.831989][T10683] EXT4-fs error (device loop5): ext4_free_inode:355: comm syz.5.1386: bit already cleared for inode 15
[  725.938651][T10681] FAT-fs (loop6): Directory bread(block 73) failed
[  725.971198][T10694] loop2: detected capacity change from 0 to 1024
[  726.108665][T10698] netlink: 'syz.1.1389': attribute type 10 has an invalid length.
[  726.119593][T10698] tmpfs: Unknown parameter 'quota'
[  726.949232][T10694] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  727.031536][ T7617] EXT4-fs (loop5): unmounting filesystem.
[  728.827575][ T4274] EXT4-fs (loop2): unmounting filesystem.
[  728.844522][T10709] loop5: detected capacity change from 0 to 128
[  728.879190][T10709] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  728.898033][T10709] ext4 filesystem being mounted at /117/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  729.076241][T10717] overlayfs: missing 'lowerdir'
[  729.809516][ T7617] EXT4-fs (loop5): unmounting filesystem.
[  730.404835][T10720] loop2: detected capacity change from 0 to 512
[  732.138696][   T14] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  733.396299][T10720] EXT4-fs: failed to create workqueue
[  733.428653][T10720] EXT4-fs (loop2): mount failed
[  733.901951][T10745] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1399'.
[  734.055703][T10749] loop1: detected capacity change from 0 to 2048
[  734.131492][T10749] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  734.223831][T10749] EXT4-fs error (device loop1): ext4_free_inode:355: comm syz.1.1401: bit already cleared for inode 15
[  734.327263][T10756] netlink: 'syz.4.1402': attribute type 10 has an invalid length.
[  734.356576][T10756] tmpfs: Unknown parameter 'quota'
[  735.298162][T10758] loop6: detected capacity change from 0 to 1024
[  735.332260][ T4267] EXT4-fs (loop1): unmounting filesystem.
[  735.483145][T10746] loop5: detected capacity change from 0 to 40427
[  735.559232][T10746] F2FS-fs (loop5): invalid crc value
[  735.581317][T10746] F2FS-fs (loop5): Found nat_bits in checkpoint
[  735.586141][T10758] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  736.308015][T10746] F2FS-fs (loop5): Start checkpoint disabled!
[  736.743617][T10775] tmpfs: Unknown parameter 'quota'
[  737.825273][T10774] netlink: 'syz.4.1406': attribute type 10 has an invalid length.
[  738.636990][ T8153] EXT4-fs (loop6): unmounting filesystem.
[  738.938810][T10790] loop6: detected capacity change from 0 to 128
[  738.996094][T10790] FAT-fs (loop6): invalid media value (0x01)
[  739.056950][T10790] FAT-fs (loop6): Can't find a valid FAT filesystem
[  739.224986][T10799] loop5: detected capacity change from 0 to 512
[  741.576817][T10799] Quota error (device loop5): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5
[  741.604935][T10799] Quota error (device loop5): qtree_write_dquot: Error -117 occurred while creating quota
[  741.720850][T10799] EXT4-fs error (device loop5): ext4_acquire_dquot:6814: comm syz.5.1410: Failed to acquire dquot type 1
[  741.917291][T10799] EXT4-fs (loop5): 1 truncate cleaned up
[  741.943552][T10799] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  742.004355][T10799] ext4 filesystem being mounted at /121/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  742.226498][T10814] netlink: 'syz.6.1415': attribute type 10 has an invalid length.
[  742.256855][T10814] tmpfs: Unknown parameter 'quota'
[  743.080970][T10816] loop4: detected capacity change from 0 to 128
[  743.177882][ T7617] EXT4-fs (loop5): unmounting filesystem.
[  743.215874][T10817] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1413'.
[  743.291771][T10816] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  743.341943][T10816] ext4 filesystem being mounted at /302/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  743.457796][T10821] loop5: detected capacity change from 0 to 1024
[  743.670366][ T4278] EXT4-fs (loop4): unmounting filesystem.
[  744.428242][   T46] hfsplus: b-tree write err: -5, ino 4
[  744.491772][T10828] netlink: 'syz.6.1421': attribute type 10 has an invalid length.
[  744.505364][T10828] tmpfs: Unknown parameter 'quota'
[  744.714240][T10832] loop2: detected capacity change from 0 to 1024
[  744.955189][T10839] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  746.012420][T10832] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  746.190701][T10857] loop4: detected capacity change from 0 to 256
[  747.044671][T10863] loop6: detected capacity change from 0 to 512
[  747.186726][ T1276] ieee802154 phy0 wpan0: encryption failed: -22
[  747.195704][ T1276] ieee802154 phy1 wpan1: encryption failed: -22
[  747.217901][T10857] FAT-fs (loop4): Directory bread(block 64) failed
[  747.266387][ T4274] EXT4-fs (loop2): unmounting filesystem.
[  747.279601][T10857] FAT-fs (loop4): Directory bread(block 65) failed
[  747.540111][T10857] FAT-fs (loop4): Directory bread(block 66) failed
[  747.607882][T10857] FAT-fs (loop4): Directory bread(block 67) failed
[  747.648878][T10857] FAT-fs (loop4): Directory bread(block 68) failed
[  747.778642][T10857] FAT-fs (loop4): Directory bread(block 69) failed
[  747.785369][T10857] FAT-fs (loop4): Directory bread(block 70) failed
[  747.819848][T10870] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1429'.
[  747.868681][T10857] FAT-fs (loop4): Directory bread(block 71) failed
[  747.875344][T10857] FAT-fs (loop4): Directory bread(block 72) failed
[  748.040796][T10857] FAT-fs (loop4): Directory bread(block 73) failed
[  748.166671][T10879] loop6: detected capacity change from 0 to 22
[  748.177455][T10879] MTD: Attempt to mount non-MTD device "/dev/loop6"
[  748.392656][T10879] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  748.426177][T10879] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1430'.
[  748.907602][T10884] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  750.562327][T10907] tmpfs: Unknown parameter 'quota'
[  751.159385][T10903] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  751.185758][T10905] loop2: detected capacity change from 0 to 1024
[  751.201655][T10906] netlink: 'syz.6.1437': attribute type 10 has an invalid length.
[  752.233739][T10921] loop1: detected capacity change from 0 to 512
[  752.243423][T10905] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  752.401505][T10921] EXT4-fs error (device loop1): ext4_orphan_get:1400: inode #15: comm syz.1.1441: iget: bad extended attribute block 1
[  752.430144][T10921] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.1441: couldn't read orphan inode 15 (err -117)
[  752.512132][T10921] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  752.551374][T10923] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1442'.
[  752.865962][T10928] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 7934 vs 220 free clusters
[  753.323232][ T4267] EXT4-fs (loop1): unmounting filesystem.
[  754.359085][T10937] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  754.778884][ T4274] EXT4-fs (loop2): unmounting filesystem.
[  755.640834][T10954] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  756.053393][T10965] overlayfs: missing 'lowerdir'
[  756.750864][T10972] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1455'.
[  756.981371][T10980] loop4: detected capacity change from 0 to 256
[  757.589948][T10974] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  757.596863][T10980] FAT-fs (loop4): Directory bread(block 64) failed
[  757.630240][T10980] FAT-fs (loop4): Directory bread(block 65) failed
[  757.636897][T10980] FAT-fs (loop4): Directory bread(block 66) failed
[  757.643847][T10980] FAT-fs (loop4): Directory bread(block 67) failed
[  757.645546][T10974] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  757.693206][T10974] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  757.702696][T10980] FAT-fs (loop4): Directory bread(block 68) failed
[  757.721690][T10974] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  757.761565][T10980] FAT-fs (loop4): Directory bread(block 69) failed
[  757.768415][T10980] FAT-fs (loop4): Directory bread(block 70) failed
[  757.793580][T10980] FAT-fs (loop4): Directory bread(block 71) failed
[  757.808826][T10974] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  757.825067][T10974] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  757.897448][T10974] Bluetooth: hci5: Suspend notifier action (1) failed: -4
[  757.905489][T10980] FAT-fs (loop4): Directory bread(block 72) failed
[  757.942744][T10980] FAT-fs (loop4): Directory bread(block 73) failed
[  759.018579][ T4281] Bluetooth: hci2: command 0x0c1a tx timeout
[  759.750782][ T9831] Bluetooth: hci3: command 0x0c1a tx timeout
[  759.763317][ T4273] Bluetooth: hci4: command 0x0c1a tx timeout
[  759.763818][ T4281] Bluetooth: hci1: command 0x0c1a tx timeout
[  759.908615][ T4273] Bluetooth: hci5: command 0x0c1a tx timeout
[  760.361562][T11010] relay: one or more items not logged [item size (56) > sub-buffer size (10)]
[  760.796937][T11019] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1471'.
[  760.882300][T11018] overlayfs: missing 'lowerdir'
[  761.995280][ T4273] Bluetooth: hci5: command 0x0406 tx timeout
[  763.188541][T11042] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1476'.
[  764.068601][T11034] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  764.080615][T11034] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  764.087023][T11034] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  764.095110][T11034] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  764.101776][T11034] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  764.107904][T11034] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  764.114537][T11034] Bluetooth: hci5: Suspend notifier action (1) failed: -4
[  764.328391][T11058] loop5: detected capacity change from 0 to 256
[  764.506805][T11058] FAT-fs (loop5): Directory bread(block 64) failed
[  764.525774][T11058] FAT-fs (loop5): Directory bread(block 65) failed
[  764.534649][T11058] FAT-fs (loop5): Directory bread(block 66) failed
[  764.542800][T11058] FAT-fs (loop5): Directory bread(block 67) failed
[  764.699459][ T4281] Bluetooth: hci2: command 0x0c1a tx timeout
[  764.727212][T11058] FAT-fs (loop5): Directory bread(block 68) failed
[  764.789596][T11058] FAT-fs (loop5): Directory bread(block 69) failed
[  764.841807][T11066] overlayfs: missing 'lowerdir'
[  764.874140][T11058] FAT-fs (loop5): Directory bread(block 70) failed
[  764.992948][T11058] FAT-fs (loop5): Directory bread(block 71) failed
[  765.127153][T11058] FAT-fs (loop5): Directory bread(block 72) failed
[  765.246461][T11058] FAT-fs (loop5): Directory bread(block 73) failed
[  766.138577][ T4281] Bluetooth: hci5: command 0x0c1a tx timeout
[  766.144775][ T4281] Bluetooth: hci1: command 0x0c1a tx timeout
[  766.151096][ T4273] Bluetooth: hci4: command 0x0c1a tx timeout
[  766.157198][ T4273] Bluetooth: hci3: command 0x0c1a tx timeout
[  766.536171][T11073] netlink: 'syz.2.1484': attribute type 10 has an invalid length.
[  766.600403][T11074] tmpfs: Unknown parameter 'quota'
[  767.165144][T11082] loop6: detected capacity change from 0 to 2048
[  767.375403][T11083] binder: 11077:11083 ioctl c0306201 0 returned -14
[  768.218563][ T9831] Bluetooth: hci5: command 0x0406 tx timeout
[  768.856171][T11082] Alternate GPT is invalid, using primary GPT.
[  768.862934][T11082]  loop6: p1 p2 p3
[  769.406961][ T4414] udevd[4414]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[  769.428353][ T4418] udevd[4418]: inotify_add_watch(7, /dev/loop6p1, 10) failed: No such file or directory
[  769.441337][ T4459] udevd[4459]: inotify_add_watch(7, /dev/loop6p3, 10) failed: No such file or directory
[  770.221245][T11093] loop1: detected capacity change from 0 to 128
[  770.390862][T11093] FAT-fs (loop1): invalid media value (0x01)
[  770.396910][T11093] FAT-fs (loop1): Can't find a valid FAT filesystem
[  771.117042][T11108] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1492'.
[  773.429152][T11118] netlink: 'syz.2.1497': attribute type 10 has an invalid length.
[  773.440076][T11118] tmpfs: Unknown parameter 'quota'
[  773.886804][T11126] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  773.895921][T11126] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  774.818647][T11132] overlayfs: missing 'lowerdir'
[  775.511959][T11134] loop2: detected capacity change from 0 to 256
[  775.752167][T11139] loop1: detected capacity change from 0 to 512
[  777.178679][T11134] FAT-fs (loop2): Directory bread(block 64) failed
[  777.185270][T11134] FAT-fs (loop2): Directory bread(block 65) failed
[  777.256103][T11134] FAT-fs (loop2): Directory bread(block 66) failed
[  777.269017][T11134] FAT-fs (loop2): Directory bread(block 67) failed
[  777.275828][T11134] FAT-fs (loop2): Directory bread(block 68) failed
[  777.305094][T11139] Quota error (device loop1): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5
[  777.320625][T11134] FAT-fs (loop2): Directory bread(block 69) failed
[  777.327479][T11134] FAT-fs (loop2): Directory bread(block 70) failed
[  777.334235][T11134] FAT-fs (loop2): Directory bread(block 71) failed
[  777.342528][T11134] FAT-fs (loop2): Directory bread(block 72) failed
[  777.349319][T11134] FAT-fs (loop2): Directory bread(block 73) failed
[  777.384646][T11139] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  777.698524][ T4331] usb 6-1: new full-speed USB device number 4 using dummy_hcd
[  778.169322][T11139] EXT4-fs error (device loop1): ext4_acquire_dquot:6814: comm syz.1.1505: Failed to acquire dquot type 1
[  778.192113][T11139] EXT4-fs (loop1): 1 truncate cleaned up
[  778.214181][T11139] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  778.355918][T11139] ext4 filesystem being mounted at /295/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  778.464145][T11158] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1510'.
[  779.059999][ T4331] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  779.169535][T11150] EXT4-fs error (device loop1): ext4_validate_block_bitmap:438: comm ext4lazyinit: bg 0: block 248: padding at end of block bitmap is not set
[  779.198756][ T4331] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  779.207783][ T4331] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  779.232979][T11161] loop6: detected capacity change from 0 to 512
[  779.259303][ T4331] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  779.310773][T11161] EXT4-fs error (device loop6): ext4_orphan_get:1400: inode #15: comm syz.6.1511: iget: bad extended attribute block 1
[  779.341927][ T4331] usb 6-1: config 0 descriptor??
[  780.753074][T11161] EXT4-fs error (device loop6): ext4_orphan_get:1405: comm syz.6.1511: couldn't read orphan inode 15 (err -117)
[  780.765687][T11161] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  780.766162][ T4267] EXT4-fs (loop1): unmounting filesystem.
[  780.885572][T11169] EXT4-fs error (device loop6): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 7934 vs 220 free clusters
[  781.109737][ T4331] usb 6-1: USB disconnect, device number 4
[  781.264461][ T8153] EXT4-fs (loop6): unmounting filesystem.
[  781.491170][T11180] netlink: 'syz.1.1512': attribute type 10 has an invalid length.
[  781.505525][T11180] tmpfs: Unknown parameter 'quota'
[  782.261921][T11176] loop5: detected capacity change from 0 to 40427
[  782.285292][T11176] F2FS-fs (loop5): invalid crc value
[  782.354233][T11184] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  782.363207][T11184] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  782.572171][T11176] F2FS-fs (loop5): Found nat_bits in checkpoint
[  782.618848][T11176] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  783.199812][ T7617] syz-executor: attempt to access beyond end of device
[  783.199812][ T7617] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  783.531574][T11198] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1521'.
[  783.544624][T11198] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1521'.
[  783.735129][T11178] loop2: detected capacity change from 0 to 40427
[  783.859039][T11178] F2FS-fs (loop2): invalid crc value
[  783.947992][T11178] F2FS-fs (loop2): Found nat_bits in checkpoint
[  784.157176][T11205] loop6: detected capacity change from 0 to 512
[  785.815661][T11205] Quota error (device loop6): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5
[  785.835446][T11211] loop2: detected capacity change from 0 to 256
[  785.859761][T11205] Quota error (device loop6): qtree_write_dquot: Error -117 occurred while creating quota
[  785.902129][T11205] EXT4-fs error (device loop6): ext4_acquire_dquot:6814: comm syz.6.1522: Failed to acquire dquot type 1
[  786.152221][T11219] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1523'.
[  786.957101][T11205] EXT4-fs (loop6): 1 truncate cleaned up
[  786.997476][T11211] FAT-fs (loop2): Directory bread(block 64) failed
[  787.004346][T11205] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  787.014386][T11205] ext4 filesystem being mounted at /119/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  787.075437][T11211] FAT-fs (loop2): Directory bread(block 65) failed
[  787.101795][ T8153] EXT4-fs (loop6): unmounting filesystem.
[  787.143995][T11211] FAT-fs (loop2): Directory bread(block 66) failed
[  787.178641][T11211] FAT-fs (loop2): Directory bread(block 67) failed
[  787.186244][T11211] FAT-fs (loop2): Directory bread(block 68) failed
[  787.204570][T11211] FAT-fs (loop2): Directory bread(block 69) failed
[  787.228137][T11211] FAT-fs (loop2): Directory bread(block 70) failed
[  787.244528][T11211] FAT-fs (loop2): Directory bread(block 71) failed
[  787.264422][T11211] FAT-fs (loop2): Directory bread(block 72) failed
[  787.283191][T11211] FAT-fs (loop2): Directory bread(block 73) failed
[  789.846933][T11244] loop1: detected capacity change from 0 to 40427
[  789.913851][T11247] overlayfs: unrecognized mount option "measure" or missing value
[  790.007210][T11244] F2FS-fs (loop1): invalid crc value
[  790.140473][T11244] F2FS-fs (loop1): Found nat_bits in checkpoint
[  790.208801][T11244] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  790.696269][ T4267] syz-executor: attempt to access beyond end of device
[  790.696269][ T4267] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  790.727101][T11256] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1532'.
[  790.778977][T11257] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  790.787962][T11257] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  790.921492][T11256] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1532'.
[  791.779590][T11269] loop2: detected capacity change from 0 to 512
[  792.910984][T11269] Quota error (device loop2): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5
[  792.922026][T11269] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  792.932123][T11269] EXT4-fs error (device loop2): ext4_acquire_dquot:6814: comm syz.2.1536: Failed to acquire dquot type 1
[  792.957655][T11269] EXT4-fs (loop2): 1 truncate cleaned up
[  792.963585][T11269] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  792.973138][T11269] ext4 filesystem being mounted at /305/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  793.182812][ T4274] EXT4-fs (loop2): unmounting filesystem.
[  793.723531][T11283] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1537'.
[  793.736669][T11283] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1537'.
[  794.367686][T11289] loop2: detected capacity change from 0 to 256
[  794.414970][T11289] FAT-fs (loop2): Directory bread(block 64) failed
[  794.424737][T11289] FAT-fs (loop2): Directory bread(block 65) failed
[  794.433557][T11289] FAT-fs (loop2): Directory bread(block 66) failed
[  794.474601][T11289] FAT-fs (loop2): Directory bread(block 67) failed
[  794.535904][T11289] FAT-fs (loop2): Directory bread(block 68) failed
[  794.618612][T11289] FAT-fs (loop2): Directory bread(block 69) failed
[  794.659650][T11289] FAT-fs (loop2): Directory bread(block 70) failed
[  794.666235][T11289] FAT-fs (loop2): Directory bread(block 71) failed
[  794.680118][T11289] FAT-fs (loop2): Directory bread(block 72) failed
[  794.724533][ T4913] usb 5-1: new full-speed USB device number 14 using dummy_hcd
[  794.848815][T11289] FAT-fs (loop2): Directory bread(block 73) failed
[  795.034235][ T4913] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  795.536180][ T4913] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  795.558543][ T4913] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  795.678172][ T4913] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  795.865809][T11304] loop6: detected capacity change from 0 to 40427
[  795.895263][T11304] F2FS-fs (loop6): invalid crc value
[  795.930673][T11306] overlayfs: unrecognized mount option "measure" or missing value
[  796.445532][ T4913] usb 5-1: config 0 descriptor??
[  796.466682][T11304] F2FS-fs (loop6): Found nat_bits in checkpoint
[  796.584220][T11304] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  796.794063][ T8153] syz-executor: attempt to access beyond end of device
[  796.794063][ T8153] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  797.210785][T11315] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1547'.
[  797.490730][T11323] netlink: 'syz.6.1546': attribute type 10 has an invalid length.
[  798.576213][T11329] loop1: detected capacity change from 0 to 512
[  800.010258][T11329] Quota error (device loop1): do_check_range: Getting dqdh_prev_free 1536 out of range 0-5
[  800.023181][T11329] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  800.033380][T11329] EXT4-fs error (device loop1): ext4_acquire_dquot:6814: comm syz.1.1548: Failed to acquire dquot type 1
[  800.207587][T11329] EXT4-fs (loop1): 1 truncate cleaned up
[  800.216834][T11329] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  800.247834][T11329] ext4 filesystem being mounted at /303/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  800.284466][ T5230] usb 5-1: USB disconnect, device number 14
[  800.433779][T11337] loop4: detected capacity change from 0 to 512
[  800.506666][T11337] EXT4-fs error (device loop4): ext4_orphan_get:1400: inode #15: comm syz.4.1550: iget: bad extended attribute block 1
[  800.699387][T11337] EXT4-fs error (device loop4): ext4_orphan_get:1405: comm syz.4.1550: couldn't read orphan inode 15 (err -117)
[  800.721168][T11337] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  800.804796][ T4267] EXT4-fs (loop1): unmounting filesystem.
[  800.892520][T11339] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1102: group 0, block bitmap and bg descriptor inconsistent: 7934 vs 220 free clusters
[  801.439527][ T4278] EXT4-fs (loop4): unmounting filesystem.
[  801.964359][T11347] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1551'.
[  801.974812][T11347] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1551'.
[  802.553050][T11345] loop6: detected capacity change from 0 to 40427
[  802.586481][T11345] F2FS-fs (loop6): invalid crc value
[  802.636033][T11345] F2FS-fs (loop6): Found nat_bits in checkpoint
[  802.668886][T11345] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  803.444829][T11363] overlayfs: unrecognized mount option "measure" or missing value
[  803.744453][ T8153] syz-executor: attempt to access beyond end of device
[  803.744453][ T8153] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  804.163789][T11370] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1558'.
[  805.368823][T11377] loop1: detected capacity change from 0 to 64
[  805.751950][T11381] loop6: detected capacity change from 0 to 40427
[  805.766657][T11381] F2FS-fs (loop6): invalid crc value
[  805.787740][T11383] loop2: detected capacity change from 0 to 2048
[  805.817206][T11386] loop4: detected capacity change from 0 to 256
[  805.818647][T11383] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found!
[  805.835157][T11381] F2FS-fs (loop6): Found nat_bits in checkpoint
[  805.873037][T11383] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  805.899626][T11381] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  806.109662][ T8153] syz-executor: attempt to access beyond end of device
[  806.109662][ T8153] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  806.125216][T11386] FAT-fs (loop4): Directory bread(block 64) failed
[  806.134330][T11386] FAT-fs (loop4): Directory bread(block 65) failed
[  806.166673][T11386] FAT-fs (loop4): Directory bread(block 66) failed
[  806.193978][T11386] FAT-fs (loop4): Directory bread(block 67) failed
[  806.214387][T11386] FAT-fs (loop4): Directory bread(block 68) failed
[  806.237768][T11386] FAT-fs (loop4): Directory bread(block 69) failed
[  806.408607][T11386] FAT-fs (loop4): Directory bread(block 70) failed
[  806.427162][T11386] FAT-fs (loop4): Directory bread(block 71) failed
[  806.434216][T11386] FAT-fs (loop4): Directory bread(block 72) failed
[  806.441116][T11386] FAT-fs (loop4): Directory bread(block 73) failed
[  808.115434][T11408] loop5: detected capacity change from 0 to 40427
[  808.136284][T11408] F2FS-fs (loop5): invalid crc value
[  808.195477][T11408] F2FS-fs (loop5): Found nat_bits in checkpoint
[  808.229695][T11408] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  808.621227][ T1276] ieee802154 phy0 wpan0: encryption failed: -22
[  808.628144][ T1276] ieee802154 phy1 wpan1: encryption failed: -22
[  809.107258][T11417] loop6: detected capacity change from 0 to 128
[  809.219423][T11417] FAT-fs (loop6): invalid media value (0x01)
[  809.286271][T11417] FAT-fs (loop6): Can't find a valid FAT filesystem
[  809.700143][T11429] overlayfs: unrecognized mount option "measure" or missing value
[  811.569171][ T7617] syz-executor: attempt to access beyond end of device
[  811.569171][ T7617] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  812.052374][T11438] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  812.063883][T11438] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  812.074289][T11438] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  812.090764][T11438] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  812.100792][T11438] Bluetooth: hci5: Opcode 0x0c1a failed: -4
[  812.112820][T11438] Bluetooth: hci5: Opcode 0x0406 failed: -4
[  812.186913][T11438] Bluetooth: hci5: Suspend notifier action (1) failed: -4
[  812.411193][T11445] loop2: detected capacity change from 0 to 8
[  812.427538][T11442] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  812.459452][T11445] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  812.493437][T11439] loop6: detected capacity change from 0 to 40427
[  812.517788][ T4418] udevd[4418]: incorrect cramfs checksum on /dev/loop2
[  812.529767][T11445] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1577'.
[  812.540315][T11445] unsupported nlmsg_type 40
[  812.680470][T11447] cramfs: Error -5 while decompressing!
[  812.686444][T11447] cramfs: ffffffff96d711a8(26)->ffff88806a370000(4096)
[  812.693693][T11447] cramfs: Error -3 while decompressing!
[  812.699646][T11447] cramfs: ffffffff96d711c2(26)->ffff888054793000(4096)
[  812.706671][T11447] cramfs: Error -3 while decompressing!
[  812.712313][T11447] cramfs: ffffffff96d711dc(16)->ffff888054794000(4096)
[  812.721282][T11447] cramfs: Error -5 while decompressing!
[  812.726902][T11447] cramfs: ffffffff96d711a8(26)->ffff88806a370000(4096)
[  813.158824][T11439] F2FS-fs (loop6): build fault injection attr: rate: 690, type: 0x3ffff
[  813.338531][ T9831] Bluetooth: hci2: command 0x0c1a tx timeout
[  813.374079][T11439] F2FS-fs (loop6): build fault injection attr: rate: 0, type: 0x4
[  813.385625][T11439] F2FS-fs (loop6): invalid crc value
[  813.547666][T11439] F2FS-fs (loop6): Found nat_bits in checkpoint
[  813.551775][ T4418] udevd[4418]: incorrect cramfs checksum on /dev/loop2
[  813.677085][T11455] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1579'.
[  814.097040][T11456] loop5: detected capacity change from 0 to 40427
[  814.113304][T11456] F2FS-fs (loop5): invalid crc value
[  814.138596][ T9831] Bluetooth: hci5: command 0x0c1a tx timeout
[  814.142082][T11439] F2FS-fs (loop6): Start checkpoint disabled!
[  814.144639][ T9831] Bluetooth: hci1: command 0x0c1a tx timeout
[  814.157248][ T4273] Bluetooth: hci4: command 0x0c1a tx timeout
[  814.158690][ T4281] Bluetooth: hci3: command 0x0c1a tx timeout
[  814.282248][T11439] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6
[  814.395484][T11456] F2FS-fs (loop5): Found nat_bits in checkpoint
[  814.525054][T11456] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  814.960937][ T7617] syz-executor: attempt to access beyond end of device
[  814.960937][ T7617] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  814.984047][T11468] loop4: detected capacity change from 0 to 256
[  815.103819][T11468] FAT-fs (loop4): Directory bread(block 64) failed
[  815.148629][T11468] FAT-fs (loop4): Directory bread(block 65) failed
[  815.218684][T11468] FAT-fs (loop4): Directory bread(block 66) failed
[  815.225272][T11468] FAT-fs (loop4): Directory bread(block 67) failed
[  815.258690][T11468] FAT-fs (loop4): Directory bread(block 68) failed
[  815.265307][T11468] FAT-fs (loop4): Directory bread(block 69) failed
[  815.439516][T11474] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1584'.
[  815.787539][T11468] FAT-fs (loop4): Directory bread(block 70) failed
[  816.202399][T11468] FAT-fs (loop4): Directory bread(block 71) failed
[  816.235072][T11460] Bluetooth: hci5: command 0x0406 tx timeout
[  816.288995][T11468] FAT-fs (loop4): Directory bread(block 72) failed
[  816.295578][T11468] FAT-fs (loop4): Directory bread(block 73) failed
[  816.934520][T11487] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1580'.
[  816.947151][T11487] IPv6: ADDRCONF(NETDEV_CHANGE): gre5: link becomes ready
[  817.355665][T11491] loop5: detected capacity change from 0 to 128
[  817.382275][T11491] FAT-fs (loop5): invalid media value (0x01)
[  817.408976][T11491] FAT-fs (loop5): Can't find a valid FAT filesystem
[  817.763239][T11480] loop1: detected capacity change from 0 to 40427
[  817.816579][T11480] F2FS-fs (loop1): invalid crc value
[  817.883678][T11480] F2FS-fs (loop1): Found nat_bits in checkpoint
[  818.011098][T11480] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  820.455330][T11514] loop2: detected capacity change from 0 to 32768
[  821.200471][T11514] XFS (loop2): Mounting V5 Filesystem
[  821.362415][T11514] XFS (loop2): Ending clean mount
[  821.643567][T11534] loop5: detected capacity change from 0 to 40427
[  821.672512][T11534] F2FS-fs (loop5): invalid crc value
[  821.741003][T11534] F2FS-fs (loop5): Found nat_bits in checkpoint
[  821.776733][T11534] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  822.292348][ T7617] syz-executor: attempt to access beyond end of device
[  822.292348][ T7617] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  822.423640][ T4274] XFS (loop2): Unmounting Filesystem
[  822.576356][ T4267] syz-executor: attempt to access beyond end of device
[  822.576356][ T4267] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  824.071295][T11556] loop4: detected capacity change from 0 to 256
[  824.172546][T11556] FAT-fs (loop4): Directory bread(block 64) failed
[  824.196817][T11556] FAT-fs (loop4): Directory bread(block 65) failed
[  824.237614][T11556] FAT-fs (loop4): Directory bread(block 66) failed
[  824.286510][T11556] FAT-fs (loop4): Directory bread(block 67) failed
[  824.301534][T11556] FAT-fs (loop4): Directory bread(block 68) failed
[  824.308115][T11556] FAT-fs (loop4): Directory bread(block 69) failed
[  824.337469][T11556] FAT-fs (loop4): Directory bread(block 70) failed
[  824.350257][T11556] FAT-fs (loop4): Directory bread(block 71) failed
[  824.357331][T11556] FAT-fs (loop4): Directory bread(block 72) failed
[  824.468571][T11556] FAT-fs (loop4): Directory bread(block 73) failed
[  824.844179][T11568] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1595'.
[  825.838271][T11578] overlayfs: unrecognized mount option "measure" or missing value
[  826.629436][T11587] loop1: detected capacity change from 0 to 128
[  826.692404][T11588] netlink: 'syz.2.1603': attribute type 10 has an invalid length.
[  826.702858][T11588] tmpfs: Unknown parameter 'quota'
[  827.491015][T11587] FAT-fs (loop1): invalid media value (0x01)
[  827.538226][T11587] FAT-fs (loop1): Can't find a valid FAT filesystem
[  828.208931][T11597] loop1: detected capacity change from 0 to 40427
[  828.247796][T11597] F2FS-fs (loop1): invalid crc value
[  828.286914][T11597] F2FS-fs (loop1): Found nat_bits in checkpoint
[  828.323659][T11597] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  828.520992][ T4267] syz-executor: attempt to access beyond end of device
[  828.520992][ T4267] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  831.386119][T11628] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1612'.
[  832.153053][T11646] ip_tunnel: non-ECT from 172.20.20.187 with TOS=0x2
[  833.671959][T11655] loop4: detected capacity change from 0 to 40427
[  833.692191][T11655] F2FS-fs (loop4): invalid crc value
[  833.787992][T11655] F2FS-fs (loop4): Found nat_bits in checkpoint
[  833.834560][T11655] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  834.028954][ T4278] syz-executor: attempt to access beyond end of device
[  834.028954][ T4278] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  834.066679][T11661] loop1: detected capacity change from 0 to 256
[  834.156734][T11661] FAT-fs (loop1): Directory bread(block 64) failed
[  834.192557][T11661] FAT-fs (loop1): Directory bread(block 65) failed
[  834.239743][T11661] FAT-fs (loop1): Directory bread(block 66) failed
[  834.278873][T11661] FAT-fs (loop1): Directory bread(block 67) failed
[  834.331695][T11661] FAT-fs (loop1): Directory bread(block 68) failed
[  834.389088][T11661] FAT-fs (loop1): Directory bread(block 69) failed
[  834.527138][T11661] FAT-fs (loop1): Directory bread(block 70) failed
[  834.534433][T11661] FAT-fs (loop1): Directory bread(block 71) failed
[  834.560284][T11661] FAT-fs (loop1): Directory bread(block 72) failed
[  835.009569][T11665] loop2: detected capacity change from 0 to 22
[  835.016463][T11665] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  835.634982][T11661] FAT-fs (loop1): Directory bread(block 73) failed
[  835.654547][T11665] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  835.668910][T11664] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1621'.
[  838.141350][T11682] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1625'.
[  838.165068][T11682] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready
[  839.330413][T11693] tmpfs: Unknown parameter 'quota'
[  839.568508][ T4331] usb 5-1: new full-speed USB device number 15 using dummy_hcd
[  840.319852][ T4331] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  840.350613][ T4331] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  840.364246][ T4331] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  840.373915][ T4331] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  840.389150][ T4331] usb 5-1: config 0 descriptor??
[  840.399888][ T4331] usbhid 5-1:0.0: couldn't find an input interrupt endpoint
[  841.128938][T11702] loop6: detected capacity change from 0 to 40427
[  841.156665][T11702] F2FS-fs (loop6): invalid crc value
[  841.175519][T11707] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1632'.
[  841.357634][T11702] F2FS-fs (loop6): Found nat_bits in checkpoint
[  841.385488][T11702] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  841.576499][ T8153] syz-executor: attempt to access beyond end of device
[  841.576499][ T8153] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  841.930703][T11715] loop1: detected capacity change from 0 to 256
[  842.003658][T11715] FAT-fs (loop1): Directory bread(block 64) failed
[  842.034197][T11715] FAT-fs (loop1): Directory bread(block 65) failed
[  842.061044][T11715] FAT-fs (loop1): Directory bread(block 66) failed
[  842.086534][T11715] FAT-fs (loop1): Directory bread(block 67) failed
[  842.112342][T11715] FAT-fs (loop1): Directory bread(block 68) failed
[  842.145881][T11715] FAT-fs (loop1): Directory bread(block 69) failed
[  842.173835][T11715] FAT-fs (loop1): Directory bread(block 70) failed
[  842.218686][T11715] FAT-fs (loop1): Directory bread(block 71) failed
[  842.247919][T11715] FAT-fs (loop1): Directory bread(block 72) failed
[  842.299210][T11715] FAT-fs (loop1): Directory bread(block 73) failed
[  843.189027][ T4256] usb 5-1: USB disconnect, device number 15
[  843.345686][T11725] loop6: detected capacity change from 0 to 1024
[  843.480598][T11728] loop4: detected capacity change from 0 to 64
[  844.329541][T11725] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  845.398686][T11742] tmpfs: Unknown parameter 'quota'
[  846.499711][T11750] loop4: detected capacity change from 0 to 40427
[  846.524004][T11752] loop5: detected capacity change from 0 to 2048
[  846.529808][T11750] F2FS-fs (loop4): invalid crc value
[  846.546230][T11750] F2FS-fs (loop4): Found nat_bits in checkpoint
[  846.575352][T11750] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  846.743090][ T8159] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  846.764166][ T4278] syz-executor: attempt to access beyond end of device
[  846.764166][ T4278] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  846.776541][T11752] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  846.809337][T11752] EXT4-fs error (device loop5): ext4_free_inode:355: comm syz.5.1645: bit already cleared for inode 15
[  846.978178][ T7617] EXT4-fs (loop5): unmounting filesystem.
[  846.978811][ T8159] usb 3-1: unable to get BOS descriptor or descriptor too short
[  847.037767][ T8159] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  847.065879][ T8159] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  847.232694][ T8159] usb 3-1: config 1 has no interface number 1
[  847.239602][ T8159] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  847.273977][ T8159] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  847.356656][T11763] overlayfs: unrecognized mount option "measure" or missing value
[  847.907976][ T8159] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  847.916186][ T8159] usb 3-1: Product: syz
[  848.008672][ T8159] usb 3-1: Manufacturer: syz
[  848.013330][ T8159] usb 3-1: SerialNumber: syz
[  848.089693][ T7748] usb 2-1: new full-speed USB device number 15 using dummy_hcd
[  848.341000][ T7748] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  848.564375][ T8159] usb 3-1: 2:1 : no or invalid class specific endpoint descriptor
[  848.642852][ T8159] usb 3-1: 2:1 : format type 10 is not supported yet
[  848.994022][ T7748] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  849.007076][ T7748] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  849.016184][ T7748] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  849.033565][ T7748] usb 2-1: config 0 descriptor??
[  849.042532][ T7748] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  849.070342][ T8159] usb 3-1: USB disconnect, device number 8
[  849.169225][T11776] loop2: detected capacity change from 0 to 256
[  849.199187][ T8153] EXT4-fs (loop6): unmounting filesystem.
[  849.205859][T11776] FAT-fs (loop2): Directory bread(block 64) failed
[  849.291700][T11776] FAT-fs (loop2): Directory bread(block 65) failed
[  849.322540][T11776] FAT-fs (loop2): Directory bread(block 66) failed
[  849.358700][T11776] FAT-fs (loop2): Directory bread(block 67) failed
[  849.392906][T11776] FAT-fs (loop2): Directory bread(block 68) failed
[  849.400234][T11776] FAT-fs (loop2): Directory bread(block 69) failed
[  849.406916][T11776] FAT-fs (loop2): Directory bread(block 70) failed
[  849.413658][T11776] FAT-fs (loop2): Directory bread(block 71) failed
[  849.420406][T11776] FAT-fs (loop2): Directory bread(block 72) failed
[  849.426957][T11776] FAT-fs (loop2): Directory bread(block 73) failed
[  849.448546][ T4331] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  849.598672][T11782] loop5: detected capacity change from 0 to 22
[  849.615363][T11782] MTD: Attempt to mount non-MTD device "/dev/loop5"
[  850.324959][T11782] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  850.344476][T11782] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1653'.
[  850.664092][ T4331] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  850.722520][ T4331] usb 5-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0xBA, skipping
[  850.820412][ T7748] usb 2-1: USB disconnect, device number 15
[  850.862821][ T4331] usb 5-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  850.905225][ T4331] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  851.632613][ T4331] usb 5-1: Product: syz
[  851.636912][ T4331] usb 5-1: Manufacturer: syz
[  851.641607][ T4331] usb 5-1: SerialNumber: syz
[  851.647935][ T4331] usb 5-1: config 0 descriptor??
[  851.653857][ T4331] usb 5-1: can't set config #0, error -71
[  851.864777][ T4331] usb 5-1: USB disconnect, device number 16
[  852.879915][T11807] loop1: detected capacity change from 0 to 2048
[  852.914432][T11807] UDF-fs: error (device loop1): udf_process_sequence: Primary Volume Descriptor not found!
[  852.930199][T11804] loop6: detected capacity change from 0 to 2048
[  853.054829][T11807] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  853.081737][T11804] Alternate GPT is invalid, using primary GPT.
[  853.121202][T11804]  loop6: p1 p2 p3
[  853.297435][T11805] binder: 11803:11805 ioctl c0306201 0 returned -14
[  853.786576][ T4331] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  854.057500][T11820] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  854.066532][T11820] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  854.068715][ T4331] usb 3-1: device descriptor read/64, error -71
[  855.068530][ T4331] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  855.168129][ T4459] udevd[4459]: inotify_add_watch(7, /dev/loop6p3, 10) failed: No such file or directory
[  855.194941][ T4414] udevd[4414]: inotify_add_watch(7, /dev/loop6p2, 10) failed: No such file or directory
[  855.205373][ T4418] udevd[4418]: inotify_add_watch(7, /dev/loop6p1, 10) failed: No such file or directory
[  855.224760][T11824] loop1: detected capacity change from 0 to 512
[  855.231575][ T4331] usb 3-1: device descriptor read/64, error -71
[  855.316715][T11824] EXT4-fs error (device loop1): ext4_orphan_get:1400: inode #15: comm syz.1.1662: iget: bad extended attribute block 1
[  855.359281][ T4331] usb usb3-port1: attempt power cycle
[  855.468540][T11824] EXT4-fs error (device loop1): ext4_orphan_get:1405: comm syz.1.1662: couldn't read orphan inode 15 (err -117)
[  855.489451][T11824] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  855.718698][T11826] EXT4-fs error (device loop1): ext4_validate_block_bitmap:429: comm ext4lazyinit: bg 0: block 13: invalid block bitmap
[  855.795290][T11829] tmpfs: Unknown parameter 'usrquota'
[  855.808491][ T4331] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  856.072668][ T4267] EXT4-fs (loop1): unmounting filesystem.
[  856.091403][ T4331] usb 3-1: device descriptor read/8, error -71
[  857.341815][T11840] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1667'.
[  858.243898][T11854] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1671'.
[  858.378758][T11460] Bluetooth: hci5: command 0x0406 tx timeout
[  858.396726][T11856] loop1: detected capacity change from 0 to 1024
[  858.468339][T11834] loop2: detected capacity change from 0 to 40427
[  858.498538][T11834] F2FS-fs (loop2): Wrong NAT boundary, start(2560) end(3584) blocks(512)
[  858.508346][T11854] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1671'.
[  858.538584][T11834] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  858.593464][T11834] F2FS-fs (loop2): invalid crc value
[  858.632799][T11834] F2FS-fs (loop2): Found nat_bits in checkpoint
[  858.804172][T11834] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  858.838458][T11834] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  858.845018][T11866] loop6: detected capacity change from 0 to 512
[  858.933774][T11866] EXT4-fs error (device loop6): ext4_orphan_get:1400: inode #15: comm syz.6.1674: iget: bad extended attribute block 1
[  859.038499][T11866] EXT4-fs error (device loop6): ext4_orphan_get:1405: comm syz.6.1674: couldn't read orphan inode 15 (err -117)
[  859.060004][T11866] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  859.752848][T11852] loop5: detected capacity change from 0 to 32768
[  859.864466][T11852] BTRFS info (device loop5): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  859.886416][ T4274] syz-executor: attempt to access beyond end of device
[  859.886416][ T4274] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  859.903980][T11852] BTRFS info (device loop5): using sha256 (sha256-avx2) checksum algorithm
[  859.937638][T11852] BTRFS info (device loop5): using free space tree
[  860.000601][ T8153] EXT4-fs (loop6): unmounting filesystem.
[  860.325053][T11852] BTRFS info (device loop5): enabling ssd optimizations
[  860.446890][ T7617] BTRFS info (device loop5): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  860.858172][T11899] loop6: detected capacity change from 0 to 2048
[  860.912233][T11899] UDF-fs: bad mount option "umask=0000p000000000000¸O·Å5" or missing value
[  861.990686][ T4779] hfsplus: b-tree write err: -5, ino 4
[  862.037240][T11899] syz.6.1676 (11899): drop_caches: 2
[  862.267830][T11919] loop1: detected capacity change from 0 to 40427
[  862.311748][T11919] F2FS-fs (loop1): invalid crc value
[  862.403626][T11919] F2FS-fs (loop1): Found nat_bits in checkpoint
[  862.432368][T11919] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  862.954209][ T4267] syz-executor: attempt to access beyond end of device
[  862.954209][ T4267] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  863.929485][T11934] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1684'.
[  863.945986][T11938] loop4: detected capacity change from 0 to 1024
[  863.954361][T11934] netlink: 12 bytes leftover after parsing attributes in process `syz.6.1684'.
[  863.957012][T11914] loop2: detected capacity change from 0 to 32768
[  864.011763][T11938] EXT4-fs: Ignoring removed oldalloc option
[  864.020193][T11938] EXT4-fs: Ignoring removed bh option
[  864.627486][T11938] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  864.717889][T11938] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  865.260921][T11938] EXT4-fs error (device loop4): ext4_mb_mark_diskspace_used:3841: comm syz.4.1685: Allocating blocks 385-513 which overlap fs metadata
[  866.085310][T11938] EXT4-fs (loop4): pa ffff888075bb8a80: logic 16, phys. 129, len 24
[  866.093899][T11938] EXT4-fs error (device loop4): ext4_mb_release_inode_pa:4881: group 0, free 0, pa_free 8
[  866.205565][ T4278] EXT4-fs (loop4): unmounting filesystem.
[  867.000677][T11962] loop4: detected capacity change from 0 to 1024
[  867.300383][T11962] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  867.338922][T11966] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1682'.
[  868.592301][T11980] loop5: detected capacity change from 0 to 2048
[  868.721598][T11976] binder: 11975:11976 ioctl c0306201 0 returned -14
[  868.740715][ T4278] EXT4-fs (loop4): unmounting filesystem.
[  868.798174][T11986] loop6: detected capacity change from 0 to 2048
[  868.824572][T11980] Alternate GPT is invalid, using primary GPT.
[  868.844444][T11980]  loop5: p1 p2 p3
[  868.855684][T11986] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  869.039287][T11984] loop2: detected capacity change from 0 to 40427
[  869.074305][T11984] F2FS-fs (loop2): invalid crc value
[  869.110961][T11986] EXT4-fs error (device loop6): ext4_free_inode:355: comm syz.6.1698: bit already cleared for inode 15
[  869.176735][T11984] F2FS-fs (loop2): Found nat_bits in checkpoint
[  869.222269][T11984] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  869.356250][T11993] loop4: detected capacity change from 0 to 2048
[  869.677801][ T4274] syz-executor: attempt to access beyond end of device
[  869.677801][ T4274] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  869.695982][T11997] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  869.700437][ T8153] EXT4-fs (loop6): unmounting filesystem.
[  870.061360][ T1276] ieee802154 phy0 wpan0: encryption failed: -22
[  870.071165][ T1276] ieee802154 phy1 wpan1: encryption failed: -22
[  870.823861][T12003] loop6: detected capacity change from 0 to 512
[  871.038802][T12005] loop1: detected capacity change from 0 to 40427
[  871.083598][T12005] F2FS-fs (loop1): invalid crc value
[  871.092994][T12003] EXT4-fs error (device loop6): ext4_orphan_get:1400: inode #15: comm syz.6.1700: iget: bad extended attribute block 1
[  871.117266][T12005] F2FS-fs (loop1): Found nat_bits in checkpoint
[  871.152231][T12005] F2FS-fs (loop1): Start checkpoint disabled!
[  871.254015][T12003] EXT4-fs error (device loop6): ext4_orphan_get:1405: comm syz.6.1700: couldn't read orphan inode 15 (err -117)
[  871.404849][T12005] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  871.992463][T12003] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  872.335287][ T4658] kworker/u4:16: attempt to access beyond end of device
[  872.335287][ T4658] loop1: rw=1, sector=45096, nr_sectors = 8 limit=40427
[  872.350008][ T4658] kworker/u4:16: attempt to access beyond end of device
[  872.350008][ T4658] loop1: rw=2049, sector=40960, nr_sectors = 32 limit=40427
[  872.620887][T12023] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1705'.
[  872.723058][ T8153] EXT4-fs (loop6): unmounting filesystem.
[  873.325073][T12033] loop4: detected capacity change from 0 to 40427
[  873.389684][T12033] F2FS-fs (loop4): invalid crc value
[  873.402402][T12033] F2FS-fs (loop4): Found nat_bits in checkpoint
[  873.432529][T12033] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  874.279025][T12042] loop5: detected capacity change from 0 to 40427
[  874.311118][ T4278] syz-executor: attempt to access beyond end of device
[  874.311118][ T4278] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  874.510930][T12042] F2FS-fs (loop5): invalid crc value
[  874.564380][T12042] F2FS-fs (loop5): Found nat_bits in checkpoint
[  874.611281][T12042] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  875.051434][ T7617] syz-executor: attempt to access beyond end of device
[  875.051434][ T7617] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  877.041526][T12063] loop6: detected capacity change from 0 to 2048
[  877.064686][T12065] loop2: detected capacity change from 0 to 512
[  877.140431][T12063] Alternate GPT is invalid, using primary GPT.
[  877.151619][T12063]  loop6: p1 p2 p3
[  877.193541][T12061] binder: 12060:12061 ioctl c0306201 0 returned -14
[  877.377836][T12065] EXT4-fs error (device loop2): ext4_orphan_get:1400: inode #15: comm syz.2.1718: iget: bad extended attribute block 1
[  877.594232][T12065] EXT4-fs error (device loop2): ext4_orphan_get:1405: comm syz.2.1718: couldn't read orphan inode 15 (err -117)
[  877.994281][T12065] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  878.559091][ T4274] EXT4-fs (loop2): unmounting filesystem.
[  881.129417][T12089] loop4: detected capacity change from 0 to 40427
[  881.154614][T12089] F2FS-fs (loop4): invalid crc value
[  881.537678][T12089] F2FS-fs (loop4): Found nat_bits in checkpoint
[  881.572092][T12089] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  881.755603][T12096] loop5: detected capacity change from 0 to 40427
[  881.886533][T12096] F2FS-fs (loop5): invalid crc value
[  882.227623][T12096] F2FS-fs (loop5): Found nat_bits in checkpoint
[  882.259195][ T4278] syz-executor: attempt to access beyond end of device
[  882.259195][ T4278] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  882.294005][T12096] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  882.451502][T12107] loop6: detected capacity change from 0 to 128
[  882.517033][T12107] FAT-fs (loop6): invalid media value (0x01)
[  882.528647][T12107] FAT-fs (loop6): Can't find a valid FAT filesystem
[  882.769416][ T7617] syz-executor: attempt to access beyond end of device
[  882.769416][ T7617] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  883.276029][T12115] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1725'.
[  883.605657][T12121] overlayfs: unrecognized mount option "measure" or missing value
[  883.707523][T12115] IPv6: ADDRCONF(NETDEV_CHANGE): gre6: link becomes ready
[  884.719731][T12133] loop6: detected capacity change from 0 to 22
[  884.726995][T12133] MTD: Attempt to mount non-MTD device "/dev/loop6"
[  885.559304][T12133] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  885.574200][T12128] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1731'.
[  886.020533][T12140] loop4: detected capacity change from 0 to 40427
[  886.047429][T12140] F2FS-fs (loop4): invalid crc value
[  886.064653][T12140] F2FS-fs (loop4): Found nat_bits in checkpoint
[  886.097489][T12140] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  886.521562][ T4278] syz-executor: attempt to access beyond end of device
[  886.521562][ T4278] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  887.490877][T12156] loop5: detected capacity change from 0 to 40427
[  887.533201][T12156] F2FS-fs (loop5): invalid crc value
[  887.562199][T12156] F2FS-fs (loop5): Found nat_bits in checkpoint
[  887.596054][T12156] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  888.024307][ T7617] syz-executor: attempt to access beyond end of device
[  888.024307][ T7617] loop5: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  890.492139][T12186] overlayfs: unrecognized mount option "measure" or missing value
[  890.826811][T12185] loop4: detected capacity change from 0 to 2048
[  890.882592][T12185] Alternate GPT is invalid, using primary GPT.
[  890.893473][T12185]  loop4: p1 p2 p3
[  891.758728][T12181] binder: 12180:12181 ioctl c0306201 0 returned -14
[  892.766283][T12181] loop4: detected capacity change from 0 to 32768
[  892.831511][ T4418] I/O error, dev loop4, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  894.253798][T12211] loop2: detected capacity change from 0 to 40427
[  894.294535][T12211] F2FS-fs (loop2): invalid crc value
[  894.329781][T12211] F2FS-fs (loop2): Found nat_bits in checkpoint
[  894.356493][T12211] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  894.473101][ T4272] Bluetooth: hci2: command 0x2021 tx timeout
[  895.436230][ T4274] syz-executor: attempt to access beyond end of device
[  895.436230][ T4274] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  895.520791][T12219] loop4: detected capacity change from 0 to 40427
[  895.547633][T12219] F2FS-fs (loop4): invalid crc value
[  895.577265][T12219] F2FS-fs (loop4): Found nat_bits in checkpoint
[  895.615251][T12219] F2FS-fs (loop4): Start checkpoint disabled!
[  895.684178][T12219] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  896.791035][ T4658] kworker/u4:16: attempt to access beyond end of device
[  896.791035][ T4658] loop4: rw=1, sector=45096, nr_sectors = 8 limit=40427
[  896.858199][ T4658] kworker/u4:16: attempt to access beyond end of device
[  896.858199][ T4658] loop4: rw=2049, sector=40960, nr_sectors = 32 limit=40427
[  898.382366][T12246] loop6: detected capacity change from 0 to 2048
[  898.584774][T12244] binder: 12237:12244 ioctl c0306201 0 returned -14
[  898.697806][T12246] Alternate GPT is invalid, using primary GPT.
[  898.715245][T12246]  loop6: p1 p2 p3
[  898.762289][T12257] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1757'.
[  898.956523][T12257] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1757'.
[  901.090632][T12278] overlayfs: overlapping lowerdir path
[  902.788296][T12300] netlink: 'syz.4.1769': attribute type 10 has an invalid length.
[  902.800512][T12296] tmpfs: Unknown parameter 'quota'
[  903.487377][T12303] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1776'.
[  903.499979][T12303] IPv6: ADDRCONF(NETDEV_CHANGE): gre3: link becomes ready
[  903.558105][T12303] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1776'.
[  903.909861][T12317] loop4: detected capacity change from 0 to 8
[  903.921667][T12317] MTD: Attempt to mount non-MTD device "/dev/loop4"
[  903.940598][T12317] netlink: 256 bytes leftover after parsing attributes in process `syz.4.1778'.
[  904.835774][T12320] cramfs: Error -5 while decompressing!
[  904.841517][T12320] cramfs: ffffffff96d751a8(26)->ffff888069a71000(4096)
[  904.848700][T12320] cramfs: Error -3 while decompressing!
[  904.854283][T12320] cramfs: ffffffff96d751c2(26)->ffff88806a047000(4096)
[  904.861404][T12320] cramfs: Error -3 while decompressing!
[  904.867078][T12320] cramfs: ffffffff96d751dc(16)->ffff888054c92000(4096)
[  904.874385][T12320] cramfs: Error -5 while decompressing!
[  904.880236][T12320] cramfs: ffffffff96d751a8(26)->ffff888069a71000(4096)
[  905.340590][ T4418] udevd[4418]: incorrect cramfs checksum on /dev/loop4
[  907.348462][ T7103] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  907.596565][T12337] loop2: detected capacity change from 0 to 2048
[  907.613152][ T7103] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  907.625384][T12337] Alternate GPT is invalid, using primary GPT.
[  907.631698][T12337]  loop2: p1 p2 p3
[  907.638264][ T7103] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[  907.649354][ T7103] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  907.659743][ T7103] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[  907.671448][T12337] binder: 12336:12337 ioctl c0306201 0 returned -14
[  907.678293][ T7103] usb 2-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[  907.830274][ T7103] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  907.887040][ T7103] usb 2-1: config 0 descriptor??
[  908.121231][ T7103] hdpvr 2-1:0.0: firmware version 0x0 dated 
[  908.129808][ T7103] hdpvr 2-1:0.0: untested firmware, the driver might not work.
[  908.293298][ T4418] udevd[4418]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  908.330239][ T7103] hdpvr 2-1:0.0: device init failed
[  908.365197][ T7103] hdpvr: probe of 2-1:0.0 failed with error -12
[  908.642363][ T4459] udevd[4459]: inotify_add_watch(7, /dev/loop2p2, 10) failed: No such file or directory
[  908.665936][ T5885] udevd[5885]: inotify_add_watch(7, /dev/loop2p3, 10) failed: No such file or directory
[  908.786526][ T7103] usb 2-1: USB disconnect, device number 16
[  908.957180][T12351] loop2: detected capacity change from 0 to 22
[  908.968479][T12351] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  909.515828][T12351] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  910.112808][T12362] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1791'.
[  910.125180][T12362] IPv6: ADDRCONF(NETDEV_CHANGE): gre7: link becomes ready
[  910.390150][T12364] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1791'.
[  910.411293][T12369] loop4: detected capacity change from 0 to 64
[  911.853176][T12379] loop1: detected capacity change from 0 to 40427
[  911.870285][T12379] F2FS-fs (loop1): invalid crc value
[  912.054781][T12379] F2FS-fs (loop1): Found nat_bits in checkpoint
[  912.093639][T12379] F2FS-fs (loop1): Start checkpoint disabled!
[  912.473260][T12377] netlink: 'syz.6.1797': attribute type 10 has an invalid length.
[  912.495007][T12379] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  912.617293][T12377] tmpfs: Unknown parameter 'quota'
[  913.896170][T12404] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  914.563095][T12408] loop2: detected capacity change from 0 to 512
[  914.606826][ T4763] kworker/u4:17: attempt to access beyond end of device
[  914.606826][ T4763] loop1: rw=1, sector=45096, nr_sectors = 8 limit=40427
[  914.649090][T12408] EXT4-fs (loop2): unsupported inode size: 0
[  914.655146][T12408] EXT4-fs (loop2): blocksize: 1024
[  914.669337][ T4763] kworker/u4:17: attempt to access beyond end of device
[  914.669337][ T4763] loop1: rw=2049, sector=40960, nr_sectors = 32 limit=40427
[  914.685900][T12412] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1805'.
[  914.761492][T12412] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1805'.
[  915.041854][T12414] loop5: detected capacity change from 0 to 64
[  915.560874][T12419] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1807'.
[  916.454908][T12430] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1808'.
[  916.493355][T12430] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready
[  916.540850][T12434] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1808'.
[  917.179715][T12450] loop1: detected capacity change from 0 to 22
[  917.186510][T12450] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  918.119854][T12450] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  919.653845][T12475] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1819'.
[  920.524000][T12478] loop4: detected capacity change from 0 to 64
[  922.338338][T12498] loop5: detected capacity change from 0 to 22
[  922.348685][T12498] MTD: Attempt to mount non-MTD device "/dev/loop5"
[  922.875966][T12498] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  925.607817][T12520] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1833'.
[  926.565712][T12517] loop2: detected capacity change from 0 to 2048
[  926.780608][T12530] loop5: detected capacity change from 0 to 40427
[  926.811208][T12530] F2FS-fs (loop5): invalid crc value
[  926.861857][T12530] F2FS-fs (loop5): Found nat_bits in checkpoint
[  926.886547][T12530] F2FS-fs (loop5): Start checkpoint disabled!
[  926.924635][T12530] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  926.978304][T12517] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: none.
[  927.170044][T12517] EXT4-fs error (device loop2): ext4_free_inode:355: comm syz.2.1831: bit already cleared for inode 15
[  927.876977][ T4592] kworker/u4:15: attempt to access beyond end of device
[  927.876977][ T4592] loop5: rw=1, sector=45096, nr_sectors = 8 limit=40427
[  927.902164][ T4274] EXT4-fs (loop2): unmounting filesystem.
[  928.016698][ T4592] kworker/u4:15: attempt to access beyond end of device
[  928.016698][ T4592] loop5: rw=2049, sector=40960, nr_sectors = 32 limit=40427
[  928.278472][ T4791] usb 5-1: new full-speed USB device number 17 using dummy_hcd
[  928.350464][T12543] overlayfs: unrecognized mount option "measure" or missing value
[  928.447068][T12529] loop6: detected capacity change from 0 to 32768
[  928.496186][T12529] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop6 scanned by syz.6.1837 (12529)
[  928.650014][ T4791] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  928.666065][ T4791] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  928.676814][ T4791] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  928.688599][ T4791] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  929.366384][ T4791] usb 5-1: config 0 descriptor??
[  929.374487][T12529] BTRFS info (device loop6): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  929.390762][T12529] BTRFS info (device loop6): using blake2b (blake2b-256-generic) checksum algorithm
[  929.565717][T12529] BTRFS info (device loop6): setting incompat feature flag for COMPRESS_LZO (0x8)
[  930.872429][ T4791] usbhid 5-1:0.0: can't add hid device: -71
[  930.899204][T12529] BTRFS info (device loop6): use lzo compression, level 0
[  930.911010][ T4791] usbhid: probe of 5-1:0.0 failed with error -71
[  930.927422][T12529] BTRFS info (device loop6): turning on async discard
[  930.936931][ T4791] usb 5-1: USB disconnect, device number 17
[  931.009120][T12529] BTRFS info (device loop6): using free space tree
[  931.558905][ T1276] ieee802154 phy0 wpan0: encryption failed: -22
[  931.565315][ T1276] ieee802154 phy1 wpan1: encryption failed: -22
[  931.725762][T12529] BTRFS error (device loop6): open_ctree failed: -12
[  932.036765][T12588] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1846'.
[  933.247586][T12607] loop1: detected capacity change from 0 to 1024
[  933.537268][T12616] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1855'.
[  933.561933][T12616] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready
[  933.885703][T12607] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  934.041517][T12620] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1855'.
[  934.939991][ T4267] EXT4-fs (loop1): unmounting filesystem.
[  935.231135][T12630] loop1: detected capacity change from 0 to 128
[  935.290392][T12630] FAT-fs (loop1): invalid media value (0x01)
[  935.328015][T12630] FAT-fs (loop1): Can't find a valid FAT filesystem
[  935.368580][T11901] usb 5-1: new full-speed USB device number 18 using dummy_hcd
[  935.997681][T11901] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  936.154050][T11901] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  936.250242][T11901] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  936.276006][T11901] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  936.289976][T11901] usb 5-1: config 0 descriptor??
[  936.886906][T11901] usbhid 5-1:0.0: can't add hid device: -71
[  936.915459][T11901] usbhid: probe of 5-1:0.0 failed with error -71
[  936.965012][T11901] usb 5-1: USB disconnect, device number 18
[  940.734460][T12683] loop1: detected capacity change from 0 to 22
[  940.752151][T12683] MTD: Attempt to mount non-MTD device "/dev/loop1"
[  941.535604][T12683] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  941.556711][T12683] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1868'.
[  941.793963][T12678] loop6: detected capacity change from 0 to 2048
[  941.960733][T12678] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  941.978708][ T8160] usb 6-1: new full-speed USB device number 5 using dummy_hcd
[  942.026932][T12699] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1872'.
[  942.039512][T12699] IPv6: ADDRCONF(NETDEV_CHANGE): gre2: link becomes ready
[  942.099776][T12700] netlink: 'syz.1.1874': attribute type 10 has an invalid length.
[  943.396220][T12678] EXT4-fs error (device loop6): ext4_free_inode:355: comm syz.6.1869: bit already cleared for inode 15
[  943.492862][T12696] tmpfs: Unknown parameter 'quota'
[  943.592144][ T8153] EXT4-fs (loop6): unmounting filesystem.
[  943.599678][T12704] loop1: detected capacity change from 0 to 128
[  943.600200][ T8160] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  943.637842][ T8160] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  943.654324][ T8160] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  943.659383][T12704] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  943.673898][ T8160] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  943.696491][ T8160] usb 6-1: config 0 descriptor??
[  943.704030][T12704] ext4 filesystem being mounted at /362/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  944.503368][T12704] fscrypt: Error allocating hmac(sha512): -4
[  944.798707][ T8160] usbhid 6-1:0.0: can't add hid device: -71
[  944.804759][ T8160] usbhid: probe of 6-1:0.0 failed with error -71
[  944.876223][T12722] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  944.879243][ T8160] usb 6-1: USB disconnect, device number 5
[  944.902107][ T4267] EXT4-fs (loop1): unmounting filesystem.
[  945.394991][T12737] loop5: detected capacity change from 0 to 8
[  945.419484][T12737] MTD: Attempt to mount non-MTD device "/dev/loop5"
[  945.567069][T12738] loop6: detected capacity change from 0 to 40427
[  945.587520][T12737] netlink: 256 bytes leftover after parsing attributes in process `syz.5.1883'.
[  945.602718][T12738] F2FS-fs (loop6): invalid crc value
[  945.614010][T12738] F2FS-fs (loop6): Found nat_bits in checkpoint
[  945.672985][T12738] F2FS-fs (loop6): Start checkpoint disabled!
[  945.682589][T12741] cramfs: Error -5 while decompressing!
[  945.688282][T12741] cramfs: ffffffff96d711a8(26)->ffff8880503d2000(4096)
[  945.696326][T12741] cramfs: Error -3 while decompressing!
[  945.702082][T12741] cramfs: ffffffff96d711c2(26)->ffff8880503d3000(4096)
[  945.709269][T12741] cramfs: Error -3 while decompressing!
[  945.714901][T12741] cramfs: ffffffff96d711dc(16)->ffff888069b48000(4096)
[  945.722386][T12741] cramfs: Error -5 while decompressing!
[  945.728136][T12741] cramfs: ffffffff96d711a8(26)->ffff8880503d2000(4096)
[  946.372652][T12738] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6
[  946.650745][ T4418] udevd[4418]: incorrect cramfs checksum on /dev/loop5
[  946.740639][T12749] loop4: detected capacity change from 0 to 1024
[  946.950419][T12749] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: none.
[  947.121168][T12749] ext4 filesystem being mounted at /392/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  947.601850][T12760] list_del corruption. prev->next should be ffff88802faaef00, but was ffffffff8d649400. (prev=ffffffff8d649400)
[  947.614258][T12760] ------------[ cut here ]------------
[  947.619882][T12760] kernel BUG at lib/list_debug.c:61!
[  947.625302][T12760] invalid opcode: 0000 [#1] PREEMPT SMP KASAN
[  947.631394][T12760] CPU: 0 PID: 12760 Comm: syz.5.1891 Not tainted 6.1.147-syzkaller #0
[  947.639643][T12760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  947.649712][T12760] RIP: 0010:__list_del_entry_valid+0x10a/0x120
[  947.656076][T12760] Code: e8 6b 56 00 06 0f 0b 48 c7 c7 60 f7 de 8a 48 89 de e8 5a 56 00 06 0f 0b 48 c7 c7 c0 f7 de 8a 48 89 de 4c 89 f9 e8 46 56 00 06 <0f> 0b 48 c7 c7 40 f8 de 8a 48 89 de 4c 89 f1 e8 32 56 00 06 0f 0b
[  947.676221][T12760] RSP: 0018:ffffc90004a1eac8 EFLAGS: 00010246
[  947.682306][T12760] RAX: 000000000000006d RBX: ffff88802faaef00 RCX: 1aa75e8947044100
[  947.690287][T12760] RDX: ffffc9001361b000 RSI: 0000000000004083 RDI: 0000000000004084
[  947.698263][T12760] RBP: 1ffff92000943d9a R08: dffffc0000000000 R09: fffff52000943ce9
[  947.706414][T12760] R10: fffff52000943ce9 R11: 1ffff92000943ce8 R12: dffffc0000000000
[  947.714495][T12760] R13: ffffc90004a1ecd0 R14: ffffffff8d649400 R15: ffffffff8d649400
[  947.722570][T12760] FS:  00007f58f62166c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
[  947.731521][T12760] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  947.738201][T12760] CR2: 000000110c3da5d4 CR3: 000000007e32d000 CR4: 00000000003506f0
[  947.746357][T12760] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  947.754427][T12760] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  947.762409][T12760] Call Trace:
[  947.765688][T12760]  <TASK>
[  947.768638][T12760]  flow_block_cb_setup_simple+0x629/0x740
[  947.774375][T12760]  nft_chain_offload_cmd+0x278/0x630
[  947.779675][T12760]  ? nft_offload_exit+0x20/0x20
[  947.784533][T12760]  ? __lock_acquire+0x7c50/0x7c50
[  947.789566][T12760]  ? nft_pernet+0x45/0x270
[  947.793985][T12760]  ? nft_pernet+0x45/0x270
[  947.798409][T12760]  nft_flow_rule_offload_commit+0x4d2/0x18c0
[  947.804398][T12760]  ? nft_flow_rule_stats+0x3c0/0x3c0
[  947.809785][T12760]  ? __lock_acquire+0x12e5/0x7c50
[  947.814813][T12760]  ? unwind_next_frame+0x1880/0x20b0
[  947.820118][T12760]  ? deref_stack_reg+0x19f/0x230
[  947.825070][T12760]  ? preempt_count_add+0x8d/0x190
[  947.830123][T12760]  ? verify_lock_unused+0x140/0x140
[  947.835333][T12760]  ? arch_stack_walk+0xf2/0x140
[  947.840201][T12760]  ? stack_trace_save+0x98/0xe0
[  947.845082][T12760]  ? verify_lock_unused+0x140/0x140
[  947.850321][T12760]  ? __stack_depot_save+0x35/0x460
[  947.855474][T12760]  ? nft_pernet+0x23/0x230
[  947.859884][T12760]  ? ____sys_sendmsg+0x59b/0x970
[  947.864818][T12760]  ? __lock_acquire+0x7c50/0x7c50
[  947.869865][T12760]  ? nft_pernet+0x23/0x230
[  947.874268][T12760]  ? nft_pernet+0x23/0x230
[  947.878749][T12760]  nf_tables_commit+0x585/0x74e0
[  947.883764][T12760]  ? nft_pernet+0x23/0x230
[  947.888174][T12760]  ? nf_tables_rule_release+0x310/0x310
[  947.893710][T12760]  ? nft_trans_commit_list_add_tail+0x32c/0x430
[  947.899938][T12760]  ? nft_flush_table+0x151f/0x1610
[  947.905047][T12760]  ? nf_tables_deltable+0x625/0xd60
[  947.910243][T12760]  ? nf_tables_gettable+0x670/0x670
[  947.915428][T12760]  ? mutex_unlock+0x10/0x10
[  947.919920][T12760]  ? __nla_parse+0x3c/0x50
[  947.924336][T12760]  ? skb_pull+0xbd/0x1d0
[  947.928659][T12760]  nfnetlink_rcv+0x18b6/0x2170
[  947.933525][T12760]  ? nfnetlink_net_exit_batch+0xa0/0xa0
[  947.939325][T12760]  ? netdev_core_pick_tx+0x340/0x340
[  947.944614][T12760]  ? ref_tracker_free+0x630/0x7c0
[  947.949655][T12760]  ? netlink_deliver_tap+0x2e/0x1b0
[  947.954856][T12760]  ? netlink_deliver_tap+0x2e/0x1b0
[  947.960049][T12760]  netlink_unicast+0x74d/0x8d0
[  947.964849][T12760]  netlink_sendmsg+0x89e/0xbc0
[  947.969608][T12760]  ? netlink_getsockopt+0x540/0x540
[  947.974819][T12760]  ? aa_sock_msg_perm+0x94/0x150
[  947.979747][T12760]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  947.985013][T12760]  ? security_socket_sendmsg+0x7c/0xa0
[  947.990459][T12760]  ? netlink_getsockopt+0x540/0x540
[  947.995653][T12760]  ____sys_sendmsg+0x59b/0x970
[  948.000412][T12760]  ? __sys_sendmsg_sock+0x30/0x30
[  948.005427][T12760]  ? __import_iovec+0x315/0x500
[  948.010271][T12760]  ? import_iovec+0x6f/0xa0
[  948.014780][T12760]  ___sys_sendmsg+0x21c/0x290
[  948.019480][T12760]  ? __sys_sendmsg+0x270/0x270
[  948.024247][T12760]  ? __fdget+0x17c/0x200
[  948.028489][T12760]  __se_sys_sendmsg+0x19e/0x270
[  948.033328][T12760]  ? __se_sys_futex+0x14a/0x440
[  948.038168][T12760]  ? __x64_sys_sendmsg+0x80/0x80
[  948.043098][T12760]  ? lockdep_hardirqs_on+0x94/0x140
[  948.048285][T12760]  do_syscall_64+0x4c/0xa0
[  948.052708][T12760]  ? clear_bhb_loop+0x60/0xb0
[  948.057480][T12760]  ? clear_bhb_loop+0x60/0xb0
[  948.062154][T12760]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  948.068040][T12760] RIP: 0033:0x7f58f538e9a9
[  948.072457][T12760] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  948.092048][T12760] RSP: 002b:00007f58f6216038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  948.100449][T12760] RAX: ffffffffffffffda RBX: 00007f58f55b6080 RCX: 00007f58f538e9a9
[  948.108490][T12760] RDX: 000000000000c050 RSI: 0000200000000cc0 RDI: 0000000000000007
[  948.116533][T12760] RBP: 00007f58f5410d69 R08: 0000000000000000 R09: 0000000000000000
[  948.124488][T12760] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  948.132445][T12760] R13: 0000000000000000 R14: 00007f58f55b6080 R15: 00007ffdcea52958
[  948.140435][T12760]  </TASK>
[  948.143532][T12760] Modules linked in:
[  948.147570][T12760] ---[ end trace 0000000000000000 ]---
[  948.153191][T12760] RIP: 0010:__list_del_entry_valid+0x10a/0x120
[  948.159391][T12760] Code: e8 6b 56 00 06 0f 0b 48 c7 c7 60 f7 de 8a 48 89 de e8 5a 56 00 06 0f 0b 48 c7 c7 c0 f7 de 8a 48 89 de 4c 89 f9 e8 46 56 00 06 <0f> 0b 48 c7 c7 40 f8 de 8a 48 89 de 4c 89 f1 e8 32 56 00 06 0f 0b
[  948.179040][T12760] RSP: 0018:ffffc90004a1eac8 EFLAGS: 00010246
[  948.185207][T12760] RAX: 000000000000006d RBX: ffff88802faaef00 RCX: 1aa75e8947044100
[  948.193237][T12760] RDX: ffffc9001361b000 RSI: 0000000000004083 RDI: 0000000000004084
[  948.201301][T12760] RBP: 1ffff92000943d9a R08: dffffc0000000000 R09: fffff52000943ce9
[  948.209553][T12760] R10: fffff52000943ce9 R11: 1ffff92000943ce8 R12: dffffc0000000000
[  948.217542][T12760] R13: ffffc90004a1ecd0 R14: ffffffff8d649400 R15: ffffffff8d649400
[  948.225563][T12760] FS:  00007f58f62166c0(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
[  948.234795][T12760] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  948.241430][T12760] CR2: 000000110c3da5d4 CR3: 000000007e32d000 CR4: 00000000003506f0
[  948.249446][T12760] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  948.257429][T12760] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  948.265465][T12760] Kernel panic - not syncing: Fatal exception
[  948.271965][T12760] Kernel Offset: disabled
[  948.276281][T12760] Rebooting in 86400 seconds..