last executing test programs:

3m50.409152272s ago: executing program 1 (id=2):
r0 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
r1 = socket$kcm(0xa, 0x922000000003, 0x11)
setsockopt$sock_attach_bpf(r1, 0x29, 0x24, &(0x7f00000000c0), 0x4)
sendmsg$kcm(r1, &(0x7f0000000000)={&(0x7f00000007c0)=@l2tp6={0xa, 0x0, 0x0, @mcast1}, 0x80, &(0x7f0000000080)=[{&(0x7f0000000780)="f4000900062b2c25fe80000000000000dc8b850f238466cc00007a000000ad6e911b51818462b400", 0x28}], 0x1}, 0x0)

3m49.676091007s ago: executing program 1 (id=7):
syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000640)='./bus\x00', 0x0, &(0x7f00000005c0)=ANY=[], 0x1, 0x126f, &(0x7f0000001600)="$eJzs3U1rY1UcB+B/2vQtY5uq4+gMiAfdKEKcduHKTZEZEAtKtQMqCHdsqqFpU5pQiIhTV64EP4aoS3eC+AW6ceNaEES6cTkL8UqbjDNp0o522lSG59ncwznnd8+5veXCDedw9175cn1ttVlZzVoxUihEcXMsirdTpBiJ0ejYiRdu/PzL02+98+7rC4uL15ZSur7w9tzLKaWZZ35475Nvn/2xdeHGdzPfT8Tu7Pt7f8z/untp9/LeX99ErZlqzbTRaKUs3Ww0WtnNejWt1JprlZTerFezZjVNdse4275ab2xutlO2sTJd2tyqNpsp22intWo7tQqptdVO2YdZbSNVKpU0XQoexPLXt/M8j8jzsRiPPM/zqSjFhXgkpmMmyjEbj8Zj8XhcjCfiUjwZT8Xlg17nPW8AAAAAAAAAAAAAAAAAAAB4uNxn/3+hf///xHlPGQAAAAAAAAAAAAAAAAAAAB46h/f/FyN8/x8AAAAAAAAAAAAAAAAAAACG7D7f/z+0//9F+/8BAAAAAAAAAAAAAAAAAADgLEx2DkspTUasf769vL3cOXbqF1ajFvWoxtUox59xsPu/o1O+/tritavpwGy8tH6rm7+1vTzam58bK8dsYWB+rpNPvfmJKN2bn49yXBw8/vzA/GQ8/9x+/rNOvhLl+OmDaEQ9ViIK3as/yH86l9KrbyxO9eav7Pc70ugZ3xYAAAA4TZX0j/73951up4Htnabu+3nq9iwc8/vAoffzYlwpntdVc0ez/fFaVq9Xt05YGD/6POO9NVPdniceqxARWU98pvTb0v4pTzr5UyuMDnXQseP7PMA9jeL/4I95CoXfv7qnZjKGO/pI9x89q+8/P/9dKnby/EwnNj6oaeK41NHPjMIZP5MYnrs3/bxnAgAAAAAAAAAAwH8xcPXfVET0rQf8qK/mzvLw3nj/mY8e/YshXCEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPA3O3AsAAAAACDM3zqNjg0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4KgAA//+E38bU")
mkdir(&(0x7f0000000140)='./file\x00', 0x0)
mkdir(&(0x7f00000000c0)='./file/file0\x00', 0x0)
chdir(&(0x7f0000000540)='./file0\x00')
rmdir(&(0x7f00000001c0)='./file0\x00')

3m47.50383196s ago: executing program 1 (id=17):
sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x41}}}, 0x10, 0x0}, 0x0)
r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
ioctl$VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f00000013c0)={0x0, 0x2, 0x2, {0x5, @vbi={0xfffffffc, 0x0, 0x4, 0x32315258, [], [0x8200]}}})
ioctl$VIDIOC_QBUF(r0, 0xc058565d, &(0x7f0000000200)=@fd={0x0, 0x5, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "8000"}, 0x0, 0x2, {}, 0x20800, 0x0, <r1=>0xffffffffffffffff})
close_range(r1, 0xffffffffffffffff, 0x0)

3m45.915761431s ago: executing program 1 (id=24):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0)={[{@grpquota}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x800}}, {@minixdf}]}, 0x1, 0x4fa, &(0x7f00000005c0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0)
r0 = open(&(0x7f0000000200)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_subtree(r0, &(0x7f00000001c0), 0x2, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000040)={[{0x2b, 'memory'}]}, 0x8)

3m45.06227661s ago: executing program 1 (id=28):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x2)
connect$vsock_stream(r0, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
shutdown(r0, 0x1)
poll(&(0x7f0000000180)=[{r0}], 0x1, 0x2)

3m29.531891209s ago: executing program 32 (id=28):
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
ioctl$int_in(r0, 0x5421, &(0x7f0000000240)=0x2)
connect$vsock_stream(r0, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
shutdown(r0, 0x1)
poll(&(0x7f0000000180)=[{r0}], 0x1, 0x2)

2m44.77702961s ago: executing program 0 (id=207):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000180)='syz_tun\x00', 0x10)
connect$inet(r0, &(0x7f0000000400)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000180)={{0x12, 0x1, 0x150, 0x0, 0x0, 0x0, 0x20, 0x5ac, 0x254, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x4, 0x0, 0x7, [{{0x9, 0x4, 0x0, 0x6, 0x1, 0x3, 0x1, 0x2, 0x0, {0x9, 0x21, 0x2, 0x2, 0x1, {0x22, 0xb71}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x6, 0x0, 0x7}}}}}]}}]}}, 0x0)
ioctl$sock_inet_SIOCDARP(r0, 0x8953, &(0x7f0000000100)={{0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x0, @random="08a503576a7f"}, 0x0, {0x2, 0x0, @loopback}, 'syz_tun\x00'})

2m42.439907977s ago: executing program 0 (id=216):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd2(0x0, 0x80000)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000000)={0x7c, 0x3000, 0x0, r2})
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000080)={0x5000, 0x3000, 0x8, r2})

2m41.083166277s ago: executing program 0 (id=222):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local})
write$tun(r0, &(0x7f00000000c0)={@val={0x6f01, 0x800}, @val={0x1, 0x3, 0x0, 0x4, 0x3d}, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x9, 0x48, 0x63, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffffff, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xd, 0x4, 0xc5, 0x0, 0x4000, {[@window={0x9, 0x3}, @sack={0x5, 0x1a, [0x8d6, 0x61, 0xb807, 0xffff, 0x6, 0x0]}]}}}}}}, 0x56)

2m38.81626311s ago: executing program 0 (id=230):
r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x101091, 0x0)
mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0)
ioctl$AUTOFS_DEV_IOCTL_ISMOUNTPOINT(r0, 0xc0189374, &(0x7f0000000240)={{0x1, 0x1, 0x1018, 0xffffffffffffffff, {0x2}}, './file0\x00'})

2m38.195353393s ago: executing program 0 (id=235):
syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2)
mknod(&(0x7f0000000540)='./file1\x00', 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
r1 = openat$random(0xffffffffffffff9c, &(0x7f0000000080), 0x80001, 0x0)
mount$9p_fd(0x0, &(0x7f00000006c0)='./file1\x00', &(0x7f0000000000), 0x0, &(0x7f0000000200)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

2m37.555795837s ago: executing program 0 (id=238):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r0, &(0x7f0000000180)='=', 0x1, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x0, @private1}, 0x1c)
shutdown(r0, 0x1)
r1 = dup(r0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000), &(0x7f0000000080)=0x4)

2m36.373015374s ago: executing program 33 (id=238):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r0, &(0x7f0000000180)='=', 0x1, 0x0, &(0x7f0000000200)={0xa, 0x0, 0x0, @private1}, 0x1c)
shutdown(r0, 0x1)
r1 = dup(r0)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000), &(0x7f0000000080)=0x4)

2m4.316821163s ago: executing program 4 (id=352):
sendmsg(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000200)='G', 0x1}], 0x1}, 0x0)
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x204, 0xa, 0x1})
r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
ioctl$VIDIOC_REQBUFS(r1, 0xc0585609, &(0x7f0000000040)={0x0, 0xa})

2m3.034547156s ago: executing program 5 (id=357):
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x1, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1})
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000000)=0x1)
ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000140)=@multiplanar_mmap={0x0, 0x1, 0x4, 0x0, 0x0, {0x0, 0x2710}, {}, 0x0, 0x1, {0x0}})
ppoll(&(0x7f00000001c0)=[{r0, 0x40}], 0x1, &(0x7f0000000240)={0x0, 0x989680}, 0x0, 0x0)

2m1.593480462s ago: executing program 5 (id=363):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000140)='./bus\x00', 0x0, &(0x7f0000000200)={[{@errors_remount}, {@abort}, {@quota}, {@nolazytime}, {@nojournal_checksum}, {@acl}]}, 0x5, 0x446, &(0x7f0000000d80)="$eJzs281rXFUbAPDnziT97pu8pX40rRqtYtCaNGmtXbhRFFwoCLqoy5ikJXbaSBPBlqBRpC6l4FIQl4J/gSvdiLoS3OpeCkWyaXU1cmfuTWYmM/nqJJN2fj+47Tn33uE8z9x7Zs65JxNA1xpM/0kiDkTEHxHRV63WnzBY/e/O4vzEP4vzE0mUy2/9nVTOu704P5Gfmr9uf17piSh8lsTRJu3OXr12cbxUmrqS1UfmLr0/Mnv12nPTl8YvTF2Yujx29uzpU6MvnBl7vi15pnndHvho5tiR19658cbEuRvv/vJdkuffkEebDK528Klyuc3NddbBmnLS08FA2JBitZtGb6X/90Uxli9eX7z6aUeDA7ZUuVwuP9j68EIZuI8l0ekIgM7Iv+jT+W++bdPQY0e49VJ1ApTmfSfbqkd6opCd09swv22nwYg4t/Dv1+kWW/McAgCgzg/p+OdEs/FfIWqfC/0vW0Ppj4j/R8ShiDgTEYcj4oGIyrkPRcTDG2y/cZFk5fincHNTia1TOv57MVvbqh//5aO/6C9mtYOV/HuT89OlqZPZezIUvbvT+ugqbfz4yu9ftDpWO/5Lt7T9fCyYxXGzZ3f9aybH58bvJudatz6JGOhpln+ytBKQRMSRiBjYZBvTz3x7rNWxtfNfRRvWmcrfRDxdvf4L0ZB/LmmyPnlieX1yZE+Upk6O5HfFSr/+dv3NVu3fVf5tkF7/fU3v/6X8+5Pa9drZjbdx/c/PW85pNnv/70rertv34fjc3JXRiF3J69Wga/ePNZw3tnx+mv/Q8eb9/1AsvxNHIyK9iR+JiEcj4rEs9scj4omIOL5K/j+//OR7m89/a6X5T27o+i8XdkXjnuaF4sWfvq9rtH8j+afX/3SlNJTtWc/n33ri2tzdDAAAAPeeQkQciKQwvFQuFIaHq3/Dfzj2FUozs3PPnp/54PJk9TcC/dFbyJ909dU8Dx3NpvV5fayhfip7bvxlcW+lPjwxU5rsdPLQ5fa36P+pv4qdjg7Ycn6vBd1L/4fu1ar/G//D/c/3P3SvJv1/byfiALZfs+//jzsQB7D9Gvq/aT90EfN/6F76P3SvNfv/V9sTB7CtZvfG2j+SV1BYUYjCjghjRWFPdmfvlHju1UKHP5gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADa5L8AAAD//+pp49I=")
r0 = creat(&(0x7f0000000280)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x251, &(0x7f0000000080)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000100)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x1, 0x0, r0, 0x0, 0x0, 0x4000}])

2m0.12312314s ago: executing program 5 (id=368):
syz_mount_image$ext4(&(0x7f0000000200)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800710, &(0x7f0000000100)={[{@quota}, {@bsdgroups}, {@nouid32}, {@user_xattr}, {@errors_remount}, {@oldalloc}, {@stripe={'stripe', 0x3d, 0x5}}]}, 0x2, 0x462, &(0x7f0000000d80)="$eJzs3M9vFFUcAPDvTFtQfrUi/gBRq8TY+KOlBZWDF40mHjCa6AH1VNtCCAs1tCZCiFRj8GJiSPSsHk38C7x5MerJxKveDQlRLqCnmpmdgd1lt93SpVu7n08y8N6+t/ve2zdv5s28nQbQs4azf5KIbRHxe0QMVqP1GYar/127cm7qnyvnppJYXHzjryTPd/XKuakya/m+rUVkJI1IP0mKQurNnTl7YrJSmTldxMfmT743Nnfm7NPHT04emzk2c2ri0KGDB8afe3bimY60M2vX1T0fzu7d/cpbF1+dOnLx3Z+/y+q7rUivbcct2XTzS8NZw/9ezDWmPbaqwtaf7TXhpL+LFWFF+iIi666BfPwPRl/c6LzBePnjrlYOuK2yc9Pm1skLi8AGlkS3awB0R3miz65/y22Nph7rwuUXqhdAWbuvFVs1pT/SIs9Aw/VtJw1HxJGFf7/KtujEfQgAgGV8NvXl4Xiq2fwvjXtr8u0o1lCGIuKuiNgZEXdHxK6IuCciz3tfRNy/wvIbl4Zunv+kl26pYW3K5n/PF2tb9fO/cvYXQ31FbHve/oHk6PHKzP7iOxmJgc1ZfHyJMn546bfPW6XVzv+yLSu/nAsW9bjU33CDbnpyfjKflHbA5Y8i9vQ3a39yfSUgiYjdEbFnZR+9owwcf+Lbva0yLd/+JXRgnWnxm4jHq/2/EA3tLyVLr0+O3RGVmf1j5V5xs19+vfB6q/JX1f4OyPp/S/3+X6R8faYIDL1Tu147t/IyLvzxactrmlvd/zclb+bHo3LZ9YPJ+fnT4xGbksN5vO71iRvvLeNl/qz9I/uaj/+dxXuy/n8gIrKd+MGIeCgiHi7q/khEPBoR+5Zo/08vtk5bD/0/3fT4d33/H0rq+n/lgb4TP37fqvz2+v9gHhopXsmPf8tot4Kr+e4AAADg/yLNfwOfpKPXw2k6Olr9Df+u2JJWZufmnzw6+/6p6epv5YdiIC3vdA3W3A8dTxaKT6zGJ4p7xWX6geK+8Rd9d+bx0anZynSX2w69bmuL8Z/5s6/btQNuu2braBNNHmgDNp7G8Z/WR8+/tpaVAdaU57Whdy0z/tO1qgew9pz/oXc1G//nG+LWAmBjcv6H3mX8Q+8y/qF3NYx/l/rQG1bzXL9ALwciXRfVaCvQ/t+DuN2Bt9dHNdoIdPvIBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0Bn/BQAA//8cWu+A")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8080c61)
fallocate(r0, 0x3, 0x5000000, 0x8000c62)
write$sndseq(r0, &(0x7f0000000240)=[{0x7, 0x4, 0x3, 0x9, @time={0x10000, 0x7}, {0x9, 0x3}, {0x4, 0x80}, @queue={0x22, {0xfffffff2, 0x9}}}], 0x1c)

2m0.099393923s ago: executing program 4 (id=369):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x5, 0x401d031, 0xffffffffffffffff, 0x0)
remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0)
mlock(&(0x7f0000a74000/0x1000)=nil, 0x1000)
madvise(&(0x7f0000535000/0x800000)=nil, 0x802202, 0x19)
syz_clone(0x200000, &(0x7f0000000540), 0x0, 0x0, &(0x7f0000000600), &(0x7f0000000640))

1m58.738540814s ago: executing program 5 (id=373):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0x1000e, &(0x7f0000000300), 0x3, 0x445, &(0x7f0000000b00)="$eJzs28+PE1UcAPDvTLeLCLgr4g9+qKto3PhjlwVUDh7UaOIBExM96HGzuxCksIZdEyFEwRg8GWPi3Xj0X/CkF2M8mXjVuyEhhgvgqWbaGbYtbdktLUX6+SQD78282fe+nXnte/PaAEbWVPZPErE1Iv6MiIl6trnAVP2/q5fPLly7fHYhiWr13X+SWrkrl88uFEWL87bkmek0Iv0iid1t6l05feb4fKWydCrPz66e+Gh25fSZF46dmD+6dHTp5P5Dhw4emHv5pf0v9iXOrE1Xdn26vGfnWx988/bhr5rib4mjT6a6HXy6Wu1zdcO1rSGdjA2xIWxIKSKyy1Wu9f+JKMXaxZuINz8fauOAgapWq9UtnQ+fqwJ3sSSa87o8jIrigz6b/xZb6yDg1cENP4bu0mv1CVAW99V8qx8ZizQvU26Z3/bTVES8f+7f77ItBvMcAgCgyU/Z+Of5duO/NB5qKHdfvjY0GRH3R8T2iHggInZExIMRtbIPR8QjG6y/dZHkxvFPerGnwNYpG/+9kq9tNY//itFfTJby3LZa/OXkyLHK0r78NZmO8qYsP9eljp/f+OPrTscax3/ZltVfjAXzdlwc29R8zuL86vytxNzo0vmIXWPt4k+urwQkEbEzInb1WMexZ3/Y0+nYzePvog/rTNXvI56pX/9z0RJ/Iem+Pjl7T1SW9s0Wd8WNfvv9wjud6r+l+Psgu/73tr3/r8c/mTSu165svI4Lf33ZcU7T6/0/nrxXS4/n+z6ZX109NRcxnhyuN7px//61c4t8UT6Lf3pv+/6/PdZeid0Rkd3Ej0bEYxHxeN72JyLiyYjY2yX+X19/6sPe4x+sLP7FDV3/tcR4tO5pnygd/+XHpkonb4j/Wvfrf7CWms73rOf9bz3t6u1uBgAAgP+fNCK2RpLOXE+n6cxM/fvyOyLSyvLK6nNHlj8+uVj/jcBklNPiSddEw/PQuXxaX8+fj4j6VwuK4wfy58bfljbX8jMLy5XFYQcPI25Lh/6f+bs07NYBA+f3WjC69H8YXfo/jC79H0ZXm/6/eRjtAG6/dp//nw2hHcDt19L/LfvBCDH/h9Gl/8Po0v9hJK1sjpv/SL5rovhLPZ5+1yaifEc0Y2CJSO+IZkgMKDHc9yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB++S8AAP///fHg0g==")
syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file2\x00', 0x30000, 0x0, 0x41, 0x0, 0x0)
r0 = inotify_init1(0x0)
inotify_add_watch(r0, &(0x7f00000000c0)='./file0\x00', 0x80000552)
mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file2'}}, {@workdir={'workdir', 0x3d, './file0'}}], [], 0x2c})

1m57.243354416s ago: executing program 5 (id=376):
socket$kcm(0x2, 0x1, 0x84)
unshare(0x60480)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket(0x10, 0x3, 0x0)
write(r0, &(0x7f0000000000)="3c00000058001f000307f4f9002304000a04d65f0800010002010002170003800500000099db973b91aa057972513500b0406700912deb5b85932234", 0x3c)

1m56.200758991s ago: executing program 4 (id=378):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r0}, 0x18)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r1)
sendmsg$NLBL_MGMT_C_ADDDEF(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="0100000000000000000004000000140005000303000000020000005dc00000000001080002000500000014000600ff01000000f2f3f31f00000000000001060001"], 0x4c}, 0x1, 0x0, 0x0, 0x8004}, 0x4040000)

1m56.128000639s ago: executing program 5 (id=379):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900840000000001000000940001000000fc13c40000000f00000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='netlink_extack\x00', r0}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000002100010000000000000000000a0000000000000000000000050019"], 0x24}}, 0x0)
r1 = socket$inet6(0x10, 0x3, 0x0)
sendto$inet6(r1, &(0x7f0000000000)='.', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b)

1m55.378069127s ago: executing program 34 (id=379):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900840000000001000000940001000000fc13c40000000f00000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2c, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='netlink_extack\x00', r0}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000002100010000000000000000000a0000000000000000000000050019"], 0x24}}, 0x0)
r1 = socket$inet6(0x10, 0x3, 0x0)
sendto$inet6(r1, &(0x7f0000000000)='.', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b)

1m54.899858044s ago: executing program 4 (id=383):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000b80)={[{@nombcache}, {@abort}, {@dioread_lock}, {@norecovery}, {@discard}, {@lazytime}, {@noload}, {@usrquota}, {@noauto_da_alloc}]}, 0xfe, 0x558, &(0x7f0000000c00)="$eJzs3U1rG0cfAPD/ynbenOeJAyG0PRRDDk1JI8d2X1LoIT2WNjTQ3lNhb0ywHAVLDrEbaHJoLr2UUCilgdIP0HuPoV+gnyLQBkIJpj30orLyylFsyZZtpVaq3w82mdldaXY0+x/PaCQUwMAaz/4pRLwcEV8nEcdajg1HfnB87bzVJ7dmsi2Jev2TP5JI8n3N85P8/9E881JE/PJlxJnC5nKryyvzpXI5XczzE7WF6xPV5ZWzVxdKc+lcem1qevr8W9NT777zds/q+vqlv777+MEH5786tfrtT4+O30viQhzNj7XWYw9ut2bGYzx/TUbiwoYTJ3tQWD9J9vsC2JWhPM5HIusDjsVQHvXAf98XEVEHBlQi/mFANccBzbl9j+bBL4zH769NgDbXf3jtvZE41JgbHVlNnpkZZfPdsR6Un5Xx8+/372Vb9O59CIBt3b4TEeeGhzf3f0ne/+3euS7O2VjGDvu/+g4vCWjxIBv/vNFu/FNYH/9Em/HPaJvY3Y3t47/wqAfFdJSN/95rO/5dX7QaG8pz/2uM+UaSK1fLada3/T8iTsfIwSy/1XrO+dWHHfup1vFftmXlN8eC+XU8Gj747GNmS7XSXurc6vGdiFfajn+T9fZP2rR/9npc6rKMk+n9Vzsd277+z1f9x4jX2rb/0xWtZOv1yYnG/TDRvCs2+/PuyV87lb/f9c/a/8jW9R9LWtdrqzsv44dDf6edju32/j+QfNpIH8j33SzVaouTEQeSjzbvn3r62Ga+eX5W/9Ontu7/2t3/hyPisy7rf/fE3Y6n9kP7z+6o/XeeePjh5993Kr+79n+zkTqd7+mm/+v2Avfy2gEAAAAAAEC/KUTE0UgKxfV0oVAsrn2+40QcKZQr1dqZK5Wla7PR+K7sWIwUmivdoy2fh5jMPw/bzE9tyE9HxPGI+GbocCNfnKmUZ/e78gAAAAAAAAAAAAAAAAAAANAnRjt8/z/z29B+Xx3w3PnJbxhc28Z/L37pCehL/v7D4BL/MLjEPwwu8Q+DS/zD4BL/MLjEPwwu8Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAA9denixWyrrz65NZPlZ28sL81XbpydTavzxYWlmeJMZfF6ca5SmSunxZnKwnbPV65Urk9OxdLNiVparU1Ul1cuL1SWrtUuX10ozaWX05F/pVYAAAAAAAAAAAAAAAAAAADwYqkur8yXyuV0UUJiV4nh/rgMibVEM7D3/IT72y8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQKt/AgAA//+jgjYy")
mount$overlay(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}], [], 0x2c})
syz_mount_image$msdos(&(0x7f0000000940), &(0x7f0000001cc0)='.\x00', 0x1a4a438, &(0x7f00000008c0)=ANY=[], 0xb, 0x0, &(0x7f0000000000))
chdir(&(0x7f0000000140)='./file0\x00')
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x103042, 0x0)

1m52.211120308s ago: executing program 4 (id=391):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000d84000)={0xa, 0x2, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f00000000c0), 0x0, 0x20000845, &(0x7f0000b63fe4)={0xa, 0x2}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000640)='nv\x00', 0x3)
shutdown(r0, 0x1)

1m46.960273427s ago: executing program 4 (id=407):
r0 = socket$inet6(0xa, 0x1, 0x6)
r1 = socket$igmp(0x2, 0x3, 0x2)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f00000000c0)={'batadv_slave_1\x00', <r2=>0x0})
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@remote, @in=@private=0xa010100, 0x0, 0x81b7, 0xfffc, 0x0, 0xa, 0x20, 0x0, 0x0, r2}, {0x0, 0xfffffffffffffffe, 0x0, 0x1, 0x0, 0x0, 0x65a, 0x8000}, {0x0, 0x0, 0x2}, 0x0, 0x0, 0x1}, {{@in=@broadcast, 0x20000000, 0x2b}, 0x0, @in=@local, 0x0, 0x0, 0x3, 0x5, 0x0, 0xe40b}}, 0xe8)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x39}, 0x4}, 0x1c)

1m44.24352192s ago: executing program 35 (id=407):
r0 = socket$inet6(0xa, 0x1, 0x6)
r1 = socket$igmp(0x2, 0x3, 0x2)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f00000000c0)={'batadv_slave_1\x00', <r2=>0x0})
setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@remote, @in=@private=0xa010100, 0x0, 0x81b7, 0xfffc, 0x0, 0xa, 0x20, 0x0, 0x0, r2}, {0x0, 0xfffffffffffffffe, 0x0, 0x1, 0x0, 0x0, 0x65a, 0x8000}, {0x0, 0x0, 0x2}, 0x0, 0x0, 0x1}, {{@in=@broadcast, 0x20000000, 0x2b}, 0x0, @in=@local, 0x0, 0x0, 0x3, 0x5, 0x0, 0xe40b}}, 0xe8)
connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x39}, 0x4}, 0x1c)

24.143484291s ago: executing program 7 (id=688):
r0 = syz_io_uring_setup(0x112, &(0x7f0000000140)={0x0, 0x24089, 0x80, 0x3}, &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000000c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x2, 0x0, 0x5, 0x0, 0x0})
io_uring_enter(r0, 0x47f6, 0xb277, 0x0, 0x0, 0x0)
io_uring_register$IORING_UNREGISTER_PBUF_RING(r0, 0x17, &(0x7f0000000000)={0x0}, 0x1)

23.154201927s ago: executing program 7 (id=693):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000004c0)={'geneve0\x00', <r2=>0x0})
sendto$packet(r0, &(0x7f0000000180)="0b041400e0ffe2ff02004788001ca13bb100000208007f604803", 0x10000, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14)

22.068244442s ago: executing program 7 (id=696):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000001900), 0x0, 0x0)
read$hidraw(r1, 0x0, 0x49)

20.473403153s ago: executing program 7 (id=702):
syz_mount_image$bfs(&(0x7f00000000c0), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="626673002c626673002c626673a8ea3e9173002c626673002c626673002c00"], 0x1, 0x95, &(0x7f0000000240)="$eJzszjGuAVEYBeDzZopHMxtQ2MHswVJQ0qmIxIpsxRLsQKHVjOKSiOk0Q/J9yb3J+U9zTrfjJE3SHZKuTvdqs92t5uvyp2dR92/8mirJf5JRkmlT8mVWur9Hf77ul8839F4AAOBzVdr33I4HWwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwfe4BAAD//+TcIcU=")
open(&(0x7f0000000140)='./bus\x00', 0x143142, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000080)='./bus\x00', 0x0, 0x1000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x7ffffffffffffff7, 0x7, 0x0, 0x9, 0xfffffffc, 0x0, "ef359f413bb90152f7d6d1ce5d29c3ee5e5ca9000f7c41499dc2aac63a01000000000000004faa2ad9c084a003ea00", "036c47c67808200400000000000000335263bdbcef549ba197fce47ddfdd753abd950100002a00ffffffffffffffff00000000e8f20000000200", "b900000000fffffffff2060000000000000200"})

19.710511243s ago: executing program 7 (id=707):
unshare(0x22020600)
r0 = epoll_create1(0x0)
r1 = fcntl$dupfd(r0, 0x2, 0xffffffffffffffff)
r2 = fanotify_init(0x0, 0x0)
fanotify_mark(r2, 0xd, 0x4000003a, r1, 0x0)

18.660591056s ago: executing program 7 (id=713):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r1, 0x0)
write$binfmt_script(r1, &(0x7f0000000440)={'#! ', './file1/file0', [{0x20, 'N\x18\x0e\xd39\xdc\xe0\x1c\x02\xf2\xc6lC\xda\x8dgR\xe9n\x14\xdb\xe67Jb\x87\x03 d\x9a\xcd@\xea\x05\xb8D\x87h\xe1\xed\xe6;f\x06\xc0\x8b\xef\x14P\xac]\xb2W\xd4k\b\xc5\xe54D\xae\xb9\xfcXZ\x1a|\x92\xb7Y\xe6j}\x90<y\xd0fM\xc3\xc9\xf8\x99\xa0\xa2\xb6z2E\x9a\xdb9\xa2k\xc8\xc2\xf6\xfd\xcb\xdb\x1cX\xf0\x99z\xbf\xc3\xa8\xf6\xf2\xa6\x0e\xa2(\x8c\xef\x15\xd6\xb9\x0f\xd9\f\x9e\xed\xa9\xeb\x1e_U\x85\xd9e\x15*\x11Z\x94\r}\x9d\tA \x8e\xdd\xc0\x1f\xe3^\x86\x0f'}, {0x20, '\xfe]\xe9a<$\x01)\xa3\x03D%\x06\xf9}iv\xfc\xe0\xc7s\xc1\xa5c\xa4\xfd\xb8\xea\xe5\x9a\x82w\xc6\\]\x8cB\xfb\xea\xbd\xe3\x8c@\x8aqX\xcd\xf5?\xe6\xa2z\xbdPF_\x01K5\xbf\xc0\x83=\xa9]S\xe2`\x02j;\xce\x8a\x9fY\xdc\x90L\x1f\x9cS\x83\xb4\xc3\xfb\xe9$\x80\xbd\x85\x8bu-a\x9a\xb3\xb0{\xed\xcc\xdd\xeeG\xeb\x98\xb2\xfa\xc8\xa1\x04\xd5N\x9f\xda\x95\xf8\x8c\x92v\xf3\xf6I\xeb6\xe9`\xcbt\x0f`\xb3dl\x0f\x8e\x93\x10\x97n@\xc4\xcb\xc6\x80\x17O\x8dM#x\xe2\xe9T\xda\x1d\xe6\xb1\x1b\x06\x89\x94Q\xcb\x8f\x92N\xade\xf9l\xca\x81\xd3\xd1\x84`6\xed\x98\x9a\x90:\x13\xdb\x8f\x87\xd6\xe8w\xfdb\x17}\x14*z\x98\xb3\x96\x9dW\xa7\x81\x0e\x11Q3\xc2\xbfx\x94\xbb\x13\x9b\xd2\xec/\xfac^\xa2\x8e8\xbeM\x11\xcb\x89P\xba\xd9E}\xe4\xa7M~?\xbdiMh\xce\xb2\b\x9d\xf0\xbd\xc5\xa7=A\xc9\xf6\x9c\\\x9c\xf0\xaa=\xb7\x83\x80\x10.%\t\xed\xb6\xacP\"\a\xc6\x8a\xf6GB\xd2a\x83\xa4\xa4\x1bRO\x1a\xe2N\xe6\xc8\xf2Cm\xb0\xe7\xeb\xcf\xc3\xba\xbd\xf4\xde\x8aZ@\xcd\xc9\xcbLJi8\x04q+\xf9x\xeas\xb2\xa1D\xd5\xc7\xfa\x919\x93_\xc7/:R2\xc5\xc0\xb4\"\x85\xe8THI$\xe5\xac\xb7\x13\xb2\xa5\x93\xbf\x83g5.\xb9\xd0\x89\xef\x8f\r\xa2\xfe\x90\x1b\xc8['}]}, 0x21b)
ioctl$BLKRRPART(r1, 0x125f, 0x0)

17.040133324s ago: executing program 36 (id=713):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r1, 0x0)
write$binfmt_script(r1, &(0x7f0000000440)={'#! ', './file1/file0', [{0x20, 'N\x18\x0e\xd39\xdc\xe0\x1c\x02\xf2\xc6lC\xda\x8dgR\xe9n\x14\xdb\xe67Jb\x87\x03 d\x9a\xcd@\xea\x05\xb8D\x87h\xe1\xed\xe6;f\x06\xc0\x8b\xef\x14P\xac]\xb2W\xd4k\b\xc5\xe54D\xae\xb9\xfcXZ\x1a|\x92\xb7Y\xe6j}\x90<y\xd0fM\xc3\xc9\xf8\x99\xa0\xa2\xb6z2E\x9a\xdb9\xa2k\xc8\xc2\xf6\xfd\xcb\xdb\x1cX\xf0\x99z\xbf\xc3\xa8\xf6\xf2\xa6\x0e\xa2(\x8c\xef\x15\xd6\xb9\x0f\xd9\f\x9e\xed\xa9\xeb\x1e_U\x85\xd9e\x15*\x11Z\x94\r}\x9d\tA \x8e\xdd\xc0\x1f\xe3^\x86\x0f'}, {0x20, '\xfe]\xe9a<$\x01)\xa3\x03D%\x06\xf9}iv\xfc\xe0\xc7s\xc1\xa5c\xa4\xfd\xb8\xea\xe5\x9a\x82w\xc6\\]\x8cB\xfb\xea\xbd\xe3\x8c@\x8aqX\xcd\xf5?\xe6\xa2z\xbdPF_\x01K5\xbf\xc0\x83=\xa9]S\xe2`\x02j;\xce\x8a\x9fY\xdc\x90L\x1f\x9cS\x83\xb4\xc3\xfb\xe9$\x80\xbd\x85\x8bu-a\x9a\xb3\xb0{\xed\xcc\xdd\xeeG\xeb\x98\xb2\xfa\xc8\xa1\x04\xd5N\x9f\xda\x95\xf8\x8c\x92v\xf3\xf6I\xeb6\xe9`\xcbt\x0f`\xb3dl\x0f\x8e\x93\x10\x97n@\xc4\xcb\xc6\x80\x17O\x8dM#x\xe2\xe9T\xda\x1d\xe6\xb1\x1b\x06\x89\x94Q\xcb\x8f\x92N\xade\xf9l\xca\x81\xd3\xd1\x84`6\xed\x98\x9a\x90:\x13\xdb\x8f\x87\xd6\xe8w\xfdb\x17}\x14*z\x98\xb3\x96\x9dW\xa7\x81\x0e\x11Q3\xc2\xbfx\x94\xbb\x13\x9b\xd2\xec/\xfac^\xa2\x8e8\xbeM\x11\xcb\x89P\xba\xd9E}\xe4\xa7M~?\xbdiMh\xce\xb2\b\x9d\xf0\xbd\xc5\xa7=A\xc9\xf6\x9c\\\x9c\xf0\xaa=\xb7\x83\x80\x10.%\t\xed\xb6\xacP\"\a\xc6\x8a\xf6GB\xd2a\x83\xa4\xa4\x1bRO\x1a\xe2N\xe6\xc8\xf2Cm\xb0\xe7\xeb\xcf\xc3\xba\xbd\xf4\xde\x8aZ@\xcd\xc9\xcbLJi8\x04q+\xf9x\xeas\xb2\xa1D\xd5\xc7\xfa\x919\x93_\xc7/:R2\xc5\xc0\xb4\"\x85\xe8THI$\xe5\xac\xb7\x13\xb2\xa5\x93\xbf\x83g5.\xb9\xd0\x89\xef\x8f\r\xa2\xfe\x90\x1b\xc8['}]}, 0x21b)
ioctl$BLKRRPART(r1, 0x125f, 0x0)

11.0705786s ago: executing program 6 (id=738):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_INPUT(r0, &(0x7f0000000940)={0x8, {"85f080a4933d55266e07e799aa0cc421388242df2a3c6b631b65b1c061edd2aa108c3528fe9b0bb3a53ab1200f5d01a68a4acdec8fee09648222f908c1fedc3000342e6139de28366c13509306d00ebcc67497181ac916db98af9d366b76e427d9ab5bb68095f0fb246df32b8af0783653136f8a04c03690312125c7ded6a24fda8685340c575ead69519e3583f89d467ec232d6a1ffd0463ba4ea3cbae5dae6654b5547b5458f02ac307729e57b09e134f68be44f88d72517b230b066f6315b5fb80206397bbff8cbc2a36e01c2e7b3aadb32bd3dd5288a69a991d9c674717e3abba7167280b2db3b1b8502afa4f3f296c532510c9d2dd79bb5eeb25adb5edddbdd069c09d14d15c2e7e1e2bd6c108fab3590bb22e97d6992236d2273c8bb95536f7118d007965008b125c7daac2814e6bbe1adbfa3572ad0b7ad5c26c8014118d8374ca9f285779dfee7715a403908146a74de61b3853914c89f444c12e7a38bdd46c4ed36eb806ea598f44d1dec9eff9e2476f43802211f0762b66673b45d236b2391ce322e30fb9c69fe0d514dc1f8b6e3979c1205fd5224b07d18a44fec4f6f1a6f65158bb6adcc295bf2dd7dea107f59d7e03c61fe5822292e45968956b931bdc4d6445ff1631e0b98e4b4448774dd4b9cd53a45896fdb3f03702778741ae2b45a25bf9a23fc02fb97a630f132bf9def6c6d080000000000000014f6f2377bcfc78e2e86368c138510a04cedf7175af8c2034fae7413e3ace8c71ab9a0af1ca7042011a6ed028e205648535dabf3b2f85196ae18d36b839e3cd54ae4933ad529888fdac7bb8a70c72bc0fc81ba06506f2d5bc7686e219bbe5283959cbef9950e071cb6d9f341fc624a5110341f26cebd7100599a06e61f66fae120c7fc2b34c6221200eba75bdd277114671a3fa8f058b27fd897b052f4a52afcea814df526181c75c4497210a2b8b74e26601561e78735387cf123654b0295d1d60556956b36d96dd038866c4b4db31ebdcddd4829bbc2850cd4901389e6ea6e86041e0efa1158f334e7afda0e11c2fb0e6df6364cb95659f506d5c7e63fb67c8116577d15e4a4b1fc4c27de2e52586cb1f52be9c3601f5066549de8bdc3ec07d1a84caf1961323ec2487a37b751aeabaf18647ce2dae5d9499c0f969467e6cabad198669ac96bd1488954eff0854ee0c83d7b596d273625bdb16270782321071fda5d980ded78ffa9dc2b56037d7cbf942547f48a5131f1991f6c17ae1ed5120ca6878f98e68e7997a9a2b70be640a70a34adb80de286c6692abb5f092e4e3a15283217e03d02a4054f34af3a65ef6b36f395b76a0579cffafd5d3bb0e704c935caecf3a7ab756c23fd60c9fe3f4fb2be7504f5bae22b116ff1588dcf02b327d31bf0488dba8af5b33ccf2d7d87f43bbc48fcd4f191ad6af9313ad38b8b29674bfabd6651bc1f6ce5abb4a2f1413194f96b26d7d6edc4e013fba549075c97eef508af5ca7873664b058b7bcf455a8a04b591d29fab6366c844bb75576bac2d52323e747303d00a5736c9812922b0e17bcec9135550736b54cf6407d61e22e62d7bb75f62935b665acf33e75f688c36ef416f1b890d0f0c8ad1df00e02ec45967834d5649c8e7143978622fa3704672970b7993a87e97d3d926a14265647bc8b8c9e6f83e29572608d24b42c2635ef4abbd0af83860e99c90d7471cf6e8ce99507f5ec2bc572212fa9ee3f5a9dfa3815fe55f0bbb119acce062ae37f2ff921707abba139bccdf42bfd174d29b540161b4113c4e1a13f3a62bc093e23ec0d0671b46b41dc8b42d950c8615ba5ee87f49b5d0910ffa4871207995001920db05a95199967f097ba7b55bbd271d818690c4238406b40a3dfc42fa56a67173b53a96b543326c56738b6d043195934018696f5ab49347e5148a78f2d1369a71afab8330273d46ecfba4ee05802a5385649851db949dbfb39e290941641c50b1ac20fb3102754a760b097f464ddb0b83f8168badfa71db6621dcf22fb081e3403f3bac5c7e65905aca52885c807f8ddab18bb2f12ef952c50483c0e251968bc70ff0d42a638ca744dea4c7ebb4fea777cf663bb4f1505ed79730c45bc86e488a13f924377a8e2ee6670a02ca52874ae1c42a35d55b9765757047b2cc3742aa51fa3e43fb2c113c92ad213bad252c1a82966dd016f12a7f1c3900c0f1ab455035163f31899bdd30f3ff43ad17d9e45bb7438c1c986712736f24be14f71ab1bfe92a25ec07f086ee8c7971b8077a13e58a8e8bea39c8e06b251909f02cb0080abf020f27ca160eb26c082dda1fa54ea4094dfdbcb2fa7bddccb67a844e8075f4cc08dad35757006d051e183dced336bc0c2502f93ffc87dca622286ba174c24e1f53f27dc2777baafe170348b0e8d3e743b3aa906bc0764bbe7da08ff403efe2212627d672250658bb513b7312517d1f88c61c7ba5f9647cd619281c5b391b48606ee39fb4171103df2e09d7cfd56c06c721f7c24ad8cce383623fc2dcb15ac56438ea331820ae59c8c474e36fc73f7b1b3b86df1b42490815501681aafbf7e871b4b9686efae6c45ecfca60a640a6f071dfd31f9437c3d03086164b48c1ed802986864bfe0d49bdd7709662262368dbc3ecc05eb240ecc41904c76d78ab5c52b66af5a720fdd6a92f52be0676427a56e32e5bc5085b25f90add38a76f2fce6f8f0ef74f4659698549646bd63175adf77b5cdcfe676e1b1a9af15102946554ba6136cbc83c6268ee40318f3c9d4718025688b35d2265bf60bf889581c750c34586ef46eab7a9176337536bb6001e676546b987f36b1fe4b9f6e46a8ce73eb22ebbb9c14d8e2b43ea77ef887e5a26448f4086fa819a25e27725ac10298851c8bc45f2ce4430b07917ade5ea8c434c3f2576effbeb521173736e5c9557450643068b0c0fb132a7e99de6ca292246a9937fa7d7e06e59cf59ce5b9f842629049931146af40a8a1256ba3572bf3e1f2352a978cdbad60220cb8ac37d7f614a306492a4b5eee9244b0ca84b6cf2e23013bfb1cb92bf6d126fe550e58c19f84e7a4081437b75b31b2b9fb658dcd8ba077962e0f3359721a148d4fefe5c97941ca9688cb85adf38fd10f5811cdd8e074a21bbfc9541c71465b08d7321281b68ed52bfab789b9c83849c09d52376d419b1e7ba367603236e119cdf4a7b7cf9d81f2229601deace53cea2f14a05f7fa0ca04b39e31c6453e332f4bd0915c0e09e28f4d1125c390c6ff0833a04b6fc37855e65de90333e505b9eb66e00686a3ed499cfb7b8b215dbdc9787b5baa724cfa71ee6745b41e203de8b7004757ac328ec5567540b951b50530c3d4ee34705ea1c66fd6591e88561083e86d48c45ef3b83a3029319d8f3d8e65ce14c1dc3cb92d0a7dbeb609a8d2793928caa079f0fbbb2bc90b9f058cc048f4032041d14c5bca00e99b3027ec3a50c4957199cf016a4594069af8659df0973f20ffb15dbc265ac5b8a2203e90b114a3e9441e357c60ce0b550a7fe66fc34f5702ac8e8992a22e89194c1df69e81a9b7ad3d2634ea8c0388588192fd47d8e803b10044d558617fb2921b69eb4d85c051f86ef63a2f4382b9becd870fb2ecadca6902712b88680792e2f2ec89591cfebb6db3ad31c2a339af10465fcf7988519d382218df52261234f26a6f66ad0d1859de505d0fe819caf2f8d30aa9fd1228ac91d11c39d6fdcf5926d6ad5c441514321507dff6c6ea3cff6f340a1c11e0c40f419e8e60fc94d8828fa47a96cdf7ee4f61e23f40751b25cf9ca1295041a350f83f0e679515d6b4b46e2c9ce8999e07f835abc1663cefcf728df37831f4e17f8c8a4feaf1fbf44c38c9313284404a50ba4cd8abe835b33bfecb02cd6c9d7f435853b4c8d505ab83cf46512739116694765658bae64b3127152d216055aef9b25c70a8a3b302752d7b1e8791c657b9f3fc9001ef299fd1a349491ae6ee9940149160507fc4130fb825d47d97dc2c243209d2403583ac3ef6ddbedcaa76432255487c0a06e59e043e572ab3aec002af6a6b6a2dc9cfaeefa70557886c4d12924a038813f2bc8e89e4cfa69705d1ef3c4658f8616278b588011d9dd914beec0b151d65b6524fba3e3f235d58373e021699b07622a51504eade747e0b2f9cf38bc167cabc8cb18c708d1337e25648707e8c0872876514c7a49c0b2aaee5ed9e9ecfcbcc23e032c4deb63e48e7120188056468fad31448e4b42e7d62fbcfc1c2cfb01fcf0db5e8a162bdb9bd820c763f17b96c23f32db9d1c1d74ddbe657b4f9595a9796982a0742153111b15e484d8ffebe47ce0a78a41e470a341616ec2eb6eef813fb415fab50fa965bec6a5977a0ade4fed67f86fc24e11b0e2f5364079f7c7c35b560cac726dbc80f29dbd248f7ecda0286a23ef172a28c96d9bdb1f598eab31c6baf0321312da23920c074b9d2d2e442717f2c21001142a39c2da6b8bd9d06b05a6a8deae1bd1be4108a636ddbebc682d113e715f2f3ee506abc28b1c654b3d2d28e02f73b171ed0deed71dda90ce4a0b728cc75cb576385e7418b545b992b1dd98e2ee53355f464f9250a2a03b3d1e4d2ac1aa71d01de2573530324e14d15a507883411ddbd37be21dc929db9b11f11010e4d2a04c7325a5ae6d24d19900ff97a8a89438f8676457a78cff05201528f4358fe67f61288bf042a8f3c2e0f8b4997b8fb74996b80d465489b2d7807a945eba72a945e8cf8625dbad6f6f6e30537b29e558ca8a8b0625f578c766d34f2d28d704715f94df1f6318a308042aa494baa500a0000000000006a8308af8ce6441d5ad8a2f3d477eb5307af0dfae6644493f1434030b8361621340ad3dcefa6d8f090ed3929d89ad9c0ba01a6903033428dd8f98619304b1803187d2a6130bf1e009b5eb0e7e21c75594b3b8470f3106c92a9e55bfeb026091ced127a90a1f1247f3c07e36d3572923e0de3f73518d0369a25fcd4e65d243b7eab91063a7bfd8bc8ac9e39fbbb32b5c9517886287a18eacd8dbfda9b91db693cb12e42cba5988280e09e51e72b91a0f360656d8f21cc1eb3248ac345ad51d1a6172b18419277851dab01e028c7e8e2cf34095efd28267852a08fccf61c45b5e46930160daf50282be058274e7ff58c48b60b86d0c8cc886ab8778a2a2b5fa2557ad7bf7f01f2175523ce758871d334c20a9839f7a89fe2867c06289c8a2f6456ac7e4fbadee53ac41aee68214bc76669853baa4f58255b39ba581414f2e8c4b49303f8936a33bae5cbc96b29a5c724d5b50e1614144c2acd03bd90de891c3d36ce040d57543682ecbfcae66c4153c337c3a5d01896524c8e0c27e9a08919821ca27bbfe3fc9ba24a823aeec8d4ad8ef8a65c585bee4dcf1acaa3da501a8c11a23b2e22920c1ad0129a038b31fe16c2abc80589dbf7c37211afc5d1a6db908bc5fe8a692060069fcbcdcba7c523d3c424aa3b0c6556387e0e51bcde9e5f850abf62d2c2101c3a2786a0cb94932877a09cb6b64aa61da8cab3b423e7adc4c4700418a65e87225710e1691f6d9cb2eb63cce5b605ce0a4a89cf519767e00845397c5e381141a0ed8a89b01064b495ec8d1e2da37433bf1597d919a69610d2ad26bdf6fca8de422bb2cb80d0516206e8194ee51445a3dcb5dee33c0c310b4751e68e58bebda2fb586985a5a5b06456756f44e6dbfef4bb99ca732f00fb9ea35775f7419681bfbe6f43dc7c4650c13b63d93c1d490bf0173f287a4309531f13ecb1a775d0bd881a00", 0x1000}}, 0x1006)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r0, 0x0)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_CONTEXT(r1, 0x84, 0x11, 0x0, &(0x7f0000000180))

10.918671266s ago: executing program 8 (id=739):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0xb1, 0xbd, 0x2f, 0x8, 0x47d, 0x5003, 0x2f8c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xa0, 0x58, 0xb7}}]}}]}}, 0x0)
connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x0, @dev}, 0x2, 0x0, 0x0, 0x2}}, 0x2e)
ioctl$EXT4_IOC_GET_ES_CACHE(0xffffffffffffffff, 0xc020660b, &(0x7f0000000000)={0x0, 0x800e3, 0x0, 0x0, 0x11})
syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000c40)={0x14, &(0x7f0000000000)=ANY=[@ANYBLOB="0000f50000000341"], 0x0}, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)

9.592381161s ago: executing program 6 (id=741):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000cc0)={'wlan0\x00', <r2=>0x0})
r3 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_NEW_INTERFACE(r3, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=ANY=[@ANYBLOB='T\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="2508007a0000000000000700000008000300", @ANYRES32=r2, @ANYBLOB="1400060064756d6d7930000000000000000000001400040076657468315f746f5f626f256425000005005300010000000800054002"], 0x54}}, 0x0)

7.918232121s ago: executing program 8 (id=747):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
sendto$packet(0xffffffffffffffff, &(0x7f00000000c0)="0e030e00c4e8", 0x6, 0x28000000, 0x0, 0x0)
ptrace(0x10, r0)
ptrace$setregs(0xd, r0, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb")
ptrace$getregset(0x4205, r0, 0x200, &(0x7f0000000080)={&(0x7f00000000c0)=""/112, 0x70})

7.764977874s ago: executing program 6 (id=748):
syz_mount_image$vfat(&(0x7f0000000000), &(0x7f0000001240)='./file2\x00', 0x14552, &(0x7f0000000b40)=ANY=[], 0xfb, 0x11ff, &(0x7f0000001280)="$eJzs3E+LHEUYB+B315iNG/ePGqMJiIVe9NJk9+BFL4tsQDKgJFkhEYSO26vDtDPD9LAwIkZPXv0cIojgTRBvetmL30DwthePEcSWndEko5PDSEiH5Xku80LVb6jqphuq6erD1774sLNXZXv5MBYXFmKxH5FupUixGP/4NF5+9cefnrty7fqlrVZr+3JKF7eubrySUlp9/vt3Pv7qhR+Gp9/+dvW7pThYf/fwt81fD84enDv88+oH7Sq1q9TtDVOebvR6w/xGWaTddtXJUnqrLPKqSO1uVQym2vfKXr8/Snl3d2W5PyiqKuXdUeoUozTspeFglPL383Y3ZVmWVpaD+Z24Xe18eauu64i6fjRORl3X9WOxHKfj8ViJ1ViL9Xginoyn4kw8HWfjmXg2vvnl69FRAgAAAAAAAAAAAAAAAAAAALh/5t3/f27cq+lRAwAAAAAAAAAAAAAAAAAAwPFy5dr1S1ut1vbllE5FlJ/v7+zvTH4n7Vt70Y4yirgQa/FHjHf/T0zqi2+0ti+ksfX4rLz5d/7m/s4j0/mN8ecEZuY3Jvk0nV+K5bvzm7EWZ2bnN2fmT8VLL96Vz2Itfn4velHGbhxl7+Q/2Ujp9Tdb/8qfH/cDAACA4yBLt81cv2fZvdon+TmeD0ytr4+y5080OnUiohp91MnLshgoHvriZLPD+L2u6+YPQkPFva+UpYj43/+8EBEPxwT/UzR9Z+JBuHPSmx4JAAAAAAAAAAAA83gQrxM2PUcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+YgeOBQAAAACE+Vun0bEBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHwVAAD//+pd0x0=")
syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000140)='./bus\x00', 0x3010006, &(0x7f00000007c0)=ANY=[@ANYRESDEC, @ANYRES64, @ANYRESOCT, @ANYRES8, @ANYRESHEX, @ANYRESDEC, @ANYRES64, @ANYRES64, @ANYBLOB="14a8d0ca3386858350717bda500a6e0d271cba7c24404f4fdd13b1b5922dc27fae2bb7656c2c9cf00076db74ad9da398465c271f3c99f9c8b75aa628562a36eae8e60442812741be1793c1486650f74ba8ad8536070000000000000065f3bc92da1e56d7ffa95c91b5c58ba55f9245a209ef24b8348e9ff4cb9b84333e1a13"], 0xdb, 0x0, &(0x7f0000000000))
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mkdirat(r0, &(0x7f00000002c0)='./bus/file0\x00', 0x40)
renameat2(r0, &(0x7f0000000240)='./bus/file0\x00', r0, &(0x7f00000001c0)='./file0\x00', 0x0)

7.512048917s ago: executing program 2 (id=749):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c)
setsockopt$sock_int(r0, 0x1, 0x12, &(0x7f0000000180)=0x4000000, 0x4)
sendto$inet6(r0, 0x0, 0x1e, 0x2200c851, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000080)="44f9b108", 0x4, 0x12, 0x0, 0x0)

6.741855497s ago: executing program 8 (id=751):
r0 = syz_open_dev$vim2m(&(0x7f0000000080), 0x1000, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x8, 0x1, 0x1})
ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f00000000c0)=@mmap={0x1, 0x1, 0x4, 0x0, 0x0, {0x77359400}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "bf631e4b"}})
ioctl$vim2m_VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000140)=@multiplanar_mmap={0x0, 0x1, 0x4, 0x70000, 0x0, {0x0, 0x2710}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x3, "a730b801"}, 0x0, 0x1, {0x0}})
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000000)=0x1)

6.705875001s ago: executing program 2 (id=752):
r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r0, &(0x7f0000000180)={0x1f, 0xffff, 0x2}, 0x6)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$sock_bt_hci(r1, 0x400448ca, 0x0)
write(r0, 0x0, 0x0)

5.960196777s ago: executing program 2 (id=754):
r0 = socket$netlink(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'lo\x00', <r2=>0x0})
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x2, &(0x7f0000000040)=[{0x20}, {0x6, 0xff}]}, 0x10)
sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=@newqdisc={0x40, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0x3}, {0xffff, 0xffff}, {0xfff1}}, [@qdisc_kind_options=@q_pfifo_head_drop={{0x14}, {0x8, 0x2, 0x5192}}]}, 0x40}, 0x1, 0x0, 0x0, 0x80d1}, 0x3000c81c)

5.636510172s ago: executing program 3 (id=755):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x14, 0x4, 0x4, 0x22, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000180)=0xa00001, 0x4)
listen(r1, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000840)={r0, &(0x7f0000000780), &(0x7f0000000740)=@tcp6=r1}, 0x90)

5.208976991s ago: executing program 6 (id=756):
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000000380)='./bus\x00', 0x8, &(0x7f00000003c0)={[{@barrier}, {@autodefrag}, {@thread_pool={'thread_pool', 0x3d, 0x4}}, {@rescan_uuid_tree}, {@noflushoncommit}, {@discard_async}, {@max_inline={'max_inline', 0x3d, [0x30, 0x37, 0x34, 0x74, 0x25]}}, {@noenospc_debug}, {@clear_cache}]}, 0x1, 0x55ae, &(0x7f000000ac40)="$eJzs3X9snHUdB/DnruvaFdeWMOuArGwDJFtEOjdNCCR2bNNpYTnphE3I+gNH0DmtY8NVCCtinIERijWMwQoLbn9MEYqucyiJBewqul8IJtNFBbPFNWOkOBExYTG9u+d299zaHhMpwuu1tM/zvc/z/d73njx/3PvW73MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABEHwx+N3TL/t3roJ26+ru++8a85e+2D3kuMX3rq1avND20v2dTz31aNVq1qPLF1w0/2JpkfW93d3BkEs2S+W7t9w2fwrr69vuKI0HLDxc6ltZeVQT5nq+mKqMTbnwcF+uT9NQRAURwYoSm/npXfiOQNkdlfkDzisayf1tE4dP69x28qujc8uu3xL/ktnUOloT2C0pK+rgyeupdrk73jkiEw769KL5Vyiqf7RC+4deREAwFtSk0huMm9H029xM+22aD3Sro202yPt8B1Ce3bjVKTGHTvUPCdH66M0z9pUVCgZcp6Revr8Z9qJaP9IOxI13sI8cw9NR5rSoebZEqmP1jwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3k0uuH5m/d49D7/8ldbf/u7h17/16sePrGq8ZaC7/qJ1ix/v2PG9vx2tWtV6ZOmCm+5PND2yvr+7Mwgqk/1iqe6xZ6ri8ZkDddseu6e3puFDC9cUpccNt2OyDg72hzsXVwRBc1blYDhsf3kQJHILyWawIb/wpeTOZ8ICAAAA7yVnJn/HM+1UHCzOaceSaTKW/BdKhcVrJ/W0Th0/r3Hbyq6Nzy67fMupj5cYYrzak46XaVee+IllBeMw/kbHO1EPD12RN87woiNG8/zpx/qnNdfdUHrl7gsWzphdv+XS4CfTD3csX3TfhBfHL9nXXpOX/yuHz//hmZP/AQAA+G/I/9FxhjdS/m+uqZh0cOp3ix67rur44fkP/Lyz7/kn4w8VD3Q//dLYcbf9cnVe/p+c85R5+T+ccZj/48Gp5X8AAAB4N/tf5//avHGGN1L+/8X+zZ//98pvTDk84187Xnj69xdvnVI+/7WyGTe8+cSCVxp2tf0pL//XFJb/x2RPO3xwVzjhZRVBUFP4SQUAAAByhP/vfuKjhTCvpz45iOb1y+4qe3LXG+tvjJ/V8o8zFvfPqv7i7tVf37ApNrChc92O5XNX5OX/2sLyf/E783IBAACAAvxm+y13V395ydYtew7N2XFnYvPYS+a+uuennVf1vXwsUfT8zX15+T9RWP4vGZ2XAwAAAJzEU+MmPnfo0UNfm7177YS9q9rmPD5t3+qFD/xz9t+veOnPxzddWJ6X/xsLy/9l6W165UOq087wrxA6KoKgdHCnJVXoC9o/mSkAAAAAb5Mwpzc1revduX7MrNfOPvzDNSuW/2rvpd++a2P1zQd+XXX7ucf2996Yl/9bhr//f3ing3D9f879//LW/2cVUnf9u8SNAQAAAHg/yl/PH94eP/XNBUN9/36h6/8/euaBko7m8ysnx7dVz3rig31Xra1+fVHHRZ/YfusbH46V//VTefm/rbD8X5S9fTu//w8AAABOwf/b9/8tzhtneCPd/79v3DPnrPnsPT+o/WbZU+e+eXfzd9oPTj9v87QzPlJ0fvecmX/4fl7+by8s/4fb07JfXk94fm6vCIKJgzvpuwluDae7LFLoKs4qpE58pEd92CNd6CrJKiS1RHp8rCIIpgzutEUKp4eF9khhoDxd2BQp7A0L6eshU3g0UugJr7R7y9PTjRZ+FhbSCyy6whUUp2WWRER6HBuqx2DhpD0OZJ4cAADgfSUMz+ksW5zbDKJRtis20gFlIx0QH+mAopEOGBM5IHrgUI8HjbmF8PEfz+1e+so1D9b1Xt1w9KzZe5bc0faBnkW9O7/wo55z/nL1Cws/nZf/NxWW/8NTMTa1GWr9fxCu/09/r2Fm/X9jWKiMFLrCQiJ6x4BE+BypsHtn+ByViXSPgYmZAgAAALynhZ8LFI3yPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAID/sHfvcVJVd4LATzf9oJum6YgBY4ygRkR3aZomGEQcUXRXo4tNJKtjhtAIjXZoAwq4YsyKr3GV6GLUmBjZwY+jJg6r+CDqRIXoiElGJfE5Kz4HnciqS9BR45gs++m+dYqqW112IaC0+/3+0XWqfud569F17r11LgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/P/hsiX3Nrw58H9965ffW/f697409TdTD9m8y19uqHt3yDlPbT5ocN0tbw1asPCNtklnXtsyffk1G1YuDaGlq1xZUrzsoUHl5aP/cMxdt13xcNO0wVPOrcrUm4mHfp1/yjN3Loytvto/hLvLQqhIB0bUJYHKzP26WN8edSF8LmwJZEu01SYl0g2Hh2tCWBa2BLJV3VsTQl1OYMoTD666rDNxVU0I+4YQqtNtvFCdtFGTDgyrSgK16cCciiTw/uZENnBPeRKArVHV3YPxzZB90a9oyc/Q0H1lRV5/lR+3czuZ9PD6xERD8XxvHbaDO5Wj4Lls2aanrduXBttdwdtjtXdbL3i3FWznJZ623C9SmW8om7eEqkP5zLZZ0xd0zI+PlIfGxj7FatpBz/O6TefM2Jp0r3kdxg40bJfX4QO1k+ove3viwStP/uPp+85fO3Vbu/lczibNTe9o1SHzmus1z2M04dP7PNm8LYW3r539aSv4ljTUl64QwvF/+nzZM3Ne2n3jB6+eOPH2Fy6+etrCa6ZMfHbQL8b+47W73D3t8oL5f8NHz//jyznelufljq1+WJ/MzeMjdTGxsT6ZmwMAAECv0Rv2mn519KsvnfrQ3YteXH5cxXfH/eqk3eorzv5+x/G7rhz/xUuvbH98l4L5/9DSjv/HQ/51uaNdHcKErsQFA0LYrevxJPCz2J2TB4SwV1eqJT9wWCqwOoQvdCX2z1aVKtE3lhiaCvy+PhOYkAqsiYGWVODGGFiSClwYAytSgRkxsDoVODwGQnv+OA6oz4yj5EBNDLQmG3FFPAvhnfrYWmpbrctWBQAAsJ1kZoeV+XdzznXY1gxxermipqcM8QzsohmqUzWkZ7DZaVXRGip6qqG8pxqy41700cMvqLmsp5oLTsMoy8/w4ZDvlA+YuPeP7rpxxE3NL0787rtjj//Kn998d/X+//Tf7zln/nUHFMz/mz56/l/dTUfKCo7/hzC562/MXZ6JdGTjrS15GQAAAIBtcNVjS5+84YCj/s99L99355euvaF89dVf/7+vbLxg71HHDS/r+3ffXlEw/59Q2vn/cZ9In5zM4dG4G2L2gBCa8gNJtQcXBpKj3v0yAQAAAOgNssfjs8fC2zO3ySna6fl0Yf6WrcwfD/xP6Db/5Zv++tkvX/vkiQuH7bPhiv925gdlnx/7u12OXTvy8bf2HPYPDX0Lz/9vKe38/9r826QTa2IvrhwQQt+cwCOxl52BLkNj4OVD8wOZ8a+JG2BxrCpzYkK2qsWxRGsMNKUCy4qV+G22xG75gcyTlW38guw42jMlcgIAAADwiYu7A+Jx+Xj+/z2TD/jS/oNeGvPinvcufG3C0hNOrf3hPrfs+vqAjkljDpxwyBHPFMz/W7fu/P+ueXDB6f0d/UIYWRFCn/QPAx6tTRYGjIG6skzi/tqkrj7pqs6rDWF858DSVb2SWf+/Ir3G4BM1SVUxsNveP900rDNxQ00II3MDz3zz+jGdifmpQLbxb9SEMKRztOnGV/ZNGq9MN35N3xD2zAlkqzq5bwidjVWlq3qwOnMdg3RVt1WHMDAnkK3qwOoQFgYAeqn4r3Rm7oPzFp49e3pHR9sZOzAR9+HXhFntHW2NM+Z0zKwu0qeZqT7nLWN0XuGYSr3yzfOZJYqmDrl9eCnp7O8Em3LbyuzHLzhxMHM/fheq7Bpnc2Xe3dHpIQ/fp7CJkPNNqtiQy3fwkGtzK9nyJBbUH/NXhX6h74J5bWc0njV9/vwzRiV/S83enPyNh5mSbTUqva1qu+tbCS+PoqtlpXzcbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/PQx1v+6qTg118/Uljms7DnX3ipxKPolPDQkJid6WmL6k7PwJ0359/7f2WHPaWSft8fd7zBxx0l9d/pu5JzYeMvlX1//l2oL5/9yPnv/HT534yZ9Zn6HY8f+GeJg/eXzLYf7WGFhW6vH/hmJH87MnBgxNBRbFwCKH+QEAAPhsiLsj497MuFf6urp/uvvImTMOef+XJ0y5+m/Hjjv1rPX7Nlx89bFL/sP6d5asOuLtgvn/otJ+/7+d1v/PLl3/tWLL/O8fSzQVW/8/vcx/dv3/RcXW/08v859d/3/Zp7D+/4JsILVJ3rH+PwAA8Fnwya3/3+Py/ukLBBRk6HF5//QFAgoy9LiMf6kXCNjq9f/ndPxF7aDL54w7dMTcHz+yau8lA2/70vMTf73P0oNG3LvylvdG3Vow/19S2vzfwv0AAACw83jol32/ffG7w+5/6pH3jyy79Lcbbzr+r9oOOOQPA5tPmXx0zfdv+reC+f+y0ub/n/z6f6HY+f9DiwVaii0MaP0/AAAAeqli6//dPPDloavnj7jxsZ+/ectLrb+YOf61f7fkB1+ZPqzp5jXrftMwY33B/H9FafP/eNpFeV7u2JsP65M17UJ6TbuN9dmfDAAAAEDvUB4aGytLzJu3MuphH7/NdZmlQD8qnevp+watWlD+0FVl1Rt/cMm0QxrPPfbMOUdetP77tU/+pHZqY/UZBfP/1aXN//N+l/FA7aT6y96eePCHK0/+4+n7zl87dcvxfwAAAGDHKXW/BAAAAAAAAAAAAAAA8Ol7qnXpQR+MOvqNmXuN+tM3jn3hB4u/+M1H/ubaP5/588Pv26t987ApBb//D5O7yhX7/X+87l/8fcGuebljqz2v/5e5P+WYWxd2LVn4aH0I++QGZp8/+3Mhc23+/XIDq6buP7gzcX66xH0vHv5aZ2JaOnDUiF3e60yMTwVa4yKJX0gH4lUV3+ufCsTlFZ9MB+L2WJEOVGUCl/RPxlGW3lYb6pJtVZbeVs/VhTAgJ5DdVnfXJW2UpQd4VSqQHeDp6UAc4KRMoDzdq1v7Jb2KgbpY9G/6Jb0CAGCnFb8FVoZZ7R1tTfErfLzdvSL/Nspbsuy8wmrLSmz++czSZFOH3D68lHSf9HfRLdcarwzVnUMYVfB1NTdLWdcot08tPWy6XYsMuafV3sqLlEvb2k1XVXxENcmIGmfM6ZhZ2ePAR/ecpbmixyyjCiY7uVnKuzZpCbWU0JcSRlTitimhy/F+eWhs7JPKNS4GG0Kenl4Rpf5eP3edv2Kvgtw8f1tz7aV9Bvd5/9/GX/TQgwMqO06d3HbR7o/988BRM3/8wwdbr/l9wfy/obT5f3XuuN7LXAxgUbyy3sEDQmgtcUQAAADw2fc/z11+x4lz1myYtbri2d/9bnb5cSdWbj7nrnPOvui5+xcfdcm/v3lb4yvKntp04hubzvrrN37ylesePuulw2ecddekdYesb6u+8bt/sfzUIQXz/6Glzf/jHqzMoeBkb8fqeP3/CwaE0HVp/YYk8LM43JMHhLBXV6ollkguqP+1WKIpCfws7jDZP5Zobcmvqm8MrEgFfl+fCaxOBdbEQGYvxU9DZlfOFfUhjOlKTc4vMTeWaEgFjouBoalAYww0pQL9Y2BCKvBm/0ygJRX4xxgI7fnb6s7+mW0FAACwNTLzrMr8uyE9z1tR0VOGsp4y1PaUobynDNU9ZSg2inj/jpihMnXySllOpsp0rTWpWgoyxIvhb3W/CjKE3+bnTBcsaDqef5A936AsP8O4H97RetDX5v1408U/evzIAy88csmVb196dL/BVz77v9vP7dd/U23B/L+ptPl/bf5t0vqaOP/fcv2/JPBI7N6V8dTxoTHw8qH5gcyOgTVxsrs4W1VLpkRm0r44lpgQA0NTgbkxMCEVaJ2cCSwbnB/IzLSzjV+Qbbw9UyInAAAAAJ+4uIMg7qaJ8/+V48I7exz5fvPuVw6cO+7xR847YnrNrtU1/zx+7dLxl1Y/tF/fgvn/hNLm/7G9frmNXRh782r/EO4u29KbbGBEXRKI+zHq4s/j96gL4XM5OziyJdpqkxJVqYbDwzXJL9Sr0lXdW5OsMRDvT3niwVWXdSauqglh35y9L9k2XqhO2qhJB4ZVJYHadGBORRKIe36ygXvKkwBss+xewfiCypzqktXQfbkir7/PyjVB08Mr2AfaTb7ufnO1o1SnH8jsU83auqetoDp2iIK3x2rvtt74bmvwbsv9IpX5hrJ5S6g6lM9smzV9Qcf8+EjuL1kL7KDnOfdXqqWkt8PrcNHH723PqtMdaEp9fDR1X67712FZrO6B2kn1l7098eCVJ//x9H3nr51acjeKiD8UPvjWuQc8l7N5d7TqkHnN9brPkxafJ73x38BQT1sIYfkFs5584l/ef75iffN/OXDs8tvefGz5Tw56YNaIL2y45Msb33r3qIL5f0tp8/+K1G2XD+LGnDcghOE5G/fRuPknDkg+B3MCyafkwMJAcsh9fX3RT04AAADY3rK7O7L7C9ozt8kJ4el5cmH+lq3MH/dXTOg2f6n9HjjmH7536FWvf+Pr63e//NGlT637T2++csS0Qx/Y9PSKla83H/v5pwvm/60fPf/vm+qm4/+O/7ODOP7frZ19V3Tf9AOLtmlXdEF17BCO/3drZ3+3Of7fLcf/Hf/vjuP/PXD8v1s7+9NW8C1pri9dIYTWATfc/ova6cP7XXHOt2as/fnT7zSNe6Hu3KPv/B+HLw7XnLfqzwXz/7mlzf+t/9f9on3Z9f9ai63/N7fY+n+LrP8HAADsUEUWmkvP8wpW7yvIkF69ryBDjwsE9rjEoPX/tnr9v9qTzj7plfq39rpm4u3/+c7pFz5/0onP7tvn+RNuP+GmkVcPf+nLGwrm/4tKm//Hl0O/3NZ7y/p/QycXqWpJDMy1MCAAAAA7o2I7CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPh0rXhw8Rc3L97noJue/fxNh//rsjWz9v7VAZtHjzm5cfjigWVX/t2/vDVowcI32iadeW3L9OXXbFi5NIT2rnJlSfGyhwaVl4/+wzF33XbFw03TBk85tzpTb2Xm9ot5uWOrH9aHsCznkbqY2FjfeWdLYMoxty6s6Ew8Wh/CPrmB2efP/lxn4sb6EPbLDayauv/gzsT56RL3vXj4a52JaenAUSN2ea8zMT4TKEt397r+SXfL0t29rH8IA3IC2e5+u39+Vdk2/mMmUJ5u4+a6pI0YqItFf1SXtBEDHbFEe98QRlaE0Cdd1a+rk6r6pKv6++qkqj7pqv5rdQjjQwgV6aperEqqqkiPfG1VUlUM7Lb3TzcN60wsqwphZG7gmW9eP6YzcXoqkG3861UhDOl8yaQbv6Myabwy3fhVlSHsGUKoSpf414qkRFW6xCsVIQzMCWQbP7UihIWBz4T44TMz98F5C8+ePb2jo+2MHZioyrRVE2a1d7Q1zpjTMbM61adiynLSm8/7+GN/ftM5Mzpvpw65fXgp6YpMucquLjdX5t0dvbP3PvarNreSLc9HQf0xf1XoF/oumNd2RuNZ0+fPP2NU8rfU7M3J3z6ZaLKtRvWWbbVfbiUj5582d+S8hWePaD9t+iltp7R9p3nsqObmMV8dO6Z5ZOeompK/22Oo13/yQ929IqeST+IDQEJCorclyvM+3Zp29g/ygi/6WzpaGaq7PqALphW5Wcq6Rrk9Bn3Yxxzxx/me0uOIRhVMHAqyNPecZXTBZGJLlpokS9f3uoLJYW5N5V2bNN4vD42NfYpth4b8u7mb961t2LzrMpuu1DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD/2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBYAAAAAECYv3UYPRsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAlwIAAP//WKHPZA==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0)
fsetxattr$system_posix_acl(r0, &(0x7f0000000040)='system.posix_acl_default\x00', &(0x7f0000000200)={{}, {0x1, 0x5}, [], {}, [], {0x10, 0x6}}, 0x24, 0x2)

5.203154186s ago: executing program 3 (id=757):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r1 = socket$xdp(0x2c, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', <r2=>0x0})
setsockopt$XDP_TX_RING(r1, 0x11b, 0x3, &(0x7f0000000300)=0x1000, 0x4)
bind$xdp(r1, &(0x7f0000000240)={0x2c, 0x1, r2}, 0x10)

4.796399023s ago: executing program 2 (id=758):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080), 0x1e2e81)
sendmsg(0xffffffffffffffff, &(0x7f0000000200)={&(0x7f0000000300)=@l2tp={0x2, 0x0, @loopback, 0x3}, 0x80, 0x0}, 0x4)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f0000000780)={0xfffffffe, 0x0, 0x0, 'queue0\x00', 0x8})
ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_INFO(r0, 0x40bc5311, &(0x7f0000000100)={0x80, 0x1, 'client1\x00', 0xffffffff80000004, "00000000ffffffe3", "e4a18560d99f00", 0x10001, 0xfffffffe})
write$sndseq(r0, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @time, {}, {}, @raw8={"a357b6b140cbb6215dd33459"}}], 0xfffffee4)

4.51636456s ago: executing program 8 (id=759):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_INTERRUPT(r2, 0x4004ae86, 0x0)

4.017825759s ago: executing program 3 (id=760):
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='map_files\x00')
fchdir(r0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
getdents64(r1, &(0x7f00000000c0)=""/32, 0x20)
getdents(r1, 0x0, 0x58)

3.314410618s ago: executing program 2 (id=761):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_mount_image$bcachefs(&(0x7f00000000c0), &(0x7f0000000180)='./file1\x00', 0x800000, &(0x7f0000000480)=ANY=[@ANYBLOB='acl,direct_io,norecovery,fsck,journal_flush_disabled,noreTovery,btree_node_mem_ptr_optimization,reconstruct_alloc,no_data_io,hash,\x00'], 0x1, 0x5903, &(0x7f0000010b40)="$eJzs3W2QXFXdIPBzu3synZm8TAJIBJkMgSiCmglvhS+l0fWtAKlYWErYKAxkgtEkpJJBIKAEF1wowEJLS1E/oIXUotGiClaJlMjLJqyiFKtLbSG1uot+8CnkISWQh7J8nKdm+p5Oz52+c3t6ekICv18lc/ucvv0/5957+vb9n+6ZDgAAALwm7Ll+275zjvrAr744/NI1H/7ZpmtDb3m8vhpX6EuXV7xSPeRA6q4sGV9mx8WbrvrBnwcuft8v7+75/su71x27/vfvP+zi+z9z5q7bvv3Qi/Pv/eczRXHjeDpxfzl5Lgmh+vO9X//S7seOHKtLQgjlpG9HCIuSxQ8tSjIhBv8eQliXFpZk7rznpVPWjy2vval7Qv3CzHrG+2tbNR1n2/ddflL4w3vXXPebpT/+UdfOZ3fsXyWpNoynEBZc2Pj4rhDC3PT/mDja4niMg3Z1CKGn4XFnFPTruBb7vyKnfHS6nJMuewvixPuXZcqlzHrZctSVWfYUtDdTef1od70i8zLl7MlopvL6GesXpcufpssTpxm/HP8noZSESr37G5P9YyQ0HLckJOPHslovl+rHNqTbnyknmXIpUy53ZbZrvN10oJWTZGJ9XC9TH0/HlbT+2MZzdRPn5tS/Pl1W0yfqy7EcsjdqeifdqG/XuNivvVP05UAoNZyDmtXXD3x6MHrTut5k8aTHjDYR79u95ubl5bUP7+nL6Udyd5LGT9qKv/3Xi+Z96oc3XpZ9Xa/Hv7CUxi+1Ff+PZz3+/Pk3fu9bufFvjfHLbcU/+YGe58565Ppluftnb9w/lbbiDz3z6C1LD79oZ27/b4/xq23FX7Xr8e75+x54MLf/g3H/zG0r/tPv/OCf7nryvmdz44cYv6et+Gt3bflyd/++E3LjPxj3T2974+eFnac/1d//l4G8+E/E+PPbin/njtveccfCm87MPb6r4/7payv+2cfff928ffcdk3fuTG7v1CsnwGvTYek11g1pud08c6Ya8oVvDlRq13zz0v/zO9lQ5uJzrJ0FnYwPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACGEI076nx/6/x/ve66SlrvTG0+XastYPyeEZG4IYdvI0NaRDZsvGfjMpZdt3Ty0cWBoZGB488jWKwdOfcvA1uEtG4euHLt38K2n1B63OCS1ZXLMpLa7R0dHS30T62J7/+n4nX9Yfsa//DWEwSN+11/J7f+K2zbdcXiTnxnJqtH3bLrsnN+d9t10u/rSfvU16dfo6OhoyOnXv573jzu+uvfPJ4Qw+Lqp+vXo0+/+xYQOjVfsj5MqdYdah7qTnqb9qPc67U/cX5X1GzYOD069f8ceX87Zjv981bN/X3/FV/5R27/V3O1ocf/OXTW6sfSNNWf/+zeurlUU9euVOu5F+ztuRexf3H/VdH8vSLdrQc52VXK26/rfPPjkz4+68cUdYbDywtLJbRdtV1c6ALqS17fUbmyhJ1k0ob6arh+PeHzcipFNW1Zsu3L7WzdsGrpk+JLhzW9feerK0wdPO/20FeNbvqLD2x/bf2OL239gxtPCz+34afzZ2ngq6lfR/hjrV/H+aOxR3vOv59wvfe3ttz1yTq2iaJzHtevnk3TZM3acV4aG8TZ5XzXbrqL9EEIYaLYfnn/xzHDk/9lwXdF5qPHINP7MSFaNPrbsb9894ztL3lWrOCDn+cYOtXmer/d6f3/G91c1PR6jB+n+7Q7ldLt6m/Zr5WOPdN2856+fr/dvzpxwxdDIyNaVtZ/z0p7OS45u2q9sbdyupeM/yyHdLaE+TJuM1zFdoda/7Pkzrp7dq73pfb3J4qbblRXv273m5uXltQ/vydvTyd21FueG+bVl8oacNTdmHliud7hZ+wfr869ofPR/6Dv3fvzen5w6aXycXPtZtF1Jznb9+Mk7v/b9r/zXn3Ruuz707sf7/vZ/P728VnGonFfqvU77kzSeV04Ooej5tzQ0347c51+p+fYUPf+y7exfv3m8gUy5N5Tber6e/EDPc2c9cv2y3Ofr3lafr1dPKJULnq8Hy/jJPr+SysR+zN7za8JASVaN/vKGw3Y8dM3qo2oVReO6vnazcX1KC/lHznb94vyn+i8d+C//u3PnjR+85Z4Lfj+06gu1ivaPe+xLZ457Nd2/1Zz9W+91zDsb9+/bLr5047pa/cF7/ZsuC/KfeCrZduX2zw5t3Di8dVtr29Xq62lsJ7uX2309jWe3xQXbVZq0XbN3o5X91erzLfZ/Xdv7a+LzrTckbb0ubP/1onmf+uGNl/VNelTa0IWlNH6prfh/POvx58+/8Xvfyo1/a4xfaSv+0DOP3rL08It25sa/PUnjV9uKv2rX493z9z3wYG78wdj/uW3Ff/qdH/zTXU/e92xu/BDj97a3/1/YefpT/f1/yY3/RJK2M3aNFMI9L52yvlZOQlf6fIv96JrQr5AtJ5lyKVMuN5ZLtbnWegPlJJlYH9dL649t6Eszn8ipj1dh1SW15cuxHLI3pq4/2JQazv3N6ouuUwEAXu3i+//xGjS+/z+cXijlzzTAfjPNw5bkxI152P75nDkT7l+Sxo+Pj/OA/W8Lg2PLawdqF/rTfR8hPh+y85yxnROOmxij3XnOovn3ZZly7FdtvrzSkIemJuc1ldDC/Pvkdqaef89sfvH8+MANk7o10DBvlT1+XemMWbPPO2T6WxmLkDc+svNi8fMc/QvC6vH2Whwf2c/RxOOQ/RxNbOeozImz3c/RzHR8xG5PMT7Gu1z8/sbk4xem2L/7j1/zaNnjN43jXR1bf7bfn+3AvGHTU9qBmzec3ffDzEvmxE+fYAf7vGGsj9tRaXE+8eM59Z2aT4yni9ivvVP05UAwnwi8WsX8P75GjOX/Yxfg/5ZZr+g6NHvVGOPlfk6o3Lw/RXnH5M/p9bT1Or5215Yvd/fvOyH3OufBVj/3s2VCqafgcz9F+3F5ply4H3MmaIryvWw7Rfs9+7mM3jC/rf1+547b3nHHwpvOzN3vq2svpMX7/WsTSvML9vshkC80jy9feE3kC7M9f/aK5SPpB59mKx/5WE79dPORnkk36ts17pDLR7oObL8AgENHzP/r75+l+f//iyuk1xFFeeuJmXKMl5u35lyf5OWtH0mXV2TW701/o2K6181nH3//dfP23XdMbt5ye6t56H+bUOorzENnljfn5hGrO/N58dw8op5nzSxPzO1/PU+cWZ6eG7+ep88sj87dP/U8embzALnx6/MAh3qeWzBfl2ksFludr3vV5tHpr8/OVh59bk79dPPo3kk36ts1Th4NAPDKivl/vIyL+f8jmfVm+j57bl7Qoev27N8Dqcd/4kDllbOd98123jrbef1sz0sc6nnxbM8Lze482Ws+L04blRcDAHAwi/n/3LScn//PLD9plr91TchP5OdN48vPD5L8/FCf/5L/e1+8mPwfAODVLeb/8dce49//+x9pOft36+XpOfHl6fL0qcZPy3l65+fZgs8BvLLzAHP3r28eAACAV0LXeKY0+ffsP5kus79nn/d7+efnrN+qSnp5fNHI1uHhCy7bsm5oZPiCzZeuG952weVbN4yMDG+urTfTvDE3b0nzxq5QSfdH8/WyedvC9O8hLMz5ewjZ9WPYo8dvTP57CNlm5xb8HYH9x6+1/uYdv9IU6zcbH3nHOy/+J3LWj+rH/+JPn3zB+m0XbNi8YWTD0MYN24cnrjeWtfZM43sz426Z1velZn5MUpr+93d2ph+lSf3oSvdH3vezJ5l+LEp7sijv+w9y+v2r//XVzx0/+o+7Qhg8ovyGGe2/ZNXofz9v+CMje363Zaz/pSn7X18z7VfR95Vm14/bU9l46baRk9Zfetnm7DdKtifOZ5Tq5Vmaz0if/uUW5yfW5tRP93MK5Uk3Dk4tz08AADBBfP8/Xs/G9w+/kl5AxfrW8/SZvX+cm6cPtpanZ7+XrChPz64ft7fVPL06wzw9235Rnt5s/WZ5el7enRf/YznrT1fr42Rmn/PIHScXtjZOst9nUDROsutPd5wkMxwn2faLxkmz9ZuNk7zjnhf/oznr52l9PMzsczm54+HW1sbDmzPlovGQXX+646E0w/GQbb9oPDRbv9l4yDu+efHPyVm/VRPHx9jAGB8XwxdcfunWzzasN9vffzHz/s3u93+0q/X+z+7nvma//7P7ubLZ7//MPleW2/8nZjYT1nr/Z/f7Xdp1wOZr0w+bFX3+rGged01O/XTncedMunFwMo8Lr5yY/8e3e2L+f1O67PTbQIf+96T5HrOm8Tv0PWZF1zFez6do7CDg9RwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgNd2VJePLPddv23fOUR/41ReHX7rmwz/bdO2brvrBnwcuft8v7+75/su71x27/vfvP+zi+z9z5q7bvv3Qi/Pv/eczhYH7xn9WTkyL1RCS55IQqj/f+/Uv7X7syLG6JIRQTvp2hLAoWfzQoiQTYfDvIYR19X5OvPOel05ZP7a89qbuCfULM0Gy2xV6y7E/jf0M4YrCLeIQVE3H2fZ9l58U/vDeNdf9ZumPf9S189kd+1dJqg3jKYQFFzY+viuEMDf9PyaOtiXxwelydQihp+FxZxT067gW+78ip3x0upyTLnsL4sT7l2XKpcx62XLUlVn2FLQ3U3n9aHe9IvMy5ezJaKby+hnrF6XLn6bLE6cZvxz/J6GUhEq9+xuT/WMkNBy3JCTjx7JaL5fqxzak258pJ5lyKVMud2W2a7zddKCVk2RifVwvUx9Px5W0/tjGc3UT5+bUvz5dVtMn6suxHLI3anon3ahv17jYr71T9OVAKDWcg5rV1w98ejB607reZPGkx4w2Ee/bvebm5eW1D+/py+lHcneSxk/air/914vmfeqHN162JC/+haU0fqmt+H886/Hnz7/xe9/KjX9rjF9uK/7JD/Q8d9Yj1y/L3T974/6ptBV/6JlHb1l6+EU7c/t/e4xfbSv+ql2Pd8/f98CDuf0fjPtnblvxn37nB/9015P3PZsbP8T4PW3FX7try5e7+/edkBv/wbh/etsbPy/sPP2p/v6/DOTFfyLGn99W/Dt33PaOOxbedGbu8V0d909fW/HPPv7+6+btu++YvHNncnunXjkBXpsOS6+xbkjL7eaZM9WQL3xzoFK75puX/p/fyYYyxtpZMIvxAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4dfrt1ad+8rz3fHRNJQkhyVlntIl4X3nOqlUDbbQ79Myjtyw9/KKdjXVL2ogDAAAAFIt5eKleUw1LwuXJ3HB00/XjHMHRsZRMrM/OIcQ42TmCduOUOhSn3KE4lQ7F6epQnDkditPdoTjVgjjV0FqcuVPEqYyNihb70zNlf1qP09uhOPM6FGd+h+Is6FCchR2K0zdlnNbH4aIOxVncoTiHdSjO4R2Kc0SH4ryuQ3GO7FCc7JzydMfh/HTNo/LijN8oF8apJOX6Hc3m049M2zlmhu30FrQzv+j1uMV25rbYznGZx5Wm2U61xXbeOMN2khbbefMM2ykVtBPH7RXZ/sV2YqnF8X9lh+Js71CcqzoU5+oOxfl8h+J8oUNxrplhHIBWxfx/f77XF7or7wo96RknOwsQ892l4z8nv97lnZBivDdk6ucUxcsm6pl4S6fbv+wEQibeskx914R4lXo+MkW8amO85Zk7C7c3O6GQ6d+JmfruonjZiQUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmEW/vfrUT573no+uCUkY+9fUaBPxvvKcVasG2mh395qbl5fXPrynsa670kYgAAAAoFDMw7vqNdXQXVkZupM5E9arpvMA1bRc7qst+xeE1WPLZKA0Xu5JFk35uEr6uBUjm7as2Hbl9rdu2DR0yfAlw5vfvvLUlacPnnb6aSvWb9g4PFj7GUJ3QbwQwvj0w7Yrt392aOPG4a3bapXZ/i9JH7ckLSfp4/rfFgbHltem/V9c0F5pUnuzd6P46AEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/Brt2FyHnVfwA/z8zszHTb/LN/+jYNzWbIS4laNIlbSbV0HxAstEnIUpDZ6lqCTbC4aUKblFjHNmBbExShJRAiuTASi63Fm77YIvaFQKRGA24M0hbthV4orVbSkgtJGcnunNmZ2ZnMOpamjZ/PxTwz5/zO+T1nLha+zw4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDBmqqOTFRGx8YHkxCSLjW1DuJcNp+m5T76fvn57d8vDJ9e2TxWyPWxEQAAANBTzOEDjZFiKOSyIRuumv60NDRNhNncDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/O+Zqo5MVEbHxi9OQki61NQ6iHPZfJqW++j7xjtPfubV4eG/No+V+tgHAAAA6C3m8ExjpBhKYVkYSK5qqYvPBha1rW+vi/ssnmdd+7ODbnXL5ll3zTzrPtajbkP9uisAAADAR1/M/7nGyFAo5BZ0zf+9cn2sW9JWl61f+/mtAAAAAPDfifm/0BgphUKu1Mjr8837S9vq4vpe/7eP61d0Wd/r//nr61f/pwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAj46p6shEZXRsPJuEkHSpqXUQ57L5NC330XfNC4N/v+XIQ0ubxwq5PjYCAAAAeoo5fDZ6F0MhNxgGwsXTuX/4poNPf/HpZ0dCCDMxP58Puzbt2HH3mpnXWLf62JGB7x1961tz6lbPvJ63AwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO+bqerIRGV0bPyiJISkS02tgziXzadpuY++r3/uC39+/ORzbzaPlfrYBwAAAOgt5vDZ7F8MpZAP+XDF9KfmrH9Wpm19t2cGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwIXjnm/c9/VNk5Ob7/bGG2+8abw533+ZAACA99uSkITaf+jKjef7rgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgA+DqerIRGV0bLyYhJB0qal1EOey+TQt99E3ff54YcHpF15qHiv1sQ8AAADQW8zhs9m/GEphIAyEy6c/dXomMJ3/hz7AmwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+VKaqIxOV0bHxBUkISZeaWgdxLptP03IffR/bfeCzhxd+9+bmsUKuj40AAACAnmIOzzdGiqGQ+3gohKvrnydbFyTZ+rXzc4HZddtblg3Oe121ZV123uv2tJ0sVz/NzLpi3G9o5tpYV567rty0rhQa7cst68K+llULetxnAAAAgPMo5v9CY2QoFHKFppz7k5b6ITkXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOhiqjoyURkdG0+SEJIuNbUO4lw2n6blPvre95v/v+QrP927s3ms1Mc+AAAAQG8xh89m/2IohcXh/8Li6dwfhlrrY90/KmcOP/rPv6wMYdUVJ4Zz7dv+ML751es3vtj+EkKmtToTwsJ6v6RLv1//7tF7l9fOPB7CqsuzV8/pF87dr3XLtPZMZfP6HUdPbO/x5QAAAMAFIub/gcbIUCjk7uqa/2Py7pH/G6YD+MJ7d//8svprPZG3rcgM1ftluvT7/PIn/7Ri7d/eOpv/z9XvUwe2Hr6speHMSJskrY1u3bnhxHWHMvHUM/2zbf3j9/Klb775ry27Hjkz078YivXxRblO/ee+trkorU1m9o+ve29/tbV/rsv5H/rtSyd/uWjvu2f7v7NksNH/mnOc/9z9B299eN/1B45saO0fQih36v/2uzeHK/9w54Pt5x9s27j5m29+bZOktWNLTx1ae7B0Q2v/pK1//P5/dvKxfT9+5DvPxv7xtyIrl823f6at/yt7Lt398gMbF7X2z3Q5/4u3vTq8rfzt37ef/46WXXNd72Lu+Z+49qnbX9uU3t8+BQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcGGZqo5MVEbHxjNJCEmXmloHcS6bT9NyH33fuOX427ft/dEPmsdKfewDAAAA9BZz+Gz2L4ZSyId8GJzO/c9UNq/fcfTE9jA0M5vUr7nJbffs+MSWbTvvuuM83TkAAAAwXzH/5xojQ6GQWx4G6vl/dOvODSeuO5SJ+T8T8/+WOyc3rwqNulf2XLr75Qc2Lmo8Jwhh+mcBxbN1n56tu+nG40On/vi1FR3r1szWHVt66tDag6UbYl1orlsdGs8nnrj2qdtf25Te37i/5rpPfnXbZP3xRNx38NaH911/4MiGxjnq18H6vrFuMrN/fN17+6uxLlu/FuvnBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADmmqqOTFRGx8ZDNoSkS02tgziXzadpuY++65b/4sFLTj+3uHmskOtjIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf7MDBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWF/foJjaPs4wD+PLvJm202aZP2BaNimlZFqQeLgoheVFSkFSl4qhSptvYgCoKIUg+m0oqlKl4Eq5ciKqhRCgo2FkurpOK/4sWDCgrVg1CKAe1SPKhk95ntZrrj6qQK6ucDw5PnmZnv/GaeZ2ezAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/KMM9I0128M77m/ccs4NHz1614lHbnrn3m0XPfzqdxObrvtw7+BLJ2c2r9jy5fXLNu2/e8307ucP/TT81i9HewY/1GpWpW4thHg8hlB7d/aZx2Y+PmtuLIYQqnFkMoTRuPTQaMwlrP45hLC5Xef8nW+euHzLXLtt18C88SW5kPx9hXo1q6dlZH69/LvU0jrb2njwkvD1teu3f7r8jdf7p45Nnjok1jrWUwiLN3ae3x9CWJS2OdlqG8tOTu26EMJgx3lX9qjr/D9Y/6UF/XNT+7/U1nvkZPtX5vqV3HH5fqY/1w72uN5CFdVR9rhehnL9/MtooYrqzMZHU/t2alf9yfxqtsVQiaGvXf498dQaCR3zFkNszmWt3a+05zak+8/1Y65fyfWr/bn7al43LbRqjPPHs+Ny49nruC+Nr+h8V3dxa8H42amtpQ/qyawf8n+01E/7o31fTVlds79Ty9+h0vEO6jbenvg0GfU0Vo9LTzvn1y6yfTPrn7iwuuG9wyMFdcS9MeXHUvlbPxkduv21nQ+MFeVvrKT8Sqn8b9Ye+eG2nS88V5j/dJZfLZV/2YHB42vf37Gy8PnMZs+nr1T+HUc/eHL5/++c6jbXzfw9WX6tVP4100cGhhsHDhbWvzp7PotK5X919Y3fvvL5vmOF+SHLHyyVv2H6vqcGxhsXF+YfbH0U6s0VWmL9/Dh1xRfj499PFOV/lj3/4S75sWf+y5O7r3pxya41hetzXfZ8RkrVf/MF+7cPNfadV/TujHvO1DcnwH/TsvQ/1uOpX/Z35kJ1/F54dqKv9Q00lLbhM3mhnLnrLP4L8wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5jBw5IAAAAAAT9f92OQAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgqAAD//2BzKEU=")
r0 = openat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file0\x00', 0x105042, 0x1ff)
fallocate(r0, 0x10, 0x2, 0x5)

3.283324309s ago: executing program 6 (id=762):
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000100)=0x3ff, 0x4)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000040)=0x3cc3, 0x4)
sendmmsg$inet6(r0, &(0x7f00000000c0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0)
recvfrom(r0, 0x0, 0x0, 0x160, 0x0, 0x0)

2.723896744s ago: executing program 8 (id=763):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'pcbc(fcrypt)\x00'}, 0x58)
accept(r0, 0x0, 0x0)
r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
close_range(r1, 0xffffffffffffffff, 0x0)

2.648218205s ago: executing program 3 (id=764):
r0 = open(&(0x7f0000000040)='./file1\x00', 0x80242, 0x0)
pipe(&(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
fcntl$setpipe(r1, 0x407, 0x7000000)
capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000})
sendfile(r0, r0, 0x0, 0x7f03)

745.811151ms ago: executing program 3 (id=765):
syz_open_dev$sndctrl(&(0x7f0000000040), 0xc0000000000, 0x800)
r0 = syz_io_uring_setup(0x34ff, &(0x7f0000000340)={0x0, 0x0, 0x10100}, &(0x7f0000000240), &(0x7f0000000200)=<r1=>0x0)
syz_io_uring_setup(0x1f33, &(0x7f00000002c0), &(0x7f0000000040)=<r2=>0x0, &(0x7f0000000180))
syz_io_uring_submit(r2, r1, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
io_uring_enter(r0, 0x184c, 0x0, 0x0, 0x0, 0x0)

486.237986ms ago: executing program 6 (id=766):
setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x4, &(0x7f0000000000)=0x1, 0x4)
r0 = socket(0x2, 0x80805, 0x0)
r1 = socket$inet(0x2, 0x80001, 0x84)
getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={<r2=>0x0}, &(0x7f0000000040)=0x8)
setsockopt$inet_sctp6_SCTP_CONTEXT(r0, 0x84, 0x11, &(0x7f0000000200)={r2, 0x9}, 0x8)

483.466203ms ago: executing program 8 (id=767):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
connect$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x9)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})

47.509929ms ago: executing program 2 (id=768):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000e00)={@in6={{0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}}, 0x0, 0x0, 0x44, 0x0, "e541bd3d3aa6a2bf75e9671e8abcb31c134f3a9db8f52e7300fe6e079f35ac63186c7244fc3b3801e79f15ced9fd7e55d0345bce05c13ed90158fbdeb70322ea3188f81890e3db00"}, 0xd8)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000000180)={@local, @random="f00a0bffe4a1", @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0)

0s ago: executing program 3 (id=769):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="160000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005800000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10)
setgroups(0x0, 0x0)

kernel console output (not intermixed with test programs):

ialize context!
[  266.317792][   T25] imon 4-1:0.0: unable to register, err -19
[  266.502193][   T25] usb 4-1: USB disconnect, device number 2
[  268.086776][ T6135] loop2: detected capacity change from 0 to 4096
[  268.107375][ T6135] ntfs3(loop2): Different NTFS sector size (2048) and media sector size (512).
[  268.149610][ T5791] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  268.187116][ T5791] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  268.210624][ T5791] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  268.227211][ T5791] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  268.250801][ T5791] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  268.267004][ T6144] process 'syz.3.60' launched '/dev/fd/3' with NULL argv: empty string added
[  268.340799][ T5791] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  268.434369][ T5798] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  268.480707][ T5798] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  268.490704][ T5798] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  268.554456][ T5798] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  268.567404][ T5798] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  268.644203][ T5798] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  268.689861][ T5786] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  268.747733][ T3963] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  269.013077][ T3963] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  269.238352][ T6155] loop4: detected capacity change from 0 to 4096
[  269.368484][ T6157] netlink: 'syz.3.64': attribute type 11 has an invalid length.
[  269.377822][ T6157] netlink: 20 bytes leftover after parsing attributes in process `syz.3.64'.
[  269.466258][ T3963] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  269.637094][ T3963] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  269.734139][ T6155] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  269.805510][ T6155] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  269.826890][ T6161] loop0: detected capacity change from 0 to 8
[  269.904717][ T6161] unable to read xattr id index table
[  270.598105][ T6138] chnl_net:caif_netlink_parms(): no params data found
[  270.716712][ T3963] bridge_slave_1: left allmulticast mode
[  270.722832][ T3963] bridge_slave_1: left promiscuous mode
[  270.729378][ T3963] bridge0: port 2(bridge_slave_1) entered disabled state
[  270.752900][ T5798] Bluetooth: hci0: command tx timeout
[  270.770330][ T3963] bridge_slave_0: left allmulticast mode
[  270.777164][ T3963] bridge_slave_0: left promiscuous mode
[  270.783865][ T3963] bridge0: port 1(bridge_slave_0) entered disabled state
[  271.416697][ T3963] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  271.590014][ T3963] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  271.705999][ T3963] bond0 (unregistering): Released all slaves
[  271.907204][ T6176] loop2: detected capacity change from 0 to 32768
[  271.929599][ T6176] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.69 (6176)
[  272.019897][ T6176] BTRFS info (device loop2): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  272.030665][ T6176] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm
[  272.041138][ T6176] BTRFS info (device loop2): using free-space-tree
[  272.243422][ T6178] sctp: failed to load transform for md5: -2
[  272.862364][ T5798] Bluetooth: hci0: command tx timeout
[  272.926816][ T5796] BTRFS info (device loop2): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  273.386869][ T6214] loop4: detected capacity change from 0 to 256
[  273.551611][ T3963] hsr_slave_0: left promiscuous mode
[  273.599340][ T3963] hsr_slave_1: left promiscuous mode
[  273.657392][ T3963] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  273.666266][ T3963] batman_adv: batadv0: Removing interface: batadv_slave_0
[  273.749591][ T3963] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  273.757623][ T3963] batman_adv: batadv0: Removing interface: batadv_slave_1
[  273.901794][ T3963] veth1_macvtap: left promiscuous mode
[  273.907577][ T3963] veth0_macvtap: left promiscuous mode
[  273.914384][ T3963] veth1_vlan: left promiscuous mode
[  273.919953][ T3963] veth0_vlan: left promiscuous mode
[  274.301294][ T6224] loop4: detected capacity change from 0 to 512
[  274.323021][ T6224] EXT4-fs: Ignoring removed bh option
[  274.386637][ T6224] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842c118, mo2=0002]
[  274.424688][ T6224] System zones: 1-12
[  274.482672][ T6224] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2240: inode #15: comm syz.4.77: corrupted in-inode xattr: e_value size too large
[  274.552408][ T6224] EXT4-fs error (device loop4): ext4_orphan_get:1394: comm syz.4.77: couldn't read orphan inode 15 (err -117)
[  274.580038][ T6224] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  274.915357][ T5798] Bluetooth: hci0: command tx timeout
[  275.075004][ T5797] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  275.177490][ T3963] team0 (unregistering): Port device team_slave_1 removed
[  275.313836][ T3963] team0 (unregistering): Port device team_slave_0 removed
[  276.643351][ T6138] bridge0: port 1(bridge_slave_0) entered blocking state
[  276.651437][ T6138] bridge0: port 1(bridge_slave_0) entered disabled state
[  276.659232][ T6138] bridge_slave_0: entered allmulticast mode
[  276.668527][ T6138] bridge_slave_0: entered promiscuous mode
[  276.719787][ T6250] loop2: detected capacity change from 0 to 16
[  276.781348][ T6250] erofs (device loop2): mounted with root inode @ nid 36.
[  276.853993][ T6138] bridge0: port 2(bridge_slave_1) entered blocking state
[  276.861891][ T6138] bridge0: port 2(bridge_slave_1) entered disabled state
[  276.869627][ T6138] bridge_slave_1: entered allmulticast mode
[  276.878818][ T6138] bridge_slave_1: entered promiscuous mode
[  277.041243][ T5798] Bluetooth: hci0: command tx timeout
[  277.506977][ T6138] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  277.651735][ T6138] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  278.348144][ T6267] loop4: detected capacity change from 0 to 1024
[  278.371363][ T6267] ext4: Unknown parameter 'rootcontext'
[  278.429446][ T6138] team0: Port device team_slave_0 added
[  278.447049][ T6138] team0: Port device team_slave_1 added
[  278.484261][ T6267] overlay: Unknown parameter '
[  278.484261][ T6267] time
[  278.484261][ T6267] string
[  278.484261][ T6267] statistic
[  278.484261][ T6267] state
[  278.484261][ T6267] realm
[  278.484261][ T6267] rateest
[  278.484261][ T6267] quota
[  278.484261][ T6267] pkttype
[  278.484261][ T6267] physdev
[  278.484261][ T6267] cgroup
[  278.484261][ T6267] cgroup
[  278.484261][ T6267] cgroup
[  278.484261][ T6267] owner
[  278.484261][ T6267] nfacct
[  278.484261][ T6267] nfacct
[  278.484261][ T6267] mac
[  278.484261][ T6267] limit
[  278.484261][ T6267] ipvs
[  278.484261][ T6267] helper
[  278.484261][ T6267] devgroup
[  278.484261][ T6267] cpu
[  278.484261][ T6267] conntrack
[  278.484261][ T6267] conntrack
[  278.484261][ T6267] conntrack
[  278.484261][ T6267] connlabel
[  278.484261][ T6267] connbytes
[  278.484261][ T6267] comment
[  278.484261][ T6267] bpf
[  278.484261][ T6267] bpf
[  278.484261][ T6267] connmark
[  278.484261][ T6267] mark
[  278.484261][ T6267] rpfilter
[  278.484261][ T6267] ah
[  278.484261][ T6267] tcpmss
[  278.484261][ T6267] socket
[  278.484261][ T6267] socket
[  278.484261][ T6267] socket
[  278.484261][ T6267] socket
[  278.484261][ T6267] sctp
[  278.484261][ T6267] recent
[  278.484261][ T6267] recent
[  278.484261][ T6267] policy
[  278.484261][ T6267] osf
[  278.484261][ T6267] multiport
[  278.484261][ T6267] length
[  278.484261][ T6267] l2tp
[  278.484261][ T6267] iprange
[  278.484261][ T6267] ipcomp
[  278.484261][ T6267] ttl
[  278.484261][ T6267] hashlimit
[  278.484261][ T6267] hashlimit
[  278.484261][ T6267] hashlimit
[  278.484261][ T6267] esp
[  278.484261][ T6267] ecn
[  278.484261][ T6267] tos
[  278.484261][ T6267] dscp
[  278.484261][ T6267] dccp
[  278.484261][ T6267] connlimit
[  278.484261][ T6267] cluster
[  278.484261][ T6267] addrtype
[  278.484261][ T6267] addrtype
[  278.484261][ T6267] set
[  278.484261][ T6267] set
[  278.484261][ T6267] set
[  278.484261][ T6267] set
[  278.484261][ T6267] set
[  278.484261][ T6267] icmp
[  278.668694][    C1] vkms_vblank_simulate: vblank timer overrun
[  278.814965][ T6270] bridge_slave_0: default FDB implementation only supports local addresses
[  278.962373][ T6138] batman_adv: batadv0: Adding interface: batadv_slave_0
[  278.969688][ T6138] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  278.996194][ T6138] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  279.139718][ T6138] batman_adv: batadv0: Adding interface: batadv_slave_1
[  279.147375][ T6138] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  279.182759][ T6138] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  279.521580][   T25] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  279.767418][ T6138] hsr_slave_0: entered promiscuous mode
[  279.789535][   T25] usb 3-1: New USB device found, idVendor=249c, idProduct=9002, bcdDevice=de.ad
[  279.799141][   T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  279.853530][   T25] usb 3-1: config 0 descriptor??
[  279.863722][ T6138] hsr_slave_1: entered promiscuous mode
[  279.921678][ T6138] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  279.930160][ T6138] Cannot create hsr debugfs directory
[  280.191844][   T25] usb 3-1: can't set first interface for hiFace device.
[  280.199157][   T25] snd-usb-hiface 3-1:0.0: probe with driver snd-usb-hiface failed with error -5
[  280.318294][   T25] usb 3-1: USB disconnect, device number 2
[  280.743286][ T1281] ieee802154 phy0 wpan0: encryption failed: -22
[  280.750156][ T1281] ieee802154 phy1 wpan1: encryption failed: -22
[  281.361359][ T6295] loop0: detected capacity change from 0 to 40427
[  281.386112][ T6295] F2FS-fs (loop0): build fault injection attr: rate: 771, type: 0x1fffff
[  281.435155][ T6295] F2FS-fs (loop0): invalid crc value
[  281.499981][ T6295] F2FS-fs (loop0): Found nat_bits in checkpoint
[  281.912689][ T6295] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  281.989696][ T6138] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  281.999312][   T29] audit: type=1800 audit(1735916751.011:2): pid=6295 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.101" name="file1" dev="loop0" ino=10 res=0 errno=0
[  282.099901][ T6138] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  282.179835][ T6311] netlink: 8 bytes leftover after parsing attributes in process `syz.4.104'.
[  282.217751][ T6138] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  282.223557][ T5789] syz-executor: attempt to access beyond end of device
[  282.223557][ T5789] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  282.239298][ T5789] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  282.492626][ T6138] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  282.586491][ T6314] mmap: syz.3.106 (6314): VmData 37425152 exceed data ulimit 3626. Update limits or use boot option ignore_rlimit_data.
[  282.932167][ T6318] netlink: 4 bytes leftover after parsing attributes in process `syz.3.109'.
[  282.994746][ T6318] team1: entered promiscuous mode
[  283.001163][ T6318] 8021q: adding VLAN 0 to HW filter on device team1
[  283.574850][ T6138] 8021q: adding VLAN 0 to HW filter on device bond0
[  283.645540][ T6138] 8021q: adding VLAN 0 to HW filter on device team0
[  283.749961][ T6138] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  283.760703][ T6138] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  283.849272][ T5072] bridge0: port 1(bridge_slave_0) entered blocking state
[  283.857032][ T5072] bridge0: port 1(bridge_slave_0) entered forwarding state
[  283.872553][ T5072] bridge0: port 2(bridge_slave_1) entered blocking state
[  283.880220][ T5072] bridge0: port 2(bridge_slave_1) entered forwarding state
[  284.479734][ T6332] netlink: 12 bytes leftover after parsing attributes in process `syz.2.108'.
[  285.186081][ T6347] loop2: detected capacity change from 0 to 512
[  285.825334][ T6347] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  285.839211][ T6347] ext4 filesystem being mounted at /26/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  285.941802][ T5867] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  286.035804][ T6138] 8021q: adding VLAN 0 to HW filter on device batadv0
[  286.161672][ T5867] usb 4-1: Using ep0 maxpacket: 16
[  286.202066][ T5867] usb 4-1: config 0 has an invalid interface number: 41 but max is 0
[  286.216708][ T5867] usb 4-1: config 0 has no interface number 0
[  286.228244][ T5867] usb 4-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  286.240052][ T5867] usb 4-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  286.250444][ T5867] usb 4-1: config 0 interface 41 has no altsetting 0
[  286.383211][ T5867] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a
[  286.392814][ T5867] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  286.401270][ T5867] usb 4-1: Product: syz
[  286.405683][ T5867] usb 4-1: Manufacturer: syz
[  286.410516][ T5867] usb 4-1: SerialNumber: syz
[  286.507257][ T5796] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  286.553939][ T5867] usb 4-1: config 0 descriptor??
[  286.566274][ T6358] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  286.604500][ T6366] team0: entered promiscuous mode
[  286.605841][ T6358] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  286.609697][ T6366] team_slave_0: entered promiscuous mode
[  286.624019][ T6366] team_slave_1: entered promiscuous mode
[  286.799749][ T6365] team0: left promiscuous mode
[  286.805304][ T6365] team_slave_0: left promiscuous mode
[  286.811974][ T6365] team_slave_1: left promiscuous mode
[  286.955658][ T6358] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  287.025791][ T6358] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  287.130119][ T6372] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5)
[  287.136961][ T6372] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  287.145277][ T6372] vhci_hcd vhci_hcd.0: Device attached
[  287.351399][   T25] vhci_hcd: vhci_device speed not set
[  287.424143][   T25] usb 37-1: new full-speed USB device number 2 using vhci_hcd
[  287.537754][ T5867] Error reading MAC address
[  287.546090][ T6358] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  287.583578][   T44] usb 3-1: new low-speed USB device number 3 using dummy_hcd
[  287.624027][ T6358] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  287.911961][   T44] usb 3-1: config 0 has no interfaces?
[  287.917774][   T44] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  287.927630][   T44] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  287.931887][ T5867] sr9700 4-1:0.41 (unnamed net_device) (uninitialized): Error reading MAC address
[  288.045886][ T5867] usb 4-1: USB disconnect, device number 3
[  288.051253][   T44] usb 3-1: config 0 descriptor??
[  288.302008][ T6375] usb 37-1: recv xbuf, 0
[  288.309270][   T44] usb 3-1: USB disconnect, device number 3
[  288.330481][ T3587] vhci_hcd: stop threads
[  288.335862][ T3587] vhci_hcd: release socket
[  288.340729][ T3587] vhci_hcd: disconnect device
[  288.394964][   T25] vhci_hcd: vhci_device speed not set
[  289.062988][ T6138] veth0_vlan: entered promiscuous mode
[  289.191598][ T6138] veth1_vlan: entered promiscuous mode
[  289.656476][ T6138] veth0_macvtap: entered promiscuous mode
[  289.709133][ T6138] veth1_macvtap: entered promiscuous mode
[  289.930646][ T6138] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  289.942118][ T6138] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  289.952392][ T6138] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  289.963207][ T6138] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  289.973503][ T6138] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  289.986730][ T6138] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  289.997183][ T6138] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  290.014235][ T6138] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  290.030618][ T6138] batman_adv: batadv0: Interface activated: batadv_slave_0
[  290.543931][ T6138] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  290.554844][ T6138] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  290.565039][ T6138] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  290.575814][ T6138] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  290.585952][ T6138] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  290.597000][ T6138] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  290.607171][ T6138] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  290.617965][ T6138] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  290.640231][ T6138] batman_adv: batadv0: Interface activated: batadv_slave_1
[  290.839156][ T6138] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  290.848430][ T6138] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  290.857627][ T6138] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  290.866764][ T6138] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  291.596423][ T6428] netlink: 12 bytes leftover after parsing attributes in process `syz.3.136'.
[  291.776100][   T44] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  291.982185][   T44] usb 1-1: Using ep0 maxpacket: 8
[  292.075206][   T44] usb 1-1: New USB device found, idVendor=0c45, idProduct=613b, bcdDevice=c4.6d
[  292.085528][   T44] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  292.094071][   T44] usb 1-1: Product: syz
[  292.098492][   T44] usb 1-1: Manufacturer: syz
[  292.103442][   T44] usb 1-1: SerialNumber: syz
[  292.247108][   T44] usb 1-1: config 0 descriptor??
[  292.337689][   T44] gspca_main: sonixj-2.14.0 probing 0c45:613b
[  292.924383][ T6434] loop2: detected capacity change from 0 to 4096
[  293.425252][ T5867] usb 1-1: USB disconnect, device number 4
[  294.463389][   T29] audit: type=1326 audit(1735916763.431:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6465 comm="syz.3.147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c25185d29 code=0x7ffc0000
[  294.486104][   T29] audit: type=1326 audit(1735916763.431:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6465 comm="syz.3.147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c25185d29 code=0x7ffc0000
[  294.509049][   T29] audit: type=1326 audit(1735916763.461:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6465 comm="syz.3.147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f4c25185d29 code=0x7ffc0000
[  294.531679][   T29] audit: type=1326 audit(1735916763.461:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6465 comm="syz.3.147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c25185d29 code=0x7ffc0000
[  294.554174][   T29] audit: type=1326 audit(1735916763.461:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6465 comm="syz.3.147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f4c25185d29 code=0x7ffc0000
[  294.576629][   T29] audit: type=1326 audit(1735916763.461:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6465 comm="syz.3.147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c25185d29 code=0x7ffc0000
[  294.599433][   T29] audit: type=1326 audit(1735916763.471:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6465 comm="syz.3.147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7f4c25185d29 code=0x7ffc0000
[  294.622013][   T29] audit: type=1326 audit(1735916763.471:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6465 comm="syz.3.147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=96 compat=0 ip=0xffffffffff600000 code=0x7ffc0000
[  294.644835][   T29] audit: type=1326 audit(1735916763.481:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6465 comm="syz.3.147" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c25185d29 code=0x7ffc0000
[  295.595358][ T6485] warning: `syz.3.150' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  296.284899][ T6484] loop0: detected capacity change from 0 to 32768
[  296.307818][ T6484] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.149 (6484)
[  296.342498][ T6484] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  296.354167][ T6484] BTRFS info (device loop0): using crc32c (crc32c-x86_64) checksum algorithm
[  296.364037][ T6484] BTRFS info (device loop0): using free-space-tree
[  297.151911][ T5789] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  299.035265][ T6526] loop3: detected capacity change from 0 to 40427
[  299.068220][ T6526] F2FS-fs (loop3): build fault injection attr: rate: 771, type: 0x1fffff
[  299.081386][ T6526] F2FS-fs (loop3): invalid crc value
[  299.135834][ T6526] F2FS-fs (loop3): Found nat_bits in checkpoint
[  299.427212][ T6526] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  299.621233][   T29] audit: type=1800 audit(1735916768.621:12): pid=6526 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.158" name="file1" dev="loop3" ino=10 res=0 errno=0
[  299.783601][ T5795] syz-executor: attempt to access beyond end of device
[  299.783601][ T5795] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  299.798809][ T5795] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  300.014293][ T3587] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  300.023717][ T3587] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  300.041440][ T1864] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  300.050020][ T1864] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  300.275553][ T6538] netlink: 8 bytes leftover after parsing attributes in process `syz.2.163'.
[  300.285508][ T6538] netlink: 16 bytes leftover after parsing attributes in process `syz.2.163'.
[  300.671316][ T6541] sctp: [Deprecated]: syz.4.161 (pid 6541) Use of struct sctp_assoc_value in delayed_ack socket option.
[  300.671316][ T6541] Use struct sctp_sack_info instead
[  301.059660][ T6548] loop2: detected capacity change from 0 to 128
[  301.212252][ T6550] loop0: detected capacity change from 0 to 512
[  301.261402][ T6548] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  301.283567][ T6550] EXT4-fs: Ignoring removed oldalloc option
[  301.388358][ T6548] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  301.418603][ T6550] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  301.428750][ T6550] EXT4-fs (loop0): mounting ext2 file system using the ext4 subsystem
[  301.702465][ T6554] loop4: detected capacity change from 0 to 64
[  301.721376][ T6550] EXT4-fs (loop0): warning: checktime reached, running e2fsck is recommended
[  301.891349][ T6550] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=a042c09c, mo2=0002]
[  301.899963][ T6550] System zones: 0-2, 18-18, 34-34
[  302.007765][ T6550] EXT4-fs warning (device loop0): ext4_update_dynamic_rev:1145: updating to rev 1 because of new feature flag, running e2fsck is recommended
[  302.148147][ T6550] EXT4-fs (loop0): 1 truncate cleaned up
[  302.155954][ T6550] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  302.871868][ T5789] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  304.066577][ T6584] loop0: detected capacity change from 0 to 512
[  304.221611][ T6584] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  304.235038][ T6584] ext4 filesystem being mounted at /40/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  304.511739][   T25] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  304.512158][ T6584] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  304.596986][ T6584] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 31 with max blocks 33 with error 28
[  304.610568][ T6584] EXT4-fs (loop0): This should not happen!! Data will be lost
[  304.610568][ T6584] 
[  304.620698][ T6584] EXT4-fs (loop0): Total free blocks count 0
[  304.627096][ T6584] EXT4-fs (loop0): Free/Dirty block details
[  304.633496][ T6584] EXT4-fs (loop0): free_blocks=65280
[  304.639047][ T6584] EXT4-fs (loop0): dirty_blocks=33
[  304.644722][ T6584] EXT4-fs (loop0): Block reservation details
[  304.656909][ T6584] EXT4-fs (loop0): i_reserved_data_blocks=33
[  304.754924][   T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  304.766514][   T25] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  304.776809][   T25] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  304.790193][   T25] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  304.799720][   T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  304.850412][   T25] usb 5-1: config 0 descriptor??
[  305.377335][ T5789] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  305.521404][   T25] plantronics 0003:047F:FFFF.0002: No inputs registered, leaving
[  305.576743][   T25] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  305.828657][   T25] usb 5-1: USB disconnect, device number 2
[  306.681417][ T6616] loop4: detected capacity change from 0 to 64
[  306.984630][ T6621] capability: warning: `syz.3.188' uses deprecated v2 capabilities in a way that may be insecure
[  307.007285][ T6621] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only
[  307.017580][ T6621] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  307.029514][ T6621] overlayfs: failed to get uuid (46/file1, err=-13); falling back to uuid=null.
[  307.740188][ T6630] loop3: detected capacity change from 0 to 512
[  307.845889][ T6630] EXT4-fs (loop3): mounting ext3 file system using the ext4 subsystem
[  307.910217][ T6630] EXT4-fs (loop3): invalid journal inode
[  307.916327][ T6630] EXT4-fs (loop3): can't get journal size
[  308.046460][ T6630] EXT4-fs (loop3): 1 truncate cleaned up
[  308.054099][ T6630] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  308.572710][ T6643] EXT4-fs (loop3): shut down requested (2)
[  309.098932][ T5867] hid-generic 0005:0B57:FFF9.0003: item fetching failed at offset 0/1
[  309.099829][ T5795] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  309.118905][ T6654] netlink: 4 bytes leftover after parsing attributes in process `syz.0.198'.
[  309.178080][ T5867] hid-generic 0005:0B57:FFF9.0003: probe with driver hid-generic failed with error -22
[  309.310157][ T6650] loop2: detected capacity change from 0 to 256
[  309.531819][ T5842] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  309.731739][ T5842] usb 5-1: Using ep0 maxpacket: 16
[  309.759662][ T5842] usb 5-1: config index 0 descriptor too short (expected 16456, got 72)
[  309.768896][ T5842] usb 5-1: config 0 has an invalid interface number: 125 but max is 1
[  309.783181][ T5842] usb 5-1: config 0 has an invalid interface number: 125 but max is 1
[  309.794499][ T5842] usb 5-1: config 0 has an invalid interface number: 125 but max is 1
[  309.803133][ T5842] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2
[  309.812444][ T5842] usb 5-1: config 0 has no interface number 0
[  309.818869][ T5842] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0x4 has invalid maxpacket 21760, setting to 64
[  309.830503][ T5842] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0xB has invalid wMaxPacketSize 0
[  309.840849][ T5842] usb 5-1: config 0 interface 125 altsetting 4 endpoint 0x2 has invalid wMaxPacketSize 0
[  309.851643][ T5842] usb 5-1: config 0 interface 125 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  309.865275][ T5842] usb 5-1: config 0 interface 125 has no altsetting 0
[  309.877829][ T5842] usb 5-1: config 0 interface 125 has no altsetting 2
[  310.138927][ T5842] usb 5-1: New USB device found, idVendor=050d, idProduct=0002, bcdDevice=23.27
[  310.148565][ T5842] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  310.157225][ T5842] usb 5-1: Product: syz
[  310.161765][ T5842] usb 5-1: Manufacturer: syz
[  310.166686][ T5842] usb 5-1: SerialNumber: syz
[  310.179000][ T5842] usb 5-1: config 0 descriptor??
[  310.228241][ T5842] usb 5-1: selecting invalid altsetting 2
[  311.210772][ T6675] loop5: detected capacity change from 0 to 4096
[  311.481849][ T5842] get_1284_register timeout
[  311.486922][    C0] usb 5-1: async_complete: urb error -104
[  311.493438][    C0] usb 5-1: async_complete: urb error -104
[  311.499787][ T5842] uss720 5-1:0.125: probe with driver uss720 failed with error -5
[  312.080510][   T25] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  312.321862][ T6693] overlayfs: invalid origin (00000079000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000)
[  312.342409][   T25] usb 1-1: Using ep0 maxpacket: 32
[  312.357556][   T25] usb 1-1: config 1 interface 0 has no altsetting 0
[  312.409118][   T25] usb 1-1: New USB device found, idVendor=05ac, idProduct=0254, bcdDevice= 0.40
[  312.418732][   T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  312.427170][   T25] usb 1-1: Product: syz
[  312.431821][   T25] usb 1-1: Manufacturer: syz
[  312.438168][   T25] usb 1-1: SerialNumber: syz
[  312.704649][   T25] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input8
[  312.717690][ T5130] bcm5974 1-1:1.0: could not read from device
[  312.854110][ T5130] bcm5974 1-1:1.0: could not read from device
[  312.877919][   T25] usb 1-1: USB disconnect, device number 5
[  312.914334][ T5130] bcm5974 1-1:1.0: could not read from device
[  313.236410][ T5842] usb 5-1: USB disconnect, device number 3
[  315.852572][ T6744] sctp: [Deprecated]: syz.3.225 (pid 6744) Use of struct sctp_assoc_value in delayed_ack socket option.
[  315.852572][ T6744] Use struct sctp_sack_info instead
[  316.406710][ T6741] loop5: detected capacity change from 0 to 32768
[  316.946509][ T6754] loop4: detected capacity change from 0 to 64
[  317.025097][ T6741] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  317.138169][ T6741] OCFS2: ERROR (device loop5): int ocfs2_validate_dx_root(struct super_block *, struct buffer_head *): Dir Index Root # 28549323745621536 has bad signature 
[  317.162213][ T6741] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  317.174893][ T6741] OCFS2: File system is now read-only.
[  317.180577][ T6741] (syz.5.224,6741,0):ocfs2_find_entry_dx:1029 ERROR: status = -30
[  318.096023][ T6138] ocfs2: Unmounting device (7,5) on (node local)
[  318.971550][ T5072] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  319.171666][ T6781] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only
[  319.181574][ T6781] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  319.194721][ T6781] overlayfs: fs on './file0' does not support file handles, falling back to xino=off.
[  320.021419][ T5072] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  320.137594][ T6791] loop5: detected capacity change from 0 to 512
[  320.163717][ T6791] EXT4-fs: Ignoring removed bh option
[  320.284323][ T6787] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(3)
[  320.291764][ T6787] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless)
[  320.299783][ T6787] vhci_hcd vhci_hcd.0: Device attached
[  320.354415][ T6791] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  320.367792][ T6791] ext4 filesystem being mounted at /17/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  320.390560][ T5791] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  320.434196][ T5072] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  320.471031][ T5791] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  320.480334][ T5791] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  320.494143][ T5791] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  320.507924][ T5791] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  320.517261][ T5791] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  320.567814][ T6790] vhci_hcd: connection closed
[  320.635074][ T6803] loop4: detected capacity change from 0 to 512
[  320.649263][ T6803] EXT4-fs: Ignoring removed oldalloc option
[  320.689781][ T3587] vhci_hcd: stop threads
[  320.694416][ T3587] vhci_hcd: release socket
[  320.699040][ T3587] vhci_hcd: disconnect device
[  320.723670][ T6803] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  320.746868][   T25] vhci_hcd: vhci_device speed not set
[  320.768128][ T5072] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  320.942156][ T6803] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  320.955390][ T6803] ext4 filesystem being mounted at /50/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  321.052262][   T29] audit: type=1800 audit(2000000000.710:13): pid=6803 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.243" name="file1" dev="loop4" ino=15 res=0 errno=0
[  321.096320][ T6138] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  321.148174][   T29] audit: type=1800 audit(2000000000.790:14): pid=6810 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.243" name="file2" dev="loop4" ino=16 res=0 errno=0
[  321.315760][ T6815] loop2: detected capacity change from 0 to 256
[  321.640386][ T5072] bridge_slave_1: left allmulticast mode
[  321.646934][ T5072] bridge_slave_1: left promiscuous mode
[  321.661180][ T5072] bridge0: port 2(bridge_slave_1) entered disabled state
[  321.704596][ T6815] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  321.780328][ T5072] bridge_slave_0: left allmulticast mode
[  321.788313][ T5072] bridge_slave_0: left promiscuous mode
[  321.795180][ T5072] bridge0: port 1(bridge_slave_0) entered disabled state
[  321.885217][ T5797] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  322.033699][ T6815] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  322.182768][ T6823] loop3: detected capacity change from 0 to 64
[  322.513853][ T6828] Zero length message leads to an empty skb
[  322.631376][ T5798] Bluetooth: hci1: command tx timeout
[  323.506329][ T5072] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  323.622934][ T5072] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  323.657372][ T5072] bond0 (unregistering): Released all slaves
[  324.424058][ T6850] loop4: detected capacity change from 0 to 128
[  324.588848][ T6798] chnl_net:caif_netlink_parms(): no params data found
[  324.697354][ T5798] Bluetooth: hci1: command tx timeout
[  324.743352][ T6850] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  324.872911][ T5072] hsr_slave_0: left promiscuous mode
[  324.881763][ T6850] ext4 filesystem being mounted at /53/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  324.907605][ T5072] hsr_slave_1: left promiscuous mode
[  324.972686][ T5072] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  324.980458][ T5072] batman_adv: batadv0: Removing interface: batadv_slave_0
[  325.018247][ T5072] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  325.026302][ T5072] batman_adv: batadv0: Removing interface: batadv_slave_1
[  325.059368][ T5072] veth1_macvtap: left promiscuous mode
[  325.065551][ T5072] veth0_macvtap: left promiscuous mode
[  325.071892][ T5072] veth1_vlan: left promiscuous mode
[  325.077446][ T5072] veth0_vlan: left promiscuous mode
[  325.916936][ T6861] loop3: detected capacity change from 0 to 32768
[  326.032942][ T5797] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  326.059478][ T6861] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  326.151178][   T29] audit: type=1800 audit(2000000005.809:15): pid=6861 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.259" name="bus" dev="loop3" ino=17058 res=0 errno=0
[  326.287003][ T6866] loop4: detected capacity change from 0 to 256
[  326.325361][ T5072] team0 (unregistering): Port device team_slave_1 removed
[  326.349496][ T5072] team0 (unregistering): Port device team_slave_0 removed
[  326.456232][ T6861] workqueue: Failed to create a rescuer kthread for wq "dio/loop3": -EINTR
[  326.456567][ T6861] (syz.3.259,6861,0):ocfs2_dio_end_io:2424 ERROR: Direct IO failed, bytes = -12
[  326.785622][ T5798] Bluetooth: hci1: command tx timeout
[  326.825694][ T6858] netlink: 'syz.5.258': attribute type 34 has an invalid length.
[  327.063957][ T5795] ocfs2: Unmounting device (7,3) on (node local)
[  327.765659][ T6879] loop2: detected capacity change from 0 to 128
[  327.816473][ T6866] FAT-fs (loop4): Directory bread(block 64) failed
[  327.823518][ T6866] FAT-fs (loop4): Directory bread(block 65) failed
[  327.830427][ T6866] FAT-fs (loop4): Directory bread(block 66) failed
[  327.837539][ T6866] FAT-fs (loop4): Directory bread(block 67) failed
[  327.844670][ T6866] FAT-fs (loop4): Directory bread(block 68) failed
[  327.851571][ T6866] FAT-fs (loop4): Directory bread(block 69) failed
[  327.858476][ T6866] FAT-fs (loop4): Directory bread(block 70) failed
[  327.865394][ T6866] FAT-fs (loop4): Directory bread(block 71) failed
[  327.872440][ T6866] FAT-fs (loop4): Directory bread(block 72) failed
[  327.879669][ T6866] FAT-fs (loop4): Directory bread(block 73) failed
[  327.892252][ T6879] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[  327.976381][ T6798] bridge0: port 1(bridge_slave_0) entered blocking state
[  327.984215][ T6798] bridge0: port 1(bridge_slave_0) entered disabled state
[  327.992287][ T6798] bridge_slave_0: entered allmulticast mode
[  328.006623][ T6798] bridge_slave_0: entered promiscuous mode
[  328.059123][ T6798] bridge0: port 2(bridge_slave_1) entered blocking state
[  328.067689][ T6798] bridge0: port 2(bridge_slave_1) entered disabled state
[  328.075649][ T6798] bridge_slave_1: entered allmulticast mode
[  328.084692][ T6798] bridge_slave_1: entered promiscuous mode
[  328.224260][ T6879] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  328.248867][ T6798] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  328.291988][ T6879] ext2 filesystem being mounted at /58/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  328.421953][ T6798] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  328.702365][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  328.853975][ T5798] Bluetooth: hci1: command tx timeout
[  328.859613][ T6798] team0: Port device team_slave_0 added
[  328.950304][ T6798] team0: Port device team_slave_1 added
[  328.963212][ T6896] netlink: 12 bytes leftover after parsing attributes in process `syz.5.267'.
[  328.980618][ T5796] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  329.161386][ T6798] batman_adv: batadv0: Adding interface: batadv_slave_0
[  329.168590][ T6798] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  329.195219][ T6798] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  329.315288][ T6798] batman_adv: batadv0: Adding interface: batadv_slave_1
[  329.322706][ T6798] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  329.351691][ T6798] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  330.221305][ T6798] hsr_slave_0: entered promiscuous mode
[  330.245789][ T6798] hsr_slave_1: entered promiscuous mode
[  330.308622][ T6905] syz_tun: entered promiscuous mode
[  330.334945][ T6911] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  330.358168][ T6905] syz_tun: left promiscuous mode
[  330.902364][ T6920] binder: 6919:6920 ioctl c0306201 20000080 returned -14
[  331.208359][ T6925] netlink: 'syz.4.277': attribute type 11 has an invalid length.
[  331.216854][ T6925] netlink: 204 bytes leftover after parsing attributes in process `syz.4.277'.
[  332.061991][ T6931] netlink: 4 bytes leftover after parsing attributes in process `syz.3.281'.
[  332.077351][ T6798] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  332.113524][ T6798] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  332.154140][ T6798] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  332.218846][ T6798] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  333.494487][ T6798] 8021q: adding VLAN 0 to HW filter on device bond0
[  333.548614][ T6798] 8021q: adding VLAN 0 to HW filter on device team0
[  333.685002][ T3555] bridge0: port 1(bridge_slave_0) entered blocking state
[  333.692839][ T3555] bridge0: port 1(bridge_slave_0) entered forwarding state
[  333.898715][ T6798] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  333.909859][ T6798] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  333.985482][ T6965] netlink: 57923 bytes leftover after parsing attributes in process `syz.3.288'.
[  334.064371][ T5798] Bluetooth: hci0: unexpected event 0x31 length: 83 > 6
[  334.082243][ T3555] bridge0: port 2(bridge_slave_1) entered blocking state
[  334.097107][ T3555] bridge0: port 2(bridge_slave_1) entered forwarding state
[  334.669967][ T6969] loop2: detected capacity change from 0 to 2048
[  334.859832][ T6969] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  335.224094][ T6798] 8021q: adding VLAN 0 to HW filter on device batadv0
[  336.369358][ T7000] loop4: detected capacity change from 0 to 512
[  336.432939][ T6999] input: syz0 as /devices/virtual/input/input10
[  336.452622][ T7000] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  336.466334][ T7000] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  336.566243][ T7000] EXT4-fs (loop4): 1 orphan inode deleted
[  336.572515][ T7000] EXT4-fs (loop4): 1 truncate cleaned up
[  336.580114][ T7000] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  336.749850][ T7000] EXT4-fs error (device loop4): ext4_lookup:1813: inode #16: comm syz.4.298: iget: bad extra_isize 46 (inode size 256)
[  336.881316][ T7000] EXT4-fs (loop4): Remounting filesystem read-only
[  337.376070][ T5797] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  337.838821][ T7019] loop4: detected capacity change from 0 to 128
[  338.422142][ T6798] veth0_vlan: entered promiscuous mode
[  338.497707][ T6798] veth1_vlan: entered promiscuous mode
[  338.588367][ T7026] mmap: syz.2.305 (7026) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  338.827187][ T6798] veth0_macvtap: entered promiscuous mode
[  338.887560][ T6798] veth1_macvtap: entered promiscuous mode
[  339.112079][ T6798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  339.123326][ T6798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  339.133480][ T6798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  339.144248][ T6798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  339.155153][ T6798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  339.166027][ T6798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  339.176778][ T6798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  339.187859][ T6798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  339.202532][ T6798] batman_adv: batadv0: Interface activated: batadv_slave_0
[  339.331421][   T25] Bluetooth: hci0: Opcode 0x0c1a failed: -110
[  339.332894][ T5798] Bluetooth: hci0: command 0x0405 tx timeout
[  339.337679][   T25] Bluetooth: hci0: Error when powering off device on rfkill (-110)
[  339.912695][ T5417] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  340.029475][ T6798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  340.029580][ T6798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  340.029638][ T6798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  340.029723][ T6798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  340.029782][ T6798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  340.029867][ T6798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  340.029945][ T6798] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  340.030030][ T6798] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  340.035590][ T6798] batman_adv: batadv0: Interface activated: batadv_slave_1
[  340.070356][ T6798] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  340.070584][ T6798] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  340.070788][ T6798] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  340.071179][ T6798] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  340.302750][ T5417] usb 4-1: Using ep0 maxpacket: 32
[  340.310431][ T5417] usb 4-1: unable to get BOS descriptor or descriptor too short
[  341.107198][ T5417] usb 4-1: config 127 has an invalid interface number: 25 but max is 0
[  341.115973][ T5417] usb 4-1: config 127 has no interface number 0
[  341.122788][ T5417] usb 4-1: config 127 interface 25 has no altsetting 0
[  341.208048][ T5417] usb 4-1: New USB device found, idVendor=1110, idProduct=9000, bcdDevice=f4.11
[  341.208222][ T5417] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  341.208366][ T5417] usb 4-1: Product: syz
[  341.208475][ T5417] usb 4-1: Manufacturer: syz
[  341.208585][ T5417] usb 4-1: SerialNumber: syz
[  341.500713][ T5417] usb 4-1: [ueagle-atm] ADSL device founded vid (0X1110) pid (0X9000) Rev (0XF411): ADI930
[  341.642379][   T25] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[  341.648734][   T25] Bluetooth: hci1: Error when powering off device on rfkill (-110)
[  341.715277][ T5798] Bluetooth: hci1: command 0x0c1a tx timeout
[  342.138898][ T1281] ieee802154 phy0 wpan0: encryption failed: -22
[  342.145787][ T1281] ieee802154 phy1 wpan1: encryption failed: -22
[  342.163618][ T5417] usb 4-1: reset high-speed USB device number 4 using dummy_hcd
[  342.340631][ T5417] usb 4-1: unable to get BOS descriptor or descriptor too short
[  342.546625][ T7064] loop2: detected capacity change from 0 to 1024
[  342.582582][ T7064] EXT4-fs: Ignoring removed orlov option
[  342.588904][ T7064] EXT4-fs: Ignoring removed nomblk_io_submit option
[  342.839173][ T7064] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a84ec018, mo2=0002]
[  342.885294][ T5417] ueagle-atm 4-1:127.25: usbatm_usb_probe: bind failed: -19!
[  342.964091][ T7064] System zones: 0-1, 3-36
[  343.016162][ T7064] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  343.092735][ T5417] usb 4-1: USB disconnect, device number 4
[  343.472684][ T7077] syzkaller1: entered promiscuous mode
[  343.478589][ T7077] syzkaller1: entered allmulticast mode
[  343.527113][ T5796] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  344.123274][ T7082] loop4: detected capacity change from 0 to 2048
[  344.246834][ T7082] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  344.649899][ T7088] loop3: detected capacity change from 0 to 2048
[  344.903071][ T5797] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  346.251801][ T7117] use of bytesused == 0 is deprecated and will be removed in the future,
[  346.260470][ T7117] use the actual size instead.
[  346.467746][ T7121] loop4: detected capacity change from 0 to 128
[  346.725520][ T7124] netlink: 'syz.2.332': attribute type 1 has an invalid length.
[  346.733672][ T7124] netlink: 'syz.2.332': attribute type 2 has an invalid length.
[  347.227022][ T1076] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  347.244271][ T1076] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  347.288068][ T3963] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  347.296285][ T3963] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  347.851922][ T7136] loop4: detected capacity change from 0 to 128
[  347.966475][ T7139] netlink: 8 bytes leftover after parsing attributes in process `syz.6.240'.
[  348.990770][ T7152] loop6: detected capacity change from 0 to 1024
[  349.051868][ T7152] EXT4-fs: Ignoring removed nobh option
[  349.057916][ T7152] EXT4-fs: Ignoring removed bh option
[  349.223508][ T7152] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  349.856525][ T6798] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  350.094275][ T5417] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  350.271203][ T5417] usb 6-1: Using ep0 maxpacket: 16
[  350.299869][ T5417] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  350.311366][ T5417] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  350.324666][ T5417] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  350.331303][ T5842] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  350.334184][ T5417] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  350.552471][ T5842] usb 3-1: Using ep0 maxpacket: 8
[  350.554368][ T5417] usb 6-1: config 0 descriptor??
[  350.649224][ T5842] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  350.660069][ T5842] usb 3-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[  350.670325][ T5842] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  350.735726][ T5842] usb 3-1: config 0 descriptor??
[  350.765878][ T5842] gspca_main: vc032x-2.14.0 probing 046d:0892
[  350.821728][   T25] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  350.912639][ T7181] loop6: detected capacity change from 0 to 512
[  351.008391][ T7181] EXT4-fs (loop6): Invalid default hash set in the superblock
[  351.018220][   T25] usb 4-1: Using ep0 maxpacket: 16
[  351.050138][   T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  351.061716][   T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  351.073031][   T25] usb 4-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  351.082713][   T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  351.128665][   T25] usb 4-1: config 0 descriptor??
[  351.421748][ T5417] usbhid 6-1:0.0: can't add hid device: -71
[  351.428915][ T5417] usbhid 6-1:0.0: probe with driver usbhid failed with error -71
[  351.524138][ T5417] usb 6-1: USB disconnect, device number 2
[  351.661159][   T25] input: HID 05ac:8241 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:05AC:8241.0004/input/input11
[  351.807614][ T5842] gspca_vc032x: reg_r err -71
[  351.813102][ T5842] vc032x 3-1:0.0: probe with driver vc032x failed with error -71
[  351.858757][ T5842] usb 3-1: USB disconnect, device number 4
[  351.983191][   T25] appleir 0003:05AC:8241.0004: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.3-1/input0
[  352.098429][   T25] usb 4-1: USB disconnect, device number 5
[  352.549504][ T7199] syzkaller1: entered promiscuous mode
[  352.555482][ T7199] syzkaller1: entered allmulticast mode
[  353.039543][ T7202] loop6: detected capacity change from 0 to 64
[  353.179372][ T7205] loop2: detected capacity change from 0 to 256
[  353.346433][ T7202] CUSE: info not properly terminated
[  354.209893][ T5842] kernel read not supported for file /video7 (pid: 5842 comm: kworker/0:4)
[  354.620427][ T7222] loop5: detected capacity change from 0 to 512
[  354.749672][ T7222] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  354.963701][ T7231] vlan2: entered promiscuous mode
[  354.969005][ T7231] vlan2: entered allmulticast mode
[  354.975538][ T7231] macvlan0: entered allmulticast mode
[  354.981293][ T7231] veth1_vlan: entered allmulticast mode
[  354.987097][ T7231] macvlan0: entered promiscuous mode
[  354.994050][ T7226] loop2: detected capacity change from 0 to 1024
[  355.005313][ T7231] team0: Port device vlan2 added
[  355.089527][ T7226] EXT4-fs: Ignoring removed orlov option
[  355.231942][ T7226] EXT4-fs (loop2): Test dummy encryption mode enabled
[  355.306318][ T7226] EXT4-fs (loop2): stripe (7) is not aligned with cluster size (16), stripe is disabled
[  355.362631][ T7222] EXT4-fs (loop5): 1 truncate cleaned up
[  355.370327][ T7222] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  355.518036][ T7226] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  355.621351][   T25] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  355.801641][   T25] usb 7-1: Using ep0 maxpacket: 8
[  355.814996][   T25] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 7
[  355.877519][   T25] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  355.887303][   T25] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  355.895720][   T25] usb 7-1: Product: syz
[  355.900123][   T25] usb 7-1: Manufacturer: syz
[  355.905047][   T25] usb 7-1: SerialNumber: syz
[  356.060106][ T6138] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  356.394384][ T7250] loop5: detected capacity change from 0 to 512
[  356.404372][ T7250] EXT4-fs: Ignoring removed oldalloc option
[  356.655776][ T7250] EXT4-fs (loop5): 1 truncate cleaned up
[  356.665938][ T7250] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  356.693511][ T7226] fscrypt: AES-256-CBC-CTS using implementation "cts(cbc(ecb(aes-fixed-time)))"
[  357.119546][ T5796] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  357.407184][ T6138] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  357.453228][   T25] cdc_ncm 7-1:1.0: bind() failure
[  357.480379][   T25] cdc_ncm 7-1:1.1: probe with driver cdc_ncm failed with error -71
[  357.483765][ T5867] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  357.552460][   T25] cdc_mbim 7-1:1.1: probe with driver cdc_mbim failed with error -71
[  357.602642][   T25] usbtest 7-1:1.1: probe with driver usbtest failed with error -71
[  357.681590][   T25] usb 7-1: USB disconnect, device number 2
[  357.694065][ T5867] usb 4-1: Using ep0 maxpacket: 32
[  357.737230][ T7263] loop2: detected capacity change from 0 to 512
[  357.771469][ T5867] usb 4-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be
[  357.781029][ T5867] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  357.801918][ T7263] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  357.845415][ T5867] usb 4-1: config 0 descriptor??
[  357.905698][ T7263] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2863: Unable to expand inode 11. Delete some EAs or run e2fsck.
[  357.920229][ T7263] EXT4-fs (loop2): 1 truncate cleaned up
[  357.927911][ T7263] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  357.962106][ T5867] gspca_main: vc032x-2.14.0 probing 0ac8:0321
[  358.043226][ T7266] loop5: detected capacity change from 0 to 512
[  358.059994][ T7266] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  358.210360][ T7266] EXT4-fs (loop5): 1 truncate cleaned up
[  358.218954][ T7266] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  358.524648][ T5796] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  358.926418][ T5867] gspca_vc032x: reg_w err -71
[  358.931483][ T5867] gspca_vc032x: I2c Bus Busy Wait 00
[  358.937133][ T5867] gspca_vc032x: I2c Bus Busy Wait 00
[  358.942810][ T5867] gspca_vc032x: I2c Bus Busy Wait 00
[  358.948346][ T5867] gspca_vc032x: I2c Bus Busy Wait 00
[  358.954090][ T5867] gspca_vc032x: I2c Bus Busy Wait 00
[  358.959569][ T5867] gspca_vc032x: I2c Bus Busy Wait 00
[  358.965251][ T5867] gspca_vc032x: I2c Bus Busy Wait 00
[  358.970738][ T5867] gspca_vc032x: I2c Bus Busy Wait 00
[  358.976355][ T5867] gspca_vc032x: I2c Bus Busy Wait 00
[  358.982906][ T5867] gspca_vc032x: I2c Bus Busy Wait 00
[  358.988399][ T5867] gspca_vc032x: I2c Bus Busy Wait 00
[  358.994154][ T5867] gspca_vc032x: I2c Bus Busy Wait 00
[  358.999684][ T5867] gspca_vc032x: I2c Bus Busy Wait 00
[  359.005303][ T5867] gspca_vc032x: I2c Bus Busy Wait 00
[  359.010791][ T5867] gspca_vc032x: I2c Bus Busy Wait 00
[  359.019036][ T5867] gspca_vc032x: I2c Bus Busy Wait 00
[  359.025393][ T5867] gspca_vc032x: I2c Bus Busy Wait 00
[  359.031079][ T5867] gspca_vc032x: I2c Bus Busy Wait 00
[  359.036636][ T5867] gspca_vc032x: Unknown sensor...
[  359.042285][ T5867] vc032x 4-1:0.0: probe with driver vc032x failed with error -22
[  359.352320][ T5867] usb 4-1: USB disconnect, device number 6
[  359.727880][ T7279] loop6: detected capacity change from 0 to 512
[  359.798314][ T6138] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  360.123997][ T4105] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  360.760504][ T7279] EXT4-fs (loop6): Cannot turn on journaled quota: type 0: error -2
[  360.770602][ T7279] EXT4-fs (loop6): 1 truncate cleaned up
[  360.782978][ T7279] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  360.909574][ T4105] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  361.347219][ T4105] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  361.468418][ T6798] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  361.759392][ T4105] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  361.820293][ T5791] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  361.852460][ T5791] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  361.901993][ T5791] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  361.923183][ T5791] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  361.941528][ T5791] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  361.954729][ T5791] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  361.970166][ T7297] loop4: detected capacity change from 0 to 1024
[  362.352100][ T7297] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  362.510404][ T7307] loop6: detected capacity change from 0 to 1024
[  362.962564][ T4105] bridge_slave_1: left allmulticast mode
[  362.968573][ T4105] bridge_slave_1: left promiscuous mode
[  362.975336][ T4105] bridge0: port 2(bridge_slave_1) entered disabled state
[  363.000665][ T7317] EXT4-fs error (device loop4): __ext4_remount:6749: comm syz.4.383: Abort forced by user
[  363.055611][ T7307] EXT4-fs (loop6): can't mount with journal_async_commit, fs mounted w/o journal
[  363.075152][ T4105] bridge_slave_0: left allmulticast mode
[  363.081482][ T4105] bridge_slave_0: left promiscuous mode
[  363.088020][ T4105] bridge0: port 1(bridge_slave_0) entered disabled state
[  363.130668][ T7297] overlayfs: failed to create directory ./file1/work (errno: 5); mounting read-only
[  363.141136][ T7297] overlayfs: failed to get uuid (/file0, err=-5); falling back to uuid=null.
[  363.166206][ T7317] EXT4-fs (loop4): Remounting filesystem read-only
[  363.174191][ T7317] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w. Quota mode: writeback.
[  363.480190][ T7297] overlayfs: failed to get origin (-5)
[  364.154235][ T5791] Bluetooth: hci0: command tx timeout
[  364.327129][ T7323] loop3: detected capacity change from 0 to 128
[  364.388682][   T29] audit: type=1800 audit(2000000044.069:16): pid=7323 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.388" name="bus" dev="loop3" ino=1048618 res=0 errno=0
[  364.418275][ T4105] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  364.509225][ T4105] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  364.585261][ T4105] bond0 (unregistering): Released all slaves
[  364.726239][ T7326] batadv_slave_1: entered promiscuous mode
[  364.775702][ T7331] batadv_slave_1: left promiscuous mode
[  365.251364][ T4105] hsr_slave_0: left promiscuous mode
[  365.462736][ T4105] hsr_slave_1: left promiscuous mode
[  365.561667][ T4105] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  365.569560][ T4105] batman_adv: batadv0: Removing interface: batadv_slave_0
[  365.702088][ T4105] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  365.709967][ T4105] batman_adv: batadv0: Removing interface: batadv_slave_1
[  365.975730][ T4105] veth1_macvtap: left promiscuous mode
[  365.983485][ T7340] loop2: detected capacity change from 0 to 32768
[  365.983897][ T4105] veth0_macvtap: left promiscuous mode
[  365.996245][ T4105] veth1_vlan: left promiscuous mode
[  366.001881][ T4105] veth0_vlan: left promiscuous mode
[  366.066047][ T7340] diRead: diIAGRead returned -5
[  366.191488][ T5791] Bluetooth: hci0: command tx timeout
[  366.939093][ T4105] team0 (unregistering): Port device team_slave_1 removed
[  367.041224][ T4105] team0 (unregistering): Port device team_slave_0 removed
[  367.797568][ T7354] syz_tun: entered promiscuous mode
[  367.867788][ T7354] batadv_slave_0: entered promiscuous mode
[  368.271540][ T5791] Bluetooth: hci0: command tx timeout
[  368.565482][ T3587] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  368.764265][ T3587] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  368.962120][ T7299] chnl_net:caif_netlink_parms(): no params data found
[  369.042503][ T7276] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  369.087599][ T3587] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  369.359371][ T3587] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  369.441431][ T5842] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  369.622839][ T5842] usb 3-1: Using ep0 maxpacket: 16
[  369.661355][ T5842] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 238, changing to 11
[  369.674717][ T5842] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  369.688723][ T5842] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  369.698193][ T5842] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  369.841171][ T3587] bridge_slave_1: left allmulticast mode
[  369.844894][ T5842] usb 3-1: config 0 descriptor??
[  369.846990][ T3587] bridge_slave_1: left promiscuous mode
[  369.858844][ T3587] bridge0: port 2(bridge_slave_1) entered disabled state
[  369.982312][ T3587] bridge_slave_0: left allmulticast mode
[  369.988223][ T3587] bridge_slave_0: left promiscuous mode
[  369.995309][ T3587] bridge0: port 1(bridge_slave_0) entered disabled state
[  370.322554][ T5842] kovaplus 0003:1E7D:2D50.0005: unknown main item tag 0x0
[  370.330053][ T5842] kovaplus 0003:1E7D:2D50.0005: unknown main item tag 0x0
[  370.391053][ T5791] Bluetooth: hci0: command tx timeout
[  370.449721][ T5842] kovaplus 0003:1E7D:2D50.0005: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.2-1/input0
[  370.752700][ T3587] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  370.803116][ T3587] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  370.824115][ T3587] bond0 (unregistering): Released all slaves
[  371.051937][ T5842] kovaplus 0003:1E7D:2D50.0005: couldn't init struct kovaplus_device
[  371.060443][ T5842] kovaplus 0003:1E7D:2D50.0005: couldn't install mouse
[  371.088390][ T5842] kovaplus 0003:1E7D:2D50.0005: probe with driver kovaplus failed with error -71
[  371.145719][ T5842] usb 3-1: USB disconnect, device number 5
[  371.481474][ T3587] hsr_slave_0: left promiscuous mode
[  371.511633][ T3587] hsr_slave_1: left promiscuous mode
[  371.526902][ T3587] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  371.535879][ T3587] batman_adv: batadv0: Removing interface: batadv_slave_0
[  371.548995][ T3587] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  371.558274][ T3587] batman_adv: batadv0: Removing interface: batadv_slave_1
[  371.580649][ T3587] veth1_macvtap: left promiscuous mode
[  371.586700][ T3587] veth0_macvtap: left promiscuous mode
[  371.592741][ T3587] veth1_vlan: left promiscuous mode
[  371.598286][ T3587] veth0_vlan: left promiscuous mode
[  372.284094][ T7395] loop3: detected capacity change from 0 to 64
[  372.488455][ T3587] team0 (unregistering): Port device team_slave_1 removed
[  372.572723][ T3587] team0 (unregistering): Port device team_slave_0 removed
[  373.437593][ T5798] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  373.470323][ T5798] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  373.479846][ T5798] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  373.498175][ T7299] bridge0: port 1(bridge_slave_0) entered blocking state
[  373.507638][ T7299] bridge0: port 1(bridge_slave_0) entered disabled state
[  373.515556][ T7299] bridge_slave_0: entered allmulticast mode
[  373.524922][ T7299] bridge_slave_0: entered promiscuous mode
[  373.592580][ T7299] bridge0: port 2(bridge_slave_1) entered blocking state
[  373.606022][ T7299] bridge0: port 2(bridge_slave_1) entered disabled state
[  373.616706][ T7299] bridge_slave_1: entered allmulticast mode
[  373.625729][ T7299] bridge_slave_1: entered promiscuous mode
[  373.704826][ T5798] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  373.736604][ T7299] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  373.757957][ T7299] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  373.798819][ T5798] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  373.823471][ T5798] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  374.004068][ T7299] team0: Port device team_slave_0 added
[  374.026722][ T7299] team0: Port device team_slave_1 added
[  374.388955][ T7299] batman_adv: batadv0: Adding interface: batadv_slave_0
[  374.396727][ T7299] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  374.424848][ T7299] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  374.537781][ T7299] batman_adv: batadv0: Adding interface: batadv_slave_1
[  374.545206][ T7299] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  374.571755][ T7299] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  374.857509][ T7299] hsr_slave_0: entered promiscuous mode
[  374.869674][ T7299] hsr_slave_1: entered promiscuous mode
[  374.890252][ T7299] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  374.898148][ T7299] Cannot create hsr debugfs directory
[  375.942113][   T44] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  375.968737][ T5798] Bluetooth: hci4: command tx timeout
[  376.202100][   T44] usb 7-1: Using ep0 maxpacket: 32
[  376.223845][   T44] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 102, changing to 10
[  376.235599][   T44] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24624, setting to 1024
[  376.247217][   T44] usb 7-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  376.278210][ T7406] chnl_net:caif_netlink_parms(): no params data found
[  376.362480][   T44] usb 7-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[  376.373115][   T44] usb 7-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[  376.381960][   T44] usb 7-1: Product: syz
[  376.386372][   T44] usb 7-1: Manufacturer: syz
[  376.391302][   T44] usb 7-1: SerialNumber: syz
[  376.535814][   T44] input: appletouch as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/input/input12
[  376.717038][ T7445] netlink: 48 bytes leftover after parsing attributes in process `syz.3.426'.
[  376.799497][ T7299] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  376.813489][ T7437] loop6: detected capacity change from 0 to 512
[  376.863901][ T7437] EXT4-fs: inline encryption not supported
[  376.927238][ T7437] EXT4-fs (loop6): failed to initialize system zone (-117)
[  376.949585][ T7437] EXT4-fs (loop6): mount failed
[  376.962700][ T7299] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  377.076803][ T7299] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  377.104375][   T44] usb 7-1: USB disconnect, device number 3
[  377.174699][ T7299] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  377.353101][   T44] appletouch 7-1:1.0: input: appletouch disconnected
[  377.648645][ T7455] pim6reg1: entered promiscuous mode
[  377.658697][ T7455] pim6reg1: entered allmulticast mode
[  377.976715][ T7406] bridge0: port 1(bridge_slave_0) entered blocking state
[  377.986185][ T7406] bridge0: port 1(bridge_slave_0) entered disabled state
[  377.994152][ T7406] bridge_slave_0: entered allmulticast mode
[  378.003566][ T7406] bridge_slave_0: entered promiscuous mode
[  378.071108][ T5798] Bluetooth: hci4: command tx timeout
[  378.083513][ T7406] bridge0: port 2(bridge_slave_1) entered blocking state
[  378.091394][ T7406] bridge0: port 2(bridge_slave_1) entered disabled state
[  378.099190][ T7406] bridge_slave_1: entered allmulticast mode
[  378.108484][ T7406] bridge_slave_1: entered promiscuous mode
[  378.346730][ T7463] pimreg: entered allmulticast mode
[  378.359576][ T7464] pimreg: left allmulticast mode
[  378.446584][ T7466] loop6: detected capacity change from 0 to 128
[  378.478100][ T7406] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  378.554672][ T7466] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  378.632731][ T7406] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  378.661974][ T7466] ext4 filesystem being mounted at /26/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  378.934453][ T7466] netlink: 88 bytes leftover after parsing attributes in process `syz.6.431'.
[  378.944753][ T7466] netlink: 8 bytes leftover after parsing attributes in process `syz.6.431'.
[  379.073358][ T7406] team0: Port device team_slave_0 added
[  379.134451][ T7406] team0: Port device team_slave_1 added
[  379.388583][ T6798] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  379.415320][ T7406] batman_adv: batadv0: Adding interface: batadv_slave_0
[  379.422892][ T7406] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  379.449208][ T7406] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  379.505735][ T7406] batman_adv: batadv0: Adding interface: batadv_slave_1
[  379.513652][ T7406] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  379.540070][ T7406] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  379.590175][ T7299] 8021q: adding VLAN 0 to HW filter on device bond0
[  379.785405][ T7482] loop3: detected capacity change from 0 to 256
[  379.905881][ T7299] 8021q: adding VLAN 0 to HW filter on device team0
[  380.087115][ T7406] hsr_slave_0: entered promiscuous mode
[  380.127856][ T5798] Bluetooth: hci4: command tx timeout
[  380.143389][ T7406] hsr_slave_1: entered promiscuous mode
[  380.192648][ T7406] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  380.200563][ T7406] Cannot create hsr debugfs directory
[  380.225999][ T3555] bridge0: port 1(bridge_slave_0) entered blocking state
[  380.233757][ T3555] bridge0: port 1(bridge_slave_0) entered forwarding state
[  380.459456][ T3555] bridge0: port 2(bridge_slave_1) entered blocking state
[  380.467242][ T3555] bridge0: port 2(bridge_slave_1) entered forwarding state
[  381.027884][ T7494] loop2: detected capacity change from 0 to 256
[  381.038852][ T7299] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  381.121956][ T7494] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  381.179183][ T7494] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512
[  381.189347][ T7494] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found
[  381.197531][ T7494] UDF-fs: Scanning with blocksize 512 failed
[  381.283096][   T29] audit: type=1326 audit(2000000060.949:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7495 comm="syz.3.438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c25185d29 code=0x7ffc0000
[  381.303085][ T7494] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  381.306038][   T29] audit: type=1326 audit(2000000060.959:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7495 comm="syz.3.438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4c25185d29 code=0x7ffc0000
[  381.338558][   T29] audit: type=1326 audit(2000000060.959:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7495 comm="syz.3.438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c25185d29 code=0x7ffc0000
[  381.447594][ T7494] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  381.683593][ T7500] loop6: detected capacity change from 0 to 764
[  381.721369][   T29] audit: type=1326 audit(2000000061.049:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7495 comm="syz.3.438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=445 compat=0 ip=0x7f4c25185d29 code=0x7ffc0000
[  381.744326][   T29] audit: type=1326 audit(2000000061.059:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7495 comm="syz.3.438" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4c25185d29 code=0x7ffc0000
[  382.143765][ T7406] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  382.193503][ T5798] Bluetooth: hci4: command tx timeout
[  382.341460][ T7406] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  382.612564][ T7406] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  382.668116][ T7406] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  382.952515][ T7517] netlink: 8 bytes leftover after parsing attributes in process `syz.3.443'.
[  382.961786][ T7517] netlink: 8 bytes leftover after parsing attributes in process `syz.3.443'.
[  384.042456][ T7299] 8021q: adding VLAN 0 to HW filter on device batadv0
[  384.380697][ T7525] loop2: detected capacity change from 0 to 40427
[  384.436649][ T7525] F2FS-fs (loop2): Image doesn't support compression
[  384.444160][ T7525] F2FS-fs (loop2): Image doesn't support compression
[  384.462561][ T7525] F2FS-fs (loop2): invalid crc value
[  384.622611][ T7525] F2FS-fs (loop2): Found nat_bits in checkpoint
[  384.899392][ T7525] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  384.980588][ T7406] 8021q: adding VLAN 0 to HW filter on device bond0
[  385.086334][ T7406] 8021q: adding VLAN 0 to HW filter on device team0
[  385.138353][ T1076] bridge0: port 1(bridge_slave_0) entered blocking state
[  385.146186][ T1076] bridge0: port 1(bridge_slave_0) entered forwarding state
[  385.301845][ T7406] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  385.313667][ T7406] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  385.369982][ T1076] bridge0: port 2(bridge_slave_1) entered blocking state
[  385.377812][ T1076] bridge0: port 2(bridge_slave_1) entered forwarding state
[  386.428454][   T10] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0
[  386.537305][   T10] hid-generic 0000:0000:0000.0006: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  386.707966][ T7554] loop3: detected capacity change from 0 to 1024
[  386.723968][ T7406] 8021q: adding VLAN 0 to HW filter on device batadv0
[  386.764901][ T7554] EXT4-fs: Ignoring removed nomblk_io_submit option
[  386.825162][ T7554] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  387.093842][ T7554] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  387.299307][   T25] kernel write not supported for file /uhid (pid: 25 comm: kworker/1:0)
[  387.809505][ T7299] veth0_vlan: entered promiscuous mode
[  387.840054][ T7299] veth1_vlan: entered promiscuous mode
[  388.045537][ T7299] veth0_macvtap: entered promiscuous mode
[  388.068951][ T7299] veth1_macvtap: entered promiscuous mode
[  388.126558][ T7299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  388.137333][ T7299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  388.147933][ T7299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  388.158756][ T7299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  388.168956][ T7299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  388.179880][ T7299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  388.194478][ T7299] batman_adv: batadv0: Interface activated: batadv_slave_0
[  388.214515][ T7299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  388.225300][ T7299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  388.235568][ T7299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  388.246319][ T7299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  388.256481][ T7299] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  388.267230][ T7299] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  388.281581][ T7299] batman_adv: batadv0: Interface activated: batadv_slave_1
[  388.300801][ T7299] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  388.309951][ T7299] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  388.319079][ T7299] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  388.328296][ T7299] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  388.703863][ T5795] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  389.398556][ T7406] veth0_vlan: entered promiscuous mode
[  389.429734][ T7406] veth1_vlan: entered promiscuous mode
[  389.543660][ T7578] loop6: detected capacity change from 0 to 4096
[  389.782805][ T7578] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  389.806021][ T7406] veth0_macvtap: entered promiscuous mode
[  390.004356][ T7406] veth1_macvtap: entered promiscuous mode
[  390.291038][ T7587] loop2: detected capacity change from 0 to 40427
[  390.308776][ T7587] F2FS-fs (loop2): build fault injection attr: rate: 690, type: 0x1fffff
[  390.317981][ T7587] F2FS-fs (loop2): Image doesn't support compression
[  390.325479][ T7587] F2FS-fs (loop2): heap/no_heap options were deprecated
[  390.373656][ T7587] F2FS-fs (loop2): invalid crc value
[  390.456076][ T7587] F2FS-fs (loop2): Found nat_bits in checkpoint
[  390.468028][ T7406] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  390.478894][ T7406] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.489103][ T7406] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  390.499947][ T7406] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.510091][ T7406] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  390.520995][ T7406] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.531131][ T7406] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  390.541837][ T7406] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.556728][ T7406] batman_adv: batadv0: Interface activated: batadv_slave_0
[  390.621863][ T7578] EXT4-fs error (device loop6): ext4_get_first_dir_block:3559: inode #12: block 80: comm syz.6.456: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=6, rec_len=0, size=4096 fake=0
[  390.759301][ T7578] EXT4-fs error (device loop6): ext4_get_first_dir_block:3561: inode #12: comm syz.6.456: directory missing '..'
[  390.775104][ T7587] F2FS-fs (loop2): Start checkpoint disabled!
[  390.834021][ T7406] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  390.845518][ T7406] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.855732][ T7406] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  390.868424][ T7406] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.879236][ T7406] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  390.890076][ T7406] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.900353][ T7406] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  390.912051][ T7406] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  390.926627][ T7406] batman_adv: batadv0: Interface activated: batadv_slave_1
[  390.953255][ T7406] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  390.962579][ T7406] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  390.973847][ T7406] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  390.983728][ T7406] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  391.011994][ T7587] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  391.358387][ T6798] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  391.567065][ T3555] kworker/u8:13: attempt to access beyond end of device
[  391.567065][ T3555] loop2: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  391.582417][ T3555] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  391.589556][ T3555] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  392.091537][ T7610] loop3: detected capacity change from 0 to 256
[  392.211405][ T7610] exFAT-fs (loop3): invalid fs_name
[  392.216853][ T7610] exFAT-fs (loop3): failed to read boot sector
[  392.224725][ T7610] exFAT-fs (loop3): failed to recognize exfat type
[  392.310034][ T7609] loop6: detected capacity change from 0 to 512
[  392.387816][ T7610] netlink: 'syz.3.462': attribute type 3 has an invalid length.
[  392.397023][ T7610] netlink: 9814 bytes leftover after parsing attributes in process `syz.3.462'.
[  392.402745][ T7609] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  392.640556][ T7609] EXT4-fs (loop6): 1 truncate cleaned up
[  392.648438][ T7609] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  392.832238][   T29] audit: type=1800 audit(2000000072.509:22): pid=7609 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.461" name="bus" dev="loop6" ino=18 res=0 errno=0
[  393.262095][ T6798] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  393.477171][ T7625] loop3: detected capacity change from 0 to 512
[  393.685339][ T7625] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  393.699123][ T7625] ext4 filesystem being mounted at /119/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  393.787949][ T7625] EXT4-fs (loop3): shut down requested (1)
[  394.587332][ T5795] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  396.049256][ T7658] syzkaller1: entered promiscuous mode
[  396.055526][ T7658] syzkaller1: entered allmulticast mode
[  396.304733][ T4677] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  396.314228][ T4677] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  396.570765][ T5867] kernel write not supported for file /input/mice (pid: 5867 comm: kworker/0:5)
[  396.622302][ T1864] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  396.630398][ T1864] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  397.895842][ T7689] 9pnet_fd: Insufficient options for proto=fd
[  398.234140][ T7691] syz.6.476: attempt to access beyond end of device
[  398.234140][ T7691] loop6: rw=4096, sector=0, nr_sectors = 1 limit=0
[  398.249153][ T7691] XFS (loop6): SB validate failed with error -5.
[  398.384500][   T40] I/O error, dev loop6, sector 0 op 0x1:(WRITE) flags 0x800 phys_seg 0 prio class 0
[  398.474662][ T7703] netlink: 8 bytes leftover after parsing attributes in process `syz.7.479'.
[  398.971394][ T4677] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  398.979482][ T4677] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  399.175220][ T3617] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  399.183592][ T3617] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  400.640361][ T7726] loop2: detected capacity change from 0 to 1024
[  400.653932][ T7726] EXT4-fs: Ignoring removed bh option
[  400.782555][ T7729] loop3: detected capacity change from 0 to 8
[  400.873068][ T7729] SQUASHFS error: lzo decompression failed, data probably corrupt
[  400.881457][ T7729] SQUASHFS error: Failed to read block 0x91: -5
[  400.887938][ T7729] SQUASHFS error: Unable to read metadata cache entry [8f]
[  400.895641][ T7729] SQUASHFS error: Unable to read inode 0x11f
[  400.926762][ T7726] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  401.135456][ T7729] loop3: detected capacity change from 0 to 1024
[  401.263026][ T7726] EXT4-fs error (device loop2): ext4_mb_mark_diskspace_used:4115: comm syz.2.486: Allocating blocks 481-513 which overlap fs metadata
[  401.886921][ T5796] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  402.105036][ T7742] sit0: entered promiscuous mode
[  402.136246][ T7742] netlink: 'syz.7.488': attribute type 1 has an invalid length.
[  402.144385][ T7742] netlink: 1 bytes leftover after parsing attributes in process `syz.7.488'.
[  402.494362][ T7747] loop3: detected capacity change from 0 to 128
[  402.729200][ T5848] hid-generic 0000:0003:0000.0007: unknown main item tag 0x0
[  402.737115][ T5848] hid-generic 0000:0003:0000.0007: unknown main item tag 0x0
[  402.775422][ T5848] hid-generic 0000:0003:0000.0007: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz1
[  403.613898][ T1281] ieee802154 phy0 wpan0: encryption failed: -22
[  403.620619][ T1281] ieee802154 phy1 wpan1: encryption failed: -22
[  404.103372][ T7765] loop6: detected capacity change from 0 to 1024
[  404.155252][ T7765] EXT4-fs: Ignoring removed orlov option
[  404.161489][ T7765] EXT4-fs: Ignoring removed nomblk_io_submit option
[  404.317807][ T7765] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  404.778007][ T7780] loop3: detected capacity change from 0 to 256
[  404.946463][ T7768] loop7: detected capacity change from 0 to 8192
[  404.954727][ T7780] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[  405.017009][ T7783] loop8: detected capacity change from 0 to 1024
[  405.074012][ T7783] EXT4-fs: Ignoring removed orlov option
[  405.079990][ T7783] EXT4-fs: Ignoring removed nomblk_io_submit option
[  405.117964][ T6798] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  405.246439][ T7783] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=a84ec018, mo2=0002]
[  405.356799][ T7783] System zones: 0-1, 3-36
[  405.504051][ T7783] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  406.251155][ T5867] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  406.372753][ T7406] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  406.482909][ T5867] usb 4-1: Using ep0 maxpacket: 32
[  406.497673][ T5867] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  406.506329][ T5867] usb 4-1: config 0 has no interface number 0
[  406.536260][ T5867] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  406.546163][ T5867] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  406.554751][ T5867] usb 4-1: Product: syz
[  406.559169][ T5867] usb 4-1: Manufacturer: syz
[  406.564454][ T5867] usb 4-1: SerialNumber: syz
[  406.766766][ T5867] usb 4-1: config 0 descriptor??
[  406.817076][ T5867] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  407.064228][ T5867] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  407.135647][ T5867] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  407.239961][ T7795] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  407.253645][ T7795] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  407.537808][    C0] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71
[  407.542908][ T5846] usb 4-1: USB disconnect, device number 7
[  407.680341][ T5846] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  407.743632][ T5846] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  407.758505][ T5846] quatech2 4-1:0.51: device disconnected
[  408.211954][ T5798] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  408.791619][ T7831] ax25_connect(): syz.7.510 uses autobind, please contact jreuter@yaina.de
[  409.321181][ T7841] loop6: detected capacity change from 0 to 64
[  410.368717][ T7852] loop3: detected capacity change from 0 to 2048
[  410.478455][ T7855] loop2: detected capacity change from 0 to 128
[  410.522540][ T7852] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  410.549266][ T7857] loop6: detected capacity change from 0 to 128
[  410.595354][ T7850] loop8: detected capacity change from 0 to 4096
[  410.609244][ T7855] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  410.688299][ T7855] ext4 filesystem being mounted at /128/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  410.691334][ T7852] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  410.741336][ T7857] UDF-fs: error (device loop6): udf_read_tagged: read failed, block=256, location=256
[  410.875567][ T7855] EXT4-fs warning (device loop2): verify_group_input:137: Cannot add at group 1885302125 (only 1 groups)
[  411.123123][ T5796] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  411.160059][ T7857] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  411.656593][ T7867] loop2: detected capacity change from 0 to 4096
[  411.731782][ T7867] ntfs3(loop2): Different NTFS sector size (2048) and media sector size (512).
[  412.145099][ T7870] loop3: detected capacity change from 0 to 512
[  412.349811][ T7870] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  413.137095][ T5795] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  413.358940][ T7890] loop6: detected capacity change from 0 to 8
[  413.871743][ T7897] loop2: detected capacity change from 0 to 64
[  414.111430][ T7897] hfs: unable to locate alternate MDB
[  414.117047][ T7897] hfs: continuing without an alternate MDB
[  414.551258][ T5867] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  414.565707][ T7909] loop6: detected capacity change from 0 to 256
[  415.977950][ T5867] usb 8-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  415.987595][ T5867] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  416.155225][ T5867] usb 8-1: config 0 descriptor??
[  416.625682][ T5867] gspca_main: cpia1-2.14.0 probing 0813:0001
[  416.891654][ T7926] loop6: detected capacity change from 0 to 2048
[  416.988366][ T7926] NILFS (loop6): broken superblock, retrying with spare superblock (blocksize = 1024)
[  417.292607][ T7931] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  417.561650][   T29] audit: type=1800 audit(2000000097.209:23): pid=7926 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.542" name="file2" dev="loop6" ino=16 res=0 errno=0
[  417.661031][ T5867] cpia1 8-1:0.0: unexpected state after lo power cmd: 00
[  417.664836][ T7926] NILFS (loop6): vblocknr = 15 has abnormal lifetime: start cno (= 4128770) > current cno (= 3)
[  417.680414][ T7926] NILFS error (device loop6): nilfs_bmap_propagate: broken bmap (inode number=16)
[  418.237052][ T5867] cpia1 8-1:0.0: only firmware version 1 is supported (got: 0)
[  418.249309][ T7926] Remounting filesystem read-only
[  418.845124][   T10] usb 8-1: USB disconnect, device number 2
[  420.107001][ T6798] NILFS (loop6): disposed unprocessed dirty file(s) when stopping log writer
[  420.596559][ T7951] Driver unsupported XDP return value 0 on prog  (id 46) dev N/A, expect packet loss!
[  421.066242][ T7912] Set syz1 is full, maxelem 65536 reached
[  421.322780][ T7960] pim6reg1: entered promiscuous mode
[  421.328338][ T7960] pim6reg1: entered allmulticast mode
[  421.971556][   T44] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  421.999676][ T7971] Context (ID=0x1) not attached to queue pair (handle=0x1:0x0)
[  422.193493][   T44] usb 4-1: config 0 has no interfaces?
[  422.200448][   T44] usb 4-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9
[  422.210141][   T44] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  422.559200][   T44] usb 4-1: config 0 descriptor??
[  423.132167][   T10] usb 4-1: USB disconnect, device number 8
[  426.923874][ T8033] loop6: detected capacity change from 0 to 40427
[  426.947587][ T8033] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[  426.955845][ T8033] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  426.996174][ T8033] F2FS-fs (loop6): invalid crc value
[  427.068361][ T8033] F2FS-fs (loop6): Found nat_bits in checkpoint
[  427.463065][ T8033] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  427.470408][ T8033] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  427.786087][ T8053] loop2: detected capacity change from 0 to 256
[  427.898121][ T3963] F2FS-fs (loop6): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  427.918500][   T29] audit: type=1326 audit(2000000107.579:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8041 comm="syz.8.577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0cb6985d29 code=0x7fc00000
[  427.992466][ T3963] F2FS-fs (loop6): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  428.057297][ T8059] loop7: detected capacity change from 0 to 128
[  428.113958][ T8053] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d)
[  428.446637][ T8059] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  428.460519][ T8059] ext4 filesystem being mounted at /21/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  428.504264][ T8059] EXT4-fs warning (device loop7): ext4_dirblock_csum_verify:406: inode #2: comm syz.7.582: No space for directory leaf checksum. Please run e2fsck -D.
[  428.519919][ T8059] EXT4-fs error (device loop7): __ext4_find_entry:1652: inode #2: comm syz.7.582: checksumming directory block 0
[  428.691230][ T8065] loop8: detected capacity change from 0 to 512
[  428.918337][ T7299] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  428.937840][ T8065] EXT4-fs error (device loop8): ext4_orphan_get:1389: inode #15: comm syz.8.586: casefold flag without casefold feature
[  429.015260][ T8065] EXT4-fs error (device loop8): ext4_orphan_get:1394: comm syz.8.586: couldn't read orphan inode 15 (err -117)
[  429.030539][ T8065] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  429.965497][ T7406] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  430.636284][ T8083] loop8: detected capacity change from 0 to 1024
[  430.646490][ T8083] EXT4-fs: Ignoring removed orlov option
[  430.966576][ T8088] loop7: detected capacity change from 0 to 64
[  431.418328][ T8083] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  431.662459][ T8105] netlink: 60 bytes leftover after parsing attributes in process `syz.3.596'.
[  431.682216][ T8105] netlink: 60 bytes leftover after parsing attributes in process `syz.3.596'.
[  432.361908][ T7406] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  433.948205][ T8138] loop2: detected capacity change from 0 to 1024
[  433.976992][ T8138] EXT4-fs: Ignoring removed orlov option
[  434.032013][ T8138] EXT4-fs (loop2): Test dummy encryption mode enabled
[  434.053176][ T8138] EXT4-fs (loop2): stripe (7) is not aligned with cluster size (16), stripe is disabled
[  434.216559][ T8138] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  434.844569][ T8152] loop6: detected capacity change from 0 to 64
[  434.907997][ T5796] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  437.503006][ T8186] loop8: detected capacity change from 0 to 128
[  437.777869][ T8186] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  437.827220][ T8191] loop2: detected capacity change from 0 to 1024
[  437.862057][ T8186] ext4 filesystem being mounted at /31/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  437.879520][ T8191] EXT4-fs: Ignoring removed orlov option
[  437.901220][ T8191] EXT4-fs: Ignoring removed oldalloc option
[  438.041735][ T8191] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  438.131918][ T8191] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  438.144435][ T8191] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (12914!=20869)
[  438.297243][ T8191] EXT4-fs (loop2): invalid journal inode
[  438.303644][ T8191] EXT4-fs (loop2): can't get journal size
[  438.379226][ T8191] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  438.559177][ T7406] EXT4-fs (loop8): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  439.548539][ T5796] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  439.986603][ T8221] loop6: detected capacity change from 0 to 512
[  439.995855][ T8221] ext4: Bad value for 'barrier'
[  440.917783][ T8234] loop8: detected capacity change from 0 to 256
[  440.928317][ T8234] vfat: Unknown parameter 'uni_xlwOóvøüîç«ate'
[  441.196498][ T8237] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  441.211932][ T8237] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  441.228175][ T8237] overlayfs: overlay with incompat feature 'volatile' cannot be mounted
[  441.527546][ T8240] loop7: detected capacity change from 0 to 512
[  441.604569][ T8240] EXT4-fs: Ignoring removed mblk_io_submit option
[  441.765795][ T8240] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  442.350632][ T7299] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  442.506077][ T8244] loop3: detected capacity change from 0 to 8192
[  446.284538][ T8297] loop3: detected capacity change from 0 to 8192
[  447.246951][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.255106][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.262991][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.270696][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.278547][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.287660][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.295773][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.303723][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.311567][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.319270][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.327117][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.334893][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.342819][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.350504][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.358299][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.366147][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.374355][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.382160][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.391273][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.398978][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.406944][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.414745][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.422545][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.430245][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.438309][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.446112][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.453876][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.461681][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.469367][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.477165][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.484984][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.493809][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.501991][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.509708][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.517512][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.525407][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.533205][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.541013][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.548708][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.556602][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.564402][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.572190][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.579901][   T44] hid-generic 0000:000E:0009.0008: unknown main item tag 0x0
[  447.911366][   T25] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  448.053970][   T44] hid-generic 0000:000E:0009.0008: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  448.307062][ T8319] loop8: detected capacity change from 0 to 8
[  448.322264][   T25] usb 3-1: config 0 has no interfaces?
[  448.328155][   T25] usb 3-1: New USB device found, idVendor=1a34, idProduct=0802, bcdDevice= 0.00
[  448.337576][   T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  448.467651][   T25] usb 3-1: config 0 descriptor??
[  449.049598][ T8327] loop6: detected capacity change from 0 to 1024
[  449.058863][ T8327] EXT4-fs: Ignoring removed orlov option
[  449.065082][ T8327] EXT4-fs: Ignoring removed nobh option
[  449.111102][   T25] usb 3-1: USB disconnect, device number 6
[  449.355187][ T8327] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  449.527004][ T8327] EXT4-fs (loop6): Online defrag not supported with bigalloc
[  449.626350][   T29] audit: type=1326 audit(2000000129.299:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8333 comm="syz.7.677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d6d985d29 code=0x7ffc0000
[  449.655702][   T29] audit: type=1326 audit(2000000129.329:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8333 comm="syz.7.677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f9d6d985d29 code=0x7ffc0000
[  449.682244][   T29] audit: type=1326 audit(2000000129.329:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8333 comm="syz.7.677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d6d985d29 code=0x7ffc0000
[  449.704968][   T29] audit: type=1326 audit(2000000129.329:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8333 comm="syz.7.677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d6d985d29 code=0x7ffc0000
[  449.727657][   T29] audit: type=1326 audit(2000000129.329:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8333 comm="syz.7.677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f9d6d985d29 code=0x7ffc0000
[  449.750931][   T29] audit: type=1326 audit(2000000129.329:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8333 comm="syz.7.677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d6d985d29 code=0x7ffc0000
[  449.773536][   T29] audit: type=1326 audit(2000000129.339:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8333 comm="syz.7.677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d6d985d29 code=0x7ffc0000
[  449.796828][   T29] audit: type=1326 audit(2000000129.369:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8333 comm="syz.7.677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f9d6d985d29 code=0x7ffc0000
[  449.819435][   T29] audit: type=1326 audit(2000000129.369:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8333 comm="syz.7.677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d6d985d29 code=0x7ffc0000
[  449.842138][   T29] audit: type=1326 audit(2000000129.369:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8333 comm="syz.7.677" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9d6d985d29 code=0x7ffc0000
[  450.119905][ T8337] loop2: detected capacity change from 0 to 512
[  450.321350][ T8340] input: syz0 as /devices/virtual/input/input13
[  450.349206][ T8337] EXT4-fs error (device loop2): __ext4_iget:4984: inode #11: block 16: comm syz.2.681: invalid block
[  450.432560][ T8337] EXT4-fs error (device loop2): ext4_orphan_get:1394: comm syz.2.681: couldn't read orphan inode 11 (err -117)
[  450.500531][ T6798] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  450.513299][ T8337] EXT4-fs (loop2): 1 truncate cleaned up
[  450.521935][ T8337] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  450.606520][ T8337] syz.2.681 (pid 8337) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[  450.957781][ T8337] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz.2.681: bg 0: block 16: invalid block bitmap
[  451.241335][ T8350] loop7: detected capacity change from 0 to 128
[  451.683885][ T8345] loop6: detected capacity change from 0 to 32768
[  451.739799][ T5796] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  451.789902][ T8345] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.682 (8345)
[  451.929174][ T8345] BTRFS info (device loop6): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  451.940008][ T8345] BTRFS info (device loop6): using sha256 (sha256-generic) checksum algorithm
[  451.951772][ T8345] BTRFS info (device loop6): using free-space-tree
[  452.504828][ T8369] loop2: detected capacity change from 0 to 4096
[  452.543778][ T8369] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512).
[  453.222361][ T8379] netlink: 16 bytes leftover after parsing attributes in process `syz.8.690'.
[  453.244027][ T8345] BTRFS info (device loop6): rebuilding free space tree
[  453.326201][ T8369] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  453.381500][ T8369] ntfs3(loop2): Failed to load $Extend (-22).
[  453.387974][ T8369] ntfs3(loop2): Failed to initialize $Extend.
[  453.610059][ T8384] skbuff: bad partial csum: csum=65506/2 headroom=66 headlen=65526
[  454.562011][ T6798] BTRFS info (device loop6): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  455.742192][ T8409] loop7: detected capacity change from 0 to 64
[  456.280562][ T8418] loop8: detected capacity change from 0 to 256
[  456.330134][ T8418] exfat: Deprecated parameter 'namecase'
[  456.337151][ T8418] exfat: Deprecated parameter 'namecase'
[  456.389023][ T7299] VFS: Lookup of '..	' in bfs loop7 would have caused loop
[  456.472790][ T7299] VFS: Lookup of '..	' in bfs loop7 would have caused loop
[  456.519571][ T8418] exFAT-fs (loop8): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[  457.736155][ T8434] loop3: detected capacity change from 0 to 256
[  457.755141][ T8435] fuse: Bad value for 'fd'
[  458.462665][ T8434] FAT-fs (loop3): Directory bread(block 64) failed
[  458.469511][ T8434] FAT-fs (loop3): Directory bread(block 65) failed
[  458.477029][ T8434] FAT-fs (loop3): Directory bread(block 66) failed
[  458.484109][ T8434] FAT-fs (loop3): Directory bread(block 67) failed
[  458.491271][ T8434] FAT-fs (loop3): Directory bread(block 68) failed
[  458.498056][ T8434] FAT-fs (loop3): Directory bread(block 69) failed
[  458.505142][ T8434] FAT-fs (loop3): Directory bread(block 70) failed
[  458.512141][ T8434] FAT-fs (loop3): Directory bread(block 71) failed
[  458.519049][ T8434] FAT-fs (loop3): Directory bread(block 72) failed
[  458.525985][ T8434] FAT-fs (loop3): Directory bread(block 73) failed
[  459.522804][ T8443] netlink: 84 bytes leftover after parsing attributes in process `syz.6.717'.
[  460.092598][ T5791] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  460.105226][ T5791] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  460.114823][ T5791] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  460.129447][ T5791] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  460.140734][ T5791] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  460.150280][ T5791] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  461.982478][ T8450] chnl_net:caif_netlink_parms(): no params data found
[  462.072799][ T8476] bridge0: port 1(bridge_slave_0) entered disabled state
[  462.309741][ T3617] bridge0: port 1(bridge_slave_0) entered blocking state
[  462.317547][ T3617] bridge0: port 1(bridge_slave_0) entered forwarding state
[  462.467016][ T5791] Bluetooth: hci0: command tx timeout
[  463.339348][ T8479] loop6: detected capacity change from 0 to 1024
[  463.996327][ T8479] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  464.531017][ T5791] Bluetooth: hci0: command tx timeout
[  464.712871][ T3963] Bluetooth: hci5: Frame reassembly failed (-84)
[  464.814828][ T8502] Bluetooth: hci5: Frame reassembly failed (-84)
[  465.003602][ T8496] loop3: detected capacity change from 0 to 32768
[  465.035109][ T1281] ieee802154 phy0 wpan0: encryption failed: -22
[  465.042022][ T1281] ieee802154 phy1 wpan1: encryption failed: -22
[  465.075416][ T8496] ERROR: (device loop3): diAllocAG: numfree > numinos
[  465.075416][ T8496] 
[  465.290115][ T8496] ialloc: diAlloc returned -5!
[  465.364441][ T8450] bridge0: port 1(bridge_slave_0) entered blocking state
[  465.372794][ T8450] bridge0: port 1(bridge_slave_0) entered disabled state
[  465.380613][ T8450] bridge_slave_0: entered allmulticast mode
[  465.390024][ T8450] bridge_slave_0: entered promiscuous mode
[  465.404592][ T8450] bridge0: port 2(bridge_slave_1) entered blocking state
[  465.413178][ T8450] bridge0: port 2(bridge_slave_1) entered disabled state
[  465.421145][ T8450] bridge_slave_1: entered allmulticast mode
[  465.430651][ T8450] bridge_slave_1: entered promiscuous mode
[  465.504956][ T6798] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  465.676086][ T8450] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  465.700258][ T8450] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  465.782367][ T1554] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  465.794356][ T8450] team0: Port device team_slave_0 added
[  465.812530][ T8450] team0: Port device team_slave_1 added
[  466.081578][ T1554] usb 9-1: Using ep0 maxpacket: 8
[  466.142436][ T1554] usb 9-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  466.152548][ T1554] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  466.161102][ T1554] usb 9-1: Product: syz
[  466.165539][ T1554] usb 9-1: Manufacturer: syz
[  466.170397][ T1554] usb 9-1: SerialNumber: syz
[  466.323887][ T1554] usb 9-1: config 0 descriptor??
[  466.379713][ T1554] gspca_main: se401-2.14.0 probing 047d:5003
[  466.418412][ T8450] batman_adv: batadv0: Adding interface: batadv_slave_0
[  466.426104][ T8450] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  466.456292][ T8450] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  466.594483][ T5798] Bluetooth: hci0: command tx timeout
[  466.608468][ T8450] batman_adv: batadv0: Adding interface: batadv_slave_1
[  466.616062][ T8450] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  466.646894][ T8450] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  466.761193][ T5798] Bluetooth: hci5: command 0x1003 tx timeout
[  466.767792][ T5791] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  466.897538][ T1554] gspca_se401: Frame size: 0x0 1/16th janggu
[  466.905326][ T1554] gspca_se401: Frame size: 0x0 1/16th janggu
[  466.912639][ T1554] gspca_se401: Frame size: 0x0 1/16th janggu
[  466.918841][ T1554] gspca_se401: Frame size: 17x0 bayer
[  466.924558][ T1554] gspca_se401: Frame size: 0x0 1/16th janggu
[  466.930762][ T1554] gspca_se401: Frame size: 0x0 1/16th janggu
[  466.937151][ T1554] gspca_se401: Frame size: 0x0 1/16th janggu
[  466.944183][ T1554] gspca_se401: Frame size: 0x2 bayer
[  467.315564][ T1554] input: se401 as /devices/platform/dummy_hcd.8/usb9/9-1/input/input16
[  467.504634][ T1554] usb 9-1: USB disconnect, device number 2
[  467.612732][ T8528] netlink: 'syz.6.741': attribute type 11 has an invalid length.
[  467.712382][ T8450] hsr_slave_0: entered promiscuous mode
[  467.755760][ T8526] loop2: detected capacity change from 0 to 2048
[  467.783224][ T8450] hsr_slave_1: entered promiscuous mode
[  467.804514][ T8526] EXT4-fs (loop2): The Hurd can't support 64-bit file systems
[  467.841953][ T8450] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  467.849925][ T8450] Cannot create hsr debugfs directory
[  468.677049][ T5791] Bluetooth: hci0: command tx timeout
[  469.891847][ T8450] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  469.903329][ T8550] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0)
[  469.908559][ T8539] loop6: detected capacity change from 0 to 8192
[  469.997092][ T8450] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  470.072942][ T8450] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  470.152369][ T8450] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  470.392282][ T8559] program syz.3.753 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  472.051734][ T8571] loop6: detected capacity change from 0 to 32768
[  472.084073][ T8571] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.756 (8571)
[  472.107489][ T8571] BTRFS info (device loop6): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  472.118269][ T8571] BTRFS info (device loop6): using sha256 (sha256-generic) checksum algorithm
[  472.130146][ T8571] BTRFS info (device loop6): using free-space-tree
[  472.574703][ T8571] BTRFS info (device loop6): rebuilding free space tree
[  472.634492][ T8571] BTRFS info (device loop6): checking UUID tree
[  472.859272][ T8450] 8021q: adding VLAN 0 to HW filter on device bond0
[  472.937838][ T8450] 8021q: adding VLAN 0 to HW filter on device team0
[  473.044895][ T3555] bridge0: port 1(bridge_slave_0) entered blocking state
[  473.052662][ T3555] bridge0: port 1(bridge_slave_0) entered forwarding state
[  473.068163][ T3555] bridge0: port 2(bridge_slave_1) entered blocking state
[  473.075915][ T3555] bridge0: port 2(bridge_slave_1) entered forwarding state
[  473.282357][ T6798] BTRFS info (device loop6): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  473.417215][ T8450] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  473.886012][ T8601] loop2: detected capacity change from 0 to 32768
[  474.141264][ T8601] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,journal_flush_disabled,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,no_data_io
[  474.163384][ T8601] bcachefs (loop2): recovering from clean shutdown, journal seq 10
[  474.173104][ T8601] bcachefs (loop2): Version upgrade required:
[  474.173104][ T8601] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  474.173104][ T8601] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots
[  474.173104][ T8601]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance
[  474.326375][ T8601] bcachefs (loop2): dropping and reconstructing all alloc info
[  474.675912][ T8601] bcachefs (loop2): check_topology... done
[  474.682427][ T8601] bcachefs (loop2): accounting_read... done
[  474.790116][ T8601] bcachefs (loop2): alloc_read... done
[  474.796265][ T8601] bcachefs (loop2): stripes_read... done
[  474.802459][ T8601] bcachefs (loop2): snapshots_read... done
[  474.809032][ T8601] bcachefs (loop2): check_allocations... done
[  475.134029][ T8601] bcachefs (loop2): going read-write
[  475.271112][ T8601] bcachefs (loop2): done starting filesystem
[  475.871697][   T29] kauditd_printk_skb: 4 callbacks suppressed
[  475.871778][   T29] audit: type=1800 audit(2000000155.459:39): pid=8601 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.761" name="file0" dev="loop2" ino=4099 res=0 errno=0
[  476.145022][ T3617] =====================================================
[  476.152690][ T3617] BUG: KMSAN: uninit-value in bch2_alloc_sectors_start_trans+0x44a/0x32b0
[  476.161571][ T3617]  bch2_alloc_sectors_start_trans+0x44a/0x32b0
[  476.171703][ T3617]  __bch2_write+0x7f8/0x8540
[  476.176475][ T3617]  bch2_write+0xec0/0x1d10
[  476.183801][ T3617]  bch2_writepages+0x24a/0x3c0
[  476.188784][ T3617]  do_writepages+0x427/0xc30
[  476.194782][ T3617]  __writeback_single_inode+0x103/0x1290
[  476.201063][ T3617]  writeback_sb_inodes+0xa34/0x1c20
[  476.206462][ T3617]  wb_writeback+0x4df/0xcb0
[  476.211396][ T3617]  wb_workfn+0x40b/0x1940
[  476.215898][ T3617]  process_scheduled_works+0xae0/0x1c40
[  476.221872][ T3617]  worker_thread+0xea7/0x14f0
[  476.226776][ T3617]  kthread+0x3e2/0x540
[  476.231119][ T3617]  ret_from_fork+0x6d/0x90
[  476.235725][ T3617]  ret_from_fork_asm+0x1a/0x30
[  476.240705][ T3617] 
[  476.243232][ T3617] Uninit was stored to memory at:
[  476.248526][ T3617]  __bch2_writepage+0x39d9/0x3f10
[  476.255369][ T3617]  write_cache_pages+0xc9/0x280
[  476.260391][ T3617]  bch2_writepages+0x11f/0x3c0
[  476.269317][ T3617]  do_writepages+0x427/0xc30
[  476.276447][ T3617]  __writeback_single_inode+0x103/0x1290
[  476.282474][ T3617]  writeback_sb_inodes+0xa34/0x1c20
[  476.287877][ T3617]  wb_writeback+0x4df/0xcb0
[  476.292698][ T3617]  wb_workfn+0x40b/0x1940
[  476.297197][ T3617]  process_scheduled_works+0xae0/0x1c40
[  476.303173][ T3617]  worker_thread+0xea7/0x14f0
[  476.308072][ T3617]  kthread+0x3e2/0x540
[  476.312474][ T3617]  ret_from_fork+0x6d/0x90
[  476.313384][ T8450] 8021q: adding VLAN 0 to HW filter on device batadv0
[  476.317016][ T3617]  ret_from_fork_asm+0x1a/0x30
[  476.328866][ T3617] 
[  476.331825][ T3617] Uninit was created at:
[  476.336346][ T3617]  kmem_cache_alloc_lru_noprof+0x91c/0xe20
[  476.342544][ T3617]  __bch2_new_inode+0x98/0x450
[  476.347536][ T3617]  bch2_inode_hash_init_insert+0x7d/0x3a0
[  476.353650][ T3617]  bch2_lookup+0x1605/0x2360
[  476.358409][ T3617]  path_openat+0x292f/0x6200
[  476.363778][ T3617]  do_filp_open+0x268/0x600
[  476.372301][ T3617]  do_sys_openat2+0x1bf/0x2f0
[  476.377179][ T3617]  __x64_sys_openat+0x2a1/0x310
[  476.383496][ T3617]  x64_sys_call+0x36f5/0x3c30
[  476.388390][ T3617]  do_syscall_64+0xcd/0x1e0
[  476.393324][ T3617]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  476.399435][ T3617] 
[  476.401978][ T3617] CPU: 0 UID: 0 PID: 3617 Comm: kworker/u8:15 Not tainted 6.13.0-rc5-syzkaller-00012-g0bc21e701a6f #0
[  476.413212][ T3617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  476.423574][ T3617] Workqueue: writeback wb_workfn (flush-bcachefs-7)
[  476.430439][ T3617] =====================================================
[  476.438498][ T3617] Disabling lock debugging due to kernel taint
[  476.444875][ T3617] Kernel panic - not syncing: kmsan.panic set ...
[  476.451437][ T3617] CPU: 0 UID: 0 PID: 3617 Comm: kworker/u8:15 Tainted: G    B              6.13.0-rc5-syzkaller-00012-g0bc21e701a6f #0
[  476.464074][ T3617] Tainted: [B]=BAD_PAGE
[  476.468347][ T3617] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024
[  476.478578][ T3617] Workqueue: writeback wb_workfn (flush-bcachefs-7)
[  476.485415][ T3617] Call Trace:
[  476.488815][ T3617]  <TASK>
[  476.491854][ T3617]  dump_stack_lvl+0x216/0x2d0
[  476.496749][ T3617]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  476.502762][ T3617]  dump_stack+0x1e/0x24
[  476.507120][ T3617]  panic+0x4e2/0xcf0
[  476.511220][ T3617]  ? kmsan_get_metadata+0xd1/0x1c0
[  476.516531][ T3617]  kmsan_report+0x2c7/0x2d0
[  476.521203][ T3617]  ? __msan_warning+0x95/0x120
[  476.526162][ T3617]  ? bch2_alloc_sectors_start_trans+0x44a/0x32b0
[  476.532673][ T3617]  ? __bch2_write+0x7f8/0x8540
[  476.537594][ T3617]  ? bch2_write+0xec0/0x1d10
[  476.542341][ T3617]  ? bch2_writepages+0x24a/0x3c0
[  476.547480][ T3617]  ? do_writepages+0x427/0xc30
[  476.552396][ T3617]  ? __writeback_single_inode+0x103/0x1290
[  476.558406][ T3617]  ? writeback_sb_inodes+0xa34/0x1c20
[  476.563991][ T3617]  ? wb_writeback+0x4df/0xcb0
[  476.568840][ T3617]  ? wb_workfn+0x40b/0x1940
[  476.573504][ T3617]  ? process_scheduled_works+0xae0/0x1c40
[  476.579433][ T3617]  ? worker_thread+0xea7/0x14f0
[  476.584492][ T3617]  ? kthread+0x3e2/0x540
[  476.588889][ T3617]  ? ret_from_fork+0x6d/0x90
[  476.593647][ T3617]  ? ret_from_fork_asm+0x1a/0x30
[  476.598791][ T3617]  ? kmsan_get_metadata+0x13e/0x1c0
[  476.604151][ T3617]  ? kmsan_internal_set_shadow_origin+0x69/0x100
[  476.610704][ T3617]  ? kmsan_get_metadata+0x13e/0x1c0
[  476.616066][ T3617]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  476.622047][ T3617]  ? _raw_spin_unlock_irqrestore+0x3f/0x60
[  476.628048][ T3617]  ? stack_depot_save_flags+0x6db/0x750
[  476.633781][ T3617]  ? kmsan_get_metadata+0x13e/0x1c0
[  476.639142][ T3617]  ? kmsan_get_metadata+0x13e/0x1c0
[  476.644511][ T3617]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  476.650507][ T3617]  __msan_warning+0x95/0x120
[  476.655301][ T3617]  bch2_alloc_sectors_start_trans+0x44a/0x32b0
[  476.661640][ T3617]  ? kmsan_get_metadata+0x13e/0x1c0
[  476.667034][ T3617]  ? kmsan_get_metadata+0x13e/0x1c0
[  476.672399][ T3617]  __bch2_write+0x7f8/0x8540
[  476.677192][ T3617]  ? __msan_chain_origin+0xc3/0x150
[  476.682601][ T3617]  ? __writeback_single_inode+0x103/0x1290
[  476.688608][ T3617]  ? ret_from_fork+0x6d/0x90
[  476.693375][ T3617]  ? kmsan_get_metadata+0x13e/0x1c0
[  476.698742][ T3617]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  476.704805][ T3617]  ? kmsan_get_metadata+0x13e/0x1c0
[  476.710187][ T3617]  ? kmsan_get_metadata+0xd0/0x1c0
[  476.715475][ T3617]  bch2_write+0xec0/0x1d10
[  476.720052][ T3617]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  476.726044][ T3617]  bch2_writepages+0x24a/0x3c0
[  476.730999][ T3617]  ? kmsan_get_metadata+0x13e/0x1c0
[  476.736357][ T3617]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  476.742346][ T3617]  ? __pfx_bch2_writepages+0x10/0x10
[  476.747829][ T3617]  do_writepages+0x427/0xc30
[  476.752575][ T3617]  ? kmsan_get_metadata+0x13e/0x1c0
[  476.757947][ T3617]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  476.763921][ T3617]  ? writeback_sb_inodes+0x58/0x1c20
[  476.769403][ T3617]  ? kmsan_get_shadow_origin_ptr+0x4d/0xb0
[  476.775391][ T3617]  __writeback_single_inode+0x103/0x1290
[  476.781219][ T3617]  ? _raw_spin_unlock+0x30/0x50
[  476.786267][ T3617]  writeback_sb_inodes+0xa34/0x1c20
[  476.791725][ T3617]  ? kmsan_get_metadata+0x13e/0x1c0
[  476.797093][ T3617]  wb_writeback+0x4df/0xcb0
[  476.801803][ T3617]  ? queue_io+0x481/0x780
[  476.806320][ T3617]  wb_workfn+0x40b/0x1940
[  476.810836][ T3617]  ? __pfx_wb_workfn+0x10/0x10
[  476.815767][ T3617]  process_scheduled_works+0xae0/0x1c40
[  476.821561][ T3617]  worker_thread+0xea7/0x14f0
[  476.826466][ T3617]  kthread+0x3e2/0x540
[  476.830695][ T3617]  ? __pfx_worker_thread+0x10/0x10
[  476.836021][ T3617]  ? __pfx_kthread+0x10/0x10
[  476.840775][ T3617]  ret_from_fork+0x6d/0x90
[  476.845366][ T3617]  ? __pfx_kthread+0x10/0x10
[  476.850133][ T3617]  ret_from_fork_asm+0x1a/0x30
[  476.855116][ T3617]  </TASK>
[  476.858535][ T3617] Kernel Offset: disabled
[  476.862919][ T3617] Rebooting in 86400 seconds..