last executing test programs:

15.087505062s ago: executing program 4 (id=737):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3)
write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[], 0x78)
sendfile(r0, r1, &(0x7f00000001c0), 0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$radio(0x0, 0x3, 0x2)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x44}}, 0x0)
ioctl$VIDIOC_S_EXT_CTRLS(r2, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0xa30903, 0x8000, '\x00', @p_u8=&(0x7f0000000200)=0xc}})
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0xc2d41, 0x0)
fcntl$addseals(r1, 0x409, 0x8)
openat$kvm(0xffffffffffffff9c, 0x0, 0x14d801, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$UFFDIO_WRITEPROTECT(0xffffffffffffffff, 0xc018aa06, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000100))
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000540)={0x5, &(0x7f0000000500)=[{0x5, 0x0, 0x7, 0x7}, {0x2, 0x7, 0x3}, {0x2, 0xf9, 0x7, 0x3}, {0xbda, 0x3, 0xdd, 0x3ff}, {0x9, 0x4, 0x48, 0x5f6}]})
sendmsg$nl_route(r4, 0x0, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r7=>0x0})
sendmsg$nl_route(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@dellink={0x20, 0x11, 0x1, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, 0x1480, 0x2104}}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x80)

14.015130214s ago: executing program 4 (id=742):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000240)=0x16)
mount(&(0x7f0000000000)=@nbd={'/dev/nbd', 0x0}, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='pipefs\x00', 0x2, &(0x7f00000000c0)='${^!%!^-\x06(\xdb&\x94}\\\x00')
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000)=0x2000000, 0x300)
futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=<r2=>0x0)
timer_settime(r2, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
futex(&(0x7f0000000180)=0x1, 0x86, 0x2, 0x0, 0x0, 0x1)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9)

13.685571965s ago: executing program 2 (id=743):
mlock(&(0x7f0000ff8000/0x5000)=nil, 0x5000)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r0, 0xfffffffc)
connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="600000000206050000000000000000000000000014000780080013400000000008000600000000000500010006000000050005000200000005000400000000000900020073797a320000000011000300686173683a69702c706f7274"], 0x60}}, 0x0)
r3 = openat$sndtimer(0xffffffffffffff9c, 0x0, 0x101040)
ioctl$SNDRV_TIMER_IOCTL_PVERSION(r3, 0x80045400, 0xfffffffffffffffc)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000c80)={'lo\x00', <r5=>0x0})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}, {0xd}}}, 0x24}}, 0x0)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB], 0x28}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="b3ce0000000000000c0000004000000042000000", @ANYRES32=0x1, @ANYBLOB='\x00'/10, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSIGACCEPT(r6, 0x5607, 0x2c)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r7)
r8 = syz_open_dev$tty1(0xc, 0x4, 0x4)
ioctl$VT_ACTIVATE(r8, 0x5606, 0x4)
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, 0x0, 0x0)

12.898266394s ago: executing program 4 (id=745):
syz_usb_connect$hid(0x3, 0x0, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000018bbdecde39739fcd1df176dde746ec834120600000000003b814e50a959736d6572462abc30ef5b65c70f73ecea54b5e5bea9836c319f653557e79a002208ce996dda659bd5ba0f4ce5c2080002223dc60000000000000044cd0a1e3686873600000000005493b4b81d5b9fa9b40fe4d76afc3a989c6d60044e89eb96e44d01a1034e3797ffa86870b82939f41ffa0f3d726f085663c29cbdc4c766a7eb77cc36160191acf5ae7469c82ab4145b595b987d75912a0fcd1c061835294cc0c618aba204f8adaa20c80108d356cd88cc86177056b06e7068c40f807d9e539f8f5b64a8ee0725aa8d00000000007cb6020d90ea79b8027cf75964dd86c2ed2b5e75779677aa8c76b848dd03dab190b5f02ec52830a17b01eaae1c3df076000000000000000000000000000083a48a6b926c668b9b90195018ea3619f9d80a0b894e212178e1a19909d764666264fa29e2c055fd7f8e67c2acfb75f0a8d41692f4542a575ee42ed94a0014fba44985cca9df12fe93bfaccf0122a6e7e593613ac0111701b125cc6799c43aa4ff708dc4a00a6decad26f0378072a571da000000b1a6bdf03fd56697e348b5b494f6fddb9f56142a47a40ef81690a7eca421bd0ad198afa58ce69d61c29deaa93c0efea0df04f20020ee84075b4e1a2ad43d1be1138de4668e7b6137545708790c501f1ed7f6a571d500000000000000"], 0x25, 0x5586, &(0x7f00000079c0)="$eJzs3EtvG2UXAOAzTtP71y9CLNh1pAopkWqrTi+CFQVacRGtKi4LVuDYruXW9kSx44SsumCJWPBPEEisWPIbWMASdogFiB0SyDMTaNoGSuM4avs80vjMHL8+874jK9KZiRzAU2sh/e2XJE7FsYiYi4iTSeT7SblF3Im4XIx9LiJOR0Tlri0p838lDkfE8Yg4NSle1EzKtz47Oz5z8ec3f/362yOHTnz+1XcHunDgQD0fEf3VYn+jX8SsU8RbZb4x7uaxf2FcxtUdNfpZkd9or+QVNhrb4xp5PN8pxmer68NJvNlrNCex072Z51cHxQmH4852nckH0luNtfy41V7JY3eY5bGzVZx3c6v427Y1HBV1WmW9j/LyMRptxyLf3mwX61m9ncfmYFTmi7pZq705ieMylqeLZtZr5fNYecSL/Bh4qztY30zH7bVhNxukF2v1F2r1S9X6WtZqj9oXqo1+69KFdLHTmwyrjtqN/uVOlnV67Voz6y+li51ms1qvp4tX2ivdxiCt12vna+eqF5fKvbPpa9ffS3utdHESX+kO1kfd3jC9ma2lxSeW0uXa+ReX0jP19J1rN9Ibb1+9eu3Gux9cef/6y9feeLUcdN+00sXlc8vL1fq56nJ96Sla/8flpP/D+pMHp3/4fm+XDQq7fMEA2N19/X/c2/+H/h+Yur30//3b5fH+9P/xMP1/TLP/n7RU+v9/738rB9D/zof+fx/XD3vyaP3/4anPAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAmftx/ovX852F4vhEmf9fmXqmPE4iohIRfzzAXBzeUXOurDO/y/j5e+bwTRJ5hck5jpTb8Yi4XG6//3+/rwIAAAA8ub68c/rTolsvXhYOekLMUnHTpnLywynVSyJifuGnKVWrTF6enVKx/Pt9KDanVC2/gXV0SsWKW26HplXtocztCEfvCkkRKjOdDgAAMBM7O4HZdiEAAADM0if/+O5LM5sHM5bE9qPM7WfB+X/e//1A8NiO9wAAAIDHUHLQEwAAAAD2Xd7/+/0/AAAAeLIVv/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf7JzP7lpA1EcgJ8Nhv5VUdV9r9IdHKNH6LLLwgF6CY5Ar9ALcAYiZZEjRBBhT5CcgBSJMU7Q90m2M+Po5xlg88bSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXbqpVrN/f77/PTdnuztPntkAAAAAx2yq1az+Y9K0P6b+z6nra2oXEVFGxLHafRCjVuYg5VQn/r96Mob/EXXCvn+cjg8R8SMd91+6/hQAAADgeq0Xy2lTrTentARw2++ouJBm0ab89DNTXhER1eQuU1q5P33LFFb/vofxO1NavYD1LlNYs+Q2PH5vlOshbYPW5XEm8/pLrFtlN88FAAD61K4ETlQhAAAAXIFffQ+AS3he2heH0+E947i5pBeC71stAAAA4A0q+h4AAAAA0Lm6/n9N+/8V9v8DAACA7Jr9/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjSplrN1ovl9NT9+Qtztrvz5JsRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLA/7ygQAmEQBnvXdyZz/8NKg4bGJlUgfPyNwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxf68pEAIBEEUzBn/O+n7H1YS9AwiREDDo4paNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxb799EZRhgEAf3anu1DUWKtpYtVgwkEvUhYEuRqjaTz4EUyassXqIgo9CGnEXryZnrkYPRpjoqm3fgfONOGCNw491MSTh5r5V2bbFRqUmUJ/v+Td99nZ4f23E9Jn3lkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABKm+/Gq+0iTtKXiTwuj93eWp5P641ddWp99c50WtK4VfO4nwCvVd8cn2puIAAAABweSZnfR8TdztpsWrcnsvy/U56T5vw/PJfHZT6/O+/f2Fo+Wnw0Xeb/v/9276WdjiaSrJ+00YXFQf/U3qGMPaYpHnjPP/SMsWzls3svSfaFtD9ceXGzk61n67tbt97vZuGROkYLADyKk2VdBOXfQ2nda3JgABwaY5XEu8z/k4lmxwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQh82VeKaMWxExPXY/Tm1sLc+Pqr9ZvTO9XpRzN2+uVttMm+hExMLioH+qxrkcXOVqXv9sbjDoX7l6re7geESM+OjG/v55Ugz/X8/pRsTQkRMvj2jn4330taudPUFxeUa9aziezu+hJ7eGjrT2LPh727kmLoC6gnbx/TyOLsZr/96Hg/La+/9brvm/IwAAnnqdoqSZ6N3O2mx6rDUZsf3jcP7/RiWOobx/+0Z+JH+/Xsn/731y7na1r2r+36tpfk+CmaVLX8xcvXb9rcVLcxf7F/ufv326907vzPmzZ8/PZPdKZhai7Y4JAAAA/0G3KNX8vz25d///WCWOB+z/51vCef7/5fe9r6t9JfL/ke5v+jU9EgAAgMOouxO98Ppff7ZGnNHqduOruaWlK738def96fy11uE+oiNFqeb/yWTTowIAAADqsLnSGtr/v1CJ4wH7/9Xn/5/96ZVfqm0mETEecTki+ifnLw8u1DedA62OHypnHXWbnikAAABNGS9Kdf+/kz3/39555KEdEW+eiPi7+A1/7DP/Tz749udqX9Xn/8/UOsuDpz2Vr0dWT0WMTTU9IgAAAJ5mR4uSJvt/dNZmP/312Eddz/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1O2fAAAA//+FVSwP")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000003c0)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
ftruncate(r3, 0x2007ffc)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x40942, 0x0)
copy_file_range(r3, 0x0, r4, 0x0, 0xfffffbffa003e45b, 0x700000000000000)

10.862948472s ago: executing program 1 (id=749):
socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x20, 0x0, 0x0, 0xfffff00e}]}, 0x10)
write$tun(0xffffffffffffffff, 0x0, 0x46)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x7, 0x0, &(0x7f0000000900)="e02742e8680d85", 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x18)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000000)=0xff8, 0x0, 0x4)
socket(0x11, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000b40)=ANY=[@ANYBLOB="780200003c0007010000000000000000017c00004402fc8040020880afca5ff5d515226501d9fac3908ff02f8d09509c26adb6b5d864484d04d69b4da5d7a52bfaaaad3a5c25aa473a0456cf81bd4d74603377984679d221e2a018985f995b9c1787285a3068593180b924ed8d0940610e751d4177f4fdaa3b647713ec058a87aa46f52171df898c7a05121abccd3e66c0d455d5497f9b88f86e97ac669b2ac8acdde2137a259ace56f95c5e39e7db5a34433901da46f369d9dd5ca3e90600b07d4664e1d96191edfaa947604e2f1f75db049bd8923e183ceaf32e67fb16888c806403ecd4458012965b4bf87d769bf5e030474a90f0f8b743003256111a88037a5489878dc68d48348280c55d31a3ea6fc747a0cf299e10637fbc9a618a6bcadf0f6caf923a1dfbd1f2ba8fa08ddffc28b9a387e3b2b35d8a4ac3ea722e6f6089cc683eecda71ba25b3f72797dc417fca84d9d8f8baa94057192947b92000ba5770c7b084403a03adc1a2f42acd35c860b6d2150d1d0a70f422e4f73eac96a9de66ddc93cb95cbfce68d52b80505ad2cb11893f86e6c26ea10f484762e841ee827d794612312cd37ad973b2ab2986bb65f84b670790bad3776ef66f76955009f71065c51850d6b375827b6e3666e469312a118278044cc8c60724f9c11c75aee12f40a3f53f995cc20d3fef674b2e46dfdf9d48685be6be74cf4374ae2c3627d82fb3523b86a6b5eecc7c852e62b45b72141293a9e3fb1096a448ff5bce3586b50be5d12cbf9a80bca166f0e79ebd68b11bafb7f0fcc690fd1895afce6ae42d8ab38b9ebbfedf6d80c37c89ead9c8af0ec8b3f4a81f88d00c00018006000600800a0000090002"], 0x278}, 0x1, 0x0, 0x0, 0xc000}, 0x4040)

10.57604424s ago: executing program 1 (id=751):
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000f00)=[{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000240)="7ac8b2852c60ac24e03a2c072bab3422a80c1ff518be3d476f", 0x19}, {&(0x7f0000000340)="b92fc8d480737475599f9b3cec0ee7426057350194c5ce866b05f60343d526a746b201784a3ee55de873375a52dadc7e8a", 0x31}], 0x2, 0x0, 0x0, 0x40000}], 0x1, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$NL80211_CMD_JOIN_OCB(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200025bd7000fedbdf256c00000008000300", @ANYRES32=0x0, @ANYBLOB="0100000012cc62"], 0x24}, 0x1, 0x0, 0x0, 0x810}, 0x4000000)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x6, 0x9, 0x96, 0x0, 0x1, 0x2, 0x3, 0xe2, 0x0, 0x3, 0x2, 0xc1, 0x0, 0x3, 0x7, 0x4, 0x77, 0x3, 0x3a, '\x00', 0x7})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

9.307949979s ago: executing program 1 (id=754):
madvise(&(0x7f0000948000/0x4000)=nil, 0x4000, 0xf)
syz_mount_image$hfsplus(&(0x7f0000000400), &(0x7f0000002300)='./file1\x00', 0x44, &(0x7f0000002240)=ANY=[@ANYRES8=0x0, @ANYRESHEX, @ANYRESOCT, @ANYRESOCT], 0x5, 0x6a3, &(0x7f0000001b80)="$eJzs3UtsHGcdAPD/rPfhDSh12iQNqBJWIxWEReKHnGIuNahClqhQVQ6I4ypxGisbt7Jd5EQIwvvAhUPvFAnfuIDEPaicgVOvPlZC4pKTAYlF87LXr/Wu43ht8ftFs/N98z3m+/4z49mdVbQB/N9amIjqk0hiYeKt9TS/uTHT3tyYeVCmI6IREZWIar6KZDki+ThiPvIlPpduLLpLDtvPh0tz73zydPPTPFctlqx+pVe7fW5VDtj4uFhiPCJGivUz2NXf7T391QfuLtmeYRqw62XgYNhqEdHZ5XtXd0qO1P91C5xZSX7f3HdBj0VciIjR4n1AflfM79lnV+PoKo9PYxwAAAAwZC/8KvsIf3HY4wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDzpPj9/6RYKmV6PJLy9//rxbYo0ufak2EPAAAAAAAAAAAG963P7tnwha3YivW4WOY7Sfad/6tZ5nL2+pn4IFZjMVbiRqxHK9ZiLVZiKiLGsvJa9lpfb62trUz10XJ6u2V0tZzucwbN408eAAAAAAAAAM6L6uBNfhILO9//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAWZBEjOSrbLlcpseiUo2I0Yiop/UeR/ytTJ9Jv/lzd67zn05mX7UnpzkmAAAAGJIXtmIr1uNime8k2Wf+q9nn/tH4IJZjLZZiLdqxGHeyZwH5p/7K5sZMe3Nj5kG67O/36/8caBhZj5E/ezh4z9eyGs24G0vZlhtxO96LdtyJStYyda0cz8Hj+nE6puSNQp8ju1Os05n/OmoDzeo4kr5rjmURSUeUR2SyaJtG41LvSAx4dMo9lbGfisr2k5/LJxnz9Xz1+u/ydTqfXwwUk+dtbySmu86+q70jEfHFP/3+u/fay/cbd1cnzs6UBtDoeoK2NxIzXZF4ud9I3Duvkeg2mUXiynZ+Ib4Z34mJGI+3YyWW4vvRirVYjPF4M1oxEq3ifE5fx3pHan5X7u1iXTlsJPXsuNSKv6I9x9QoS97MRteKV7O2F2Mpvh3vxZ1YjFvZv+mYitdjNmZjrusIX+njqq/0vOqbezdc/1LXw+RfHlRjaNKBXdq+O3Wf9ZPZdXBp15adKL148vej6ueLRLqPn/Y6GU7d3khMdUXipd6R+G32Z2W1vXx/5V7r/T7391qxTq+jn5+pu0R6vryYHqwst/vsSMte2ls2mserXnzjkpftvuOmZVe2y466UuvFe7j9PU1nZS8fWDaTlV3rKtv1fms+f78FwJl34csX6s1/NP/a/Kj5s+a95luj32h8tfFKPWp/qX2tOjnyWuWV5I/xUfxw5/M/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwfKsPH91vtduLK3sSnU7nR4cUPcdEMyLKLRFHtarF0XWOTjSP0aoeEVmiWiYG22mjr8r1naPzxh+eJby1QVtFnMgxrRYn2cNH9//V6XQOq1yJfjqMyZM4x2o9zvmdRPkrafuKOuUPW53uddFv4t+dk+twSH+QgFNzc+3B+zdXHz76ytKD1ruL7y4uz83Ozk3Ozd76+827S+3Fyfx12KMEnoedm/6wRwIAAAAAAAAAAAD06zT+W8Ihu/7vKU8VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOKcWJhpF6sZk+rq5MdNOlzK9XTGrVomI5AcRyccR85EvMdbVXXLYfj5cmnvnk6ebn+a5arFk9Su72tWOM4vHxRLjETFSrLuNPkN/t4v1sUaWSbZnOB9Ru14GDobtfwEAAP//axIEXA==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x104)
read$FUSE(r0, &(0x7f0000002340)={0x2020}, 0x2020)
ioctl$FIBMAP(r0, 0x1, &(0x7f0000000000)=0x24)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuset.effective_mems\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040), 0x208e24b)
write$input_event(r1, &(0x7f00000001c0)={{}, 0x11, 0x8001, 0x58}, 0x18)

9.183507568s ago: executing program 2 (id=755):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000240)=0x16)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000)=0x2000000, 0x300)
futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0)
r1 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)=<r2=>0x0)
timer_settime(r2, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
futex(&(0x7f0000000180)=0x1, 0x86, 0x2, 0x0, 0x0, 0x1)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9)

8.303244023s ago: executing program 0 (id=758):
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000f00)=[{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000340)="b92fc8d480737475599f9b3cec0ee7426057350194c5ce866b05f60343d526a746b201784a3ee55de873375a52dadc7e8ab9044dd2665909a0580519f5736b82fd6340430182bca17cdb83870fcaacfaa5", 0x51}], 0x1, 0x0, 0x0, 0x40000}], 0x1, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$NL80211_CMD_JOIN_OCB(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200025bd7000fedbdf256c00000008000300", @ANYRES32=0x0, @ANYBLOB="0100000012cc62"], 0x24}, 0x1, 0x0, 0x0, 0x810}, 0x4000000)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x6, 0x9, 0x96, 0x0, 0x1, 0x2, 0x3, 0xe2, 0x0, 0x3, 0x2, 0xc1, 0x0, 0x3, 0x7, 0x4, 0x77, 0x3, 0x3a, '\x00', 0x7})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

8.239505667s ago: executing program 2 (id=759):
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000f00)=[{0x0, 0x0, &(0x7f0000000640)=[{0x0}, {&(0x7f0000000240)="7ac8b2852c60ac24e03a2c072bab3422a80c1ff518be3d476f4613ac6966fe3d59eaa20ec88f677b15d700cd353f4e204732f26aa229fa8b1aedf5c4ea550aa6c5ca40178fde587d3ffcb3f72d9aa08a1cf5a4ead762672b35ab", 0x5a}, {0x0}, {&(0x7f0000000340)="b92fc8d480737475599f9b3cec0ee7426057350194c5ce866b05f60343d526a746b201784a3ee55de873375a52dadc7e8ab9044dd2665909a0580519f5736b82fd6340430182bc", 0x47}], 0x4, 0x0, 0x0, 0x40000}], 0x1, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$NL80211_CMD_JOIN_OCB(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200025bd7000fedbdf256c00000008000300", @ANYRES32=0x0], 0x24}, 0x1, 0x0, 0x0, 0x810}, 0x4000000)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x6, 0x9, 0x96, 0x0, 0x1, 0x2, 0x3, 0xe2, 0x0, 0x3, 0x2, 0xc1, 0x0, 0x3, 0x7, 0x4, 0x77, 0x3, 0x3a, '\x00', 0x7})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

8.151195626s ago: executing program 4 (id=760):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000580), 0x202, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r1, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, &(0x7f0000000000)=""/180, 0xb4, 0x0, &(0x7f00000000c0)=""/75, 0x4b}, &(0x7f0000000180)=0x40)
r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60)
chdir(0x0)
syz_usb_connect(0x0, 0x24, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x80000001}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=@newlink={0x44, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x10290}, [@IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}]}]}, @IFLA_GROUP={0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x1}, 0x4008040)
r5 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r5, 0x4601, &(0x7f0000000240)={0x400, 0x30, 0x60, 0x0, 0x0, 0x1f, 0x18, 0x0, {}, {}, {0x0, 0xac}, {}, 0x0, 0x40, 0x0, 0x7, 0x0, 0x5, 0x0, 0x0, 0x4000, 0x3, 0x0, 0x0, 0x16, 0x0, 0x0, 0x5})
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
writev(0xffffffffffffffff, &(0x7f0000000880), 0x0)

7.943837953s ago: executing program 3 (id=761):
socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0x20, 0x0, 0x0, 0xfffff00e}]}, 0x10)
write$tun(0xffffffffffffffff, 0x0, 0x46)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0x7, 0x0, &(0x7f0000000900)="e02742e8680d85", 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0}, 0x18)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000000)=0xff8, 0x0, 0x4)
socket(0x11, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000b40)=ANY=[@ANYBLOB="780200003c0007010000000000000000017c00004402fc8040020880afca5ff5d515226501d9fac3908ff02f8d09509c26adb6b5d864484d04d69b4da5d7a52bfaaaad3a5c25aa473a0456cf81bd4d74603377984679d221e2a018985f995b9c1787285a3068593180b924ed8d0940610e751d4177f4fdaa3b647713ec058a87aa46f52171df898c7a05121abccd3e66c0d455d5497f9b88f86e97ac669b2ac8acdde2137a259ace56f95c5e39e7db5a34433901da46f369d9dd5ca3e90600b07d4664e1d96191edfaa947604e2f1f75db049bd8923e183ceaf32e67fb16888c806403ecd4458012965b4bf87d769bf5e030474a90f0f8b743003256111a88037a5489878dc68d48348280c55d31a3ea6fc747a0cf299e10637fbc9a618a6bcadf0f6caf923a1dfbd1f2ba8fa08ddffc28b9a387e3b2b35d8a4ac3ea722e6f6089cc683eecda71ba25b3f72797dc417fca84d9d8f8baa94057192947b92000ba5770c7b084403a03adc1a2f42acd35c860b6d2150d1d0a70f422e4f73eac96a9de66ddc93cb95cbfce68d52b80505ad2cb11893f86e6c26ea10f484762e841ee827d794612312cd37ad973b2ab2986bb65f84b670790bad3776ef66f76955009f71065c51850d6b375827b6e3666e469312a118278044cc8c60724f9c11c75aee12f40a3f53f995cc20d3fef674b2e46dfdf9d48685be6be74cf4374ae2c3627d82fb3523b86a6b5eecc7c852e62b45b72141293a9e3fb1096a448ff5bce3586b50be5d12cbf9a80bca166f0e79ebd68b11bafb7f0fcc690fd1895afce6ae42d8ab38b9ebbfedf6d80c37c89ead9c8af0ec8b3f4a81f88d00c00018006000600800a0000090002"], 0x278}, 0x1, 0x0, 0x0, 0xc000}, 0x4040)

7.888302545s ago: executing program 0 (id=762):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r0 = socket(0x400000000010, 0x3, 0x0)
r1 = socket$unix(0x1, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
chown(0x0, 0x0, 0xee01)
r3 = creat(0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
ioctl$TIOCGSID(r3, 0x5429, &(0x7f0000000280))
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)

7.747958627s ago: executing program 3 (id=763):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1b00000000000d80000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYRES32=r4, @ANYBLOB="0000000000000000b702000000000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000040)={r5}, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000002000)=""/102400, 0x19000)
chown(0x0, 0x0, 0xee01)
r7 = creat(0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x3, [@var={0x2, 0x0, 0x0, 0x11, 0x3, 0xffffffff}, @const={0x0, 0x0, 0x0, 0x2}, @func_proto={0x2, 0x0, 0x0, 0x8, 0x2}]}, {0x0, [0x0]}}, 0x0, 0x43}, 0x28)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
ioctl$TIOCGSID(r7, 0x5429, &(0x7f0000000280)=<r9=>0x0)
ptrace$ARCH_GET_GS(0x1e, r9, &(0x7f0000000380), 0x1004)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r8, {0x10, 0xffe0}, {}, {0xd, 0xfff3}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_CT_ZONE={0x6, 0x5d, 0xfb25}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x220400b9}, 0x40040)
mount(&(0x7f00000002c0)=@nullb, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)

6.423444776s ago: executing program 0 (id=764):
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000f00)=[{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000240)="7ac8b2852c60ac24e03a2c072bab3422a80c1ff518be3d476f", 0x19}, {&(0x7f0000000340)="b92fc8d480737475599f9b3cec0ee7426057350194c5ce866b05f60343d526a746b201784a3ee55de873375a52dadc7e8a", 0x31}], 0x2, 0x0, 0x0, 0x40000}], 0x1, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$NL80211_CMD_JOIN_OCB(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200025bd7000fedbdf256c00000008000300", @ANYRES32=0x0, @ANYBLOB="0100000012cc62"], 0x24}, 0x1, 0x0, 0x0, 0x810}, 0x4000000)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x6, 0x9, 0x96, 0x0, 0x1, 0x2, 0x3, 0xe2, 0x0, 0x3, 0x2, 0xc1, 0x0, 0x3, 0x7, 0x4, 0x77, 0x3, 0x3a, '\x00', 0x7})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

6.330683496s ago: executing program 1 (id=765):
mlock(&(0x7f0000ff8000/0x5000)=nil, 0x5000)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r0, 0xfffffffc)
connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10)
r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="600000000206050000000000000000000000000014000780080013400000000008000600000000000500010006000000050005000200000005000400000000000900020073797a320000000011000300686173683a69702c706f7274"], 0x60}}, 0x0)
openat$sndtimer(0xffffffffffffff9c, 0x0, 0x101040)
r3 = socket$nl_route(0x10, 0x3, 0x0)
r4 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000c80)={'lo\x00', <r5=>0x0})
sendmsg$nl_route_sched(r3, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}, {0xd}}}, 0x24}}, 0x0)
sendmsg$MPTCP_PM_CMD_DEL_ADDR(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB], 0x28}}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="b3ce0000000000000c0000004000000042000000", @ANYRES32=0x1, @ANYBLOB='\x00'/10, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r6 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSIGACCEPT(r6, 0x5607, 0x2c)
r7 = syz_open_dev$tty1(0xc, 0x4, 0x1)
dup(r7)
r8 = syz_open_dev$tty1(0xc, 0x4, 0x4)
ioctl$VT_ACTIVATE(r8, 0x5606, 0x4)
r9 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r9, 0x0, 0x0)

6.177671766s ago: executing program 3 (id=766):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x98gU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xb8\xc1: )mh\xc7\xf1?\xbb\x13;\xad\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xa5Sk\x87P\xc2\x97D\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\xaa\x920\xdcrI\xd8\b\xfb\xc7\xe7xX\x00>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9dx\xb2\x86\xad\x92', 0x3)
write$binfmt_elf64(r1, &(0x7f0000000180)=ANY=[], 0x78)
sendfile(r0, r1, &(0x7f00000001c0), 0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$radio(0x0, 0x3, 0x2)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x44}}, 0x0)
ioctl$VIDIOC_S_EXT_CTRLS(r2, 0xc0205648, &(0x7f0000000100)={0x0, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0xa30903, 0x8000, '\x00', @p_u8=&(0x7f0000000200)=0xc}})
r3 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r3, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, 0x0)
openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0xc2d41, 0x0)
fcntl$addseals(r1, 0x409, 0x8)
openat$kvm(0xffffffffffffff9c, 0x0, 0x14d801, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$UFFDIO_WRITEPROTECT(0xffffffffffffffff, 0xc018aa06, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r5, 0x8933, &(0x7f0000000100))
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000540)={0x5, &(0x7f0000000500)=[{0x5, 0x0, 0x7, 0x7}, {0x2, 0x7, 0x3}, {0x2, 0xf9, 0x7, 0x3}, {0xbda, 0x3, 0xdd, 0x3ff}, {0x9, 0x4, 0x48, 0x5f6}]})
sendmsg$nl_route(r4, 0x0, 0x0)
r6 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r6, 0x8933, &(0x7f0000000000)={'batadv0\x00', <r7=>0x0})
sendmsg$nl_route(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@dellink={0x20, 0x11, 0x1, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, 0x1480, 0x2104}}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x80)

6.149203171s ago: executing program 2 (id=767):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket(0x10, 0x3, 0x6)
socket(0x10, 0x3, 0x0)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, 0x0, 0x0)
sendto$inet6(r2, &(0x7f0000000000)='\x00', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback, 0x5}, 0x1c)
recvmmsg(r2, &(0x7f0000000740)=[{{0x0, 0x0, &(0x7f00000000c0), 0x1, &(0x7f00000003c0)=""/21, 0x21}, 0x1ff}], 0x73d, 0x40000040, 0x0)

5.69253936s ago: executing program 0 (id=768):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_type(r0, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_type(r1, &(0x7f0000000280), 0x9)
r2 = openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f0000000c40), 0x12)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_ro(r3, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
open(0x0, 0x80ff, 0x36)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r5, &(0x7f0000006300)={0x2020, 0x0, <r6=>0x0}, 0x2020)
write$FUSE_INIT(r5, &(0x7f0000000040)={0x50, 0x0, r6, {0x7, 0x1f, 0x0, 0x10408}}, 0x50)
open$dir(&(0x7f0000000000)='./file0\x00', 0x200, 0x12)
write$cgroup_int(r4, &(0x7f0000000200)=0x1, 0x12)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r8 = openat$cgroup_procs(r7, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r8, &(0x7f0000000080), 0x12)

5.4167919s ago: executing program 0 (id=769):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
r0 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0)
recvmsg(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0}, 0x40000000)
socket$netlink(0x10, 0x3, 0x0)
close(0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x183822, 0x0)
r3 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x0, 0x100, 0x0, 0x333}, &(0x7f0000000000)=<r4=>0x0, &(0x7f00000001c0)=<r5=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r4, r5, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r2, 0x0, &(0x7f0000000100)=[{0x0}], 0x1})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x26, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
io_uring_enter(r3, 0x47ba, 0x0, 0x0, 0x0, 0x0)

4.972485234s ago: executing program 3 (id=770):
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000)=0x2000000, 0x300)
futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0)
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=<r1=>0x0)
timer_settime(r1, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
futex(&(0x7f0000000180)=0x1, 0x86, 0x2, 0x0, 0x0, 0x1)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9)

4.089017021s ago: executing program 0 (id=771):
syz_usb_connect$hid(0x3, 0x0, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000018bbdecde39739fcd1df176dde746ec834120600000000003b814e50a959736d6572462abc30ef5b65c70f73ecea54b5e5bea9836c319f653557e79a002208ce996dda659bd5ba0f4ce5c2080002223dc60000000000000044cd0a1e3686873600000000005493b4b81d5b9fa9b40fe4d76afc3a989c6d60044e89eb96e44d01a1034e3797ffa86870b82939f41ffa0f3d726f085663c29cbdc4c766a7eb77cc36160191acf5ae7469c82ab4145b595b987d75912a0fcd1c061835294cc0c618aba204f8adaa20c80108d356cd88cc86177056b06e7068c40f807d9e539f8f5b64a8ee0725aa8d00000000007cb6020d90ea79b8027cf75964dd86c2ed2b5e75779677aa8c76b848dd03dab190b5f02ec52830a17b01eaae1c3df076000000000000000000000000000083a48a6b926c668b9b90195018ea3619f9d80a0b894e212178e1a19909d764666264fa29e2c055fd7f8e67c2acfb75f0a8d41692f4542a575ee42ed94a0014fba44985cca9df12fe93bfaccf0122a6e7e593613ac0111701b125cc6799c43aa4ff708dc4a00a6decad26f0378072a571da000000b1a6bdf03fd56697e348b5b494f6fddb9f56142a47a40ef81690a7eca421bd0ad198afa58ce69d61c29deaa93c0efea0df04f20020ee84075b4e1a2ad43d1be1138de4668e7b6137545708790c501f1ed7f6a571d500000000000000"], 0x25, 0x5586, &(0x7f00000079c0)="$eJzs3EtvG2UXAOAzTtP71y9CLNh1pAopkWqrTi+CFQVacRGtKi4LVuDYruXW9kSx44SsumCJWPBPEEisWPIbWMASdogFiB0SyDMTaNoGSuM4avs80vjMHL8+874jK9KZiRzAU2sh/e2XJE7FsYiYi4iTSeT7SblF3Im4XIx9LiJOR0Tlri0p838lDkfE8Yg4NSle1EzKtz47Oz5z8ec3f/362yOHTnz+1XcHunDgQD0fEf3VYn+jX8SsU8RbZb4x7uaxf2FcxtUdNfpZkd9or+QVNhrb4xp5PN8pxmer68NJvNlrNCex072Z51cHxQmH4852nckH0luNtfy41V7JY3eY5bGzVZx3c6v427Y1HBV1WmW9j/LyMRptxyLf3mwX61m9ncfmYFTmi7pZq705ieMylqeLZtZr5fNYecSL/Bh4qztY30zH7bVhNxukF2v1F2r1S9X6WtZqj9oXqo1+69KFdLHTmwyrjtqN/uVOlnV67Voz6y+li51ms1qvp4tX2ivdxiCt12vna+eqF5fKvbPpa9ffS3utdHESX+kO1kfd3jC9ma2lxSeW0uXa+ReX0jP19J1rN9Ibb1+9eu3Gux9cef/6y9feeLUcdN+00sXlc8vL1fq56nJ96Sla/8flpP/D+pMHp3/4fm+XDQq7fMEA2N19/X/c2/+H/h+Yur30//3b5fH+9P/xMP1/TLP/n7RU+v9/738rB9D/zof+fx/XD3vyaP3/4anPAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAmftx/ovX852F4vhEmf9fmXqmPE4iohIRfzzAXBzeUXOurDO/y/j5e+bwTRJ5hck5jpTb8Yi4XG6//3+/rwIAAAA8ub68c/rTolsvXhYOekLMUnHTpnLywynVSyJifuGnKVWrTF6enVKx/Pt9KDanVC2/gXV0SsWKW26HplXtocztCEfvCkkRKjOdDgAAMBM7O4HZdiEAAADM0if/+O5LM5sHM5bE9qPM7WfB+X/e//1A8NiO9wAAAIDHUHLQEwAAAAD2Xd7/+/0/AAAAeLIVv/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf7JzP7lpA1EcgJ8Nhv5VUdV9r9IdHKNH6LLLwgF6CY5Ar9ALcAYiZZEjRBBhT5CcgBSJMU7Q90m2M+Po5xlg88bSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXbqpVrN/f77/PTdnuztPntkAAAAAx2yq1az+Y9K0P6b+z6nra2oXEVFGxLHafRCjVuYg5VQn/r96Mob/EXXCvn+cjg8R8SMd91+6/hQAAADgeq0Xy2lTrTentARw2++ouJBm0ab89DNTXhER1eQuU1q5P33LFFb/vofxO1NavYD1LlNYs+Q2PH5vlOshbYPW5XEm8/pLrFtlN88FAAD61K4ETlQhAAAAXIFffQ+AS3he2heH0+E947i5pBeC71stAAAA4A0q+h4AAAAA0Lm6/n9N+/8V9v8DAACA7Jr9/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjSplrN1ovl9NT9+Qtztrvz5JsRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLA/7ygQAmEQBnvXdyZz/8NKg4bGJlUgfPyNwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxf68pEAIBEEUzBn/O+n7H1YS9AwiREDDo4paNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxb799EZRhgEAf3anu1DUWKtpYtVgwkEvUhYEuRqjaTz4EUyassXqIgo9CGnEXryZnrkYPRpjoqm3fgfONOGCNw491MSTh5r5V2bbFRqUmUJ/v+Td99nZ4f23E9Jn3lkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABKm+/Gq+0iTtKXiTwuj93eWp5P641ddWp99c50WtK4VfO4nwCvVd8cn2puIAAAABweSZnfR8TdztpsWrcnsvy/U56T5vw/PJfHZT6/O+/f2Fo+Wnw0Xeb/v/9276WdjiaSrJ+00YXFQf/U3qGMPaYpHnjPP/SMsWzls3svSfaFtD9ceXGzk61n67tbt97vZuGROkYLADyKk2VdBOXfQ2nda3JgABwaY5XEu8z/k4lmxwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQh82VeKaMWxExPXY/Tm1sLc+Pqr9ZvTO9XpRzN2+uVttMm+hExMLioH+qxrkcXOVqXv9sbjDoX7l6re7geESM+OjG/v55Ugz/X8/pRsTQkRMvj2jn4330taudPUFxeUa9aziezu+hJ7eGjrT2LPh727kmLoC6gnbx/TyOLsZr/96Hg/La+/9brvm/IwAAnnqdoqSZ6N3O2mx6rDUZsf3jcP7/RiWOobx/+0Z+JH+/Xsn/731y7na1r2r+36tpfk+CmaVLX8xcvXb9rcVLcxf7F/ufv326907vzPmzZ8/PZPdKZhai7Y4JAAAA/0G3KNX8vz25d///WCWOB+z/51vCef7/5fe9r6t9JfL/ke5v+jU9EgAAgMOouxO98Ppff7ZGnNHqduOruaWlK738def96fy11uE+oiNFqeb/yWTTowIAAADqsLnSGtr/v1CJ4wH7/9Xn/5/96ZVfqm0mETEecTki+ifnLw8u1DedA62OHypnHXWbnikAAABNGS9Kdf+/kz3/39555KEdEW+eiPi7+A1/7DP/Tz749udqX9Xn/8/UOsuDpz2Vr0dWT0WMTTU9IgAAAJ5mR4uSJvt/dNZmP/312Eddz/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1O2fAAAA//+FVSwP")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000003c0)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
ftruncate(r3, 0x2007ffc)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x40942, 0x0)
copy_file_range(r3, 0x0, r4, 0x0, 0xfffffbffa003e45b, 0x700000000000000)

3.260965996s ago: executing program 1 (id=772):
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000f00)=[{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000340)="b92fc8d480737475599f9b3cec0ee7426057350194c5ce866b05f60343d526a746b201784a3ee55de873375a52dadc7e8ab9044dd2665909a0580519f5736b82fd6340430182bca17cdb83870fcaacfaa5", 0x51}], 0x1, 0x0, 0x0, 0x40000}], 0x1, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$NL80211_CMD_JOIN_OCB(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200025bd7000fedbdf256c00000008000300", @ANYRES32=0x0, @ANYBLOB="0100000012cc62"], 0x24}, 0x1, 0x0, 0x0, 0x810}, 0x4000000)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x6, 0x9, 0x96, 0x0, 0x1, 0x2, 0x3, 0xe2, 0x0, 0x3, 0x2, 0xc1, 0x0, 0x3, 0x7, 0x4, 0x77, 0x3, 0x3a, '\x00', 0x7})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3.067613694s ago: executing program 4 (id=773):
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='contention_end\x00', r0}, 0x10)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f00000000c0)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r1}, 0x10)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xa, 0x31, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x17)
r2 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x20})
ioctl$UFFDIO_UNREGISTER(r2, 0x8010aa01, &(0x7f0000000100)={&(0x7f0000ffb000/0x1000)=nil, 0x1000})

2.855239001s ago: executing program 3 (id=774):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r0 = socket(0x400000000010, 0x3, 0x0)
r1 = socket$unix(0x1, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r2, &(0x7f0000002000)=""/102400, 0x19000)
chown(0x0, 0x0, 0xee01)
r3 = creat(0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r4=>0x0})
ioctl$TIOCGSID(r3, 0x5429, &(0x7f0000000280))
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r4, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)

1.241372239s ago: executing program 3 (id=775):
madvise(&(0x7f0000948000/0x4000)=nil, 0x4000, 0xf)
syz_mount_image$hfsplus(&(0x7f0000000400), &(0x7f0000002300)='./file1\x00', 0x44, &(0x7f0000002240)=ANY=[@ANYRES8=0x0, @ANYRESHEX, @ANYRESOCT, @ANYRESOCT], 0x5, 0x6a3, &(0x7f0000001b80)="$eJzs3UtsHGcdAPD/rPfhDSh12iQNqBJWIxWEReKHnGIuNahClqhQVQ6I4ypxGisbt7Jd5EQIwvvAhUPvFAnfuIDEPaicgVOvPlZC4pKTAYlF87LXr/Wu43ht8ftFs/N98z3m+/4z49mdVbQB/N9amIjqk0hiYeKt9TS/uTHT3tyYeVCmI6IREZWIar6KZDki+ThiPvIlPpduLLpLDtvPh0tz73zydPPTPFctlqx+pVe7fW5VDtj4uFhiPCJGivUz2NXf7T391QfuLtmeYRqw62XgYNhqEdHZ5XtXd0qO1P91C5xZSX7f3HdBj0VciIjR4n1AflfM79lnV+PoKo9PYxwAAAAwZC/8KvsIf3HY4wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDzpPj9/6RYKmV6PJLy9//rxbYo0ufak2EPAAAAAAAAAAAG963P7tnwha3YivW4WOY7Sfad/6tZ5nL2+pn4IFZjMVbiRqxHK9ZiLVZiKiLGsvJa9lpfb62trUz10XJ6u2V0tZzucwbN408eAAAAAAAAAM6L6uBNfhILO9//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAWZBEjOSrbLlcpseiUo2I0Yiop/UeR/ytTJ9Jv/lzd67zn05mX7UnpzkmAAAAGJIXtmIr1uNime8k2Wf+q9nn/tH4IJZjLZZiLdqxGHeyZwH5p/7K5sZMe3Nj5kG67O/36/8caBhZj5E/ezh4z9eyGs24G0vZlhtxO96LdtyJStYyda0cz8Hj+nE6puSNQp8ju1Os05n/OmoDzeo4kr5rjmURSUeUR2SyaJtG41LvSAx4dMo9lbGfisr2k5/LJxnz9Xz1+u/ydTqfXwwUk+dtbySmu86+q70jEfHFP/3+u/fay/cbd1cnzs6UBtDoeoK2NxIzXZF4ud9I3Duvkeg2mUXiynZ+Ib4Z34mJGI+3YyWW4vvRirVYjPF4M1oxEq3ifE5fx3pHan5X7u1iXTlsJPXsuNSKv6I9x9QoS97MRteKV7O2F2Mpvh3vxZ1YjFvZv+mYitdjNmZjrusIX+njqq/0vOqbezdc/1LXw+RfHlRjaNKBXdq+O3Wf9ZPZdXBp15adKL148vej6ueLRLqPn/Y6GU7d3khMdUXipd6R+G32Z2W1vXx/5V7r/T7391qxTq+jn5+pu0R6vryYHqwst/vsSMte2ls2mserXnzjkpftvuOmZVe2y466UuvFe7j9PU1nZS8fWDaTlV3rKtv1fms+f78FwJl34csX6s1/NP/a/Kj5s+a95luj32h8tfFKPWp/qX2tOjnyWuWV5I/xUfxw5/M/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwfKsPH91vtduLK3sSnU7nR4cUPcdEMyLKLRFHtarF0XWOTjSP0aoeEVmiWiYG22mjr8r1naPzxh+eJby1QVtFnMgxrRYn2cNH9//V6XQOq1yJfjqMyZM4x2o9zvmdRPkrafuKOuUPW53uddFv4t+dk+twSH+QgFNzc+3B+zdXHz76ytKD1ruL7y4uz83Ozk3Ozd76+827S+3Fyfx12KMEnoedm/6wRwIAAAAAAAAAAAD06zT+W8Ihu/7vKU8VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOKcWJhpF6sZk+rq5MdNOlzK9XTGrVomI5AcRyccR85EvMdbVXXLYfj5cmnvnk6ebn+a5arFk9Su72tWOM4vHxRLjETFSrLuNPkN/t4v1sUaWSbZnOB9Ru14GDobtfwEAAP//axIEXA==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x104)
read$FUSE(r0, &(0x7f0000002340)={0x2020}, 0x2020)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuset.effective_mems\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040), 0x208e24b)
write$input_event(r1, &(0x7f00000001c0)={{}, 0x11, 0x8001, 0x58}, 0x18)

1.098445864s ago: executing program 2 (id=776):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r3 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1b00000000000d80000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYRES32=r4, @ANYBLOB="0000000000000000b702000000000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000040)={r5}, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r6 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r6, &(0x7f0000002000)=""/102400, 0x19000)
chown(0x0, 0x0, 0xee01)
r7 = creat(0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x3, [@var={0x2, 0x0, 0x0, 0x11, 0x3, 0xffffffff}, @const={0x0, 0x0, 0x0, 0x2}, @func_proto={0x2, 0x0, 0x0, 0x8, 0x2}]}, {0x0, [0x0]}}, 0x0, 0x43}, 0x28)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r8=>0x0})
ioctl$TIOCGSID(r7, 0x5429, &(0x7f0000000280)=<r9=>0x0)
ptrace$ARCH_GET_GS(0x1e, r9, &(0x7f0000000380), 0x1004)
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r8, {0x10, 0xffe0}, {}, {0xd, 0xfff3}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_CT_ZONE={0x6, 0x5d, 0xfb25}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x220400b9}, 0x40040)
mount(&(0x7f00000002c0)=@nullb, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)

946.112269ms ago: executing program 1 (id=777):
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000f00)=[{0x0, 0x0, &(0x7f0000000640)=[{0x0}, {&(0x7f0000000240)="7ac8b2852c60ac24e03a2c072bab3422a80c1ff518be3d476f4613ac6966fe3d59eaa20ec88f677b15d700cd353f4e204732f26aa229fa8b1aedf5c4ea550aa6c5ca40178fde587d3ffcb3f72d9aa08a1cf5a4ead762672b35ab", 0x5a}, {0x0}, {&(0x7f0000000340)="b92fc8d480737475599f9b3cec0ee7426057350194c5ce866b05f60343d526a746b201784a3ee55de873375a52dadc7e8ab9044dd2665909a0580519f5736b82fd6340430182bc", 0x47}], 0x4, 0x0, 0x0, 0x40000}], 0x1, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$NL80211_CMD_JOIN_OCB(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200025bd7000fedbdf256c00000008000300", @ANYRES32=0x0], 0x24}, 0x1, 0x0, 0x0, 0x810}, 0x4000000)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x6, 0x9, 0x96, 0x0, 0x1, 0x2, 0x3, 0xe2, 0x0, 0x3, 0x2, 0xc1, 0x0, 0x3, 0x7, 0x4, 0x77, 0x3, 0x3a, '\x00', 0x7})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

941.6137ms ago: executing program 4 (id=778):
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000f00)=[{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000240)="7ac8b2852c60ac24e03a2c072bab3422a80c1ff518be3d476f4613ac6966fe3d59eaa20ec8", 0x25}, {&(0x7f0000000340)="b92fc8d480737475599f9b3cec0ee7426057350194c5ce866b05f60343d526a746b201784a3ee55de873375a52dadc7e8a", 0x31}], 0x2, 0x0, 0x0, 0x40000}], 0x1, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$NL80211_CMD_JOIN_OCB(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200025bd7000fedbdf256c00000008000300", @ANYRES32=0x0, @ANYBLOB="0100000012cc62"], 0x24}, 0x1, 0x0, 0x0, 0x810}, 0x4000000)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x6, 0x9, 0x96, 0x0, 0x1, 0x2, 0x3, 0xe2, 0x0, 0x3, 0x2, 0xc1, 0x0, 0x3, 0x7, 0x4, 0x77, 0x3, 0x3a, '\x00', 0x7})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

0s ago: executing program 2 (id=779):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_type(r0, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_type(r1, &(0x7f0000000280), 0x9)
r2 = openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f0000000c40), 0x12)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_ro(r3, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
open(0x0, 0x80ff, 0x36)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r5, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r5, &(0x7f0000006300)={0x2020, 0x0, <r6=>0x0}, 0x2020)
write$FUSE_INIT(r5, &(0x7f0000000040)={0x50, 0x0, r6, {0x7, 0x1f, 0x0, 0x10408}}, 0x50)
open$dir(&(0x7f0000000000)='./file0\x00', 0x200, 0x12)
write$cgroup_int(r4, &(0x7f0000000200)=0x1, 0x12)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r8 = openat$cgroup_procs(r7, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r8, &(0x7f0000000080), 0x12)

kernel console output (not intermixed with test programs):

192804][ T6148] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  121.214632][ T6164] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  121.221665][    C1] vkms_vblank_simulate: vblank timer overrun
[  121.807211][ T6168] random: crng reseeded on system resumption
[  121.950987][ T6169] batman_adv: batadv0: Adding interface: ip6gretap1
[  121.957797][ T6169] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  121.987899][ T6169] batman_adv: batadv0: Not using interface ip6gretap1 (retrying later): interface not active
[  122.661662][ T6148] lowmem_reserve[]: 0 2498 2500 2500 2500
[  122.681960][ T6148] Node 0 DMA32 free:1430520kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:21912kB inactive_anon:0kB active_file:5356kB inactive_file:157560kB unevictable:1536kB writepending:504kB present:3129332kB managed:2558440kB mlocked:0kB bounce:0kB free_pcp:63324kB local_pcp:19300kB free_cma:0kB
[  122.940237][ T6148] lowmem_reserve[]: 0 0 1 1 1
[  122.947881][ T6148] Node 0 Normal free:24kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1568kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[  123.209848][ T6148] lowmem_reserve[]: 0 0 0 0 0
[  123.365554][ T6148] Node 1 Normal free:3879896kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:21824kB local_pcp:13568kB free_cma:0kB
[  123.579993][ T6148] lowmem_reserve[]: 0 0 0 0 0
[  123.584903][ T6148] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  123.598158][ T6148] Node 0 DMA32: 606*4kB (UM) 198*8kB (UME) 79*16kB (UM) 29*32kB (UME) 14*64kB (UME) 25*128kB (UME) 9*256kB (UM) 4*512kB (UME) 4*1024kB (UME) 5*2048kB (UM) 342*4096kB (M) = 1429816kB
[  123.723498][ T6148] Node 0 Normal: 0*4kB 1*8kB (M) 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24kB
[  123.741157][ T6148] Node 1 Normal: 208*4kB (UE) 71*8kB (UME) 52*16kB (UME) 75*32kB (UME) 21*64kB (UME) 7*128kB (UME) 5*256kB (UME) 4*512kB (UME) 1*1024kB (M) 1*2048kB (E) 944*4096kB (M) = 3879896kB
[  123.764579][ T6148] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  123.789153][ T6148] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  123.822917][ T6148] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  123.908875][ T6148] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  124.059040][ T6148] 42551 total pagecache pages
[  124.135251][ T6148] 0 pages in swap cache
[  124.173064][ T6148] Free swap  = 124996kB
[  124.238249][ T6148] Total swap = 124996kB
[  124.416833][ T6148] 2097051 pages RAM
[  124.437448][ T6187] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  124.452493][ T6148] 0 pages HighMem/MovableOnly
[  124.457233][ T6148] 425399 pages reserved
[  124.461414][ T6148] 0 pages cma reserved
[  125.668641][ T6201] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  125.798001][ T6199] kvm: pic: non byte read
[  125.899225][ T6199] kvm: pic: level sensitive irq not supported
[  125.900831][ T6199] kvm: pic: non byte read
[  125.974060][ T6199] kvm: pic: level sensitive irq not supported
[  125.974171][ T6199] kvm: pic: non byte read
[  125.987961][ T6199] kvm: pic: level sensitive irq not supported
[  125.988040][ T6199] kvm: pic: non byte read
[  126.076542][ T6215] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized
[  127.684150][ T6230] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[  128.251834][ T6232] sctp: failed to load transform for md5: -2
[  128.606773][ T6246] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  128.778531][ T6246] kvm: pic: non byte read
[  128.797993][ T6246] kvm: pic: non byte read
[  129.515410][ T6246] kvm: pic: non byte read
[  129.520184][ T6246] kvm: pic: non byte read
[  130.961682][ T6265] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized
[  133.333018][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  133.339730][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  133.491471][ T5970] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  134.605246][ T5970] usb 3-1: Using ep0 maxpacket: 32
[  135.221664][ T5970] usb 3-1: unable to read config index 0 descriptor/all
[  135.241252][ T5970] usb 3-1: can't read configurations, error -71
[  137.226748][ T6306] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized
[  138.362105][ T6324] netlink: 8 bytes leftover after parsing attributes in process `syz.3.102'.
[  138.585494][ T6324] : entered promiscuous mode
[  139.457463][ T6338] befs: (nullb0): invalid magic header
[  139.501682][ T6339] netlink: 24 bytes leftover after parsing attributes in process `syz.1.106'.
[  141.612411][ T6359] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized
[  144.216684][ T6383] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  144.293638][ T5849] Bluetooth: hci4: link tx timeout
[  144.299053][ T5849] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  144.310954][ T5849] Bluetooth: hci4: link tx timeout
[  144.316271][ T5849] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  144.337793][ T5849] Bluetooth: hci4: link tx timeout
[  144.343503][ T5849] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  144.351355][ T5849] Bluetooth: hci4: link tx timeout
[  144.357073][ T5849] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  144.376781][ T5849] Bluetooth: hci4: link tx timeout
[  144.382667][ T5849] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  144.390615][ T5849] Bluetooth: hci4: link tx timeout
[  144.395877][ T5849] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  144.403895][ T5849] Bluetooth: hci4: link tx timeout
[  144.409037][ T5849] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  144.438554][ T5849] Bluetooth: hci4: link tx timeout
[  144.445821][ T5849] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  144.453742][ T5849] Bluetooth: hci4: link tx timeout
[  144.458971][ T5849] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa
[  145.246018][ T6398] overlay: Bad value for 'workdir'
[  145.667639][ T6402] syz.2.123: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  145.682961][ T6402] CPU: 0 UID: 0 PID: 6402 Comm: syz.2.123 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  145.682994][ T6402] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  145.683007][ T6402] Call Trace:
[  145.683018][ T6402]  <TASK>
[  145.683028][ T6402]  dump_stack_lvl+0x189/0x250
[  145.683078][ T6402]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  145.683104][ T6402]  ? __pfx_dump_stack_lvl+0x10/0x10
[  145.683136][ T6402]  ? __pfx__printk+0x10/0x10
[  145.683160][ T6402]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  145.683192][ T6402]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  145.683232][ T6402]  warn_alloc+0x214/0x310
[  145.683263][ T6402]  ? stack_depot_save_flags+0x40/0x900
[  145.683294][ T6402]  ? __pfx_warn_alloc+0x10/0x10
[  145.683318][ T6402]  ? kasan_save_track+0x4f/0x80
[  145.683349][ T6402]  ? xskq_create+0x56/0x170
[  145.683377][ T6402]  ? xsk_init_queue+0xb0/0x110
[  145.683404][ T6402]  ? xsk_setsockopt+0x43f/0x710
[  145.683430][ T6402]  ? do_sock_setsockopt+0x25a/0x3e0
[  145.683452][ T6402]  ? __x64_sys_setsockopt+0x18b/0x220
[  145.683474][ T6402]  ? do_syscall_64+0xfa/0x3b0
[  145.683491][ T6402]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.683522][ T6402]  __vmalloc_node_range_noprof+0x125/0x12f0
[  145.683575][ T6402]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  145.683617][ T6402]  ? __kasan_kmalloc+0x93/0xb0
[  145.683651][ T6402]  vmalloc_user_noprof+0xad/0xf0
[  145.683672][ T6402]  ? xskq_create+0xbf/0x170
[  145.683703][ T6402]  xskq_create+0xbf/0x170
[  145.683737][ T6402]  xsk_init_queue+0xb0/0x110
[  145.683770][ T6402]  xsk_setsockopt+0x43f/0x710
[  145.683803][ T6402]  ? __pfx_xsk_setsockopt+0x10/0x10
[  145.683837][ T6402]  ? aa_sock_opt_perm+0xff/0x1b0
[  145.683870][ T6402]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  145.683894][ T6402]  ? __pfx_xsk_setsockopt+0x10/0x10
[  145.683925][ T6402]  do_sock_setsockopt+0x25a/0x3e0
[  145.683952][ T6402]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  145.683981][ T6402]  ? __fget_files+0x2a/0x420
[  145.684012][ T6402]  __x64_sys_setsockopt+0x18b/0x220
[  145.684044][ T6402]  do_syscall_64+0xfa/0x3b0
[  145.684065][ T6402]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.684085][ T6402]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  145.684105][ T6402]  ? clear_bhb_loop+0x60/0xb0
[  145.684131][ T6402]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  145.684151][ T6402] RIP: 0033:0x7fc0bf18e929
[  145.684177][ T6402] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  145.684194][ T6402] RSP: 002b:00007fc0bcfd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  145.684217][ T6402] RAX: ffffffffffffffda RBX: 00007fc0bf3b6080 RCX: 00007fc0bf18e929
[  145.684232][ T6402] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000008
[  145.684252][ T6402] RBP: 00007fc0bf210b39 R08: 0000000000000004 R09: 0000000000000000
[  145.684265][ T6402] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  145.684278][ T6402] R13: 0000000000000000 R14: 00007fc0bf3b6080 R15: 00007ffd8f3f0aa8
[  145.684310][ T6402]  </TASK>
[  145.684518][ T6402] Mem-Info:
[  146.032011][ T6402] active_anon:8466 inactive_anon:0 isolated_anon:1613
[  146.032011][ T6402]  active_file:1356 inactive_file:39843 isolated_file:0
[  146.032011][ T6402]  unevictable:1208 dirty:120 writeback:0
[  146.032011][ T6402]  slab_reclaimable:10398 slab_unreclaimable:97465
[  146.032011][ T6402]  mapped:32830 shmem:4231 pagetables:1209
[  146.032011][ T6402]  sec_pagetables:0 bounce:0
[  146.032011][ T6402]  kernel_misc_reclaimable:0
[  146.032011][ T6402]  free:1327860 free_pcp:18583 free_cma:0
[  146.078327][ T6402] Node 0 active_anon:33864kB inactive_anon:0kB active_file:5424kB inactive_file:159168kB unevictable:3296kB isolated(anon):6452kB isolated(file):0kB mapped:131320kB dirty:480kB writeback:0kB shmem:15388kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12232kB pagetables:4692kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  146.114792][ T6402] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  146.264409][ T6402] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  146.332752][ T5849] Bluetooth: hci4: command 0x0406 tx timeout
[  146.400547][ T6402] lowmem_reserve[]: 0 2498 2500 2500 2500
[  146.444807][ T6402] Node 0 DMA32 free:1417416kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:33876kB inactive_anon:0kB active_file:5424kB inactive_file:157600kB unevictable:3804kB writepending:508kB present:3129332kB managed:2558440kB mlocked:6308kB bounce:0kB free_pcp:49328kB local_pcp:29524kB free_cma:0kB
[  146.613108][ T6402] lowmem_reserve[]: 0 0 1 1 1
[  146.642377][ T6402] Node 0 Normal free:24kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1568kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[  146.692367][ T6402] lowmem_reserve[]: 0 0 0 0 0
[  146.707452][ T6402] Node 1 Normal free:3879896kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:21840kB local_pcp:8256kB free_cma:0kB
[  146.771945][ T6402] lowmem_reserve[]: 0 0 0 0 0
[  146.779136][ T6402] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  146.842065][ T6402] Node 0 DMA32: 318*4kB (UM) 250*8kB (UME) 198*16kB (UM) 81*32kB (UM) 41*64kB (UM) 30*128kB (UME) 6*256kB (UME) 0*512kB 2*1024kB (UE) 2*2048kB (M) 341*4096kB (M) = 1419912kB
[  147.424284][    T9] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  147.431673][ T6402] Node 0 Normal: 0*4kB 1*8kB (M) 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24kB
[  147.455781][ T6402] Node 1 Normal: 208*4kB (UE) 71*8kB (UME) 52*16kB (UME) 75*32kB (UME) 21*64kB (UME) 7*128kB (UME) 5*256kB (UME) 4*512kB (UME) 1*1024kB (M) 1*2048kB (E) 944*4096kB (M) = 3879896kB
[  147.501598][ T6402] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  147.522053][ T6402] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  147.539908][ T6402] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  147.550263][ T6402] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  147.650322][ T6402] 42568 total pagecache pages
[  147.664602][    T9] usb 4-1: Using ep0 maxpacket: 8
[  147.671378][ T6402] 0 pages in swap cache
[  147.717981][ T6402] Free swap  = 124996kB
[  147.728518][ T6402] Total swap = 124996kB
[  147.735178][ T6402] 2097051 pages RAM
[  147.739104][ T6402] 0 pages HighMem/MovableOnly
[  147.749579][ T6402] 425399 pages reserved
[  147.758683][ T6402] 0 pages cma reserved
[  147.763886][    T9] usb 4-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  147.783218][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  147.807054][    T9] usb 4-1: Product: syz
[  147.811304][    T9] usb 4-1: Manufacturer: syz
[  147.849877][    T9] usb 4-1: SerialNumber: syz
[  148.175264][    T9] usb 4-1: config 0 descriptor??
[  148.403797][    T9] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  148.451995][    T9] usb 4-1: setting power ON
[  148.456939][    T9] dvb-usb: bulk message failed: -22 (2/0)
[  148.483658][    T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  148.512320][    T9] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  148.535024][    T9] usb 4-1: media controller created
[  148.573136][ T5849] Bluetooth: hci4: command 0x0406 tx timeout
[  148.631467][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  148.671766][ T6407] dvb-usb: bulk message failed: -22 (4/0)
[  148.853993][    T9] usb 4-1: selecting invalid altsetting 6
[  148.891707][    T9] usb 4-1: digital interface selection failed (-22)
[  148.908969][    T9] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  148.931190][    T9] usb 4-1: setting power OFF
[  149.087443][    T9] dvb-usb: bulk message failed: -22 (2/0)
[  149.872050][    T9] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  149.881418][    T9] (NULL device *): no alternate interface
[  150.506857][ T6432] loop2: detected capacity change from 0 to 7
[  150.615120][ T6433] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  151.169271][    T9] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  151.179282][ T6432] Dev loop2: unable to read RDB block 7
[  151.184935][ T6432]  loop2: AHDI p1 p2 p3
[  151.189139][ T6432] loop2: partition table partially beyond EOD, truncated
[  151.196484][ T6432] loop2: p1 start 1601398130 is beyond EOD, truncated
[  151.203361][ T6432] loop2: p2 start 1702059890 is beyond EOD, truncated
[  151.322175][    T9] usb 4-1: USB disconnect, device number 3
[  154.199988][ T6464] binder: 6463:6464 ioctl c0306201 0 returned -14
[  156.794007][ T6490] warn_alloc: 1 callbacks suppressed
[  156.794073][ T6490] syz.4.151: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  156.814748][ T6490] CPU: 0 UID: 0 PID: 6490 Comm: syz.4.151 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  156.814779][ T6490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  156.814792][ T6490] Call Trace:
[  156.814800][ T6490]  <TASK>
[  156.814809][ T6490]  dump_stack_lvl+0x189/0x250
[  156.814846][ T6490]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  156.814871][ T6490]  ? __pfx_dump_stack_lvl+0x10/0x10
[  156.814903][ T6490]  ? __pfx__printk+0x10/0x10
[  156.814926][ T6490]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  156.814959][ T6490]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  156.815000][ T6490]  warn_alloc+0x214/0x310
[  156.815021][ T6490]  ? irqentry_exit+0x74/0x90
[  156.815053][ T6490]  ? lockdep_hardirqs_on+0x9c/0x150
[  156.815086][ T6490]  ? __pfx_warn_alloc+0x10/0x10
[  156.815114][ T6490]  ? __vmalloc_node_range_noprof+0x11/0x12f0
[  156.815134][ T6490]  ? __vmalloc_node_range_noprof+0xdc/0x12f0
[  156.815156][ T6490]  ? kasan_check_range+0x9f/0x2c0
[  156.815184][ T6490]  __vmalloc_node_range_noprof+0x125/0x12f0
[  156.815246][ T6490]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  156.815288][ T6490]  ? __kasan_kmalloc+0x93/0xb0
[  156.815323][ T6490]  vmalloc_user_noprof+0xad/0xf0
[  156.815343][ T6490]  ? xskq_create+0xbf/0x170
[  156.815375][ T6490]  xskq_create+0xbf/0x170
[  156.815408][ T6490]  xsk_init_queue+0xb0/0x110
[  156.815441][ T6490]  xsk_setsockopt+0x43f/0x710
[  156.815474][ T6490]  ? __pfx_xsk_setsockopt+0x10/0x10
[  156.815501][ T6490]  ? __lock_acquire+0xab9/0xd20
[  156.815531][ T6490]  ? aa_sock_opt_perm+0xff/0x1b0
[  156.815580][ T6490]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  156.815605][ T6490]  ? __pfx_xsk_setsockopt+0x10/0x10
[  156.815636][ T6490]  do_sock_setsockopt+0x25a/0x3e0
[  156.815664][ T6490]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  156.815693][ T6490]  ? __fget_files+0x2a/0x420
[  156.815724][ T6490]  __x64_sys_setsockopt+0x18b/0x220
[  156.815755][ T6490]  do_syscall_64+0xfa/0x3b0
[  156.815776][ T6490]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.815796][ T6490]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  156.815817][ T6490]  ? clear_bhb_loop+0x60/0xb0
[  156.815843][ T6490]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.815864][ T6490] RIP: 0033:0x7f6de738e929
[  156.815883][ T6490] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  156.815899][ T6490] RSP: 002b:00007f6de8209038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  156.815921][ T6490] RAX: ffffffffffffffda RBX: 00007f6de75b6080 RCX: 00007f6de738e929
[  156.815936][ T6490] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000008
[  156.815948][ T6490] RBP: 00007f6de7410b39 R08: 0000000000000004 R09: 0000000000000000
[  156.815961][ T6490] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  156.815974][ T6490] R13: 0000000000000000 R14: 00007f6de75b6080 R15: 00007ffefb087ef8
[  156.816006][ T6490]  </TASK>
[  156.816023][ T6490] Mem-Info:
[  157.124994][ T6490] active_anon:8498 inactive_anon:0 isolated_anon:0
[  157.124994][ T6490]  active_file:1373 inactive_file:39850 isolated_file:0
[  157.124994][ T6490]  unevictable:768 dirty:128 writeback:0
[  157.124994][ T6490]  slab_reclaimable:10349 slab_unreclaimable:97914
[  157.124994][ T6490]  mapped:32518 shmem:4231 pagetables:1200
[  157.124994][ T6490]  sec_pagetables:0 bounce:0
[  157.124994][ T6490]  kernel_misc_reclaimable:0
[  157.124994][ T6490]  free:1325381 free_pcp:23455 free_cma:0
[  157.172675][ T6490] Node 0 active_anon:33992kB inactive_anon:0kB active_file:5492kB inactive_file:159196kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:130072kB dirty:512kB writeback:0kB shmem:15388kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12060kB pagetables:4656kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  157.204674][ T6490] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  157.234951][ T6490] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  157.265165][ T6490] lowmem_reserve[]: 0 2498 2500 2500 2500
[  157.272225][ T6490] Node 0 DMA32 free:1406144kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:33948kB inactive_anon:0kB active_file:5492kB inactive_file:157628kB unevictable:1536kB writepending:512kB present:3129332kB managed:2558440kB mlocked:0kB bounce:0kB free_pcp:72288kB local_pcp:40568kB free_cma:0kB
[  157.304800][ T6490] lowmem_reserve[]: 0 0 1 1 1
[  157.310134][ T6490] Node 0 Normal free:24kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1568kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:8kB free_cma:0kB
[  157.339730][ T6490] lowmem_reserve[]: 0 0 0 0 0
[  157.345058][ T6490] Node 1 Normal free:3879896kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:21840kB local_pcp:13584kB free_cma:0kB
[  157.379525][ T6490] lowmem_reserve[]: 0 0 0 0 0
[  157.386085][ T6490] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  157.400110][ T6490] Node 0 DMA32: 1097*4kB (UM) 252*8kB (UME) 168*16kB (UM) 110*32kB (UM) 65*64kB (UM) 26*128kB (UME) 10*256kB (UME) 2*512kB (UM) 4*1024kB (UE) 1*2048kB (M) 336*4096kB (M) = 1406084kB
[  157.419847][ T6490] Node 0 Normal: 0*4kB 1*8kB (M) 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24kB
[  157.433114][ T6490] Node 1 Normal: 208*4kB (UE) 71*8kB (UME) 52*16kB (UME) 75*32kB (UME) 21*64kB (UME) 7*128kB (UME) 5*256kB (UME) 4*512kB (UME) 1*1024kB (M) 1*2048kB (E) 944*4096kB (M) = 3879896kB
[  157.452621][ T6490] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  157.558793][ T6490] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  157.568288][ T6490] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  157.578889][ T6490] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  157.589079][ T6490] 45450 total pagecache pages
[  157.593867][ T6490] 0 pages in swap cache
[  157.598050][ T6490] Free swap  = 124996kB
[  157.602333][ T6490] Total swap = 124996kB
[  157.606585][ T6490] 2097051 pages RAM
[  157.610574][ T6490] 0 pages HighMem/MovableOnly
[  157.615315][ T6490] 425399 pages reserved
[  157.619532][ T6490] 0 pages cma reserved
[  160.407452][ T6506] random: crng reseeded on system resumption
[  160.420251][ T6506] Restarting kernel threads ...
[  160.425802][ T6506] Done restarting kernel threads.
[  160.877615][ T6513] syz.0.157 uses obsolete (PF_INET,SOCK_PACKET)
[  163.953121][ T5836] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  164.207149][ T5836] usb 5-1: Using ep0 maxpacket: 32
[  164.241313][ T5836] usb 5-1: config 0 has an invalid interface number: 196 but max is 0
[  164.267293][ T5836] usb 5-1: config 0 has no interface number 0
[  164.314007][ T5836] usb 5-1: config 0 interface 196 altsetting 1 endpoint 0x2 has invalid maxpacket 6160, setting to 1024
[  164.356471][ T5836] usb 5-1: config 0 interface 196 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 1024
[  164.385575][ T5836] usb 5-1: config 0 interface 196 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  164.404507][ T5836] usb 5-1: config 0 interface 196 has no altsetting 0
[  164.430185][ T5836] usb 5-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a
[  164.459135][ T5836] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  164.485078][ T5836] usb 5-1: Product: syz
[  164.497253][ T5836] usb 5-1: Manufacturer: syz
[  164.510535][ T5836] usb 5-1: SerialNumber: syz
[  164.555457][ T5836] usb 5-1: config 0 descriptor??
[  164.590671][ T6538] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  164.667136][ T6553] loop3: detected capacity change from 0 to 256
[  164.868172][ T5836] ipheth 5-1:0.196: Unable to find endpoints
[  164.897322][ T5836] usb 5-1: USB disconnect, device number 3
[  165.085306][ T6553] syz.3.172: attempt to access beyond end of device
[  165.085306][ T6553] loop3: rw=2049, sector=256, nr_sectors = 112 limit=256
[  167.268792][ T6576] loop0: detected capacity change from 0 to 256
[  167.304021][ T6576] exFAT-fs (loop0): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  167.344407][ T6576] exFAT-fs (loop0): Medium has reported failures. Some data may be lost.
[  167.440514][ T6576] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c1d22, utbl_chksum : 0xe619d30d)
[  168.586846][ T6592] lo speed is unknown, defaulting to 1000
[  168.932927][ T6600] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized
[  171.094976][ T5847] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  171.145221][ T6629] loop4: detected capacity change from 0 to 16
[  171.301197][ T5847] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  171.307206][ T6630] hfs: can't find a HFS filesystem on dev nullb0
[  171.367519][ T5847] usb 1-1: config 0 has no interface number 0
[  171.394450][ T6629] erofs (device loop4): mounted with root inode @ nid 36.
[  171.485244][ T5847] usb 1-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  171.564060][ T5847] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  171.732653][ T5847] usb 1-1: Product: syz
[  171.737142][ T5847] usb 1-1: Manufacturer: syz
[  171.780959][ T5847] usb 1-1: SerialNumber: syz
[  171.872040][ T5847] usb 1-1: config 0 descriptor??
[  172.122228][ T5847] usb 1-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  172.151766][ T5847] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  172.342902][ T5847] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  172.364425][ T5847] usb 1-1: media controller created
[  173.357453][ T5970] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  173.651916][ T5970] usb 3-1: Using ep0 maxpacket: 8
[  173.834638][ T5847] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  173.872245][ T5970] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  173.893663][ T5970] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  174.211642][ T5970] usb 3-1: New USB device found, idVendor=056a, idProduct=0000, bcdDevice= 0.00
[  174.221304][ T5970] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  174.251178][ T5970] usb 3-1: config 0 descriptor??
[  174.574935][ T6658] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized
[  174.663306][ T6623] can0: slcan on ptm0.
[  175.240785][ T5847] i2c i2c-1: ec100: i2c rd failed=-110 reg=33
[  175.372135][ T5970] usbhid 3-1:0.0: can't add hid device: -71
[  175.396398][ T5970] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  175.469552][ T5970] usb 3-1: USB disconnect, device number 4
[  175.565372][ T6621] can0 (unregistered): slcan off ptm0.
[  175.631161][ T5847] usb 1-1: USB disconnect, device number 2
[  175.920217][ T6677] random: crng reseeded on system resumption
[  176.051357][ T6677] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  176.059327][ T6677] batman_adv: batadv0: Removing interface: batadv_slave_0
[  176.093687][ T6677] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  176.101508][ T6677] batman_adv: batadv0: Removing interface: batadv_slave_1
[  176.143450][ T6677] batman_adv: batadv0: Removing interface: ip6gretap1
[  176.895018][ T6685] Illegal XDP return value 729966034 on prog  (id 36) dev syz_tun, expect packet loss!
[  177.257044][ T6689] hfs: can't find a HFS filesystem on dev nullb0
[  177.528780][ T6691] loop1: detected capacity change from 0 to 1024
[  177.562796][ T6691] EXT4-fs: Ignoring removed orlov option
[  177.568531][ T6691] EXT4-fs: Ignoring removed nomblk_io_submit option
[  177.721327][ T6691] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  178.090828][ T5844] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  178.645214][ T6718] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized
[  178.864695][ T5918] usb 3-1: new full-speed USB device number 5 using dummy_hcd
[  178.873883][    T9] usb 4-1: new full-speed USB device number 4 using dummy_hcd
[  179.007962][ T6725] kvm: pic: non byte write
[  179.014666][ T6725] kvm: vcpu 0: requested 64 ns lapic timer period limited to 200000 ns
[  179.068468][    T9] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  179.085854][ T5918] usb 3-1: config 0 has an invalid interface number: 207 but max is 0
[  179.111609][    T9] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  179.121527][ T5918] usb 3-1: config 0 has no interface number 0
[  179.137187][ T5918] usb 3-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  179.162168][ T5918] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  179.171309][    T9] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  179.189123][ T5918] usb 3-1: Product: syz
[  179.195716][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  179.212228][ T5918] usb 3-1: Manufacturer: syz
[  179.216891][ T5918] usb 3-1: SerialNumber: syz
[  179.326143][    T9] usb 4-1: SerialNumber: syz
[  179.334929][ T5918] usb 3-1: config 0 descriptor??
[  179.371232][ T5918] qmi_wwan 3-1:0.207: probe with driver qmi_wwan failed with error -22
[  179.390540][    T9] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22
[  179.419974][    T9] usb-storage 4-1:1.0: USB Mass Storage device detected
[  179.445115][    T9] usb-storage 4-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  179.469660][    T9] scsi host1: usb-storage 4-1:1.0
[  179.566310][ T6743] random: crng reseeded on system resumption
[  179.674027][ T6744] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  179.681644][ T6744] batman_adv: batadv0: Removing interface: batadv_slave_0
[  180.452115][ T6744] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  180.459744][ T6744] batman_adv: batadv0: Removing interface: batadv_slave_1
[  180.588404][    T9] usb 3-1: USB disconnect, device number 5
[  180.739991][ T6755] hfs: can't find a HFS filesystem on dev nullb0
[  181.478287][ T6759] loop1: detected capacity change from 0 to 1024
[  181.741512][ T6767] syz_tun: entered allmulticast mode
[  182.028631][ T5918] usb 4-1: USB disconnect, device number 4
[  183.093317][ T6791] random: crng reseeded on system resumption
[  184.025590][ T6796] kvm: pic: non byte write
[  184.218591][ T6802] /dev/nullb0: Can't open blockdev
[  185.551978][ T5847] usb 2-1: new full-speed USB device number 3 using dummy_hcd
[  185.689968][ T6816] loop0: detected capacity change from 0 to 512
[  185.712392][ T5918] usb 4-1: new full-speed USB device number 5 using dummy_hcd
[  185.724381][ T5847] usb 2-1: config 0 has an invalid interface number: 207 but max is 0
[  185.745682][ T5847] usb 2-1: config 0 has no interface number 0
[  185.774931][ T5847] usb 2-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  185.807852][ T5847] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  185.847731][ T5847] usb 2-1: Product: syz
[  185.861888][ T5847] usb 2-1: Manufacturer: syz
[  185.866545][ T5847] usb 2-1: SerialNumber: syz
[  185.867912][ T6816] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  185.916540][ T5918] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  185.932983][ T5918] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  185.942917][ T5847] usb 2-1: config 0 descriptor??
[  185.961224][ T5847] qmi_wwan 2-1:0.207: probe with driver qmi_wwan failed with error -22
[  186.003945][ T6816] ext4 filesystem being mounted at /49/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  187.080426][ T5918] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  187.110188][ T5918] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  187.118981][ T5918] usb 4-1: SerialNumber: syz
[  187.172728][ T6826] ptrace attach of "./syz-executor exec"[5839] was attempted by "./syz-executor exec"[6826]
[  187.194175][ T6826] tmpfs: Unknown parameter 'nr_in'
[  187.582237][ T5847] usb 2-1: USB disconnect, device number 3
[  187.732925][ T5918] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22
[  187.812754][ T5918] usb-storage 4-1:1.0: USB Mass Storage device detected
[  187.846768][ T5839] EXT4-fs error (device loop0): ext4_empty_dir:3075: inode #12: comm syz-executor: invalid size
[  187.873614][ T5918] usb-storage 4-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  187.907827][ T5839] EXT4-fs (loop0): Remounting filesystem read-only
[  187.907922][ T5918] scsi host1: usb-storage 4-1:1.0
[  187.999191][ T5839] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  188.017729][   T37] EXT4-fs (loop0): Quota write (off=5120, len=1024) cancelled because transaction is not started
[  188.073940][   T37] Quota error (device loop0): write_blk: dquota write failed
[  188.081375][   T37] Quota error (device loop0): free_dqentry: Can't write quota data block 5
[  188.373493][ T6854] random: crng reseeded on system resumption
[  188.513235][ T6854] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  188.521146][ T6854] batman_adv: batadv0: Removing interface: batadv_slave_0
[  188.557141][ T6854] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  188.565220][ T6854] batman_adv: batadv0: Removing interface: batadv_slave_1
[  190.498080][ T6873] netlink: 'syz.4.243': attribute type 1 has an invalid length.
[  191.200645][ T5847] usb 4-1: USB disconnect, device number 5
[  191.685558][ T6883] loop4: detected capacity change from 0 to 512
[  191.747974][ T6881] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  191.882902][ T6883] EXT4-fs error (device loop4): ext4_orphan_get:1393: inode #15: comm syz.4.248: casefold flag without casefold feature
[  191.933002][ T6883] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.248: couldn't read orphan inode 15 (err -117)
[  191.980464][ T6883] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  192.448137][ T5847] usb 4-1: new full-speed USB device number 6 using dummy_hcd
[  193.026027][ T5847] usb 4-1: config 0 has an invalid interface number: 207 but max is 0
[  193.175008][ T5847] usb 4-1: config 0 has no interface number 0
[  193.188121][ T5847] usb 4-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  193.197662][ T5847] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  193.209428][ T5847] usb 4-1: Product: syz
[  193.213956][ T5847] usb 4-1: Manufacturer: syz
[  193.218871][ T5847] usb 4-1: SerialNumber: syz
[  193.227334][ T5847] usb 4-1: config 0 descriptor??
[  193.255342][ T5847] qmi_wwan 4-1:0.207: probe with driver qmi_wwan failed with error -22
[  193.452245][ T5845] Bluetooth: hci4: command 0x0406 tx timeout
[  193.508342][ T6904] random: crng reseeded on system resumption
[  193.628173][ T6905] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  193.636181][ T6905] batman_adv: batadv0: Removing interface: batadv_slave_0
[  194.522784][ T6908] hfs: can't find a HFS filesystem on dev nullb0
[  194.523054][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  194.552637][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  195.042105][ T6905] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  195.056372][ T5918] usb 4-1: USB disconnect, device number 6
[  195.084179][ T6905] batman_adv: batadv0: Removing interface: batadv_slave_1
[  195.160702][ T5841] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  197.448740][ T6929] loop2: detected capacity change from 0 to 512
[  197.537773][ T6929] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  197.683988][ T6929] ext4 filesystem being mounted at /44/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  197.862757][ T5932] usb 1-1: new full-speed USB device number 3 using dummy_hcd
[  198.656134][ T6929] EXT4-fs error (device loop2): ext4_do_update_inode:5567: inode #2: comm syz.2.261: corrupted inode contents
[  198.681701][ T6929] EXT4-fs error (device loop2): ext4_dirty_inode:6458: inode #2: comm syz.2.261: mark_inode_dirty error
[  198.698718][ T6929] EXT4-fs error (device loop2): ext4_do_update_inode:5567: inode #2: comm syz.2.261: corrupted inode contents
[  198.711667][ T6929] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #2: comm syz.2.261: mark_inode_dirty error
[  198.777630][ T5932] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  198.791305][ T5932] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  198.817187][ T5932] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  198.826515][ T5932] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  198.871119][ T5932] usb 1-1: SerialNumber: syz
[  199.031184][ T5932] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22
[  199.068151][ T5932] usb-storage 1-1:1.0: USB Mass Storage device detected
[  199.100871][ T5932] usb-storage 1-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  199.119678][ T5831] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  199.149391][ T5932] scsi host1: usb-storage 1-1:1.0
[  199.201696][ T6952] loop1: detected capacity change from 0 to 512
[  199.414107][ T6952] EXT4-fs error (device loop1): ext4_orphan_get:1393: inode #15: comm syz.1.266: casefold flag without casefold feature
[  199.447904][ T6952] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.266: couldn't read orphan inode 15 (err -117)
[  199.510475][ T6952] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  199.582406][ T6955] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  199.819427][ T6960] hfs: can't find a HFS filesystem on dev nullb0
[  201.448011][ T5911] usb 4-1: new full-speed USB device number 7 using dummy_hcd
[  202.481904][ T5911] usb 4-1: config 0 has an invalid interface number: 207 but max is 0
[  202.500799][ T5911] usb 4-1: config 0 has no interface number 0
[  202.514939][ T5911] usb 4-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  202.538153][ T5844] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  202.579533][ T5911] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  202.659157][ T5911] usb 4-1: Product: syz
[  202.669311][ T5911] usb 4-1: Manufacturer: syz
[  202.681912][ T5911] usb 4-1: SerialNumber: syz
[  202.726847][ T5911] usb 4-1: config 0 descriptor??
[  202.749266][ T5911] qmi_wwan 4-1:0.207: probe with driver qmi_wwan failed with error -22
[  204.027261][ T5911] usb 4-1: USB disconnect, device number 7
[  205.851404][ T5836] usb 1-1: USB disconnect, device number 3
[  205.908918][   T30] audit: type=1326 audit(1751354035.284:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7013 comm="syz.3.282" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4cc7b8e929 code=0x0
[  206.831970][ T5970] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  206.863487][ T7023] kvm: pic: non byte write
[  206.950964][ T7026] loop3: detected capacity change from 0 to 512
[  207.012199][ T5970] usb 2-1: Using ep0 maxpacket: 8
[  207.048084][ T5970] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  207.068373][ T7026] EXT4-fs error (device loop3): ext4_orphan_get:1393: inode #15: comm syz.3.285: casefold flag without casefold feature
[  207.113529][ T5970] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  207.171662][ T5970] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  207.221784][ T7026] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.285: couldn't read orphan inode 15 (err -117)
[  207.332698][ T5970] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  207.363365][ T7026] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  207.447603][ T5970] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  207.612329][ T5970] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  208.428187][ T5970] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  209.424087][ T5970] usb 2-1: can't set config #16, error -71
[  209.441197][ T5970] usb 2-1: USB disconnect, device number 4
[  210.527217][ T7056] xt_CHECKSUM: CHECKSUM should be avoided.  If really needed, restrict with "-p udp" and only use in OUTPUT
[  210.591687][   T30] audit: type=1326 audit(1751354039.974:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7055 comm="syz.1.295" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe4de18e929 code=0x0
[  210.722617][ T5832] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  212.660460][ T5840] Bluetooth: hci2: command 0x0406 tx timeout
[  212.660563][ T5154] Bluetooth: hci1: command 0x0406 tx timeout
[  212.670465][ T5840] Bluetooth: hci0: command 0x0406 tx timeout
[  215.013124][ T5970] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  215.471911][ T5970] usb 3-1: Using ep0 maxpacket: 8
[  215.812029][ T5970] usb 3-1: config index 0 descriptor too short (expected 301, got 45)
[  215.820306][ T5970] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  215.834952][ T5970] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  215.846220][ T5970] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  215.912402][ T5970] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  215.952184][ T5970] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  215.961294][ T5970] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  216.421257][ T5970] usb 3-1: usb_control_msg returned -32
[  216.427338][ T5970] usbtmc 3-1:16.0: can't read capabilities
[  216.863932][ T7094] usbtmc 3-1:16.0: usb_control_msg returned -32
[  216.960920][   T30] audit: type=1326 audit(1751354046.344:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7120 comm="syz.1.310" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe4de18e929 code=0x0
[  217.442235][ T5932] usb 1-1: new full-speed USB device number 4 using dummy_hcd
[  217.649337][ T5932] usb 1-1: config 0 has an invalid interface number: 207 but max is 0
[  217.705323][ T5932] usb 1-1: config 0 has no interface number 0
[  217.746171][ T5932] usb 1-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  217.763590][ T5932] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  217.772756][ T5932] usb 1-1: Product: syz
[  217.777083][ T5932] usb 1-1: Manufacturer: syz
[  217.790902][ T5932] usb 1-1: SerialNumber: syz
[  217.817506][ T5932] usb 1-1: config 0 descriptor??
[  217.835268][ T5932] qmi_wwan 1-1:0.207: probe with driver qmi_wwan failed with error -22
[  218.026263][ T7137] random: crng reseeded on system resumption
[  218.407987][ T7145] loop4: detected capacity change from 0 to 512
[  219.192549][ T5932] usb 3-1: USB disconnect, device number 6
[  219.419185][ T5911] usb 1-1: USB disconnect, device number 4
[  219.509364][ T7145] EXT4-fs error (device loop4): ext4_orphan_get:1393: inode #15: comm syz.4.316: casefold flag without casefold feature
[  219.544005][ T7145] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.316: couldn't read orphan inode 15 (err -117)
[  219.671414][ T7145] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  221.187540][ T7167] kvm: pic: non byte write
[  221.248246][ T7170] kvm: pic: non byte write
[  221.343620][ T7173] kvm: pic: non byte write
[  221.986372][ T7164] loop0: detected capacity change from 0 to 40427
[  221.993620][ T7186] kvm: pic: non byte write
[  222.034285][ T5918] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  222.088560][ T7164] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  222.168784][ T7164] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  222.177974][ T5841] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  222.256498][ T7164] F2FS-fs (loop0): invalid crc value
[  222.279896][ T5918] usb 3-1: config 0 has no interfaces?
[  222.314866][ T5918] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  222.324655][ T5918] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  222.360604][ T5918] usb 3-1: Product: syz
[  222.372603][ T5918] usb 3-1: Manufacturer: syz
[  222.388645][ T5918] usb 3-1: SerialNumber: syz
[  222.413893][ T5918] usb 3-1: config 0 descriptor??
[  223.358623][ T7164] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  223.393698][ T7164] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  223.466190][ T7207] random: crng reseeded on system resumption
[  223.587982][ T7208] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  223.596746][ T7208] batman_adv: batadv0: Removing interface: batadv_slave_0
[  223.637222][ T7208] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  223.645181][ T7208] batman_adv: batadv0: Removing interface: batadv_slave_1
[  224.324364][   T30] audit: type=1800 audit(1751354053.694:6): pid=7164 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.320" name="file1" dev="loop0" ino=10 res=0 errno=0
[  224.675455][   T24] usb 2-1: new full-speed USB device number 5 using dummy_hcd
[  224.894436][   T24] usb 2-1: config 0 has an invalid interface number: 207 but max is 0
[  225.574738][   T24] usb 2-1: config 0 has no interface number 0
[  225.681409][   T24] usb 2-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  225.901862][   T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  226.326592][   T24] usb 2-1: Product: syz
[  226.330818][   T24] usb 2-1: Manufacturer: syz
[  226.347852][   T24] usb 2-1: SerialNumber: syz
[  226.367808][   T24] usb 2-1: config 0 descriptor??
[  226.397442][   T24] qmi_wwan 2-1:0.207: probe with driver qmi_wwan failed with error -22
[  226.556341][ T5847] usb 3-1: USB disconnect, device number 7
[  226.661647][ T7230] kvm: pic: non byte write
[  226.694997][   T24] usb 2-1: USB disconnect, device number 5
[  229.333405][ T7249] loop1: detected capacity change from 0 to 40427
[  229.347130][ T7249] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  229.356009][ T7249] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  229.423119][ T7257] random: crng reseeded on system resumption
[  230.137399][ T7249] F2FS-fs (loop1): invalid crc value
[  230.240518][ T7249] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  230.247888][ T7249] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  231.452300][   T30] audit: type=1800 audit(1751354060.844:7): pid=7287 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.340" name="file1" dev="loop1" ino=10 res=0 errno=0
[  231.727947][ T7290] kvm: pic: non byte write
[  233.401964][ T5970] usb 3-1: new full-speed USB device number 8 using dummy_hcd
[  233.414086][ T7303] hfs: can't find a HFS filesystem on dev nullb0
[  233.556038][ T5970] usb 3-1: config 0 has an invalid interface number: 207 but max is 0
[  233.564473][ T5970] usb 3-1: config 0 has no interface number 0
[  233.576714][ T5970] usb 3-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  233.600756][ T5970] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  233.619783][ T5970] usb 3-1: Product: syz
[  233.630761][ T5970] usb 3-1: Manufacturer: syz
[  233.643204][ T5970] usb 3-1: SerialNumber: syz
[  233.667259][ T5970] usb 3-1: config 0 descriptor??
[  233.692881][ T5970] qmi_wwan 3-1:0.207: probe with driver qmi_wwan failed with error -22
[  233.935751][ T5918] usb 3-1: USB disconnect, device number 8
[  234.051356][ T6804] kworker/u8:11: attempt to access beyond end of device
[  234.051356][ T6804] loop1: rw=1, sector=77824, nr_sectors = 2048 limit=40427
[  234.130758][ T6804] kworker/u8:11: attempt to access beyond end of device
[  234.130758][ T6804] loop1: rw=1, sector=79872, nr_sectors = 2048 limit=40427
[  234.188873][ T6804] kworker/u8:11: attempt to access beyond end of device
[  234.188873][ T6804] loop1: rw=1, sector=49152, nr_sectors = 744 limit=40427
[  234.332145][ T5847] usb 5-1: new full-speed USB device number 4 using dummy_hcd
[  235.185607][ T5847] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  235.320855][ T5847] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  235.423590][ T5847] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  235.545363][ T5847] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  235.607793][ T5847] usb 5-1: SerialNumber: syz
[  235.803725][ T5847] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22
[  235.827530][ T5847] usb-storage 5-1:1.0: USB Mass Storage device detected
[  236.056509][ T7327] netlink: 40 bytes leftover after parsing attributes in process `syz.2.356'.
[  236.598924][ T5847] usb-storage 5-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  237.510025][ T5847] scsi host1: usb-storage 5-1:1.0
[  237.669284][ T7338] netlink: 12 bytes leftover after parsing attributes in process `syz.2.358'.
[  237.799625][ T7345] netlink: 28 bytes leftover after parsing attributes in process `syz.2.358'.
[  238.819110][ T7344] 8021q: adding VLAN 0 to HW filter on device bond2
[  238.973882][ T7344] bond1: (slave bond2): Enslaving as an active interface with an up link
[  238.987812][ T7357] netlink: 4 bytes leftover after parsing attributes in process `syz.3.361'.
[  239.003091][ T7357] loop2: detected capacity change from 0 to 7
[  240.801919][ T5932] usb 3-1: new full-speed USB device number 9 using dummy_hcd
[  241.452629][ T5970] usb 5-1: USB disconnect, device number 4
[  241.784798][ T5932] usb 3-1: config 0 has an invalid interface number: 207 but max is 0
[  241.817728][ T5932] usb 3-1: config 0 has no interface number 0
[  241.872984][ T7389] netlink: 40 bytes leftover after parsing attributes in process `syz.4.368'.
[  242.465065][ T5932] usb 3-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  242.521017][ T5932] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  242.542240][ T5932] usb 3-1: Product: syz
[  242.546557][ T5932] usb 3-1: Manufacturer: syz
[  242.559238][ T5932] usb 3-1: SerialNumber: syz
[  242.606592][ T7397] loop0: detected capacity change from 0 to 512
[  242.620452][ T5932] usb 3-1: config 0 descriptor??
[  242.652668][ T5932] qmi_wwan 3-1:0.207: probe with driver qmi_wwan failed with error -22
[  242.855770][ T7397] EXT4-fs error (device loop0): ext4_orphan_get:1393: inode #15: comm syz.0.370: casefold flag without casefold feature
[  243.434341][ T7397] EXT4-fs error (device loop0): ext4_orphan_get:1398: comm syz.0.370: couldn't read orphan inode 15 (err -117)
[  243.457654][ T7397] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  243.523393][ T5932] usb 3-1: USB disconnect, device number 9
[  244.763264][ T7413] netlink: 12 bytes leftover after parsing attributes in process `syz.2.374'.
[  244.879445][ T7421] netlink: 28 bytes leftover after parsing attributes in process `syz.2.374'.
[  245.139645][ T7417] 8021q: adding VLAN 0 to HW filter on device bond4
[  245.148585][ T7417] bond3: (slave bond4): Enslaving as an active interface with an up link
[  245.314432][ T7426] loop3: detected capacity change from 0 to 512
[  245.388595][ T7428] warn_alloc: 2 callbacks suppressed
[  245.388610][ T7428] syz.2.378: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  245.410206][ T7426] EXT4-fs error (device loop3): ext4_orphan_get:1393: inode #15: comm syz.3.377: casefold flag without casefold feature
[  245.412302][ T7428] CPU: 0 UID: 0 PID: 7428 Comm: syz.2.378 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  245.412334][ T7428] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  245.412361][ T7428] Call Trace:
[  245.412372][ T7428]  <TASK>
[  245.412382][ T7428]  dump_stack_lvl+0x189/0x250
[  245.412432][ T7428]  ? __pfx_dump_stack_lvl+0x10/0x10
[  245.412469][ T7428]  ? __pfx__printk+0x10/0x10
[  245.412495][ T7428]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  245.412532][ T7428]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  245.412570][ T7428]  ? cpuset_print_current_mems_allowed+0x2ee/0x360
[  245.412609][ T7428]  warn_alloc+0x214/0x310
[  245.412634][ T7428]  ? stack_depot_save_flags+0x40/0x900
[  245.412668][ T7428]  ? __pfx_warn_alloc+0x10/0x10
[  245.412695][ T7428]  ? kasan_save_track+0x4f/0x80
[  245.412730][ T7428]  ? xskq_create+0x56/0x170
[  245.412761][ T7428]  ? xsk_init_queue+0xb0/0x110
[  245.412797][ T7428]  ? xsk_setsockopt+0x43f/0x710
[  245.412825][ T7428]  ? do_sock_setsockopt+0x25a/0x3e0
[  245.412851][ T7428]  ? __x64_sys_setsockopt+0x18b/0x220
[  245.412874][ T7428]  ? do_syscall_64+0xfa/0x3b0
[  245.412889][ T7428]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  245.412917][ T7428]  __vmalloc_node_range_noprof+0x125/0x12f0
[  245.412979][ T7428]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  245.413026][ T7428]  ? __kasan_kmalloc+0x93/0xb0
[  245.413065][ T7428]  vmalloc_user_noprof+0xad/0xf0
[  245.413089][ T7428]  ? xskq_create+0xbf/0x170
[  245.413135][ T7428]  xskq_create+0xbf/0x170
[  245.413175][ T7428]  xsk_init_queue+0xb0/0x110
[  245.413215][ T7428]  xsk_setsockopt+0x43f/0x710
[  245.413254][ T7428]  ? __pfx_xsk_setsockopt+0x10/0x10
[  245.413284][ T7428]  ? __lock_acquire+0xab9/0xd20
[  245.413317][ T7428]  ? aa_sock_opt_perm+0xff/0x1b0
[  245.413353][ T7428]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  245.413381][ T7428]  ? __pfx_xsk_setsockopt+0x10/0x10
[  245.413415][ T7428]  do_sock_setsockopt+0x25a/0x3e0
[  245.413446][ T7428]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  245.413480][ T7428]  ? __fget_files+0x2a/0x420
[  245.413515][ T7428]  __x64_sys_setsockopt+0x18b/0x220
[  245.413548][ T7428]  do_syscall_64+0xfa/0x3b0
[  245.413571][ T7428]  ? lockdep_hardirqs_on+0x9c/0x150
[  245.413604][ T7428]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  245.413628][ T7428]  ? clear_bhb_loop+0x60/0xb0
[  245.413657][ T7428]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  245.413680][ T7428] RIP: 0033:0x7fc0bf18e929
[  245.413703][ T7428] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  245.413723][ T7428] RSP: 002b:00007fc0bcff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  245.413749][ T7428] RAX: ffffffffffffffda RBX: 00007fc0bf3b5fa0 RCX: 00007fc0bf18e929
[  245.413765][ T7428] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000007
[  245.413779][ T7428] RBP: 00007fc0bf210b39 R08: 0000000000000004 R09: 0000000000000000
[  245.413792][ T7428] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  245.413808][ T7428] R13: 0000000000000000 R14: 00007fc0bf3b5fa0 R15: 00007ffd8f3f0aa8
[  245.413845][ T7428]  </TASK>
[  245.413992][ T7428] Mem-Info:
[  245.566403][ T7426] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.377: couldn't read orphan inode 15 (err -117)
[  245.771642][ T7428] active_anon:8629 inactive_anon:0 isolated_anon:0
[  245.771642][ T7428]  active_file:1407 inactive_file:39904 isolated_file:0
[  245.771642][ T7428]  unevictable:768 dirty:46 writeback:0
[  245.771642][ T7428]  slab_reclaimable:10658 slab_unreclaimable:96702
[  245.771642][ T7428]  mapped:30958 shmem:4345 pagetables:1226
[  245.771642][ T7428]  sec_pagetables:0 bounce:0
[  245.771642][ T7428]  kernel_misc_reclaimable:0
[  245.771642][ T7428]  free:1329349 free_pcp:17531 free_cma:0
[  245.897771][ T7428] Node 0 active_anon:22916kB inactive_anon:0kB active_file:5628kB inactive_file:159412kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:123732kB dirty:184kB writeback:0kB shmem:4444kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12356kB pagetables:4760kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  245.924375][ T7426] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  245.929780][ T7428] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  245.989628][ T7428] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  246.032303][ T5839] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  246.104014][ T7428] lowmem_reserve[]: 0 2498 2500 2500 2500
[  246.110043][ T7428] Node 0 DMA32 free:1423504kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:30164kB inactive_anon:0kB active_file:5628kB inactive_file:157880kB unevictable:1536kB writepending:168kB present:3129332kB managed:2558440kB mlocked:0kB bounce:0kB free_pcp:51228kB local_pcp:34884kB free_cma:0kB
[  246.144629][ T7428] lowmem_reserve[]: 0 0 1 1 1
[  246.151715][ T7428] Node 0 Normal free:24kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1568kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[  247.269712][ T7428] lowmem_reserve[]: 0 0 0 0 0
[  247.269830][ T7428] Node 1 Normal free:3880472kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:21324kB local_pcp:13320kB free_cma:0kB
[  247.269900][ T7428] lowmem_reserve[]: 0 0 0 0 0
[  247.269953][ T7428] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  247.270126][ T7428] Node 0 DMA32: 1427*4kB (UME) 1132*8kB (UME) 512*16kB (UM) 221*32kB (UME) 18*64kB (UME) 35*128kB (UME) 45*256kB (UM) 5*512kB (M) 2*1024kB (ME) 5*2048kB (UM) 333*4096kB (M) = 1425996kB
[  247.270354][ T7428] Node 0 Normal: 0*4kB 1*8kB (M) 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24kB
[  247.270508][ T7428] Node 1 Normal: 204*4kB (UE) 71*8kB (UME) 53*16kB (UME) 83*32kB (UME) 26*64kB (UME) 7*128kB (UME) 5*256kB (UME) 4*512kB (UME) 1*1024kB (M) 1*2048kB (E) 944*4096kB (M) = 3880472kB
[  247.270842][ T7428] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  247.270862][ T7428] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  247.270879][ T7428] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  247.270897][ T7428] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  247.270914][ T7428] 45613 total pagecache pages
[  247.270924][ T7428] 0 pages in swap cache
[  247.270932][ T7428] Free swap  = 124996kB
[  247.270941][ T7428] Total swap = 124996kB
[  247.270952][ T7428] 2097051 pages RAM
[  247.270961][ T7428] 0 pages HighMem/MovableOnly
[  247.270970][ T7428] 425399 pages reserved
[  247.270980][ T7428] 0 pages cma reserved
[  248.533258][ T7453] loop1: detected capacity change from 0 to 256
[  248.571369][ T5832] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  248.575038][ T7453] =======================================================
[  248.575038][ T7453] WARNING: The mand mount option has been deprecated and
[  248.575038][ T7453]          and is ignored by this kernel. Remove the mand
[  248.575038][ T7453]          option from the mount to silence this warning.
[  248.575038][ T7453] =======================================================
[  248.675325][ T7453] exfat: Unknown parameter 'ÿ0xffffffffffffffff'
[  248.753713][ T7453] fuse: Bad value for 'fd'
[  248.970335][ T7462] netlink: 'syz.3.384': attribute type 2 has an invalid length.
[  248.978144][ T7462] netlink: 8 bytes leftover after parsing attributes in process `syz.3.384'.
[  250.903212][ T5970] usb 2-1: new full-speed USB device number 6 using dummy_hcd
[  251.509183][ T5970] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  251.551100][ T5970] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  251.565032][ T5970] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  251.639393][ T7498] random: crng reseeded on system resumption
[  252.439966][ T5970] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  252.448428][ T5970] usb 2-1: SerialNumber: syz
[  252.469505][ T5970] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22
[  252.478585][ T5970] usb-storage 2-1:1.0: USB Mass Storage device detected
[  252.513537][ T5970] usb-storage 2-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  252.536273][ T5970] scsi host1: usb-storage 2-1:1.0
[  252.968434][ T7519] netlink: 'syz.3.398': attribute type 2 has an invalid length.
[  252.976267][ T7519] netlink: 8 bytes leftover after parsing attributes in process `syz.3.398'.
[  255.501561][ T5932] usb 2-1: USB disconnect, device number 6
[  255.837539][ T7553] warn_alloc: 1 callbacks suppressed
[  255.837560][ T7553] syz.3.408: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null)
[  255.895903][ T7551] random: crng reseeded on system resumption
[  255.949277][ T7553] ,cpuset=/,mems_allowed=0-1
[  255.960588][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  255.987965][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  256.047318][ T7553] CPU: 1 UID: 0 PID: 7553 Comm: syz.3.408 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  256.047350][ T7553] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  256.047363][ T7553] Call Trace:
[  256.047372][ T7553]  <TASK>
[  256.047382][ T7553]  dump_stack_lvl+0x189/0x250
[  256.047420][ T7553]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  256.047447][ T7553]  ? __pfx_dump_stack_lvl+0x10/0x10
[  256.047479][ T7553]  ? __pfx__printk+0x10/0x10
[  256.047503][ T7553]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  256.047535][ T7553]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  256.047575][ T7553]  warn_alloc+0x214/0x310
[  256.047597][ T7553]  ? stack_depot_save_flags+0x40/0x900
[  256.047629][ T7553]  ? __pfx_warn_alloc+0x10/0x10
[  256.047653][ T7553]  ? kasan_save_track+0x4f/0x80
[  256.047683][ T7553]  ? xskq_create+0x56/0x170
[  256.047712][ T7553]  ? xsk_init_queue+0xb0/0x110
[  256.047739][ T7553]  ? xsk_setsockopt+0x43f/0x710
[  256.047764][ T7553]  ? do_sock_setsockopt+0x25a/0x3e0
[  256.047786][ T7553]  ? __x64_sys_setsockopt+0x18b/0x220
[  256.047808][ T7553]  ? do_syscall_64+0xfa/0x3b0
[  256.047825][ T7553]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  256.047855][ T7553]  __vmalloc_node_range_noprof+0x125/0x12f0
[  256.047913][ T7553]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  256.047955][ T7553]  ? __kasan_kmalloc+0x93/0xb0
[  256.047990][ T7553]  vmalloc_user_noprof+0xad/0xf0
[  256.048011][ T7553]  ? xskq_create+0xbf/0x170
[  256.048042][ T7553]  xskq_create+0xbf/0x170
[  256.048077][ T7553]  xsk_init_queue+0xb0/0x110
[  256.048111][ T7553]  xsk_setsockopt+0x43f/0x710
[  256.048143][ T7553]  ? __pfx_xsk_setsockopt+0x10/0x10
[  256.048171][ T7553]  ? __lock_acquire+0xab9/0xd20
[  256.048200][ T7553]  ? aa_sock_opt_perm+0xff/0x1b0
[  256.048232][ T7553]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  256.048257][ T7553]  ? __pfx_xsk_setsockopt+0x10/0x10
[  256.048288][ T7553]  do_sock_setsockopt+0x25a/0x3e0
[  256.048323][ T7553]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  256.048352][ T7553]  ? __fget_files+0x2a/0x420
[  256.048383][ T7553]  __x64_sys_setsockopt+0x18b/0x220
[  256.048415][ T7553]  do_syscall_64+0xfa/0x3b0
[  256.048434][ T7553]  ? lockdep_hardirqs_on+0x9c/0x150
[  256.048464][ T7553]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  256.048485][ T7553]  ? clear_bhb_loop+0x60/0xb0
[  256.048511][ T7553]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  256.048530][ T7553] RIP: 0033:0x7f4cc7b8e929
[  256.048549][ T7553] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  256.048566][ T7553] RSP: 002b:00007f4cc8a24038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  256.048589][ T7553] RAX: ffffffffffffffda RBX: 00007f4cc7db5fa0 RCX: 00007f4cc7b8e929
[  256.048604][ T7553] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000007
[  256.048616][ T7553] RBP: 00007f4cc7c10b39 R08: 0000000000000004 R09: 0000000000000000
[  256.048629][ T7553] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  256.048642][ T7553] R13: 0000000000000000 R14: 00007f4cc7db5fa0 R15: 00007ffd18e75418
[  256.048675][ T7553]  </TASK>
[  256.446124][ T7553] Mem-Info:
[  256.449353][ T7553] active_anon:5654 inactive_anon:0 isolated_anon:0
[  256.449353][ T7553]  active_file:1407 inactive_file:39896 isolated_file:0
[  256.449353][ T7553]  unevictable:768 dirty:102 writeback:0
[  256.449353][ T7553]  slab_reclaimable:10588 slab_unreclaimable:96863
[  256.449353][ T7553]  mapped:31909 shmem:1378 pagetables:1240
[  256.449353][ T7553]  sec_pagetables:0 bounce:0
[  256.449353][ T7553]  kernel_misc_reclaimable:0
[  256.449353][ T7553]  free:1334014 free_pcp:15812 free_cma:0
[  256.798383][ T7553] Node 0 active_anon:22684kB inactive_anon:0kB active_file:5628kB inactive_file:159384kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:127644kB dirty:408kB writeback:0kB shmem:3920kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12408kB pagetables:4848kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  256.837323][ T7553] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:144kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  256.867736][ T7553] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  256.896752][ T7553] lowmem_reserve[]: 0 2498 2500 2500 2500
[  256.904606][ T7553] Node 0 DMA32 free:1439944kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:22640kB inactive_anon:0kB active_file:5628kB inactive_file:157816kB unevictable:1536kB writepending:408kB present:3129332kB managed:2558440kB mlocked:0kB bounce:0kB free_pcp:42788kB local_pcp:17800kB free_cma:0kB
[  257.004515][ T7553] lowmem_reserve[]: 0 0 1 1 1
[  257.010550][ T7553] Node 0 Normal free:24kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:44kB inactive_anon:0kB active_file:0kB inactive_file:1568kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:8kB local_pcp:0kB free_cma:0kB
[  257.059653][ T7565] netlink: 'syz.0.410': attribute type 2 has an invalid length.
[  257.067443][ T7565] netlink: 8 bytes leftover after parsing attributes in process `syz.0.410'.
[  257.107863][ T7553] lowmem_reserve[]: 0 0 0 0 0
[  257.134684][ T7553] Node 1 Normal free:3880472kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:204kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:21324kB local_pcp:8004kB free_cma:0kB
[  257.177805][ T7553] lowmem_reserve[]: 0 0 0 0 0
[  257.183556][ T7553] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  257.198343][ T7553] Node 0 DMA32: 518*4kB (UME) 1076*8kB (UME) 479*16kB (UM) 259*32kB (UME) 113*64kB (UME) 105*128kB (UME) 52*256kB (UM) 6*512kB (M) 2*1024kB (ME) 3*2048kB (UM) 334*4096kB (M) = 1439944kB
[  257.222991][ T7553] Node 0 Normal: 0*4kB 1*8kB (M) 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24kB
[  257.237569][ T7553] Node 1 Normal: 204*4kB (UE) 71*8kB (UME) 53*16kB (UME) 83*32kB (UME) 26*64kB (UME) 7*128kB (UME) 5*256kB (UME) 4*512kB (UME) 1*1024kB (M) 1*2048kB (E) 944*4096kB (M) = 3880472kB
[  257.257873][ T7553] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  257.268423][ T7553] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  257.278859][ T7553] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  257.292627][ T7553] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  257.302843][ T7553] 42658 total pagecache pages
[  257.307676][ T7553] 0 pages in swap cache
[  257.314445][ T7553] Free swap  = 124996kB
[  257.341579][ T7553] Total swap = 124996kB
[  257.346436][ T7553] 2097051 pages RAM
[  257.350352][ T7553] 0 pages HighMem/MovableOnly
[  257.355798][ T7553] 425399 pages reserved
[  257.360170][ T7553] 0 pages cma reserved
[  258.964336][ T7578] netlink: 12 bytes leftover after parsing attributes in process `syz.1.414'.
[  259.161702][ T7586] kvm: pic: non byte write
[  259.185087][ T7578] 8021q: adding VLAN 0 to HW filter on device bond2
[  259.194128][ T7578] bond1: (slave bond2): Enslaving as an active interface with an up link
[  259.331903][ T5911] usb 5-1: new full-speed USB device number 5 using dummy_hcd
[  260.859630][ T5911] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  261.156459][ T5911] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  261.201875][ T5911] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  261.215128][ T5911] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  261.223475][ T5911] usb 5-1: SerialNumber: syz
[  261.247396][ T5911] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22
[  261.258130][ T5911] usb-storage 5-1:1.0: USB Mass Storage device detected
[  261.307059][ T5911] usb-storage 5-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  261.350927][ T5911] scsi host1: usb-storage 5-1:1.0
[  261.440357][ T7599] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  261.459214][ T5932] lo speed is unknown, defaulting to 1000
[  261.540295][ T7601] netlink: 'syz.0.421': attribute type 2 has an invalid length.
[  261.548365][ T7601] netlink: 8 bytes leftover after parsing attributes in process `syz.0.421'.
[  262.720994][ T7610] random: crng reseeded on system resumption
[  264.144912][ T5898] usb 5-1: USB disconnect, device number 5
[  265.728241][ T7646] kvm: pic: non byte write
[  266.209556][ T7654] loop2: detected capacity change from 0 to 7
[  266.313640][ T7656] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  266.873563][ T7654] Dev loop2: unable to read RDB block 7
[  266.879425][ T7654]  loop2: AHDI p1 p2 p3
[  266.883707][ T7654] loop2: partition table partially beyond EOD, truncated
[  266.890979][ T7654] loop2: p1 start 1601398130 is beyond EOD, truncated
[  266.897839][ T7654] loop2: p2 start 1702059890 is beyond EOD, truncated
[  268.676326][ T5849] Bluetooth: hci4: command 0x0406 tx timeout
[  268.780666][ T7666] random: crng reseeded on system resumption
[  269.218893][ T5898] usb 5-1: new full-speed USB device number 6 using dummy_hcd
[  269.440991][ T5898] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  269.527466][ T7691] hfs: can't find a HFS filesystem on dev nullb0
[  270.032641][ T5898] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  270.070008][ T5898] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  270.106163][ T5898] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  270.151928][ T5898] usb 5-1: SerialNumber: syz
[  270.277410][ T7696] hfs: can't find a HFS filesystem on dev nullb0
[  271.270692][ T5898] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22
[  271.523912][ T5898] usb-storage 5-1:1.0: USB Mass Storage device detected
[  271.635057][ T5898] usb-storage 5-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  271.714246][ T5898] scsi host1: usb-storage 5-1:1.0
[  272.117902][ T7710] kAFS: No cell specified
[  274.015263][ T7723] random: crng reseeded on system resumption
[  274.266579][ T5849] Bluetooth: hci4: command 0x0406 tx timeout
[  275.612317][ T5911] usb 5-1: USB disconnect, device number 6
[  276.629668][ T7751] kAFS: No cell specified
[  279.384200][ T7777] netlink: 'syz.3.464': attribute type 1 has an invalid length.
[  279.603121][ T7784] ubi31: attaching mtd0
[  279.610118][ T7784] ubi31: scanning is finished
[  279.615020][ T7784] ubi31: empty MTD device detected
[  280.058757][ T7784] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB)
[  280.066491][ T7784] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes
[  280.073869][ T7784] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1
[  280.080938][ T7784] ubi31: VID header offset: 64 (aligned 64), data offset: 128
[  280.088506][ T7784] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0
[  280.095463][ T7784] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23
[  280.103610][ T7784] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1397247425
[  280.113773][ T7784] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0
[  280.125514][ T7787] ubi31: background thread "ubi_bgt31d" started, PID 7787
[  281.509314][ T7793] random: crng reseeded on system resumption
[  284.605097][ T7828] kvm: pic: non byte write
[  285.435562][ T7844] netlink: 'syz.3.479': attribute type 1 has an invalid length.
[  286.306314][ T7848] random: crng reseeded on system resumption
[  286.399380][ T7851] netlink: 'syz.1.483': attribute type 2 has an invalid length.
[  286.407538][ T7851] netlink: 8 bytes leftover after parsing attributes in process `syz.1.483'.
[  290.553386][ T7902] netlink: 'syz.0.495': attribute type 1 has an invalid length.
[  291.223210][ T7906] kvm: pic: non byte write
[  291.592873][ T7911] netlink: 'syz.2.497': attribute type 2 has an invalid length.
[  291.600602][ T7911] netlink: 8 bytes leftover after parsing attributes in process `syz.2.497'.
[  292.655480][ T7917] random: crng reseeded on system resumption
[  295.672381][ T7952] hfs: can't find a HFS filesystem on dev nullb0
[  297.318349][ T7965] netlink: 'syz.4.511': attribute type 2 has an invalid length.
[  297.326314][ T7965] netlink: 8 bytes leftover after parsing attributes in process `syz.4.511'.
[  298.441869][ T5932] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  299.312184][ T5932] usb 2-1: Using ep0 maxpacket: 8
[  299.321712][ T5932] usb 2-1: config 1 has an invalid descriptor of length 251, skipping remainder of the config
[  299.345737][ T5932] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 64320, setting to 1024
[  299.357917][ T5932] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024
[  299.370188][ T5932] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  299.457136][ T5932] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  299.466637][ T5932] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  299.482424][ T5932] usb 2-1: Product: syz
[  299.486710][ T5932] usb 2-1: Manufacturer: syz
[  299.493598][ T5932] usb 2-1: SerialNumber: syz
[  299.553517][ T7970] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  299.563745][ T5932] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22
[  299.586925][ T5932] usbtest 2-1:1.0: couldn't get endpoints, -22
[  299.610287][ T7980] random: crng reseeded on system resumption
[  299.658217][ T5932] usbtest 2-1:1.0: probe with driver usbtest failed with error -22
[  299.833977][ T7986] hfs: can't find a HFS filesystem on dev nullb0
[  300.332386][ T5911] usb 2-1: USB disconnect, device number 7
[  300.893870][   T24] usb 1-1: new full-speed USB device number 5 using dummy_hcd
[  301.081351][   T24] usb 1-1: config 0 has an invalid interface number: 207 but max is 0
[  301.112821][   T24] usb 1-1: config 0 has no interface number 0
[  301.273559][   T24] usb 1-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  301.521328][ T8003] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  301.653426][ T8002] xt_CT: You must specify a L4 protocol and not use inversions on it
[  301.681639][   T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  301.711847][   T24] usb 1-1: Product: syz
[  301.726664][   T24] usb 1-1: Manufacturer: syz
[  301.731302][   T24] usb 1-1: SerialNumber: syz
[  301.788161][   T24] usb 1-1: config 0 descriptor??
[  301.821912][   T24] qmi_wwan 1-1:0.207: probe with driver qmi_wwan failed with error -22
[  301.942350][ T5847] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  302.062565][ T5970] usb 1-1: USB disconnect, device number 5
[  302.131891][ T5847] usb 4-1: Using ep0 maxpacket: 8
[  302.212291][ T5847] usb 4-1: config index 0 descriptor too short (expected 301, got 45)
[  302.267231][ T5847] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  302.324586][ T5847] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  302.339596][ T5847] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  302.351686][ T5847] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  302.379362][ T5847] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  302.391061][ T5847] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  302.675508][ T5847] usb 4-1: usb_control_msg returned -32
[  302.706034][ T5847] usbtmc 4-1:16.0: can't read capabilities
[  302.893467][ T5970] usb 2-1: new full-speed USB device number 8 using dummy_hcd
[  303.068626][ T5970] usb 2-1: config 0 has an invalid interface number: 207 but max is 0
[  303.977080][ T5970] usb 2-1: config 0 has no interface number 0
[  304.216550][ T5970] usb 2-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  304.242852][ T5970] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  304.279158][ T5970] usb 2-1: Product: syz
[  304.301685][ T5970] usb 2-1: Manufacturer: syz
[  304.307882][ T5970] usb 2-1: SerialNumber: syz
[  304.324835][ T5970] usb 2-1: config 0 descriptor??
[  304.337944][ T5970] qmi_wwan 2-1:0.207: probe with driver qmi_wwan failed with error -22
[  304.371093][ T8022] netlink: 'syz.2.525': attribute type 2 has an invalid length.
[  304.379372][ T8022] netlink: 8 bytes leftover after parsing attributes in process `syz.2.525'.
[  304.636230][ T5970] usb 2-1: USB disconnect, device number 8
[  304.729953][ T8027] random: crng reseeded on system resumption
[  305.332219][ T5970] usb 4-1: USB disconnect, device number 8
[  305.714002][ T8042] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  305.734398][ T8042] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  306.218038][ T8052] hfs: can't find a HFS filesystem on dev nullb0
[  308.218026][ T8081] random: crng reseeded on system resumption
[  308.577733][   T10] usb 4-1: new full-speed USB device number 9 using dummy_hcd
[  308.682101][ T5970] usb 5-1: new full-speed USB device number 7 using dummy_hcd
[  308.727303][ T8087] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  308.830978][   T10] usb 4-1: config 0 has an invalid interface number: 207 but max is 0
[  308.866104][ T8087] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  308.968229][   T10] usb 4-1: config 0 has no interface number 0
[  308.996801][ T5970] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  309.115486][   T10] usb 4-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  309.142166][ T5970] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  309.162463][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  309.461623][   T10] usb 4-1: Product: syz
[  309.486340][   T10] usb 4-1: Manufacturer: syz
[  309.502326][ T5970] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  309.524124][   T10] usb 4-1: SerialNumber: syz
[  309.532295][ T5970] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  309.562939][   T10] usb 4-1: config 0 descriptor??
[  309.582014][ T5970] usb 5-1: SerialNumber: syz
[  309.596482][   T10] qmi_wwan 4-1:0.207: probe with driver qmi_wwan failed with error -22
[  309.624963][ T5970] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22
[  309.652520][ T5970] usb-storage 5-1:1.0: USB Mass Storage device detected
[  309.671405][ T5970] usb-storage 5-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  309.699546][ T5970] scsi host1: usb-storage 5-1:1.0
[  309.810659][ T5970] usb 4-1: USB disconnect, device number 9
[  311.118275][ T8113] netlink: 40 bytes leftover after parsing attributes in process `syz.1.546'.
[  312.527916][ T5847] usb 5-1: USB disconnect, device number 7
[  314.010081][ T8139] random: crng reseeded on system resumption
[  316.358124][ T8167] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  316.854293][ T8174] netlink: 40 bytes leftover after parsing attributes in process `syz.4.557'.
[  317.404416][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  317.410776][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  317.807650][ T8177] loop2: detected capacity change from 0 to 7
[  317.815005][ T8177] Dev loop2: unable to read RDB block 7
[  317.820617][ T8177]  loop2: AHDI p1 p2 p3
[  317.824877][ T8177] loop2: partition table partially beyond EOD, truncated
[  317.834219][ T8177] loop2: p1 start 1601398130 is beyond EOD, truncated
[  317.841026][ T8177] loop2: p2 start 1702059890 is beyond EOD, truncated
[  317.852773][ T8177] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  319.178378][ T8186] loop3: detected capacity change from 0 to 40427
[  319.186533][ T8186] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  319.194373][ T8186] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  319.205575][ T8186] F2FS-fs (loop3): invalid crc value
[  319.302464][ T8186] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  319.309553][ T8186] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  319.648259][ T8206] random: crng reseeded on system resumption
[  320.475852][   T30] audit: type=1800 audit(1751354149.864:8): pid=8210 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.563" name="file1" dev="loop3" ino=10 res=0 errno=0
[  322.628383][   T12] kworker/u8:0: attempt to access beyond end of device
[  322.628383][   T12] loop3: rw=1, sector=77824, nr_sectors = 2064 limit=40427
[  322.687926][   T12] kworker/u8:0: attempt to access beyond end of device
[  322.687926][   T12] loop3: rw=1, sector=79888, nr_sectors = 1320 limit=40427
[  325.582881][ T8260] random: crng reseeded on system resumption
[  326.147830][ T8267] hfs: can't find a HFS filesystem on dev nullb0
[  326.673902][ T8264] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  326.708226][ T8275] loop2: detected capacity change from 0 to 7
[  326.716885][ T8275] Dev loop2: unable to read RDB block 7
[  326.722582][ T8275]  loop2: AHDI p1 p2 p3
[  326.726810][ T8275] loop2: partition table partially beyond EOD, truncated
[  326.734325][ T8275] loop2: p1 start 1601398130 is beyond EOD, truncated
[  326.742081][ T8275] loop2: p2 start 1702059890 is beyond EOD, truncated
[  326.769886][ T8275] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  327.185334][ T8280] hfs: can't find a HFS filesystem on dev nullb0
[  328.831945][ T5932] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  329.084894][ T8303] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized
[  329.121890][ T5932] usb 5-1: Using ep0 maxpacket: 32
[  329.142653][ T5932] usb 5-1: config 0 has an invalid interface number: 12 but max is 0
[  329.157717][ T5932] usb 5-1: config 0 has no interface number 0
[  329.175686][ T5932] usb 5-1: config 0 interface 12 has no altsetting 0
[  329.199473][ T5932] usb 5-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40
[  329.224909][ T5932] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  329.236767][ T5932] usb 5-1: Product: syz
[  329.241499][ T5932] usb 5-1: Manufacturer: syz
[  329.250258][ T5932] usb 5-1: SerialNumber: syz
[  329.274453][ T5932] usb 5-1: config 0 descriptor??
[  329.308056][ T5932] f81534 5-1:0.12: required endpoints missing
[  329.984208][ T8313] random: crng reseeded on system resumption
[  331.645877][   T10] usb 5-1: USB disconnect, device number 8
[  331.772168][ T5970] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  331.931981][ T5970] usb 1-1: Using ep0 maxpacket: 8
[  332.033828][ T5970] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  332.066555][ T5970] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 54240, setting to 1024
[  332.082390][ T5970] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024
[  332.131867][ T5970] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  332.244944][ T5970] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  332.261863][ T5970] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  332.280579][ T5970] usb 1-1: Product: syz
[  332.285243][ T5970] usb 1-1: Manufacturer: syz
[  332.289873][ T5970] usb 1-1: SerialNumber: syz
[  332.358984][ T8334] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  332.366871][ T8334] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  332.425674][ T8352] loop4: detected capacity change from 0 to 1024
[  332.632641][ T8334] loop2: detected capacity change from 0 to 7
[  332.653692][ T5970] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -71
[  332.672689][ T5970] usbtest 1-1:1.0: Linux user mode ISO test driver
[  332.681163][ T5970] usbtest 1-1:1.0: high-speed {control bulk-in bulk-out} tests (+alt)
[  332.797427][ T5970] usb 1-1: USB disconnect, device number 6
[  332.935295][ T8352] hfsplus: request for non-existent node 16777216 in B*Tree
[  333.044707][ T8360] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  333.294103][ T8352] hfsplus: request for non-existent node 16777216 in B*Tree
[  333.365717][ T8357] hfsplus: request for non-existent node 16777216 in B*Tree
[  333.507052][ T8357] hfsplus: request for non-existent node 16777216 in B*Tree
[  333.533644][ T8352] hfsplus: request for non-existent node 16777216 in B*Tree
[  333.557262][ T8352] hfsplus: request for non-existent node 16777216 in B*Tree
[  333.599339][ T8357] hfsplus: request for non-existent node 16777216 in B*Tree
[  333.654110][ T8357] hfsplus: request for non-existent node 16777216 in B*Tree
[  333.682192][ T8352] hfsplus: request for non-existent node 16777216 in B*Tree
[  333.734299][ T8352] hfsplus: request for non-existent node 16777216 in B*Tree
[  333.788933][ T8352] hfsplus: request for non-existent node 16777216 in B*Tree
[  333.827292][ T8352] hfsplus: request for non-existent node 16777216 in B*Tree
[  333.882141][ T8352] hfsplus: request for non-existent node 16777216 in B*Tree
[  333.945888][ T8352] hfsplus: request for non-existent node 16777216 in B*Tree
[  333.986522][ T8352] hfsplus: request for non-existent node 16777216 in B*Tree
[  334.037402][ T8352] hfsplus: request for non-existent node 16777216 in B*Tree
[  334.083094][ T8352] hfsplus: request for non-existent node 16777216 in B*Tree
[  334.121858][ T8352] hfsplus: request for non-existent node 16777216 in B*Tree
[  334.152032][ T8352] hfsplus: request for non-existent node 16777216 in B*Tree
[  334.190128][ T8352] hfsplus: request for non-existent node 16777216 in B*Tree
[  334.220513][ T8352] hfsplus: request for non-existent node 16777216 in B*Tree
[  334.231850][ T5836] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  334.258411][ T8352] hfsplus: request for non-existent node 16777216 in B*Tree
[  334.291953][ T8352] hfsplus: request for non-existent node 16777216 in B*Tree
[  334.341948][ T8352] hfsplus: request for non-existent node 16777216 in B*Tree
[  334.350485][ T8352] hfsplus: request for non-existent node 16777216 in B*Tree
[  334.369976][ T8352] hfsplus: request for non-existent node 16777216 in B*Tree
[  334.397910][ T8352] hfsplus: request for non-existent node 16777216 in B*Tree
[  334.412180][ T5836] usb 2-1: Using ep0 maxpacket: 8
[  334.418341][ T8352] hfsplus: request for non-existent node 16777216 in B*Tree
[  334.437976][ T5836] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  334.451932][ T8352] hfsplus: request for non-existent node 16777216 in B*Tree
[  334.460119][ T5836] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  334.480374][ T8352] hfsplus: request for non-existent node 16777216 in B*Tree
[  334.490131][ T5836] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  334.512657][ T8352] hfsplus: request for non-existent node 16777216 in B*Tree
[  334.525530][ T5836] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  334.555323][ T8352] hfsplus: request for non-existent node 16777216 in B*Tree
[  334.568742][ T5836] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  334.588480][ T8367] random: crng reseeded on system resumption
[  334.641338][ T8352] hfsplus: request for non-existent node 16777216 in B*Tree
[  334.679913][ T5836] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  334.711110][ T8352] hfsplus: request for non-existent node 16777216 in B*Tree
[  334.786395][ T5836] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  334.820261][   T30] audit: type=1800 audit(1751354164.204:9): pid=8352 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.602" name="file1" dev="loop4" ino=20 res=0 errno=0
[  335.372056][ T5836] usb 2-1: usb_control_msg returned -32
[  335.377703][ T5836] usbtmc 2-1:16.0: can't read capabilities
[  335.407404][   T61] hfsplus: request for non-existent node 16777216 in B*Tree
[  335.465632][   T61] hfsplus: request for non-existent node 16777216 in B*Tree
[  336.189554][ T8383] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized
[  337.005028][ T5836] usb 2-1: USB disconnect, device number 9
[  337.195702][ T8398] kvm: pic: non byte write
[  337.721951][ T5918] usb 1-1: new full-speed USB device number 7 using dummy_hcd
[  337.784880][ T8414] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  338.537160][ T5918] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  338.557344][ T5918] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  338.664540][ T5918] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  338.683719][ T5918] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  338.701732][ T5918] usb 1-1: SerialNumber: syz
[  338.756084][ T8429] random: crng reseeded on system resumption
[  338.914130][ T5918] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22
[  339.020241][ T5918] usb-storage 1-1:1.0: USB Mass Storage device detected
[  339.479607][ T5918] usb-storage 1-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  339.606521][ T5918] scsi host1: usb-storage 1-1:1.0
[  340.026167][ T8446] autofs: Unknown parameter 'fd0x0000000000000000'
[  340.117974][ T8450] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized
[  342.192642][ T5918] usb 1-1: USB disconnect, device number 7
[  342.472078][ T8469] kvm: pic: non byte write
[  342.542668][ T8472] kvm: pic: non byte write
[  342.891237][ T8482] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  343.612579][ T8486] random: crng reseeded on system resumption
[  344.625165][ T8500] autofs: Unknown parameter 'fd0x0000000000000000'
[  345.194155][ T8509] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized
[  345.334645][ T5970] usb 5-1: new full-speed USB device number 9 using dummy_hcd
[  345.481912][ T5970] usb 5-1: device descriptor read/64, error -71
[  345.935201][ T5970] usb 5-1: new full-speed USB device number 10 using dummy_hcd
[  346.162118][ T5970] usb 5-1: device descriptor read/64, error -71
[  346.362660][ T5970] usb usb5-port1: attempt power cycle
[  346.868017][ T5970] usb 5-1: new full-speed USB device number 11 using dummy_hcd
[  346.902588][ T5970] usb 5-1: device descriptor read/8, error -71
[  347.004729][ T8529] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  347.761900][ T5970] usb 5-1: new full-speed USB device number 12 using dummy_hcd
[  348.670954][ T5970] usb 5-1: device not accepting address 12, error -71
[  348.692132][ T5970] usb usb5-port1: unable to enumerate USB device
[  348.964837][ T8543] random: crng reseeded on system resumption
[  349.017262][ T8541] kvm: pic: non byte write
[  349.289986][ T8553] autofs: Unknown parameter 'fd0x0000000000000000'
[  349.593560][   T30] audit: type=1326 audit(1751354178.974:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8556 comm="syz.1.649" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe4de18e929 code=0x0
[  351.948429][ T8579] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  353.051997][   T24] usb 4-1: new full-speed USB device number 10 using dummy_hcd
[  354.287799][   T24] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  354.314433][   T24] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  354.390232][   T24] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  354.453737][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  354.477281][   T24] usb 4-1: SerialNumber: syz
[  354.835308][ T8599] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized
[  355.726593][ T8597] random: crng reseeded on system resumption
[  355.757876][   T24] usb 4-1: can't set config #1, error -71
[  356.464933][   T24] usb 4-1: USB disconnect, device number 10
[  357.171569][ T8627] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  360.735942][ T8651] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized
[  361.540248][ T8659] random: crng reseeded on system resumption
[  361.571946][ T5836] usb 4-1: new full-speed USB device number 11 using dummy_hcd
[  361.922467][ T8668] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  362.585786][ T5836] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  362.615813][ T5836] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  362.673479][ T5836] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  362.703964][ T5836] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  362.742720][ T5836] usb 4-1: SerialNumber: syz
[  362.764210][ T5836] usb 4-1: bad CDC descriptors
[  362.798948][ T5836] usb-storage 4-1:1.0: USB Mass Storage device detected
[  362.864604][ T5836] usb-storage 4-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  364.979924][ T5836] usb 4-1: USB disconnect, device number 11
[  365.182469][ T8673] loop1: detected capacity change from 0 to 40427
[  365.223872][ T8673] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  365.255463][ T8673] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  365.296667][ T8673] F2FS-fs (loop1): invalid crc value
[  365.541857][ T5836] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  365.668351][ T8707] loop4: detected capacity change from 0 to 1024
[  365.723434][ T5836] usb 1-1: Using ep0 maxpacket: 8
[  365.740138][ T5836] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  365.780711][ T5836] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 57300, setting to 1024
[  365.813911][ T8707] hfsplus: request for non-existent node 16777216 in B*Tree
[  365.824194][ T5836] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024
[  365.845999][ T8707] hfsplus: request for non-existent node 16777216 in B*Tree
[  365.872095][ T5836] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  365.941581][ T5836] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  365.960245][ T5836] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  366.003836][ T8707] hfsplus: request for non-existent node 16777216 in B*Tree
[  366.049940][ T5836] usb 1-1: Product: syz
[  366.060279][ T8707] hfsplus: request for non-existent node 16777216 in B*Tree
[  366.076997][ T8712] hfsplus: request for non-existent node 16777216 in B*Tree
[  366.086052][ T8712] hfsplus: request for non-existent node 16777216 in B*Tree
[  366.094074][ T8707] hfsplus: request for non-existent node 16777216 in B*Tree
[  366.103107][ T5836] usb 1-1: Manufacturer: syz
[  366.641853][ T5836] usb 1-1: SerialNumber: syz
[  366.650872][ T8700] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  366.658846][ T8700] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  366.698629][ T8707] hfsplus: request for non-existent node 16777216 in B*Tree
[  366.753146][ T8712] hfsplus: request for non-existent node 16777216 in B*Tree
[  366.760512][ T8712] hfsplus: request for non-existent node 16777216 in B*Tree
[  366.832283][ T8707] hfsplus: request for non-existent node 16777216 in B*Tree
[  366.879411][ T8697] loop2: detected capacity change from 0 to 7
[  366.890468][ T5836] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -71
[  366.900696][ T5836] usbtest 1-1:1.0: Linux user mode ISO test driver
[  366.910389][ T5836] usbtest 1-1:1.0: high-speed {control bulk-in bulk-out} tests (+alt)
[  366.981917][ T8707] hfsplus: request for non-existent node 16777216 in B*Tree
[  366.999919][ T8707] hfsplus: request for non-existent node 16777216 in B*Tree
[  367.085746][ T5836] usb 1-1: USB disconnect, device number 8
[  367.138819][ T8720] netlink: 'syz.2.689': attribute type 1 has an invalid length.
[  367.158324][ T8707] hfsplus: request for non-existent node 16777216 in B*Tree
[  367.186159][ T8707] hfsplus: request for non-existent node 16777216 in B*Tree
[  367.202573][ T8707] hfsplus: request for non-existent node 16777216 in B*Tree
[  367.202651][ T8707] hfsplus: request for non-existent node 16777216 in B*Tree
[  367.202665][ T8707] hfsplus: request for non-existent node 16777216 in B*Tree
[  367.202791][ T8707] hfsplus: request for non-existent node 16777216 in B*Tree
[  367.202800][ T8707] hfsplus: request for non-existent node 16777216 in B*Tree
[  367.202854][ T8707] hfsplus: request for non-existent node 16777216 in B*Tree
[  367.202863][ T8707] hfsplus: request for non-existent node 16777216 in B*Tree
[  367.202899][ T8707] hfsplus: request for non-existent node 16777216 in B*Tree
[  367.202908][ T8707] hfsplus: request for non-existent node 16777216 in B*Tree
[  367.202944][ T8707] hfsplus: request for non-existent node 16777216 in B*Tree
[  367.202953][ T8707] hfsplus: request for non-existent node 16777216 in B*Tree
[  367.203050][ T8707] hfsplus: request for non-existent node 16777216 in B*Tree
[  367.203060][ T8707] hfsplus: request for non-existent node 16777216 in B*Tree
[  367.203096][ T8707] hfsplus: request for non-existent node 16777216 in B*Tree
[  367.203105][ T8707] hfsplus: request for non-existent node 16777216 in B*Tree
[  367.203140][ T8707] hfsplus: request for non-existent node 16777216 in B*Tree
[  367.203149][ T8707] hfsplus: request for non-existent node 16777216 in B*Tree
[  367.203185][ T8707] hfsplus: request for non-existent node 16777216 in B*Tree
[  367.203193][ T8707] hfsplus: request for non-existent node 16777216 in B*Tree
[  367.203511][ T8707] hfsplus: request for non-existent node 16777216 in B*Tree
[  367.203520][ T8707] hfsplus: request for non-existent node 16777216 in B*Tree
[  367.203558][ T8707] hfsplus: request for non-existent node 16777216 in B*Tree
[  367.203567][ T8707] hfsplus: request for non-existent node 16777216 in B*Tree
[  367.203616][ T8707] hfsplus: request for non-existent node 16777216 in B*Tree
[  367.203629][ T8707] hfsplus: request for non-existent node 16777216 in B*Tree
[  367.203992][   T30] audit: type=1800 audit(1751354196.594:11): pid=8707 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.687" name="file1" dev="loop4" ino=20 res=0 errno=0
[  367.457347][ T8708] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized
[  367.552934][ T1097] hfsplus: request for non-existent node 16777216 in B*Tree
[  367.568981][ T1097] hfsplus: request for non-existent node 16777216 in B*Tree
[  369.716852][ T8736] random: crng reseeded on system resumption
[  370.752009][ T5918] usb 4-1: new full-speed USB device number 12 using dummy_hcd
[  370.948448][ T5918] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  370.967971][ T5918] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  371.014691][ T5918] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  371.040166][ T5918] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  371.079348][ T5918] usb 4-1: SerialNumber: syz
[  371.168142][ T5918] usb 4-1: bad CDC descriptors
[  371.174251][ T5918] usb-storage 4-1:1.0: USB Mass Storage device detected
[  371.214129][ T5918] usb-storage 4-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  372.600004][ T8776] loop2: detected capacity change from 0 to 1024
[  373.593996][ T5970] usb 4-1: USB disconnect, device number 12
[  373.630747][ T8776] hfsplus: request for non-existent node 16777216 in B*Tree
[  373.706622][ T8787] loop3: detected capacity change from 0 to 512
[  373.720756][ T8776] hfsplus: request for non-existent node 16777216 in B*Tree
[  373.739853][ T8776] hfsplus: request for non-existent node 16777216 in B*Tree
[  373.749912][ T8776] hfsplus: request for non-existent node 16777216 in B*Tree
[  373.768189][ T8787] EXT4-fs error (device loop3): ext4_orphan_get:1393: inode #15: comm syz.3.705: casefold flag without casefold feature
[  373.791312][ T8783] hfsplus: request for non-existent node 16777216 in B*Tree
[  373.800880][ T8783] hfsplus: request for non-existent node 16777216 in B*Tree
[  373.808917][ T8783] hfsplus: request for non-existent node 16777216 in B*Tree
[  373.817284][ T8783] hfsplus: request for non-existent node 16777216 in B*Tree
[  373.844698][ T8776] hfsplus: request for non-existent node 16777216 in B*Tree
[  373.862237][ T8787] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.705: couldn't read orphan inode 15 (err -117)
[  373.886775][ T8791] netlink: 'syz.4.703': attribute type 1 has an invalid length.
[  373.908474][ T8776] hfsplus: request for non-existent node 16777216 in B*Tree
[  373.921160][ T8787] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  374.329499][ T8776] hfsplus: request for non-existent node 16777216 in B*Tree
[  374.633279][ T8776] hfsplus: request for non-existent node 16777216 in B*Tree
[  374.742108][ T8776] hfsplus: request for non-existent node 16777216 in B*Tree
[  374.749464][ T8776] hfsplus: request for non-existent node 16777216 in B*Tree
[  374.827233][ T8776] hfsplus: request for non-existent node 16777216 in B*Tree
[  374.849824][ T8776] hfsplus: request for non-existent node 16777216 in B*Tree
[  374.871895][ T8776] hfsplus: request for non-existent node 16777216 in B*Tree
[  374.879390][ T8776] hfsplus: request for non-existent node 16777216 in B*Tree
[  374.899446][ T8776] hfsplus: request for non-existent node 16777216 in B*Tree
[  374.906916][ T8776] hfsplus: request for non-existent node 16777216 in B*Tree
[  374.914339][ T8776] hfsplus: request for non-existent node 16777216 in B*Tree
[  374.921679][ T8776] hfsplus: request for non-existent node 16777216 in B*Tree
[  374.929142][ T8776] hfsplus: request for non-existent node 16777216 in B*Tree
[  374.936771][ T8776] hfsplus: request for non-existent node 16777216 in B*Tree
[  375.664357][ T8776] hfsplus: request for non-existent node 16777216 in B*Tree
[  375.684340][ T8776] hfsplus: request for non-existent node 16777216 in B*Tree
[  375.707649][ T8802] random: crng reseeded on system resumption
[  375.918611][ T8776] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.047786][ T8776] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.049246][ T8776] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.049302][ T8776] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.050414][ T8776] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.050471][ T8776] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.051575][ T8776] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.051629][ T8776] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.080755][ T8776] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.080821][ T8776] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.082322][ T8776] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.082378][ T8776] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.083619][ T8776] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.083680][ T8776] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.161361][   T30] audit: type=1800 audit(1751354205.544:12): pid=8776 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.701" name="file1" dev="loop2" ino=20 res=0 errno=0
[  376.473260][ T1162] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.473302][ T1162] hfsplus: request for non-existent node 16777216 in B*Tree
[  377.426575][ T5832] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  378.816547][ T1303] ieee802154 phy0 wpan0: encryption failed: -22
[  378.824219][ T1303] ieee802154 phy1 wpan1: encryption failed: -22
[  379.500751][ T8843] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  379.956872][ T8855] loop1: detected capacity change from 0 to 1024
[  379.972287][ T8856] kvm: pic: non byte write
[  380.040311][ T8855] hfsplus: request for non-existent node 16777216 in B*Tree
[  380.062250][ T8855] hfsplus: request for non-existent node 16777216 in B*Tree
[  380.076784][ T8855] hfsplus: request for non-existent node 16777216 in B*Tree
[  380.101917][ T8855] hfsplus: request for non-existent node 16777216 in B*Tree
[  380.126996][ T8855] hfsplus: request for non-existent node 16777216 in B*Tree
[  380.197760][ T8855] hfsplus: request for non-existent node 16777216 in B*Tree
[  380.303695][ T8855] hfsplus: request for non-existent node 16777216 in B*Tree
[  380.327228][ T8855] hfsplus: request for non-existent node 16777216 in B*Tree
[  380.346160][ T8858] hfsplus: request for non-existent node 16777216 in B*Tree
[  380.384405][ T8858] hfsplus: request for non-existent node 16777216 in B*Tree
[  380.406959][ T8855] hfsplus: request for non-existent node 16777216 in B*Tree
[  381.198929][ T8864] kvm: pic: non byte write
[  381.231864][ T8855] hfsplus: request for non-existent node 16777216 in B*Tree
[  381.261846][ T8858] hfsplus: request for non-existent node 16777216 in B*Tree
[  381.269312][ T8858] hfsplus: request for non-existent node 16777216 in B*Tree
[  381.285065][ T8855] hfsplus: request for non-existent node 16777216 in B*Tree
[  381.302197][ T8855] hfsplus: request for non-existent node 16777216 in B*Tree
[  381.309618][ T8855] hfsplus: request for non-existent node 16777216 in B*Tree
[  381.343155][ T8855] hfsplus: request for non-existent node 16777216 in B*Tree
[  381.350856][ T8855] hfsplus: request for non-existent node 16777216 in B*Tree
[  381.379269][ T8855] hfsplus: request for non-existent node 16777216 in B*Tree
[  381.390783][ T8851] loop0: detected capacity change from 0 to 32768
[  381.396658][ T8855] hfsplus: request for non-existent node 16777216 in B*Tree
[  381.416813][ T8851] XFS (loop0): invalid log iosize: -1 [not 12-30]
[  381.482399][ T8855] hfsplus: request for non-existent node 16777216 in B*Tree
[  381.502602][ T8870] random: crng reseeded on system resumption
[  381.601940][ T8855] hfsplus: request for non-existent node 16777216 in B*Tree
[  381.609388][ T8855] hfsplus: request for non-existent node 16777216 in B*Tree
[  381.676671][ T8855] hfsplus: request for non-existent node 16777216 in B*Tree
[  381.753519][ T8855] hfsplus: request for non-existent node 16777216 in B*Tree
[  381.823465][ T8881] netlink: 'syz.4.724': attribute type 2 has an invalid length.
[  381.832004][ T8881] netlink: 8 bytes leftover after parsing attributes in process `syz.4.724'.
[  382.463748][ T8855] hfsplus: request for non-existent node 16777216 in B*Tree
[  383.972579][ T8855] hfsplus: request for non-existent node 16777216 in B*Tree
[  384.481523][ T8855] hfsplus: request for non-existent node 16777216 in B*Tree
[  384.493304][ T8855] hfsplus: request for non-existent node 16777216 in B*Tree
[  384.506887][ T8855] hfsplus: request for non-existent node 16777216 in B*Tree
[  384.531972][ T8855] hfsplus: request for non-existent node 16777216 in B*Tree
[  384.581890][ T8855] hfsplus: request for non-existent node 16777216 in B*Tree
[  384.589248][ T8855] hfsplus: request for non-existent node 16777216 in B*Tree
[  384.696466][ T8855] hfsplus: request for non-existent node 16777216 in B*Tree
[  384.751822][ T8855] hfsplus: request for non-existent node 16777216 in B*Tree
[  384.759219][ T8855] hfsplus: request for non-existent node 16777216 in B*Tree
[  384.840712][ T8855] hfsplus: request for non-existent node 16777216 in B*Tree
[  384.894796][ T8855] hfsplus: request for non-existent node 16777216 in B*Tree
[  384.933409][ T8855] hfsplus: request for non-existent node 16777216 in B*Tree
[  384.961538][   T30] audit: type=1800 audit(1751354214.344:13): pid=8855 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.719" name="file1" dev="loop1" ino=20 res=0 errno=0
[  385.036893][ T1111] hfsplus: request for non-existent node 16777216 in B*Tree
[  385.067783][ T1111] hfsplus: request for non-existent node 16777216 in B*Tree
[  385.931275][ T8916] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  386.755917][ T8922] kvm: pic: non byte write
[  386.897160][ T8925] kvm: pic: non byte write
[  386.902004][ T5970] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  387.078877][ T5970] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  387.501314][ T5970] usb 1-1: config 0 has no interface number 0
[  387.553493][ T5970] usb 1-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  387.569085][ T5970] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  387.593634][ T5970] usb 1-1: Product: syz
[  387.598053][ T5970] usb 1-1: Manufacturer: syz
[  387.614867][ T5970] usb 1-1: SerialNumber: syz
[  387.658524][ T5970] usb 1-1: config 0 descriptor??
[  387.683222][ T8933] netlink: 'syz.3.736': attribute type 2 has an invalid length.
[  387.690932][ T8933] netlink: 8 bytes leftover after parsing attributes in process `syz.3.736'.
[  387.817429][ T8937] random: crng reseeded on system resumption
[  387.911041][ T5970] usb 1-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  387.928098][ T5970] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  388.016645][ T8940] loop1: detected capacity change from 0 to 1024
[  388.033775][ T5970] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  388.043512][ T5970] usb 1-1: media controller created
[  388.149891][ T8940] hfsplus: request for non-existent node 16777216 in B*Tree
[  388.208521][ T8940] hfsplus: request for non-existent node 16777216 in B*Tree
[  388.221085][ T8940] hfsplus: request for non-existent node 16777216 in B*Tree
[  388.235820][ T8940] hfsplus: request for non-existent node 16777216 in B*Tree
[  388.255583][ T5970] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  388.265701][ T8951] hfsplus: request for non-existent node 16777216 in B*Tree
[  388.292242][ T8951] hfsplus: request for non-existent node 16777216 in B*Tree
[  388.309992][ T8940] hfsplus: request for non-existent node 16777216 in B*Tree
[  388.330786][ T8940] hfsplus: request for non-existent node 16777216 in B*Tree
[  388.365139][ T8951] hfsplus: request for non-existent node 16777216 in B*Tree
[  388.387650][ T8951] hfsplus: request for non-existent node 16777216 in B*Tree
[  388.405409][ T8940] hfsplus: request for non-existent node 16777216 in B*Tree
[  388.418021][ T8940] hfsplus: request for non-existent node 16777216 in B*Tree
[  388.429179][ T8940] hfsplus: request for non-existent node 16777216 in B*Tree
[  388.438733][ T8940] hfsplus: request for non-existent node 16777216 in B*Tree
[  388.450606][ T8940] hfsplus: request for non-existent node 16777216 in B*Tree
[  388.459756][ T8940] hfsplus: request for non-existent node 16777216 in B*Tree
[  388.468193][ T8940] hfsplus: request for non-existent node 16777216 in B*Tree
[  388.478778][ T8940] hfsplus: request for non-existent node 16777216 in B*Tree
[  388.490304][ T8940] hfsplus: request for non-existent node 16777216 in B*Tree
[  388.498795][ T8940] hfsplus: request for non-existent node 16777216 in B*Tree
[  388.506793][ T8940] hfsplus: request for non-existent node 16777216 in B*Tree
[  388.516160][ T8940] hfsplus: request for non-existent node 16777216 in B*Tree
[  388.590793][ T8940] hfsplus: request for non-existent node 16777216 in B*Tree
[  388.641306][ T8940] hfsplus: request for non-existent node 16777216 in B*Tree
[  388.676672][ T8940] hfsplus: request for non-existent node 16777216 in B*Tree
[  388.711657][ T8940] hfsplus: request for non-existent node 16777216 in B*Tree
[  388.730776][ T8940] hfsplus: request for non-existent node 16777216 in B*Tree
[  388.745195][ T8940] hfsplus: request for non-existent node 16777216 in B*Tree
[  388.758636][ T8940] hfsplus: request for non-existent node 16777216 in B*Tree
[  388.791827][ T8940] hfsplus: request for non-existent node 16777216 in B*Tree
[  388.811132][ T8940] hfsplus: request for non-existent node 16777216 in B*Tree
[  388.838458][ T8940] hfsplus: request for non-existent node 16777216 in B*Tree
[  388.858689][ T8940] hfsplus: request for non-existent node 16777216 in B*Tree
[  388.870013][ T8940] hfsplus: request for non-existent node 16777216 in B*Tree
[  388.879398][ T8940] hfsplus: request for non-existent node 16777216 in B*Tree
[  388.890725][ T8940] hfsplus: request for non-existent node 16777216 in B*Tree
[  388.905416][ T8940] hfsplus: request for non-existent node 16777216 in B*Tree
[  388.913652][ T8940] hfsplus: request for non-existent node 16777216 in B*Tree
[  388.921177][ T8940] hfsplus: request for non-existent node 16777216 in B*Tree
[  388.943593][ T8940] hfsplus: request for non-existent node 16777216 in B*Tree
[  388.951693][   T30] audit: type=1800 audit(1751354218.334:14): pid=8940 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.738" name="file1" dev="loop1" ino=20 res=0 errno=0
[  389.020151][ T3453] hfsplus: request for non-existent node 16777216 in B*Tree
[  389.028185][ T3453] hfsplus: request for non-existent node 16777216 in B*Tree
[  389.659854][ T5970] i2c i2c-1: ec100: i2c rd failed=-110 reg=33
[  389.854776][ T5932] usb 1-1: USB disconnect, device number 9
[  390.147154][ T8980] loop4: detected capacity change from 0 to 40427
[  390.170107][ T8980] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  390.182053][ T8980] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  390.213868][ T8980] F2FS-fs (loop4): invalid crc value
[  390.456809][ T8980] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  390.464112][ T8980] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  391.482063][   T30] audit: type=1800 audit(1751354220.854:15): pid=9005 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.745" name="file1" dev="loop4" ino=10 res=0 errno=0
[  391.800230][ T5499] veth0_macvtap: left promiscuous mode
[  391.999893][ T9011] netlink: 'syz.1.749': attribute type 2 has an invalid length.
[  392.007717][ T9011] netlink: 8 bytes leftover after parsing attributes in process `syz.1.749'.
[  393.004634][ T9023] kvm: pic: non byte write
[  393.350818][ T9032] random: crng reseeded on system resumption
[  393.778777][ T9045] loop1: detected capacity change from 0 to 1024
[  393.873359][ T9045] hfsplus: request for non-existent node 16777216 in B*Tree
[  393.909209][ T9045] hfsplus: request for non-existent node 16777216 in B*Tree
[  393.945243][ T9045] hfsplus: request for non-existent node 16777216 in B*Tree
[  393.971388][ T9045] hfsplus: request for non-existent node 16777216 in B*Tree
[  393.999884][ T9051] hfsplus: request for non-existent node 16777216 in B*Tree
[  394.021550][ T9051] hfsplus: request for non-existent node 16777216 in B*Tree
[  394.048727][ T9045] hfsplus: request for non-existent node 16777216 in B*Tree
[  394.075861][ T9045] hfsplus: request for non-existent node 16777216 in B*Tree
[  394.112189][ T9045] hfsplus: request for non-existent node 16777216 in B*Tree
[  394.128611][ T9045] hfsplus: request for non-existent node 16777216 in B*Tree
[  394.167938][ T9051] hfsplus: request for non-existent node 16777216 in B*Tree
[  394.201841][ T9051] hfsplus: request for non-existent node 16777216 in B*Tree
[  394.215358][ T9045] hfsplus: request for non-existent node 16777216 in B*Tree
[  394.254789][ T9045] hfsplus: request for non-existent node 16777216 in B*Tree
[  394.277135][ T9045] hfsplus: request for non-existent node 16777216 in B*Tree
[  394.304608][ T9045] hfsplus: request for non-existent node 16777216 in B*Tree
[  394.347777][ T9045] hfsplus: request for non-existent node 16777216 in B*Tree
[  394.461847][ T9045] hfsplus: request for non-existent node 16777216 in B*Tree
[  394.463099][ T9060] fuse: Bad value for 'fd'
[  394.469375][ T9045] hfsplus: request for non-existent node 16777216 in B*Tree
[  394.539714][ T3453] kworker/u8:9: attempt to access beyond end of device
[  394.539714][ T3453] loop4: rw=1, sector=77824, nr_sectors = 2056 limit=40427
[  394.572247][ T9045] hfsplus: request for non-existent node 16777216 in B*Tree
[  394.579670][ T9045] hfsplus: request for non-existent node 16777216 in B*Tree
[  394.642617][ T3453] kworker/u8:9: attempt to access beyond end of device
[  394.642617][ T3453] loop4: rw=1, sector=79880, nr_sectors = 496 limit=40427
[  394.656757][ T9045] hfsplus: request for non-existent node 16777216 in B*Tree
[  394.691922][ T9045] hfsplus: request for non-existent node 16777216 in B*Tree
[  394.722031][ T9045] hfsplus: request for non-existent node 16777216 in B*Tree
[  394.761902][ T9045] hfsplus: request for non-existent node 16777216 in B*Tree
[  394.792032][ T9045] hfsplus: request for non-existent node 16777216 in B*Tree
[  394.823154][ T9070] netlink: 'syz.3.761': attribute type 2 has an invalid length.
[  394.830888][ T9070] netlink: 8 bytes leftover after parsing attributes in process `syz.3.761'.
[  394.867813][ T9045] hfsplus: request for non-existent node 16777216 in B*Tree
[  394.899320][ T9045] hfsplus: request for non-existent node 16777216 in B*Tree
[  394.981866][ T9045] hfsplus: request for non-existent node 16777216 in B*Tree
[  394.989666][ T9045] hfsplus: request for non-existent node 16777216 in B*Tree
[  395.102672][ T9045] hfsplus: request for non-existent node 16777216 in B*Tree
[  395.136210][ T9045] hfsplus: request for non-existent node 16777216 in B*Tree
[  395.227782][ T9045] hfsplus: request for non-existent node 16777216 in B*Tree
[  395.482622][ T9045] hfsplus: request for non-existent node 16777216 in B*Tree
[  395.563426][ T9045] hfsplus: request for non-existent node 16777216 in B*Tree
[  395.673530][ T9045] hfsplus: request for non-existent node 16777216 in B*Tree
[  395.759128][ T9045] hfsplus: request for non-existent node 16777216 in B*Tree
[  395.912493][ T9045] hfsplus: request for non-existent node 16777216 in B*Tree
[  396.221983][ T9045] hfsplus: request for non-existent node 16777216 in B*Tree
[  396.229380][ T9045] hfsplus: request for non-existent node 16777216 in B*Tree
[  396.300200][   T30] audit: type=1800 audit(1751354225.674:16): pid=9045 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.754" name="file1" dev="loop1" ino=20 res=0 errno=0
[  396.355609][   T36] hfsplus: request for non-existent node 16777216 in B*Tree
[  396.391339][   T36] hfsplus: request for non-existent node 16777216 in B*Tree
[  396.763283][ T9099] random: crng reseeded on system resumption
[  398.131917][ T9120] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  398.936662][ T9126] loop0: detected capacity change from 0 to 40427
[  398.961935][ T9126] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  398.969734][ T9126] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  398.980949][ T9126] F2FS-fs (loop0): invalid crc value
[  399.060786][ T9126] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  399.068282][ T9126] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  399.423170][   T30] audit: type=1800 audit(1751354228.814:17): pid=9134 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.771" name="file1" dev="loop0" ino=10 res=0 errno=0
[  400.300012][ T9141] kvm: pic: non byte write
[  401.660415][ T9154] loop3: detected capacity change from 0 to 1024
[  401.709342][ T9154] hfsplus: request for non-existent node 16777216 in B*Tree
[  401.738809][ T9154] hfsplus: request for non-existent node 16777216 in B*Tree
[  401.858137][ T9154] hfsplus: request for non-existent node 16777216 in B*Tree
[  402.081474][ T9154] hfsplus: request for non-existent node 16777216 in B*Tree
[  402.116028][ T9154] hfsplus: request for non-existent node 16777216 in B*Tree
[  402.381386][ T9154] hfsplus: request for non-existent node 16777216 in B*Tree
[  402.426082][ T9154] hfsplus: request for non-existent node 16777216 in B*Tree
[  402.482732][ T9154] hfsplus: request for non-existent node 16777216 in B*Tree
[  402.497100][ T9154] hfsplus: request for non-existent node 16777216 in B*Tree
[  402.505077][ T9154] hfsplus: request for non-existent node 16777216 in B*Tree
[  402.535627][ T9154] hfsplus: request for non-existent node 16777216 in B*Tree
[  402.545977][ T9154] hfsplus: request for non-existent node 16777216 in B*Tree
[  402.556282][ T9154] hfsplus: request for non-existent node 16777216 in B*Tree
[  402.596621][ T9154] hfsplus: request for non-existent node 16777216 in B*Tree
[  402.648713][ T9165] kvm: pic: non byte write
[  402.664184][ T9154] hfsplus: request for non-existent node 16777216 in B*Tree
[  402.671541][ T9154] hfsplus: request for non-existent node 16777216 in B*Tree
[  402.719928][ T9154] hfsplus: request for non-existent node 16777216 in B*Tree
[  402.723875][ T9153] ------------[ cut here ]------------
[  402.733393][ T9153] WARNING: fs/hfsplus/extents.c:346 at hfsplus_free_extents+0x703/0xae0, CPU#1: syz.3.775/9153
[  402.743890][ T9153] Modules linked in:
[  402.748127][ T9153] CPU: 1 UID: 0 PID: 9153 Comm: syz.3.775 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  402.759632][ T9153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  402.760490][ T9154] hfsplus: request for non-existent node 16777216 in B*Tree
[  402.769816][ T9153] RIP: 0010:hfsplus_free_extents+0x703/0xae0
[  402.769859][ T9153] Code: 1b 0f cb 89 ef 89 de e8 0b c4 28 ff 39 dd 75 22 49 83 c7 28 e8 3e c2 28 ff 41 bc 05 00 00 00 e9 e1 f9 ff ff e8 2e c2 28 ff 90 <0f> 0b 90 e9 82 f9 ff ff 89 ef 89 de e8 dc c3 28 ff 29 dd 73 0a e8
[  402.769880][ T9153] RSP: 0018:ffffc9000ba2fb10 EFLAGS: 00010293
[  402.769903][ T9153] RAX: ffffffff82970962 RBX: ffff888026ebe020 RCX: ffff888026e2da00
[  402.769920][ T9153] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888033f92048
[  402.769936][ T9153] RBP: 0000000000000005 R08: ffff888033f9204f R09: 1ffff110067f2409
[  402.769952][ T9153] R10: dffffc0000000000 R11: ffffed10067f240a R12: ffff888033f90000
[  402.769968][ T9153] R13: ffff88807bb2d970 R14: 0000000000000005 R15: ffff88807bb2d7d8
[  402.769984][ T9153] FS:  0000555573dd2500(0000) GS:ffff888125d1d000(0000) knlGS:0000000000000000
[  402.770002][ T9153] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  402.818162][ T9154] hfsplus: request for non-existent node 16777216 in B*Tree
[  402.826811][ T9153] CR2: 00007fd4cbffe128 CR3: 00000000797b8000 CR4: 00000000003526f0
[  402.826845][ T9153] Call Trace:
[  402.826855][ T9153]  <TASK>
[  402.826868][ T9153]  ? hfsplus_find_init+0x15a/0x1d0
[  402.826911][ T9153]  hfsplus_file_truncate+0x736/0xb40
[  402.826965][ T9153]  ? __pfx_hfsplus_file_truncate+0x10/0x10
[  402.827010][ T9153]  ? down_write+0x162/0x1f0
[  402.827034][ T9153]  ? __pfx_down_write+0x10/0x10
[  402.827058][ T9153]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  402.827089][ T9153]  hfsplus_file_release+0xea/0x3e0
[  402.827113][ T9153]  ? __fput+0x43d/0xa70
[  402.827139][ T9153]  ? __pfx_hfsplus_file_release+0x10/0x10
[  402.827165][ T9153]  __fput+0x449/0xa70
[  402.827205][ T9153]  task_work_run+0x1d1/0x260
[  402.827234][ T9153]  ? __pfx_task_work_run+0x10/0x10
[  402.827264][ T9153]  ? exit_to_user_mode_loop+0x40/0x110
[  402.827298][ T9153]  exit_to_user_mode_loop+0xec/0x110
[  402.827326][ T9153]  do_syscall_64+0x2bd/0x3b0
[  402.827347][ T9153]  ? lockdep_hardirqs_on+0x9c/0x150
[  402.827380][ T9153]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  402.827403][ T9153]  ? clear_bhb_loop+0x60/0xb0
[  402.827431][ T9153]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  402.827453][ T9153] RIP: 0033:0x7f4cc7b8e929
[  402.827475][ T9153] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  402.827494][ T9153] RSP: 002b:00007ffd18e75578 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  402.876096][ T9154] hfsplus: request for non-existent node 16777216 in B*Tree
[  402.883988][ T9153] RAX: 0000000000000000 RBX: 00007f4cc7db7ba0 RCX: 00007f4cc7b8e929
[  402.884014][ T9153] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  402.884029][ T9153] RBP: 00007f4cc7db7ba0 R08: 0000000000002208 R09: 0000000718e7586f
[  402.884046][ T9153] R10: 00007f4cc7db7ac0 R11: 0000000000000246 R12: 0000000000062429
[  402.884061][ T9153] R13: 00007f4cc7db6080 R14: ffffffffffffffff R15: 00007ffd18e75690
[  402.884099][ T9153]  </TASK>
[  402.884111][ T9153] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  402.884129][ T9153] CPU: 1 UID: 0 PID: 9153 Comm: syz.3.775 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  402.884154][ T9153] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  402.884171][ T9153] Call Trace:
[  402.884182][ T9153]  <TASK>
[  402.884193][ T9153]  dump_stack_lvl+0x99/0x250
[  402.884238][ T9153]  ? __asan_memcpy+0x40/0x70
[  402.884272][ T9153]  ? __pfx_dump_stack_lvl+0x10/0x10
[  402.884309][ T9153]  ? __pfx__printk+0x10/0x10
[  402.884354][ T9153]  panic+0x2db/0x790
[  402.884396][ T9153]  ? __pfx_panic+0x10/0x10
[  402.884456][ T9153]  __warn+0x334/0x4c0
[  402.884488][ T9153]  ? hfsplus_free_extents+0x703/0xae0
[  402.884522][ T9153]  ? hfsplus_free_extents+0x703/0xae0
[  402.884550][ T9153]  report_bug+0x2be/0x4f0
[  402.884585][ T9153]  ? hfsplus_free_extents+0x703/0xae0
[  402.884614][ T9153]  ? hfsplus_free_extents+0x703/0xae0
[  402.884642][ T9153]  ? hfsplus_free_extents+0x705/0xae0
[  402.884670][ T9153]  handle_bug+0x84/0x160
[  402.884696][ T9153]  exc_invalid_op+0x1a/0x50
[  402.884722][ T9153]  asm_exc_invalid_op+0x1a/0x20
[  402.884747][ T9153] RIP: 0010:hfsplus_free_extents+0x703/0xae0
[  402.884776][ T9153] Code: 1b 0f cb 89 ef 89 de e8 0b c4 28 ff 39 dd 75 22 49 83 c7 28 e8 3e c2 28 ff 41 bc 05 00 00 00 e9 e1 f9 ff ff e8 2e c2 28 ff 90 <0f> 0b 90 e9 82 f9 ff ff 89 ef 89 de e8 dc c3 28 ff 29 dd 73 0a e8
[  402.884797][ T9153] RSP: 0018:ffffc9000ba2fb10 EFLAGS: 00010293
[  402.884822][ T9153] RAX: ffffffff82970962 RBX: ffff888026ebe020 RCX: ffff888026e2da00
[  402.884841][ T9153] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888033f92048
[  402.884857][ T9153] RBP: 0000000000000005 R08: ffff888033f9204f R09: 1ffff110067f2409
[  402.884875][ T9153] R10: dffffc0000000000 R11: ffffed10067f240a R12: ffff888033f90000
[  402.884894][ T9153] R13: ffff88807bb2d970 R14: 0000000000000005 R15: ffff88807bb2d7d8
[  402.884921][ T9153]  ? hfsplus_free_extents+0x702/0xae0
[  402.884970][ T9153]  ? hfsplus_find_init+0x15a/0x1d0
[  402.885008][ T9153]  hfsplus_file_truncate+0x736/0xb40
[  402.885057][ T9153]  ? __pfx_hfsplus_file_truncate+0x10/0x10
[  402.885101][ T9153]  ? down_write+0x162/0x1f0
[  402.885127][ T9153]  ? __pfx_down_write+0x10/0x10
[  402.885152][ T9153]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  402.885184][ T9153]  hfsplus_file_release+0xea/0x3e0
[  402.885211][ T9153]  ? __fput+0x43d/0xa70
[  402.885238][ T9153]  ? __pfx_hfsplus_file_release+0x10/0x10
[  402.885267][ T9153]  __fput+0x449/0xa70
[  402.885309][ T9153]  task_work_run+0x1d1/0x260
[  402.885340][ T9153]  ? __pfx_task_work_run+0x10/0x10
[  402.885374][ T9153]  ? exit_to_user_mode_loop+0x40/0x110
[  402.885408][ T9153]  exit_to_user_mode_loop+0xec/0x110
[  402.885439][ T9153]  do_syscall_64+0x2bd/0x3b0
[  402.885461][ T9153]  ? lockdep_hardirqs_on+0x9c/0x150
[  402.885496][ T9153]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  402.885521][ T9153]  ? clear_bhb_loop+0x60/0xb0
[  402.885550][ T9153]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  402.885573][ T9153] RIP: 0033:0x7f4cc7b8e929
[  402.885596][ T9153] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  402.885618][ T9153] RSP: 002b:00007ffd18e75578 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  402.885644][ T9153] RAX: 0000000000000000 RBX: 00007f4cc7db7ba0 RCX: 00007f4cc7b8e929
[  402.885661][ T9153] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  402.885677][ T9153] RBP: 00007f4cc7db7ba0 R08: 0000000000002208 R09: 0000000718e7586f
[  402.885692][ T9153] R10: 00007f4cc7db7ac0 R11: 0000000000000246 R12: 0000000000062429
[  402.885704][ T9153] R13: 00007f4cc7db6080 R14: ffffffffffffffff R15: 00007ffd18e75690
[  402.885733][ T9153]  </TASK>
[  402.887797][ T9153] Kernel Offset: disabled