last executing test programs:

7m0.580859159s ago: executing program 0 (id=779):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000400)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
r3 = socket$kcm(0x2b, 0x1, 0x0)
setsockopt$sock_attach_bpf(r3, 0x6, 0x21, &(0x7f0000000200), 0x20)
r4 = socket$inet6_mptcp(0xa, 0x1, 0x106)
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=ANY=[@ANYBLOB="0b00000005000000020000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x14, &(0x7f0000000500)=ANY=[@ANYBLOB="1800000000000000000000000000000218110000", @ANYRES32=r5, @ANYBLOB="0000000000000000b7080000ff7f00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000180100002520732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
getsockopt$inet6_tcp_int(r4, 0x6, 0x5, 0x0, &(0x7f0000000040))

6m59.331657649s ago: executing program 0 (id=780):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000004340), r1)
r3 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000034276d20402003c68e010000000109021200010000000009040001"], 0x0)
syz_usb_control_io$uac1(r3, 0x0, 0x0)
sendmsg$NFC_CMD_START_POLL(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x24, r2, 0x92d, 0x70bd2a, 0x25dfdbfd, {}, [@NFC_ATTR_DEVICE_INDEX={0x8}, @NFC_ATTR_TM_PROTOCOLS={0x8, 0xe, 0x40}]}, 0x24}, 0x1, 0x0, 0x0, 0x8010}, 0x80054)
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r5 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
ioctl$sock_netrom_SIOCADDRT(r5, 0x890b, &(0x7f0000000200)={0xd6955f992050e3e6, @null, @bpq0, 0x3, 'syz1\x00', @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0x6, 0x2, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @bcast, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @bcast, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}]})
r6 = syz_genetlink_get_family_id$nfc(&(0x7f0000000040), r1)
sendmsg$NFC_CMD_GET_SE(r4, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000000100)={&(0x7f00000000c0)={0x14, r6, 0x10, 0x70bd2b, 0x25dfdbfc, {}, ["", "", "", "", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x8001)

6m55.262729464s ago: executing program 0 (id=795):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00', 0x300, 0x0, 0x1, 0x1}, 0x21)
r1 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000014c0)={r1}, 0x4)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x200000a, 0x13, r1, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0)

6m54.92028083s ago: executing program 0 (id=797):
socket$nl_generic(0x10, 0x3, 0x10)
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x1)
mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
syz_mount_image$ext4(&(0x7f0000000700)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x82, &(0x7f0000000040), 0x7, 0x4d6, &(0x7f0000000740)="$eJzs3EFsVEUfAPD/27a0QPnoh4iCqEU0NhpbKCgcTAxGEw+aGPGgx6YtBFmooTURQmRJDB4NiXfj0asHr+rNcDLxikcTQ0IMF8DTM2/3bXe73V3a7bYr9PdLlp2Znbczs/Pm7bwZtgFsWqPZP0nEcETcjIidEVFozDBaebp35/L0/TuXp6OUpif/TrLD4m4WzyX58/Y8MlaIKHyZ1F6oM3/x0tmpYnH2Qh6fWDj36cT8xUuvnDk3dXr29Oz5yePHjx45fOy1yVdX36gm5WXturvvi7n9e9/5+Pp70/3V9KH8ub4d3TIao82qUvZCtwvrsR114aS/Xc431r8yrFh2/mfdNVAe/zujL9p2HvAISdM0HWz9ciltdHVZCvDQSqLXNQB6o/pFn93/Vh/NJgJb1mf60XO3T1RugLJ238sfEc+WE6vrIAMN97fdNBoRH5X++TZ7xDqtQwAA1Pv5RHUm2DD/G4nYU5fvf/keykhE/D8idkXEYxGxOyIej0reJyLiyYb374uItE35ow3x5fOfwq21tbC9bP73er63VZv/Rf0u2EhfHtsRUZ0wzx7KP5OxGBg8daY4e7hNGb+89fvXrV6rn/9lj6z86lwwr8et/oYFupmphamOG9zg9tWIff2N7U/6I5LFnYAkIvZGxL5VvO9IXfjMS9/vX4wMLM334PaXpU330bqwVZF+F/Fipf9LsaT/ayUm7fcnJ4aiOHtoIjsLDjUt48Zv195vVf4D2//jn42HvH3sp5P5yFq7rP+31Z3/Ud2/rbV/JIlIFvdr51dfxrU/vmp5T9Pp+b8l+bAcrt6Xfj61sHDhcMSW5N3l6ZO1Y6vx7DlKlfaPHWw+/nflx2SfxFMRkZ3ET0fEM1G5QxyN9MqBiHguIg62af+vbz7/SeftX19Z+2eaXv+W9H9tvz4LZKkXlqRMFZNSJXctZTHQd/bAzfstLh4r6/+j5dBYntL8+pcsuUQsr0XzwBo/PgAAAHgoFCJiuG4taTgKhfHxyhrQ7thWKM7NL7x8au6z8zOV3wiMxEChutJVWQ8eSKrrnyN18cmG+JF83fibvq3l+Pj0XHGmpy0HtpfHfFIYX7wWVMZ/5q/uLDED/2V+8gOb14PG/57rG1QRYMP5/ofNq278l1pkKfmfMvBoWsn3v7VAeDQ1G/9XOjgGeLikxjJsaqsZ/0vz3tjZ9coAG6o/PlgMF3paE2Cjmf/DprSiH8l3HEgHm780FMszx1D7N+yLzqqxtUlZPQlkM6uelL61k6Oqf02hZZ4orO4NB5f9yYjO+vTU2j+W03u6fvKn+f5Yt3vwhw0Zp80C7a8bk8Prd00CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADopn8DAAD//7x926o=")
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x15, &(0x7f0000000580)={&(0x7f0000001680)=ANY=[@ANYBLOB="580100001000030400"/20, @ANYRES32=0x0, @ANYBLOB="15020000000000003001128009000100766c616e000000002001028006000100000000001c0004800c00010032d10000ffff00000c000100ae0200009e000000700004800c00010009000000010000e29b5d2a0008000000010100000c000100f8ffffff080000000c00010006000000040000000c00010007000000010000800c00010005000000060000000c00010001000000000000000c000100910a00000d0000000c0001000e00000032000000880003800c002100060000000c0000000c00010003000000400000000c00010004000000ffffffff0c00010002000000110000000c00010001000000020000000c0001000b000000270000000c000100ffff00005f0200000c000100ffffffff030000000c00010001000000030000000c00010000000000018000000c000100090000000900000008000500", @ANYRES8=r0], 0x158}, 0x1, 0xba01}, 0x44)

6m53.372190265s ago: executing program 0 (id=804):
r0 = socket$l2tp6(0xa, 0x2, 0x73)
r1 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r1, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
r3 = socket(0x1e, 0x1, 0x0)
sendto$rxrpc(r3, &(0x7f0000000000), 0x0, 0xc0, &(0x7f0000000100)=@in4={0x21, 0x4, 0x2, 0x10, {0x2, 0x4e21, @multicast1}}, 0x24)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r2, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sendmsg$rds(r1, &(0x7f0000000080)={&(0x7f0000000180)={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x0)
r6 = fsopen(&(0x7f0000000000)='rpc_pipefs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0)
close(r6)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x1e, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x2, 0x3, 0x2, 0x1, 0x39}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x80)
ioprio_set$uid(0x3, 0x0, 0x0)
r7 = socket$inet(0x2, 0x4000000000000001, 0x0)
write$binfmt_elf64(r7, 0x0, 0x100000530)
sendmsg$rds(r1, &(0x7f0000000680)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x24008880}, 0x40)
bind$l2tp6(r0, &(0x7f0000000000)={0xa, 0x0, 0x1, @empty, 0x0, 0x3}, 0x20)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$L2TP_CMD_TUNNEL_CREATE(r8, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r9, @ANYBLOB="0100000000000000000001000500050007000000000008000900000000001400200000000000000000000000e1ffe000000108000a0000000000060002000100000014001f"], 0x5c}, 0x1, 0x6c}, 0x0)

6m51.457940086s ago: executing program 0 (id=810):
syz_mount_image$nilfs2(&(0x7f0000000a40), &(0x7f0000000a80)='./file0\x00', 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="001b82c7db7d42db303586547449d62aaac0dcf36e9c5d35f62c180dabbf5f896257eb342385e354c1aa"], 0x1, 0xa10, &(0x7f0000001540)="$eJzs3U2MG1cdAPBn73rTfJQ4JaFLGtqEQls+uttslvARQVM1F6Km6q1SxSVK0xKRBkQqQasekpy40aoKVz7EqZcKEBK9oKgnLpVoJC49FQ4ciIJUiQMUkkXrfc/r/cfW2Jvser3+/aTZ55n/s98b73g8npn3XgLGVr31d35+upbS5XfePPaPh/6+dXHJ4+0czdbfyY65Rkqplucnw+t9OLGU3vjotVPd0lqaa/0t8+np6+3nbk8pXUj705XUTHsvX33jvbmnTlw8funA+28dubY2aw8AAOPlmStH5vf89c/37fr47fuPpi3t5eX4vJnnd+Tj/qP5wL8c/9fTyvlax9RpKuSbzFM95Jvokq+znEbIN9mj/Knwuo0e+bZUlD/RsazbesMoK9txM9XqMyvm6/WZmaXf5Kn1u36qNnPuzNkXzg+posAd968HUkr7TSbTOE4LO4e9BwJYEq8X3uJCPLNwe9qvNtlf+defqHd/PtwB6739K3+0yv/1RXsc7pzNujWV9Sqfox15Pl5HiPcvDfr5L68Xr0c0+qxnr+sIo3J9oVc9J9a5HqvVq/5xu9isvpnT8j58K8Q7Pz/xfzoq/2Ogu387/28yje20MOwdELBhxfvmFrISj/f1xfiWivhdFfGtFfFtFfHtFXEYZ797+afp9dry7/z4m37Q82HlPNvdOf3EgPWJ5yMHLT/e9zuo2y0/3k8MG9kfTj57+mvPP3d16f7/2uL237rl/2be3vfnfM382bqSN/dyvjCeV1++9/+ZFeXUe+S7J9Tn7i75W493r8xX2738OqljP3NLPaZXPm9nr3z7VuZrhnxb83RXqG88PtkWnleOP8p+tbxfk2F9G2E9pkI9yn5lV05jPWA1yvbY6/7/sn1Op0bthTNnTz+W58t2+qeJxpbF5QfXud7A7eu3/c90Wtn+Z0d7eaPeuV/Yuby81rlfaIblcz2WH8rz5XvuuxNbW8tnTn3/7PN3euVhzJ1/5dXvnTx79vQPPfDAAw/aD4a9ZwLW2uzLL/1g9vwrrz565qWTL55+8fS5Q4cPH5qbO/z1Q/OzreP62c6je2AzWf7SH3ZNAAAAAAAAAAAAgH796Pixq39596sfLLX/X27/V9r/lzt/S/v/n4T2/7GdfGkHX9oB7uoSb+UJHaxOhXyNPH0y1Hd3KGdPeN6nctoexy+3/y/FxX5dS33uDctj/70lX+hO4Jb+UqZCHyRxvMDP5vRSTn+VYIhqW7svzmlV/9ZlWy/9U+iXYjSV/1vZGko/JqX9d69+ncr+f9c61JE7bz2aEw57HYHu/qn/b5NpbKeFBaN4ABvDsMf/LOc9S3ruj9++a3Eq2a4/sXJ/Gfsvhdux0cefVP7mGv+zPf5d3/u/MGJec3Xl/ufn1z7oKDbt7bf8uP6lH+jdg5X/cS6/rM3Dqb/yF34Zyo8XhPr031D+tj7Lv2X9962u/P/l8svb9siD/Za/VONafWU94nnjcv0vnjcuboT1L317Drz+qxyo8WYuH8bZqIwzO6hRGf+3l3gfxlfyfNkRlvsc4ngng9a/3F9Rvgf2hNevVXy/bfbxfy+uY12G4Rs5rfo8lPF/y/bY7DJf75hvdHlvN+u+BkbVh67/mUxjOy0sLKztCa0KQy2cob//w/6dMOzyh/3+V4nj/8Zj+Dj+b4zH8X9jPI7/G+NxfL0Yj+P/xvczjv8b4/eG143jA09XxD9dEd9bEb+vIr6vIv6ZiviBivj9FfEHKuL3VMQfrIh/riL++Yr4QxXxRyriX6iIb3alPcq4rj+Ms9g+z+cfxke5/tPr87+7Ig6Mrp+9ffDJ5377neZS+/+p9vmQch3vaJ7fn387/zjPx+veqWN+MfZunv9biG/08x0wTmL/GfH7/eGKODC6yn1ePt8whmrde+zpt9+qXsf5jJYv5vRLOf1yTh/N6UxOZ3N6MKdz61Q/1saTv/n9kddry7/3d4Z4v/eTx/ZAsZ+oQ33WJ54fGPR+9tiP36But/xVNgcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYmnrr7/z8dC2ly++8eezZE2dmF5c83s7RbP2d7JhrtJ+X0mM5ncjpL/KDGx+9dqozvZnTWppLtVRrL09PX2+XtD2ldCHtT1dSM+29fPWN9+aeOnHx+KUD77915NravQMAAACw+f0/AAD//8MLDok=")
syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000740)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
socket$inet_udplite(0x2, 0x2, 0x88)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x84}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f00000003c0)=""/34)
mq_open(0x0, 0x0, 0x0, &(0x7f0000000180)={0x8001})
r3 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000040)={r3, r3, r3}, &(0x7f0000001cc0)=""/194, 0xc2, &(0x7f00000000c0)={&(0x7f0000000000)={'xxhash64-generic\x00'}})
syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$f2fs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x40d, &(0x7f0000000480)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c616c6c6f635f6d6f64653d64656661756c742c6163746976655f6c6f67733d362c6d6f64653d6c66732c6661756c745f696e6a656374696f6e3d303030303030303030616c6c6f635f6d6f64653d72657573652c6e6f61636c2c686561702c616c6c6f635f6d6f04003d64656661756c742c6e6f657876656e745f63616368652c636f6d70726573735f63616368652c6a71666d743d7666736f6c642c00"], 0x1, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
r4 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r4, 0x80044940, &(0x7f0000001b00)={<r5=>0x0, ""/256, 0x0, 0x0, <r6=>0x0, 0x0, ""/16, ""/16, ""/16, <r7=>0x0, <r8=>0x0})
syz_mount_image$msdos(&(0x7f0000000180), &(0x7f00000006c0)='.\x00', 0x1a4243c, &(0x7f0000000700)=ANY=[@ANYRES16=r6, @ANYRESDEC=r7, @ANYRESHEX=r8, @ANYRESDEC, @ANYBLOB="b1f1563f8cf9b3df43707e277e3870d9bbeca08c7c9e5ebdd62801631c9f6ff697c8ea4da0047f1529a0c7", @ANYRES8=r5, @ANYRES64=r5, @ANYRES8=0x0, @ANYRES64, @ANYRES8=r8], 0x0, 0x0, &(0x7f0000000080))

6m48.574583482s ago: executing program 32 (id=810):
syz_mount_image$nilfs2(&(0x7f0000000a40), &(0x7f0000000a80)='./file0\x00', 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB="001b82c7db7d42db303586547449d62aaac0dcf36e9c5d35f62c180dabbf5f896257eb342385e354c1aa"], 0x1, 0xa10, &(0x7f0000001540)="$eJzs3U2MG1cdAPBn73rTfJQ4JaFLGtqEQls+uttslvARQVM1F6Km6q1SxSVK0xKRBkQqQasekpy40aoKVz7EqZcKEBK9oKgnLpVoJC49FQ4ciIJUiQMUkkXrfc/r/cfW2Jvser3+/aTZ55n/s98b73g8npn3XgLGVr31d35+upbS5XfePPaPh/6+dXHJ4+0czdbfyY65Rkqplucnw+t9OLGU3vjotVPd0lqaa/0t8+np6+3nbk8pXUj705XUTHsvX33jvbmnTlw8funA+28dubY2aw8AAOPlmStH5vf89c/37fr47fuPpi3t5eX4vJnnd+Tj/qP5wL8c/9fTyvlax9RpKuSbzFM95Jvokq+znEbIN9mj/Knwuo0e+bZUlD/RsazbesMoK9txM9XqMyvm6/WZmaXf5Kn1u36qNnPuzNkXzg+posAd968HUkr7TSbTOE4LO4e9BwJYEq8X3uJCPLNwe9qvNtlf+defqHd/PtwB6739K3+0yv/1RXsc7pzNujWV9Sqfox15Pl5HiPcvDfr5L68Xr0c0+qxnr+sIo3J9oVc9J9a5HqvVq/5xu9isvpnT8j58K8Q7Pz/xfzoq/2Ogu387/28yje20MOwdELBhxfvmFrISj/f1xfiWivhdFfGtFfFtFfHtFXEYZ797+afp9dry7/z4m37Q82HlPNvdOf3EgPWJ5yMHLT/e9zuo2y0/3k8MG9kfTj57+mvPP3d16f7/2uL237rl/2be3vfnfM382bqSN/dyvjCeV1++9/+ZFeXUe+S7J9Tn7i75W493r8xX2738OqljP3NLPaZXPm9nr3z7VuZrhnxb83RXqG88PtkWnleOP8p+tbxfk2F9G2E9pkI9yn5lV05jPWA1yvbY6/7/sn1Op0bthTNnTz+W58t2+qeJxpbF5QfXud7A7eu3/c90Wtn+Z0d7eaPeuV/Yuby81rlfaIblcz2WH8rz5XvuuxNbW8tnTn3/7PN3euVhzJ1/5dXvnTx79vQPPfDAAw/aD4a9ZwLW2uzLL/1g9vwrrz565qWTL55+8fS5Q4cPH5qbO/z1Q/OzreP62c6je2AzWf7SH3ZNAAAAAAAAAAAAgH796Pixq39596sfLLX/X27/V9r/lzt/S/v/n4T2/7GdfGkHX9oB7uoSb+UJHaxOhXyNPH0y1Hd3KGdPeN6nctoexy+3/y/FxX5dS33uDctj/70lX+hO4Jb+UqZCHyRxvMDP5vRSTn+VYIhqW7svzmlV/9ZlWy/9U+iXYjSV/1vZGko/JqX9d69+ncr+f9c61JE7bz2aEw57HYHu/qn/b5NpbKeFBaN4ABvDsMf/LOc9S3ruj9++a3Eq2a4/sXJ/Gfsvhdux0cefVP7mGv+zPf5d3/u/MGJec3Xl/ufn1z7oKDbt7bf8uP6lH+jdg5X/cS6/rM3Dqb/yF34Zyo8XhPr031D+tj7Lv2X9962u/P/l8svb9siD/Za/VONafWU94nnjcv0vnjcuboT1L317Drz+qxyo8WYuH8bZqIwzO6hRGf+3l3gfxlfyfNkRlvsc4ngng9a/3F9Rvgf2hNevVXy/bfbxfy+uY12G4Rs5rfo8lPF/y/bY7DJf75hvdHlvN+u+BkbVh67/mUxjOy0sLKztCa0KQy2cob//w/6dMOzyh/3+V4nj/8Zj+Dj+b4zH8X9jPI7/G+NxfL0Yj+P/xvczjv8b4/eG143jA09XxD9dEd9bEb+vIr6vIv6ZiviBivj9FfEHKuL3VMQfrIh/riL++Yr4QxXxRyriX6iIb3alPcq4rj+Ms9g+z+cfxke5/tPr87+7Ig6Mrp+9ffDJ5377neZS+/+p9vmQch3vaJ7fn387/zjPx+veqWN+MfZunv9biG/08x0wTmL/GfH7/eGKODC6yn1ePt8whmrde+zpt9+qXsf5jJYv5vRLOf1yTh/N6UxOZ3N6MKdz61Q/1saTv/n9kddry7/3d4Z4v/eTx/ZAsZ+oQ33WJ54fGPR+9tiP36But/xVNgcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYmnrr7/z8dC2ly++8eezZE2dmF5c83s7RbP2d7JhrtJ+X0mM5ncjpL/KDGx+9dqozvZnTWppLtVRrL09PX2+XtD2ldCHtT1dSM+29fPWN9+aeOnHx+KUD77915NravQMAAACw+f0/AAD//8MLDok=")
syz_mount_image$ext4(&(0x7f0000000000)='ext2\x00', &(0x7f0000000740)='./file0\x00', 0x0, 0x0, 0x0, 0x0, &(0x7f0000000000))
socket$inet_udplite(0x2, 0x2, 0x88)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x84}, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
semctl$SEM_INFO(0x0, 0x4, 0x13, &(0x7f00000003c0)=""/34)
mq_open(0x0, 0x0, 0x0, &(0x7f0000000180)={0x8001})
r3 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000040)={r3, r3, r3}, &(0x7f0000001cc0)=""/194, 0xc2, &(0x7f00000000c0)={&(0x7f0000000000)={'xxhash64-generic\x00'}})
syz_mount_image$fuse(0x0, &(0x7f0000000180)='./file2\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$f2fs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x40d, &(0x7f0000000480)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c616c6c6f635f6d6f64653d64656661756c742c6163746976655f6c6f67733d362c6d6f64653d6c66732c6661756c745f696e6a656374696f6e3d303030303030303030616c6c6f635f6d6f64653d72657573652c6e6f61636c2c686561702c616c6c6f635f6d6f04003d64656661756c742c6e6f657876656e745f63616368652c636f6d70726573735f63616368652c6a71666d743d7666736f6c642c00"], 0x1, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
r4 = openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_INFO(r4, 0x80044940, &(0x7f0000001b00)={<r5=>0x0, ""/256, 0x0, 0x0, <r6=>0x0, 0x0, ""/16, ""/16, ""/16, <r7=>0x0, <r8=>0x0})
syz_mount_image$msdos(&(0x7f0000000180), &(0x7f00000006c0)='.\x00', 0x1a4243c, &(0x7f0000000700)=ANY=[@ANYRES16=r6, @ANYRESDEC=r7, @ANYRESHEX=r8, @ANYRESDEC, @ANYBLOB="b1f1563f8cf9b3df43707e277e3870d9bbeca08c7c9e5ebdd62801631c9f6ff697c8ea4da0047f1529a0c7", @ANYRES8=r5, @ANYRES64=r5, @ANYRES8=0x0, @ANYRES64, @ANYRES8=r8], 0x0, 0x0, &(0x7f0000000080))

3m18.370321091s ago: executing program 2 (id=1400):
bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb010018000000000000003800000038000000030000003b00000000f7ff"], 0x0, 0x53}, 0x28)

3m18.333961811s ago: executing program 2 (id=1401):
r0 = socket$nl_route(0x10, 0x3, 0x0)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000100)='ns/pid\x00') (async)
syz_open_procfs$namespace(0xffffffffffffffff, &(0x7f0000000100)='ns/pid\x00')
syz_open_procfs$pagemap(0x0, &(0x7f0000000000)) (async)
syz_open_procfs$pagemap(0x0, &(0x7f0000000000))
mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000140)='net\x00')
fchdir(r1) (async)
fchdir(r1)
mount$9p_unix(&(0x7f0000000100)='./file0\x00', &(0x7f0000000000)='./file0\x00', 0x0, 0x12d5498, 0x0)
r2 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0) (async)
socket$netlink(0x10, 0x3, 0x0)
syz_emit_ethernet(0xf7, &(0x7f0000000200)={@broadcast, @empty, @val={@void, {0x8100, 0x6, 0x0, 0x4}}, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xe5, 0x0, 0x0, 0x0, 0x88, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @redirect={0x5, 0x1, 0x0, @dev={0xac, 0x14, 0x14, 0x41}, {0x31, 0x4, 0x1, 0x11, 0x10, 0x66, 0x2, 0x5, 0x0, 0x5, @multicast2, @multicast2, {[@ssrr={0x89, 0x1b, 0x9a, [@private=0xa010102, @dev={0xac, 0x14, 0x14, 0x21}, @empty, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast1, @loopback]}, @lsrr={0x83, 0xf, 0x12, [@broadcast, @local, @local]}, @timestamp_prespec={0x44, 0x14, 0xcf, 0x3, 0xa, [{@rand_addr=0x64010101, 0x8}, {@private=0xa010102, 0x2}]}, @timestamp_prespec={0x44, 0x24, 0x34, 0x3, 0x4, [{@multicast2, 0x104}, {@broadcast}, {@private=0xa010101, 0x6}, {@remote, 0xfffff9ff}]}, @rr={0x7, 0x1b, 0xfd, [@multicast1, @rand_addr=0x64010101, @dev={0xac, 0x14, 0x14, 0x3f}, @multicast2, @remote, @broadcast]}, @end, @cipso={0x86, 0x31, 0xffffffffffffffff, [{0x7, 0xb, "7ae42ec361b9d9edcd"}, {0x3, 0x3, 'n'}, {0x6, 0x3, "7f"}, {0x2, 0xc, "f4775f53010e173e9186"}, {0x7, 0xe, "dfaa911d89fe6dc32f74f167"}]}]}}, "8bfe546eba"}}}}}, 0x0) (async)
syz_emit_ethernet(0xf7, &(0x7f0000000200)={@broadcast, @empty, @val={@void, {0x8100, 0x6, 0x0, 0x4}}, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xe5, 0x0, 0x0, 0x0, 0x88, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @redirect={0x5, 0x1, 0x0, @dev={0xac, 0x14, 0x14, 0x41}, {0x31, 0x4, 0x1, 0x11, 0x10, 0x66, 0x2, 0x5, 0x0, 0x5, @multicast2, @multicast2, {[@ssrr={0x89, 0x1b, 0x9a, [@private=0xa010102, @dev={0xac, 0x14, 0x14, 0x21}, @empty, @initdev={0xac, 0x1e, 0x1, 0x0}, @multicast1, @loopback]}, @lsrr={0x83, 0xf, 0x12, [@broadcast, @local, @local]}, @timestamp_prespec={0x44, 0x14, 0xcf, 0x3, 0xa, [{@rand_addr=0x64010101, 0x8}, {@private=0xa010102, 0x2}]}, @timestamp_prespec={0x44, 0x24, 0x34, 0x3, 0x4, [{@multicast2, 0x104}, {@broadcast}, {@private=0xa010101, 0x6}, {@remote, 0xfffff9ff}]}, @rr={0x7, 0x1b, 0xfd, [@multicast1, @rand_addr=0x64010101, @dev={0xac, 0x14, 0x14, 0x3f}, @multicast2, @remote, @broadcast]}, @end, @cipso={0x86, 0x31, 0xffffffffffffffff, [{0x7, 0xb, "7ae42ec361b9d9edcd"}, {0x3, 0x3, 'n'}, {0x6, 0x3, "7f"}, {0x2, 0xc, "f4775f53010e173e9186"}, {0x7, 0xe, "dfaa911d89fe6dc32f74f167"}]}]}}, "8bfe546eba"}}}}}, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'lo\x00'}) (async)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000080)={'lo\x00'})
unshare(0x400)
r4 = socket$rds(0x15, 0x5, 0x0)
r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x604440, 0x0)
ioctl$FICLONE(r4, 0x40049409, r5)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
ioctl$KVM_SET_USER_MEMORY_REGION(r0, 0x4020ae46, &(0x7f00000000c0)={0x10004, 0x1, 0xffff1000, 0x2000, &(0x7f0000ffc000/0x2000)=nil})
r6 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'lo\x00'}) (async)
ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000040)={'lo\x00', <r7=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xe}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_ingress={0xc}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x101}]}, 0x38}}, 0x0) (async)
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {0x0, 0xe}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_ingress={0xc}, @TCA_INGRESS_BLOCK={0x8, 0xd, 0x101}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001bc0)=@deltfilter={0x24, 0x2d, 0x1, 0x78bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0xfff3, 0x8}, {0xffff, 0xffff}, {0x0, 0xf}}}, 0x24}}, 0x20044000)

3m17.392992557s ago: executing program 2 (id=1403):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000001400000008000a"], 0x5c}, 0x1, 0x0, 0x7000000, 0x800}, 0x0)

3m17.356071297s ago: executing program 2 (id=1404):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi3\x00', 0x2, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00')
mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',o=', @ANYRESHEX=r0, @ANYBLOB=',\x00'])
syz_clone(0x128000, &(0x7f0000000180)="7787896d5aa39f8046bdfb562d0630b5606b43f8d19d397aafa69091fd162bfe01622c8675863da9370126f5797eef7b10ce58645a757ee9486c3eca6c6e7288828d54024a40924ab8fbf7b77cdd987cbc2d3505", 0x54, &(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000280)="0eef5a16942907d7615d21621ea5e11f774c50138a552dc1acf2c5678792f857")
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x1000000, &(0x7f0000000080)={[{@discard}, {@journal_dev={'journal_dev', 0x3d, 0x9b}}, {@nobarrier}]}, 0x1, 0x7b9, &(0x7f00000007c0)="$eJzs3d9rHNUeAPDvbJLmR3tvcuFy7+1b4EJvoHRzU2Or4EPFBxEsFPTZNmy2oWaTLdlNaULAFhF8EVR8EPSlz/6ob776A3zS/8IHaamaFis+SGR2Z5M02c2vJtloPh+YzDkzsznnO+fMzNmdYTeAQ2sw/ZOLOB4RbycR/dnyJCK6aqnOiHP17R4uLvRERCGJpaWXfkpq2zxYXCjEqtekjmaZ/0TEV29EnMytL7cyNz85VioVZ7L8cHXq6nBlbv7UlamxieJEcfrMyOjo6bNPnj2ze7H+8t38sbvvPP+/T8/99vq/b7/1dRLn4li2bnUcu2UwBrN90pXuwkc8t9uFtVnS7gqwI+mh2VE/yuN49EdHLdVC737WDADYK69FxBIAcMgkrv8AcMg0Pgd4sLhQaEzt/URif917NiJ66vE/zKb6ms7snl1P7T5o34PkkTsjSUQM7EL5gxHx4eevnOjI8mk93EsD9sONmxFxaWBw/fk/WffMwnb9f6OVS9212eCaxYft+gPt9EU6/nmq2fgvtzz+iSbjn+76sfuvxy1/8+M/d+dxy9hIOv57pv5s25rx3/JDawMdWe5vtTFfV3L5SqmYntv+HhFD0dWd5kdqmzYfuQ3d//1+q/Kz8d/H6fTzu69+lJafzle2yN3p7H70NeNj1c5vHjfwzL2b0Zcl18SfLLd/0mL8e2GLZbzw9JsftFqXxp/G25jWx7+3lm5FnGja/ittmWz4fOJwrTsMNzpFE599/35fq/JXt386peWn892PtLl7N6PWAZJkZR/U1yzHP5Csfl6zsv0yvr3V/2WrdZvH37T/jx1JXq6lj2TLro9VqzMjEUeSF9cvP73y2ka+sX0a/9B/mx//9WKb9//0PeGlLcbfeffHT3Ye/95K4x/fuP+vaf+ebPHKks0Stx9OdrQqf2vtP1pLDWVL0vbfLK6t1GtnvRkAAAAAAAAAAAAAAAAAAAAAAAAAti8XEcciyeWX07lcPl//De9/Rl+uVK5UT14uz06PR+23sgeiK9f4qsv+Vd+HOpJ9H34jf3pN/omI+EdEvNfdW8vnC+XSeLuDBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDM0Ra//5/6obvdtQMA9kxPuysAAOw7138AOHy2d/3v3bN6AAD7x/t/ADh8tnz9v7S39QAA9o/3/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOyxC+fPp9PSr4sLhTQ/fm1udrJ87dR4sTKZn5ot5Avlmav5iXJ5olTMF8pTLf/RjfqsVC5fHY3p2evD1WKlOlyZm784VZ6drl68MjU2UbxY7Nq3yAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABg6ypz85NjpVJx5i+RuLES2C7/5962xtV3MHbvqkRnHIhqHOhEdxyIauwwsfos0duGMxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAn8MfAQAA//94WBdi")
creat(&(0x7f0000001740)='./bus\x00', 0xa1)
sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002"], 0x64}}, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000006200)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000002300010028bd7000fb9d87d5d700a0"], 0x14}, 0x1, 0x0, 0x0, 0x48000}, 0x4004064)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000008c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[], 0x14}}, 0x0)
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0)
setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_NMI(r4, 0xae9a)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x5, 0x6, 0x4004, 0x2, 0x4, 0xefffffffffffffff, 0x0, 0x0, 0x2000000, 0x0, 0x1c, 0x0, 0xffffffffffffffff, 0x6], 0x0, 0x41901})
ioctl$KVM_RUN(r4, 0xae80, 0x0)
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
mount(&(0x7f00000002c0)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r5 = open(&(0x7f0000000100)='./bus\x00', 0x66842, 0x19)
pwritev2(r5, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0xffffffe4}], 0x1, 0x50000, 0x0, 0x0)
mq_notify(r1, &(0x7f00000002c0)={0x0, 0x6a, 0x4, @thr={&(0x7f00000004c0)="2dc13d788e5134c129c016aeceed597bf2d95561ea758bfe22a66c05a70ac64d256fc0a6d7fdb148c5271b0e353a25cc4bc5f78fc95f99555e87ae258f63717f47e53d06c8ddff28bdfd5cd9ca0f29e5d71c7540a13cd26b8653811b8ab338ecf9f65312f154983254e557d9f5a5cac00f73666783d3002769b93674529a06d3c3acb5d80716e1aa2ddd", &(0x7f0000000580)="e4c21015a711ca47d17065289e5a24754ce57d537c0a8de351651d0c18143908359103a1d8dfbf47aac2726694b11993039580aa4cbde6d18c371b66c6c679e3f89f7b9c2f247ef86f9510faa1c0c4369063c0638f4ff6fd62b9d60387afffcdb6707d69859f71d418f1f6e33f997374a90be665bf11cb477c9f14e9296d2ff73367feb3e34fc8efa60588e6737d266defa2fb3dd89a6c5f2f"}})
r6 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
sendmmsg$inet(r6, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x23, 0x0}}], 0x3284b164842c97f7, 0x8014)
r7 = socket$packet(0x11, 0x2, 0x300)
getpeername$packet(r7, &(0x7f0000000100), &(0x7f0000000140)=0x14)
r8 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r8, 0x10e, 0xc, &(0x7f0000000040)={0x200000c0, 0xffffffff, 0xfffffff8}, 0x10)

3m16.098077718s ago: executing program 2 (id=1408):
socket$inet6_udp(0xa, 0x2, 0x0)
openat$uinput(0xffffffffffffff9c, &(0x7f0000000080), 0x802, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89101)
fspick(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x1)
syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000200)=ANY=[@ANYBLOB="2a01000020000040b708000000000000030109029200030172e5000904000000010100000a24010000000201020c0d2407000005000000000000000c240000e9fffff5ffffffff092403f3ff000005024524", @ANYRES8=r0, @ANYBLOB="05", @ANYRES16=r0], 0x0)

3m14.337546286s ago: executing program 2 (id=1418):
r0 = fsopen(&(0x7f0000000180)='bdev\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x0, 0x1)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x3f00000000000000)

3m13.937996722s ago: executing program 33 (id=1418):
r0 = fsopen(&(0x7f0000000180)='bdev\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x0, 0x1)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x3f00000000000000)

3.113281173s ago: executing program 1 (id=2145):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000480)={0x1, &(0x7f0000000200)=[{0x6, 0x1, 0x5, 0x7fffffff}]})
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = socket(0xa, 0x5, 0x0)
connect$inet(r1, &(0x7f0000000080)={0x2, 0x4e23, @rand_addr=0x64010100}, 0x10)
ptrace(0x10, r0)
ptrace$PTRACE_SECCOMP_GET_FILTER(0x420c, r0, 0x0, 0x0)

2.219450909s ago: executing program 1 (id=2166):
syz_usb_connect(0x1, 0x2d, &(0x7f0000000340)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904010001faf40d00090582239f"], 0x0)
r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
ppoll(&(0x7f00000000c0)=[{r0, 0x3424}, {r0, 0x2}], 0x2, 0x0, 0x0, 0x0)

2.17563287s ago: executing program 3 (id=2167):
socket$inet_sctp(0x2, 0x5, 0x84)
r0 = openat(0xffffffffffffff9c, 0x0, 0x40, 0x8)
ioctl$DRM_IOCTL_ADD_CTX(r0, 0xc0086420, &(0x7f00000001c0))
openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x60, 0x30, 0x1, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x804}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
sendmsg$BATADV_CMD_GET_DAT_CACHE(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x14, r1, 0x305, 0x0, 0x0, {0x7}}, 0x14}}, 0x24044080)
sendmsg$BATADV_CMD_GET_HARDIF(r0, &(0x7f0000000480)={&(0x7f0000000340)={0x10, 0x0, 0x0, 0x8000400}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40}, 0x0)
getpid()
socketpair$unix(0x1, 0x2, 0x0, 0x0)
connect$unix(0xffffffffffffffff, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x400000000000041, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x0, 0x0, &(0x7f0000000180)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x48, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94)
socket$inet6_udp(0xa, 0x2, 0x0)
add_key$user(&(0x7f0000000380), &(0x7f0000000000)={'syz', 0x0}, &(0x7f0000000580)='X', 0x1, 0xfffffffffffffffe)
openat(0xffffffffffffff9c, &(0x7f0000000500)='.\x00', 0x0, 0x0)
landlock_create_ruleset(&(0x7f0000000140)={0x2000}, 0x10, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000080)={0x0, 0xa, &(0x7f00000000c0)={&(0x7f00000001c0)={0x58, 0x2, 0x6, 0x801, 0x0, 0x0, {0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_TIMEOUT={0x8, 0x6, 0x1, 0x0, 0xbcc6}]}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:net,net\x00'}, @IPSET_ATTR_REVISION={0x5}]}, 0x58}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000580)={0x44, 0x9, 0x6, 0x201, 0x0, 0x0, {0x3}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x1c, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}, @IPSET_ATTR_IP2={0xc, 0x14, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @remote}}]}]}, 0x44}, 0x1, 0x0, 0x0, 0xd24f4d5778621d46}, 0x4)

2.114512161s ago: executing program 6 (id=2168):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000580)={0x1ff, 0x0, 0x0, 0x1000, &(0x7f0000456000/0x1000)=nil})
ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000080000024d564b000000eccd"])
close_range(r0, 0xffffffffffffffff, 0x10000000000000)

2.114040691s ago: executing program 4 (id=2169):
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0xea, 0x2, 0x0, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0xffffffd}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}, 0x1, 0x0, 0x0, 0x40000}, 0x44080)
r3 = syz_open_procfs(0x0, &(0x7f0000000200)='fd/3\x00')
getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000140)={<r4=>0x0, 0xb}, 0x0)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r3, 0x84, 0x77, &(0x7f00000001c0)={r4, 0x8001, 0x1, [0x4]}, 0xa)
sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000002c0)=@newqdisc={0x5c, 0x24, 0xd0f, 0x70bd29, 0x25dfdbfd, {0x60, 0x0, 0x0, r2, {0x0, 0xe}, {0xffe0, 0xa}, {0x1, 0x10}}, [@qdisc_kind_options=@q_cake={{0x9}, {0x2c, 0x2, [@TCA_CAKE_NAT={0x8, 0xb, 0x1}, @TCA_CAKE_AUTORATE={0x8, 0x9, 0x8000000}, @TCA_CAKE_ATM={0x8, 0x4, 0x5a9ed701c8b6e599}, @TCA_CAKE_NAT={0x8}, @TCA_CAKE_ATM={0x8, 0x4, 0x1}]}}]}, 0x5c}, 0x1, 0x0, 0x0, 0x55}, 0x4000)
r5 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r5, &(0x7f0000000000)={0xa, 0x3, 0x0, @loopback}, 0x1c)
connect$inet6(r5, &(0x7f0000000040)={0xa, 0x3, 0x7, @loopback, 0x800000}, 0x1c)

2.038134033s ago: executing program 3 (id=2170):
r0 = socket$kcm(0x10, 0x400000002, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket(0x400000000010, 0x3, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000003c0)={'syzkaller0\x00', <r4=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f00000012c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=@newqdisc={0x44, 0x24, 0x4ee4e6a52ff56541, 0x70bd27, 0xffffffff, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_hfsc={{0x9}, {0x14, 0x2, @TCA_HFSC_FSC={0x10, 0x2, {0x7, 0x2, 0x7}}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4040001}, 0x0)
sendmsg$nl_route_sched(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000020c0)=@newtfilter={0x40, 0x2c, 0xd27, 0x30bd29, 0x259fdbfd, {0x0, 0x0, 0x0, r4, {0xfff0, 0xe}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0xc, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0xfff3, 0x3}}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x10}, 0x0)
r5 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=@newtfilter={0x24, 0x2c, 0xd27, 0x30bd29, 0x21dfdbfc, {0x0, 0x0, 0x0, r6, {0x0, 0xf}, {}, {0x7}}}, 0x24}, 0x1, 0x0, 0x0, 0x24000014}, 0x200c4004)
sendmsg$inet(r0, &(0x7f0000000100)={0x0, 0x2, &(0x7f0000000080)=[{&(0x7f0000000140)="600000002e000d190a762d7f089e", 0xfca2}, {&(0x7f0000000280)="68cabf2dfb58fc0a1d6b689866f05d490d010088a8ffff0200258f2e4409b8f9e6aaeb88bea123dc2c6726e89b1ae2f6e8bcb5ee52dcd7298d39093c510293bca0b646a3ce904f6e6b788b3204c233e60ddc", 0x52}], 0x2}, 0x0)

1.987898234s ago: executing program 6 (id=2171):
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r2=>0x0})
sendto$packet(r0, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dd", 0xe, 0x0, &(0x7f0000000140)={0x11, 0x15, r2, 0x1, 0x0, 0x6, @remote}, 0x14)

1.898053905s ago: executing program 6 (id=2172):
r0 = socket$l2tp(0x2, 0x2, 0x73)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10)
connect$inet(r0, &(0x7f0000000200)={0x2, 0x4e22, @local}, 0x10)
r1 = socket$l2tp(0x2, 0x2, 0x73)
bind$inet(r1, &(0x7f0000000000)={0x2, 0x0, @multicast1}, 0x10)

1.897449875s ago: executing program 3 (id=2173):
r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x1, 0x0)
syz_open_dev$sndpcmp(&(0x7f00000000c0), 0x1ff, 0x40240)
ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc4c85512, &(0x7f0000000540)={{0x3, 0x3, 0x0, 0x462b, 'syz0\x00'}, 0x0, [0x0, 0x0, 0x800000000000000, 0x0, 0xfffffffffffffffd, 0xfffffffffffffffb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x6, 0x0, 0x0, 0x2, 0x0, 0x0, 0xa8, 0xfffffffffffffff7, 0x0, 0x91f5, 0x0, 0x4000000000000000, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x10001, 0xfffffffffffffffc, 0x10006, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0xfffffffffffffffc, 0xfffffffffffffffd, 0x0, 0x3, 0x9, 0x0, 0x0, 0xa9d5, 0x0, 0x0, 0x5, 0x20000000000000, 0x0, 0xf, 0x0, 0xfffffffffffffffd, 0xfeb7, 0x0, 0x0, 0x4000000000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000, 0x9, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x8, 0x2, 0x1000, 0xe0a5, 0x0, 0x7, 0x7, 0x1002, 0x400000, 0x800000, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x5, 0x1, 0x8, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x80000000, 0x73fb, 0x0, 0x0, 0x0, 0x2, 0xb7a8, 0xff, 0x0, 0xfffffffffffffffc]})

1.876161146s ago: executing program 6 (id=2174):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0)
sendmsg$NL80211_CMD_SET_BSS(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x24, r2, 0x1, 0x70bd2a, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_BSS_SHORT_SLOT_TIME={0x5, 0x1e, 0x9}]}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x884)

1.844020236s ago: executing program 3 (id=2175):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_GET_MSRS_cpu(r2, 0xc008ae88, &(0x7f0000000100)={0x1, 0x0, [{0xd90, 0x0, 0xfffffffffffffff9}]})

1.778040187s ago: executing program 6 (id=2176):
r0 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', <r1=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000004c0)=@newqdisc={0x38, 0x24, 0xd0f, 0x3, 0x0, {0x60, 0x0, 0x0, r1, {0x0, 0xe}, {0xffff, 0xffff}, {0x1}}, [@qdisc_kind_options=@q_skbprio={{0xc}, {0x8, 0x2, 0x4}}]}, 0x38}, 0x1, 0x0, 0x0, 0x40001d4}, 0x8840)

1.774454058s ago: executing program 3 (id=2177):
open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
syz_io_uring_submit(0x0, 0x0, 0x0)
io_uring_enter(0xffffffffffffffff, 0x4d10, 0x2, 0x2, 0x0, 0x0)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1)
r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x51, 0x0, 0x0)
timer_settime(0x0, 0x1, &(0x7f0000000640)={{}, {0x0, 0x3938700}}, 0x0)
ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0)
socket(0xa, 0x2, 0x0)
r1 = socket$kcm(0x2, 0x200000000000001, 0x106)
sendmsg$inet(r1, &(0x7f0000000080)={&(0x7f00000000c0)={0x2, 0x4001, @local}, 0x10, 0x0}, 0x30004001)
sendmsg(r1, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000780)="a9", 0xfffffdef}], 0x11}, 0x0)

1.732667898s ago: executing program 6 (id=2178):
syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0)
r0 = syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042)
r1 = syz_usb_connect$cdc_ncm(0x3, 0x6e, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0x0, 0x0, 0x0, 0x20}, {0x6, 0x24, 0x1a, 0x3}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0xfd}}, {{0x9, 0x5, 0x3, 0x2, 0x40}}}}}}}]}}, 0x0)
pwritev2(0xffffffffffffffff, 0x0, 0x0, 0xfffff, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0)
r2 = dup(r0)
ioctl$HIDIOCGRAWNAME(r2, 0x80404804, &(0x7f0000000340))

1.708686979s ago: executing program 3 (id=2179):
r0 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0)
syz_usb_disconnect(r0)
r1 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x200)
syz_usb_disconnect(r1)
syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1e71, 0x200f, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
ioctl$EVIOCRMFF(r1, 0x4004550d, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000480)={0x44, &(0x7f0000000200)=ANY=[@ANYBLOB="40f4ff"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
read$char_usb(r2, 0x0, 0x0)

1.343934646s ago: executing program 5 (id=2185):
select(0x0, 0x0, 0x0, 0x0, 0x0)
syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYBLOB="040effff2820"], 0x67)

1.206069128s ago: executing program 4 (id=2186):
socket$inet_icmp_raw(0x2, 0x3, 0x1)
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_emit_ethernet(0x46, &(0x7f0000000200)={@link_local={0x3}, @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0x0, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @dev={0xac, 0x14, 0x14, 0x2a}, @empty}, "00186371ae9b1c03"}}}}}, 0x0)

1.205741648s ago: executing program 4 (id=2187):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r0, &(0x7f0000000a40)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f00000002c0)="5c5eaf", 0x3}], 0x1}}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f0000000b40)="5604b1f93280601007f1bfc8446f785300fcfc78c557b8e530dc9f84187a0dd96c1488a0a665ec777782588791c4fd3b0443cd5bde128419bfe468e7760112d01b2746540dc8a0e9087bde26b530a321fd36ffcbeddbc482d96b9f47e195afe70b764b941e9590c8cfb377d923", 0x6d}, {&(0x7f0000001a80)="d61f2c7a6ddbff16a09972b62284a63c170b9a6ec5cd29dfa047b76a9a0eeb4055c9dd2244e47c59e557c459c397cd02eb261fc7d521b1f2e95c3ce17726db0d3236a6d3b52d3f066554d84292329c8a6f034ff8d85d61dcf7ae508c5925903fb1feb7d07fe481313ad476131cf19514d6c77835e9cf82df2f153d9b82985da3e260fc6942d18345ac61b2958886a77e2a2726097d1888a25bee0fdec661520a057f8559f17e462bdf938f7f2303447bfaa744d3891372a825c63e83ff21650af922eaac39ab491cec071d31eebd6526d7a8ddd052d30beb962aeca814ad530c1413e502b92f3e51eaf75ec5b595b19e4945a1a821a8c47f804465f9e04d0ec9aff13036fe4f3a56b324e9ea795cc89d0f30433f3fa8aa7cc4dd93197840d644c6e48329c266316227ea917708cde40163a6b092d3c722a71e9f21255315cb87a74916d56da0479e7e8865b289fc8095a8477e7fee5eda0c55ec6d53c7aac85f6171717935832962f6db7889683497f3f5a4aa6c6af16908cc4c853536c4f624a75cae053c053f8490c028c15bf043adf4729306a4069324be546a83f71c16a15b86f1d6cb5505808acf055c982dfb14eaaa45b139ccc18952a1c1cbde3bb0d4882d72aa508b511b9a3e2b1a11b96aa29650279ca66b2ba92df4f9dcfa322ddd79d8a4da49182ac4d0c7078b2c2c2860e680276da35f952bc9627ab64d475aaeda4e896f04ffbb48983f29cee0574f219acb18778a0b17db40bca0c7102e8d6cbe0d66420a2d836efe9d4932605ad6852bd15bcfbee0fbc22bf79d08512bb8e4ef67004391f17b9723bd61bca96a861833bd415fafb468a205feb866aeaf0057b5d4c2eb5bed757aa6c8a38fd86de6e06bfce036465e63c9a9ae4512985474edbcd3c7ef50e74b4f6091a649cd04c6e14bc7238327edf829e0cca29fe837fd76e49b464933e40cf9799696fdb694a785a4aa7fc9342d32fd2fda5c5f81286dad13a17ac495bafefc5ec9b5ddbd744f879c00635c79d26b8131d7daadb26e5c4d0293ba696d29b1d80be0898263a1b157049fe222f2d2ba85b2dfa5cded7e372edf6bda18ecea8a75be58e19dba91c255561e21128277a8e00fd7c329ef4662494485775223d42803e25eed8f85765465159cdeb91515181a98eb465ddfb367ea9810d414fefc32e6b989bc539e02ca0129911022ec5670fbdc88b7420ab833350964f440aee90b1cc7", 0x369}], 0x2}}], 0x2, 0x0)
sendto$inet(r0, &(0x7f0000000580)="17", 0x59a, 0x10008095, 0x0, 0x0)

603.165809ms ago: executing program 1 (id=2188):
r0 = socket$kcm(0x2, 0x3, 0x84)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', <r2=>0x0})
sendmsg$inet(r0, &(0x7f0000001000)={&(0x7f0000000000)={0x2, 0x0, @multicast2}, 0x10, 0x0, 0x0, &(0x7f00000005c0)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @local, @loopback}}}], 0x20}, 0x0)

559.17029ms ago: executing program 1 (id=2189):
r0 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000007, 0x38011, r1, 0x0)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_REG(r2, 0x0, 0x400c810)
sendfile(r1, r1, 0x0, 0x40008)

418.170703ms ago: executing program 5 (id=2190):
r0 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0)
ioctl$VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x201, 0xa, 0x1})
r1 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
pselect6(0xfffffffffffffeab, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000280), 0x8})
ioctl$VIDIOC_REQBUFS(r1, 0xc0585609, &(0x7f0000000280)={0x0, 0xa})

391.030243ms ago: executing program 5 (id=2191):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000002100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a5c000000090a010400000000000000000a0000040900010073797a310000000008000540000000040900020073797a310000000008000a40fffffffc200011800e000100636f6e6e6c696d69740000000c00028008000140fffff27414000000110001"], 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40)
syz_emit_ethernet(0xd2, &(0x7f0000000d00)=ANY=[@ANYBLOB="0180c2000000ffffffffffff86dd6000000000071100fe8000000000000000000000000000bbff02000000000000000000000000000100000e22009c90"], 0x0)

324.179305ms ago: executing program 5 (id=2192):
socket$pppl2tp(0x18, 0x1, 0x1)
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0xfffe, 0x0, @loopback}, 0x1c)
r1 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0xbd84, 0x0, 0x1, 0x12d}, &(0x7f0000000100)=<r2=>0x0, &(0x7f0000000640)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2f, 0x8, 0x0, 0x4}]}, 0x10)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
socket$packet(0x11, 0x3, 0x300)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_MADVISE={0x19, 0x7b, 0x0, 0x0, 0x0, &(0x7f0000011000/0x4000)=nil, 0x4000, 0xc})
io_uring_enter(r1, 0x22d2, 0x20, 0x41, 0x0, 0x0)

258.120466ms ago: executing program 4 (id=2193):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000004c0)='dctcp\x00', 0x6)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x7, 0x0, 0x0)
sendto$inet6(r0, 0x0, 0x0, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x3}, 0x1c)
mmap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x3000000, 0x20010, r0, 0x8ccc1000)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='bbr\x00', 0x4)
shutdown(r0, 0x1)

257.793766ms ago: executing program 1 (id=2194):
r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000080)={0x0, 0x0})
ioctl$KVM_SET_XCRS(r3, 0x4188aea7, &(0x7f0000000140)={0x1, 0x0, [{0x0, 0x0, 0x7}, {0x3, 0x0, 0x101}, {0x0, 0x0, 0xfffffffffffffffd}, {}, {}, {}, {}, {0x1}, {}, {0x0, 0x0, 0x5}, {}, {0xffffffff}]})

225.286447ms ago: executing program 5 (id=2195):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=@newtfilter={0x70, 0x2c, 0xd27, 0x70bd28, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0xfff3, 0x7}, {}, {0xa, 0x1}}, [@filter_kind_options=@f_cgroup={{0xb}, {0x40, 0x2, [@TCA_CGROUP_EMATCHES={0x3c, 0x3, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x6}}, @TCA_EMATCH_TREE_LIST={0x30, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x2c, 0x1, 0x0, 0x0, {{0xe38, 0x9, 0x4}, [@TCA_EM_IPT_MATCH_DATA={0x4}, @TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0xa}, @TCA_EM_IPT_HOOK={0x8, 0x1, 0xd8dd4394b91ab031}]}}]}]}]}}]}, 0x70}, 0x1, 0x0, 0x0, 0x80}, 0x40010)

174.228197ms ago: executing program 4 (id=2196):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0xc00)
sendmsg$NFT_MSG_GETSET(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000c80)={0x20, 0xa, 0xa, 0x201, 0x0, 0x0, {0xa, 0x0, 0x9}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x24048014}, 0x4000)

70.020709ms ago: executing program 4 (id=2197):
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
close(r0)
r1 = socket$inet6_mptcp(0xa, 0x1, 0x106)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c)
listen(r1, 0xfffffffc)
r2 = socket$inet_mptcp(0x2, 0x1, 0x106)
connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
read$FUSE(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r3, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={0x30, r4, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @rand_addr=0x64010102}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x6}]}]}, 0x30}, 0x1, 0x0, 0x0, 0xaa34a4cfdf933201}, 0x10)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff)
sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0x28, r6, 0x1, 0x0, 0x0, {0x7}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1a}]}]}, 0x28}}, 0x0)

53.94595ms ago: executing program 5 (id=2198):
r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000140)='/dev/comedi4\x00', 0x181021, 0x0)
ioctl$COMEDI_INSNLIST(r0, 0x8010640b, &(0x7f0000000000)={0xfffffffffffffee6, 0x0})

0s ago: executing program 1 (id=2199):
sendmsg$TIPC_NL_MON_SET(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x800000}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x2)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0)
bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x11}, 0x4, 0x1}, 0xe)
syz_emit_ethernet(0x46, &(0x7f00000001c0)=ANY=[], 0x0)
listen(r0, 0x90004)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c90001"], 0x16)
syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
accept4(r0, 0x0, 0x0, 0x0)

kernel console output (not intermixed with test programs):

c000003e syscall=202 compat=0 ip=0x7ff0dd56d9a9 code=0x7ffc0000
[  671.400276][ T4358] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  671.668216][   T26] audit: type=1326 audit(1753558491.668:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10393 comm="syz.1.1564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=242 compat=0 ip=0x7ff0dd56d9a9 code=0x7ffc0000
[  671.729523][ T8936] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  671.750814][ T8936] usb 4-1: can't set config #4, error -71
[  671.770616][ T8936] usb 4-1: USB disconnect, device number 32
[  671.788359][   T26] audit: type=1326 audit(1753558491.668:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10393 comm="syz.1.1564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0dd56d9a9 code=0x7ffc0000
[  671.790347][ T4358] usb 7-1: config 4 has too many interfaces: 196, using maximum allowed: 32
[  671.811379][   T26] audit: type=1326 audit(1753558491.668:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10393 comm="syz.1.1564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0dd56d9a9 code=0x7ffc0000
[  671.848405][   T26] audit: type=1326 audit(1753558491.668:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10393 comm="syz.1.1564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7ff0dd56d9a9 code=0x7ffc0000
[  671.888641][   T26] audit: type=1326 audit(1753558491.678:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10393 comm="syz.1.1564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0dd56d9a9 code=0x7ffc0000
[  671.920368][ T4358] usb 7-1: config 4 has 1 interface, different from the descriptor's value: 196
[  672.033022][T10427] loop4: detected capacity change from 0 to 128
[  672.122855][T10432] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1568'.
[  672.126889][T10427] EXT4-fs (loop4): mounted filesystem without journal. Opts: usrjquota=,bsddf,,errors=continue. Quota mode: none.
[  672.132648][T10432] netlink: 28 bytes leftover after parsing attributes in process `syz.5.1568'.
[  672.180334][ T8936] usb 4-1: new full-speed USB device number 33 using dummy_hcd
[  672.189873][ T4358] usb 7-1: New USB device found, idVendor=0cf3, idProduct=7010, bcdDevice=92.9f
[  672.197457][T10427] ext4 filesystem being mounted at /332/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  672.218046][ T4358] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  672.247451][ T4358] usb 7-1: Product: syz
[  672.278192][ T4358] usb 7-1: Manufacturer: syz
[  672.285613][ T7094] udevd[7094]: incorrect jbd checksum on /dev/loop4
[  672.310656][ T9645] attempt to access beyond end of device
[  672.310656][ T9645] loop6: rw=2049, want=45128, limit=40427
[  672.341912][ T4358] usb 7-1: can't set config #4, error -71
[  672.383987][ T4358] usb 7-1: USB disconnect, device number 6
[  672.600334][ T8936] usb 4-1: config 0 has an invalid interface number: 170 but max is 0
[  672.610868][ T8936] usb 4-1: config 0 has no interface number 0
[  672.627402][ T8936] usb 4-1: config 0 interface 170 has no altsetting 0
[  672.644540][ T8936] usb 4-1: New USB device found, idVendor=c383, idProduct=abd3, bcdDevice=60.bf
[  672.658130][ T8936] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  672.900186][ T8936] usb 4-1: config 0 descriptor??
[  673.166911][ T8936] usb 4-1: bad CDC descriptors
[  673.198257][ T8936] usb 4-1: bad CDC descriptors
[  675.106034][T10467] loop4: detected capacity change from 0 to 128
[  675.138602][T10410] loop3: detected capacity change from 0 to 4096
[  675.285122][T10465] loop5: detected capacity change from 0 to 4096
[  675.314898][T10467] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  675.618627][T10476] loop6: detected capacity change from 0 to 4096
[  675.632193][T10467] ext4 filesystem being mounted at /335/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  675.717126][T10476] __ntfs_error: 4 callbacks suppressed
[  675.717163][T10476] ntfs: (device loop6): parse_options(): Unrecognized mount option ^£Üب'
[  675.717163][T10476] .
[  675.736449][T10465] ntfs: (device loop5): ntfs_is_extended_system_file(): Non-resident file name. You should run chkdsk.
[  675.736498][T10465] ntfs: (device loop5): ntfs_read_locked_inode(): $DATA attribute is missing.
[  675.736586][T10465] ntfs: (device loop5): ntfs_read_locked_inode(): Failed with error code -2.  Marking corrupt inode 0x1 as bad.  Run chkdsk.
[  675.736740][T10465] ntfs: (device loop5): load_system_files(): Failed to load $MFTMirr.  Will not be able to remount read-write.  Run ntfsfix and/or chkdsk.
[  676.101905][T10465] ntfs: volume version 3.1.
[  676.268701][T10482] netlink: 164 bytes leftover after parsing attributes in process `syz.6.1577'.
[  676.901713][T10491] loop4: detected capacity change from 0 to 4096
[  676.954236][T10251] usb 4-1: USB disconnect, device number 33
[  677.046241][T10491] ntfs: (device loop4): check_mft_mirror(): $MFT and $MFTMirr (record 1) do not match.  Run ntfsfix or chkdsk.
[  677.067315][ T4358] usb 2-1: new high-speed USB device number 43 using dummy_hcd
[  677.154274][T10491] ntfs: (device loop4): load_system_files(): $MFTMirr does not match $MFT.  Mounting read-only.  Run ntfsfix and/or chkdsk.
[  677.255199][T10491] ntfs: (device loop4): ntfs_read_locked_inode(): First extent of $DATA attribute has non zero lowest_vcn.
[  677.299651][T10491] ntfs: (device loop4): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0xa as bad.  Run chkdsk.
[  677.321077][T10491] ntfs: (device loop4): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default.
[  677.333531][ T4358] usb 2-1: Using ep0 maxpacket: 32
[  677.348533][T10491] ntfs: volume version 3.1.
[  677.366138][T10509] lo speed is unknown, defaulting to 1000
[  677.366803][T10510] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1585'.
[  677.497645][ T4358] usb 2-1: unable to get BOS descriptor or descriptor too short
[  677.747469][ T4358] usb 2-1: New USB device found, idVendor=0471, idProduct=0302, bcdDevice=bc.45
[  677.768376][ T4358] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  677.817952][ T4358] usb 2-1: Product: syz
[  677.822173][ T4358] usb 2-1: Manufacturer: syz
[  677.941070][ T4358] usb 2-1: SerialNumber: syz
[  678.618821][T10535] loop5: detected capacity change from 0 to 1024
[  678.755766][T10535] EXT4-fs (loop5): Unrecognized mount option "nilfs2" or missing value
[  678.795295][T10542] loop6: detected capacity change from 0 to 1024
[  678.868817][ T4358] pwc: Philips PCA645VC USB webcam detected.
[  678.926499][ T4358] pwc: send_video_command error -71
[  678.931746][ T4358] pwc: Failed to set video mode CIF@30 fps; return code = -71
[  678.975064][ T4358] Philips webcam: probe of 2-1:7.0 failed with error -71
[  679.009332][T10542] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  679.050207][ T4358] usb 2-1: USB disconnect, device number 43
[  679.167271][T10538] loop5: detected capacity change from 0 to 2048
[  679.204448][T10554] loop3: detected capacity change from 0 to 1024
[  679.225555][T10538] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024)
[  679.337312][T10538] NILFS (loop5): mounting unchecked fs
[  679.347471][T10538] NILFS (loop5): invalid segment: Checksum error in segment payload
[  679.367021][T10538] NILFS (loop5): unable to fall back to spare super block
[  679.375922][T10554] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  679.406069][T10538] NILFS (loop5): error -22 while searching super root
[  679.782291][T10538] loop5: detected capacity change from 0 to 2048
[  679.889901][T10538] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024)
[  680.959001][T10575] loop6: detected capacity change from 0 to 32768
[  681.011157][T10575] (syz.6.1597,10575,1):ocfs2_fill_super:1177 ERROR: status = -22
[  681.177932][T10538] NILFS (loop5): mounting unchecked fs
[  681.275105][T10538] NILFS (loop5): invalid segment: Checksum error in segment payload
[  681.305231][T10538] NILFS (loop5): unable to fall back to spare super block
[  681.346392][T10538] NILFS (loop5): error -22 while searching super root
[  682.711260][T10589] loop4: detected capacity change from 0 to 8192
[  683.335756][T10589] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal
[  683.379410][T10589] REISERFS (device loop4): using journaled data mode
[  683.464152][T10589] reiserfs: using flush barriers
[  683.493616][T10579] loop3: detected capacity change from 0 to 32768
[  683.633987][T10589] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  683.652795][T10596] loop5: detected capacity change from 0 to 4096
[  683.715866][T10596] __ntfs_error: 9 callbacks suppressed
[  683.715884][T10596] ntfs: (device loop5): parse_options(): Unrecognized mount option  kB
[  683.715884][T10596] Private_Dirty:         0 kB
[  683.715884][T10596] Referenced:         1024 kB
[  683.715884][T10596] Anonymous:             0 kB
[  683.715884][T10596] LazyFree:              0 kB
[  683.715884][T10596] AnonHugePages:         0 kB
[  683.715884][T10596] ShmemPmdMapped:        0 kB
[  683.715884][T10596] FilePmdMapped:         0 kB
[  683.715884][T10596] Shared_Hugetlb:        0.
[  683.734352][T10589] REISERFS (device loop4): checking transaction log (loop4)
[  683.843727][T10589] REISERFS (device loop4): Using r5 hash to sort names
[  684.290301][T10589] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[  684.576390][T10589] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  684.913312][ T4246] usb 6-1: new high-speed USB device number 33 using dummy_hcd
[  685.398657][T10614] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[  685.414257][T10614] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[  685.433096][T10614] REISERFS warning (device loop4): sh-2029: %s: bitmap block (#%u) reading failed reiserfs_read_bitmap_block: reiserfs_read_bitmap_block
[  685.983264][ T1427] ieee802154 phy0 wpan0: encryption failed: -22
[  685.989628][ T1427] ieee802154 phy1 wpan1: encryption failed: -22
[  686.082768][ T4246] usb 6-1: device descriptor read/64, error -71
[  686.158961][T10617] loop3: detected capacity change from 0 to 64
[  686.203925][T10621] loop5: detected capacity change from 0 to 512
[  686.278483][T10621] EXT4-fs (loop5): mounting ext2 file system using the ext4 subsystem
[  686.607651][T10621] EXT4-fs (loop5): orphan cleanup on readonly fs
[  686.702948][ T7855] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  686.869432][T10621] EXT4-fs error (device loop5): ext4_orphan_get:1427: comm syz.5.1610: bad orphan inode 15
[  687.172463][T10621] ext4_test_bit(bit=14, block=18) = 1
[  687.244611][T10621] is_bad_inode(inode)=0
[  687.248898][T10621] NEXT_ORPHAN(inode)=1023
[  687.253418][T10621] max_ino=32
[  687.256635][T10621] i_nlink=0
[  687.267143][T10621] EXT4-fs error (device loop5): ext4_xattr_delete_inode:2941: inode #15: comm syz.5.1610: corrupted xattr block 19
[  687.300468][T10621] EXT4-fs warning (device loop5): ext4_evict_inode:302: xattr delete (err -117)
[  687.331524][T10621] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  687.384725][T10621] EXT4-fs error (device loop5): ext4_readdir:263: inode #2: block 3: comm syz.5.1610: path /144/éq‰Y’3aK: bad entry in directory: rec_len is smaller than minimal - offset=76, inode=0, rec_len=0, size=4096 fake=0
[  687.497684][T10645] loop6: detected capacity change from 0 to 256
[  689.231875][T10668] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  689.288236][T10668] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  689.321351][T10668] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  689.349070][T10656] loop4: detected capacity change from 0 to 8192
[  689.452695][T10641] loop1: detected capacity change from 0 to 32768
[  689.468380][T10668] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  690.515649][T10678] netlink: 8 bytes leftover after parsing attributes in process `syz.6.1625'.
[  690.520052][T10656] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal
[  690.569090][T10656] REISERFS (device loop4): using journaled data mode
[  690.576066][T10656] reiserfs: using flush barriers
[  690.601974][T10656] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  690.862488][T10656] REISERFS (device loop4): checking transaction log (loop4)
[  690.900083][T10656] REISERFS (device loop4): Using r5 hash to sort names
[  690.911578][T10656] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[  691.006738][T10656] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  691.045291][T10656] REISERFS error (device loop4): vs-7000 search_by_entry_key: search_by_key returned item position == 0
[  691.130206][ T4403] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  691.204966][T10656] REISERFS (device loop4): Remounting filesystem read-only
[  693.212284][T10695] loop5: detected capacity change from 0 to 32768
[  694.736313][T10695] (syz.5.1630,10695,1):ocfs2_fill_super:1177 ERROR: status = -22
[  694.768479][ T4403] usb 7-1: config 0 has an invalid interface number: 170 but max is 0
[  694.768511][ T4403] usb 7-1: config 0 has no interface number 0
[  694.768547][ T4403] usb 7-1: config 0 interface 170 altsetting 0 endpoint 0x3 has an invalid bInterval 31, changing to 7
[  694.768589][ T4403] usb 7-1: New USB device found, idVendor=07b0, idProduct=0007, bcdDevice=17.c6
[  694.768615][ T4403] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  694.770482][ T4403] usb 7-1: config 0 descriptor??
[  694.810839][ T4403] HFC-S_USB: probe of 7-1:0.170 failed with error -5
[  695.038699][T10706] loop3: detected capacity change from 0 to 512
[  695.083720][T10706] EXT4-fs (loop3): Mount option "noload" incompatible with ext2
[  695.326812][T10706] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (17031!=33349)
[  695.326922][T10706] EXT4-fs (loop3): group descriptors corrupted!
[  695.986705][ T5290] usb 7-1: USB disconnect, device number 7
[  696.083163][T10712] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1636'.
[  697.037019][T10731] loop6: detected capacity change from 0 to 1024
[  697.212599][T10731] EXT4-fs (loop6): mounted filesystem without journal. Opts: user_xattr,nodioread_nolock,,errors=continue. Quota mode: none.
[  697.275511][T10731] ext4 filesystem being mounted at /41/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  698.910543][T10726] loop4: detected capacity change from 0 to 32768
[  698.918588][T10742] loop6: detected capacity change from 0 to 64
[  698.958202][T10745] loop3: detected capacity change from 0 to 1024
[  698.973166][T10715] loop1: detected capacity change from 0 to 40427
[  699.083299][T10726] JBD2: Ignoring recovery information on journal
[  699.176495][T10726] JBD2: corrupted journal superblock
[  699.181940][T10726] JBD2: error -117 scanning journal
[  699.216711][T10726] (syz.4.1639,10726,1):ocfs2_journal_wipe:1154 ERROR: status = -117
[  699.262429][T10726] (syz.4.1639,10726,1):ocfs2_check_volume:2424 ERROR: status = -117
[  699.317167][T10726] (syz.4.1639,10726,1):ocfs2_check_volume:2493 ERROR: status = -117
[  699.376221][T10726] (syz.4.1639,10726,1):ocfs2_mount_volume:1824 ERROR: status = -117
[  699.426665][T10726] (syz.4.1639,10726,1):ocfs2_fill_super:1177 ERROR: status = -117
[  699.702877][T10755] loop6: detected capacity change from 0 to 2048
[  699.870376][T10755] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  700.275405][ T7853] hfsplus: b-tree write err: -5, ino 4
[  700.593411][T10763] loop4: detected capacity change from 0 to 4096
[  700.725579][T10769] loop5: detected capacity change from 0 to 8
[  700.770882][T10770] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  700.799522][   T26] audit: type=1800 audit(1753558522.343:59): pid=10763 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1651" name="bus" dev="loop4" ino=18 res=0 errno=0
[  700.893036][T10749] loop1: detected capacity change from 0 to 32768
[  700.905421][ T4246] usb 4-1: new high-speed USB device number 34 using dummy_hcd
[  702.075436][ T4246] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  702.623770][ T4246] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  702.685679][T10784] loop4: detected capacity change from 0 to 128
[  702.711461][ T4246] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  702.732638][ T4246] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  702.750903][ T4246] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  702.787471][T10789] loop1: detected capacity change from 0 to 64
[  702.798930][T10784] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  702.828948][T10784] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  703.143796][ T5290] usb 6-1: new high-speed USB device number 35 using dummy_hcd
[  703.144422][ T4246] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  703.213380][ T4246] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  703.474267][ T5290] usb 6-1: Using ep0 maxpacket: 32
[  703.634859][ T5290] usb 6-1: config 4 has an invalid interface number: 161 but max is 0
[  703.840814][ T5290] usb 6-1: config 4 has an invalid interface number: 62 but max is 0
[  703.890568][ T5290] usb 6-1: config 4 descriptor has 1 excess byte, ignoring
[  703.933206][ T4246] usb 4-1: Product: syz
[  703.938322][ T4246] usb 4-1: Manufacturer: syz
[  703.974330][ T4246] usb 4-1: can't set config #1, error -71
[  703.975118][ T5290] usb 6-1: config 4 has 2 interfaces, different from the descriptor's value: 1
[  703.986330][ T4246] usb 4-1: USB disconnect, device number 34
[  704.044965][ T5290] usb 6-1: config 4 has no interface number 0
[  704.068377][ T5290] usb 6-1: config 4 has no interface number 1
[  704.083397][ T5290] usb 6-1: config 4 interface 161 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2
[  704.154624][ T5290] usb 6-1: too many endpoints for config 4 interface 62 altsetting 67: 144, using maximum allowed: 30
[  704.194484][ T5290] usb 6-1: config 4 interface 62 altsetting 67 has 0 endpoint descriptors, different from the interface descriptor's value: 144
[  704.216900][ T5290] usb 6-1: config 4 interface 62 has no altsetting 0
[  704.383987][ T5290] usb 6-1: New USB device found, idVendor=1235, idProduct=0018, bcdDevice=aa.71
[  704.406947][ T5290] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  704.471376][ T5290] usb 6-1: Product: syz
[  704.574691][ T5290] usb 6-1: Manufacturer: syz
[  704.594017][ T5290] usb 6-1: SerialNumber: syz
[  705.543657][ T5290] usb 6-1: USB disconnect, device number 35
[  705.574422][T10821] loop5: detected capacity change from 0 to 4096
[  705.759912][T10825] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  705.771978][T10826] loop1: detected capacity change from 0 to 1
[  705.794002][   T26] audit: type=1800 audit(1753558527.346:60): pid=10821 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1672" name="bus" dev="loop5" ino=18 res=0 errno=0
[  705.821384][ T7094] udevd[7094]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:4.161/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  707.048200][T10842] usb usb7: usbfs: process 10842 (syz.3.1680) did not claim interface 0 before use
[  707.102859][ T4239] usb 6-1: new high-speed USB device number 36 using dummy_hcd
[  707.112192][ T5290] usb 2-1: new high-speed USB device number 44 using dummy_hcd
[  707.141242][T10843] loop6: detected capacity change from 0 to 4096
[  707.357183][ T4239] usb 6-1: Using ep0 maxpacket: 8
[  707.650295][T10843] ntfs3: loop6: Different NTFS' sector size (1024) and media sector size (512)
[  707.733212][ T5290] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  707.790372][ T5290] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  708.167483][ T5290] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  708.176582][ T5290] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  708.188407][ T5290] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  708.257710][ T4239] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8D has invalid maxpacket 3
[  708.268791][ T4239] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  708.279550][ T4239] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  708.304903][ T4239] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  708.322490][ T5290] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  708.344857][ T4239] usb 6-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58
[  708.352513][ T5290] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  708.381290][ T4239] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  708.391096][ T5290] usb 2-1: Product: syz
[  708.416791][ T5290] usb 2-1: Manufacturer: syz
[  708.453831][T10849] ntfs3: loop6: ino=1e, "file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" failed to undo rename
[  708.513279][ T5290] cdc_wdm 2-1:1.0: skipping garbage
[  708.520290][ T5290] cdc_wdm 2-1:1.0: skipping garbage
[  708.598812][ T5290] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  708.625440][ T5290] cdc_wdm 2-1:1.0: Unknown control protocol
[  708.719068][ T5290] usb 2-1: USB disconnect, device number 44
[  708.731351][    C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71
[  708.737986][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes
[  708.744069][    C1] cdc_wdm 2-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  708.762364][ T4239] usb 6-1: config 0 descriptor??
[  708.781643][T10837] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  708.922302][T10833] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1678'.
[  710.133539][T10856] loop6: detected capacity change from 0 to 256
[  710.263812][T10856] exfat: Bad value for 'gid'
[  710.566224][ T4239] usb 6-1: USB disconnect, device number 36
[  711.098388][T10860] FAULT_INJECTION: forcing a failure.
[  711.098388][T10860] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  711.152755][T10856] loop6: detected capacity change from 0 to 8
[  711.162239][T10860] CPU: 1 PID: 10860 Comm: syz.1.1685 Not tainted 5.15.189-syzkaller #0
[  711.170522][T10860] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  711.180685][T10860] Call Trace:
[  711.183985][T10860]  <TASK>
[  711.186936][T10860]  dump_stack_lvl+0x168/0x230
[  711.191644][T10860]  ? show_regs_print_info+0x20/0x20
[  711.196871][T10860]  ? load_image+0x3b0/0x3b0
[  711.201412][T10860]  ? __lock_acquire+0x7c60/0x7c60
[  711.206464][T10860]  should_fail+0x38c/0x4c0
[  711.210904][T10860]  _copy_to_user+0x2e/0x130
[  711.215428][T10860]  simple_read_from_buffer+0xe3/0x150
[  711.220827][T10860]  proc_fail_nth_read+0x19a/0x210
[  711.225881][T10860]  ? proc_fault_inject_write+0x2f0/0x2f0
[  711.231545][T10860]  ? fsnotify_perm+0x254/0x560
[  711.236336][T10860]  ? proc_fault_inject_write+0x2f0/0x2f0
[  711.241996][T10860]  vfs_read+0x2f6/0xcf0
[  711.246182][T10860]  ? kernel_read+0x1e0/0x1e0
[  711.250792][T10860]  ? preempt_schedule_irq+0xd0/0x150
[  711.256111][T10860]  ? __fget_files+0x40f/0x480
[  711.260821][T10860]  ? mutex_lock_nested+0x17/0x20
[  711.265768][T10860]  ? __fdget_pos+0x2bf/0x370
[  711.270368][T10860]  ? ksys_read+0x71/0x250
[  711.274701][T10860]  ksys_read+0x14d/0x250
[  711.279037][T10860]  ? vfs_write+0xd00/0xd00
[  711.283457][T10860]  ? syscall_enter_from_user_mode+0x2a/0x70
[  711.289360][T10860]  do_syscall_64+0x4c/0xa0
[  711.293781][T10860]  ? clear_bhb_loop+0x30/0x80
[  711.298458][T10860]  ? clear_bhb_loop+0x30/0x80
[  711.303147][T10860]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  711.309051][T10860] RIP: 0033:0x7ff0dd56c3bc
[  711.313475][T10860] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48
[  711.333087][T10860] RSP: 002b:00007ff0db3d5030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000
[  711.341513][T10860] RAX: ffffffffffffffda RBX: 00007ff0dd794fa0 RCX: 00007ff0dd56c3bc
[  711.349487][T10860] RDX: 000000000000000f RSI: 00007ff0db3d50a0 RDI: 0000000000000003
[  711.357470][T10860] RBP: 00007ff0db3d5090 R08: 0000000000000000 R09: 0000000000000000
[  711.365445][T10860] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  711.373426][T10860] R13: 0000000000000001 R14: 00007ff0dd794fa0 R15: 00007ffc3769cec8
[  711.381422][T10860]  </TASK>
[  711.407837][T10856] SQUASHFS error: zlib decompression failed, data probably corrupt
[  711.453165][T10856] SQUASHFS error: Failed to read block 0x9b: -5
[  711.517472][T10856] SQUASHFS error: Unable to read metadata cache entry [99]
[  711.629402][T10856] SQUASHFS error: Unable to read inode 0x127
[  712.869336][ T4403] usb 2-1: new high-speed USB device number 45 using dummy_hcd
[  713.168576][T10888] loop5: detected capacity change from 0 to 64
[  713.244641][T10864] loop4: detected capacity change from 0 to 32768
[  713.415852][T10864] XFS (loop4): Mounting V5 Filesystem
[  713.519177][ T4403] usb 2-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  713.537825][ T4403] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  713.611758][T10898] loop6: detected capacity change from 0 to 64
[  713.638517][ T4403] usb 2-1: Product: syz
[  713.658626][ T4403] usb 2-1: Manufacturer: syz
[  713.680029][ T4403] usb 2-1: SerialNumber: syz
[  713.766411][ T4403] usb 2-1: config 0 descriptor??
[  713.887448][T10884] loop3: detected capacity change from 0 to 40427
[  713.903587][ T4403] i2c-tiny-usb 2-1:0.0: version 6d.cc found at bus 002 address 045
[  714.087684][T10864] XFS (loop4): Ending clean mount
[  714.103650][T10884] F2FS-fs (loop3): build fault injection attr: rate: 771, type: 0x1ffff
[  714.196707][T10881] udc-core: couldn't find an available UDC or it's busy
[  714.316221][T10881] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  714.346567][T10864] XFS (loop4): Quotacheck needed: Please wait.
[  714.356380][T10884] F2FS-fs (loop3): invalid crc value
[  714.513196][T10884] F2FS-fs (loop3): Found nat_bits in checkpoint
[  714.519648][ T4403]  (null): failure setting delay to 10us
[  714.525399][ T4403] i2c-tiny-usb: probe of 2-1:0.0 failed with error -5
[  714.589560][ T4403] usb 2-1: USB disconnect, device number 45
[  714.678843][T10864] XFS (loop4): Quotacheck: Done.
[  714.760853][T10884] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  714.789464][ T4182] XFS (loop4): Unmounting Filesystem
[  714.967696][T10884] attempt to access beyond end of device
[  714.967696][T10884] loop3: rw=0, want=45072, limit=40427
[  715.180687][T10914] loop6: detected capacity change from 0 to 8192
[  715.196933][T10918] fuse: Unknown parameter ''
[  715.225950][T10914] REISERFS (device loop6): found reiserfs format "3.6" with non-standard journal
[  715.320768][T10914] REISERFS (device loop6): using ordered data mode
[  715.327416][T10914] reiserfs: using flush barriers
[  715.373506][T10922] loop4: detected capacity change from 0 to 2048
[  715.393165][T10909] loop5: detected capacity change from 0 to 32768
[  715.399818][T10914] REISERFS (device loop6): journal params: device loop6, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  715.417155][T10914] REISERFS (device loop6): checking transaction log (loop6)
[  715.440328][T10922] NILFS (loop4): invalid segment: Inconsistency found
[  715.441066][T10914] REISERFS (device loop6): Using r5 hash to sort names
[  715.448447][T10922] NILFS (loop4): trying rollback from an earlier position
[  715.502227][T10914] REISERFS warning (device loop6): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[  715.536991][T10914] REISERFS (device loop6): Created .reiserfs_priv - reserved for xattr storage.
[  715.543689][T10922] NILFS (loop4): recovery complete
[  715.568981][T10909] ocfs2: Mounting device (7,5) on (node local, slot 0) with writeback data mode.
[  715.636388][  T144] (kworker/u4:1,144,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #72: rec_len % 4 != 0 - offset=16, inode=66, rec_len=491, name_len=2
[  715.653120][   T26] audit: type=1800 audit(1753558537.201:61): pid=10925 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1702" name="bus" dev="loop6" ino=5 res=0 errno=0
[  715.658240][T10914] REISERFS warning (device loop6): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[  715.725769][T10927] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  716.046057][T10914] REISERFS warning (device loop6): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[  716.400841][ T4403] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  716.437098][ T4191] attempt to access beyond end of device
[  716.437098][ T4191] loop3: rw=2049, want=45112, limit=40427
[  716.497602][ T4239] usb 2-1: new high-speed USB device number 46 using dummy_hcd
[  716.767475][ T4239] usb 2-1: Using ep0 maxpacket: 32
[  716.787677][ T4403] usb 7-1: New USB device found, idVendor=03f0, idProduct=4002, bcdDevice= 0.01
[  716.845127][ T4403] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  716.897674][ T4239] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  717.057529][ T4403] usb 7-1: config 0 descriptor??
[  717.117575][ T4239] usb 2-1: New USB device found, idVendor=1630, idProduct=0042, bcdDevice=5b.13
[  717.174149][ T4239] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  717.208268][ T4403] usb-storage 7-1:0.0: USB Mass Storage device detected
[  717.217274][ T4239] usb 2-1: Product: syz
[  717.221484][ T4239] usb 2-1: Manufacturer: syz
[  717.261155][ T4403] usb-storage 7-1:0.0: Quirks match for vid 03f0 pid 4002: 10
[  717.269241][ T4239] usb 2-1: SerialNumber: syz
[  717.318000][ T4239] usb 2-1: config 0 descriptor??
[  717.422981][T10914] REISERFS warning (device loop6): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[  717.447876][ T4239] usb 2-1: bad CDC descriptors
[  717.453609][T10914] REISERFS warning (device loop6): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[  717.468498][ T4239] usb 2-1: bad CDC descriptors
[  717.508051][ T4239] usb 7-1: USB disconnect, device number 8
[  717.578832][ T4246] usb 2-1: USB disconnect, device number 46
[  717.707015][ T4358] usb 5-1: new high-speed USB device number 41 using dummy_hcd
[  718.246899][ T4358] usb 5-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  718.284865][ T4358] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  718.358954][ T4358] usb 5-1: Product: syz
[  718.397731][ T4358] usb 5-1: Manufacturer: syz
[  718.427042][ T4358] usb 5-1: SerialNumber: syz
[  718.525915][ T4358] usb 5-1: config 0 descriptor??
[  718.583624][ T4358] i2c-tiny-usb 5-1:0.0: version 6d.cc found at bus 005 address 041
[  719.429682][T10941] udc-core: couldn't find an available UDC or it's busy
[  719.441240][ T4284] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  719.467225][T10941] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  719.496196][ T4358]  (null): failure setting delay to 10us
[  719.502224][ T4358] i2c-tiny-usb: probe of 5-1:0.0 failed with error -5
[  719.503268][ T7208] ocfs2: Unmounting device (7,5) on (node local)
[  719.511658][ T4358] usb 5-1: USB disconnect, device number 41
[  719.864179][T10956] loop1: detected capacity change from 0 to 32768
[  719.959084][T10962] loop6: detected capacity change from 0 to 64
[  720.000686][ T4358] XFS (loop1): Metadata CRC error detected at xfs_sb_read_verify+0x39a/0x480, xfs_sb block 0x0 
[  720.019761][ T4358] XFS (loop1): Unmount and run xfs_repair
[  720.029738][ T4358] XFS (loop1): First 128 bytes of corrupted metadata buffer:
[  720.041835][ T4358] 00000000: 58 46 53 42 00 00 10 00 00 00 00 00 00 00 00 00  XFSB............
[  720.054438][ T4358] 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  720.144801][ T4358] 00000020: a2 f8 2a ab 77 f8 42 86 af d4 a8 f7 47 a7 4b ab  ..*.w.B.....G.K.
[  720.190376][ T4358] 00000030: 00 00 00 00 00 00 00 06 00 00 00 00 00 00 04 20  ............... 
[  720.220911][ T4358] 00000040: 00 00 00 00 00 00 04 21 00 00 00 00 00 00 04 22  .......!......."
[  720.231778][ T4358] 00000050: 00 00 00 01 00 00 10 00 00 00 00 01 00 00 00 00  ................
[  720.241177][ T4358] 00000060: 00 00 02 04 b4 b5 02 00 08 00 00 02 00 00 00 00  ................
[  720.250413][ T4358] 00000070: 00 00 00 00 00 00 00 00 0c 09 0b 01 0c 00 00 64  ...............d
[  720.260139][T10956] XFS (loop1): SB validate failed with error -74.
[  720.589573][T10971] netlink: 'syz.5.1711': attribute type 12 has an invalid length.
[  720.945256][ T8936] usb 4-1: new high-speed USB device number 35 using dummy_hcd
[  722.461020][T10979] loop4: detected capacity change from 0 to 64
[  722.768326][T10979] Unable to read inode block
[  722.798900][T10979] MINIX-fs: get root inode failed
[  722.804901][ T8936] usb 4-1: Using ep0 maxpacket: 32
[  722.875198][ T8936] usb 4-1: device descriptor read/all, error -71
[  723.424076][T10979] loop4: detected capacity change from 0 to 128
[  723.476386][T10979] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  723.555538][T10979] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  725.337037][T11004] loop4: detected capacity change from 0 to 40427
[  725.379420][T11004] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  725.388105][T11004] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  725.417342][T11004] F2FS-fs (loop4): invalid crc value
[  725.499747][T11004] F2FS-fs (loop4): Found nat_bits in checkpoint
[  725.634403][T11004] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  725.641550][T11004] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  725.761369][T11003] netlink: 2028 bytes leftover after parsing attributes in process `syz.1.1720'.
[  725.883085][T11003] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1720'.
[  725.892341][T11003] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1720'.
[  726.010298][T11017] loop1: detected capacity change from 0 to 64
[  726.392905][ T4400] kworker/dying (4400) used greatest stack depth: 16104 bytes left
[  726.576268][T11022] loop1: detected capacity change from 0 to 4096
[  726.651678][T11022] ntfs: (device loop1): parse_ntfs_boot_sector(): Mft record size (32768) exceeds the PAGE_SIZE on your system (4096).  This is not supported.  Sorry.
[  726.772451][T11022] ntfs: (device loop1): ntfs_fill_super(): Unsupported NTFS filesystem.
[  726.896588][T11024] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  726.932357][T11024] CIFS mount error: No usable UNC path provided in device string!
[  726.932357][T11024] 
[  726.948586][T11024] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  727.212327][T11015] loop3: detected capacity change from 0 to 32768
[  727.227203][T11015] XFS: noikeep mount option is deprecated.
[  727.363161][T11015] XFS (loop3): Mounting V5 Filesystem
[  728.713204][T11015] XFS (loop3): invalid iclog size (4096 bytes), using lsunit (32768 bytes)
[  728.810963][T11015] XFS (loop3): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  729.634538][T11015] XFS (loop3): Starting recovery (logdev: internal)
[  729.675827][T11015] XFS (loop3): Ending recovery (logdev: internal)
[  729.709036][T11025] loop1: detected capacity change from 0 to 40427
[  729.798037][T11025] F2FS-fs (loop1): build fault injection attr: rate: 694, type: 0x1ffff
[  729.819585][T11055] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1735'.
[  729.829529][ T4191] XFS (loop3): Unmounting Filesystem
[  729.893256][T11056] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1735'.
[  729.946168][T11025] F2FS-fs (loop1): invalid crc value
[  729.952979][T11025] F2FS-fs (loop1): Failed to start F2FS issue_checkpoint_thread (-12)
[  729.994558][T11058] loop6: detected capacity change from 0 to 64
[  730.123172][T11050] loop4: detected capacity change from 0 to 32768
[  730.170039][T11050] XFS (loop4): sunit and swidth must be specified together
[  731.097871][T11080] loop3: detected capacity change from 0 to 8192
[  731.219552][T11080] REISERFS (device loop3): found reiserfs format "3.6" with non-standard journal
[  731.243053][T11080] REISERFS (device loop3): using ordered data mode
[  731.278950][T11080] reiserfs: using flush barriers
[  731.285696][T11080] REISERFS (device loop3): journal params: device loop3, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  731.303427][T11080] REISERFS (device loop3): checking transaction log (loop3)
[  731.430360][T11092] loop5: detected capacity change from 0 to 2048
[  731.517280][T11089] loop4: detected capacity change from 0 to 1024
[  731.539345][T11080] REISERFS (device loop3): Using rupasov hash to sort names
[  731.555560][T11092] NILFS (loop5): broken superblock, retrying with spare superblock (blocksize = 1024)
[  731.598715][T11080] REISERFS (device loop3): Created .reiserfs_priv - reserved for xattr storage.
[  731.640269][T11092] attempt to access beyond end of device
[  731.640269][T11092] loop5: rw=524288, want=33554432, limit=2048
[  731.652794][T11096] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  731.749730][T11092] attempt to access beyond end of device
[  731.749730][T11092] loop5: rw=0, want=33554432, limit=2048
[  731.800891][ T5290] usb 2-1: new high-speed USB device number 47 using dummy_hcd
[  731.831490][T11092] NILFS (loop5): I/O error reading meta-data file (ino=6, block-offset=3)
[  731.859418][T11092] NILFS (loop5): error -5 reading inode: ino=12
[  731.896229][T11092] attempt to access beyond end of device
[  731.896229][T11092] loop5: rw=0, want=33554432, limit=2048
[  731.927382][T11092] NILFS (loop5): I/O error reading meta-data file (ino=6, block-offset=3)
[  731.953703][T11092] NILFS (loop5): error -5 reading inode: ino=12
[  732.050812][ T4411] usb 5-1: new high-speed USB device number 42 using dummy_hcd
[  732.169803][ T5290] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  732.259997][T11100] loop3: detected capacity change from 0 to 32768
[  732.367321][T11100] JBD2: Ignoring recovery information on journal
[  732.440183][ T5290] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  732.449948][ T5290] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  732.458076][ T5290] usb 2-1: Product: syz
[  732.476703][ T4411] usb 5-1: Using ep0 maxpacket: 8
[  732.499989][ T5290] usb 2-1: Manufacturer: syz
[  732.506529][ T5290] usb 2-1: SerialNumber: syz
[  732.528627][T11100] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  732.619585][ T4411] usb 5-1: config 252 has an invalid interface number: 128 but max is 0
[  732.638334][ T4411] usb 5-1: config 252 has no interface number 0
[  733.475800][ T4411] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b
[  733.486030][ T4411] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  733.531466][ T4411] pvrusb2: Hardware description: Terratec Grabster AV400
[  733.539688][ T4411] pvrusb2: **********
[  733.545471][ T4411] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental.
[  733.556501][ T4411] pvrusb2: Important functionality might not be entirely working.
[  733.564971][ T4411] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver.
[  733.576635][ T4411] pvrusb2: **********
[  733.591029][ T4403] Bluetooth: hci4: command 0x0406 tx timeout
[  733.977173][ T2426] pvrusb2: Invalid write control endpoint
[  734.142679][ T4191] ocfs2: Unmounting device (7,3) on (node local)
[  734.187259][ T2426] pvrusb2: Invalid write control endpoint
[  734.232184][T11089] syz.4.1744 sent an empty control message without MSG_MORE.
[  734.257415][T11117] loop6: detected capacity change from 0 to 64
[  734.278762][ T2426] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work.
[  734.318394][ T2426] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device.
[  734.354277][ T2426] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups.
[  734.373478][ T2426] pvrusb2: Device being rendered inoperable
[  734.399219][ T2426] cx25840 1-0044: Unable to detect h/w, assuming cx23887
[  734.438044][ T2426] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a)
[  734.542523][ T2426] pvrusb2: Attached sub-driver cx25840
[  734.579144][ T5290] cdc_ncm 2-1:1.0: MAC-Address: 42:42:42:42:42:42
[  734.587593][ T5290] cdc_ncm 2-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048
[  734.594640][ T2426] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it.
[  734.623070][ T5290] cdc_ncm 2-1:1.0: setting rx_max = 2048
[  734.654807][ T2426] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover.
[  734.739710][T11131] loop6: detected capacity change from 0 to 4096
[  734.788468][ T5290] cdc_ncm 2-1:1.0: setting tx_max = 88
[  734.809905][T11131] ntfs: (device loop6): parse_options(): Option utf8 is no longer supported, using option nls=utf8. Please use option nls=utf8 in the future and make sure utf8 is compiled either as a module or into the kernel.
[  734.853624][ T5290] cdc_ncm 2-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.1-1, CDC NCM, 42:42:42:42:42:42
[  734.889752][T11131] ntfs: (device loop6): read_ntfs_boot_sector(): Primary boot sector is invalid.
[  734.930679][ T5290] usb 2-1: USB disconnect, device number 47
[  734.954784][T11131] ntfs: (device loop6): read_ntfs_boot_sector(): Hot-fix: Recovering invalid primary boot sector from backup copy.
[  734.978341][ T5290] cdc_ncm 2-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.1-1, CDC NCM
[  735.002785][T11131] ntfs: (device loop6): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[  735.040017][T11131] ntfs: (device loop6): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x0 because its location on disk could not be determined even after retrying (error code -5).
[  735.188379][T11131] ntfs: (device loop6): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[  735.238881][T11131] ntfs: (device loop6): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x0, offset 0x200 because its location on disk could not be determined even after retrying (error code -5).
[  735.273170][T11135] loop5: detected capacity change from 0 to 4096
[  735.281007][T11131] ntfs: (device loop6): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[  735.281051][T11131] ntfs: (device loop6): ntfs_read_block(): Failed to read from inode 0xa, attribute type 0x80, vcn 0x1, offset 0x0 because its location on disk could not be determined even after retrying (error code -5).
[  735.281108][T11131] ntfs: (device loop6): ntfs_mapping_pairs_decompress(): Corrupt attribute.
[  735.294223][T11131] ntfs: volume version 3.1.
[  735.296963][T11135] ntfs: volume version 3.1.
[  736.494947][T11146] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1754'.
[  736.847341][ T4411] usb 2-1: new high-speed USB device number 48 using dummy_hcd
[  737.237336][ T4411] usb 2-1: Using ep0 maxpacket: 8
[  737.357223][ T4411] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  737.385469][ T4411] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  737.511148][T11159] loop5: detected capacity change from 0 to 64
[  737.567298][ T4411] usb 2-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=44.b2
[  737.581993][ T4411] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  737.600048][ T5290] usb 5-1: USB disconnect, device number 42
[  737.604594][ T4411] usb 2-1: Product: syz
[  737.617555][ T4411] usb 2-1: Manufacturer: syz
[  737.622329][ T4411] usb 2-1: SerialNumber: syz
[  737.636631][T11154] loop6: detected capacity change from 0 to 4096
[  737.651835][ T4411] usb 2-1: config 0 descriptor??
[  737.898916][ T4284] hfsplus: b-tree write err: -5, ino 4
[  738.789427][T11163] loop5: detected capacity change from 0 to 8192
[  738.839598][T11167] FAULT_INJECTION: forcing a failure.
[  738.839598][T11167] name fail_usercopy, interval 1, probability 0, space 0, times 0
[  738.852801][T11167] CPU: 1 PID: 11167 Comm: syz.4.1766 Not tainted 5.15.189-syzkaller #0
[  738.861064][T11167] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  738.871132][T11167] Call Trace:
[  738.874423][T11167]  <TASK>
[  738.877452][T11167]  dump_stack_lvl+0x168/0x230
[  738.882156][T11167]  ? show_regs_print_info+0x20/0x20
[  738.887377][T11167]  ? load_image+0x3b0/0x3b0
[  738.891906][T11167]  ? __lock_acquire+0x7c60/0x7c60
[  738.896958][T11167]  should_fail+0x38c/0x4c0
[  738.901401][T11167]  _copy_from_user+0x2e/0x170
[  738.906097][T11167]  iovec_from_user+0x142/0x370
[  738.910884][T11167]  __import_iovec+0x70/0x490
[  738.915500][T11167]  import_iovec+0x6f/0xa0
[  738.919861][T11167]  ___sys_sendmsg+0x1b9/0x260
[  738.924574][T11167]  ? __sys_sendmsg+0x250/0x250
[  738.929386][T11167]  ? __fdget+0x18b/0x210
[  738.933655][T11167]  __se_sys_sendmsg+0x190/0x250
[  738.938529][T11167]  ? asm_sysvec_reschedule_ipi+0x16/0x20
[  738.944183][T11167]  ? __x64_sys_sendmsg+0x80/0x80
[  738.949153][T11167]  ? syscall_enter_from_user_mode+0x2a/0x70
[  738.955071][T11167]  do_syscall_64+0x4c/0xa0
[  738.959507][T11167]  ? clear_bhb_loop+0x30/0x80
[  738.964300][T11167]  ? clear_bhb_loop+0x30/0x80
[  738.968995][T11167]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  738.974993][T11167] RIP: 0033:0x7f768844a9a9
[  738.979441][T11167] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  738.999060][T11167] RSP: 002b:00007f7686270038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  739.007497][T11167] RAX: ffffffffffffffda RBX: 00007f7688672160 RCX: 00007f768844a9a9
[  739.015532][T11167] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 0000000000000007
[  739.023518][T11167] RBP: 00007f7686270090 R08: 0000000000000000 R09: 0000000000000000
[  739.031504][T11167] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001
[  739.039491][T11167] R13: 0000000000000000 R14: 00007f7688672160 R15: 00007ffcc5cdea58
[  739.047568][T11167]  </TASK>
[  739.050649][    C1] vkms_vblank_simulate: vblank timer overrun
[  739.194507][ T5290] usb 2-1: USB disconnect, device number 48
[  739.333429][T11163] REISERFS (device loop5): found reiserfs format "3.6" with non-standard journal
[  739.392649][T11163] REISERFS (device loop5): using ordered data mode
[  739.426618][T11163] reiserfs: using flush barriers
[  739.496245][T11163] REISERFS (device loop5): journal params: device loop5, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  739.526406][T11163] REISERFS (device loop5): checking transaction log (loop5)
[  739.740984][T11163] REISERFS (device loop5): Using tea hash to sort names
[  739.749966][T11163] REISERFS (device loop5): Created .reiserfs_priv - reserved for xattr storage.
[  739.823659][T10251] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  740.106466][T10251] usb 7-1: Using ep0 maxpacket: 32
[  740.246997][T10251] usb 7-1: unable to get BOS descriptor set
[  740.347782][T10251] usb 7-1: config 1 interface 0 altsetting 64 endpoint 0x81 has invalid maxpacket 1064, setting to 1024
[  740.582198][T10251] usb 7-1: config 1 interface 0 altsetting 64 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  740.685418][T10251] usb 7-1: config 1 interface 0 has no altsetting 0
[  740.906421][T10251] usb 7-1: New USB device found, idVendor=1130, idProduct=3101, bcdDevice= 0.40
[  740.948132][T10251] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  741.004739][T11188] binder: BINDER_SET_CONTEXT_MGR already set
[  741.045106][T10251] usb 7-1: Product: syz
[  741.091715][T11188] binder: 11183:11188 ioctl 4018620d 2000000002c0 returned -16
[  741.103708][T10251] usb 7-1: Manufacturer: syz
[  741.150154][T10251] usb 7-1: SerialNumber: syz
[  741.330656][T11170] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  741.846053][T10251] usbhid 7-1:1.0: can't add hid device: -71
[  741.852609][T10251] usbhid: probe of 7-1:1.0 failed with error -71
[  741.936200][T11187] loop1: detected capacity change from 0 to 32768
[  741.991440][T11187] (syz.1.1772,11187,1):ocfs2_fill_super:1177 ERROR: status = -22
[  742.084463][T10251] usb 7-1: USB disconnect, device number 9
[  742.959160][T11198] loop4: detected capacity change from 0 to 64
[  743.645517][T11196] loop5: detected capacity change from 0 to 4096
[  743.931286][T11196] __ntfs_error: 16 callbacks suppressed
[  743.931307][T11196] ntfs: (device loop5): parse_ntfs_boot_sector(): Mft record size (65536) exceeds the PAGE_SIZE on your system (4096).  This is not supported.  Sorry.
[  744.034011][T11196] ntfs: (device loop5): ntfs_fill_super(): Unsupported NTFS filesystem.
[  744.160652][T11205] loop3: detected capacity change from 0 to 32768
[  744.224383][T11206] loop6: detected capacity change from 0 to 4096
[  744.326532][T11206] ntfs: (device loop6): parse_ntfs_boot_sector(): Mft record size (65536) exceeds the PAGE_SIZE on your system (4096).  This is not supported.  Sorry.
[  744.391673][T11206] ntfs: (device loop6): ntfs_fill_super(): Unsupported NTFS filesystem.
[  744.510180][T11222] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1783'.
[  744.661684][T11226] loop1: detected capacity change from 0 to 256
[  744.726696][T11226] exfat: Deprecated parameter 'namecase'
[  744.806622][T11226] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[  744.973292][ T4411] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  744.978934][T11226] FAULT_INJECTION: forcing a failure.
[  744.978934][T11226] name failslab, interval 1, probability 0, space 0, times 0
[  745.215345][T11226] CPU: 1 PID: 11226 Comm: syz.1.1784 Not tainted 5.15.189-syzkaller #0
[  745.223649][T11226] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  745.233720][T11226] Call Trace:
[  745.237014][T11226]  <TASK>
[  745.239958][T11226]  dump_stack_lvl+0x168/0x230
[  745.244660][T11226]  ? show_regs_print_info+0x20/0x20
[  745.249878][T11226]  ? load_image+0x3b0/0x3b0
[  745.254408][T11226]  ? __lock_acquire+0x7c60/0x7c60
[  745.259461][T11226]  should_fail+0x38c/0x4c0
[  745.263906][T11226]  should_failslab+0x5/0x20
[  745.268428][T11226]  slab_pre_alloc_hook+0x51/0xc0
[  745.273385][T11226]  __kmalloc+0x6b/0x330
[  745.277566][T11226]  ? __se_sys_memfd_create+0x142/0x430
[  745.283039][T11226]  ? strnlen_user+0x19b/0x250
[  745.287738][T11226]  __se_sys_memfd_create+0x142/0x430
[  745.293040][T11226]  ? lock_chain_count+0x20/0x20
[  745.297915][T11226]  ? __x64_sys_memfd_create+0x60/0x60
[  745.303311][T11226]  ? lockdep_hardirqs_on+0x94/0x140
[  745.308528][T11226]  do_syscall_64+0x4c/0xa0
[  745.312972][T11226]  ? clear_bhb_loop+0x30/0x80
[  745.317664][T11226]  ? clear_bhb_loop+0x30/0x80
[  745.322360][T11226]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  745.328274][T11226] RIP: 0033:0x7ff0dd56d9a9
[  745.332708][T11226] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  745.352329][T11226] RSP: 002b:00007ff0db3d4e18 EFLAGS: 00000202 ORIG_RAX: 000000000000013f
[  745.360770][T11226] RAX: ffffffffffffffda RBX: 00000000000005fe RCX: 00007ff0dd56d9a9
[  745.368760][T11226] RDX: 00007ff0db3d4ef0 RSI: 0000000000000000 RDI: 00007ff0dd5f06fc
[  745.376748][T11226] RBP: 0000200000001040 R08: 00007ff0db3d4bb7 R09: 00007ff0db3d4e40
[  745.384734][T11226] R10: 000000000000000a R11: 0000000000000202 R12: 00002000000005c0
[  745.392717][T11226] R13: 00007ff0db3d4ef0 R14: 00007ff0db3d4eb0 R15: 0000200000000080
[  745.400719][T11226]  </TASK>
[  745.892865][ T4411] usb 7-1: Using ep0 maxpacket: 32
[  746.164172][T11213] loop4: detected capacity change from 0 to 32768
[  746.192902][ T4411] usb 7-1: config 0 has an invalid interface number: 111 but max is 1
[  746.204737][ T4411] usb 7-1: config 0 has no interface number 1
[  746.337112][T11246] loop5: detected capacity change from 0 to 1764
[  746.445496][ T4411] usb 7-1: New USB device found, idVendor=0ccd, idProduct=0080, bcdDevice=4a.83
[  746.489401][ T4411] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  746.505021][T11246] netlink: 32 bytes leftover after parsing attributes in process `syz.5.1790'.
[  746.513655][ T4411] usb 7-1: Product: syz
[  746.543152][ T4411] usb 7-1: Manufacturer: syz
[  746.559988][ T4411] usb 7-1: SerialNumber: syz
[  746.593751][ T4411] usb 7-1: config 0 descriptor??
[  746.837350][ T1427] ieee802154 phy0 wpan0: encryption failed: -22
[  746.843727][ T1427] ieee802154 phy1 wpan1: encryption failed: -22
[  746.854720][T11263] loop3: detected capacity change from 0 to 512
[  746.872926][ T4411] snd-usb-6fire 7-1:0.111: unable to receive device firmware state.
[  746.880961][ T4411] snd-usb-6fire: probe of 7-1:0.111 failed with error -71
[  746.900416][ T4411] usb 7-1: USB disconnect, device number 10
[  747.011070][T11263] EXT4-fs (loop3): mounted filesystem without journal. Opts: sb=0x0000000000000001,nodioread_nolock,,errors=continue. Quota mode: writeback.
[  747.037222][T11263] ext4 filesystem being mounted at /368/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  747.062213][ T5290] usb 6-1: new high-speed USB device number 37 using dummy_hcd
[  747.104417][   T26] audit: type=1800 audit(1753558568.677:62): pid=11263 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1798" name="file1" dev="loop3" ino=15 res=0 errno=0
[  747.567364][T11268] loop3: detected capacity change from 0 to 32768
[  747.582403][ T5290] usb 6-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  747.601721][ T5290] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  747.652529][ T5290] usb 6-1: Product: syz
[  747.656889][ T5290] usb 6-1: Manufacturer: syz
[  747.663959][ T5290] usb 6-1: SerialNumber: syz
[  747.674272][ T5290] usb 6-1: config 0 descriptor??
[  747.727969][ T5290] i2c-tiny-usb 6-1:0.0: version 6d.cc found at bus 006 address 037
[  747.940759][T11261] udc-core: couldn't find an available UDC or it's busy
[  747.961871][ T4306] usb 2-1: new high-speed USB device number 49 using dummy_hcd
[  748.075286][T11261] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  748.141799][T10251] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  748.341999][ T4306] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  748.387011][ T4306] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  748.422017][ T5290]  (null): failure setting delay to 10us
[  748.434897][ T5290] i2c-tiny-usb: probe of 6-1:0.0 failed with error -5
[  748.526015][ T5290] usb 6-1: USB disconnect, device number 37
[  748.531570][T11289] loop4: detected capacity change from 0 to 8
[  748.532894][ T4306] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66
[  748.547849][T10251] usb 7-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config
[  748.569657][T10251] usb 7-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18
[  748.585734][T11288] overlayfs: missing 'workdir'
[  748.593754][T10251] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  748.602438][ T4306] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  748.655745][ T4306] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  748.679668][T11268] XFS (loop3): Mounting V5 Filesystem
[  748.726889][T10251] gspca_main: stv0680-2.14.0 probing 041e:4007
[  748.816699][T11295] loop4: detected capacity change from 0 to 4096
[  748.818083][T11268] XFS (loop3): Ending clean mount
[  748.828519][ T4306] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  748.849498][ T4306] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  748.858411][ T4306] usb 2-1: Product: syz
[  748.862968][ T4306] usb 2-1: Manufacturer: syz
[  748.872620][T11268] XFS (loop3): Quotacheck needed: Please wait.
[  748.886024][T11295] ntfs: (device loop4): ntfs_read_locked_inode(): $DATA attribute is missing.
[  748.895664][T11295] ntfs: (device loop4): ntfs_read_locked_inode(): Failed with error code -2.  Marking corrupt inode 0xa as bad.  Run chkdsk.
[  748.909886][T11295] ntfs: (device loop4): load_and_init_upcase(): Failed to load $UpCase from the volume. Using default.
[  748.910126][ T4306] cdc_wdm 2-1:1.0: skipping garbage
[  748.929971][T11295] ntfs: volume version 3.1.
[  748.942270][ T4306] cdc_wdm 2-1:1.0: skipping garbage
[  748.957577][ T4306] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device
[  748.968125][ T4306] cdc_wdm 2-1:1.0: Unknown control protocol
[  749.140140][ T4306] usb 2-1: USB disconnect, device number 49
[  750.360937][T11299] loop5: detected capacity change from 0 to 32768
[  750.593371][T10251] gspca_stv0680: usb_control_msg error 0, request = 0x88, error = -32
[  750.634088][T11300] autofs4:pid:11300:autofs_fill_super: called with bogus options
[  751.051502][T10251] stv0680 7-1:4.0: STV(e): camera ping failed!!
[  751.076272][T11299] (syz.5.1805,11299,1):ocfs2_fill_super:1177 ERROR: status = -22
[  751.178638][T11268] XFS (loop3): Quotacheck: Done.
[  751.258828][ T4182] ntfs: (device loop4): ntfs_put_super(): Volume has errors.  Leaving volume marked dirty.  Run chkdsk.
[  751.276607][ T4191] XFS (loop3): Unmounting Filesystem
[  751.510106][T10251] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71
[  751.518320][T10251] stv0680 7-1:4.0: last error: 0,  command = 0x0
[  751.856868][T10251] usb 7-1: USB disconnect, device number 11
[  751.892096][T11310] loop6: detected capacity change from 0 to 128
[  752.062412][T11312] loop4: detected capacity change from 0 to 1024
[  752.367551][  T144] hfsplus: b-tree write err: -5, ino 4
[  752.590012][  T154] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  752.890082][ T4403] usb 5-1: new low-speed USB device number 44 using dummy_hcd
[  753.159922][ T4403] usb 5-1: Invalid ep0 maxpacket: 16
[  753.309416][ T4403] usb 5-1: new low-speed USB device number 45 using dummy_hcd
[  753.608985][ T4403] usb 5-1: Invalid ep0 maxpacket: 16
[  754.408159][ T4403] usb usb5-port1: attempt power cycle
[  754.553320][T11334] loop3: detected capacity change from 0 to 4096
[  754.639430][T11334] ntfs: (device loop3): map_mft_record_page(): Mft record 0x0 is corrupt.  Run chkdsk.
[  754.661442][T11334] ntfs: (device loop3): map_mft_record(): Failed with error code 5.
[  754.679634][T11334] ntfs: (device loop3): ntfs_read_locked_inode(): Failed with error code -5.  Marking corrupt inode 0x0 as bad.  Run chkdsk.
[  754.719750][T11334] ntfs: (device loop3): ntfs_read_inode_mount(): ntfs_read_inode() of $MFT failed. BUG or corrupt $MFT. Run chkdsk and if no errors are found, please report you saw this message to linux-ntfs-dev@lists.sourceforge.net
[  754.752411][T11336] netlink: 28 bytes leftover after parsing attributes in process `syz.6.1815'.
[  754.782862][T11334] ntfs: (device loop3): ntfs_fill_super(): Failed to load essential metadata.
[  754.838454][ T4403] usb 5-1: new low-speed USB device number 46 using dummy_hcd
[  754.954529][T11320] loop1: detected capacity change from 0 to 40427
[  754.968563][ T4403] usb 5-1: Invalid ep0 maxpacket: 16
[  755.016517][T11339] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1817'.
[  755.100584][T11320] F2FS-fs (loop1): build fault injection attr: rate: 694, type: 0x1ffff
[  755.311292][T11320] F2FS-fs (loop1): invalid crc value
[  755.376294][T11320] F2FS-fs (loop1): Failed to start F2FS issue_checkpoint_thread (-12)
[  755.897798][ T4403] usb 5-1: new low-speed USB device number 47 using dummy_hcd
[  756.103630][T11349] loop4: detected capacity change from 0 to 64
[  756.157965][ T4403] usb 5-1: device not accepting address 47, error -71
[  756.175652][ T4403] usb usb5-port1: unable to enumerate USB device
[  757.272050][T11353] loop6: detected capacity change from 0 to 32768
[  757.510252][T11359] trusted_key: encrypted_key: hex blob is missing
[  757.911340][T11356] loop1: detected capacity change from 0 to 32768
[  758.085218][T11356] (syz.1.1822,11356,1):ocfs2_fill_super:1177 ERROR: status = -22
[  758.638258][T11353] XFS (loop6): Mounting V5 Filesystem
[  758.865733][T11369] libceph: resolve '4..' (ret=-3): failed
[  758.872466][ T4411] usb 5-1: new high-speed USB device number 48 using dummy_hcd
[  759.054697][T11353] XFS (loop6): Ending clean mount
[  759.063978][T11353] XFS (loop6): Quotacheck needed: Please wait.
[  759.199648][T11353] XFS (loop6): Quotacheck: Done.
[  759.265558][T11383] loop3: detected capacity change from 0 to 64
[  759.269451][ T4411] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  759.269481][ T4411] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  759.269502][ T4411] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  759.269539][ T4411] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  759.269568][ T4411] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  759.274655][ T9645] XFS (loop6): Unmounting Filesystem
[  759.401831][T11387] loop5: detected capacity change from 0 to 4096
[  759.426356][ T4411] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  759.426392][ T4411] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  759.426415][ T4411] usb 5-1: Product: syz
[  759.426431][ T4411] usb 5-1: Manufacturer: syz
[  759.477432][ T4411] cdc_wdm 5-1:1.0: skipping garbage
[  759.477485][ T4411] cdc_wdm 5-1:1.0: skipping garbage
[  759.494914][ T4411] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  759.494973][ T4411] cdc_wdm 5-1:1.0: Unknown control protocol
[  759.527731][  T263] block nbd1: Attempted send on invalid socket
[  759.528085][  T263] print_req_error: 26 callbacks suppressed
[  759.528098][  T263] blk_update_request: I/O error, dev nbd1, sector 1 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  759.577463][T11388] VFS: could not find a valid V7 on nbd1.
[  759.755840][    C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  759.755866][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  759.776446][    C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  759.847290][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  759.848371][    C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  759.860264][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  759.866649][    C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  759.873271][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  759.880706][T10250] usb 5-1: USB disconnect, device number 48
[  759.886689][    C1] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  759.886713][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  759.886730][    C1] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  760.005084][T11366] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1825'.
[  760.930359][T11412] loop4: detected capacity change from 0 to 1024
[  760.955277][ T2285] usb 4-1: new high-speed USB device number 37 using dummy_hcd
[  761.070472][T11412] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  761.525069][ T2285] usb 4-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  761.534316][ T2285] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  762.203210][T11418] loop1: detected capacity change from 0 to 32768
[  762.250831][T11418] (syz.1.1838,11418,1):ocfs2_fill_super:1177 ERROR: status = -22
[  762.408952][ T2285] usb 4-1: Product: syz
[  762.413182][ T2285] usb 4-1: Manufacturer: syz
[  762.417887][ T2285] usb 4-1: SerialNumber: syz
[  762.440882][ T2285] usb 4-1: config 0 descriptor??
[  762.486452][ T2285] i2c-tiny-usb 4-1:0.0: version 6d.cc found at bus 004 address 037
[  762.689971][T11409] udc-core: couldn't find an available UDC or it's busy
[  762.726038][T11409] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  762.784493][ T2285]  (null): failure setting delay to 10us
[  762.790212][ T2285] i2c-tiny-usb: probe of 4-1:0.0 failed with error -5
[  762.804757][T11431] loop4: detected capacity change from 0 to 64
[  762.816138][ T2285] usb 4-1: USB disconnect, device number 37
[  762.903126][T11432] loop1: detected capacity change from 0 to 2048
[  763.036574][T11432] NILFS (loop1): invalid segment: Inconsistency found
[  763.043760][T11432] NILFS (loop1): trying rollback from an earlier position
[  763.083782][T11432] NILFS (loop1): recovery complete
[  763.107924][T11435] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  763.173129][T11421] loop6: detected capacity change from 0 to 32768
[  763.420260][T11442] loop3: detected capacity change from 0 to 64
[  763.454583][ T5290] usb 2-1: new high-speed USB device number 50 using dummy_hcd
[  763.667103][T10250] usb 5-1: new high-speed USB device number 49 using dummy_hcd
[  763.884384][ T5290] usb 2-1: New USB device found, idVendor=0733, idProduct=0430, bcdDevice=35.fb
[  764.094363][T10250] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  764.553565][T10250] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  764.564457][ T5290] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  764.574533][ T5290] usb 2-1: config 0 descriptor??
[  764.580067][T10250] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  764.590036][T10250] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  764.601400][T10250] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  764.625676][ T5290] gspca_main: spca505-2.14.0 probing 0733:0430
[  764.744382][T10250] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  764.781311][T10250] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  764.813330][T10250] usb 5-1: Product: syz
[  764.817539][T10250] usb 5-1: Manufacturer: syz
[  764.825382][T11432] NILFS (loop1): unrecognized mount option "ÿÿ184467440737095516150xffffffffffffffff18446744073709551615±ñV?Œù³ßCp~'~8pٻ젌|ž^½Ö(
cŸoö—ÈêM ) Çÿÿÿÿÿÿÿÿÿ"
[  764.862263][T11444] loop6: detected capacity change from 0 to 32768
[  764.874654][ T5290] gspca_spca505: reg write: error -71
[  764.880655][T10250] cdc_wdm 5-1:1.0: skipping garbage
[  764.887643][ T5290] spca505: probe of 2-1:0.0 failed with error -5
[  764.913263][T10250] cdc_wdm 5-1:1.0: skipping garbage
[  764.934045][ T5290] usb 2-1: USB disconnect, device number 50
[  764.962993][T10250] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device
[  764.973203][T10250] cdc_wdm 5-1:1.0: Unknown control protocol
[  765.096990][ T2285] usb 5-1: USB disconnect, device number 49
[  765.113179][    C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71
[  765.119805][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes
[  765.125881][    C0] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  765.313477][T11440] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1845'.
[  766.301929][T11455] loop6: detected capacity change from 0 to 32768
[  766.387383][T11455] (syz.6.1851,11455,1):ocfs2_fill_super:1177 ERROR: status = -22
[  767.170698][T11459] loop4: detected capacity change from 0 to 128
[  767.223858][T11459] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  767.317048][T11459] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  767.444827][T11468] loop6: detected capacity change from 0 to 256
[  768.096737][T11478] udc-core: couldn't find an available UDC or it's busy
[  768.134309][T11478] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  768.337807][T11485] loop3: detected capacity change from 0 to 512
[  768.361600][T10250] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  768.390004][T11482] sp0: Synchronizing with TNC
[  769.323341][T11466] loop1: detected capacity change from 0 to 32768
[  769.488470][T11466] XFS (loop1): Mounting V5 Filesystem
[  769.530482][T11475] loop4: detected capacity change from 0 to 32768
[  769.559658][T11497] netlink: 4 bytes leftover after parsing attributes in process `syz.6.1862'.
[  769.575372][T11482] loop3: detected capacity change from 0 to 4096
[  769.612714][T11466] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  769.740097][T11482] ntfs: (device loop3): parse_options(): Unrecognized mount option show_systfiles.
[  770.796321][T11501] loop6: detected capacity change from 0 to 32768
[  770.845892][T11501] (syz.6.1863,11501,0):ocfs2_fill_super:1177 ERROR: status = -22
[  771.185120][T11482] ntfs: (device loop3): parse_options(): Invalid umask option argument: 00000000000000000000004
[  771.492395][T11466] XFS (loop1): Starting recovery (logdev: internal)
[  771.574597][T11511] loop5: detected capacity change from 0 to 64
[  771.604855][T11509] loop4: detected capacity change from 0 to 128
[  771.651900][T11466] XFS (loop1): Ending recovery (logdev: internal)
[  771.785927][ T4183] XFS (loop1): Unmounting Filesystem
[  772.072737][ T5290] usb 4-1: new high-speed USB device number 38 using dummy_hcd
[  772.490212][ T5290] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  772.490245][ T5290] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  772.490266][ T5290] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  772.490302][ T5290] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  772.490330][ T5290] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  772.630219][ T5290] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  772.630254][ T5290] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  772.630277][ T5290] usb 4-1: Product: syz
[  772.630293][ T5290] usb 4-1: Manufacturer: syz
[  772.681085][ T5290] cdc_wdm 4-1:1.0: skipping garbage
[  772.681110][ T5290] cdc_wdm 4-1:1.0: skipping garbage
[  772.801229][ T5290] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  772.801254][ T5290] cdc_wdm 4-1:1.0: Unknown control protocol
[  772.887721][ T5290] usb 4-1: USB disconnect, device number 38
[  773.014873][T11530] loop5: detected capacity change from 0 to 512
[  773.091293][T11515] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1868'.
[  773.100403][T11530] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode
[  773.196361][T11530] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002]
[  773.229983][T11530] System zones: 1-12
[  773.326017][T11530] EXT4-fs (loop5): 1 truncate cleaned up
[  773.363836][T11530] EXT4-fs (loop5): mounted filesystem without journal. Opts: nogrpid,jqfmt=vfsv0,debug_want_extra_isize=0x0000000000000068,debug,nombcache,quota,nolazytime,,errors=continue. Quota mode: writeback.
[  773.987894][T11540] binder: 11539:11540 ioctl c00c620f 0 returned -14
[  774.410659][T11538] loop4: detected capacity change from 0 to 32768
[  774.474242][T11538] (syz.4.1876,11538,0):ocfs2_fill_super:1177 ERROR: status = -22
[  774.660202][T11540] blk_update_request: I/O error, dev loop1, sector 2 op 0x0:(READ) flags 0x1000 phys_seg 1 prio class 0
[  774.779332][T11540] EXT4-fs (loop1): unable to read superblock
[  774.838442][T11545] loop5: detected capacity change from 0 to 1024
[  774.878717][T11528] loop6: detected capacity change from 0 to 32768
[  774.951035][T11528] gfs2: fsid=(œ[{{{+: Trying to join cluster "lock_nolock", "(œ[{{{+"
[  774.971413][T11545] EXT4-fs (loop5): mounted filesystem without journal. Opts: user_xattr,nodioread_nolock,,errors=continue. Quota mode: none.
[  774.994944][T11545] ext4 filesystem being mounted at /197/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  775.010136][T11528] gfs2: fsid=(œ[{{{+: Now mounting FS (format 0)...
[  775.023416][T11528] gfs2: Invalid block size shift
[  775.028477][T11528] gfs2: fsid=(œ[{{{+: can't read superblock: -22
[  775.049069][T11556] loop3: detected capacity change from 0 to 64
[  775.092377][T11558] loop1: detected capacity change from 0 to 512
[  775.165918][T11558] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  775.227925][T11558] EXT4-fs (loop1): 1 truncate cleaned up
[  775.289888][T11558] EXT4-fs (loop1): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000001,journal_dev=0x0000000000000003,block_validity,lazytime,nombcache,usrjquota=,,errors=continue. Quota mode: none.
[  775.335420][T11558] EXT4-fs error (device loop1): ext4_get_parent:1910: comm syz.1.1883: inode #2: comm syz.1.1883: iget: illegal inode #
[  775.371136][T11563] overlayfs: failed to resolve './file0': -2
[  776.420827][T11597] IPv6: ADDRCONF(NETDEV_CHANGE): bpq0: link becomes ready
[  776.457246][T11554] loop4: detected capacity change from 0 to 40427
[  776.559178][T11554] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  776.608944][T11554] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  776.631416][T11606] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  776.654939][T11606] overlayfs: "xino" feature enabled using 2 upper inode bits.
[  776.672396][T11554] F2FS-fs (loop4): invalid crc value
[  776.757860][ T4306] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  776.766980][T11554] F2FS-fs (loop4): Found nat_bits in checkpoint
[  776.777980][T11615] sctp: [Deprecated]: syz.3.1904 (pid 11615) Use of struct sctp_assoc_value in delayed_ack socket option.
[  776.777980][T11615] Use struct sctp_sack_info instead
[  776.940731][T11554] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  776.962057][T11554] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  777.037275][ T4306] usb 7-1: Using ep0 maxpacket: 8
[  777.111462][T11620] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  777.128534][T11620] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  777.133276][ T7846] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  777.148856][ T7846] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  777.171095][T11628] Context (ID=0x0) not attached to queue pair (handle=0xffffffff:0x5)
[  777.207990][ T4306] usb 7-1: config 0 interface 0 has no altsetting 0
[  777.214659][ T4306] usb 7-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  777.233482][ T4306] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  777.258046][ T4306] usb 7-1: config 0 descriptor??
[  777.683620][T11636] netlink: 'syz.3.1912': attribute type 12 has an invalid length.
[  777.693697][T11636] netlink: 'syz.3.1912': attribute type 29 has an invalid length.
[  777.726877][T11636] netlink: 148 bytes leftover after parsing attributes in process `syz.3.1912'.
[  777.752790][T11636] netlink: 'syz.3.1912': attribute type 1 has an invalid length.
[  777.771976][ T4306] mcp2221 0003:04D8:00DD.0013: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.6-1/input0
[  777.781601][T11636] netlink: 'syz.3.1912': attribute type 2 has an invalid length.
[  777.810914][T11636] netlink: 39 bytes leftover after parsing attributes in process `syz.3.1912'.
[  777.952762][T11643] ipt_CLUSTERIP: Please specify destination IP
[  777.968074][ T4306] usb 7-1: USB disconnect, device number 13
[  778.321379][ T7846] nci: nci_rf_discover_ntf_packet: unsupported rf_tech_and_mode 0xa
[  778.360221][T11645] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1915'.
[  779.096528][ T4306] usb 2-1: new high-speed USB device number 51 using dummy_hcd
[  779.367089][ T4306] usb 2-1: Using ep0 maxpacket: 32
[  779.436031][ T8936] usb 4-1: new high-speed USB device number 39 using dummy_hcd
[  779.486786][ T4306] usb 2-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64
[  779.504373][ T4306] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  779.523110][ T4306] usb 2-1: config 0 descriptor??
[  779.535954][ T5290] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  779.590796][ T4306] as10x_usb: device has been detected
[  779.605257][ T4306] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle)
[  779.626990][T10251] usb 6-1: new high-speed USB device number 38 using dummy_hcd
[  779.643516][ T4306] usb 2-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)...
[  779.661798][ T4306] as10x_usb: error during firmware upload part1
[  779.669746][ T4306] Registered device nBox DVB-T Dongle
[  779.790157][ T5290] usb 7-1: Using ep0 maxpacket: 8
[  779.801600][ T8936] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  779.816361][T10251] usb 6-1: device descriptor read/64, error -71
[  779.822876][ T8936] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  779.833120][ T8936] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  779.844603][ T8936] usb 4-1: config 0 descriptor??
[  779.850572][ T4306] usb 2-1: USB disconnect, device number 51
[  779.868911][ T4306] Unregistered device nBox DVB-T Dongle
[  779.871866][ T4306] as10x_usb: device has been disconnected
[  779.945986][ T5290] usb 7-1: config 0 interface 0 has no altsetting 0
[  779.961620][ T5290] usb 7-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  779.973673][ T5290] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  779.994249][ T5290] usb 7-1: config 0 descriptor??
[  780.086064][T10251] usb 6-1: new high-speed USB device number 39 using dummy_hcd
[  780.185767][ T8936] usbhid 4-1:0.0: can't add hid device: -71
[  780.191804][ T8936] usbhid: probe of 4-1:0.0 failed with error -71
[  780.209265][ T8936] usb 4-1: USB disconnect, device number 39
[  780.285613][T10251] usb 6-1: device descriptor read/64, error -71
[  780.406185][T10251] usb usb6-port1: attempt power cycle
[  780.480127][ T5290] mcp2221 0003:04D8:00DD.0014: USB HID vff.ff Device [HID 04d8:00dd] on usb-dummy_hcd.6-1/input0
[  780.652114][T11700] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1938'.
[  780.665458][ T8936] usb 4-1: new high-speed USB device number 40 using dummy_hcd
[  780.689223][ T4411] usb 7-1: USB disconnect, device number 14
[  780.822551][T10251] usb 6-1: new high-speed USB device number 40 using dummy_hcd
[  780.915986][T10251] usb 6-1: device descriptor read/8, error -71
[  780.922284][ T8936] usb 4-1: Using ep0 maxpacket: 16
[  780.929753][ T4199] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201'
[  780.941322][ T4199] CPU: 0 PID: 4199 Comm: kworker/u5:7 Not tainted 5.15.189-syzkaller #0
[  780.949703][ T4199] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  780.959784][ T4199] Workqueue: hci1 hci_rx_work
[  780.964497][ T4199] Call Trace:
[  780.967795][ T4199]  <TASK>
[  780.970740][ T4199]  dump_stack_lvl+0x168/0x230
[  780.975458][ T4199]  ? show_regs_print_info+0x20/0x20
[  780.980689][ T4199]  ? load_image+0x3b0/0x3b0
[  780.985226][ T4199]  sysfs_create_dir_ns+0x252/0x280
[  780.990359][ T4199]  ? __lock_acquire+0x7c60/0x7c60
[  780.995404][ T4199]  ? sysfs_warn_dup+0xa0/0xa0
[  781.000119][ T4199]  ? le_conn_complete_evt+0xcbc/0x1590
[  781.005587][ T4199]  ? hci_event_packet+0xe05/0x12f0
[  781.010713][ T4199]  ? process_one_work+0x863/0x1000
[  781.015968][ T4199]  ? do_raw_spin_unlock+0x11d/0x230
[  781.021193][ T4199]  kobject_add_internal+0x662/0xd00
[  781.026407][ T4199]  kobject_add+0x152/0x210
[  781.030849][ T4199]  ? kobject_init+0x1d0/0x1d0
[  781.035553][ T4199]  ? klist_children_get+0x50/0x50
[  781.040649][ T4199]  ? get_device_parent+0x121/0x3f0
[  781.045780][ T4199]  device_add+0x483/0xfb0
[  781.050133][ T4199]  hci_conn_add_sysfs+0xd1/0x1e0
[  781.055170][ T4199]  le_conn_complete_evt+0xcbc/0x1590
[  781.060475][ T4199]  ? cs_le_create_conn+0x5e0/0x5e0
[  781.065624][ T4199]  ? __mutex_trylock_common+0x14f/0x250
[  781.071186][ T4199]  hci_le_meta_evt+0x289/0x3b80
[  781.076048][ T4199]  ? hci_event_packet+0x36d/0x12f0
[  781.081163][ T4199]  ? hci_event_packet+0x2e2/0x12f0
[  781.086279][ T4199]  ? __lock_acquire+0x7c60/0x7c60
[  781.091316][ T4199]  ? hci_remote_host_features_evt+0x280/0x280
[  781.097394][ T4199]  ? __mutex_unlock_slowpath+0x19e/0x6a0
[  781.103036][ T4199]  ? mark_lock+0x94/0x320
[  781.107372][ T4199]  ? mutex_unlock+0x10/0x10
[  781.111888][ T4199]  ? lockdep_hardirqs_on_prepare+0x3fc/0x760
[  781.117874][ T4199]  ? lock_chain_count+0x20/0x20
[  781.122734][ T4199]  ? __rwlock_init+0x140/0x140
[  781.127506][ T4199]  hci_event_packet+0xe05/0x12f0
[  781.132463][ T4199]  ? lockdep_hardirqs_on+0x94/0x140
[  781.137730][ T4199]  ? rcu_lock_release+0x20/0x20
[  781.142594][ T4199]  ? hci_send_to_monitor+0x9c/0x4a0
[  781.147800][ T4199]  hci_rx_work+0x255/0xa10
[  781.152234][ T4199]  process_one_work+0x863/0x1000
[  781.157204][ T4199]  ? worker_detach_from_pool+0x240/0x240
[  781.162845][ T4199]  ? lockdep_hardirqs_off+0x70/0x100
[  781.168143][ T4199]  ? _raw_spin_lock_irq+0xab/0xe0
[  781.173172][ T4199]  ? _raw_spin_lock_irqsave+0xf0/0xf0
[  781.178593][ T4199]  ? wq_worker_running+0x97/0x170
[  781.183635][ T4199]  worker_thread+0xaa8/0x12a0
[  781.188351][ T4199]  kthread+0x436/0x520
[  781.192427][ T4199]  ? rcu_lock_release+0x20/0x20
[  781.197287][ T4199]  ? kthread_blkcg+0xd0/0xd0
[  781.201909][ T4199]  ret_from_fork+0x1f/0x30
[  781.206343][ T4199]  </TASK>
[  781.211872][ T2285] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  781.222235][ T4199] kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  781.235517][ T4199] Bluetooth: hci1: failed to register connection device
[  781.246186][ T8936] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  781.248255][ T2285] Bluetooth: hci1: Injecting HCI hardware error event
[  781.266992][ T4199] Bluetooth: hci1: hardware error 0x00
[  781.270257][ T8936] usb 4-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00
[  781.288174][ T8936] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  781.309362][ T8936] usb 4-1: config 0 descriptor??
[  781.359012][T10251] usb 6-1: new high-speed USB device number 41 using dummy_hcd
[  781.455274][T10251] usb 6-1: device descriptor read/8, error -71
[  781.575717][T10251] usb usb6-port1: unable to enumerate USB device
[  781.589430][T11727] binder: BINDER_SET_CONTEXT_MGR already set
[  781.597519][T11727] binder: 11725:11727 ioctl 4018620d 200000000040 returned -16
[  781.708388][T11731] 9pnet_virtio: no channels available for device syz
[  781.798556][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  781.815075][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  781.822536][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  781.831282][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  781.839759][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  781.848731][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  781.860874][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  781.883538][T11737] loop2: detected capacity change from 0 to 7
[  781.921102][T11737]  loop2: [CUMANA/ADFS] p1 [ADFS] p1
[  781.921105][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  781.921132][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  781.931055][T11737] loop2: partition table partially beyond EOD, 
[  781.934867][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  781.957536][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  781.963551][T11737] truncated
[  781.966359][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  781.976429][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  781.985434][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  781.993309][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  781.999016][T11737] loop2: p1 size 872559382 extends beyond EOD, truncated
[  782.001574][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.023190][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.045282][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.052733][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.062548][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.075854][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.083677][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.136074][ T8314] udevd[8314]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory
[  782.153780][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.165867][ T2285] usb 2-1: new high-speed USB device number 52 using dummy_hcd
[  782.173998][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.200474][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.223383][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.242478][T11748] loop2: detected capacity change from 0 to 7
[  782.251802][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.256633][ T8314] Dev loop2: unable to read RDB block 7
[  782.269634][ T8314]  loop2: unable to read partition table
[  782.273745][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.280016][ T8314] loop2: partition table beyond EOD, truncated
[  782.283689][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.306574][T11748] Dev loop2: unable to read RDB block 7
[  782.321174][T11748]  loop2: unable to read partition table
[  782.329613][T11748] loop2: partition table beyond EOD, truncated
[  782.330577][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.353842][T11748] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5)
[  782.359520][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.382554][ T3561] Dev loop2: unable to read RDB block 7
[  782.388550][ T3561]  loop2: unable to read partition table
[  782.399982][ T3561] loop2: partition table beyond EOD, truncated
[  782.409325][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.441608][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.461995][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.480603][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.490611][T11757] input: syz1 as /devices/virtual/input/input17
[  782.512674][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.539749][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.550501][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.567592][ T2285] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  782.567734][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.598903][ T2285] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  782.609444][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.637412][ T2285] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  782.650534][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.667959][ T2285] usb 2-1: New USB device found, idVendor=20d6, idProduct=cb17, bcdDevice= 0.00
[  782.677207][ T2285] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  782.690846][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.703160][ T2285] usb 2-1: config 0 descriptor??
[  782.709391][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.738262][T11765] 9pnet_virtio: no channels available for device syz
[  782.748782][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.774638][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.803950][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.822181][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.832251][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.849224][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.860381][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.873134][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.894086][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.902535][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.919854][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.930628][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.946128][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.960273][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.971808][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  782.995117][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.003044][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.018746][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.031538][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.052340][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.060317][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.062006][T11775] 9pnet_virtio: no channels available for device syz
[  783.075831][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.092812][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.109542][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.126041][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.140320][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.151253][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.167001][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.180566][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.191564][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.196634][ T2285] hid-udraw 0003:20D6:CB17.0016: unknown main item tag 0x0
[  783.212691][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.234600][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.237890][ T2285] input: THQ uDraw Game Tablet for PS3 Joypad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:20D6:CB17.0016/input/input18
[  783.257134][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.278484][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.302246][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.328136][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.350267][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.373400][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.396671][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.418254][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.440320][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.466873][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.486274][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.500177][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.520438][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.539123][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.558989][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.577807][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.596764][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.616936][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.636359][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.655570][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.675743][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.683201][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.711628][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.731775][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.749913][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.770061][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.790245][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.810380][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.829119][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.849277][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.867217][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.887359][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.905747][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.934374][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.952120][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.972337][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  783.992437][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.010282][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.028169][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.044258][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.061958][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.082038][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.100273][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.120433][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.140572][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.159390][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.179518][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.197833][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.216019][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.236165][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.254401][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.274535][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.281975][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.320477][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.338840][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.353531][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.371261][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.391447][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.409113][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.426875][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.444041][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.472141][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.482045][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.502215][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.522391][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.542523][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.561105][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.574762][ T7846] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  784.579508][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.613517][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.631316][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.651337][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.671499][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.689477][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.709574][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.727656][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.747856][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.765648][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.785758][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.803882][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.831888][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.841802][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.861937][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.880605][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.899584][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.918669][ T8936] hid-generic 0003:0458:5016.0015: unknown main item tag 0x0
[  784.949355][ T8936] hid-generic 0003:0458:5016.0015: hidraw0: USB HID v0.09 Device [HID 0458:5016] on usb-dummy_hcd.3-1/input0
[  785.018664][ T8936] usb 4-1: USB disconnect, device number 40
[  785.193907][ T2285] input: THQ uDraw Game Tablet for PS3 Touchpad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:20D6:CB17.0016/input/input19
[  785.236184][T11777] fido_id[11777]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  785.278094][ T2285] input: THQ uDraw Game Tablet for PS3 Pen as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:20D6:CB17.0016/input/input20
[  785.349866][ T2285] input: THQ uDraw Game Tablet for PS3 Accelerometer as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:20D6:CB17.0016/input/input21
[  785.450759][ T2285] hid-udraw 0003:20D6:CB17.0016: hidraw0: USB HID v0.00 Device [HID 20d6:cb17] on usb-dummy_hcd.1-1/input0
[  785.548242][ T2285] usb 2-1: USB disconnect, device number 52
[  785.604305][ T8936] usb 4-1: new high-speed USB device number 41 using dummy_hcd
[  785.815852][T11790] fido_id[11790]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory
[  785.853092][ T8936] usb 4-1: Using ep0 maxpacket: 8
[  785.984056][ T8936] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  786.014845][ T8936] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  786.059357][ T8936] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  786.099758][ T8936] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  786.150936][ T8936] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  786.195042][T11801] 9pnet_virtio: no channels available for device syz
[  786.201965][ T8936] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  786.251236][ T8936] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  786.457716][T11807] kvm [11805]: vcpu0, guest rIP: 0x18e disabled perfctr wrmsr: 0xc2 data 0x0
[  786.470562][T11807] kvm [11805]: vcpu0, guest rIP: 0x1b8 disabled perfctr wrmsr: 0xc2 data 0x0
[  786.552772][ T8936] usb 4-1: GET_CAPABILITIES returned 0
[  786.558363][ T8936] usbtmc 4-1:16.0: can't read capabilities
[  786.743092][T11830] fuse: Bad value for 'fd'
[  786.777412][ T5290] usb 4-1: USB disconnect, device number 41
[  786.872317][ T4411] usb 2-1: new full-speed USB device number 53 using dummy_hcd
[  786.923290][ T8936] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  787.052451][ T2285] usb 6-1: new high-speed USB device number 42 using dummy_hcd
[  787.172146][ T8936] usb 7-1: Using ep0 maxpacket: 32
[  787.282900][ T4411] usb 2-1: config 1 interface 0 has no altsetting 0
[  787.293562][ T8936] usb 7-1: config index 0 descriptor too short (expected 29220, got 36)
[  787.303249][ T8936] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  787.323854][ T8936] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81
[  787.333399][ T8936] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  787.344269][ T8936] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  787.354039][ T8936] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  787.368311][ T8936] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  787.377541][ T8936] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  787.388714][ T8936] usb 7-1: config 0 descriptor??
[  787.432129][ T2285] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  787.444535][ T2285] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  787.460165][ T2285] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66
[  787.472885][ T5081] usb 5-1: new high-speed USB device number 50 using dummy_hcd
[  787.481232][ T2285] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  787.500674][ T4411] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  787.510322][ T2285] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  787.530312][ T4411] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  787.538921][ T4411] usb 2-1: Product: syz
[  787.551331][ T4411] usb 2-1: Manufacturer: syz
[  787.556234][ T4411] usb 2-1: SerialNumber: syz
[  787.646645][T11834] loop3: detected capacity change from 0 to 40427
[  787.656070][ T8936] usblp 7-1:0.0: usblp0: USB Bidirectional printer dev 15 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  787.669740][ T8936] usb 7-1: USB disconnect, device number 15
[  787.679529][ T8936] usblp0: removed
[  787.692215][ T2285] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  787.701510][ T2285] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  787.710566][ T2285] usb 6-1: Product: syz
[  787.715063][ T2285] usb 6-1: Manufacturer: syz
[  787.744388][T11834] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  787.763167][T11834] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  787.763249][ T2285] cdc_wdm 6-1:1.0: skipping garbage
[  787.783580][T11834] F2FS-fs (loop3): invalid crc value
[  787.797526][ T2285] cdc_wdm 6-1:1.0: skipping garbage
[  787.814305][ T2285] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device
[  787.815330][T11834] F2FS-fs (loop3): Found nat_bits in checkpoint
[  787.836770][ T2285] cdc_wdm 6-1:1.0: Unknown control protocol
[  787.886632][ T5081] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  787.903038][ T5081] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  787.904578][T11834] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  787.914753][ T5081] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66
[  787.929911][ T5081] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  787.942330][T11834] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  787.952282][ T4411] usblp 2-1:1.0: usblp1: USB Unidirectional printer dev 53 if 0 alt 16 proto 1 vid 0x0525 pid 0xA4A8
[  787.969764][ T5081] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  787.991072][ T4411] usb 2-1: USB disconnect, device number 53
[  788.025061][ T4411] usblp1: removed
[  788.131907][ T5081] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  788.142360][ T5081] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  788.150384][ T5081] usb 5-1: Product: syz
[  788.161870][ T5081] usb 5-1: Manufacturer: syz
[  788.222345][T11834] device vlan0 entered promiscuous mode
[  788.240430][ T5081] cdc_wdm 5-1:1.0: skipping garbage
[  788.242347][ T8936] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  788.245777][ T5081] cdc_wdm 5-1:1.0: skipping garbage
[  788.280311][ T5081] cdc_wdm 5-1:1.0: cdc-wdm1: USB WDM device
[  788.292224][ T5081] cdc_wdm 5-1:1.0: Unknown control protocol
[  788.473405][ T5081] usb 5-1: USB disconnect, device number 50
[  788.491595][ T8936] usb 7-1: Using ep0 maxpacket: 32
[  788.612631][ T8936] usb 7-1: config index 0 descriptor too short (expected 29220, got 36)
[  788.621143][ T8936] usb 7-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  788.675874][T11832] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1994'.
[  789.039324][T11840] loop5: detected capacity change from 0 to 32768
[  789.292735][T11840] (syz.5.1993,11840,0):ocfs2_read_journal_inode:1600 ERROR: status = -13
[  789.351707][T11840] (syz.5.1993,11840,0):ocfs2_mark_dead_nodes:1885 ERROR: status = -13
[  789.414432][ T8936] usb 7-1: config 0 has 1 interface, different from the descriptor's value: 81
[  789.423546][ T8936] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0
[  789.432607][T11840] (syz.5.1993,11840,0):ocfs2_check_volume:2481 ERROR: status = -13
[  789.433900][ T8936] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0
[  789.451813][ T8936] usb 7-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  789.464919][ T8936] usb 7-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  789.474771][ T8936] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  789.484710][ T8936] usb 7-1: config 0 descriptor??
[  789.496104][T11840] (syz.5.1993,11840,1):ocfs2_check_volume:2493 ERROR: status = -13
[  789.506906][T11840] (syz.5.1993,11840,1):ocfs2_mount_volume:1824 ERROR: status = -13
[  789.566362][T11840] (syz.5.1993,11840,0):ocfs2_fill_super:1177 ERROR: status = -13
[  789.574439][T11849] tmpfs: Bad value for 'mpol'
[  789.694197][ T8936] usblp 7-1:0.0: usblp1: USB Bidirectional printer dev 16 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17
[  789.708899][T11849] loop4: detected capacity change from 0 to 8192
[  789.721678][ T8936] usb 7-1: USB disconnect, device number 16
[  789.738387][ T8936] usblp1: removed
[  789.804061][T11849] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  789.835514][T11849] REISERFS (device loop4): using ordered data mode
[  789.843265][T11849] reiserfs: using flush barriers
[  789.849343][T11849] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 3841982494, max trans age 30
[  789.870445][T11849] REISERFS (device loop4): checking transaction log (loop4)
[  789.888972][T11849] REISERFS error (device loop4): vs-13070 reiserfs_read_locked_inode: i/o failure occurred trying to find stat data of [1 2 0x0 SD]
[  789.951457][T10251] usb 2-1: new high-speed USB device number 54 using dummy_hcd
[  789.971748][T11849] REISERFS (device loop4): Remounting filesystem read-only
[  789.979019][T11849] REISERFS warning (device loop4):  reiserfs_fill_super: corrupt root inode, run fsck
[  790.238228][T11859] loop4: detected capacity change from 0 to 128
[  790.282057][T11859] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  790.328216][T11859] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  790.337723][ T5081] usb 4-1: new high-speed USB device number 42 using dummy_hcd
[  790.378733][T10251] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  790.394117][T10251] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  790.412716][T10251] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  790.427995][T10251] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  790.441564][T10251] usb 2-1: config 0 descriptor??
[  790.667633][T11864] loop4: detected capacity change from 0 to 8192
[  790.699262][T11864] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal
[  790.711001][T11864] REISERFS (device loop4): using journaled data mode
[  790.718347][T11864] reiserfs: using flush barriers
[  790.739847][T11864] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  790.809824][T11864] REISERFS (device loop4): checking transaction log (loop4)
[  790.855869][T11864] REISERFS (device loop4): Using r5 hash to sort names
[  790.868200][T11864] REISERFS warning (device loop4): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[  790.890438][ T5081] usb 4-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc
[  790.900089][ T5081] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  790.917322][ T5081] usb 4-1: Product: syz
[  790.923969][T11864] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  790.942343][ T5081] usb 4-1: Manufacturer: syz
[  790.947078][ T5081] usb 4-1: SerialNumber: syz
[  790.966701][ T5081] usb 4-1: config 0 descriptor??
[  790.986744][T11864] REISERFS error (device loop4): vs-7000 search_by_entry_key: search_by_key returned item position == 0
[  791.008292][T11864] REISERFS (device loop4): Remounting filesystem read-only
[  791.032204][ T5081] i2c-tiny-usb 4-1:0.0: version 6d.cc found at bus 004 address 042
[  791.061113][ T4358] usb 6-1: USB disconnect, device number 42
[  791.113366][T11867] loop5: detected capacity change from 0 to 256
[  791.221446][T10251] usb 2-1: language id specifier not provided by device, defaulting to English
[  791.238757][T11856] udc-core: couldn't find an available UDC or it's busy
[  791.278703][T11856] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  791.310307][ T5081]  (null): failure setting delay to 10us
[  791.316661][ T5081] i2c-tiny-usb: probe of 4-1:0.0 failed with error -5
[  791.379751][ T5081] usb 4-1: USB disconnect, device number 42
[  791.451572][T10251] uclogic 0003:256C:006D.0017: failed retrieving Huion firmware version: -22
[  791.461522][T10251] uclogic 0003:256C:006D.0017: failed probing parameters: -22
[  791.469429][T10251] uclogic: probe of 0003:256C:006D.0017 failed with error -22
[  792.163858][ T5286] usb 5-1: new high-speed USB device number 51 using dummy_hcd
[  792.199324][ T8936] usb 2-1: USB disconnect, device number 54
[  792.466920][ T5286] usb 5-1: Using ep0 maxpacket: 8
[  792.610397][ T5286] usb 5-1: config 252 has an invalid interface number: 218 but max is 1
[  792.643473][ T5286] usb 5-1: config 252 has an invalid interface number: 6 but max is 1
[  792.657258][ T5286] usb 5-1: config 252 has no interface number 0
[  792.677950][ T5286] usb 5-1: config 252 has no interface number 1
[  792.685044][ T5286] usb 5-1: config 252 interface 218 altsetting 212 has an invalid endpoint with address 0x80, skipping
[  792.737879][ T5286] usb 5-1: config 252 interface 6 altsetting 184 endpoint 0x9 has invalid maxpacket 1023, setting to 64
[  792.764592][ T5286] usb 5-1: config 252 interface 218 has no altsetting 0
[  792.792866][ T5286] usb 5-1: config 252 interface 6 has no altsetting 0
[  792.811075][ T5286] usb 5-1: New USB device found, idVendor=1ff4, idProduct=600a, bcdDevice=8b.6e
[  792.827685][ T5286] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  792.857115][  T150] block nbd5: Attempted send on invalid socket
[  792.864684][  T150] blk_update_request: I/O error, dev nbd5, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  792.880018][  T263] block nbd5: Attempted send on invalid socket
[  792.886384][  T263] blk_update_request: I/O error, dev nbd5, sector 256 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  792.903805][T11914] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=256, location=256
[  792.937342][  T150] block nbd5: Attempted send on invalid socket
[  792.943793][  T150] blk_update_request: I/O error, dev nbd5, sector 512 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  792.956912][ T7839] nci: nci_rf_intf_activated_ntf_packet: unsupported activation_rf_tech_and_mode 0x41
[  792.977091][T11914] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=512, location=512
[  793.012276][T11914] UDF-fs: warning (device nbd5): udf_load_vrs: No anchor found
[  793.033329][T11914] UDF-fs: Scanning with blocksize 512 failed
[  793.045769][  T263] block nbd5: Attempted send on invalid socket
[  793.053492][  T263] blk_update_request: I/O error, dev nbd5, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  793.070335][  T150] block nbd5: Attempted send on invalid socket
[  793.076611][  T150] blk_update_request: I/O error, dev nbd5, sector 512 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  793.088168][T11914] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=256, location=256
[  793.109445][  T263] block nbd5: Attempted send on invalid socket
[  793.115707][  T263] blk_update_request: I/O error, dev nbd5, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  793.130825][T11914] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=512, location=512
[  793.154629][T11914] UDF-fs: warning (device nbd5): udf_load_vrs: No anchor found
[  793.165585][T11914] UDF-fs: Scanning with blocksize 1024 failed
[  793.173159][  T263] block nbd5: Attempted send on invalid socket
[  793.182932][  T263] blk_update_request: I/O error, dev nbd5, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  793.194480][  T150] block nbd5: Attempted send on invalid socket
[  793.201215][  T150] blk_update_request: I/O error, dev nbd5, sector 1024 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  793.212472][ T5286] usb 5-1: string descriptor 0 read error: -71
[  793.219127][T11914] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=256, location=256
[  793.231385][  T150] block nbd5: Attempted send on invalid socket
[  793.237860][  T150] blk_update_request: I/O error, dev nbd5, sector 2048 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  793.258843][ T5286] option 5-1:252.218: GSM modem (1-port) converter detected
[  793.266804][T11914] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=512, location=512
[  793.270143][ T5286] option 5-1:252.6: GSM modem (1-port) converter detected
[  793.297580][T11914] UDF-fs: warning (device nbd5): udf_load_vrs: No anchor found
[  793.307244][ T5286] usb 5-1: USB disconnect, device number 51
[  793.318895][ T5286] option 5-1:252.218: device disconnected
[  793.319460][T11914] UDF-fs: Scanning with blocksize 2048 failed
[  793.326954][ T5286] option 5-1:252.6: device disconnected
[  793.361271][  T150] block nbd5: Attempted send on invalid socket
[  793.367489][  T150] blk_update_request: I/O error, dev nbd5, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0
[  793.381037][T11914] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=256, location=256
[  793.402534][T11914] UDF-fs: error (device nbd5): udf_read_tagged: read failed, block=512, location=512
[  793.412602][T11914] UDF-fs: warning (device nbd5): udf_load_vrs: No anchor found
[  793.420761][T11914] UDF-fs: Scanning with blocksize 4096 failed
[  793.427127][T11914] UDF-fs: warning (device nbd5): udf_fill_super: No partition found (1)
[  793.742251][T11955] netlink: 'syz.6.2036': attribute type 10 has an invalid length.
[  793.787848][T11955] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  794.072752][T11966] netlink: 20 bytes leftover after parsing attributes in process `syz.5.2041'.
[  794.351712][T11973] block device autoloading is deprecated and will be removed.
[  794.563893][ T4199] Bluetooth: hci0: unexpected event for opcode 0x0413
[  795.041305][T12008] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  795.085372][T12008] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  795.247085][T12031] 9pnet_virtio: no channels available for device syz
[  795.537683][T12050] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2073'.
[  795.619598][T12053] overlayfs: failed to get inode (-116)
[  795.626199][T12053] overlayfs: failed to get inode (-116)
[  796.401420][T12104] block nbd1: Device being setup by another task
[  796.473938][T12104] block nbd1: shutting down sockets
[  796.572821][T12117] binder: 12114:12117 unknown command 0
[  796.579680][T12117] binder: 12114:12117 ioctl c0306201 200000000080 returned -22
[  796.703216][T12123] device syzkaller1 entered promiscuous mode
[  796.846707][T12126] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  796.855300][T12126] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  797.441989][   T26] audit: type=1326 audit(1753558619.032:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12118 comm="syz.1.2096" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff0dd56d9a9 code=0x7fc00000
[  797.638108][T12163] netlink: 'syz.4.2112': attribute type 12 has an invalid length.
[  797.650324][T12163] netlink: 32 bytes leftover after parsing attributes in process `syz.4.2112'.
[  797.766917][ T5286] usb 6-1: new high-speed USB device number 43 using dummy_hcd
[  798.026877][ T5286] usb 6-1: Using ep0 maxpacket: 8
[  798.149383][ T5286] usb 6-1: config 0 has an invalid interface number: 55 but max is 0
[  798.157845][T12192] 9pnet_virtio: no channels available for device syz
[  798.175685][ T5286] usb 6-1: config 0 has no interface number 0
[  798.195290][ T5286] usb 6-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0x80, skipping
[  798.232383][ T5286] usb 6-1: config 0 interface 55 altsetting 0 has an invalid endpoint with address 0xAB, skipping
[  798.274708][ T5286] usb 6-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  798.292713][T12199] binder: BINDER_SET_CONTEXT_MGR already set
[  798.299113][T12199] binder: 12197:12199 ioctl 4018620d 200000000100 returned -16
[  798.307729][ T5286] usb 6-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[  798.317512][ T5286] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  798.343416][ T5286] usb 6-1: config 0 descriptor??
[  798.389037][ T5286] ldusb 6-1:0.55: Interrupt in endpoint not found
[  798.594187][ T5286] usb 6-1: USB disconnect, device number 43
[  798.756369][ T4398] usb 5-1: new high-speed USB device number 52 using dummy_hcd
[  798.797300][T12223] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2135'.
[  798.824960][T12223] bridge0: port 2(bridge_slave_1) entered disabled state
[  799.010120][ T4398] usb 5-1: Using ep0 maxpacket: 32
[  799.087462][ T4199] Bluetooth: hci0: unknown advertising packet type: 0x70
[  799.087579][ T4199] Bluetooth: hci0: Malicious advertising data.
[  799.146798][ T4398] usb 5-1: unable to get BOS descriptor or descriptor too short
[  799.155137][ T4398] usb 5-1: no configurations
[  799.160123][ T4398] usb 5-1: can't read configurations, error -22
[  799.174628][T12243] binder: 12241:12243 unknown command 0
[  799.180581][T12243] binder: 12241:12243 ioctl c0306201 200000000080 returned -22
[  799.433442][T12260] input: syz1 as /devices/virtual/input/input22
[  799.690681][T12275] netlink: 'syz.4.2157': attribute type 10 has an invalid length.
[  799.723688][T12275] device wlan1 entered promiscuous mode
[  799.732867][T12271] KVM: KVM_SET_CPUID{,2} after KVM_RUN may cause guest instability
[  799.743163][T12271] KVM: KVM_SET_CPUID{,2} will fail after KVM_RUN starting with Linux 5.16
[  799.770250][ T7839] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  799.795175][ T7839] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  799.808667][ T7846] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  799.980961][T12291] 9pnet_virtio: no channels available for device syz
[  800.166478][T10251] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  800.174789][T10251] Bluetooth: hci3: Injecting HCI hardware error event
[  800.198626][ T4195] Bluetooth: hci3: hardware error 0x00
[  800.244543][T12309] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  800.312226][T12312] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2170'.
[  800.395606][ T5286] usb 2-1: new low-speed USB device number 55 using dummy_hcd
[  800.755598][ T5286] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  800.764300][ T5286] usb 2-1: config 0 has no interface number 0
[  800.795584][ T5286] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  800.825367][T12339] 9pnet_virtio: no channels available for device syz
[  800.826465][ T5286] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  800.838815][T12339] overlayfs: './file0' not a directory
[  800.855142][ T5286] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  800.872705][ T5286] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  800.895318][T10251] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  800.895318][ T4398] usb 4-1: new high-speed USB device number 43 using dummy_hcd
[  800.922418][ T5286] usb 2-1: config 0 descriptor??
[  800.945977][T12302] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  800.970544][ T5286] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  801.198566][ T4411] usb 2-1: USB disconnect, device number 55
[  801.285564][T10251] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  801.302113][T10251] usb 7-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 64
[  801.305178][ T4398] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  801.326635][ T4398] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  801.341364][ T4398] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  801.352263][ T4398] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  801.368265][ T4398] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  801.465620][T10251] usb 7-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  801.480312][T10251] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  801.489010][T10251] usb 7-1: Product: syz
[  801.493185][T10251] usb 7-1: Manufacturer: syz
[  801.503615][T10251] usb 7-1: SerialNumber: syz
[  801.515272][ T4398] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  801.524800][ T4398] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  801.532933][ T4398] usb 4-1: Product: syz
[  801.542498][ T4398] usb 4-1: Manufacturer: syz
[  801.597298][ T4398] cdc_wdm 4-1:1.0: skipping garbage
[  801.602572][ T4398] cdc_wdm 4-1:1.0: skipping garbage
[  801.610468][ T4398] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  801.616526][ T4398] cdc_wdm 4-1:1.0: Unknown control protocol
[  801.747395][T12331] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[  801.821442][ T4306] usb 4-1: USB disconnect, device number 43
[  801.995383][T10251] cdc_ncm 7-1:1.0: bind() failure
[  802.034817][T10251] cdc_ncm: probe of 7-1:1.1 failed with error -71
[  802.064954][T10251] cdc_mbim: probe of 7-1:1.1 failed with error -71
[  802.105324][T10251] usbtest: probe of 7-1:1.1 failed with error -71
[  802.120080][T10251] usb 7-1: USB disconnect, device number 17
[  802.133430][T12367] policy can only be matched on NF_INET_PRE_ROUTING
[  802.133453][T12367] unable to load match
[  802.342909][T12375] ------------[ cut here ]------------
[  802.349184][T12375] WARNING: CPU: 0 PID: 12375 at mm/page_alloc.c:5449 __alloc_pages+0x391/0x470
[  802.364136][T12375] Modules linked in:
[  802.369946][T12375] CPU: 0 PID: 12375 Comm: syz.5.2198 Not tainted 5.15.189-syzkaller #0
[  802.379791][T12375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  802.391277][T12375] RIP: 0010:__alloc_pages+0x391/0x470
[  802.397879][T12375] Code: 31 ff e9 b2 fe ff ff e8 7d b2 f5 07 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c 50 fd ff ff 4c 89 e7 e8 44 ac 09 00 e9 43 fd ff ff <0f> 0b 45 31 ff e9 ef fe ff ff 65 44 8b 2d 35 9a 4f 7e 41 83 fd 08
[  802.417622][    C0] vkms_vblank_simulate: vblank timer overrun
[  802.423992][T12375] RSP: 0018:ffffc90002fdf9e0 EFLAGS: 00010246
[  802.436700][T12375] RAX: ffffc90002fdfa20 RBX: 1ffff920005fbf40 RCX: 0000000000000000
[  802.445786][T12375] RDX: 0000000000000028 RSI: 0000000000000000 RDI: ffffc90002fdfa48
[  802.453851][T12375] RBP: ffffc90002fdfad8 R08: dffffc0000000000 R09: ffffc90002fdfa20
[  802.472955][T12375] R10: fffff520005fbf49 R11: 1ffff920005fbf44 R12: dffffc0000000000
[  802.484787][T12375] R13: 0000000000000000 R14: 0000000000040dc0 R15: 000000000000001a
[  802.492813][T12375] FS:  00007f3cfc7686c0(0000) GS:ffff8880b9000000(0000) knlGS:0000000000000000
[  802.502269][T12375] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  802.509683][T12375] CR2: 000000110c3fe2dc CR3: 000000004e9c5000 CR4: 00000000003506f0
[  802.515290][ T4306] usb 4-1: new high-speed USB device number 44 using dummy_hcd
[  802.518100][T12375] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 000000008000000f
[  802.533705][T12375] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400
[  802.541997][T12375] Call Trace:
[  802.545618][T12375]  <TASK>
[  802.548945][T12375]  ? zone_statistics+0x170/0x170
[  802.554116][T12375]  ? alloc_pages+0x438/0x550
[  802.558852][T12375]  kmalloc_order+0x40/0x150
[  802.563545][T12375]  ? __might_fault+0xb3/0x110
[  802.568368][T12375]  kmalloc_order_trace+0x14/0xf0
[  802.573510][T12375]  comedi_unlocked_ioctl+0x98b/0xe90
[  802.579116][T12375]  ? comedi_poll+0x8b0/0x8b0
[  802.583846][T12375]  ? tomoyo_path_number_perm+0x4d4/0x5d0
[  802.591475][T12375]  ? verify_lock_unused+0x140/0x140
[  802.596803][T12375]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  802.602566][T12375]  ? bpf_lsm_file_ioctl+0x5/0x10
[  802.607913][T12375]  ? security_file_ioctl+0x7c/0xa0
[  802.613154][T12375]  ? comedi_poll+0x8b0/0x8b0
[  802.618480][T12375]  __se_sys_ioctl+0xfa/0x170
[  802.623120][T12375]  do_syscall_64+0x4c/0xa0
[  802.627642][T12375]  ? clear_bhb_loop+0x30/0x80
[  802.632517][T12375]  ? clear_bhb_loop+0x30/0x80
[  802.637296][T12375]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  802.643375][T12375] RIP: 0033:0x7f3cfe9009a9
[  802.647890][T12375] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  802.667612][    C0] vkms_vblank_simulate: vblank timer overrun
[  802.674115][T12375] RSP: 002b:00007f3cfc768038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  802.682792][T12375] RAX: ffffffffffffffda RBX: 00007f3cfeb27fa0 RCX: 00007f3cfe9009a9
[  802.690877][T12375] RDX: 0000200000000000 RSI: 000000008010640b RDI: 0000000000000003
[  802.700554][T12375] RBP: 00007f3cfe982d69 R08: 0000000000000000 R09: 0000000000000000
[  802.708675][T12375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  802.716961][T12375] R13: 0000000000000000 R14: 00007f3cfeb27fa0 R15: 00007ffcfcac78b8
[  802.725876][T12375]  </TASK>
[  802.729107][T12375] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  802.736404][T12375] CPU: 0 PID: 12375 Comm: syz.5.2198 Not tainted 5.15.189-syzkaller #0
[  802.744665][T12375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  802.754740][T12375] Call Trace:
[  802.758035][T12375]  <TASK>
[  802.760976][T12375]  dump_stack_lvl+0x168/0x230
[  802.765684][T12375]  ? show_regs_print_info+0x20/0x20
[  802.770917][T12375]  ? load_image+0x3b0/0x3b0
[  802.775461][T12375]  panic+0x2c9/0x7f0
[  802.779381][T12375]  ? bpf_jit_dump+0xd0/0xd0
[  802.783897][T12375]  ? __alloc_pages+0x391/0x470
[  802.788677][T12375]  __warn+0x248/0x2b0
[  802.792692][T12375]  ? __alloc_pages+0x391/0x470
[  802.797483][T12375]  report_bug+0x1b7/0x2e0
[  802.801825][T12375]  handle_bug+0x3a/0x70
[  802.805997][T12375]  exc_invalid_op+0x16/0x40
[  802.810527][T12375]  asm_exc_invalid_op+0x16/0x20
[  802.815404][T12375] RIP: 0010:__alloc_pages+0x391/0x470
[  802.820796][T12375] Code: 31 ff e9 b2 fe ff ff e8 7d b2 f5 07 44 89 e1 80 e1 07 80 c1 03 38 c1 0f 8c 50 fd ff ff 4c 89 e7 e8 44 ac 09 00 e9 43 fd ff ff <0f> 0b 45 31 ff e9 ef fe ff ff 65 44 8b 2d 35 9a 4f 7e 41 83 fd 08
[  802.840406][T12375] RSP: 0018:ffffc90002fdf9e0 EFLAGS: 00010246
[  802.846491][T12375] RAX: ffffc90002fdfa20 RBX: 1ffff920005fbf40 RCX: 0000000000000000
[  802.854493][T12375] RDX: 0000000000000028 RSI: 0000000000000000 RDI: ffffc90002fdfa48
[  802.862481][T12375] RBP: ffffc90002fdfad8 R08: dffffc0000000000 R09: ffffc90002fdfa20
[  802.870467][T12375] R10: fffff520005fbf49 R11: 1ffff920005fbf44 R12: dffffc0000000000
[  802.878468][T12375] R13: 0000000000000000 R14: 0000000000040dc0 R15: 000000000000001a
[  802.886491][T12375]  ? zone_statistics+0x170/0x170
[  802.891472][T12375]  ? alloc_pages+0x438/0x550
[  802.896106][T12375]  kmalloc_order+0x40/0x150
[  802.900628][T12375]  ? __might_fault+0xb3/0x110
[  802.905167][ T4306] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  802.905313][T12375]  kmalloc_order_trace+0x14/0xf0
[  802.917843][ T4306] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  802.918837][T12375]  comedi_unlocked_ioctl+0x98b/0xe90
[  802.918876][T12375]  ? comedi_poll+0x8b0/0x8b0
[  802.938902][T12375]  ? tomoyo_path_number_perm+0x4d4/0x5d0
[  802.939825][ T4306] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  802.944562][T12375]  ? verify_lock_unused+0x140/0x140
[  802.944596][T12375]  ? tomoyo_check_path_acl+0x1c0/0x1c0
[  802.944669][T12375]  ? bpf_lsm_file_ioctl+0x5/0x10
[  802.944691][T12375]  ? security_file_ioctl+0x7c/0xa0
[  802.944715][T12375]  ? comedi_poll+0x8b0/0x8b0
[  802.944737][T12375]  __se_sys_ioctl+0xfa/0x170
[  802.944766][T12375]  do_syscall_64+0x4c/0xa0
[  802.944796][T12375]  ? clear_bhb_loop+0x30/0x80
[  802.944817][T12375]  ? clear_bhb_loop+0x30/0x80
[  802.944839][T12375]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  802.944865][T12375] RIP: 0033:0x7f3cfe9009a9
[  802.944886][T12375] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  802.944905][T12375] RSP: 002b:00007f3cfc768038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  802.944930][T12375] RAX: ffffffffffffffda RBX: 00007f3cfeb27fa0 RCX: 00007f3cfe9009a9
[  802.944947][T12375] RDX: 0000200000000000 RSI: 000000008010640b RDI: 0000000000000003
[  802.944962][T12375] RBP: 00007f3cfe982d69 R08: 0000000000000000 R09: 0000000000000000
[  802.944976][T12375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  802.944990][T12375] R13: 0000000000000000 R14: 00007f3cfeb27fa0 R15: 00007ffcfcac78b8
[  802.945021][T12375]  </TASK>
[  802.945308][T12375] Kernel Offset: disabled
[  803.083129][T12375] Rebooting in 86400 seconds..