last executing test programs:

10m7.025843275s ago: executing program 4 (id=23):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r0, 0x7, &(0x7f00000000c0)={0x1})
r1 = gettid()
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0)
fcntl$lock(r2, 0x26, &(0x7f00000000c0)={0x0, 0x1, 0x8000000000003, 0x10000})
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000000040)=<r3=>0x0)
timer_settime(r3, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r4 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
ioctl$sock_kcm_SIOCKCMCLONE(0xffffffffffffffff, 0x89e2, &(0x7f0000000140))
r5 = socket$kcm(0x2d, 0x2, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r5, 0x89e2, &(0x7f0000000340)={r5})
socket$inet_tcp(0x2, 0x1, 0x0)
socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)

9m54.226469971s ago: executing program 4 (id=37):
syz_mount_image$hfsplus(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x1000000, &(0x7f0000000140)={[{@nodecompose}, {@umask={'umask', 0x3d, 0x5}}, {@barrier}, {@uid}, {@nobarrier}, {@barrier}, {@nls={'nls', 0x3d, 'maciceland'}}]}, 0x3, 0x632, &(0x7f0000000800)="$eJzs3UtsG2kdAPD/OI4TB9TN7qa7Ba1EtJUWRESbh7IQLpSHUA4rtFoOnKPWbay6aZW4KK0QCi9x4MKh4lwOuXFC6j1SOcMF9ZpjJVAvPaDcjGY8dpy386qd7e8Xjb/v8zfzzX/+9jzsyJoA3lrzE1HciCTmJz5bTdub6zO1zfWZoby7FhFpvRBRbBaRLEUkz5vdN9KHr6VP5vMnB63nSXXuixevN182W8XWwkkprQ0fvNxRmguu5VOMR8RAXu412O2oO8a7eeB4+/nvn/YPshlous1XW4mDXmvssXacxU+83wL9I2meN/cYjRjJztDN64DIjw6FNxvd2TvWUQ4AAAAuqHe2Ymut0Wj0Og4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4SPL7/yf5VGjVxyNp3f+/1DF7qYehnomNXgcAAAAAAAAAACfSGOhsfWMrtmI1LrV7k+x//h9njbHs8SvxMFaiEstxLVZjIepRj+WYiojRjoFKqwv1+vJUF0tO77vk9LluNAAAAAAAAAB82f025rf//w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP0giRhoFtk01qqPRqEYEcMRUUrnW4v4V6t+kW30OgAAAAB4A97Ziq1YjUutdiPJPvN/kH3uH46HsRT1qEY9alGJW9l3Ac1P/YXN9Zna5vrMvXTaO+5f/tfIdBlGNmI0v3vYf81XsjnKcTuq2TPX4mbcj1q5c5QrrXj2j+s3r9Kxf5DrMrJbeZlu+Z/zsj+MZhkZbGdkMo8tzeO7h2fih69OtaapKLS/+Rk7h5yP5GWyq+y93ZmYjkKW79QHh2ci4pvP/vaLxdrS3cXbKxP9s0kn1MxEo9HMxFDWamXiw7cqE5PZtl9ut+fjp/HzmIjx+DyWoxq/jIWoRyXG4ydZbSF/P6ePo7syVdg59I0drc+PiqSUvy7No+jxYvo4W/ZSVONncT9uRSU+zf6mYyq+G7MxG3Mdr/DlLvb6wvH2+qvfyivpIf2Pedkf0ry+25HXzmPuaNbX+cx2lt47+2Nj8et5JV3H7yLix2e4naezOxPpWeLZV5t97x+eib9m1wkrtaW7y4sLD7pc3yd5me5Hf+irs0T6fnkvfbGy1s53R9r3/r59U1nfWLuvsKfvcrvvqD21lF/D7R1pOuv7cN++mazvSkffnuut9vUQAH1s5NsjpfJ/yv8sPy3/vrxY/mz4R0PfG/qoFIP/GPx+cXLgk8JHyd/jafx6+/M/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwciuPHt9dqNUqy0dWkuzm/xFdzdxRad3O6fCZk/xGPscZWaVWqwxHX4RxrErt3xEdzyS9jqcfKkP99ubv7XEJOH/X6/ceXF959Pg71XsLdyp3KkuDs7Nzk3Ozn85cv12tDUT6WJnsdZTAedg+6fc6EgAAAAAAAAAAAKBbh/8MYDCf63Q/J+jxJgIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX3PxEFDciianJa5Npe3N9ppZOrfr2nMWIKERE8quI5HnEjWhOMdoxXHLQep5U57548Xrz5fZYxdb8hcOW685aPsV4RAzk5VmNd/PU4yXtLUwTdrV0uuDgzPw/AAD//4oVCL4=")
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
socket$inet6_udp(0xa, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8b28, 0x0)
lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0, 0x0)
openat$binder_debug(0xffffffffffffff9c, 0x0, 0x0, 0x0)
unlink(&(0x7f0000000000)='./file1\x00')

9m47.827387895s ago: executing program 4 (id=49):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
socket(0x2, 0x80805, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x0, &(0x7f0000000280)}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f0000001e40)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000ac0)="89e4192d92359cb3ee294530ae76ad6dc4ff20cc3ccc9d41018dd482ad1f395d4e38bd22b6fcae05c49fbdfdf66ae2994f191e9222effcb97205d0aaed4b29919f9e3bab7fdb276ca29501903c98de0b0cc8afca563f94fe69b6927ae594d1b53ad9f4a9f9f5c84a518d37939c84a5bd15048115ac421e9c56866ab6f91b0e8181d8999dd86c0177a971a39bf35b38eb0504bf70c02cc307c62d6f06c80b146153ca56a182831696c8cf46d2b065744e6dd4415ceff773e8d3a45aacc4fd8972cbe77878ce48d531066ec9e4790196e4a17b08ea09d4d3febf6721a44390383c7261e9e09f20c23f95e9c04d3c10220f3962d98b2bd98d5c3e50169a4c0c99f29c7a336489c26259957c4bdeae1c8cdf60d817db09336f680bbe954dc05669c9d48cb0a0488ed2385d935a7166b3187189e08d421903d546126289651db812f9c8754c0dc6f24a22ca988a2ac131cc52d724bb086a53a94e515e09fef354e9ca0daacaa347e96b3efd7c5c4063f6eb0cf55f08ff942780e6846d78410057ca2b845e69eeda4066de60a033e2f3c7e47b2f0c0c4c7da98b1d658c620f70dbe6eb8b5dd90216caa82c91db4c0f7ea02df5d5f8d6815d2d7868e6a6053f31a4fbe8732a1310ca7a79814177a981e5ab68dfeba4fe46ed4c51819be1308f73455e311f511ce4360cc7c24836c9b895ee5ce93cc42dd88f02d91b479c1748339024343700cce897087bbaae4fbd8e2ad5da016265ef097043acaf87504dde24216c805b40cf4d6edf2ae6564182acdf06580dde3fb66ab01625ffadc22f1ac7b97b9dec871edd96e86af127be1ef27548917a49476ce87f1719173369caf69d35d25637f0514e3e06069877968eb874a1c1adc92e760670e42b6cccd2fe0a5f9c543a44b382befc422d4486416b6fabe2f11944a3f08cded6fad9e3304a202d1c58841a6ab78b28a4162db2671d9ea74ee6f3b33a282f42abc911e3245531a34f5567cfcaa1cf762677c9f61d3aa2c4d76210edf440bf53e816d008ab2ea29cf42de9b88442d6b2eec4fbf23f7d23eaab316335dfc2dc10f9148df0b83d92c3a94fb0b49365af5ba599a1ea8e6fc7aea8df9208795cbbdf0af04f5f08fc828cb347a6e9daddbe514675b31e5134c7dfbb060dfc632ad82141ddea4e77e6c63c1843ca6fc820558b7355bae86e106c2be9c9b500c5134ab62444a8423d596bfe0e3b2df47dabf5abe271ae947f4878132915332e4fcc5b81ad6f12570de44f0fdd6a96397acebf95421c88ff274365be770edd1bd1f69bc2d2883fa70fa68828bddcb98f90b0b77e28f9c4726e5b0c52fa6f30a8d57321dfd2f2678bbc6511f39019f49d7dde6f19adeac78e4064b8288f5b4ac7d8ca35f7f70dfb376f5f3af98f02e76e57e21a00bac677703c8e2169816f5cf6c4d1bf80", 0x3f5}], 0x1}}], 0x1, 0x40)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
sched_setaffinity(0x0, 0x0, 0x0)
syz_usb_connect(0x2, 0x24, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sendto$inet(r0, &(0x7f0000000580)="17", 0x1d4c, 0x10048095, 0x0, 0x0)

9m42.541730391s ago: executing program 4 (id=57):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
socket(0x2, 0x80805, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe3}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4)
sendmmsg$inet(r0, &(0x7f0000001e40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
syz_usb_connect(0x2, 0x24, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
sendto$inet(r0, &(0x7f0000000580)="17", 0x1d4c, 0x10048095, 0x0, 0x0)

9m41.393398756s ago: executing program 4 (id=58):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0xa3d, 0x0, 0x0, 0x0, 0xff39)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000003c0)={0x4, 0x80100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000002200)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
shutdown(0xffffffffffffffff, 0x1)
r2 = fsopen(0x0, 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB="24000000210001"], 0x24}}, 0x0)
ioctl$BTRFS_IOC_ADD_DEV(0xffffffffffffffff, 0x5000940a, 0x0)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000600)=ANY=[@ANYBLOB="5c0000000206050800000000000000000000000005000400000000000900020073797a30000000001400078008001340000000000800064000000000050005000000000005000100060000000d000300686173683a6d6163"], 0x5c}}, 0x0)

9m40.322139389s ago: executing program 4 (id=65):
r0 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff)
r1 = getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0}, 0x18)
r4 = syz_open_procfs(0x0, &(0x7f0000000040)='ns\x00')
readlinkat(r4, &(0x7f0000000380)='./mnt\x00', &(0x7f0000000180)=""/1, 0x1)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc090}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)=@generic={0x0, 0x0, 0x18}, 0x18)
setsockopt$inet6_tcp_int(r5, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r5, 0x0, 0x0, 0x20000045, 0x0, 0x0)
r6 = syz_open_dev$usbfs(&(0x7f0000000040), 0x400000001fc, 0x2301)
ioctl$USBDEVFS_SUBMITURB(r6, 0x8038550a, &(0x7f0000000280)=@urb_type_control={0x2, {}, 0x0, 0x40, 0x0, 0x0, 0x7, 0x200, 0x0, 0x0, 0x20000, 0x0})
read$FUSE(r0, &(0x7f0000000180)={0x2020}, 0x2024)
symlink(0x0, &(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
bpf$PROG_LOAD(0x5, 0x0, 0x0)

9m24.779503782s ago: executing program 32 (id=65):
r0 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$ipvs(0x0, 0xffffffffffffffff)
r1 = getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0}, 0x18)
r4 = syz_open_procfs(0x0, &(0x7f0000000040)='ns\x00')
readlinkat(r4, &(0x7f0000000380)='./mnt\x00', &(0x7f0000000180)=""/1, 0x1)
r5 = socket$inet6_tcp(0xa, 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0xc090}, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)=@generic={0x0, 0x0, 0x18}, 0x18)
setsockopt$inet6_tcp_int(r5, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r5, 0x0, 0x0, 0x20000045, 0x0, 0x0)
r6 = syz_open_dev$usbfs(&(0x7f0000000040), 0x400000001fc, 0x2301)
ioctl$USBDEVFS_SUBMITURB(r6, 0x8038550a, &(0x7f0000000280)=@urb_type_control={0x2, {}, 0x0, 0x40, 0x0, 0x0, 0x7, 0x200, 0x0, 0x0, 0x20000, 0x0})
read$FUSE(r0, &(0x7f0000000180)={0x2020}, 0x2024)
symlink(0x0, &(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
bpf$PROG_LOAD(0x5, 0x0, 0x0)

6m12.215579165s ago: executing program 1 (id=347):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
openat$sndseq(0xffffff9c, 0x0, 0x8000)
openat$nullb(0xffffffffffffff9c, 0x0, 0x147c40, 0x0)
keyctl$clear(0x5, 0xffffffffffffffff)
getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0)
prlimit64(r1, 0x7, 0x0, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r4, 0x40186f40, &(0x7f0000000440)=0x1f)
syz_clone(0x120e1100, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0x117, 0x5, 0xffff, 0x100}})
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, &(0x7f0000000040)={0x2, 0x1, 0x18, 0x7, 0x73, 0x0})

6m9.133910504s ago: executing program 1 (id=350):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
openat$sndseq(0xffffff9c, 0x0, 0x8000)
openat$nullb(0xffffffffffffff9c, 0x0, 0x147c40, 0x0)
keyctl$clear(0x5, 0xffffffffffffffff)
getpid()
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prlimit64(r1, 0x7, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000180)=0x4)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(0xffffffffffffffff, 0x40186f40, &(0x7f0000000440)=0x1f)
syz_clone(0x120e1100, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$TIOCL_SETSEL(r0, 0x541c, &(0x7f0000001900)={0x2, {0xc, 0x117, 0x5, 0xffff, 0x100}})
ioctl$KDFONTOP_SET_DEF(r0, 0x4b72, &(0x7f0000000040)={0x2, 0x1, 0x18, 0x7, 0x73, 0x0})

6m6.191049419s ago: executing program 1 (id=353):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB, @ANYBLOB, @ANYBLOB], 0x50)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000380)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone(0x1000, 0x0, 0x0, 0x0, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000340)={'batadv_slave_1\x00'})
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, &(0x7f0000000240)=@filter={'filter\x00', 0xe, 0x0, 0xc0, [0x0, 0x200000000180, 0x2000000001b0, 0x2000000001e0], 0x0, 0x0, 0x0}, 0x78)
socket(0x2, 0x3, 0x67)
r3 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r3, 0xc008561c, &(0x7f0000000040)={0xf0f024})
ioctl$vim2m_VIDIOC_S_FMT(r3, 0xc0d05605, &(0x7f0000000540)={0x2, @pix={0x3, 0x401, 0x3132564e, 0x1, 0x3, 0x3, 0xc, 0x7, 0x0, 0x0, 0x0, 0x3}})

6m3.836611631s ago: executing program 1 (id=357):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
setsockopt$MRT6_TABLE(0xffffffffffffffff, 0x29, 0xcf, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mount$fuse(0x0, 0x0, 0x0, 0x2018081, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0)
mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file1/file4/file5\x00', 0x81c0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file1/file4/file7\x00', 0x1c0)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0x200000, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(0xffffffffffffffff, 0x1, &(0x7f0000000340)={0x2000, r3}, 0x0)
landlock_restrict_self(0xffffffffffffffff, 0x0)
landlock_restrict_self(0xffffffffffffffff, 0x0)
linkat(0xffffffffffffff9c, &(0x7f0000000500)='./file1/file4/file5\x00', 0xffffffffffffff9c, &(0x7f0000000540)='./file1/file4/file7/file5\x00', 0x0)
writev(0xffffffffffffffff, 0x0, 0x0)

6m2.197498409s ago: executing program 1 (id=361):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_int(r0, 0x0, 0xd, &(0x7f0000000040)=0x6aba, 0x4)
r1 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x121a02, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={0x0}, 0x18)
syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000b80)=ANY=[@ANYBLOB="12010000000000406d041fc7000000000001090224000100000000090400000103000000092100001634543300090581030000060000"], 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
mprotect(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
mbind(&(0x7f00005b4000/0x4000)=nil, 0x100000000004000, 0x0, 0x0, 0x0, 0x2)
kexec_load(0xff0e, 0x1, &(0x7f0000000900)=[{0x0, 0x0, 0x7ffe0000, 0x3e0000}], 0x0)
preadv(r1, &(0x7f0000000300)=[{&(0x7f00000003c0)=""/219, 0xdb}, {&(0x7f0000000680)=""/213, 0xd5}, {&(0x7f0000000dc0)=""/210, 0xd2}, {&(0x7f0000000780)=""/151, 0x97}, {&(0x7f0000000180)=""/5, 0x5}, {&(0x7f0000000940)=""/203, 0xcb}, {&(0x7f0000000bc0)=""/210, 0xd2}, {&(0x7f0000000cc0)=""/204, 0xcc}], 0x8, 0x1, 0x7ffffff0)
dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0)

5m51.29523654s ago: executing program 1 (id=374):
openat2(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180)={0x2, 0x14, 0x4}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a}, 0x94)
sendmsg$unix(0xffffffffffffffff, &(0x7f0000001340)={0x0, 0x0, 0x0}, 0x4000000)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000001100)={0x6, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bd2)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x16, 0x4, 0x9, 0x8, 0x20500, r1, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2, 0x5}, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
bind$inet(r0, &(0x7f0000000240)={0x2, 0x0, @local}, 0x6f)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x300)
openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi1\x00', 0x2180, 0x0)

5m36.039122966s ago: executing program 33 (id=374):
openat2(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', &(0x7f0000000180)={0x2, 0x14, 0x4}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2a}, 0x94)
sendmsg$unix(0xffffffffffffffff, &(0x7f0000001340)={0x0, 0x0, 0x0}, 0x4000000)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4)
bpf$PROG_LOAD(0x5, &(0x7f0000001100)={0x6, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$MAP_CREATE(0x0, 0x0, 0x48)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
syz_emit_ethernet(0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bd2)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x16, 0x4, 0x9, 0x8, 0x20500, r1, 0x8, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x2, 0x5}, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
bind$inet(r0, &(0x7f0000000240)={0x2, 0x0, @local}, 0x6f)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x300)
openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi1\x00', 0x2180, 0x0)

54.549942849s ago: executing program 0 (id=1030):
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000580)={@map, 0xffffffffffffffff, 0x3a}, 0x20)

54.198707034s ago: executing program 0 (id=1033):
syz_mount_image$nilfs2(&(0x7f0000000180), &(0x7f0000000040)='./file2\x00', 0x804008, &(0x7f0000001340)=ANY=[], 0x1, 0xac5, &(0x7f00000001c0)="$eJzs3V2MXFUBAOBzZ3e2f1s7xVa2tEARDfjDLltaBSu0hCZqTGoTH0zAl6aU2nSpxhIihIRCojExBBJCn3woxhdfIGoM8GIqD4aYQIzRkPiExNcaSXwgRhizs+fMzp7O9M5sd3dmdr4vOXvm3nPvPefO3rlz597zE4CRVWn83b9/YwjhpTdePHLjy289Pz/nUHOJWuPveMtUNYRQxOnxbHvvjS3EH33w1Il2cRH2Nf6m6XD0cnPdLSGE82FvuBRq4bmHLoy/+9rRd14JZx4/duTt11dn7xcVq50BAAAMgGOXDu7f+Y8/797+31dvOhw2NOen6/NanJ6M1/2H44Vyul6uhKXTRUtoNZEtNx5DJVturM1yrflUs+XGO+Q/kW232mG5DSX5j7XMa7ffMMzScVwLRWV6yXSlMj298Js8NH7XTxTTZ0/PPXKuTwUFVtx/bg4h7BVGM+y+pf9lEPoZ6tv6fQYCWJA/L7zC+ZV9Utfc2nh3+V++v9J+/RbVFS0ho+BnP971rdCH4z8n/8HO/5fPqKnAylmHR9Nft7bsV/ocTcbp/DlCXn+p189/2l7+PKLba4BOzxGG5flCp3KOrXE5lqtT+fPjYr26N8bpfbgvS4+fg8bjtPx/Oiz/Y6C9D4fl/n8YgDIIwlXCrqL/Zeg11Pt8/gEGV15vrh6l9LxeX56+oSR9Y0n6ppL0zSXpoct0GEW/fez58EKxeL8r/03f6/2wyWwTn+ixPPn9yF7zz+v9dq+6Ivnn9YlhoG3544W7H37wLwv1/4vm8f9xPN73xula/Gxdiguk+4X5ffVm3f/a0mwqHZa7LivO1jbLN17vWLpcsWNxO6HlPHNFOabSGgt3dLd1Wm7P0u3XsuU2xbAxK29+fbI5Wy/Vn04nxcklpVnc32rLfvx76+J5LJUjnVe2xzgvByxHOh6X1v+fP/oa9f+bj7GmQrV45PTcyTvjdPq8vTVW3TA/f3atCw5cs27b/0yFpe1/Jpvzq5XW88K2xflF63mhls3f12H+XXE6fc99b2xTY/70ie/PPbyk5PGH/NMr8z7AKDr3xJNnjs/Nnfzhar6Yz2iVs1iHL8L5EAagGMt9kY6wQSmPF928SP+143P9OiMBa2XmsUd/MHPuiSfvOP3o8VMnT508O3tg9u57DszOfumemcZ1/Uzr1f16rC4Mo2vx27/fJQEAAAAAAAAAAAC6der9mYt/e/PLf19o/7/Y/i+1/081f1P7/59m7f+zZv7NCsKpHWBqx3dFe/usg9WJbLlqDJ/Mtr8jy2dntt6nYtwcxy+2/0/Z5f26pvJcn83P++9Ny01l8/P+UiayPkiK8JPNreX7dIyf/d9CF0S/CNBHxab2s2Nc1r91OtZT/xT6pRhO6f+WjobUj8mWeCik9t6pv5LU/0M6/29fm2KywtaiXWG/9xFo71/D0v/3ckK6iOl3OQRhQEO9bhQPYDD0e/zPdN8zxWd//42N8yEtdvn+pefLvP9SuBaDPv7kesv/mT7nn+ti/M8VHV64Of5d1+e/bMS8/AFQlw4++81/tmQbbug2/3z809QP9I7e8v9qzD/tzW2hu/zrL2f55w+EunRvlv/mLvO/Yv/3LC//+2L+6W27/dZu818ocVFZWo78vnF6/pfuG38ny/9Qtv+pb8+e93+ZAzUejvnDKBuWcWZ7NSzj/3aS18M4EKfTiTDVc8jHO+m1/Kl+Rfoe2Jltvyj5frvq+L9D8DC4TfnrT9frPx+VcVy+EuOyz8Nk/J+m47HWZrrSMl1t896u13MNDKv31uHzv8Y5bADKIaxA2DQAZbj2sPC12jovfRlebb0/rH7Z6vV6X/v01aFwf/X7/e/30+d+59/v979MPv5vfg2fj/+bp+fj/347S8/H/83Xz8fXy9Pz8X/z93NL+/TmL9Prs+3m4wNPlaTvKkm/oSR9d0n6npL0G0vSbylJv6kk/eaS9OtK0m8NXw+t8vTPlKz/2c7pH7Yu2mn920u2/7mS9PUutUcZ1f2HUZa3z/P5h9GRnv90+vzvKEkHhteFV2cfePA3360ttP+faN4PSc/xDsfpavzt/KM4nT/3Di3T82lvxun3s/RBv98BoyTvPyP/fr+tJB0YXqmel883jKCifSXN/Hlbs9+qGKd+qzpd5zNcPh/jL8T4izG+I8bTMZ6J8WyM961R+VgdD/z6dwdfKBZ/72/L0rutT563B8r7ibqry/Lk9wd6rc+e9+PXq2vNf5nNwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPqm0vi7f/9UEcJLb7x45OKfvvar+TmHmkvUGn/HW6aqzfVCuDPGYzG+GF989MFTJ1rjj2NchH2hCEVzfjh6uZnTlhDC+bA3XAq18NxDF8bffe3oO6+EM48fO/L266v3DiwoVjsDAAAA6KP/BwAA//8LwBbF")
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8)

53.341239953s ago: executing program 0 (id=1040):
sendmmsg(0xffffffffffffffff, &(0x7f0000000b80)=[{{0x0, 0x0, &(0x7f0000000100)=[{0x0}, {0x0}, {0x0}, {0x0}], 0x4}}], 0x1, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[@ANYBLOB="3c00000010001fff001201000006000043be4354", @ANYRES32=0x0, @ANYBLOB="ff7f000000000000140012800a00010076786c616e00000004000280080004"], 0x3c}, 0x1, 0x8000a0ffffffff}, 0x0)
r0 = socket(0x10, 0x80002, 0x0)
sendmmsg$alg(r0, &(0x7f00000000c0), 0x492492492492627, 0x0)

52.829660718s ago: executing program 0 (id=1044):
mkdirat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x0)
mount$bind(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000600)='./cgroup\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101090, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262)

52.355716042s ago: executing program 0 (id=1047):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r0, 0x40605346, 0x0)

51.20754021s ago: executing program 0 (id=1053):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x8)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x8, &(0x7f0000005880)={[{@nolazytime}, {@nocheckpoint_merge}, {@alloc_mode_def}, {@memory_low}, {@user_xattr}, {@fault_injection={'fault_injection', 0x3d, 0xd}}, {@discard}, {@noacl}, {@fsync_mode_posix}, {@alloc_mode_def}, {@quota}, {@two_active_logs}, {@fault_type={'fault_type', 0x3d, 0xffffff}}]}, 0x0, 0x5505, &(0x7f0000000340)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")

49.725017948s ago: executing program 34 (id=1053):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x8)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x8, &(0x7f0000005880)={[{@nolazytime}, {@nocheckpoint_merge}, {@alloc_mode_def}, {@memory_low}, {@user_xattr}, {@fault_injection={'fault_injection', 0x3d, 0xd}}, {@discard}, {@noacl}, {@fsync_mode_posix}, {@alloc_mode_def}, {@quota}, {@two_active_logs}, {@fault_type={'fault_type', 0x3d, 0xffffff}}]}, 0x0, 0x5505, &(0x7f0000000340)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")

8.250606087s ago: executing program 8 (id=1249):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000040), 0x8002)
syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="040e0401220c"], 0x7)
openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)

8.24974705s ago: executing program 7 (id=1250):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1, 0x31, 0xffffffffffffffff, 0x8871b000)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000480), 0x7f03)

7.807455777s ago: executing program 8 (id=1253):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)

7.677745658s ago: executing program 7 (id=1254):
msgget(0x1, 0x2b0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703000000040000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000440)='kfree\x00', r1, 0x0, 0x5}, 0x18)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x20030004)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
r2 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_NEWLINK(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB="38000000031401002abd7000fedbdf250900020073017a31000000000800410072786500140033006c6f"], 0x38}, 0x1, 0x0, 0x0, 0x44}, 0x810)

6.3818185s ago: executing program 2 (id=1261):
mkdir(0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='huge=always,mpol=interleave'])
chdir(&(0x7f0000000240)='./file0\x00')
open(&(0x7f0000000040)='./bus\x00', 0x80242, 0x0)

6.143042713s ago: executing program 7 (id=1263):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000000))
ioctl$SNDCTL_DSP_SPEED(r0, 0xc0045002, &(0x7f00000001c0))
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000040)=0xc)
ioctl$SNDCTL_DSP_SETFMT(r0, 0xc0045005, &(0x7f0000000640)=0x10)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
close(0x3)

5.990119721s ago: executing program 2 (id=1264):
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0], 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00'}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0xc00}, 0x0)
syz_io_uring_setup(0x6001f8c, &(0x7f0000000580)={0x0, 0xdd00, 0x0, 0x2}, &(0x7f0000000400), &(0x7f0000000280))
r1 = syz_io_uring_setup(0x24fe, &(0x7f0000000300)={0x0, 0xf36e, 0x10100}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000140)=<r3=>0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r1, 0x0, &(0x7f00000001c0)=[{&(0x7f00000004c0)=""/120, 0x78}], 0x1)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='='], 0x38}}, 0x80)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000540)='blkio.bfq.io_service_bytes\x00', 0x275a, 0x0)
write$UHID_CREATE2(r4, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x100000d, 0x12, r4, 0x0)
syz_io_uring_submit(r2, r3, &(0x7f0000000000)=@IORING_OP_FALLOCATE={0x11, 0x10, 0x0, @fd_index=0x8, 0xfff, 0x0, 0x6, 0x0, 0x1})
io_uring_enter(r1, 0x6686, 0x2936, 0x28, 0x0, 0x0)

5.75396478s ago: executing program 3 (id=1265):
r0 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f0000000380)={0x1d, r1, 0x3, {0x0, 0x0, 0x6}, 0xff}, 0x18)
r2 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000040))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_setup(0x10a, &(0x7f0000000680)={0x0, 0x80334c, 0x10, 0x3, 0x3d3}, &(0x7f0000000200), &(0x7f0000000300))
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x1, 0x7})
write$UHID_CREATE2(r4, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r4, 0x0)
io_uring_enter(r2, 0x627, 0xc1040000, 0x43, 0x0, 0x0)
sendmsg$SOCK_DESTROY(r0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x20845)

5.685752113s ago: executing program 7 (id=1266):
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000840)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc0ed000e, &(0x7f0000000200)={[{@jqfmt_vfsold}, {@orlov}, {@debug}, {@noload}, {@nombcache}, {@noblock_validity}, {@init_itable_val={'init_itable', 0x3d, 0x601}}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x8000}}]}, 0xfa, 0x47c, &(0x7f0000000a80)="$eJzs3M1vFOUfAPDvTLulwI9fK+ILCFJFI/GlpeVFDl40mnDQxEQPGE+1LaRSqKE1EUK0esCjIfFu/C+MJ70Y9aKJV70bEmK4gHpZMzsztLS77ZZud4H9fJLZfZ6Z2X2e78w8O8/Ms7sBdK2h7CGJ+F9E/B4RA3n29hWG8qeb1y9N/H390kQS1epbfyW19W5cvzRRrlq+bnueqVaL/JY65V5+N2J8ZmbqfJEfmT/7wcjchYsvTJ8dPz11eurc2PHjRw7v6zs2drQlcWZx3djz8eze3SfeufLGxMkr7/2UpJHHHcviaJWhfOvW9XSrC+uwHUvSSW/22F/k9v+yuKTekUAn9UREtrsqtfY/ED2x9daygXjts45WDthU1Wq1usqn8kIVuI8l0ekaAJ1Rnuiz699yalPX465w7eX8AiiL+2Yx5Ut6I80T+yvLrm9baSgiTi7881U2xSbdhwAAWOq7rP/zfL3+XxoP54m+7OH/xRjKYEQ8EBE7I+LBiNgVEQ9F1NZ9JCIeXWf5y0dIVvZ/0qt3HFwTsv7fS8XY1u39v7RcZbCnyO2oxV9JTk3PTB0qtsnBqGw5NZ1Mja5Sxvev/vZFo2VL+3/ZlJVf9gWLelztXXaDbnJ8fnwjMS917dOIPb314k9q4wJRjOvtjog9d1jG9LO9DZetHf8qGr9t06pfRzyT7/+FWBZ/KWk4Pjn64rGxoyP9MTN1aKQ8Klb6+dfLbzYqf0Pxt0C2/7fVPf5vxT+Y9EfMXbh4pjZeO7f+Mi7/8XnDa5p1Hv8ndhTHf1/ydm1GX7Hgo/H5+fOjEX3J6yvnjy2+W5kv18/iP3igfvvfGYtb4rGI2BsR+yLi8eyisKj7ExHxZEQcWCX+H1956v31x9+esdIs/sm19n8s3f/rT/Sc+eHbtePvj4hG+/9ILXWwmNPM51+zFdzItgMAAIB7Rf4d+CQdXkwnw8P5d/h3xbZ0ZnZu/rlTsx+em8y/Kz8YlbS80zWw5H7oaHFvuMyPLcsfLu4bf9mztZYfnpidmex08NDltq9o/2matf/Mnz2drh2w6Vowjgbco7R/6F7aP3SnZM32X2lbXYD2c/6H7lWv/X/ScO3hbza1MkBbOf9D92qi/S/kT417BcC9yfkfupf2D12p4W/j0w395L/tiX+L/zO8W+pz/ycivSuqcf8nepv+M4tGicrKtlwdyNt/NmdL3Vd1+pMJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgNf4LAAD///R05PQ=")
socket$unix(0x1, 0x2, 0x0)
r0 = socket$unix(0x1, 0x2, 0x0)
connect$unix(r0, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
sendmmsg(r0, 0x0, 0x0, 0x0)
ppoll(0x0, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1000040, &(0x7f0000000540)={[{@barrier}, {@nodioread_nolock}, {@noquota}, {@barrier}, {@auto_da_alloc}, {@nodioread_nolock}], [{@audit}, {@appraise}, {@smackfsdef={'smackfsdef', 0x3d, '*'}}, {@func={'func', 0x3d, 'MODULE_CHECK'}}, {@fowner_lt}, {@subj_role={'subj_role', 0x3d, '\'#-$@-%)#*/#-&'}}, {@func={'func', 0x3d, 'BPRM_CHECK'}}]}, 0x1, 0x599, &(0x7f0000001280)="$eJzs3T9sG2UbAPDnznHTP/m+9JO+T/pAHSpAKlJVJ+kfKEztiqhUqQMSC0SOG1Vx4ipOoIkike4VogMC1KVsMDCCGBgQCyMrC4gZqaIRSE0HMHJ8TtPULk6I4xL/ftLZ73t39vO+d35e+053cgB962j9IY14KiIuJhHDG5YNRLbwaGO91ZWl4v2VpWIStdqlX5JIIuLeylKxuX6SPR+KiOWI+H9EfJOPOJ6uv+W+ZqG6sDg1Xi6XZrP6yNz01ZHqwuKJK9Pjk6XJ0sypF186c/b0mbGTYxube7+2sZbfWl9v/Hjz3RvfvXL75qefHVkuvj+exLkYypZt7MdOamyTfJzbNP90N4L1UNLrBrAtuSzP66n0vxiOXJb1rdQ2Dg6Du9I8oItqgxE1oE8l8h/6VPN3QP34tznt5u+PO+cbByD1uKsrS8V3ohl/oHFuIvavHZsc/DV56Mikfrx5eDcbyp60fD0iRgcGHv38J9nnb/tGd6KBdNXX5xs76tH9n66PP9Fi/Blqnjv9m5rj32o2/q22iJ9rM/5d7DDG76//9FHb+NcH4+mW8ZP1+EmL+GlEvNlh/FuvfXm23bLaxxHHonX8puTx54dHLl8pl0Ybjy1jfHXsyMvt+x9xsE38xjnb/WtfMxv7vy9rU9ph/7/49vNnlh8T//lnH7//W23/AxHxXofx/3Pvk1fbLbtzPblb/xWw1f2fRD5udxj/hXNHf8iKzhoCAAAAAAAAAMAOSteuZUvSwno5TQuFxj28/42DablSnTt+uTI/M9G45u1w5NPmlVbDjXpSr49l1+M26yc31U/lsoC5A2v1QrFSnuhx3wEAAAAAAAAAAAAAAAAAAOBJcWjT/f+/5dbu/9/8d9XAXtX+L7+BvU7+Q/96OP+TnrUD2H2+/6Fv1eQ/9C/5D/1L/kP/kv/Qv+Q/9C/5D/1L/gMAAAAAAAAAAAAAAAAAAAAAAAAAQFdcvHChPtXurywV6/WJgYX5qcpbJyZK1anC9HyxUKzMXi1MViqT5VKhWJn+q/dLKpWrozEzf21krlSdG6kuLL4xXZmfaf6naCnf9R4BAAAAAAAAAAAAAAAAAADAP8/Q2pSkhYh8o56mhULEvyLicBLJ5Svl0mhE/Dsivs/lB+v1sV43GgAAAAAAAAAAAAAAAAAAAPaY6sLi1Hi5XJrtXmEgC9XFEJ0XBrayckQs72wz6u+45Vflsw3Y4023Nwq5J+Nz+OQXejgoAQAAAAAAAAAAAAAAAABAn3pw02+nr/ijuw0CAAAAAAAAAAAAAAAAAACAvpT+nEREfTo2/NzQ5qX7ktXc2nNEvH3r0gfXxufmZsfq8++uz5/7MJt/shftBzrVzNM0Iup5DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADxQXVicGi+XS7PbLAx2sE6v+wgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwHX8GAAD//xLkz18=")
syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="043ef502"], 0xf8)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'lo\x00'})
sendmsg$nl_route_sched(r1, 0x0, 0x4000080)

5.604650693s ago: executing program 2 (id=1267):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000380)={0x24, &(0x7f0000000680)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

5.209229183s ago: executing program 3 (id=1268):
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x2)
fstatfs(r0, 0x0)

5.070898916s ago: executing program 8 (id=1269):
creat(&(0x7f00000000c0)='./file0\x00', 0x9)
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000002c0), 0x40, 0x0)
ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r0, 0xc018937e, 0x0)

5.001215003s ago: executing program 6 (id=1270):
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
r1 = syz_open_dev$dri(&(0x7f0000000180), 0x0, 0x0)
r2 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f0000000d40)={0x0, 0x0, r3, <r4=>0x0})
ioctl$DRM_IOCTL_MODE_GETFB2(r2, 0xc06864ce, &(0x7f00000003c0)={r4, 0x0, 0x0, 0x0, 0x1, [<r5=>0x0], [0x0, 0x7, 0x2], [0x0, 0x80000002, 0x2], [0x0, 0x0, 0x1, 0x1]})
ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r1, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0x2, 0x806})
ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r1, 0xc00c642d, &(0x7f0000000080)={r5, 0x0, <r6=>0xffffffffffffffff})
ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r2, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r6})
close_range(r0, 0xffffffffffffffff, 0x0)

4.653593927s ago: executing program 3 (id=1271):
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000080)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x7ff}, 0xe)
sendmmsg(r0, &(0x7f000000ca40)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000001c0)="cfe6dde0c37efdfb43dd9b530735ea4ad3bf3cff834a5e80ea0801a83a3b9dbe6b7bf3c289f5c083a73c6d1fdf2caec8388cccbcfc4812ae7551c08ea285e17540f689e76943f73f953a06687907c2ba79bdbd173620488d934fda9320b9648c28fb6778f639de9f616686ce23c5198318278fe5a1359eed49e18c1584518d4961e28cc2072405eaa420c542e86e331ac6b1f3e43d229d4f4214da2aa4bcf22a0ac0c7c969db31d2640087993465553a45a54874453824236583ea7268f541f4d4e8492fc496c06f36be75107974dfa38a5f9924a8c015a98fa5085a939a8ae43dbc8b28e94b37f8a4883263161431771726ad60a87b6ffbf0918885e0", 0xfd}, {&(0x7f00000002c0)="0f68da5a969f8065e077d641a4d4c420863c8d5411b307e80c362c2a68c3cde331099ed6ee5b6fff63348a99366160fd681719cebc39d64d79891173a4de56bfe45f5d9ae359d3442b577da2701a78de9ada0ec6beec3ad73156b4a1871b6a760f952a2ade1d84f898227ecb6a317553390de3068b6060865184ba9ff9684bf5b527929482dee1f75506fb6966bc2536c68df99d385523ee0c1d6b03f4baf35ead8ea429e820f2dfbcab27fb62840c28438b0004e5214e4388a28be416f31a2c954d0f59ac5a13259880523a499ead753ff73d024d0ca8b36b80d16f106f961a78228e8fd83510cb571e3f8f189646289bc3846918c066142131433a589be2d5b10a24a6789f95a8dbb8977366af96ae9ac7f2b995a7d0ce0690b69816082103d8f663b76f2a08be5e710cf1039ba7988f5b42647f237c506c100086d235eead18e977e3371ba1cd12e1ed774039bb233d4693825237f86650d7f1b20dcb803cdc87a7a8af95e38238ddb96168a04b13b135da186c684a5f4d3126222b48015b3019d1620446a43d21a58bf089443b0a32b5abddf203c9eaf9fd4037062527a1298817ee5dbcfd605c2bfd98b2bcf2802b607fe1f4f09d1c2172a983b75fcc1fd7b8ddc09287a730b9c99814cb7f3755dc83477de169dc9fc20790c7745c083f850238fabf3cf12a033866f7aa7539ba92c7b03c30a2a9825aebc79a737500012f9e90b970716a5d72e0dfce8f37980dcc529476a42268c7522801fd5ff8d6d716814a267f9beee53892be8a682eaf3d8e00ab87c61ab01850da4d0e7698c07854f3409e78ca71c8853ab53cadf47cc8fd9a734e60e4959d31efcc3554ea33cb8c18a12922d29cd8de26189686d1ec06786adbb85cb67eefb96507222535847c1c500cc974dc67ad94d8ca5d848b4569734ae78e9bda931ec633192fcfe0041f698f508e36c647f442779fb1517f03c17b384ed5db98932fb610cc84b31c0215558a5dfe78e9363fa03e13b52db2052cbbbf6920f20df9b47468927c1675ec7d6e18ca5cc36031a5bd70f7839a92cecc7f9f7150e22bfe486e3c", 0x2fa}, {&(0x7f0000002300)='\x00', 0x1}], 0x3}}], 0x1, 0x40)

4.604639298s ago: executing program 8 (id=1272):
r0 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f0000000380)={0x1d, r1, 0x1, {0x0, 0x0, 0x3}, 0xff}, 0x18)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000240)={0xa0000010})
sendmsg$SOCK_DESTROY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001300)={0x14, 0x15, 0x200, 0x70bd28, 0x25dfdbfe, {0x2, 0x8}}, 0x14}, 0x1, 0x0, 0x0, 0x80}, 0x20845)

4.353773783s ago: executing program 7 (id=1273):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
close(0x3)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r1, &(0x7f0000000300)={{0x6, @rose, 0x1}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]}, 0x48)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
bind$netrom(r2, &(0x7f00000004c0)={{0x6, @rose, 0x1}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x48)
listen(r2, 0x80)
write$cgroup_devices(r0, &(0x7f0000000040)=ANY=[], 0xffdd)

4.318893504s ago: executing program 3 (id=1274):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
io_uring_register$IORING_REGISTER_FILES_UPDATE(0xffffffffffffffff, 0x6, 0x0, 0x0)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f00000002c0)="9e", 0x1, 0x41, &(0x7f0000000200)={0xa, 0x4e23, 0x10001, @loopback, 0xe}, 0x1c)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000002600)=ANY=[], 0x10)
writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000340)=',', 0x34000}], 0x1)

4.27554859s ago: executing program 6 (id=1275):
mkdir(&(0x7f0000000400)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB='huge=always'])
chdir(&(0x7f0000000000)='./file0\x00')
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27fffff, 0x4002011, 0xffffffffffffffff, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x1000, 0x1000f4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300))

3.933922727s ago: executing program 6 (id=1276):
mkdir(0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='huge=always,mpol=interleave'])
chdir(&(0x7f0000000240)='./file0\x00')
open(&(0x7f0000000040)='./bus\x00', 0x80242, 0x0)

3.817654146s ago: executing program 3 (id=1277):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)=ANY=[@ANYBLOB="14200000100001000000000000000000000000fbbbf5213c8e0a28000000002601040000000000000000010000000240000000020900010073797a30000000001108a3"], 0x50}}, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000140)=0x14)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(r1, 0x0, 0xc881)
sendmsg$NFT_BATCH(r0, 0x0, 0x80)
sendmsg$NFT_MSG_GETSET(r0, 0x0, 0x0)
r2 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
semget(0x1, 0x4, 0x440)
syz_open_dev$usbfs(0x0, 0x6, 0x303000)
keyctl$search(0x14, 0x0, &(0x7f0000000280)='keyring\x00', &(0x7f00000002c0)={'syz', 0x1}, 0xfffffffffffffffc)
r3 = openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000500), 0x1, 0x0)
write$binfmt_register(r3, 0x0, 0x0)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0)
r4 = fcntl$dupfd(r2, 0x0, r2)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000ec0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000000900010073797a300000000040000000030a01080000000000000000010000000900030073797a32000000001400048008000240fffffffe08000140000000000900010073797a300000000050000000060a010400000000000000000100000008000b40000000000900010073797a3000000000280004802400018009000100"], 0xd8}, 0x1, 0x0, 0x0, 0x2000c045}, 0x40)
ioctl$VHOST_SET_FEATURES(r4, 0x4008af00, &(0x7f0000001140)=0x10000000)
r6 = fsopen(&(0x7f0000000000)='pipefs\x00', 0x0)
syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000240)=ANY=[@ANYBLOB="1201000000000040f30455070000000000010902"], 0x0)
close_range(r6, 0xffffffffffffffff, 0x0)

3.808836213s ago: executing program 7 (id=1278):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000003c0), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0)
close(r1)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast})
writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)="89e7ee2c7cdad9b4b47380c988ca", 0x140}], 0x1)

3.627266947s ago: executing program 6 (id=1279):
openat$comedi(0xffffffffffffff9c, 0x0, 0x400, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7)
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000000280)='./bus\x00', 0x2000898, &(0x7f0000000180)={[{@barrier}, {@autodefrag}, {@ref_verify}, {@enospc_debug}, {@noflushoncommit}, {@usebackuproot}, {@max_inline={'max_inline', 0x3d, [0x37, 0x37, 0x6b, 0x37]}}, {@thread_pool={'thread_pool', 0x3d, 0x6}}, {@ssd_spread}]}, 0x1, 0x55ae, &(0x7f0000005600)="$eJzs3X9snHUdB/DnruvaFdeWMOuArGwDJFtEOjdNCCR2bNNpYTnphE3I+gNH0DmtY8NVCCtinIERijWMwQoLbn9MEYqucyiJBewqul8IJtNFBbPFNWOkOBExYTG9u+d299zaHhMpwuu1tM/zvc/z/d73njx/3PvW73MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEHwx+N3TL/t3roJ26+ru++8a85e+2D3kuMX3rq1avND20v2dTz31aNVq1qPLF1w0/2JpkfW93d3BkEs2S+W7t9w2fwrr69vuKI0HLDxc6ltZeVQT5nq+mKqMTbnwcF+uT9NQRAURwYoSm/npXfiOQNkdlfkDzisayf1tE4dP69x28qujc8uu3xL/ktnUOloT2C0pK+rgyeupdrk73jkiEw769KL5Vyiqf7RC+4deREAwFtSk0huMm9H029xM+22aD3Sro202yPt8B1Ce3bjVKTGHTvUPCdH66M0z9pUVCgZcp6Revr8Z9qJaP9IOxI13sI8cw9NR5rSoebZEqmP1jwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3k0uuH5m/d49D7/8ldbf/u7h17/16sePrGq8ZaC7/qJ1ix/v2PG9vx2tWtV6ZOmCm+5PND2yvr+7Mwgqk/1iqe6xZ6ri8ZkDddseu6e3puFDC9cUpccNt2OyDg72hzsXVwRBc1blYDhsf3kQJHILyWawIb/wpeTOZ8ICAAAA7yVnJn/HM+1UHCzOaceSaTKW/BdKhcVrJ/W0Th0/r3Hbyq6Nzy67fMupj5cYYrzak46XaVee+IllBeMw/kbHO1EPD12RN87woiNG8/zpx/qnNdfdUHrl7gsWzphdv+XS4CfTD3csX3TfhBfHL9nXXpOX/yuHz//hmZP/AQAA+G/I/9FxhjdS/m+uqZh0cOp3ix67rur44fkP/Lyz7/kn4w8VD3Q//dLYcbf9cnVe/p+c85R5+T+ccZj/48Gp5X8AAAB4N/tf5//avHGGN1L+/8X+zZ//98pvTDk84187Xnj69xdvnVI+/7WyGTe8+cSCVxp2tf0pL//XFJb/x2RPO3xwVzjhZRVBUFP4SQUAAAByhP/vfuKjhTCvpz45iOb1y+4qe3LXG+tvjJ/V8o8zFvfPqv7i7tVf37ApNrChc92O5XNX5OX/2sLyf/E783IBAACAAvxm+y13V395ydYtew7N2XFnYvPYS+a+uuennVf1vXwsUfT8zX15+T9RWP4vGZ2XAwAAAJzEU+MmPnfo0UNfm7177YS9q9rmPD5t3+qFD/xz9t+veOnPxzddWJ6X/xsLy/9l6W165UOq087wrxA6KoKgdHCnJVXoC9o/mSkAAAAAb5Mwpzc1revduX7MrNfOPvzDNSuW/2rvpd++a2P1zQd+XXX7ucf2996Yl/9bhr//f3ing3D9f879//LW/2cVUnf9u8SNAQAAAHg/yl/PH94eP/XNBUN9/36h6/8/euaBko7m8ysnx7dVz3rig31Xra1+fVHHRZ/YfusbH46V//VTefm/rbD8X5S9fTu//w8AAABOwf/b9/8tzhtneCPd/79v3DPnrPnsPT+o/WbZU+e+eXfzd9oPTj9v87QzPlJ0fvecmX/4fl7+by8s/4fb07JfXk94fm6vCIKJgzvpuwluDae7LFLoKs4qpE58pEd92CNd6CrJKiS1RHp8rCIIpgzutEUKp4eF9khhoDxd2BQp7A0L6eshU3g0UugJr7R7y9PTjRZ+FhbSCyy6whUUp2WWRER6HBuqx2DhpD0OZJ4cAADgfSUMz+ksW5zbDKJRtis20gFlIx0QH+mAopEOGBM5IHrgUI8HjbmF8PEfz+1e+so1D9b1Xt1w9KzZe5bc0faBnkW9O7/wo55z/nL1Cws/nZf/NxWW/8NTMTa1GWr9fxCu/09/r2Fm/X9jWKiMFLrCQiJ6x4BE+BypsHtn+ByViXSPgYmZAgAAALynhZ8LFI3yPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sHfvcVJVd4LATzf9oJum6YgBY4ygRkR3aZomGEQcUXRXo4tNJKtjhtAIjXZoAwq4YsyKr3GV6GLUmBjZwY+jJg6r+CDqRIXoiElGJfE5Kz4HnciqS9BR45gs++m+dYqqW112IaC0+/3+0XWqfud569F17r11LgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/P/hsiX3Nrw58H9965ffW/f697409TdTD9m8y19uqHt3yDlPbT5ocN0tbw1asPCNtklnXtsyffk1G1YuDaGlq1xZUrzsoUHl5aP/cMxdt13xcNO0wVPOrcrUm4mHfp1/yjN3Loytvto/hLvLQqhIB0bUJYHKzP26WN8edSF8LmwJZEu01SYl0g2Hh2tCWBa2BLJV3VsTQl1OYMoTD666rDNxVU0I+4YQqtNtvFCdtFGTDgyrSgK16cCciiTw/uZENnBPeRKArVHV3YPxzZB90a9oyc/Q0H1lRV5/lR+3czuZ9PD6xERD8XxvHbaDO5Wj4Lls2aanrduXBttdwdtjtXdbL3i3FWznJZ623C9SmW8om7eEqkP5zLZZ0xd0zI+PlIfGxj7FatpBz/O6TefM2Jp0r3kdxg40bJfX4QO1k+ove3viwStP/uPp+85fO3Vbu/lczibNTe9o1SHzmus1z2M04dP7PNm8LYW3r539aSv4ljTUl64QwvF/+nzZM3Ne2n3jB6+eOPH2Fy6+etrCa6ZMfHbQL8b+47W73D3t8oL5f8NHz//jyznelufljq1+WJ/MzeMjdTGxsT6ZmwMAAECv0Rv2mn519KsvnfrQ3YteXH5cxXfH/eqk3eorzv5+x/G7rhz/xUuvbH98l4L5/9DSjv/HQ/51uaNdHcKErsQFA0LYrevxJPCz2J2TB4SwV1eqJT9wWCqwOoQvdCX2z1aVKtE3lhiaCvy+PhOYkAqsiYGWVODGGFiSClwYAytSgRkxsDoVODwGQnv+OA6oz4yj5EBNDLQmG3FFPAvhnfrYWmpbrctWBQAAsJ1kZoeV+XdzznXY1gxxermipqcM8QzsohmqUzWkZ7DZaVXRGip6qqG8pxqy41700cMvqLmsp5oLTsMoy8/w4ZDvlA+YuPeP7rpxxE3NL0787rtjj//Kn998d/X+//Tf7zln/nUHFMz/mz56/l/dTUfKCo7/hzC562/MXZ6JdGTjrS15GQAAAIBtcNVjS5+84YCj/s99L99355euvaF89dVf/7+vbLxg71HHDS/r+3ffXlEw/59Q2vn/cZ9In5zM4dG4G2L2gBCa8gNJtQcXBpKj3v0yAQAAAOgNssfjs8fC2zO3ySna6fl0Yf6WrcwfD/xP6Db/5Zv++tkvX/vkiQuH7bPhiv925gdlnx/7u12OXTvy8bf2HPYPDX0Lz/9vKe38/9r826QTa2IvrhwQQt+cwCOxl52BLkNj4OVD8wOZ8a+JG2BxrCpzYkK2qsWxRGsMNKUCy4qV+G22xG75gcyTlW38guw42jMlcgIAAADwiYu7A+Jx+Xj+/z2TD/jS/oNeGvPinvcufG3C0hNOrf3hPrfs+vqAjkljDpxwyBHPFMz/W7fu/P+ueXDB6f0d/UIYWRFCn/QPAx6tTRYGjIG6skzi/tqkrj7pqs6rDWF858DSVb2SWf+/Ir3G4BM1SVUxsNveP900rDNxQ00II3MDz3zz+jGdifmpQLbxb9SEMKRztOnGV/ZNGq9MN35N3xD2zAlkqzq5bwidjVWlq3qwOnMdg3RVt1WHMDAnkK3qwOoQFgYAeqn4r3Rm7oPzFp49e3pHR9sZOzAR9+HXhFntHW2NM+Z0zKwu0qeZqT7nLWN0XuGYSr3yzfOZJYqmDrl9eCnp7O8Em3LbyuzHLzhxMHM/fheq7Bpnc2Xe3dHpIQ/fp7CJkPNNqtiQy3fwkGtzK9nyJBbUH/NXhX6h74J5bWc0njV9/vwzRiV/S83enPyNh5mSbTUqva1qu+tbCS+PoqtlpXzcbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/PQx1v+6qTg118/Uljms7DnX3ipxKPolPDQkJid6WmL6k7PwJ0359/7f2WHPaWSft8fd7zBxx0l9d/pu5JzYeMvlX1//l2oL5/9yPnv/HT534yZ9Zn6HY8f+GeJg/eXzLYf7WGFhW6vH/hmJH87MnBgxNBRbFwCKH+QEAAPhsiLsj497MuFf6urp/uvvImTMOef+XJ0y5+m/Hjjv1rPX7Nlx89bFL/sP6d5asOuLtgvn/otJ+/7+d1v/PLl3/tWLL/O8fSzQVW/8/vcx/dv3/RcXW/08v859d/3/Zp7D+/4JsILVJ3rH+PwAA8Fnwya3/3+Py/ukLBBRk6HF5//QFAgoy9LiMf6kXCNjq9f/ndPxF7aDL54w7dMTcHz+yau8lA2/70vMTf73P0oNG3LvylvdG3Vow/19S2vzfwv0AAACw83jol32/ffG7w+5/6pH3jyy79Lcbbzr+r9oOOOQPA5tPmXx0zfdv+reC+f+y0ub/n/z6f6HY+f9DiwVaii0MaP0/AAAAeqli6//dPPDloavnj7jxsZ+/ectLrb+YOf61f7fkB1+ZPqzp5jXrftMwY33B/H9FafP/eNpFeV7u2JsP65M17UJ6TbuN9dmfDAAAAEDvUB4aGytLzJu3MuphH7/NdZmlQD8qnevp+watWlD+0FVl1Rt/cMm0QxrPPfbMOUdetP77tU/+pHZqY/UZBfP/1aXN//N+l/FA7aT6y96eePCHK0/+4+n7zl87dcvxfwAAAGDHKXW/BAAAAAAAAAAAAAAA8Ol7qnXpQR+MOvqNmXuN+tM3jn3hB4u/+M1H/ubaP5/588Pv26t987ApBb//D5O7yhX7/X+87l/8fcGuebljqz2v/5e5P+WYWxd2LVn4aH0I++QGZp8/+3Mhc23+/XIDq6buP7gzcX66xH0vHv5aZ2JaOnDUiF3e60yMTwVa4yKJX0gH4lUV3+ufCsTlFZ9MB+L2WJEOVGUCl/RPxlGW3lYb6pJtVZbeVs/VhTAgJ5DdVnfXJW2UpQd4VSqQHeDp6UAc4KRMoDzdq1v7Jb2KgbpY9G/6Jb0CAGCnFb8FVoZZ7R1tTfErfLzdvSL/Nspbsuy8wmrLSmz++czSZFOH3D68lHSf9HfRLdcarwzVnUMYVfB1NTdLWdcot08tPWy6XYsMuafV3sqLlEvb2k1XVXxENcmIGmfM6ZhZ2ePAR/ecpbmixyyjCiY7uVnKuzZpCbWU0JcSRlTitimhy/F+eWhs7JPKNS4GG0Kenl4Rpf5eP3edv2Kvgtw8f1tz7aV9Bvd5/9/GX/TQgwMqO06d3HbR7o/988BRM3/8wwdbr/l9wfy/obT5f3XuuN7LXAxgUbyy3sEDQmgtcUQAAADw2fc/z11+x4lz1myYtbri2d/9bnb5cSdWbj7nrnPOvui5+xcfdcm/v3lb4yvKntp04hubzvrrN37ylesePuulw2ecddekdYesb6u+8bt/sfzUIQXz/6Glzf/jHqzMoeBkb8fqeP3/CwaE0HVp/YYk8LM43JMHhLBXV6ollkguqP+1WKIpCfws7jDZP5Zobcmvqm8MrEgFfl+fCaxOBdbEQGYvxU9DZlfOFfUhjOlKTc4vMTeWaEgFjouBoalAYww0pQL9Y2BCKvBm/0ygJRX4xxgI7fnb6s7+mW0FAACwNTLzrMr8uyE9z1tR0VOGsp4y1PaUobynDNU9ZSg2inj/jpihMnXySllOpsp0rTWpWgoyxIvhb3W/CjKE3+bnTBcsaDqef5A936AsP8O4H97RetDX5v1408U/evzIAy88csmVb196dL/BVz77v9vP7dd/U23B/L+ptPl/bf5t0vqaOP/fcv2/JPBI7N6V8dTxoTHw8qH5gcyOgTVxsrs4W1VLpkRm0r44lpgQA0NTgbkxMCEVaJ2cCSwbnB/IzLSzjV+Qbbw9UyInAAAAAJ+4uIMg7qaJ8/+V48I7exz5fvPuVw6cO+7xR847YnrNrtU1/zx+7dLxl1Y/tF/fgvn/hNLm/7G9frmNXRh782r/EO4u29KbbGBEXRKI+zHq4s/j96gL4XM5OziyJdpqkxJVqYbDwzXJL9Sr0lXdW5OsMRDvT3niwVWXdSauqglh35y9L9k2XqhO2qhJB4ZVJYHadGBORRKIe36ygXvKkwBss+xewfiCypzqktXQfbkir7/PyjVB08Mr2AfaTb7ufnO1o1SnH8jsU83auqetoDp2iIK3x2rvtt74bmvwbsv9IpX5hrJ5S6g6lM9smzV9Qcf8+EjuL1kL7KDnOfdXqqWkt8PrcNHH723PqtMdaEp9fDR1X67712FZrO6B2kn1l7098eCVJ//x9H3nr51acjeKiD8UPvjWuQc8l7N5d7TqkHnN9brPkxafJ73x38BQT1sIYfkFs5584l/ef75iffN/OXDs8tvefGz5Tw56YNaIL2y45Msb33r3qIL5f0tp8/+K1G2XD+LGnDcghOE5G/fRuPknDkg+B3MCyafkwMJAcsh9fX3RT04AAADY3rK7O7L7C9ozt8kJ4el5cmH+lq3MH/dXTOg2f6n9HjjmH7536FWvf+Pr63e//NGlT637T2++csS0Qx/Y9PSKla83H/v5pwvm/60fPf/vm+qm4/+O/7ODOP7frZ19V3Tf9AOLtmlXdEF17BCO/3drZ3+3Of7fLcf/Hf/vjuP/PXD8v1s7+9NW8C1pri9dIYTWATfc/ova6cP7XXHOt2as/fnT7zSNe6Hu3KPv/B+HLw7XnLfqzwXz/7mlzf+t/9f9on3Z9f9ai63/N7fY+n+LrP8HAADsUEUWmkvP8wpW7yvIkF69ryBDjwsE9rjEoPX/tnr9v9qTzj7plfq39rpm4u3/+c7pFz5/0onP7tvn+RNuP+GmkVcPf+nLGwrm/4tKm//Hl0O/3NZ7y/p/QycXqWpJDMy1MCAAAAA7o2I7CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPh0rXhw8Rc3L97noJue/fxNh//rsjWz9v7VAZtHjzm5cfjigWVX/t2/vDVowcI32iadeW3L9OXXbFi5NIT2rnJlSfGyhwaVl4/+wzF33XbFw03TBk85tzpTb2Xm9ot5uWOrH9aHsCznkbqY2FjfeWdLYMoxty6s6Ew8Wh/CPrmB2efP/lxn4sb6EPbLDayauv/gzsT56RL3vXj4a52JaenAUSN2ea8zMT4TKEt397r+SXfL0t29rH8IA3IC2e5+u39+Vdk2/mMmUJ5u4+a6pI0YqItFf1SXtBEDHbFEe98QRlaE0Cdd1a+rk6r6pKv6++qkqj7pqv5rdQjjQwgV6aperEqqqkiPfG1VUlUM7Lb3TzcN60wsqwphZG7gmW9eP6YzcXoqkG3861UhDOl8yaQbv6Myabwy3fhVlSHsGUKoSpf414qkRFW6xCsVIQzMCWQbP7UihIWBz4T44TMz98F5C8+ePb2jo+2MHZioyrRVE2a1d7Q1zpjTMbM61adiynLSm8/7+GN/ftM5Mzpvpw65fXgp6YpMucquLjdX5t0dvbP3PvarNreSLc9HQf0xf1XoF/oumNd2RuNZ0+fPP2NU8rfU7M3J3z6ZaLKtRvWWbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/22Oo13/yQ929IqeST+IDQEJCorclyvM+3Zp29g/ygi/6WzpaGaq7PqALphW5Wcq6Rrk9Bn3Yxxzxx/me0uOIRhVMHAqyNPecZXTBZGJLlpokS9f3uoLJYW5N5V2bNN4vD42NfYpth4b8u7mb961t2LzrMpuu1DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD/2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBYAAAAAECYv3UYPRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlwIAAP//WKHPZA==")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000040), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
ftruncate(r0, 0x5)
creat(0x0, 0x0)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)

3.205767085s ago: executing program 2 (id=1280):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800"/13, @ANYRES32=r1, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$pokeuser(0x6, r0, 0x388, 0xfffffffffffff341)

3.205207709s ago: executing program 5 (id=1281):
r0 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f0000000380)={0x1d, r1, 0x3, {0x0, 0x0, 0x6}, 0xff}, 0x18)
r2 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000040))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_setup(0x10a, &(0x7f0000000680)={0x0, 0x80334c, 0x10, 0x3, 0x3d3}, &(0x7f0000000200), &(0x7f0000000300))
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x1, 0x7})
write$UHID_CREATE2(r4, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r4, 0x0)
io_uring_enter(r2, 0x627, 0xc1040000, 0x43, 0x0, 0x0)
sendmsg$SOCK_DESTROY(r0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x20845)

2.865024766s ago: executing program 8 (id=1282):
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)

2.515700063s ago: executing program 5 (id=1283):
r0 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f0000000380)={0x1d, r1, 0x3, {0x0, 0x0, 0x6}, 0xff}, 0x18)
r2 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=<r3=>0x0, &(0x7f0000000040))
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_setup(0x10a, &(0x7f0000000680)={0x0, 0x80334c, 0x10, 0x3, 0x3d3}, &(0x7f0000000200), &(0x7f0000000300))
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
syz_io_uring_submit(0x0, 0x0, &(0x7f00000001c0)=@IORING_OP_TEE={0x21, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x1, 0x7})
write$UHID_CREATE2(r4, &(0x7f00000001c0)=ANY=[@ANYBLOB="06"], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r4, 0x0)
io_uring_enter(r2, 0x627, 0xc1040000, 0x43, 0x0, 0x0)

2.373872641s ago: executing program 2 (id=1284):
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', 0x0, 0x2)
fstatfs(r0, 0x0)

1.976123189s ago: executing program 2 (id=1285):
r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$sierra_net(r0, 0x0, 0x0)
syz_usb_control_io$sierra_net(r0, 0x0, &(0x7f0000000980)={0x1c, &(0x7f0000000480)=ANY=[@ANYBLOB="2047a8"], 0x0, 0x0})

1.787035808s ago: executing program 5 (id=1286):
r0 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000002})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f00000002c0)=[@acquire], 0x0, 0x0, 0x0})
r2 = dup3(r1, r0, 0x0)
ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})

1.309709997s ago: executing program 6 (id=1287):
r0 = syz_init_net_socket$llc(0x1a, 0x801, 0x0)
bind$llc(r0, 0x0, 0x0)

1.309266482s ago: executing program 5 (id=1288):
userfaultfd(0x80001)
socket$packet(0x11, 0x3, 0x300)
socket$inet6_sctp(0xa, 0x5, 0x84)
socket$inet6_udp(0xa, 0x2, 0x0)
socket$l2tp6(0xa, 0x2, 0x73)
socket$nl_generic(0x10, 0x3, 0x10)
socket$inet6_sctp(0xa, 0x1, 0x84)
sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2)
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r1=>0x0], 0x40000012})
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
ioctl$DRM_IOCTL_MODE_ATOMIC(r0, 0xc03864bc, &(0x7f0000000040)={0x0, 0x1, &(0x7f0000000340)=[r1], &(0x7f0000000280), &(0x7f0000000200), &(0x7f00000002c0), 0x0, 0x7f})

1.086825832s ago: executing program 5 (id=1289):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x4)
ioctl$GIO_UNISCRNMAP(r0, 0x4b69, 0x0)

857.272334ms ago: executing program 3 (id=1290):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0)
close(0x3)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r1, &(0x7f0000000300)={{0x6, @rose, 0x1}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]}, 0x48)
r2 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
bind$netrom(r2, &(0x7f00000004c0)={{0x6, @rose, 0x1}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x48)
accept$netrom(r2, 0x0, 0x0)
write$cgroup_devices(r0, &(0x7f0000000040)=ANY=[], 0xffdd)

653.794852ms ago: executing program 6 (id=1291):
r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x8, 0x7b5, 0x312, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x6, [{{0x9, 0x4, 0x0, 0x20, 0x1, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x8, 0x1}}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f00000002c0)={0x2c, &(0x7f0000000140)={0x20, 0x22, 0xe, {0xe, 0x23, "176962868eb160a85903e5c6"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

558.546946ms ago: executing program 5 (id=1292):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100009dea7840b418fbff7bdc01020301090212000100000000090401"], 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000008c0)={0x1c, &(0x7f0000000100)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0})
r1 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r1, 0x707, &(0x7f0000000200)={&(0x7f00000000c0)=[{0x4, 0x5201, 0x2000, &(0x7f0000000300)='/'}], 0x1})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)

0s ago: executing program 8 (id=1293):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001180)={0x11, 0x5, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1a}, [@alu={0x7, 0x0, 0xa, 0x0, 0x0, 0x0, 0xfffffffffffffff0}, @jmp={0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1}]}, &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='tlb_flush\x00', r0}, 0x10)

kernel console output (not intermixed with test programs):

d capacity change from 0 to 2560
[  539.624579][ T8802] buffer_io_error: 12 callbacks suppressed
[  539.624604][ T8802] Buffer I/O error on dev loop6, logical block 0, async page read
[  539.783387][ T8802] Buffer I/O error on dev loop6, logical block 0, async page read
[  539.791402][ T8802] Buffer I/O error on dev loop6, logical block 0, async page read
[  539.819926][ T8802] Buffer I/O error on dev loop6, logical block 0, async page read
[  539.849740][ T8802] Buffer I/O error on dev loop6, logical block 0, async page read
[  539.859535][ T8802] Buffer I/O error on dev loop6, logical block 0, async page read
[  540.313373][ T8802] Buffer I/O error on dev loop6, logical block 0, async page read
[  540.416777][ T8802] Buffer I/O error on dev loop6, logical block 0, async page read
[  540.613211][ T8802] ldm_validate_partition_table(): Disk read failed.
[  540.620624][ T8802] Buffer I/O error on dev loop6, logical block 0, async page read
[  540.649941][ T8802] Buffer I/O error on dev loop6, logical block 0, async page read
[  540.658071][ T8802] Dev loop6: unable to read RDB block 0
[  540.768712][ T8802]  loop6: unable to read partition table
[  540.780127][ T8802] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  540.989832][ T8559] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  541.183746][ T8559] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  541.195644][ T8827] loop3: detected capacity change from 0 to 128
[  541.220335][ T8559] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  541.252545][ T8827] vfat: Unknown parameter 'ut'
[  541.269791][ T8559] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  541.282402][ T8829] netlink: 'syz.6.658': attribute type 39 has an invalid length.
[  541.529797][ T8559] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  541.553904][ T8559] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  542.435100][ T8559] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  542.458207][ T8559] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  542.581547][ T8559] usb 6-1: Product: syz
[  542.585765][ T8559] usb 6-1: Manufacturer: syz
[  542.631070][ T8559] cdc_wdm 6-1:1.0: skipping garbage
[  542.636334][ T8559] cdc_wdm 6-1:1.0: skipping garbage
[  542.638980][ T8833] tipc: Started in network mode
[  542.647223][ T8833] tipc: Node identity 4e438867e3ea, cluster identity 4711
[  542.679644][ T8833] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  542.748794][ T8559] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  542.816070][ T8559] cdc_wdm 6-1:1.0: Unknown control protocol
[  542.834670][ T8833] syzkaller0: entered promiscuous mode
[  542.942312][ T8833] syzkaller0: entered allmulticast mode
[  543.064559][ T8869] support for the xor transformation has been removed.
[  543.214902][   T24] usb 6-1: USB disconnect, device number 12
[  543.666945][ T8832] tipc: Resetting bearer <eth:syzkaller0>
[  543.841516][ T5873] tipc: Node number set to 2913568871
[  543.880036][   T24] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  543.999078][ T8832] tipc: Disabling bearer <eth:syzkaller0>
[  544.110531][   T24] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  544.148094][   T24] usb 8-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00
[  544.173499][   T24] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  544.229378][   T24] usb 8-1: config 0 descriptor??
[  544.289842][   T24] usbhid 8-1:0.0: can't add hid device: -22
[  544.326559][   T24] usbhid 8-1:0.0: probe with driver usbhid failed with error -22
[  548.434333][ T8559] usb 8-1: USB disconnect, device number 5
[  549.062335][ T8899] netlink: 'syz.3.669': attribute type 39 has an invalid length.
[  549.536025][ T5933] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  549.709772][ T5933] usb 1-1: device descriptor read/64, error -71
[  549.722995][ T8919] loop6: detected capacity change from 0 to 128
[  549.761117][ T8919] vfat: Unknown parameter 'ut'
[  549.790059][ T8559] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  550.909949][ T5933] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  551.279973][ T5933] usb 1-1: device descriptor read/64, error -71
[  551.380642][ T8941] netlink: 'syz.5.675': attribute type 39 has an invalid length.
[  551.541894][ T5933] usb usb1-port1: attempt power cycle
[  551.549964][ T8559] usb 3-1: Using ep0 maxpacket: 8
[  551.561911][ T8559] usb 3-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  551.694133][ T8559] usb 3-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  551.982188][ T8559] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  552.022452][ T8559] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  552.079826][ T5933] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  552.149350][ T8559] usbtmc 3-1:16.0: bulk endpoints not found
[  552.636597][ T5933] usb 1-1: device descriptor read/8, error -71
[  553.181243][ T8997] loop6: detected capacity change from 0 to 2560
[  553.260776][ T8997] buffer_io_error: 11 callbacks suppressed
[  553.260802][ T8997] Buffer I/O error on dev loop6, logical block 0, async page read
[  553.539912][ T8997] Buffer I/O error on dev loop6, logical block 0, async page read
[  553.690837][ T8997] Buffer I/O error on dev loop6, logical block 0, async page read
[  553.798039][ T8997] Buffer I/O error on dev loop6, logical block 0, async page read
[  553.944698][ T8997] Buffer I/O error on dev loop6, logical block 0, async page read
[  553.999971][ T8997] Buffer I/O error on dev loop6, logical block 0, async page read
[  554.031599][ T8997] Buffer I/O error on dev loop6, logical block 0, async page read
[  554.077075][ T8997] Buffer I/O error on dev loop6, logical block 0, async page read
[  554.082582][   T43] usb 3-1: USB disconnect, device number 10
[  554.089652][ T8997] ldm_validate_partition_table(): Disk read failed.
[  554.101610][ T8997] Buffer I/O error on dev loop6, logical block 0, async page read
[  554.125606][ T8997] Buffer I/O error on dev loop6, logical block 0, async page read
[  554.354751][ T8997] Dev loop6: unable to read RDB block 0
[  554.361466][ T8997]  loop6: unable to read partition table
[  554.388385][ T8997] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  554.488276][ T9028] ubi: mtd0 is already attached to ubi31
[  555.526874][ T9033] netlink: 'syz.6.682': attribute type 39 has an invalid length.
[  556.041873][ T9044] loop5: detected capacity change from 0 to 1024
[  558.430398][ T5933] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  558.639057][ T5933] usb 8-1: config 0 has no interfaces?
[  558.664067][ T5933] usb 8-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  558.688124][ T5933] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  558.747287][ T5933] usb 8-1: Product: syz
[  558.787989][ T5933] usb 8-1: Manufacturer: syz
[  558.807605][ T5933] usb 8-1: SerialNumber: syz
[  558.910789][ T5933] usb 8-1: config 0 descriptor??
[  559.085420][ T9080] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  559.120824][ T9080] syzkaller0: entered promiscuous mode
[  559.139929][ T9080] syzkaller0: entered allmulticast mode
[  559.240107][ T9079] tipc: Resetting bearer <eth:syzkaller0>
[  559.275523][ T8559] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  559.347917][ T9079] tipc: Disabling bearer <eth:syzkaller0>
[  559.451871][ T8559] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  559.464945][ T8559] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  559.496406][ T8559] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66
[  559.527127][ T8559] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  559.589555][ T8559] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  559.617633][ T8559] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  559.633068][ T8559] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  559.655129][ T8559] usb 7-1: Product: syz
[  559.665926][ T8559] usb 7-1: Manufacturer: syz
[  559.693480][ T9095] netlink: 'syz.5.702': attribute type 39 has an invalid length.
[  559.741053][ T8559] cdc_wdm 7-1:1.0: skipping garbage
[  559.746313][ T8559] cdc_wdm 7-1:1.0: skipping garbage
[  559.788951][ T8559] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device
[  559.818310][ T8559] cdc_wdm 7-1:1.0: Unknown control protocol
[  559.860431][ T9099] autofs: Unknown parameter '0x0000000000000000'
[  560.037833][ T9083] cdc_wdm 7-1:1.0: Error submitting int urb - -90
[  560.107646][ T8559] usb 7-1: USB disconnect, device number 2
[  560.599080][ T8559] usb 8-1: USB disconnect, device number 6
[  561.944736][ T9130] netlink: 'syz.7.712': attribute type 39 has an invalid length.
[  562.150128][   T10] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  562.249891][ T6093] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  562.268066][ T9139] tipc: Started in network mode
[  562.295190][ T9139] tipc: Node identity 229952e0bf28, cluster identity 4711
[  562.327459][ T9139] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  562.369554][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  562.402820][ T9139] syzkaller0: entered promiscuous mode
[  562.409345][   T10] usb 1-1: New USB device found, idVendor=046d, idProduct=c71f, bcdDevice= 0.00
[  562.433695][ T9139] syzkaller0: entered allmulticast mode
[  562.446355][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  562.466702][ T6093] usb 3-1: Using ep0 maxpacket: 32
[  562.488654][   T10] usb 1-1: config 0 descriptor??
[  562.495815][ T6093] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  562.522647][   T10] usbhid 1-1:0.0: can't add hid device: -22
[  562.543870][ T6093] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  562.599944][   T10] usbhid 1-1:0.0: probe with driver usbhid failed with error -22
[  562.680321][ T6093] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  563.080470][ T9138] tipc: Resetting bearer <eth:syzkaller0>
[  563.393417][ T6093] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  563.453744][ T9150] ceph: No mds server is up or the cluster is laggy
[  563.464080][   T24] libceph: connect (1)[c::]:6789 error -101
[  563.621185][   T24] libceph: mon0 (1)[c::]:6789 connect error
[  563.637928][ T6093] usb 3-1: Product: syz
[  563.642278][ T6093] usb 3-1: Manufacturer: syz
[  563.646954][ T6093] usb 3-1: SerialNumber: syz
[  563.655005][ T6093] usb 3-1: config 0 descriptor??
[  563.724376][ T9138] tipc: Disabling bearer <eth:syzkaller0>
[  563.805126][ T5933] tipc: Node number set to 2645644000
[  564.071417][ T5933] libceph: connect (1)[c::]:6789 error -101
[  564.078385][ T5933] libceph: mon0 (1)[c::]:6789 connect error
[  564.505598][ T5873] usb 3-1: USB disconnect, device number 11
[  564.799240][ T6093] usb 1-1: USB disconnect, device number 28
[  565.287099][ T9193] support for the xor transformation has been removed.
[  568.908100][ T8559] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  569.112813][ T8559] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  569.136235][ T8559] usb 8-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  569.192152][ T8559] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[  569.227682][ T8559] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 14129, setting to 64
[  569.533018][ T8559] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  569.545123][ T8559] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  569.562096][ T8559] usb 8-1: Product: syz
[  569.566306][ T8559] usb 8-1: Manufacturer: syz
[  569.639834][ T6093] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  569.719621][ T5969] libceph: connect (1)[c::]:6789 error -101
[  569.725846][ T5969] libceph: mon0 (1)[c::]:6789 connect error
[  569.771100][ T8559] cdc_wdm 8-1:1.0: skipping garbage
[  569.776359][ T8559] cdc_wdm 8-1:1.0: skipping garbage
[  569.787434][ T9247] loop0: detected capacity change from 0 to 512
[  569.798066][ T8559] cdc_wdm 8-1:1.0: probe with driver cdc_wdm failed with error -22
[  569.828409][ T9247] ext3: Unknown parameter 'pcr'
[  569.860177][ T9249] netlink: 'syz.2.735': attribute type 39 has an invalid length.
[  569.879837][ T6093] usb 7-1: Using ep0 maxpacket: 8
[  569.889184][ T6093] usb 7-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  569.955701][ T6093] usb 7-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  570.010325][ T8559] usb 8-1: USB disconnect, device number 7
[  570.076596][ T6093] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  570.118731][ T9239] ceph: No mds server is up or the cluster is laggy
[  570.138886][   T10] libceph: connect (1)[c::]:6789 error -101
[  570.178065][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  570.188759][ T6093] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  570.915491][ T6093] usbtmc 7-1:16.0: bulk endpoints not found
[  571.370197][ T9261] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  571.409428][ T9261] syzkaller0: entered promiscuous mode
[  571.429784][ T9261] syzkaller0: entered allmulticast mode
[  571.482168][ T9261] tipc: Resetting bearer <eth:syzkaller0>
[  571.525845][ T9260] tipc: Resetting bearer <eth:syzkaller0>
[  571.584274][ T9260] tipc: Disabling bearer <eth:syzkaller0>
[  571.760747][ T9266] overlayfs: failed to resolve './file0': -2
[  572.478679][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  572.485118][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  572.907685][   T24] usb 7-1: USB disconnect, device number 3
[  574.502013][ T9286] loop5: detected capacity change from 0 to 512
[  574.523563][ T9286] ext3: Unknown parameter 'pcr'
[  576.175461][ T9303] overlayfs: missing 'lowerdir'
[  581.497135][ T9339] overlayfs: failed to resolve './file0': -2
[  583.132574][ T6093] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  583.459633][ T6093] usb 1-1: config 0 has no interfaces?
[  583.626502][ T6093] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  583.754166][ T9352] netlink: 'syz.5.761': attribute type 39 has an invalid length.
[  583.773226][ T6093] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  583.870700][ T6093] usb 1-1: Product: syz
[  583.890296][ T6093] usb 1-1: Manufacturer: syz
[  583.912067][ T6093] usb 1-1: SerialNumber: syz
[  583.972410][ T6093] usb 1-1: config 0 descriptor??
[  585.002856][ T9363] netlink: 'syz.7.768': attribute type 39 has an invalid length.
[  585.639100][ T9370] support for the xor transformation has been removed.
[  586.309752][   T43] usb 1-1: USB disconnect, device number 29
[  589.927774][ T9392] Bluetooth: hci2: command 0x0406 tx timeout
[  591.259584][ T9409] loop6: detected capacity change from 0 to 16
[  591.330561][ T9409] =======================================================
[  591.330561][ T9409] WARNING: The mand mount option has been deprecated and
[  591.330561][ T9409]          and is ignored by this kernel. Remove the mand
[  591.330561][ T9409]          option from the mount to silence this warning.
[  591.330561][ T9409] =======================================================
[  591.365563][    C1] vkms_vblank_simulate: vblank timer overrun
[  591.454324][ T9409] erofs (device loop6): mounted with root inode @ nid 36.
[  594.311992][ T9435] loop7: detected capacity change from 0 to 512
[  594.374146][ T9435] ext3: Unknown parameter 'pcr'
[  594.991500][   T43] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  596.302501][ T5933] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  596.395421][   T43] usb 3-1: config 0 has no interfaces?
[  596.436150][   T43] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  596.478798][   T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  596.490076][ T5933] usb 6-1: Using ep0 maxpacket: 8
[  596.528427][ T5933] usb 6-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  596.574099][   T43] usb 3-1: Product: syz
[  596.600975][   T43] usb 3-1: Manufacturer: syz
[  596.622217][ T5933] usb 6-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  596.635636][   T43] usb 3-1: SerialNumber: syz
[  596.663462][   T43] usb 3-1: config 0 descriptor??
[  596.673805][ T5933] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  596.709868][ T5933] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  596.719800][ T5947] usb 1-1: new high-speed USB device number 30 using dummy_hcd
[  596.722889][ T9451] loop7: detected capacity change from 0 to 512
[  596.749486][ T5933] usbtmc 6-1:16.0: bulk endpoints not found
[  596.776506][ T9451] ext3: Unknown parameter 'pcr'
[  596.989506][   T10] usb 3-1: USB disconnect, device number 12
[  597.175038][ T5947] usb 1-1: Using ep0 maxpacket: 32
[  597.185887][ T5947] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  597.199728][ T5947] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  597.222827][ T5947] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  597.232683][ T5947] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  597.250330][ T5947] usb 1-1: Product: syz
[  597.255718][ T5947] usb 1-1: Manufacturer: syz
[  597.263790][ T5947] usb 1-1: SerialNumber: syz
[  598.092938][ T5947] usb 1-1: config 0 descriptor??
[  598.219959][ T9458] support for the xor transformation has been removed.
[  598.426984][ T5947] usb 1-1: USB disconnect, device number 30
[  599.662277][ T5933] usb 6-1: USB disconnect, device number 13
[  600.128404][ T9482] loop6: detected capacity change from 0 to 16
[  600.341776][ T9482] erofs (device loop6): mounted with root inode @ nid 36.
[  602.061152][   T10] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  602.094718][   T10] hid-generic 0000:0000:0000.0001: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  602.598197][ T9497] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  602.659256][ T9497] tipc: Resetting bearer <eth:syzkaller0>
[  602.671949][ T9500] loop0: detected capacity change from 0 to 512
[  602.709193][ T9500] ext3: Unknown parameter 'pcr'
[  602.794039][ T9496] tipc: Disabling bearer <eth:syzkaller0>
[  602.817873][ T9495] fido_id[9495]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  603.882088][ T9507] overlayfs: failed to resolve './file0': -2
[  605.274777][ T5871] Bluetooth: hci6: command 0x0406 tx timeout
[  606.992182][ T9539] loop5: detected capacity change from 0 to 512
[  607.020452][ T9539] ext3: Unknown parameter 'pcr'
[  607.209859][ T6093] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  609.301784][ T6093] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  609.329716][ T6093] usb 8-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  610.036915][ T6093] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66
[  610.049860][ T6093] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  610.097093][ T6093] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  610.166372][ T6093] usb 8-1: string descriptor 0 read error: -71
[  610.179837][ T6093] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  610.994709][ T6093] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  611.026129][ T9558] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  611.108307][ T6093] usb 8-1: can't set config #1, error -71
[  611.128372][ T9566] overlayfs: failed to resolve './file0': -2
[  611.210985][ T6093] usb 8-1: USB disconnect, device number 8
[  611.255372][ T9558] tipc: Resetting bearer <eth:syzkaller0>
[  612.643750][ T9557] tipc: Disabling bearer <eth:syzkaller0>
[  612.673165][ T9578] netlink: 4 bytes leftover after parsing attributes in process `syz.2.834'.
[  615.290797][ T9596] autofs: Unknown parameter '0x0000000000000000'
[  615.403711][ T9599] netlink: 'syz.5.844': attribute type 39 has an invalid length.
[  615.798796][ T5933] libceph: connect (1)[c::]:6789 error -101
[  615.954463][ T5933] libceph: mon0 (1)[c::]:6789 connect error
[  616.077020][ T9604] ceph: No mds server is up or the cluster is laggy
[  617.679822][ T6093] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  617.909848][ T6093] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  617.918543][ T6093] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  618.119830][ T6093] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66
[  618.178955][ T6093] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  618.279843][   T10] usb 8-1: new high-speed USB device number 9 using dummy_hcd
[  618.288552][ T6093] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  618.359995][ T6093] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  618.372173][ T6093] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  618.382022][ T6093] usb 3-1: Product: syz
[  618.386208][ T6093] usb 3-1: Manufacturer: syz
[  618.423881][ T6093] cdc_wdm 3-1:1.0: skipping garbage
[  618.443151][ T6093] cdc_wdm 3-1:1.0: skipping garbage
[  618.477821][ T6093] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device
[  618.490714][   T10] usb 8-1: Using ep0 maxpacket: 32
[  618.496002][ T6093] cdc_wdm 3-1:1.0: Unknown control protocol
[  618.527036][   T10] usb 8-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  618.572738][   T10] usb 8-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  618.599784][   T10] usb 8-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  618.607980][   T10] usb 8-1: Product: syz
[  618.639519][   T10] usb 8-1: Manufacturer: syz
[  618.654460][   T10] usb 8-1: SerialNumber: syz
[  618.688980][   T10] usb 8-1: config 0 descriptor??
[  618.699488][ T9654] raw-gadget.1 gadget.7: fail, usb_ep_enable returned -22
[  618.734233][ T5933] usb 3-1: USB disconnect, device number 13
[  618.956084][   T43] usb 8-1: USB disconnect, device number 9
[  619.975821][ T5933] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  620.190832][ T5933] usb 6-1: Using ep0 maxpacket: 8
[  620.198227][ T5933] usb 6-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  620.210494][ T5933] usb 6-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  620.438965][ T5933] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  620.448873][ T5933] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  620.468331][ T5933] usbtmc 6-1:16.0: bulk endpoints not found
[  621.402921][ T9677] loop3: detected capacity change from 0 to 16
[  621.435505][ T9677] erofs (device loop3): mounted with root inode @ nid 36.
[  621.492490][ T9679] No control pipe specified
[  623.144077][ T9686] ceph: No mds server is up or the cluster is laggy
[  623.151647][   T43] libceph: connect (1)[c::]:6789 error -101
[  623.353158][   T43] libceph: mon0 (1)[c::]:6789 connect error
[  623.475516][   T10] usb 6-1: USB disconnect, device number 14
[  623.854647][ T9702] netlink: 'syz.7.867': attribute type 39 has an invalid length.
[  624.732918][   T43] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0
[  624.771772][   T43] hid-generic 0000:0000:0000.0002: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  624.903301][ T9710] loop2: detected capacity change from 0 to 512
[  624.982963][ T9710] EXT4-fs: Ignoring removed i_version option
[  625.057304][ T9710] EXT4-fs: Ignoring removed nobh option
[  625.405035][ T9738] loop3: detected capacity change from 0 to 512
[  625.446234][ T9710] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  625.550890][ T9738] EXT4-fs: Ignoring removed i_version option
[  625.564829][ T9710] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  625.576187][ T9716] fido_id[9716]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  625.665337][ T9738] EXT4-fs: Ignoring removed nobh option
[  625.764352][ T9710] EXT4-fs (loop2): 1 truncate cleaned up
[  625.797561][ T9738] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  625.842866][ T9710] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  626.019878][ T9738] EXT4-fs (loop3): 1 truncate cleaned up
[  626.029143][ T9738] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  626.900267][ T9764] netlink: 84 bytes leftover after parsing attributes in process `syz.2.869'.
[  627.543156][ T9763] loop0: detected capacity change from 0 to 512
[  627.871973][ T9763] ext3: Unknown parameter 'pcr'
[  628.196204][ T5865] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  629.342323][ T9772] loop6: detected capacity change from 0 to 2560
[  629.363375][ T9772] buffer_io_error: 11 callbacks suppressed
[  629.363400][ T9772] Buffer I/O error on dev loop6, logical block 0, async page read
[  629.397214][ T9772] Buffer I/O error on dev loop6, logical block 0, async page read
[  629.439925][ T9772] Buffer I/O error on dev loop6, logical block 0, async page read
[  629.448319][ T9772] Buffer I/O error on dev loop6, logical block 0, async page read
[  629.456517][ T9772] Buffer I/O error on dev loop6, logical block 0, async page read
[  629.464750][ T9772] Buffer I/O error on dev loop6, logical block 0, async page read
[  629.479946][ T9772] Buffer I/O error on dev loop6, logical block 0, async page read
[  629.488194][ T9772] Buffer I/O error on dev loop6, logical block 0, async page read
[  629.496822][ T9772] ldm_validate_partition_table(): Disk read failed.
[  629.515616][ T9772] Buffer I/O error on dev loop6, logical block 0, async page read
[  629.545079][ T9772] Buffer I/O error on dev loop6, logical block 0, async page read
[  629.564704][ T9772] Dev loop6: unable to read RDB block 0
[  629.570949][ T9772]  loop6: unable to read partition table
[  629.581677][ T9772] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  629.651370][ T5867] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  629.689813][ T6093] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  629.879993][ T6093] usb 3-1: Using ep0 maxpacket: 32
[  629.922171][ T6093] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[  629.949805][ T6093] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 0
[  629.986879][ T6093] usb 3-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  630.008849][ T6093] usb 3-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  630.037735][ T6093] usb 3-1: Product: syz
[  630.047865][ T6093] usb 3-1: Manufacturer: syz
[  630.060847][ T6093] usb 3-1: SerialNumber: syz
[  630.111053][ T6093] usb 3-1: config 0 descriptor??
[  630.129751][   T24] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  630.319983][   T24] usb 4-1: Using ep0 maxpacket: 8
[  630.346238][   T24] usb 4-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  630.366816][   T24] usb 4-1: config 16 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  630.386975][ T5933] usb 3-1: USB disconnect, device number 14
[  630.426986][   T24] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  630.651285][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  630.666334][   T24] usbtmc 4-1:16.0: bulk endpoints not found
[  631.721364][   T24] usb 4-1: USB disconnect, device number 14
[  633.120953][ T9392] Bluetooth: hci2: unexpected event for opcode 0x1804
[  633.886558][ T9824] loop6: detected capacity change from 0 to 2560
[  633.923281][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  633.930518][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  633.958784][ T9824] ldm_validate_partition_table(): Disk read failed.
[  633.983923][   T10] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  634.023413][ T9824] Dev loop6: unable to read RDB block 0
[  634.029511][ T9824]  loop6: unable to read partition table
[  634.053777][ T9824] loop_reread_partitions: partition scan of loop6 (3Ÿ¾‚³˜) failed (rc=-5)
[  634.169966][   T10] usb 3-1: Using ep0 maxpacket: 8
[  634.187696][   T10] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  634.226295][   T10] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  634.244727][ T5228] ldm_validate_partition_table(): Disk read failed.
[  634.263962][   T10] usb 3-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  634.285766][ T5228] Dev loop6: unable to read RDB block 0
[  634.299485][   T10] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  634.312064][ T5228]  loop6: unable to read partition table
[  634.334831][   T10] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  634.380950][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  634.464848][   T10] usbtmc 3-1:16.0: bulk endpoints not found
[  636.378974][ T9859] workqueue: Failed to create a rescuer kthread for wq "ceph-watch-notify": -EINTR
[  636.777456][   T10] usb 3-1: USB disconnect, device number 15
[  637.206605][ T9392] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  637.216894][ T9392] Bluetooth: hci2: Injecting HCI hardware error event
[  637.226960][ T5871] Bluetooth: hci2: hardware error 0x00
[  637.981206][ T9392] Bluetooth: hci3: unexpected event for opcode 0x1804
[  638.430657][ T9885] loop7: detected capacity change from 0 to 512
[  638.482294][ T9885] EXT4-fs: Ignoring removed i_version option
[  638.488329][ T9885] EXT4-fs: Ignoring removed nobh option
[  638.521058][ T9885] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  640.024439][ T9885] EXT4-fs (loop7): 1 truncate cleaned up
[  640.081763][ T5871] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  640.365144][ T9885] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  640.865744][ T9910] binder_alloc: 9909: binder_alloc_buf, no vma
[  641.083653][ T9911] netlink: 84 bytes leftover after parsing attributes in process `syz.7.919'.
[  641.790576][ T8015] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  641.989744][ T5871] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  641.998227][ T5871] Bluetooth: hci3: Injecting HCI hardware error event
[  642.008119][ T9392] Bluetooth: hci3: hardware error 0x00
[  642.050949][ T9917] netlink: 'syz.7.929': attribute type 39 has an invalid length.
[  644.022063][ T9941] netlink: 4 bytes leftover after parsing attributes in process `syz.2.934'.
[  644.157785][ T9392] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  644.447015][ T9976] loop3: detected capacity change from 0 to 512
[  644.480005][ T9976] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  644.848909][ T9976] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a042c118, mo2=0002]
[  644.858390][ T9976] System zones: 1-12
[  645.170796][ T9976] EXT4-fs error (device loop3): ext4_iget_extra_inode:5103: inode #15: comm syz.3.937: corrupted in-inode xattr: e_value size too large
[  646.105988][ T9976] EXT4-fs error (device loop3): ext4_orphan_get:1395: comm syz.3.937: couldn't read orphan inode 15 (err -117)
[  647.243165][ T9976] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  648.373089][ T9987] netlink: 'syz.6.938': attribute type 39 has an invalid length.
[  648.751170][ T5867] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  648.779847][ T9995] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  649.146446][ T9992] tipc: Resetting bearer <eth:syzkaller0>
[  649.427938][ T9991] tipc: Disabling bearer <eth:syzkaller0>
[  649.689353][T10006] binder_alloc: 10004: binder_alloc_buf, no vma
[  650.786783][T10014] loop6: detected capacity change from 0 to 512
[  650.846054][T10014] ext3: Unknown parameter 'pcr'
[  650.920108][T10018] loop7: detected capacity change from 0 to 512
[  650.967209][T10018] ext3: Unknown parameter 'pcr'
[  651.232694][T10024] netlink: 12 bytes leftover after parsing attributes in process `syz.2.950'.
[  652.650022][T10032] ceph: No mds server is up or the cluster is laggy
[  652.938950][ T6093] libceph: connect (1)[c::]:6789 error -101
[  653.135062][ T6093] libceph: mon0 (1)[c::]:6789 connect error
[  654.486544][T10044] netlink: 'syz.5.954': attribute type 39 has an invalid length.
[  657.326265][T10066] binder_alloc: 10065: binder_alloc_buf, no vma
[  658.948144][T10085] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR
[  662.934287][T10125] loop0: detected capacity change from 0 to 512
[  663.184166][T10125] EXT4-fs (loop0): mounting ext3 file system using the ext4 subsystem
[  664.253059][T10125] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a042c118, mo2=0002]
[  664.262498][T10125] System zones: 1-12
[  664.289943][T10125] EXT4-fs error (device loop0): ext4_iget_extra_inode:5103: inode #15: comm syz.0.989: corrupted in-inode xattr: e_value size too large
[  664.304446][T10125] EXT4-fs error (device loop0): ext4_orphan_get:1395: comm syz.0.989: couldn't read orphan inode 15 (err -117)
[  664.406722][T10125] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  667.887901][   T24] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[  667.941600][   T24] hid-generic 0000:0000:0000.0003: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  667.977435][ T5866] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  668.247328][T10154] loop2: detected capacity change from 0 to 16
[  668.283862][T10154] erofs (device loop2): mounted with root inode @ nid 36.
[  670.367326][T10151] fido_id[10151]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  671.847564][T10175] netlink: 32 bytes leftover after parsing attributes in process `syz.0.1004'.
[  671.919794][T10175] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1004'.
[  673.147879][ T5873] usb 6-1: new high-speed USB device number 15 using dummy_hcd
[  673.518056][ T5873] usb 6-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  674.285896][ T5873] usb 6-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  674.311329][ T5873] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41
[  674.433918][ T5873] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11
[  674.487908][ T5873] usb 6-1: Product: syz
[  674.505633][ T5873] usb 6-1: Manufacturer: syz
[  674.514667][ T5873] usb 6-1: SerialNumber: syz
[  676.130418][T10213] netlink: 'syz.7.1005': attribute type 39 has an invalid length.
[  676.238913][T10219] loop6: detected capacity change from 0 to 16
[  676.262866][T10219] erofs (device loop6): mounted with root inode @ nid 36.
[  677.573954][   T24] usb 6-1: USB disconnect, device number 15
[  679.727780][T10270] binder: 10269:10270 ioctl 4018620d 0 returned -22
[  679.781128][T10270] binder: 10269:10270 ioctl c0306201 0 returned -14
[  680.164501][T10279] loop3: detected capacity change from 0 to 256
[  680.169851][ T6093] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  680.257064][T10280] mac80211_hwsim hwsim7 wlan1: entered allmulticast mode
[  680.281268][T10282] loop7: detected capacity change from 0 to 2048
[  680.326517][T10282] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  680.367257][ T6093] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  680.399452][ T6093] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  680.420684][T10279] FAT-fs (loop3): Directory bread(block 64) failed
[  680.427341][T10279] FAT-fs (loop3): Directory bread(block 65) failed
[  680.441624][ T6093] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  680.478632][T10279] FAT-fs (loop3): Directory bread(block 66) failed
[  680.509807][ T6093] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  680.529112][T10279] FAT-fs (loop3): Directory bread(block 67) failed
[  680.560840][ T6093] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  680.570176][T10279] FAT-fs (loop3): Directory bread(block 68) failed
[  680.576748][T10279] FAT-fs (loop3): Directory bread(block 69) failed
[  680.594757][ T6093] usb 6-1: config 0 descriptor??
[  680.640396][T10279] FAT-fs (loop3): Directory bread(block 70) failed
[  680.677377][T10279] FAT-fs (loop3): Directory bread(block 71) failed
[  680.705738][T10279] FAT-fs (loop3): Directory bread(block 72) failed
[  680.725351][T10279] FAT-fs (loop3): Directory bread(block 73) failed
[  680.737358][T10289] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  680.745911][T10289] syzkaller0: entered promiscuous mode
[  680.759765][T10289] syzkaller0: entered allmulticast mode
[  680.820642][T10289] tipc: Resetting bearer <eth:syzkaller0>
[  680.854450][T10288] tipc: Resetting bearer <eth:syzkaller0>
[  680.907566][T10288] tipc: Disabling bearer <eth:syzkaller0>
[  681.051199][ T6093] plantronics 0003:047F:FFFF.0004: reserved main item tag 0xe
[  681.084167][ T6093] plantronics 0003:047F:FFFF.0004: unknown main item tag 0x0
[  681.136223][ T6093] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  681.260997][ T6093] usb 6-1: USB disconnect, device number 16
[  681.349796][ T5933] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[  681.514175][T10295] fido_id[10295]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[  681.558257][ T5933] usb 8-1: Using ep0 maxpacket: 8
[  681.596621][ T5933] usb 8-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  681.616401][ T5933] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  681.628803][ T5933] usb 8-1: Product: syz
[  681.655339][ T5933] usb 8-1: Manufacturer: syz
[  681.679605][ T5933] usb 8-1: SerialNumber: syz
[  681.726634][T10310] loop6: detected capacity change from 0 to 1024
[  681.842864][T10310] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  681.955512][ T5933] usb 8-1: config 0 descriptor??
[  682.016091][T10310] EXT4-fs error (device loop6): ext4_xattr_inode_iget:437: inode #11: comm syz.6.1032: missing EA_INODE flag
[  682.108187][T10310] EXT4-fs (loop6): Remounting filesystem read-only
[  682.129394][T10317] loop0: detected capacity change from 0 to 2048
[  682.139145][T10310] EXT4-fs warning (device loop6): ext4_expand_extra_isize_ea:2847: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  682.185804][ T5933] usb 8-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  682.194315][T10317] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024)
[  682.296964][T10317] syz.0.1033: attempt to access beyond end of device
[  682.296964][T10317] loop0: rw=524288, sector=33554430, nr_sectors = 2 limit=2048
[  682.299747][T10323] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  682.385186][ T8146] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  682.885654][T10327] loop2: detected capacity change from 0 to 32768
[  682.893224][T10327] XFS: ikeep mount option is deprecated.
[  682.991241][T10327] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  683.093920][T10345] capability: warning: `syz.6.1042' uses deprecated v2 capabilities in a way that may be insecure
[  683.105219][ T5933] dvb_usb_rtl28xxu 8-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  683.118968][ T5933] usb 8-1: USB disconnect, device number 10
[  683.175113][T10327] XFS (loop2): Ending clean mount
[  683.184494][T10327] XFS (loop2): Quotacheck needed: Please wait.
[  683.293978][T10327] XFS (loop2): Quotacheck: Done.
[  683.715776][T10347] loop5: detected capacity change from 0 to 32768
[  683.725978][T10347] XFS: ikeep mount option is deprecated.
[  683.827949][T10347] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  684.085618][T10367] netlink: 'syz.6.1050': attribute type 39 has an invalid length.
[  684.131363][T10347] XFS (loop5): Ending clean mount
[  684.138733][T10347] XFS (loop5): Quotacheck needed: Please wait.
[  684.258904][T10363] lo speed is unknown, defaulting to 1000
[  684.265470][ T5865] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  684.306623][T10347] XFS (loop5): Quotacheck: Done.
[  684.308231][T10363] lo speed is unknown, defaulting to 1000
[  684.329119][T10363] lo speed is unknown, defaulting to 1000
[  684.691989][ T5868] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  684.833234][T10363] infiniband s
z1: set active
[  684.838095][T10363] infiniband s
z1: added lo
[  684.845081][T10363] s
z1: rxe_create_cq: returned err = -12
[  684.851191][T10363] infiniband s
z1: Couldn't create ib_mad CQ
[  684.857349][T10363] infiniband s
z1: Couldn't open port 1
[  684.890003][ T5933] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  684.971481][T10363] RDS/IB: s
z1: added
[  684.976028][T10363] smc: adding ib device s
z1 with port count 1
[  684.982375][T10363] smc:    ib device s
z1 port 1 has pnetid 
[  685.105730][ T5933] usb 4-1: Using ep0 maxpacket: 8
[  685.165312][ T5933] usb 4-1: config index 0 descriptor too short (expected 30, got 18)
[  685.205666][ T5933] usb 4-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  685.279690][ T5933] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  685.389704][ T5933] usb 4-1: Product: syz
[  685.435113][ T5933] usb 4-1: Manufacturer: syz
[  685.499695][ T5933] usb 4-1: SerialNumber: syz
[  685.567219][ T5933] usb 4-1: config 0 descriptor??
[  685.650306][ T5933] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  685.729456][ T5933] usb 4-1: setting power ON
[  685.763713][   T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  685.825727][ T5933] dvb-usb: bulk message failed: -22 (2/0)
[  685.938658][ T5933] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  686.054414][ T5933] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  686.059673][ T6093] lo speed is unknown, defaulting to 1000
[  686.075440][ T5873] lo speed is unknown, defaulting to 1000
[  686.093241][T10363] lo speed is unknown, defaulting to 1000
[  686.095994][T10403] program syz.2.1045 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  686.139430][ T5933] usb 4-1: media controller created
[  686.252871][   T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  686.290285][ T5933] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  686.492366][ T5933] usb 4-1: selecting invalid altsetting 6
[  686.519776][ T5933] usb 4-1: digital interface selection failed (-22)
[  686.534499][   T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  686.556189][ T5933] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  686.592397][ T5933] usb 4-1: setting power OFF
[  686.615303][ T5933] dvb-usb: bulk message failed: -22 (2/0)
[  686.634389][ T5933] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  686.644155][   T30] kauditd_printk_skb: 4 callbacks suppressed
[  686.644178][   T30] audit: type=1326 audit(1756994519.220:368): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10413 comm="syz.3.1057" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f568338ebe9 code=0x7ffc0000
[  686.699658][ T5933] (NULL device *): no alternate interface
[  686.795481][   T30] audit: type=1326 audit(1756994519.220:369): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10413 comm="syz.3.1057" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f568338ebe9 code=0x7ffc0000
[  686.824012][T10363] lo speed is unknown, defaulting to 1000
[  686.952379][   T30] audit: type=1326 audit(1756994519.270:370): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10413 comm="syz.3.1057" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f568338ebe9 code=0x7ffc0000
[  687.001970][   T30] audit: type=1326 audit(1756994519.270:371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10413 comm="syz.3.1057" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f568338ebe9 code=0x7ffc0000
[  687.027839][ T5933] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  687.078890][ T5933] usb 4-1: USB disconnect, device number 15
[  687.106404][T10423] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1059'.
[  687.127393][   T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  687.153727][   T30] audit: type=1326 audit(1756994519.270:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10413 comm="syz.3.1057" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f568338ebe9 code=0x7ffc0000
[  687.352292][T10363] lo speed is unknown, defaulting to 1000
[  687.452754][T10425] loop8: detected capacity change from 0 to 7
[  687.500143][T10425] Dev loop8: unable to read RDB block 7
[  687.536905][T10425]  loop8: AHDI p2 p3
[  687.557690][T10425] loop8: partition table partially beyond EOD, truncated
[  687.586464][T10425] loop8: p2 start 1702059890 is beyond EOD, truncated
[  687.646160][T10430] netlink: 'syz.2.1062': attribute type 4 has an invalid length.
[  687.771639][   T43] IPVS: starting estimator thread 0...
[  687.838905][T10363] lo speed is unknown, defaulting to 1000
[  687.889810][T10435] IPVS: using max 21 ests per chain, 50400 per kthread
[  688.065471][   T13] bridge_slave_1: left allmulticast mode
[  688.079599][   T13] bridge_slave_1: left promiscuous mode
[  688.090034][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  688.147793][   T13] bridge_slave_0: left allmulticast mode
[  688.179712][   T13] bridge_slave_0: left promiscuous mode
[  688.200148][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  688.529110][ T5871] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  688.543125][ T5871] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  688.556223][ T5871] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  688.564999][ T5871] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  688.794506][ T5871] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  689.470033][ T6093] usb 7-1: new full-speed USB device number 4 using dummy_hcd
[  689.646698][ T6093] usb 7-1: config 1 has an invalid interface number: 236 but max is 1
[  689.655299][ T6093] usb 7-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  689.666022][ T6093] usb 7-1: config 1 has 3 interfaces, different from the descriptor's value: 2
[  689.675341][ T6093] usb 7-1: config 1 has no interface number 2
[  689.689373][ T6093] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  689.700995][ T6093] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0
[  689.717095][ T6093] usb 7-1: config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  689.737494][ T6093] usb 7-1: config 1 interface 1 has no altsetting 0
[  689.757232][ T6093] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  689.767677][ T6093] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  689.789721][ T6093] usb 7-1: Product: syz
[  689.797306][ T6093] usb 7-1: Manufacturer: syz
[  689.809759][ T6093] usb 7-1: SerialNumber: syz
[  689.831200][T10445] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  689.846315][ T6093] cdc_ncm 7-1:1.0: skipping garbage
[  689.870533][ T6093] cdc_ncm 7-1:1.0: NCM or ECM functional descriptors missing
[  689.878559][ T6093] cdc_ncm 7-1:1.0: bind() failure
[  689.912052][ T6093] cdc_ncm 7-1:1.236: CDC Union missing and no IAD found
[  689.919234][ T6093] cdc_ncm 7-1:1.236: bind() failure
[  690.003349][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  690.053212][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  690.096417][   T13] bond0 (unregistering): Released all slaves
[  690.165347][T10363] lo speed is unknown, defaulting to 1000
[  690.388787][   T13] tipc: Left network mode
[  690.545310][   T24] usb 7-1: USB disconnect, device number 4
[  690.784120][T10363] lo speed is unknown, defaulting to 1000
[  690.950013][ T9392] Bluetooth: hci0: command tx timeout
[  691.193315][T10443] lo speed is unknown, defaulting to 1000
[  691.362917][   T24] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  691.567779][   T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  691.598262][   T24] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  691.630158][   T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  691.685364][   T24] usb 3-1: config 0 descriptor??
[  691.717827][   T24] pwc: Askey VC010 type 2 USB webcam detected.
[  691.848066][T10496] pim6reg: entered allmulticast mode
[  692.038635][T10498] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  692.145732][   T24] pwc: recv_control_msg error -32 req 02 val 2b00
[  692.172726][T10504] netlink: 'syz.5.1084': attribute type 39 has an invalid length.
[  692.184907][   T24] pwc: recv_control_msg error -32 req 02 val 2700
[  692.220610][   T24] pwc: recv_control_msg error -32 req 02 val 2c00
[  692.243675][   T24] pwc: recv_control_msg error -32 req 04 val 1000
[  692.271200][   T24] pwc: recv_control_msg error -32 req 04 val 1300
[  692.316834][   T24] pwc: recv_control_msg error -32 req 04 val 1400
[  692.366218][   T24] pwc: recv_control_msg error -32 req 02 val 2000
[  692.465230][   T24] pwc: recv_control_msg error -32 req 02 val 2100
[  692.684075][T10508] netlink: 'syz.7.1086': attribute type 39 has an invalid length.
[  693.030095][ T9392] Bluetooth: hci0: command tx timeout
[  693.203643][   T24] pwc: recv_control_msg error -71 req 02 val 2500
[  693.234023][   T24] pwc: recv_control_msg error -71 req 02 val 2400
[  693.296863][   T24] pwc: recv_control_msg error -71 req 02 val 2600
[  693.393344][   T24] pwc: recv_control_msg error -71 req 02 val 2900
[  693.490619][   T24] pwc: recv_control_msg error -71 req 02 val 2800
[  693.561219][   T24] pwc: recv_control_msg error -71 req 04 val 1100
[  693.566031][T10543] syz.6.1087 uses obsolete (PF_INET,SOCK_PACKET)
[  693.621215][   T24] pwc: recv_control_msg error -71 req 04 val 1200
[  693.720342][   T24] pwc: Registered as video103.
[  693.853506][   T24] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input5
[  694.019022][   T24] usb 3-1: USB disconnect, device number 16
[  694.862867][T10559] loop8: detected capacity change from 0 to 7
[  694.872247][T10559] Dev loop8: unable to read RDB block 7
[  694.877801][T10559]  loop8: AHDI p2 p3
[  694.960742][T10559] loop8: partition table partially beyond EOD, truncated
[  694.991818][T10559] loop8: p2 start 1702059890 is beyond EOD, truncated
[  695.119898][ T9392] Bluetooth: hci0: command 0x040f tx timeout
[  695.375319][ T1296] ieee802154 phy0 wpan0: encryption failed: -22
[  695.389965][ T1296] ieee802154 phy1 wpan1: encryption failed: -22
[  695.794433][   T13] hsr_slave_0: left promiscuous mode
[  696.004860][T10573] Bluetooth: MGMT ver 1.23
[  696.019706][ T5873] usb 8-1: new high-speed USB device number 11 using dummy_hcd
[  696.032309][   T13] hsr_slave_1: left promiscuous mode
[  696.069508][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  696.107924][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  696.260295][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  696.308850][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  696.332620][ T5873] usb 8-1: Using ep0 maxpacket: 32
[  696.348725][ T5873] usb 8-1: config 0 has an invalid interface number: 132 but max is 0
[  696.393438][ T5873] usb 8-1: config 0 has no interface number 0
[  696.439899][ T5873] usb 8-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  696.465961][   T13] veth1_macvtap: left promiscuous mode
[  696.471807][   T13] veth0_macvtap: left promiscuous mode
[  696.478457][   T13] veth1_vlan: left promiscuous mode
[  696.484424][   T13] veth0_vlan: left promiscuous mode
[  696.532794][ T5873] usb 8-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  696.542331][ T5873] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  696.552171][ T5873] usb 8-1: Product: syz
[  696.563072][ T5873] usb 8-1: Manufacturer: syz
[  696.567679][ T5873] usb 8-1: SerialNumber: syz
[  696.578643][ T5873] usb 8-1: config 0 descriptor??
[  696.584185][   T10] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  696.618812][ T5873] em28xx 8-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  696.658750][ T5873] em28xx 8-1:0.132: Video interface 132 found:
[  696.759866][   T10] usb 7-1: Using ep0 maxpacket: 32
[  696.774997][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  696.800774][   T10] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  696.831257][   T10] usb 7-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  696.855530][   T10] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  696.883833][   T10] usb 7-1: config 0 descriptor??
[  697.042031][ T5873] em28xx 8-1:0.132: unknown em28xx chip ID (0)
[  697.189922][ T9392] Bluetooth: hci0: command 0x040f tx timeout
[  697.333913][   T10] ft260 0003:0403:6030.0005: unknown main item tag 0x7
[  697.505571][   T10] ft260 0003:0403:6030.0005: chip code: 6424 8183
[  697.692822][ T5873] em28xx 8-1:0.132: failed to read eeprom (err=-110)
[  697.710605][   T10] ft260 0003:0403:6030.0005: failed to retrieve system status
[  697.718534][   T10] ft260 0003:0403:6030.0005: probe with driver ft260 failed with error -71
[  697.729783][ T5873] em28xx 8-1:0.132: em28xx_i2c_register: em28xx_i2_eeprom failed! retval [-110]
[  697.791834][   T10] usb 7-1: USB disconnect, device number 5
[  697.927096][   T13] team0 (unregistering): Port device team_slave_1 removed
[  697.939827][ T5873] em28xx 8-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  697.948288][ T5873] em28xx 8-1:0.132: analog set to bulk mode.
[  697.958934][ T6093] em28xx 8-1:0.132: Registering V4L2 extension
[  697.986648][ T5873] usb 8-1: USB disconnect, device number 11
[  698.001895][   T13] team0 (unregistering): Port device team_slave_0 removed
[  698.017676][ T5873] em28xx 8-1:0.132: Disconnecting em28xx
[  698.187057][ T6093] em28xx 8-1:0.132: Config register raw data: 0xffffffed
[  698.197166][ T6093] em28xx 8-1:0.132: AC97 chip type couldn't be determined
[  698.204784][ T6093] em28xx 8-1:0.132: No AC97 audio processor
[  698.237831][ T6093] usb 8-1: Decoder not found
[  698.251735][ T6093] em28xx 8-1:0.132: failed to create media graph
[  698.259000][ T6093] em28xx 8-1:0.132: V4L2 device video103 deregistered
[  698.274574][ T6093] em28xx 8-1:0.132: Remote control support is not available for this card.
[  698.284555][ T5873] em28xx 8-1:0.132: Closing input extension
[  698.346883][ T5873] em28xx 8-1:0.132: Freeing device
[  698.816015][T10588] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  698.886256][T10590] syzkaller0: entered promiscuous mode
[  698.899798][T10590] syzkaller0: entered allmulticast mode
[  698.989340][T10605] tipc: Resetting bearer <eth:syzkaller0>
[  699.049991][T10584] tipc: Resetting bearer <eth:syzkaller0>
[  699.076506][   T30] audit: type=1800 audit(1756994531.650:373): pid=10624 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.1105" name="bus" dev="tmpfs" ino=2 res=0 errno=0
[  699.147996][T10584] tipc: Disabling bearer <eth:syzkaller0>
[  699.272416][ T9392] Bluetooth: hci0: command 0x040f tx timeout
[  699.329760][   T24] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  699.500655][   T24] usb 3-1: Using ep0 maxpacket: 16
[  699.534139][   T24] usb 3-1: config 0 has no interfaces?
[  699.555179][   T24] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  699.578787][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  699.594767][T10637] loop7: detected capacity change from 0 to 2048
[  699.620674][   T24] usb 3-1: Product: syz
[  699.624867][   T24] usb 3-1: Manufacturer: syz
[  699.673558][   T24] usb 3-1: SerialNumber: syz
[  699.693162][T10637] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  699.710309][   T24] usb 3-1: config 0 descriptor??
[  699.904343][T10443] chnl_net:caif_netlink_parms(): no params data found
[  699.982815][ T5933] usb 3-1: USB disconnect, device number 17
[  700.878272][T10674] loop3: detected capacity change from 0 to 128
[  700.897489][T10443] bridge0: port 1(bridge_slave_0) entered blocking state
[  700.973939][T10674] udf: Unknown parameter '01777777777777777777777'
[  700.990049][T10443] bridge0: port 1(bridge_slave_0) entered disabled state
[  700.997315][T10443] bridge_slave_0: entered allmulticast mode
[  701.006100][T10443] bridge_slave_0: entered promiscuous mode
[  701.155440][T10443] bridge0: port 2(bridge_slave_1) entered blocking state
[  701.179890][T10443] bridge0: port 2(bridge_slave_1) entered disabled state
[  701.187134][T10443] bridge_slave_1: entered allmulticast mode
[  701.188908][T10682] loop3: detected capacity change from 0 to 512
[  701.237061][T10682] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  701.296419][T10443] bridge_slave_1: entered promiscuous mode
[  701.305520][T10682] EXT4-fs (loop3): external journal device major/minor numbers have changed
[  701.358748][T10682] EXT4-fs (loop3): filesystem has both journal inode and journal device!
[  701.596483][T10443] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  701.697511][T10443] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  702.267455][T10443] team0: Port device team_slave_0 added
[  702.353946][T10443] team0: Port device team_slave_1 added
[  702.546071][T10443] batman_adv: batadv0: Adding interface: batadv_slave_0
[  702.559009][T10443] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  702.609330][T10443] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  702.620184][ T6093] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  702.633090][T10443] batman_adv: batadv0: Adding interface: batadv_slave_1
[  702.640799][T10443] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  702.666752][    C0] vkms_vblank_simulate: vblank timer overrun
[  702.673837][T10443] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  702.780085][ T6093] usb 7-1: Using ep0 maxpacket: 8
[  702.797230][ T6093] usb 7-1: config 179 has an invalid interface number: 65 but max is 0
[  702.835700][T10443] hsr_slave_0: entered promiscuous mode
[  702.843967][ T6093] usb 7-1: config 179 has no interface number 0
[  702.864568][ T6093] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  702.887782][T10443] hsr_slave_1: entered promiscuous mode
[  702.894809][T10443] debugfs: 'hsr0' already exists in 'hsr'
[  702.900590][T10443] Cannot create hsr debugfs directory
[  702.925341][ T6093] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  702.940209][ T6093] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  703.721789][ T6093] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  703.733350][ T6093] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  703.756194][ T6093] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  703.771557][ T6093] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  703.808248][T10708] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  704.004043][   T30] audit: type=1326 audit(1756994536.590:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10716 comm="syz.7.1130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5fae38ebe9 code=0x7fc00000
[  704.026500][    C0] vkms_vblank_simulate: vblank timer overrun
[  704.305100][   T24] usb 7-1: USB disconnect, device number 6
[  704.305142][    C0] xpad 7-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  704.320478][    C0] xpad 7-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  704.709764][   T30] audit: type=1326 audit(1756994537.290:375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10716 comm="syz.7.1130" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f5fae38ebe9 code=0x7fc00000
[  704.780970][T10443] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  704.905801][T10443] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  705.063929][T10443] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  705.251290][T10750] loop5: detected capacity change from 0 to 32768
[  705.290827][T10443] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  705.319775][ T6093] usb 8-1: new high-speed USB device number 12 using dummy_hcd
[  705.341631][T10750] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  705.421671][   T30] audit: type=1800 audit(1756994538.010:376): pid=10750 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1134" name="file1" dev="loop5" ino=17058 res=0 errno=0
[  705.503306][ T6093] usb 8-1: config 0 has an invalid interface number: 1 but max is 0
[  705.529774][ T6093] usb 8-1: config 0 has no interface number 0
[  705.535898][ T6093] usb 8-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  705.547430][ T6093] usb 8-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  705.557537][ T6093] usb 8-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00
[  705.566877][ T6093] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  705.590796][ T6093] usb 8-1: config 0 descriptor??
[  706.086191][ T6093] prodikeys 0003:041E:2801.0006: item fetching failed at offset 5/7
[  706.165338][ T6093] prodikeys 0003:041E:2801.0006: hid parse failed
[  706.195085][T10443] 8021q: adding VLAN 0 to HW filter on device bond0
[  706.226396][ T5868] ocfs2: Unmounting device (7,5) on (node local)
[  706.245637][ T6093] prodikeys 0003:041E:2801.0006: probe with driver prodikeys failed with error -22
[  706.382025][T10443] 8021q: adding VLAN 0 to HW filter on device team0
[  706.500911][ T9983] bridge0: port 1(bridge_slave_0) entered blocking state
[  706.508087][ T9983] bridge0: port 1(bridge_slave_0) entered forwarding state
[  706.598661][ T9983] bridge0: port 2(bridge_slave_1) entered blocking state
[  706.605935][ T9983] bridge0: port 2(bridge_slave_1) entered forwarding state
[  706.710669][T10775] loop5: detected capacity change from 0 to 512
[  706.916712][T10775] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  707.000082][T10775] ext4 filesystem being mounted at /222/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  707.099114][   T24] usb 8-1: USB disconnect, device number 12
[  707.362924][   T30] audit: type=1326 audit(1756994539.940:377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10793 comm="syz.7.1146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5fae38ebe9 code=0x7ffc0000
[  707.479984][   T30] audit: type=1326 audit(1756994539.940:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10793 comm="syz.7.1146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5fae38ebe9 code=0x7ffc0000
[  707.510629][ T1213] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  707.570245][   T30] audit: type=1326 audit(1756994540.000:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10793 comm="syz.7.1146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7f5fae38ebe9 code=0x7ffc0000
[  707.594046][   T30] audit: type=1326 audit(1756994540.000:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10793 comm="syz.7.1146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5fae38ebe9 code=0x7ffc0000
[  707.621713][ T5868] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  707.624009][   T30] audit: type=1326 audit(1756994540.000:381): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10793 comm="syz.7.1146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5fae38ebe9 code=0x7ffc0000
[  707.740135][ T1213] usb 7-1: Using ep0 maxpacket: 16
[  707.756542][ T1213] usb 7-1: config 0 has no interfaces?
[  707.783510][ T1213] usb 7-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  707.794678][   T30] audit: type=1326 audit(1756994540.000:382): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10793 comm="syz.7.1146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f5fae38ebe9 code=0x7ffc0000
[  707.880968][ T1213] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  707.901273][ T1213] usb 7-1: Product: syz
[  707.910466][ T1213] usb 7-1: Manufacturer: syz
[  707.919955][   T30] audit: type=1326 audit(1756994540.000:383): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10793 comm="syz.7.1146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5fae38ebe9 code=0x7ffc0000
[  707.942755][ T1213] usb 7-1: SerialNumber: syz
[  707.965242][ T1213] usb 7-1: config 0 descriptor??
[  707.989374][   T30] audit: type=1326 audit(1756994540.000:384): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10793 comm="syz.7.1146" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5fae38ebe9 code=0x7ffc0000
[  708.263352][ T6093] usb 7-1: USB disconnect, device number 7
[  708.301757][ T1213] usb 6-1: new high-speed USB device number 17 using dummy_hcd
[  708.367049][T10443] 8021q: adding VLAN 0 to HW filter on device batadv0
[  708.473336][ T1213] usb 6-1: New USB device found, idVendor=1d50, idProduct=6089, bcdDevice=d0.1d
[  708.532080][ T1213] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  708.638384][ T1213] usb 6-1: config 0 descriptor??
[  709.067276][ T1213] hackrf 6-1:0.0: Board ID: 00
[  709.336138][T10820] loop6: detected capacity change from 0 to 32768
[  709.349733][ T1213] hackrf 6-1:0.0: Firmware version: 
[  709.370270][ T1213] hackrf 6-1:0.0: Registered as swradio24
[  709.376017][ T1213] videodev: could not get a free minor
[  709.400332][T10820] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.1153 (10820)
[  709.425803][T10820] BTRFS info (device loop6): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  709.436419][T10820] BTRFS info (device loop6): using sha256 (sha256-lib) checksum algorithm
[  709.448078][ T1213] hackrf 6-1:0.0: Failed to register as video device (-23)
[  709.473634][ T1213] hackrf 6-1:0.0: probe with driver hackrf failed with error -23
[  709.487502][ T1213] usb 6-1: USB disconnect, device number 17
[  709.691433][T10820] BTRFS info (device loop6): enabling ssd optimizations
[  709.698496][T10820] BTRFS info (device loop6): enabling free space tree
[  709.737757][T10443] veth0_vlan: entered promiscuous mode
[  710.058865][   T30] kauditd_printk_skb: 108 callbacks suppressed
[  710.058890][   T30] audit: type=1800 audit(1756994542.640:493): pid=10845 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1156" name="bus" dev="tmpfs" ino=2 res=0 errno=0
[  710.104247][T10443] veth1_vlan: entered promiscuous mode
[  710.183444][   T30] audit: type=1800 audit(1756994542.750:494): pid=10820 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1153" name="file1" dev="loop6" ino=260 res=0 errno=0
[  710.248091][T10443] veth0_macvtap: entered promiscuous mode
[  710.258792][T10443] veth1_macvtap: entered promiscuous mode
[  710.301329][T10443] batman_adv: batadv0: Interface activated: batadv_slave_0
[  710.416792][T10443] batman_adv: batadv0: Interface activated: batadv_slave_1
[  710.808496][T10854] loop2: detected capacity change from 0 to 40427
[  710.809214][ T8708] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  710.817073][T10854] F2FS-fs: heap/no_heap options were deprecated
[  710.842146][T10854] F2FS-fs (loop2): build fault injection rate: 19
[  710.854143][T10854] F2FS-fs (loop2): invalid crc value
[  710.995361][ T8708] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  711.019888][T10854] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  711.061988][T10854] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  711.101824][ T6598] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  711.206944][ T8146] BTRFS info (device loop6): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  711.217503][ T8708] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  711.333953][ T5865] syz-executor: attempt to access beyond end of device
[  711.333953][ T5865] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  711.406301][ T5865] CPU: 0 UID: 0 PID: 5865 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  711.406351][ T5865] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  711.406375][ T5865] Call Trace:
[  711.406385][ T5865]  <TASK>
[  711.406400][ T5865]  dump_stack_lvl+0x16c/0x1f0
[  711.406458][ T5865]  f2fs_handle_critical_error+0x624/0x9f0
[  711.406510][ T5865]  ? srso_alias_return_thunk+0x5/0xfbef5
[  711.406557][ T5865]  ? f2fs_build_fault_attr+0x53/0x1f0
[  711.406608][ T5865]  f2fs_write_end_io+0x958/0xcf0
[  711.406665][ T5865]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  711.406723][ T5865]  ? srso_alias_return_thunk+0x5/0xfbef5
[  711.406779][ T5865]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  711.406830][ T5865]  bio_endio+0x713/0x860
[  711.406889][ T5865]  submit_bio_noacct+0x306/0x1ed0
[  711.406944][ T5865]  __submit_merged_bio+0x33c/0x770
[  711.407002][ T5865]  __submit_merged_write_cond+0x319/0x3f0
[  711.407067][ T5865]  f2fs_write_cache_pages+0x2067/0x2570
[  711.407157][ T5865]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  711.407215][ T5865]  ? arch_stack_walk+0x88/0x100
[  711.407271][ T5865]  ? srso_alias_return_thunk+0x5/0xfbef5
[  711.407317][ T5865]  ? __kasan_check_byte+0x13/0x50
[  711.407356][ T5865]  ? srso_alias_return_thunk+0x5/0xfbef5
[  711.407405][ T5865]  ? srso_alias_return_thunk+0x5/0xfbef5
[  711.407450][ T5865]  ? rcu_is_watching+0x12/0xc0
[  711.407497][ T5865]  ? srso_alias_return_thunk+0x5/0xfbef5
[  711.407544][ T5865]  ? srso_alias_return_thunk+0x5/0xfbef5
[  711.407589][ T5865]  ? __kasan_check_byte+0x13/0x50
[  711.407638][ T5865]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  711.407693][ T5865]  ? srso_alias_return_thunk+0x5/0xfbef5
[  711.407800][ T5865]  ? srso_alias_return_thunk+0x5/0xfbef5
[  711.407846][ T5865]  ? add_lock_to_list+0x9d/0x130
[  711.407905][ T5865]  ? srso_alias_return_thunk+0x5/0xfbef5
[  711.407957][ T5865]  f2fs_write_data_pages+0x4ad/0xd90
[  711.408027][ T5865]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  711.408085][ T5865]  ? srso_alias_return_thunk+0x5/0xfbef5
[  711.408142][ T5865]  ? srso_alias_return_thunk+0x5/0xfbef5
[  711.408192][ T5865]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  711.408281][ T5865]  do_writepages+0x27a/0x600
[  711.408336][ T5865]  ? __pfx_do_writepages+0x10/0x10
[  711.408383][ T5865]  ? do_raw_spin_unlock+0x172/0x230
[  711.408425][ T5865]  ? srso_alias_return_thunk+0x5/0xfbef5
[  711.408470][ T5865]  ? _raw_spin_unlock+0x28/0x50
[  711.408521][ T5865]  filemap_fdatawrite_wbc+0x104/0x160
[  711.408570][ T5865]  ? stack_trace_save+0x8e/0xc0
[  711.408622][ T5865]  __filemap_fdatawrite_range+0xb9/0x100
[  711.408687][ T5865]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  711.408749][ T5865]  ? check_path.constprop.0+0x24/0x50
[  711.408858][ T5865]  ? find_held_lock+0x2b/0x80
[  711.408906][ T5865]  ? srso_alias_return_thunk+0x5/0xfbef5
[  711.408953][ T5865]  ? do_raw_spin_unlock+0x172/0x230
[  711.408994][ T5865]  ? srso_alias_return_thunk+0x5/0xfbef5
[  711.409046][ T5865]  f2fs_sync_dirty_inodes+0x2a9/0x990
[  711.409130][ T5865]  block_operations+0x2b0/0xfe0
[  711.409205][ T5865]  ? __pfx_block_operations+0x10/0x10
[  711.409270][ T5865]  ? add_lock_to_list+0x9d/0x130
[  711.409375][ T5865]  ? srso_alias_return_thunk+0x5/0xfbef5
[  711.409419][ T5865]  ? down_write+0x14d/0x200
[  711.409477][ T5865]  ? __pfx_down_write+0x10/0x10
[  711.409538][ T5865]  ? srso_alias_return_thunk+0x5/0xfbef5
[  711.409581][ T5865]  ? rcu_is_watching+0x12/0xc0
[  711.409640][ T5865]  f2fs_write_checkpoint+0x2b8/0x4c60
[  711.409712][ T5865]  ? srso_alias_return_thunk+0x5/0xfbef5
[  711.409756][ T5865]  ? kfree+0x2b4/0x4d0
[  711.409801][ T5865]  ? srso_alias_return_thunk+0x5/0xfbef5
[  711.409851][ T5865]  ? srso_alias_return_thunk+0x5/0xfbef5
[  711.409896][ T5865]  ? rcu_is_watching+0x12/0xc0
[  711.409943][ T5865]  ? srso_alias_return_thunk+0x5/0xfbef5
[  711.409988][ T5865]  ? kthread_stop+0x273/0x630
[  711.410028][ T5865]  kill_f2fs_super+0x3c2/0x470
[  711.410065][ T5865]  ? __pfx_kill_f2fs_super+0x10/0x10
[  711.410099][ T5865]  ? lockdep_hardirqs_on+0x7c/0x110
[  711.410170][ T5865]  deactivate_locked_super+0xc1/0x1a0
[  711.410235][ T5865]  deactivate_super+0xde/0x100
[  711.410294][ T5865]  cleanup_mnt+0x225/0x450
[  711.410357][ T5865]  task_work_run+0x150/0x240
[  711.410400][ T5865]  ? __pfx_task_work_run+0x10/0x10
[  711.410438][ T5865]  ? srso_alias_return_thunk+0x5/0xfbef5
[  711.410487][ T5865]  ? __pfx___x64_sys_umount+0x10/0x10
[  711.410534][ T5865]  exit_to_user_mode_loop+0xeb/0x110
[  711.410576][ T5865]  do_syscall_64+0x3f6/0x4c0
[  711.410635][ T5865]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  711.410672][ T5865] RIP: 0033:0x7f56a7f8ff17
[  711.410701][ T5865] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  711.410738][ T5865] RSP: 002b:00007ffc81b8d188 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  711.410773][ T5865] RAX: 0000000000000000 RBX: 00007f56a8011c05 RCX: 00007f56a7f8ff17
[  711.410797][ T5865] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc81b8d240
[  711.410821][ T5865] RBP: 00007ffc81b8d240 R08: 0000000000000000 R09: 0000000000000000
[  711.410844][ T5865] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc81b8e2d0
[  711.410868][ T5865] R13: 00007f56a8011c05 R14: 00000000000ad9bc R15: 00007ffc81b8e310
[  711.410917][ T5865]  </TASK>
[  712.059704][ T5865] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  712.430555][ T5933] usb 6-1: new high-speed USB device number 18 using dummy_hcd
[  712.665745][ T7073] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  712.698221][ T5933] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  712.729748][ T5933] usb 6-1: config 0 interface 0 has no altsetting 0
[  712.739725][ T7073] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  712.776673][ T5933] usb 6-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce
[  712.812495][ T5933] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  712.845055][ T5933] usb 6-1: Product: syz
[  712.859791][ T5933] usb 6-1: Manufacturer: syz
[  712.886058][ T5933] usb 6-1: SerialNumber: syz
[  712.915207][ T5933] usb 6-1: config 0 descriptor??
[  712.947021][ T5933] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state.
[  712.995217][ T5933] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  713.002664][ T9983] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  713.056097][ T9983] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  713.068915][ T5933] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0)
[  713.121553][ T5933] usb 6-1: media controller created
[  713.245676][ T5933] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  713.498208][ T5933] DVB: Unable to find symbol tda10046_attach()
[  713.527720][ T5933] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0'
[  713.568727][ T5933] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected.
[  714.470055][   T24] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  714.641831][   T24] usb 4-1: Using ep0 maxpacket: 32
[  714.663336][   T24] usb 4-1: config 0 has an invalid interface number: 132 but max is 0
[  714.690621][   T24] usb 4-1: config 0 has no interface number 0
[  714.697477][   T24] usb 4-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  714.702649][T10910] loop6: detected capacity change from 0 to 256
[  714.778406][   T24] usb 4-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  714.790156][ T5873] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  714.824641][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  714.869003][   T24] usb 4-1: Product: syz
[  714.893974][T10910] FAT-fs (loop6): Directory bread(block 64) failed
[  714.900357][   T24] usb 4-1: Manufacturer: syz
[  714.934005][T10910] FAT-fs (loop6): Directory bread(block 65) failed
[  714.949928][   T24] usb 4-1: SerialNumber: syz
[  714.969272][ T5873] usb 9-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  714.978195][   T24] usb 4-1: config 0 descriptor??
[  714.985828][T10910] FAT-fs (loop6): Directory bread(block 66) failed
[  715.004934][ T5873] usb 9-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  715.034958][T10910] FAT-fs (loop6): Directory bread(block 67) failed
[  715.035840][   T24] em28xx 4-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  715.065976][ T5873] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  715.094768][T10910] FAT-fs (loop6): Directory bread(block 68) failed
[  715.115226][   T24] em28xx 4-1:0.132: Video interface 132 found:
[  715.139705][T10910] FAT-fs (loop6): Directory bread(block 69) failed
[  715.147639][ T5873] usb 9-1: config 0 descriptor??
[  715.177242][T10910] FAT-fs (loop6): Directory bread(block 70) failed
[  715.192684][ T5873] pwc: Askey VC010 type 2 USB webcam detected.
[  715.225839][ T5933] dvb_usb_m920x 6-1:0.0: probe with driver dvb_usb_m920x failed with error -71
[  715.229723][T10910] FAT-fs (loop6): Directory bread(block 71) failed
[  715.283308][T10910] FAT-fs (loop6): Directory bread(block 72) failed
[  715.285190][ T5933] usb 6-1: USB disconnect, device number 18
[  715.317797][T10910] FAT-fs (loop6): Directory bread(block 73) failed
[  715.471122][   T24] em28xx 4-1:0.132: unknown em28xx chip ID (0)
[  715.638206][T10922] loop8: detected capacity change from 0 to 7
[  715.657957][T10922] Dev loop8: unable to read RDB block 7
[  715.665639][T10922]  loop8: AHDI p1 p2 p3
[  715.674609][T10922] loop8: partition table partially beyond EOD, truncated
[  715.687779][T10922] loop8: p1 start 1601398130 is beyond EOD, truncated
[  715.702032][T10922] loop8: p2 start 1702059890 is beyond EOD, truncated
[  715.800881][ T5873] pwc: recv_control_msg error -32 req 02 val 2b00
[  715.808959][ T5873] pwc: recv_control_msg error -32 req 02 val 2700
[  715.817128][ T5873] pwc: recv_control_msg error -32 req 02 val 2c00
[  715.824426][ T5873] pwc: recv_control_msg error -32 req 04 val 1000
[  715.836740][ T5873] pwc: recv_control_msg error -32 req 04 val 1300
[  715.844759][ T5873] pwc: recv_control_msg error -32 req 04 val 1400
[  715.852521][ T5873] pwc: recv_control_msg error -32 req 02 val 2000
[  715.859801][ T5873] pwc: recv_control_msg error -32 req 02 val 2100
[  715.867913][ T5873] pwc: recv_control_msg error -32 req 04 val 1500
[  716.091872][ T5873] pwc: recv_control_msg error -71 req 02 val 2400
[  716.100529][   T24] em28xx 4-1:0.132: failed to trigger write to i2c address 0xa0 (error=-5)
[  716.128846][   T24] em28xx 4-1:0.132: failed to read eeprom (err=-5)
[  716.130206][ T5873] pwc: recv_control_msg error -71 req 02 val 2600
[  716.157646][   T24] em28xx 4-1:0.132: em28xx_i2c_register: em28xx_i2_eeprom failed! retval [-5]
[  716.191819][ T5873] pwc: recv_control_msg error -71 req 02 val 2900
[  716.237530][ T5873] pwc: recv_control_msg error -71 req 02 val 2800
[  716.267009][ T5873] pwc: recv_control_msg error -71 req 04 val 1100
[  716.273736][   T24] em28xx 4-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  716.273777][   T24] em28xx 4-1:0.132: analog set to bulk mode.
[  716.274806][ T1213] em28xx 4-1:0.132: Registering V4L2 extension
[  716.321700][   T24] usb 4-1: USB disconnect, device number 16
[  716.325383][ T5873] pwc: recv_control_msg error -71 req 04 val 1200
[  716.381528][   T24] em28xx 4-1:0.132: Disconnecting em28xx
[  716.383575][ T5873] pwc: Registered as video103.
[  716.490409][ T5873] input: PWC snapshot button as /devices/platform/dummy_hcd.8/usb9/9-1/input/input6
[  716.566737][ T5873] usb 9-1: USB disconnect, device number 2
[  716.568139][T10935] loop6: detected capacity change from 0 to 1764
[  717.183538][   T30] audit: type=1326 audit(1756994549.760:495): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10947 comm="syz.3.1188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f568338ebe9 code=0x7ffc0000
[  717.428711][T10941] loop7: detected capacity change from 0 to 65536
[  717.543605][T10949] loop8: detected capacity change from 0 to 32768
[  717.551260][T10949] btrfs: Deprecated parameter 'usebackuproot'
[  717.557571][T10949] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  717.573662][T10949] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.1186 (10949)
[  717.592033][   T30] audit: type=1326 audit(1756994549.810:496): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10947 comm="syz.3.1188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f568338ebe9 code=0x7ffc0000
[  717.614488][   T30] audit: type=1326 audit(1756994550.080:497): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10947 comm="syz.3.1188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=141 compat=0 ip=0x7f568338ebe9 code=0x7ffc0000
[  717.630153][T10941] XFS (loop7): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  717.645687][   T30] audit: type=1326 audit(1756994550.080:498): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10947 comm="syz.3.1188" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f568338ebe9 code=0x7ffc0000
[  717.668714][T10949] BTRFS info (device loop8): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  717.680292][T10949] BTRFS info (device loop8): using sha256 (sha256-lib) checksum algorithm
[  717.715887][T10941] XFS (loop7): Ending clean mount
[  717.739080][T10941] XFS (loop7): Quotacheck needed: Please wait.
[  717.795696][ T8708] XFS (loop7): Metadata CRC error detected at xfs_agf_read_verify+0x139/0x1e0, xfs_agf block 0x1 
[  717.837726][ T1213] em28xx 4-1:0.132: Config register raw data: 0xffffffed
[  717.870770][ T8708] XFS (loop7): Unmount and run xfs_repair
[  717.876525][ T8708] XFS (loop7): First 128 bytes of corrupted metadata buffer:
[  717.885351][ T8708] 00000000: 58 41 47 46 00 00 00 01 00 00 00 00 00 00 40 00  XAGF..........@.
[  717.894422][ T8708] 00000010: 00 00 00 02 00 00 00 03 00 00 00 00 00 00 00 01  ................
[  717.903604][ T8708] 00000020: 00 00 00 01 00 00 00 00 00 00 00 01 01 00 00 04  ................
[  717.912766][ T8708] 00000030: 00 00 00 04 00 00 3f ca 00 00 3f c7 00 00 00 00  ......?...?.....
[  717.921936][ T8708] 00000040: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  717.931116][ T8708] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  717.952662][ T8708] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  718.025962][ T8708] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  718.085917][ T8708] XFS (loop7): metadata I/O error in "xfs_read_agf+0x290/0x560" at daddr 0x1 len 1 error 74
[  718.169522][ T1213] em28xx 4-1:0.132: AC97 chip type couldn't be determined
[  718.178722][ T1213] em28xx 4-1:0.132: No AC97 audio processor
[  718.185509][T10978] loop3: detected capacity change from 0 to 32768
[  718.193633][T10941] XFS (loop7): Quotacheck: Unsuccessful (Error -117): Disabling quotas.
[  718.203408][T10978] bcachefs: bch2_fs_parse_param() Error parsing option journal_flush_delay: option_value
[  718.251042][T10949] BTRFS info (device loop8): rebuilding free space tree
[  718.320638][T10949] BTRFS info (device loop8): enabling ssd optimizations
[  718.327654][T10949] BTRFS info (device loop8): using spread ssd allocation scheme
[  718.335417][T10949] BTRFS info (device loop8): enabling free space tree
[  718.342357][T10949] BTRFS info (device loop8): force clearing of disk cache
[  718.349482][T10949] BTRFS info (device loop8): enabling auto defrag
[  718.356410][T10949] BTRFS info (device loop8): doing ref verification
[  718.363096][T10949] BTRFS info (device loop8): trying to use backup root at mount time
[  718.371225][T10949] BTRFS info (device loop8): max_inline set to 4096
[  718.378755][ T1213] usb 4-1: Decoder not found
[  718.383411][ T1213] em28xx 4-1:0.132: failed to create media graph
[  718.479750][ T1213] em28xx 4-1:0.132: V4L2 device video103 deregistered
[  718.550980][ T1213] em28xx 4-1:0.132: Remote control support is not available for this card.
[  718.565213][   T24] em28xx 4-1:0.132: Closing input extension
[  718.598420][   T24] em28xx 4-1:0.132: Freeing device
[  718.614364][T10986] BTRFS info (device loop8): space_info DATA+METADATA (sub-group id 0) has 159744 free, is not full
[  718.626665][T10986] BTRFS info (device loop8): space_info total=3276800, used=49152, pinned=12288, reserved=12288, may_use=3043328, readonly=0 zone_unusable=0
[  718.641373][T10986] BTRFS info (device loop8): global_block_rsv: size 1441792 reserved 1441792
[  718.650453][T10986] BTRFS info (device loop8): trans_block_rsv: size 0 reserved 0
[  718.658110][T10986] BTRFS info (device loop8): chunk_block_rsv: size 0 reserved 0
[  718.665811][T10986] BTRFS info (device loop8): delayed_block_rsv: size 0 reserved 0
[  718.673689][T10986] BTRFS info (device loop8): delayed_refs_rsv: size 688128 reserved 688128
[  718.700895][ T8015] XFS (loop7): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  718.892039][ T8015] XFS (loop7): Uncorrected metadata errors detected; please run xfs_repair.
[  719.033903][T10443] BTRFS info (device loop8): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  719.045824][T10984] loop2: detected capacity change from 0 to 4096
[  719.126786][T10984] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512).
[  719.768920][T10984] ntfs3(loop2): ino=0, attr_set_size
[  719.773316][T11007] loop5: detected capacity change from 0 to 256
[  719.791642][T10984] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  719.914428][T11010] ntfs3(loop2): ino=0, attr_set_size
[  719.999303][T11007] FAT-fs (loop5): Directory bread(block 64) failed
[  720.004911][T11012] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  720.028388][T11007] FAT-fs (loop5): Directory bread(block 65) failed
[  720.110822][T11007] FAT-fs (loop5): Directory bread(block 66) failed
[  720.159770][T11007] FAT-fs (loop5): Directory bread(block 67) failed
[  720.220831][T11007] FAT-fs (loop5): Directory bread(block 68) failed
[  720.227433][T11007] FAT-fs (loop5): Directory bread(block 69) failed
[  720.339826][T11007] FAT-fs (loop5): Directory bread(block 70) failed
[  720.380001][T11007] FAT-fs (loop5): Directory bread(block 71) failed
[  720.386647][T11007] FAT-fs (loop5): Directory bread(block 72) failed
[  720.459917][T11007] FAT-fs (loop5): Directory bread(block 73) failed
[  720.969753][   T24] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  721.110344][T11033] loop8: detected capacity change from 0 to 128
[  721.163086][   T24] usb 4-1: Using ep0 maxpacket: 16
[  721.209850][T11033] FAT-fs (loop8): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1)
[  721.239854][   T24] usb 4-1: New USB device found, idVendor=0403, idProduct=b8d8, bcdDevice=30.bb
[  721.279584][   T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  721.318045][   T24] usb 4-1: Product: syz
[  721.394723][T11033] FAT-fs (loop8): FAT read failed (blocknr 32)
[  721.728414][T11040] loop6: detected capacity change from 0 to 40427
[  721.736210][T11040] F2FS-fs: heap/no_heap options were deprecated
[  721.743358][   T24] usb 4-1: Manufacturer: syz
[  721.748829][   T24] usb 4-1: SerialNumber: syz
[  721.753584][T11040] F2FS-fs (loop6): build fault injection rate: 19
[  721.789395][T11040] F2FS-fs (loop6): invalid crc value
[  721.922187][T11040] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  721.939878][T11040] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  722.050407][ T8708] FAT-fs (loop8): Invalid FSINFO signature: 0x00fffff8, 0x00000000 (sector = 1)
[  722.125593][T11024] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  722.221614][T11024] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  722.242991][ T8146] syz-executor: attempt to access beyond end of device
[  722.242991][ T8146] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  722.374323][ T8146] CPU: 1 UID: 0 PID: 8146 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  722.374374][ T8146] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  722.374396][ T8146] Call Trace:
[  722.374408][ T8146]  <TASK>
[  722.374421][ T8146]  dump_stack_lvl+0x16c/0x1f0
[  722.374485][ T8146]  f2fs_handle_critical_error+0x624/0x9f0
[  722.374536][ T8146]  ? srso_alias_return_thunk+0x5/0xfbef5
[  722.374583][ T8146]  ? f2fs_build_fault_attr+0x53/0x1f0
[  722.374634][ T8146]  f2fs_write_end_io+0x958/0xcf0
[  722.374690][ T8146]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  722.374748][ T8146]  ? srso_alias_return_thunk+0x5/0xfbef5
[  722.374803][ T8146]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  722.374854][ T8146]  bio_endio+0x713/0x860
[  722.374913][ T8146]  submit_bio_noacct+0x306/0x1ed0
[  722.374967][ T8146]  __submit_merged_bio+0x33c/0x770
[  722.375025][ T8146]  __submit_merged_write_cond+0x319/0x3f0
[  722.375090][ T8146]  f2fs_write_cache_pages+0x2067/0x2570
[  722.375180][ T8146]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  722.375254][ T8146]  ? srso_alias_return_thunk+0x5/0xfbef5
[  722.375299][ T8146]  ? __lock_acquire+0x62e/0x1ce0
[  722.375370][ T8146]  ? srso_alias_return_thunk+0x5/0xfbef5
[  722.375415][ T8146]  ? __lock_acquire+0x62e/0x1ce0
[  722.375513][ T8146]  ? srso_alias_return_thunk+0x5/0xfbef5
[  722.375559][ T8146]  ? check_irq_usage+0xcb/0x920
[  722.375613][ T8146]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  722.375707][ T8146]  ? srso_alias_return_thunk+0x5/0xfbef5
[  722.375761][ T8146]  ? srso_alias_return_thunk+0x5/0xfbef5
[  722.375815][ T8146]  f2fs_write_data_pages+0x4ad/0xd90
[  722.375884][ T8146]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  722.375941][ T8146]  ? srso_alias_return_thunk+0x5/0xfbef5
[  722.375998][ T8146]  ? srso_alias_return_thunk+0x5/0xfbef5
[  722.376049][ T8146]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  722.376113][ T8146]  do_writepages+0x27a/0x600
[  722.376169][ T8146]  ? __pfx_do_writepages+0x10/0x10
[  722.376215][ T8146]  ? do_raw_spin_unlock+0x172/0x230
[  722.376262][ T8146]  ? srso_alias_return_thunk+0x5/0xfbef5
[  722.376307][ T8146]  ? _raw_spin_unlock+0x28/0x50
[  722.376357][ T8146]  filemap_fdatawrite_wbc+0x104/0x160
[  722.376411][ T8146]  __filemap_fdatawrite_range+0xb9/0x100
[  722.376475][ T8146]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  722.376594][ T8146]  ? find_held_lock+0x2b/0x80
[  722.376643][ T8146]  ? srso_alias_return_thunk+0x5/0xfbef5
[  722.376689][ T8146]  ? do_raw_spin_unlock+0x172/0x230
[  722.376731][ T8146]  ? srso_alias_return_thunk+0x5/0xfbef5
[  722.376783][ T8146]  f2fs_sync_dirty_inodes+0x2a9/0x990
[  722.376867][ T8146]  block_operations+0x2b0/0xfe0
[  722.376935][ T8146]  ? __pfx___schedule+0x10/0x10
[  722.376984][ T8146]  ? __pfx_block_operations+0x10/0x10
[  722.377103][ T8146]  ? srso_alias_return_thunk+0x5/0xfbef5
[  722.377147][ T8146]  ? down_write+0x14d/0x200
[  722.377205][ T8146]  ? __pfx_down_write+0x10/0x10
[  722.377273][ T8146]  ? srso_alias_return_thunk+0x5/0xfbef5
[  722.377317][ T8146]  ? rcu_is_watching+0x12/0xc0
[  722.377372][ T8146]  f2fs_write_checkpoint+0x2b8/0x4c60
[  722.377444][ T8146]  ? srso_alias_return_thunk+0x5/0xfbef5
[  722.377489][ T8146]  ? kfree+0x2b4/0x4d0
[  722.377534][ T8146]  ? srso_alias_return_thunk+0x5/0xfbef5
[  722.377583][ T8146]  ? srso_alias_return_thunk+0x5/0xfbef5
[  722.377628][ T8146]  ? rcu_is_watching+0x12/0xc0
[  722.377675][ T8146]  ? srso_alias_return_thunk+0x5/0xfbef5
[  722.377719][ T8146]  ? kthread_stop+0x273/0x630
[  722.377759][ T8146]  kill_f2fs_super+0x3c2/0x470
[  722.377795][ T8146]  ? __pfx_kill_f2fs_super+0x10/0x10
[  722.377830][ T8146]  ? lockdep_hardirqs_on+0x7c/0x110
[  722.377900][ T8146]  deactivate_locked_super+0xc1/0x1a0
[  722.377959][ T8146]  deactivate_super+0xde/0x100
[  722.378017][ T8146]  cleanup_mnt+0x225/0x450
[  722.378079][ T8146]  task_work_run+0x150/0x240
[  722.378119][ T8146]  ? __pfx_task_work_run+0x10/0x10
[  722.378154][ T8146]  ? srso_alias_return_thunk+0x5/0xfbef5
[  722.378199][ T8146]  ? __pfx___x64_sys_umount+0x10/0x10
[  722.378248][ T8146]  exit_to_user_mode_loop+0xeb/0x110
[  722.378287][ T8146]  do_syscall_64+0x3f6/0x4c0
[  722.378342][ T8146]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  722.378375][ T8146] RIP: 0033:0x7f6e3fd8ff17
[  722.378402][ T8146] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  722.378435][ T8146] RSP: 002b:00007ffe4ee6dae8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  722.378467][ T8146] RAX: 0000000000000000 RBX: 00007f6e3fe11c05 RCX: 00007f6e3fd8ff17
[  722.378489][ T8146] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe4ee6dba0
[  722.378510][ T8146] RBP: 00007ffe4ee6dba0 R08: 0000000000000000 R09: 0000000000000000
[  722.378531][ T8146] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe4ee6ec30
[  722.378553][ T8146] R13: 00007f6e3fe11c05 R14: 00000000000b04c6 R15: 00007ffe4ee6ec70
[  722.378598][ T8146]  </TASK>
[  722.847111][    C1] vkms_vblank_simulate: vblank timer overrun
[  722.872074][ T8146] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  723.463112][   T24] usb 4-1: Quirk or no altset; falling back to MIDI 1.0
[  723.534343][   T24] snd-usb-audio 4-1:222.0: probe with driver snd-usb-audio failed with error -71
[  723.567809][   T24] usb 4-1: USB disconnect, device number 17
[  723.607850][ T7574] udevd[7574]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:222.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  723.624922][ T6093] usb 8-1: new full-speed USB device number 13 using dummy_hcd
[  723.802587][ T6093] usb 8-1: config 0 interface 0 altsetting 32 endpoint 0x81 has invalid wMaxPacketSize 0
[  723.829840][ T6093] usb 8-1: config 0 interface 0 has no altsetting 0
[  723.841488][ T6093] usb 8-1: New USB device found, idVendor=07b5, idProduct=0312, bcdDevice= 0.00
[  723.860870][ T6093] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  723.916130][ T6093] usb 8-1: config 0 descriptor??
[  723.966287][T11077] loop8: detected capacity change from 0 to 128
[  723.977418][T11077] FAT-fs (loop8): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  724.026049][T11077] FAT-fs (loop8): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  724.209416][ T6598] FAT-fs (loop8): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  724.474290][ T6093] megaworld 0003:07B5:0312.0007: hidraw0: USB HID v0.00 Device [HID 07b5:0312] on usb-dummy_hcd.7-1/input0
[  724.540820][T11085] syz.6.1229: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  724.590749][T11085] CPU: 0 UID: 0 PID: 11085 Comm: syz.6.1229 Not tainted syzkaller #0 PREEMPT(full) 
[  724.590799][T11085] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  724.590823][T11085] Call Trace:
[  724.590835][T11085]  <TASK>
[  724.590848][T11085]  dump_stack_lvl+0x16c/0x1f0
[  724.590909][T11085]  warn_alloc+0x248/0x3a0
[  724.590975][T11085]  ? __pfx_warn_alloc+0x10/0x10
[  724.591033][T11085]  ? __pfx_stack_trace_save+0x10/0x10
[  724.591105][T11085]  ? srso_alias_return_thunk+0x5/0xfbef5
[  724.591153][T11085]  ? kasan_save_stack+0x42/0x60
[  724.591211][T11085]  ? kasan_save_stack+0x33/0x60
[  724.591268][T11085]  ? kasan_save_track+0x14/0x30
[  724.591328][T11085]  ? xskq_create+0x52/0x1d0
[  724.591372][T11085]  ? xsk_setsockopt+0x792/0x9a0
[  724.591411][T11085]  ? do_sock_setsockopt+0xf3/0x1d0
[  724.591478][T11085]  ? xskq_create+0xfb/0x1d0
[  724.591531][T11085]  __vmalloc_node_range_noprof+0xff5/0x14b0
[  724.591600][T11085]  ? xskq_create+0xfb/0x1d0
[  724.591659][T11085]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  724.591729][T11085]  ? xskq_create+0xfb/0x1d0
[  724.591774][T11085]  vmalloc_user_noprof+0x9e/0xe0
[  724.591823][T11085]  ? xskq_create+0xfb/0x1d0
[  724.591869][T11085]  xskq_create+0xfb/0x1d0
[  724.591918][T11085]  xsk_setsockopt+0x792/0x9a0
[  724.591963][T11085]  ? __pfx_xsk_setsockopt+0x10/0x10
[  724.592003][T11085]  ? srso_alias_return_thunk+0x5/0xfbef5
[  724.592048][T11085]  ? find_held_lock+0x2b/0x80
[  724.592101][T11085]  ? srso_alias_return_thunk+0x5/0xfbef5
[  724.592147][T11085]  ? aa_sock_opt_perm+0xfd/0x1c0
[  724.592215][T11085]  ? __pfx_xsk_setsockopt+0x10/0x10
[  724.592260][T11085]  do_sock_setsockopt+0xf3/0x1d0
[  724.592328][T11085]  __sys_setsockopt+0x1a0/0x230
[  724.592387][T11085]  __x64_sys_setsockopt+0xbd/0x160
[  724.592435][T11085]  ? do_syscall_64+0x91/0x4c0
[  724.592490][T11085]  ? srso_alias_return_thunk+0x5/0xfbef5
[  724.592541][T11085]  ? lockdep_hardirqs_on+0x7c/0x110
[  724.592593][T11085]  do_syscall_64+0xcd/0x4c0
[  724.592653][T11085]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  724.592691][T11085] RIP: 0033:0x7f6e3fd8ebe9
[  724.592720][T11085] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  724.592758][T11085] RSP: 002b:00007f6e40b1e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  724.592793][T11085] RAX: ffffffffffffffda RBX: 00007f6e3ffc5fa0 RCX: 00007f6e3fd8ebe9
[  724.592820][T11085] RDX: 0000000000000002 RSI: 000000000000011b RDI: 0000000000000004
[  724.592843][T11085] RBP: 00007f6e3fe11e19 R08: 0000000000000004 R09: 0000000000000000
[  724.592867][T11085] R10: 0000200000000900 R11: 0000000000000246 R12: 0000000000000000
[  724.592890][T11085] R13: 00007f6e3ffc6038 R14: 00007f6e3ffc5fa0 R15: 00007ffe4ee6e858
[  724.592940][T11085]  </TASK>
[  724.593889][T11085] Mem-Info:
[  724.594349][ T6093] megaworld 0003:07B5:0312.0007: no inputs found
[  724.989828][T11085] active_anon:10834 inactive_anon:23 isolated_anon:0
[  724.989828][T11085]  active_file:4363 inactive_file:40133 isolated_file:0
[  724.989828][T11085]  unevictable:768 dirty:361 writeback:0
[  724.989828][T11085]  slab_reclaimable:11435 slab_unreclaimable:104777
[  724.989828][T11085]  mapped:35576 shmem:4240 pagetables:1764
[  724.989828][T11085]  sec_pagetables:0 bounce:0
[  724.989828][T11085]  kernel_misc_reclaimable:0
[  724.989828][T11085]  free:1293395 free_pcp:16513 free_cma:0
[  725.371858][T11090] loop3: detected capacity change from 0 to 40427
[  725.379338][T11090] F2FS-fs: heap/no_heap options were deprecated
[  725.386175][T11085] Node 0 active_anon:64048kB inactive_anon:92kB active_file:17452kB inactive_file:160328kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:142260kB dirty:1448kB writeback:0kB shmem:35632kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:13548kB pagetables:6904kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  725.418357][    C1] vkms_vblank_simulate: vblank timer overrun
[  725.498324][T11085] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:80kB pagetables:156kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  725.528290][    C1] vkms_vblank_simulate: vblank timer overrun
[  725.534709][T11090] F2FS-fs (loop3): build fault injection rate: 19
[  725.537294][ T6093] usb 8-1: USB disconnect, device number 13
[  725.564165][T11090] F2FS-fs (loop3): invalid crc value
[  725.570429][T11085] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  725.748540][T11090] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  725.771375][T11090] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  725.835049][T11085] lowmem_reserve[]: 0 2479 2481 2481 2481
[  725.914429][T11085] Node 0 DMA32 free:1255704kB boost:0kB min:34076kB low:42592kB high:51108kB reserved_highatomic:0KB free_highatomic:0KB active_anon:64172kB inactive_anon:92kB active_file:17452kB inactive_file:159172kB unevictable:1536kB writepending:1432kB present:3129332kB managed:2539492kB mlocked:0kB bounce:0kB free_pcp:36404kB local_pcp:23960kB free_cma:0kB
[  726.087216][T11085] lowmem_reserve[]: 0 0 1 1 1
[  726.149870][T11085] Node 0 Normal free:8kB boost:0kB min:16kB low:20kB high:24kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1320kB unevictable:0kB writepending:0kB present:1048580kB managed:1388kB mlocked:0kB bounce:0kB free_pcp:12kB local_pcp:4kB free_cma:0kB
[  726.178919][    C1] vkms_vblank_simulate: vblank timer overrun
[  726.262927][ T5867] syz-executor: attempt to access beyond end of device
[  726.262927][ T5867] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  726.349754][T11085] lowmem_reserve[]: 0 0 0 0 0
[  726.394474][ T5867] CPU: 1 UID: 0 PID: 5867 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  726.394522][ T5867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  726.394545][ T5867] Call Trace:
[  726.394557][ T5867]  <TASK>
[  726.394571][ T5867]  dump_stack_lvl+0x16c/0x1f0
[  726.394630][ T5867]  f2fs_handle_critical_error+0x624/0x9f0
[  726.394682][ T5867]  ? srso_alias_return_thunk+0x5/0xfbef5
[  726.394728][ T5867]  ? f2fs_build_fault_attr+0x53/0x1f0
[  726.394782][ T5867]  f2fs_write_end_io+0x958/0xcf0
[  726.394841][ T5867]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  726.394901][ T5867]  ? srso_alias_return_thunk+0x5/0xfbef5
[  726.394959][ T5867]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  726.395010][ T5867]  bio_endio+0x713/0x860
[  726.395070][ T5867]  submit_bio_noacct+0x306/0x1ed0
[  726.395127][ T5867]  __submit_merged_bio+0x33c/0x770
[  726.395188][ T5867]  __submit_merged_write_cond+0x319/0x3f0
[  726.395263][ T5867]  f2fs_write_cache_pages+0x2067/0x2570
[  726.395358][ T5867]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  726.395427][ T5867]  ? srso_alias_return_thunk+0x5/0xfbef5
[  726.395476][ T5867]  ? __lock_acquire+0x62e/0x1ce0
[  726.395551][ T5867]  ? srso_alias_return_thunk+0x5/0xfbef5
[  726.395596][ T5867]  ? __lock_acquire+0x62e/0x1ce0
[  726.395705][ T5867]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  726.395806][ T5867]  ? srso_alias_return_thunk+0x5/0xfbef5
[  726.395863][ T5867]  ? srso_alias_return_thunk+0x5/0xfbef5
[  726.395919][ T5867]  f2fs_write_data_pages+0x4ad/0xd90
[  726.395991][ T5867]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  726.396049][ T5867]  ? srso_alias_return_thunk+0x5/0xfbef5
[  726.396108][ T5867]  ? srso_alias_return_thunk+0x5/0xfbef5
[  726.396159][ T5867]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  726.396224][ T5867]  do_writepages+0x27a/0x600
[  726.396289][ T5867]  ? __pfx_do_writepages+0x10/0x10
[  726.396337][ T5867]  ? do_raw_spin_unlock+0x172/0x230
[  726.396381][ T5867]  ? srso_alias_return_thunk+0x5/0xfbef5
[  726.396426][ T5867]  ? _raw_spin_unlock+0x28/0x50
[  726.396479][ T5867]  filemap_fdatawrite_wbc+0x104/0x160
[  726.396534][ T5867]  __filemap_fdatawrite_range+0xb9/0x100
[  726.396598][ T5867]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  726.396731][ T5867]  ? find_held_lock+0x2b/0x80
[  726.396782][ T5867]  ? srso_alias_return_thunk+0x5/0xfbef5
[  726.396828][ T5867]  ? do_raw_spin_unlock+0x172/0x230
[  726.396872][ T5867]  ? srso_alias_return_thunk+0x5/0xfbef5
[  726.396926][ T5867]  f2fs_sync_dirty_inodes+0x2a9/0x990
[  726.397014][ T5867]  block_operations+0x2b0/0xfe0
[  726.397083][ T5867]  ? __pfx___schedule+0x10/0x10
[  726.397135][ T5867]  ? __pfx_block_operations+0x10/0x10
[  726.397270][ T5867]  ? srso_alias_return_thunk+0x5/0xfbef5
[  726.397316][ T5867]  ? down_write+0x14d/0x200
[  726.397373][ T5867]  ? __pfx_down_write+0x10/0x10
[  726.397435][ T5867]  ? srso_alias_return_thunk+0x5/0xfbef5
[  726.397479][ T5867]  ? rcu_is_watching+0x12/0xc0
[  726.397536][ T5867]  f2fs_write_checkpoint+0x2b8/0x4c60
[  726.397609][ T5867]  ? srso_alias_return_thunk+0x5/0xfbef5
[  726.397654][ T5867]  ? kfree+0x2b4/0x4d0
[  726.397699][ T5867]  ? srso_alias_return_thunk+0x5/0xfbef5
[  726.397748][ T5867]  ? srso_alias_return_thunk+0x5/0xfbef5
[  726.397793][ T5867]  ? rcu_is_watching+0x12/0xc0
[  726.397840][ T5867]  ? srso_alias_return_thunk+0x5/0xfbef5
[  726.397885][ T5867]  ? kthread_stop+0x273/0x630
[  726.397926][ T5867]  kill_f2fs_super+0x3c2/0x470
[  726.397963][ T5867]  ? __pfx_kill_f2fs_super+0x10/0x10
[  726.397997][ T5867]  ? lockdep_hardirqs_on+0x7c/0x110
[  726.398073][ T5867]  deactivate_locked_super+0xc1/0x1a0
[  726.398133][ T5867]  deactivate_super+0xde/0x100
[  726.398192][ T5867]  cleanup_mnt+0x225/0x450
[  726.398262][ T5867]  task_work_run+0x150/0x240
[  726.398307][ T5867]  ? __pfx_task_work_run+0x10/0x10
[  726.398345][ T5867]  ? srso_alias_return_thunk+0x5/0xfbef5
[  726.398394][ T5867]  ? __pfx___x64_sys_umount+0x10/0x10
[  726.398444][ T5867]  exit_to_user_mode_loop+0xeb/0x110
[  726.398486][ T5867]  do_syscall_64+0x3f6/0x4c0
[  726.398547][ T5867]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  726.398584][ T5867] RIP: 0033:0x7f568338ff17
[  726.398614][ T5867] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  726.398652][ T5867] RSP: 002b:00007fff6acec258 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  726.398687][ T5867] RAX: 0000000000000000 RBX: 00007f5683411c05 RCX: 00007f568338ff17
[  726.398711][ T5867] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff6acec310
[  726.398734][ T5867] RBP: 00007fff6acec310 R08: 0000000000000000 R09: 0000000000000000
[  726.398757][ T5867] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff6aced3a0
[  726.398781][ T5867] R13: 00007f5683411c05 R14: 00000000000b13ee R15: 00007fff6aced3e0
[  726.398836][ T5867]  </TASK>
[  726.401971][ T5867] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  726.679689][T11085] Node 1 Normal free:3899064kB boost:0kB min:55804kB low:69752kB high:83700kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:12032kB local_pcp:6496kB free_cma:0kB
[  727.079472][T11085] lowmem_reserve[]: 0 0 0 0 0
[  727.084367][T11085] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  727.184745][T11085] Node 0 DMA32: 905*4kB (UME) 916*8kB (UME) 494*16kB (UME) 33*32kB (ME) 84*64kB (UM) 24*128kB (UM) 17*256kB (UME) 24*512kB (UME) 21*1024kB (UM) 5*2048kB (UME) 288*4096kB (UM) = 1256388kB
[  727.288175][T11085] Node 0 Normal: 0*4kB 1*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 8kB
[  727.345014][T11085] Node 1 Normal: 198*4kB (UME) 62*8kB (UME) 43*16kB (UME) 250*32kB (UME) 85*64kB (UME) 19*128kB (UME) 4*256kB (UME) 5*512kB (UM) 3*1024kB (UM) 2*2048kB (UE) 945*4096kB (M) = 3899320kB
[  727.455042][T11085] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  727.489754][T11085] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  727.528438][T11085] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  727.559778][T11085] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  727.586294][T11085] 53681 total pagecache pages
[  727.613393][T11085] 23 pages in swap cache
[  727.623823][T11085] Free swap  = 124904kB
[  727.632566][T11085] Total swap = 124996kB
[  727.642502][T11085] 2097051 pages RAM
[  727.672120][T11085] 0 pages HighMem/MovableOnly
[  727.689213][T11085] 430216 pages reserved
[  727.707279][T11085] 0 pages cma reserved
[  727.993873][ T9392] Bluetooth: hci0: unexpected event for opcode 0x0c22
[  728.322999][T11144] loop5: detected capacity change from 0 to 32768
[  728.331032][T11144] btrfs: Deprecated parameter 'usebackuproot'
[  728.337117][T11144] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  728.350383][T11144] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.1248 (11144)
[  728.376288][T11144] BTRFS info (device loop5): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  728.388246][T11144] BTRFS info (device loop5): using sha256 (sha256-lib) checksum algorithm
[  728.580487][T11144] BTRFS info (device loop5): rebuilding free space tree
[  728.602264][T11144] BTRFS info (device loop5): enabling ssd optimizations
[  728.609262][T11144] BTRFS info (device loop5): using spread ssd allocation scheme
[  728.617113][T11144] BTRFS info (device loop5): enabling free space tree
[  728.623941][T11144] BTRFS info (device loop5): force clearing of disk cache
[  728.632605][T11144] BTRFS info (device loop5): enabling auto defrag
[  728.639035][T11144] BTRFS info (device loop5): doing ref verification
[  728.645731][T11144] BTRFS info (device loop5): trying to use backup root at mount time
[  728.653834][T11144] BTRFS info (device loop5): max_inline set to 4096
[  728.719716][   T10] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  728.864550][T11179] BTRFS info (device loop5): space_info DATA+METADATA (sub-group id 0) has 159744 free, is not full
[  728.875525][T11179] BTRFS info (device loop5): space_info total=3276800, used=53248, pinned=0, reserved=12288, may_use=3051520, readonly=0 zone_unusable=0
[  728.889742][T11179] BTRFS info (device loop5): global_block_rsv: size 1441792 reserved 1441792
[  728.898564][T11179] BTRFS info (device loop5): trans_block_rsv: size 0 reserved 0
[  728.906298][T11179] BTRFS info (device loop5): chunk_block_rsv: size 0 reserved 0
[  728.913992][T11179] BTRFS info (device loop5): delayed_block_rsv: size 32768 reserved 32768
[  728.922662][T11179] BTRFS info (device loop5): delayed_refs_rsv: size 786432 reserved 786432
[  728.956458][   T10] usb 9-1: Using ep0 maxpacket: 32
[  728.990528][   T10] usb 9-1: config 0 has an invalid interface number: 132 but max is 0
[  729.074518][T11176] s
z1: rxe_newlink: already configured on lo
[  729.074542][   T10] usb 9-1: config 0 has no interface number 0
[  729.118273][   T10] usb 9-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  729.175772][   T10] usb 9-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  729.188648][   T10] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  729.228071][   T10] usb 9-1: Product: syz
[  729.238172][   T10] usb 9-1: Manufacturer: syz
[  729.252878][   T10] usb 9-1: SerialNumber: syz
[  729.345396][   T10] usb 9-1: config 0 descriptor??
[  729.397060][   T10] em28xx 9-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  729.457114][   T10] em28xx 9-1:0.132: Video interface 132 found:
[  729.702008][ T5868] BTRFS info (device loop5): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  729.805347][   T10] em28xx 9-1:0.132: unknown em28xx chip ID (0)
[  730.236940][   T10] em28xx 9-1:0.132: reading from i2c device at 0xa0 failed: couldn't get the received message from the bridge (error=-5)
[  730.279734][ T5933] usb 6-1: new full-speed USB device number 19 using dummy_hcd
[  730.293207][   T10] em28xx 9-1:0.132: board has no eeprom
[  730.383223][   T10] em28xx 9-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  730.417296][   T10] em28xx 9-1:0.132: analog set to bulk mode.
[  730.462479][ T5873] em28xx 9-1:0.132: Registering V4L2 extension
[  730.492361][ T5933] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  730.509706][ T5933] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  730.562818][   T10] usb 9-1: USB disconnect, device number 3
[  730.573103][ T5933] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  730.607895][ T5933] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  730.625868][ T5933] usb 6-1: SerialNumber: syz
[  730.638548][   T10] em28xx 9-1:0.132: Disconnecting em28xx
[  730.674887][ T5933] cdc_ether 6-1:1.0: probe with driver cdc_ether failed with error -22
[  730.677349][T11218] loop7: detected capacity change from 0 to 512
[  730.721805][ T5933] usb-storage 6-1:1.0: USB Mass Storage device detected
[  730.731023][T11218] EXT4-fs: Ignoring removed orlov option
[  730.779715][T11218] EXT4-fs (loop7): mounting ext3 file system using the ext4 subsystem
[  730.786091][ T5933] usb-storage 6-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  730.829239][ T5933] scsi host1: usb-storage 6-1:1.0
[  730.870160][   T24] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  730.878349][T11218] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=8042c119, mo2=0002]
[  730.932465][T11218] EXT4-fs error (device loop7): ext4_iget_extra_inode:5103: inode #15: comm syz.7.1266: corrupted in-inode xattr: e_value size too large
[  730.983844][T11218] EXT4-fs error (device loop7): ext4_orphan_get:1395: comm syz.7.1266: couldn't read orphan inode 15 (err -117)
[  731.051984][   T24] usb 3-1: Using ep0 maxpacket: 8
[  731.085942][T11218] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  731.086406][   T24] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  731.226680][   T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  731.235947][T11234] mmap: syz.5.1260 (11234) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  731.261680][   T24] usb 3-1: Product: syz
[  731.281980][   T24] usb 3-1: Manufacturer: syz
[  731.339840][   T24] usb 3-1: SerialNumber: syz
[  731.347264][ T5873] em28xx 9-1:0.132: Config register raw data: 0xffffffed
[  731.374827][ T5873] em28xx 9-1:0.132: AC97 chip type couldn't be determined
[  731.389055][   T24] usb 3-1: config 0 descriptor??
[  731.409794][ T5873] em28xx 9-1:0.132: No AC97 audio processor
[  731.454036][ T5873] usb 9-1: Decoder not found
[  731.458677][ T5873] em28xx 9-1:0.132: failed to create media graph
[  731.514729][ T5873] em28xx 9-1:0.132: V4L2 device video103 deregistered
[  731.577911][ T5873] em28xx 9-1:0.132: Remote control support is not available for this card.
[  731.619231][   T10] em28xx 9-1:0.132: Closing input extension
[  731.643593][   T24] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  731.665808][   T10] em28xx 9-1:0.132: Freeing device
[  731.705342][ T8015] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  732.059793][   T24] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  732.097068][   T24] usb 3-1: USB disconnect, device number 18
[  732.401526][T11259] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1277'.
[  732.437710][T11259] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1277'.
[  732.526641][T11262] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  732.674518][T11262] syzkaller0: entered promiscuous mode
[  732.680482][T11262] syzkaller0: entered allmulticast mode
[  732.695807][T11262] tipc: Resetting bearer <eth:syzkaller0>
[  732.950566][T11268] loop6: detected capacity change from 0 to 32768
[  732.958182][T11268] btrfs: Deprecated parameter 'usebackuproot'
[  732.964377][T11268] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  732.974879][T11268] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.1279 (11268)
[  732.987349][ T5933] usb 6-1: USB disconnect, device number 19
[  733.018102][T11259] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1277'.
[  733.072742][T11259] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1277'.
[  733.092812][T11261] tipc: Resetting bearer <eth:syzkaller0>
[  733.121975][T11268] BTRFS info (device loop6): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  733.132336][T11268] BTRFS info (device loop6): using sha256 (sha256-lib) checksum algorithm
[  733.142205][   T10] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  733.355202][   T10] usb 4-1: config 0 has no interfaces?
[  733.366515][   T10] usb 4-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00
[  733.386170][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  733.416030][   T10] usb 4-1: config 0 descriptor??
[  733.480099][T11268] BTRFS info (device loop6): rebuilding free space tree
[  733.502533][T11268] BTRFS info (device loop6): enabling ssd optimizations
[  733.509542][T11268] BTRFS info (device loop6): using spread ssd allocation scheme
[  733.517523][T11268] BTRFS info (device loop6): enabling free space tree
[  733.524334][T11268] BTRFS info (device loop6): force clearing of disk cache
[  733.531533][T11268] BTRFS info (device loop6): enabling auto defrag
[  733.537960][T11268] BTRFS info (device loop6): doing ref verification
[  733.544674][T11268] BTRFS info (device loop6): trying to use backup root at mount time
[  733.553587][T11268] BTRFS info (device loop6): max_inline set to 4096
[  733.622747][T11259] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1277'.
[  733.649872][ T5933] tipc: Node number set to 1963921007
[  733.724851][T11259] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1277'.
[  733.772056][T11301] BTRFS info (device loop6): space_info DATA+METADATA (sub-group id 0) has 159744 free, is not full
[  733.783102][T11301] BTRFS info (device loop6): space_info total=3276800, used=53248, pinned=20480, reserved=0, may_use=3043328, readonly=0 zone_unusable=0
[  733.797207][T11301] BTRFS info (device loop6): global_block_rsv: size 1441792 reserved 1441792
[  733.806066][T11301] BTRFS info (device loop6): trans_block_rsv: size 0 reserved 0
[  733.813904][T11301] BTRFS info (device loop6): chunk_block_rsv: size 0 reserved 0
[  733.821695][T11301] BTRFS info (device loop6): delayed_block_rsv: size 0 reserved 0
[  733.829546][T11301] BTRFS info (device loop6): delayed_refs_rsv: size 65536 reserved 65536
[  733.900075][   T10] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  734.184667][   T10] usb 9-1: Using ep0 maxpacket: 32
[  734.217199][   T10] usb 9-1: config 0 has an invalid interface number: 132 but max is 0
[  734.237583][   T10] usb 9-1: config 0 has no interface number 0
[  734.294307][   T10] usb 9-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  734.368851][   T10] usb 9-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  734.413144][   T10] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  734.446578][ T6093] usb 4-1: USB disconnect, device number 18
[  734.460052][   T10] usb 9-1: Product: syz
[  734.496259][   T10] usb 9-1: Manufacturer: syz
[  734.522339][   T10] usb 9-1: SerialNumber: syz
[  734.573441][   T10] usb 9-1: config 0 descriptor??
[  734.599295][ T5969] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  734.623861][   T10] em28xx 9-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  734.675061][   T10] em28xx 9-1:0.132: Video interface 132 found:
[  734.805156][ T5969] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  734.835279][ T5969] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  734.865005][ T8146] BTRFS info (device loop6): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  734.885853][ T5969] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  734.930990][ T5969] usb 3-1: config 0 descriptor??
[  734.964716][ T5969] pwc: Askey VC010 type 2 USB webcam detected.
[  734.999302][   T10] em28xx 9-1:0.132: unknown em28xx chip ID (0)
[  735.397971][ T5969] pwc: recv_control_msg error -32 req 02 val 2b00
[  735.420098][ T5969] pwc: recv_control_msg error -32 req 02 val 2700
[  735.452545][   T10] em28xx 9-1:0.132: reading from i2c device at 0xa0 failed: couldn't get the received message from the bridge (error=-5)
[  735.478677][ T5969] pwc: recv_control_msg error -32 req 02 val 2c00
[  735.497511][   T10] em28xx 9-1:0.132: board has no eeprom
[  735.505895][ T5969] pwc: recv_control_msg error -32 req 04 val 1000
[  735.559740][ T5969] pwc: recv_control_msg error -32 req 04 val 1300
[  735.590334][ T5969] pwc: recv_control_msg error -32 req 04 val 1400
[  735.619707][   T10] em28xx 9-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  735.627559][   T10] em28xx 9-1:0.132: analog set to bulk mode.
[  735.701104][ T8559] em28xx 9-1:0.132: Registering V4L2 extension
[  735.747749][   T10] usb 9-1: USB disconnect, device number 4
[  735.770031][ T6093] usb 7-1: new full-speed USB device number 8 using dummy_hcd
[  735.781634][   T10] em28xx 9-1:0.132: Disconnecting em28xx
[  735.848204][ T5969] pwc: recv_control_msg error -71 req 02 val 2100
[  735.860081][ T5969] pwc: recv_control_msg error -71 req 04 val 1500
[  735.877195][ T5969] pwc: recv_control_msg error -71 req 02 val 2500
[  735.894248][ T5969] pwc: recv_control_msg error -71 req 02 val 2400
[  735.912231][ T5969] pwc: recv_control_msg error -71 req 02 val 2600
[  735.922301][ T5947] usb 6-1: new high-speed USB device number 20 using dummy_hcd
[  735.929388][ T5969] pwc: recv_control_msg error -71 req 02 val 2900
[  735.956895][ T5969] pwc: recv_control_msg error -71 req 02 val 2800
[  735.979938][ T5969] pwc: recv_control_msg error -71 req 04 val 1100
[  735.990618][ T6093] usb 7-1: config 0 interface 0 altsetting 32 endpoint 0x81 has invalid wMaxPacketSize 0
[  736.019891][ T6093] usb 7-1: config 0 interface 0 has no altsetting 0
[  736.026678][ T5969] pwc: recv_control_msg error -71 req 04 val 1200
[  736.050469][ T6093] usb 7-1: New USB device found, idVendor=07b5, idProduct=0312, bcdDevice= 0.00
[  736.089682][ T6093] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  736.100979][ T5969] pwc: Registered as video103.
[  736.109778][ T5947] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  736.122221][ T5969] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input7
[  736.132931][ T6093] usb 7-1: config 0 descriptor??
[  736.140037][ T5947] usb 6-1: config 0 has no interface number 0
[  736.158534][ T5947] usb 6-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  736.199769][ T5947] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  736.231760][ T5947] usb 6-1: Product: syz
[  736.232389][ T5969] usb 3-1: USB disconnect, device number 19
[  736.258655][ T5947] usb 6-1: Manufacturer: syz
[  736.263542][ T5947] usb 6-1: SerialNumber: syz
[  736.328918][ T5947] usb 6-1: config 0 descriptor??
[  736.383891][ T8559] em28xx 9-1:0.132: Config register raw data: 0xffffffed
[  736.419715][ T8559] em28xx 9-1:0.132: AC97 chip type couldn't be determined
[  736.459005][ T8559] em28xx 9-1:0.132: No AC97 audio processor
[  736.477936][ T8559] usb 9-1: Decoder not found
[  736.491875][ T8559] em28xx 9-1:0.132: failed to create media graph
[  736.508846][ T8559] em28xx 9-1:0.132: V4L2 device video103 deregistered
[  736.542951][T11344] ==================================================================
[  736.551040][T11344] BUG: KASAN: slab-use-after-free in v4l2_fh_init+0x27d/0x2c0
[  736.558541][T11344] Read of size 8 at addr ffff88802519c740 by task v4l_id/11344
[  736.565607][ T5947] usb 6-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  736.566086][T11344] 
[  736.566104][T11344] CPU: 0 UID: 0 PID: 11344 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(full) 
[  736.566146][T11344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  736.566169][T11344] Call Trace:
[  736.566180][T11344]  <TASK>
[  736.566194][T11344]  dump_stack_lvl+0x116/0x1f0
[  736.566246][T11344]  print_report+0xcd/0x630
[  736.566283][T11344]  ? srso_alias_return_thunk+0x5/0xfbef5
[  736.566328][T11344]  ? srso_alias_return_thunk+0x5/0xfbef5
[  736.566372][T11344]  ? __phys_addr+0xe8/0x180
[  736.566424][T11344]  ? v4l2_fh_init+0x27d/0x2c0
[  736.566472][T11344]  kasan_report+0xe0/0x110
[  736.566507][T11344]  ? v4l2_fh_init+0x27d/0x2c0
[  736.566562][T11344]  v4l2_fh_init+0x27d/0x2c0
[  736.566613][T11344]  v4l2_fh_open+0x83/0xc0
[  736.566664][T11344]  em28xx_v4l2_open+0x24e/0x7e0
[  736.566720][T11344]  v4l2_open+0x225/0x490
[  736.566765][T11344]  ? __pfx_v4l2_open+0x10/0x10
[  736.566808][T11344]  chrdev_open+0x234/0x6a0
[  736.566847][T11344]  ? __pfx_chrdev_open+0x10/0x10
[  736.566884][T11344]  ? srso_alias_return_thunk+0x5/0xfbef5
[  736.566928][T11344]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[  736.566996][T11344]  do_dentry_open+0x982/0x1530
[  736.567054][T11344]  ? __pfx_chrdev_open+0x10/0x10
[  736.567093][T11344]  ? srso_alias_return_thunk+0x5/0xfbef5
[  736.567140][T11344]  vfs_open+0x82/0x3f0
[  736.567179][T11344]  ? srso_alias_return_thunk+0x5/0xfbef5
[  736.567228][T11344]  path_openat+0x1de4/0x2cb0
[  736.567275][T11344]  ? __pfx_path_openat+0x10/0x10
[  736.567309][T11344]  ? srso_alias_return_thunk+0x5/0xfbef5
[  736.567359][T11344]  do_filp_open+0x20b/0x470
[  736.567392][T11344]  ? __pfx_do_filp_open+0x10/0x10
[  736.567444][T11344]  ? srso_alias_return_thunk+0x5/0xfbef5
[  736.567488][T11344]  ? alloc_fd+0x471/0x7d0
[  736.567552][T11344]  do_sys_openat2+0x11b/0x1d0
[  736.567595][T11344]  ? __pfx_do_sys_openat2+0x10/0x10
[  736.567637][T11344]  ? find_held_lock+0x2b/0x80
[  736.567683][T11344]  ? srso_alias_return_thunk+0x5/0xfbef5
[  736.567734][T11344]  __x64_sys_openat+0x174/0x210
[  736.567779][T11344]  ? __pfx___x64_sys_openat+0x10/0x10
[  736.567826][T11344]  ? srso_alias_return_thunk+0x5/0xfbef5
[  736.567870][T11344]  ? do_user_addr_fault+0x843/0x1370
[  736.567913][T11344]  do_syscall_64+0xcd/0x4c0
[  736.567967][T11344]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  736.568004][T11344] RIP: 0033:0x7fbdc7aa7407
[  736.568031][T11344] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[  736.568067][T11344] RSP: 002b:00007ffd900f1960 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[  736.568101][T11344] RAX: ffffffffffffffda RBX: 00007fbdc823e880 RCX: 00007fbdc7aa7407
[  736.568126][T11344] RDX: 0000000000000000 RSI: 00007ffd900f2f1d RDI: ffffffffffffff9c
[  736.568150][T11344] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  736.568172][T11344] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[  736.568195][T11344] R13: 00007ffd900f1bb0 R14: 00007fbdc83a5000 R15: 0000563709b8c4d8
[  736.568233][T11344]  </TASK>
[  736.568245][T11344] 
[  736.597498][ T5947] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  736.599148][T11344] Allocated by task 8559:
[  736.886466][T11344]  kasan_save_stack+0x33/0x60
[  736.891178][T11344]  kasan_save_track+0x14/0x30
[  736.895877][T11344]  __kasan_kmalloc+0xaa/0xb0
[  736.900486][T11344]  em28xx_v4l2_init+0x114/0x4080
[  736.905449][T11344]  em28xx_init_extension+0x13a/0x200
[  736.910737][T11344]  request_module_async+0x61/0x70
[  736.915768][T11344]  process_one_work+0x9cf/0x1b70
[  736.920712][T11344]  worker_thread+0x6c8/0xf10
[  736.925314][T11344]  kthread+0x3c5/0x780
[  736.929398][T11344]  ret_from_fork+0x5d7/0x6f0
[  736.933998][T11344]  ret_from_fork_asm+0x1a/0x30
[  736.938774][T11344] 
[  736.941087][T11344] Freed by task 8559:
[  736.945056][T11344]  kasan_save_stack+0x33/0x60
[  736.949757][T11344]  kasan_save_track+0x14/0x30
[  736.954462][T11344]  kasan_save_free_info+0x3b/0x60
[  736.959508][T11344]  __kasan_slab_free+0x60/0x70
[  736.964298][T11344]  kfree+0x2b4/0x4d0
[  736.968205][T11344]  em28xx_v4l2_init+0x22b5/0x4080
[  736.973247][T11344]  em28xx_init_extension+0x13a/0x200
[  736.978538][T11344]  request_module_async+0x61/0x70
[  736.983569][T11344]  process_one_work+0x9cf/0x1b70
[  736.988521][T11344]  worker_thread+0x6c8/0xf10
[  736.993120][T11344]  kthread+0x3c5/0x780
[  736.997190][T11344]  ret_from_fork+0x5d7/0x6f0
[  737.001783][T11344]  ret_from_fork_asm+0x1a/0x30
[  737.006559][T11344] 
[  737.008869][T11344] The buggy address belongs to the object at ffff88802519c000
[  737.008869][T11344]  which belongs to the cache kmalloc-8k of size 8192
[  737.022919][T11344] The buggy address is located 1856 bytes inside of
[  737.022919][T11344]  freed 8192-byte region [ffff88802519c000, ffff88802519e000)
[  737.036891][T11344] 
[  737.039205][T11344] The buggy address belongs to the physical page:
[  737.045604][T11344] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x25198
[  737.054362][T11344] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  737.062857][T11344] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  737.070835][T11344] page_type: f5(slab)
[  737.074817][T11344] raw: 00fff00000000040 ffff88801b842280 0000000000000000 dead000000000001
[  737.083403][T11344] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[  737.091990][T11344] head: 00fff00000000040 ffff88801b842280 0000000000000000 dead000000000001
[  737.100665][T11344] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[  737.109335][T11344] head: 00fff00000000003 ffffea0000946601 00000000ffffffff 00000000ffffffff
[  737.118006][T11344] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  737.126668][T11344] page dumped because: kasan: bad access detected
[  737.133070][T11344] page_owner tracks the page as allocated
[  737.138771][T11344] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x528c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP), pid 5866, tgid 5866 (syz-executor), ts 113117031390, free_ts 113074970198
[  737.158670][T11344]  post_alloc_hook+0x1c0/0x230
[  737.163459][T11344]  get_page_from_freelist+0x132b/0x38e0
[  737.169031][T11344]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  737.174945][T11344]  alloc_pages_mpol+0x1fb/0x550
[  737.179797][T11344]  new_slab+0x247/0x330
[  737.183989][T11344]  ___slab_alloc+0xcf2/0x1740
[  737.188676][T11344]  __slab_alloc.constprop.0+0x56/0xb0
[  737.194061][T11344]  __kvmalloc_node_noprof+0x3b1/0x620
[  737.199454][T11344]  pfifo_fast_init+0x125/0x3b0
[  737.204229][T11344]  qdisc_create_dflt+0x125/0x490
[  737.209183][T11344]  dev_activate+0x63f/0x12d0
[  737.213782][T11344]  __dev_open+0x432/0x7c0
[  737.218124][T11344]  __dev_change_flags+0x55d/0x720
[  737.223160][T11344]  netif_change_flags+0x8d/0x160
[  737.228112][T11344]  do_setlink.constprop.0+0xb53/0x4380
[  737.233591][T11344]  rtnl_newlink+0x1446/0x2000
[  737.238286][T11344] page last free pid 5868 tgid 5868 stack trace:
[  737.244601][T11344]  __free_frozen_pages+0x7d5/0x10f0
[  737.249815][T11344]  __put_partials+0x165/0x1c0
[  737.254510][T11344]  qlist_free_all+0x4d/0x120
[  737.259119][T11344]  kasan_quarantine_reduce+0x195/0x1e0
[  737.264599][T11344]  __kasan_slab_alloc+0x69/0x90
[  737.269475][T11344]  kmem_cache_alloc_node_noprof+0x1d5/0x3b0
[  737.275396][T11344]  __alloc_skb+0x2b2/0x380
[  737.279821][T11344]  netlink_ack+0x15d/0xb80
[  737.284254][T11344]  netlink_rcv_skb+0x332/0x420
[  737.289034][T11344]  netlink_unicast+0x5aa/0x870
[  737.293817][T11344]  netlink_sendmsg+0x8d1/0xdd0
[  737.298601][T11344]  __sys_sendto+0x4a3/0x520
[  737.303112][T11344]  __x64_sys_sendto+0xe0/0x1c0
[  737.307884][T11344]  do_syscall_64+0xcd/0x4c0
[  737.312408][T11344]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  737.318305][T11344] 
[  737.320633][T11344] Memory state around the buggy address:
[  737.326251][T11344]  ffff88802519c600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  737.334309][T11344]  ffff88802519c680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  737.342370][T11344] >ffff88802519c700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  737.350429][T11344]                                            ^
[  737.356574][T11344]  ffff88802519c780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  737.364631][T11344]  ffff88802519c800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  737.372685][T11344] ==================================================================
[  737.380764][    C0] vkms_vblank_simulate: vblank timer overrun
[  737.398877][ T8559] em28xx 9-1:0.132: Remote control support is not available for this card.
[  737.400012][ T5947] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  737.429795][ T5947] usb 6-1: media controller created
[  737.430287][   T10] em28xx 9-1:0.132: Closing input extension
[  737.478475][ T5947] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  737.574651][T11344] Disabling lock debugging due to kernel taint
[  737.581411][T11344] ==================================================================
[  737.589476][T11344] BUG: KASAN: slab-use-after-free in v4l2_fh_init+0xd4/0x2c0
[  737.596880][T11344] Write of size 8 at addr ffff88802519c7a8 by task v4l_id/11344
[  737.604514][T11344] 
[  737.606840][T11344] CPU: 0 UID: 0 PID: 11344 Comm: v4l_id Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  737.606892][T11344] Tainted: [B]=BAD_PAGE
[  737.606906][T11344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  737.606928][T11344] Call Trace:
[  737.606940][T11344]  <TASK>
[  737.606953][T11344]  dump_stack_lvl+0x116/0x1f0
[  737.607007][T11344]  print_report+0xcd/0x630
[  737.607039][T11344]  ? srso_alias_return_thunk+0x5/0xfbef5
[  737.607085][T11344]  ? srso_alias_return_thunk+0x5/0xfbef5
[  737.607129][T11344]  ? __phys_addr+0xe8/0x180
[  737.607181][T11344]  ? v4l2_fh_init+0xd4/0x2c0
[  737.607232][T11344]  kasan_report+0xe0/0x110
[  737.607272][T11344]  ? v4l2_fh_init+0xd4/0x2c0
[  737.607328][T11344]  kasan_check_range+0x100/0x1b0
[  737.607370][T11344]  v4l2_fh_init+0xd4/0x2c0
[  737.607421][T11344]  v4l2_fh_open+0x83/0xc0
[  737.607472][T11344]  em28xx_v4l2_open+0x24e/0x7e0
[  737.607529][T11344]  v4l2_open+0x225/0x490
[  737.607574][T11344]  ? __pfx_v4l2_open+0x10/0x10
[  737.607618][T11344]  chrdev_open+0x234/0x6a0
[  737.607656][T11344]  ? __pfx_chrdev_open+0x10/0x10
[  737.607694][T11344]  ? srso_alias_return_thunk+0x5/0xfbef5
[  737.607738][T11344]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[  737.607806][T11344]  do_dentry_open+0x982/0x1530
[  737.607864][T11344]  ? __pfx_chrdev_open+0x10/0x10
[  737.607902][T11344]  ? srso_alias_return_thunk+0x5/0xfbef5
[  737.607949][T11344]  vfs_open+0x82/0x3f0
[  737.607989][T11344]  ? srso_alias_return_thunk+0x5/0xfbef5
[  737.608037][T11344]  path_openat+0x1de4/0x2cb0
[  737.608078][T11344]  ? __pfx_path_openat+0x10/0x10
[  737.608112][T11344]  ? srso_alias_return_thunk+0x5/0xfbef5
[  737.608162][T11344]  do_filp_open+0x20b/0x470
[  737.608195][T11344]  ? __pfx_do_filp_open+0x10/0x10
[  737.608245][T11344]  ? srso_alias_return_thunk+0x5/0xfbef5
[  737.608294][T11344]  ? alloc_fd+0x471/0x7d0
[  737.608358][T11344]  do_sys_openat2+0x11b/0x1d0
[  737.608402][T11344]  ? __pfx_do_sys_openat2+0x10/0x10
[  737.608444][T11344]  ? find_held_lock+0x2b/0x80
[  737.608490][T11344]  ? srso_alias_return_thunk+0x5/0xfbef5
[  737.608542][T11344]  __x64_sys_openat+0x174/0x210
[  737.608587][T11344]  ? __pfx___x64_sys_openat+0x10/0x10
[  737.608634][T11344]  ? srso_alias_return_thunk+0x5/0xfbef5
[  737.608679][T11344]  ? do_user_addr_fault+0x843/0x1370
[  737.608720][T11344]  do_syscall_64+0xcd/0x4c0
[  737.608775][T11344]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  737.608812][T11344] RIP: 0033:0x7fbdc7aa7407
[  737.608839][T11344] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[  737.608876][T11344] RSP: 002b:00007ffd900f1960 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[  737.608910][T11344] RAX: ffffffffffffffda RBX: 00007fbdc823e880 RCX: 00007fbdc7aa7407
[  737.608935][T11344] RDX: 0000000000000000 RSI: 00007ffd900f2f1d RDI: ffffffffffffff9c
[  737.608960][T11344] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  737.608982][T11344] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[  737.609005][T11344] R13: 00007ffd900f1bb0 R14: 00007fbdc83a5000 R15: 0000563709b8c4d8
[  737.609041][T11344]  </TASK>
[  737.609053][T11344] 
[  737.915118][T11344] Allocated by task 8559:
[  737.919445][T11344]  kasan_save_stack+0x33/0x60
[  737.924159][T11344]  kasan_save_track+0x14/0x30
[  737.928867][T11344]  __kasan_kmalloc+0xaa/0xb0
[  737.933484][T11344]  em28xx_v4l2_init+0x114/0x4080
[  737.938450][T11344]  em28xx_init_extension+0x13a/0x200
[  737.943781][T11344]  request_module_async+0x61/0x70
[  737.944437][T11348] loop8: detected capacity change from 0 to 65536
[  737.948821][T11344]  process_one_work+0x9cf/0x1b70
[  737.948867][T11344]  worker_thread+0x6c8/0xf10
[  737.958995][ T5947] i2c i2c-3: ec100: i2c rd failed=-32 reg=33
[  737.960160][T11344]  kthread+0x3c5/0x780
[  737.960197][T11344]  ret_from_fork+0x5d7/0x6f0
[  737.979322][T11344]  ret_from_fork_asm+0x1a/0x30
[  737.983567][ T5947] usb 6-1: USB disconnect, device number 20
[  737.984106][T11344] 
[  737.984116][T11344] Freed by task 8559:
[  737.996233][T11344]  kasan_save_stack+0x33/0x60
[  738.000941][T11344]  kasan_save_track+0x14/0x30
[  738.005652][T11344]  kasan_save_free_info+0x3b/0x60
[  738.010698][T11344]  __kasan_slab_free+0x60/0x70
[  738.015495][T11344]  kfree+0x2b4/0x4d0
[  738.019455][T11344]  em28xx_v4l2_init+0x22b5/0x4080
[  738.024510][T11344]  em28xx_init_extension+0x13a/0x200
[  738.029807][T11344]  request_module_async+0x61/0x70
[  738.034841][T11344]  process_one_work+0x9cf/0x1b70
[  738.039784][T11344]  worker_thread+0x6c8/0xf10
[  738.044380][T11344]  kthread+0x3c5/0x780
[  738.048448][T11344]  ret_from_fork+0x5d7/0x6f0
[  738.053037][T11344]  ret_from_fork_asm+0x1a/0x30
[  738.057813][T11344] 
[  738.060124][T11344] The buggy address belongs to the object at ffff88802519c000
[  738.060124][T11344]  which belongs to the cache kmalloc-8k of size 8192
[  738.074176][T11344] The buggy address is located 1960 bytes inside of
[  738.074176][T11344]  freed 8192-byte region [ffff88802519c000, ffff88802519e000)
[  738.088151][T11344] 
[  738.090463][T11344] The buggy address belongs to the physical page:
[  738.096861][T11344] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x25198
[  738.105619][T11344] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  738.114115][T11344] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  738.122097][T11344] page_type: f5(slab)
[  738.126076][T11344] raw: 00fff00000000040 ffff88801b842280 0000000000000000 dead000000000001
[  738.134660][T11344] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[  738.143246][T11344] head: 00fff00000000040 ffff88801b842280 0000000000000000 dead000000000001
[  738.151921][T11344] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000
[  738.160597][T11344] head: 00fff00000000003 ffffea0000946601 00000000ffffffff 00000000ffffffff
[  738.169276][T11344] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008
[  738.177940][T11344] page dumped because: kasan: bad access detected
[  738.184341][T11344] page_owner tracks the page as allocated
[  738.190042][T11344] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x528c0(GFP_NOWAIT|__GFP_IO|__GFP_FS|__GFP_NORETRY|__GFP_COMP), pid 5866, tgid 5866 (syz-executor), ts 113117031390, free_ts 113074970198
[  738.209943][T11344]  post_alloc_hook+0x1c0/0x230
[  738.214728][T11344]  get_page_from_freelist+0x132b/0x38e0
[  738.220294][T11344]  __alloc_frozen_pages_noprof+0x261/0x23f0
[  738.226211][T11344]  alloc_pages_mpol+0x1fb/0x550
[  738.231066][T11344]  new_slab+0x247/0x330
[  738.235234][T11344]  ___slab_alloc+0xcf2/0x1740
[  738.239928][T11344]  __slab_alloc.constprop.0+0x56/0xb0
[  738.245312][T11344]  __kvmalloc_node_noprof+0x3b1/0x620
[  738.250702][T11344]  pfifo_fast_init+0x125/0x3b0
[  738.255475][T11344]  qdisc_create_dflt+0x125/0x490
[  738.260431][T11344]  dev_activate+0x63f/0x12d0
[  738.265036][T11344]  __dev_open+0x432/0x7c0
[  738.269376][T11344]  __dev_change_flags+0x55d/0x720
[  738.274411][T11344]  netif_change_flags+0x8d/0x160
[  738.279360][T11344]  do_setlink.constprop.0+0xb53/0x4380
[  738.284836][T11344]  rtnl_newlink+0x1446/0x2000
[  738.289530][T11344] page last free pid 5868 tgid 5868 stack trace:
[  738.295844][T11344]  __free_frozen_pages+0x7d5/0x10f0
[  738.301058][T11344]  __put_partials+0x165/0x1c0
[  738.305751][T11344]  qlist_free_all+0x4d/0x120
[  738.310355][T11344]  kasan_quarantine_reduce+0x195/0x1e0
[  738.315832][T11344]  __kasan_slab_alloc+0x69/0x90
[  738.320709][T11344]  kmem_cache_alloc_node_noprof+0x1d5/0x3b0
[  738.326632][T11344]  __alloc_skb+0x2b2/0x380
[  738.331060][T11344]  netlink_ack+0x15d/0xb80
[  738.335495][T11344]  netlink_rcv_skb+0x332/0x420
[  738.340294][T11344]  netlink_unicast+0x5aa/0x870
[  738.345079][T11344]  netlink_sendmsg+0x8d1/0xdd0
[  738.349858][T11344]  __sys_sendto+0x4a3/0x520
[  738.354370][T11344]  __x64_sys_sendto+0xe0/0x1c0
[  738.359142][T11344]  do_syscall_64+0xcd/0x4c0
[  738.363671][T11344]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  738.369571][T11344] 
[  738.371882][T11344] Memory state around the buggy address:
[  738.377505][T11344]  ffff88802519c680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  738.385568][T11344]  ffff88802519c700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  738.393626][T11344] >ffff88802519c780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  738.401678][T11344]                                   ^
[  738.407037][T11344]  ffff88802519c800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  738.415092][T11344]  ffff88802519c880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  738.423171][T11344] ==================================================================
[  738.431361][    C0] vkms_vblank_simulate: vblank timer overrun
[  738.468411][ T6093] megaworld 0003:07B5:0312.0008: hidraw0: USB HID v0.00 Device [HID 07b5:0312] on usb-dummy_hcd.6-1/input0
[  738.482348][ T6093] megaworld 0003:07B5:0312.0008: no inputs found
[  738.509482][T11344] Kernel panic - not syncing: kasan.fault=panic_on_write set ...
[  738.517255][T11344] CPU: 0 UID: 0 PID: 11344 Comm: v4l_id Tainted: G    B               syzkaller #0 PREEMPT(full) 
[  738.527869][T11344] Tainted: [B]=BAD_PAGE
[  738.532014][T11344] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025
[  738.542067][T11344] Call Trace:
[  738.545340][T11344]  <TASK>
[  738.548265][T11344]  dump_stack_lvl+0x3d/0x1f0
[  738.552878][T11344]  vpanic+0x6e8/0x7a0
[  738.556889][T11344]  ? __pfx_vpanic+0x10/0x10
[  738.561422][T11344]  ? srso_alias_return_thunk+0x5/0xfbef5
[  738.567069][T11344]  ? rcu_is_watching+0x12/0xc0
[  738.571854][T11344]  ? v4l2_fh_init+0xd4/0x2c0
[  738.576465][T11344]  panic+0xca/0xd0
[  738.580216][T11344]  ? __pfx_panic+0x10/0x10
[  738.584675][T11344]  ? v4l2_fh_init+0xd4/0x2c0
[  738.589287][T11344]  ? srso_alias_return_thunk+0x5/0xfbef5
[  738.594932][T11344]  ? preempt_schedule_thunk+0x16/0x30
[  738.600333][T11344]  end_report+0x159/0x170
[  738.604666][T11344]  kasan_report+0xee/0x110
[  738.609084][T11344]  ? v4l2_fh_init+0xd4/0x2c0
[  738.613697][T11344]  kasan_check_range+0x100/0x1b0
[  738.618649][T11344]  v4l2_fh_init+0xd4/0x2c0
[  738.623084][T11344]  v4l2_fh_open+0x83/0xc0
[  738.627437][T11344]  em28xx_v4l2_open+0x24e/0x7e0
[  738.632311][T11344]  v4l2_open+0x225/0x490
[  738.636567][T11344]  ? __pfx_v4l2_open+0x10/0x10
[  738.641344][T11344]  chrdev_open+0x234/0x6a0
[  738.645769][T11344]  ? __pfx_chrdev_open+0x10/0x10
[  738.650714][T11344]  ? srso_alias_return_thunk+0x5/0xfbef5
[  738.656361][T11344]  ? fsnotify_open_perm_and_set_mode+0x17c/0xa60
[  738.662725][T11344]  do_dentry_open+0x982/0x1530
[  738.667525][T11344]  ? __pfx_chrdev_open+0x10/0x10
[  738.672504][T11344]  ? srso_alias_return_thunk+0x5/0xfbef5
[  738.678158][T11344]  vfs_open+0x82/0x3f0
[  738.682234][T11344]  ? srso_alias_return_thunk+0x5/0xfbef5
[  738.687881][T11344]  path_openat+0x1de4/0x2cb0
[  738.692482][T11344]  ? __pfx_path_openat+0x10/0x10
[  738.697463][T11344]  ? srso_alias_return_thunk+0x5/0xfbef5
[  738.703116][T11344]  do_filp_open+0x20b/0x470
[  738.707626][T11344]  ? __pfx_do_filp_open+0x10/0x10
[  738.712670][T11344]  ? srso_alias_return_thunk+0x5/0xfbef5
[  738.718321][T11344]  ? alloc_fd+0x471/0x7d0
[  738.722684][T11344]  do_sys_openat2+0x11b/0x1d0
[  738.727375][T11344]  ? __pfx_do_sys_openat2+0x10/0x10
[  738.732586][T11344]  ? find_held_lock+0x2b/0x80
[  738.737278][T11344]  ? srso_alias_return_thunk+0x5/0xfbef5
[  738.742933][T11344]  __x64_sys_openat+0x174/0x210
[  738.747801][T11344]  ? __pfx___x64_sys_openat+0x10/0x10
[  738.753188][T11344]  ? srso_alias_return_thunk+0x5/0xfbef5
[  738.758833][T11344]  ? do_user_addr_fault+0x843/0x1370
[  738.764127][T11344]  do_syscall_64+0xcd/0x4c0
[  738.768657][T11344]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  738.774564][T11344] RIP: 0033:0x7fbdc7aa7407
[  738.778978][T11344] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff
[  738.798680][T11344] RSP: 002b:00007ffd900f1960 EFLAGS: 00000202 ORIG_RAX: 0000000000000101
[  738.807100][T11344] RAX: ffffffffffffffda RBX: 00007fbdc823e880 RCX: 00007fbdc7aa7407
[  738.815070][T11344] RDX: 0000000000000000 RSI: 00007ffd900f2f1d RDI: ffffffffffffff9c
[  738.823038][T11344] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000
[  738.831007][T11344] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000
[  738.838975][T11344] R13: 00007ffd900f1bb0 R14: 00007fbdc83a5000 R15: 0000563709b8c4d8
[  738.846958][T11344]  </TASK>
[  738.850216][T11344] Kernel Offset: disabled
[  738.854536][T11344] Rebooting in 86400 seconds..