last executing test programs:

25.966505056s ago: executing program 0 (id=644):
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x68c81, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
ioctl$VIDIOC_QUERYCTRL(0xffffffffffffffff, 0xc0445624, &(0x7f0000000280)={0x7, 0x100, "77c638b05041a0115f44304807e55536b7fc5ae52727d800", 0x1ff, 0x5, 0x79, 0xdf4})
r4 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r4, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
ioctl$KVM_PRE_FAULT_MEMORY(r2, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x118000})

24.496241343s ago: executing program 0 (id=645):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="30000000190001000000000000000000021800000000ff000000000008000100ac141400"], 0x30}}, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={0xffffffffffffffff, 0x58, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r4=>0x0}}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="6c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0028000002010a004c0012800900010069706970000000003c00028005000400eb000000060011004e24000008001400ffffffff080002000a01010108000100", @ANYRES32=0x0, @ANYBLOB="05000a0001000000080001", @ANYRES32=r4, @ANYBLOB="48288fb4bdb539ce04ffd732bd98ddd62ea1c24a467ea9a5baaa64f314eb750451faa1259a7eeb717b6e8b2d248fa5c8064c1d1314ec1d63711ae176c645d73e35b9313f8d64c8f6245d16cd4aeb95c8318a14743b521286ccfdf101f4f24e8aff09ae180b56526661a63557a85c8d97"], 0x6c}}, 0x0)
readv(r1, &(0x7f0000000240)=[{&(0x7f0000000040)=""/71, 0x47}], 0x1)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000082505a3a440000102030109023b000101000000090400000302060000052406000005240000000d240f0100000000000000000009058202400000000009050302"], 0x0)
r5 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r6 = socket(0x40000000015, 0x5, 0x0)
r7 = syz_open_dev$usbfs(&(0x7f0000000200), 0xec, 0x412000)
ioctl$USBDEVFS_SUBMITURB(r7, 0x8038550a, &(0x7f00000005c0)=@urb_type_control={0x2, {0xa}, 0xd9, 0x2, &(0x7f0000000500)={0x3, 0x17, 0x3, 0x2, 0x4}, 0x8, 0x3, 0x43, 0x0, 0x4dc, 0x6, &(0x7f0000000540)="4a9427d4704ee76029661ff4947a961c8cfa1172f5ce36b4ce0d6c5e6758f44ffe3fb20b43abdcf4060472594d132df6c4ed5f2a75ddc48535e298d24ea229549cf139705d9ecafbec2ca196e343f7db11836fd026933f08b893b92b84a9b5c73e"})
connect$inet(r6, &(0x7f0000000040)={0x2, 0x1, @loopback}, 0xb)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x275a, 0x0)
write$binfmt_misc(r8, &(0x7f0000000040), 0xe09)
r9 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x109301)
ioctl$USBDEVFS_DROP_PRIVILEGES(r9, 0x4004551e, &(0x7f0000000000))
socket$nl_route(0x10, 0x3, 0x0)
ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f00000002c0)={r8, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x5, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd0007008019000200000000000000022122af0e4ccfb7b3cada00", [0x0, 0x2000000000001]}})
close_range(r0, 0xffffffffffffffff, 0x0)

16.578370956s ago: executing program 4 (id=658):
syz_usb_connect$hid(0x3, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000018bbdecde39739fcd1df176dde746ec834120600000000003b814e50a959736d6572462abc30ef5b65c70f73ecea54b5e5bea9836c319f653557e79a002208ce996dda659bd5ba0f4ce5c2080002223dc60000000000000044cd0a1e3686873600000000005493b4b81d5b9fa9b40fe4d76afc3a989c6d60044e89eb96e44d01a1034e3797ffa86870b82939f41ffa0f3d726f085663c29cbdc4c766a7eb77cc36160191acf5ae7469c82ab4145b595b987d75912a0fcd1c061835294cc0c618aba204f8adaa20c80108d356cd88cc86177056b06e7068c40f807d9e539f8f5b64a8ee0725aa8d00000000007cb6020d90ea79b8027cf75964dd86c2ed2b5e75779677aa8c76b848dd03dab190b5f02ec52830a17b01eaae1c3df076000000000000000000000000000083a48a6b926c668b9b90195018ea3619f9d80a0b894e212178e1a19909d764666264fa29e2c055fd7f8e67c2acfb75f0a8d41692f4542a575ee42ed94a0014fba44985cca9df12fe93bfaccf0122a6e7e593613ac0111701b125cc6799c43aa4ff708dc4a00a6decad26f0378072a571da000000b1a6bdf03fd56697e348b5b494f6fddb9f56142a47a40ef81690a7eca421bd0ad198afa58ce69d61c29deaa93c0efea0df04f20020ee84075b4e1a2ad43d1be1138de4668e7b6137545708790c501f1ed7f6a571d500000000000000"], 0x25, 0x5586, &(0x7f00000079c0)="$eJzs3EtvG2UXAOAzTtP71y9CLNh1pAopkWqrTi+CFQVacRGtKi4LVuDYruXW9kSx44SsumCJWPBPEEisWPIbWMASdogFiB0SyDMTaNoGSuM4avs80vjMHL8+874jK9KZiRzAU2sh/e2XJE7FsYiYi4iTSeT7SblF3Im4XIx9LiJOR0Tlri0p838lDkfE8Yg4NSle1EzKtz47Oz5z8ec3f/362yOHTnz+1XcHunDgQD0fEf3VYn+jX8SsU8RbZb4x7uaxf2FcxtUdNfpZkd9or+QVNhrb4xp5PN8pxmer68NJvNlrNCex072Z51cHxQmH4852nckH0luNtfy41V7JY3eY5bGzVZx3c6v427Y1HBV1WmW9j/LyMRptxyLf3mwX61m9ncfmYFTmi7pZq705ieMylqeLZtZr5fNYecSL/Bh4qztY30zH7bVhNxukF2v1F2r1S9X6WtZqj9oXqo1+69KFdLHTmwyrjtqN/uVOlnV67Voz6y+li51ms1qvp4tX2ivdxiCt12vna+eqF5fKvbPpa9ffS3utdHESX+kO1kfd3jC9ma2lxSeW0uXa+ReX0jP19J1rN9Ibb1+9eu3Gux9cef/6y9feeLUcdN+00sXlc8vL1fq56nJ96Sla/8flpP/D+pMHp3/4fm+XDQq7fMEA2N19/X/c2/+H/h+Yur30//3b5fH+9P/xMP1/TLP/n7RU+v9/738rB9D/zof+fx/XD3vyaP3/4anPAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAmftx/ovX852F4vhEmf9fmXqmPE4iohIRfzzAXBzeUXOurDO/y/j5e+bwTRJ5hck5jpTb8Yi4XG6//3+/rwIAAAA8ub68c/rTolsvXhYOekLMUnHTpnLywynVSyJifuGnKVWrTF6enVKx/Pt9KDanVC2/gXV0SsWKW26HplXtocztCEfvCkkRKjOdDgAAMBM7O4HZdiEAAADM0if/+O5LM5sHM5bE9qPM7WfB+X/e//1A8NiO9wAAAIDHUHLQEwAAAAD2Xd7/+/0/AAAAeLIVv/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf7JzP7lpA1EcgJ8Nhv5VUdV9r9IdHKNH6LLLwgF6CY5Ar9ALcAYiZZEjRBBhT5CcgBSJMU7Q90m2M+Po5xlg88bSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXbqpVrN/f77/PTdnuztPntkAAAAAx2yq1az+Y9K0P6b+z6nra2oXEVFGxLHafRCjVuYg5VQn/r96Mob/EXXCvn+cjg8R8SMd91+6/hQAAADgeq0Xy2lTrTentARw2++ouJBm0ab89DNTXhER1eQuU1q5P33LFFb/vofxO1NavYD1LlNYs+Q2PH5vlOshbYPW5XEm8/pLrFtlN88FAAD61K4ETlQhAAAAXIFffQ+AS3he2heH0+E947i5pBeC71stAAAA4A0q+h4AAAAA0Lm6/n9N+/8V9v8DAACA7Jr9/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjSplrN1ovl9NT9+Qtztrvz5JsRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLA/7ygQAmEQBnvXdyZz/8NKg4bGJlUgfPyNwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxf68pEAIBEEUzBn/O+n7H1YS9AwiREDDo4paNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxb799EZRhgEAf3anu1DUWKtpYtVgwkEvUhYEuRqjaTz4EUyassXqIgo9CGnEXryZnrkYPRpjoqm3fgfONOGCNw491MSTh5r5V2bbFRqUmUJ/v+Td99nZ4f23E9Jn3lkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABKm+/Gq+0iTtKXiTwuj93eWp5P641ddWp99c50WtK4VfO4nwCvVd8cn2puIAAAABweSZnfR8TdztpsWrcnsvy/U56T5vw/PJfHZT6/O+/f2Fo+Wnw0Xeb/v/9276WdjiaSrJ+00YXFQf/U3qGMPaYpHnjPP/SMsWzls3svSfaFtD9ceXGzk61n67tbt97vZuGROkYLADyKk2VdBOXfQ2nda3JgABwaY5XEu8z/k4lmxwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQh82VeKaMWxExPXY/Tm1sLc+Pqr9ZvTO9XpRzN2+uVttMm+hExMLioH+qxrkcXOVqXv9sbjDoX7l6re7geESM+OjG/v55Ugz/X8/pRsTQkRMvj2jn4330taudPUFxeUa9aziezu+hJ7eGjrT2LPh727kmLoC6gnbx/TyOLsZr/96Hg/La+/9brvm/IwAAnnqdoqSZ6N3O2mx6rDUZsf3jcP7/RiWOobx/+0Z+JH+/Xsn/731y7na1r2r+36tpfk+CmaVLX8xcvXb9rcVLcxf7F/ufv326907vzPmzZ8/PZPdKZhai7Y4JAAAA/0G3KNX8vz25d///WCWOB+z/51vCef7/5fe9r6t9JfL/ke5v+jU9EgAAgMOouxO98Ppff7ZGnNHqduOruaWlK738def96fy11uE+oiNFqeb/yWTTowIAAADqsLnSGtr/v1CJ4wH7/9Xn/5/96ZVfqm0mETEecTki+ifnLw8u1DedA62OHypnHXWbnikAAABNGS9Kdf+/kz3/39555KEdEW+eiPi7+A1/7DP/Tz749udqX9Xn/8/UOsuDpz2Vr0dWT0WMTTU9IgAAAJ5mR4uSJvt/dNZmP/312Eddz/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1O2fAAAA//+FVSwP")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='sched_switch\x00'}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000003c0)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
pipe(&(0x7f0000000240))
r3 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
ftruncate(r3, 0x2007ffc)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x40942, 0x0)
copy_file_range(r3, 0x0, r4, 0x0, 0xfffffbffa003e45b, 0x700000000000000)

15.944805847s ago: executing program 1 (id=660):
madvise(&(0x7f0000948000/0x4000)=nil, 0x4000, 0xf)
syz_mount_image$hfsplus(&(0x7f0000000400), &(0x7f0000002300)='./file1\x00', 0x44, &(0x7f0000002240)=ANY=[@ANYRES8=0x0, @ANYRESHEX, @ANYRESOCT, @ANYRESOCT], 0x5, 0x6a3, &(0x7f0000001b80)="$eJzs3UtsHGcdAPD/rPfhDSh12iQNqBJWIxWEReKHnGIuNahClqhQVQ6I4ypxGisbt7Jd5EQIwvvAhUPvFAnfuIDEPaicgVOvPlZC4pKTAYlF87LXr/Wu43ht8ftFs/N98z3m+/4z49mdVbQB/N9amIjqk0hiYeKt9TS/uTHT3tyYeVCmI6IREZWIar6KZDki+ThiPvIlPpduLLpLDtvPh0tz73zydPPTPFctlqx+pVe7fW5VDtj4uFhiPCJGivUz2NXf7T391QfuLtmeYRqw62XgYNhqEdHZ5XtXd0qO1P91C5xZSX7f3HdBj0VciIjR4n1AflfM79lnV+PoKo9PYxwAAAAwZC/8KvsIf3HY4wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDzpPj9/6RYKmV6PJLy9//rxbYo0ufak2EPAAAAAAAAAAAG963P7tnwha3YivW4WOY7Sfad/6tZ5nL2+pn4IFZjMVbiRqxHK9ZiLVZiKiLGsvJa9lpfb62trUz10XJ6u2V0tZzucwbN408eAAAAAAAAAM6L6uBNfhILO9//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAWZBEjOSrbLlcpseiUo2I0Yiop/UeR/ytTJ9Jv/lzd67zn05mX7UnpzkmAAAAGJIXtmIr1uNime8k2Wf+q9nn/tH4IJZjLZZiLdqxGHeyZwH5p/7K5sZMe3Nj5kG67O/36/8caBhZj5E/ezh4z9eyGs24G0vZlhtxO96LdtyJStYyda0cz8Hj+nE6puSNQp8ju1Os05n/OmoDzeo4kr5rjmURSUeUR2SyaJtG41LvSAx4dMo9lbGfisr2k5/LJxnz9Xz1+u/ydTqfXwwUk+dtbySmu86+q70jEfHFP/3+u/fay/cbd1cnzs6UBtDoeoK2NxIzXZF4ud9I3Duvkeg2mUXiynZ+Ib4Z34mJGI+3YyWW4vvRirVYjPF4M1oxEq3ifE5fx3pHan5X7u1iXTlsJPXsuNSKv6I9x9QoS97MRteKV7O2F2Mpvh3vxZ1YjFvZv+mYitdjNmZjrusIX+njqq/0vOqbezdc/1LXw+RfHlRjaNKBXdq+O3Wf9ZPZdXBp15adKL148vej6ueLRLqPn/Y6GU7d3khMdUXipd6R+G32Z2W1vXx/5V7r/T7391qxTq+jn5+pu0R6vryYHqwst/vsSMte2ls2mserXnzjkpftvuOmZVe2y466UuvFe7j9PU1nZS8fWDaTlV3rKtv1fms+f78FwJl34csX6s1/NP/a/Kj5s+a95luj32h8tfFKPWp/qX2tOjnyWuWV5I/xUfxw5/M/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwfKsPH91vtduLK3sSnU7nR4cUPcdEMyLKLRFHtarF0XWOTjSP0aoeEVmiWiYG22mjr8r1naPzxh+eJby1QVtFnMgxrRYn2cNH9//V6XQOq1yJfjqMyZM4x2o9zvmdRPkrafuKOuUPW53uddFv4t+dk+twSH+QgFNzc+3B+zdXHz76ytKD1ruL7y4uz83Ozk3Ozd76+827S+3Fyfx12KMEnoedm/6wRwIAAAAAAAAAAAD06zT+W8Ihu/7vKU8VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOKcWJhpF6sZk+rq5MdNOlzK9XTGrVomI5AcRyccR85EvMdbVXXLYfj5cmnvnk6ebn+a5arFk9Su72tWOM4vHxRLjETFSrLuNPkN/t4v1sUaWSbZnOB9Ru14GDobtfwEAAP//axIEXA==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x104)
read$FUSE(r0, &(0x7f0000002340)={0x2020}, 0x2020)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='cpuset.effective_mems\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000040), 0x208e24b)
write$input_event(r1, &(0x7f00000001c0)={{}, 0x11, 0x8001, 0x58}, 0x18)

15.872961439s ago: executing program 0 (id=661):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800714, &(0x7f0000000500), 0xff, 0x485, &(0x7f0000001500)="$eJzs3M9rHFUcAPDvTJL+bhNrrba2Gq1i8UfSpFV78KCi4EFB0EM9xiSttdtGmgi2BI0i9SgF7+JR8C/w5kXUgwheFTxKoWgQmnqKzK9mu9mkSZpkbfbzgc2+t/Nm3/vOzNt9My+zAbSt3uxPErEjIn6LiO4ie3OB3uJpZnpy+Pr05HASs7Nv/JXk5a5NTw5XRav1tpeZw2lE+mkSzyfz6x2/cPHMUK02er7M90+cfa9//MLFp06fHTo1emr03ODx48eODjz7zODTqxJnFte1/R+OHdj3yluXXxs+cfntH7/JmrX3YLG8Po5but4koCZ6s63292yucdmjy2j7nWBnXTrpbGFDWJaOiMh2V1fe/7ujI+Z2Xne8/ElLGwesqey7afPCi6dmgQ0siVa3AGiN6os+O/+tHus09PhfuPpCxKYyPTM9OTxzI/7OSMvXu9aw/t6IODH175fZI5Z7HQIAYAXysc2TzcZ/aezNn4u5jl3lHEpPRNwVEbsj4u6I2BMR90TkZe+NiPuKlWe7l1h/b0N+/vgnvdK0zaskG/89Vzf2m6mLv3zq6ShzO/P4u5KTp2ujR8ptcji6Nmf5gUXq+O6lXz9faFn9+C97ZPVXY8GyAVc6Gy7QjQxNDK3WRrj6ccT+zmbxJzdmArIjYF9E7F/eW++qEqcf//rAQoVuHf8iVmGeafariMeK/T8VDfFXksXnJ/u3RG30SH91VMz30y+XXl+o/tuKfxVk+3/bzcd/Q4nuf5JivrYrarXR8+PLr+PS758teE6z0uN/U/JmPmf98zvFax8MTUycH4jYlLya56tzuvz1wbl1q3xVPov/8KHm/X93uU4W//0RkR3EByPigYh4sGz7QxHxcEQcWiT+H1585N1F4k8iiZbu/5Gmn383jv+epH6+fgWJjjPff7vQjPnS9v+xmMo/awv5598tLLWBt7n5AAAA4I6QRsSOSNK+It27I9K0r6/4H/49sS2tjY1PPHFy7P1zI8U9Aj3RlVZXurrrrocOJFPlOxb5wfJacbX8aHnd+IuOrXm+b3isNtLi2KHdbb+5/0fV/zN/drS6dcCac78WtK/G/p+2qB3A+lvK979zAdiYmvT/ra1oB7D+nP9D+2rW/z9qyBv/w8Y0v///0eQn64CNyPgf2pf+D+1L/4e2dDv39a88Ud0ssPL32bLkO/zbJVH94sVa1rU15l6JtOUht1Ei6zHrW+ncb6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcyf4LAAD///ss5ts=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x100)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x9}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r4 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_int(r4, 0x6, 0x1e, 0x0, 0x0)
r5 = syz_usb_connect$printer(0x2, 0x0, 0x0, 0x0)
syz_usb_control_io$printer(r5, &(0x7f00000007c0)={0x14, &(0x7f0000000680)={0x20, 0x31, 0x7e, {0x7e, 0x24, "7d386e14efe5f97a2e4a7e33a609d6becc96078ccf9737c29762d371b39e760b8dad2ca0d578133d35fea17b29e8ab9d495aa403cee14aa9d6b0ba250d23f607a9de8aba9e4ea93ae10b7505894ff3afac6ac6f2a9470ccfc9b4de3fbf326d4d0171c75b1661ec478318e83b5593ffc83355c42397582b28ea3010ee"}}, &(0x7f0000000780)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x240a}}}, &(0x7f0000000a80)={0x34, &(0x7f0000000800)={0x0, 0x14}, 0x0, &(0x7f0000000940)={0x0, 0x8, 0x1, 0x6}, 0x0, &(0x7f0000000a00)={0x20, 0x1, 0x1, 0x10}, &(0x7f0000000a40)={0x20, 0x0, 0x1, 0x4}})
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000040)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}]})

13.456680869s ago: executing program 4 (id=662):
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000f00)=[{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000100)}, {0x0}, {&(0x7f0000000340)="b92fc8d480737475599f9b3cec0ee7426057350194c5ce866b05f60343d526a746b201784a3ee55de873375a52dadc7e8ab9044dd2665909a0580519f5736b82fd6340430182bc", 0x47}], 0x3, 0x0, 0x0, 0x40000}], 0x1, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x6, 0x9, 0x96, 0x0, 0x1, 0x2, 0x3, 0xe2, 0x0, 0x3, 0x2, 0xc1, 0x0, 0x3, 0x7, 0x4, 0x77, 0x3, 0x3a, '\x00', 0x7})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

12.154092379s ago: executing program 3 (id=664):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d031, 0xffffffffffffffff, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="30000000190001000000000000000000021800000000ff000000000008000100ac141400"], 0x30}}, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={0xffffffffffffffff, 0x58, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r4=>0x0}}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="6c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0028000002010a004c0012800900010069706970000000003c00028005000400eb000000060011004e24000008001400ffffffff080002000a01010108000100", @ANYRES32=0x0, @ANYBLOB="05000a0001000000080001", @ANYRES32=r4, @ANYBLOB="48288fb4bdb539ce04ffd732bd98ddd62ea1c24a467ea9a5baaa64f314eb750451faa1259a7eeb717b6e8b2d248fa5c8064c1d1314ec1d63711ae176c645d73e35b9313f8d64c8f6245d16cd4aeb95c8318a14743b521286ccfdf101f4f24e8aff09ae180b56526661a63557a85c8d97"], 0x6c}}, 0x0)
readv(r1, &(0x7f0000000240)=[{&(0x7f0000000040)=""/71, 0x47}], 0x1)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000082505a3a440000102030109023b000101000000090400000302060000052406000005240000000d240f0100000000000000000009058202400000000009050302"], 0x0)
r5 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r6 = socket(0x40000000015, 0x5, 0x0)
r7 = syz_open_dev$usbfs(&(0x7f0000000200), 0xec, 0x412000)
ioctl$USBDEVFS_SUBMITURB(r7, 0x8038550a, &(0x7f00000005c0)=@urb_type_control={0x2, {0xa}, 0xd9, 0x2, &(0x7f0000000500)={0x3, 0x17, 0x3, 0x2, 0x4}, 0x8, 0x3, 0x43, 0x0, 0x4dc, 0x6, &(0x7f0000000540)="4a9427d4704ee76029661ff4947a961c8cfa1172f5ce36b4ce0d6c5e6758f44ffe3fb20b43abdcf4060472594d132df6c4ed5f2a75ddc48535e298d24ea229549cf139705d9ecafbec2ca196e343f7db11836fd026933f08b893b92b84a9b5c73e"})
connect$inet(r6, &(0x7f0000000040)={0x2, 0x1, @loopback}, 0xb)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x275a, 0x0)
write$binfmt_misc(r8, &(0x7f0000000040), 0xe09)
r9 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x109301)
ioctl$USBDEVFS_DROP_PRIVILEGES(r9, 0x4004551e, &(0x7f0000000000))
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001ac0)=@newlink={0x40, 0x10, 0x609, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x4}}}, @IFLA_ADDRESS={0x7, 0x1, @link_local}]}, 0x40}}, 0x0)
ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f00000002c0)={r8, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x5, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd0007008019000200000000000000022122af0e4ccfb7b3cada00", [0x0, 0x2000000000001]}})
close_range(r0, 0xffffffffffffffff, 0x0)

11.864891076s ago: executing program 1 (id=666):
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x42, 0x4, 0x278, 0xffffffff, 0x0, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x240, 0x240, 0x240, 0xffffffff, 0x4, 0x0, {[{{@ip={@rand_addr, @loopback, 0x0, 0x0, 'pimreg0\x00', 'wlan0\x00', {}, {}, 0x73, 0x1, 0x12}, 0x0, 0x70, 0x98, 0x0, {0x100000000000000}}, @REJECT={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x7}}}, {{@ip={@private, @loopback, 0x0, 0x0, 'batadv_slave_0\x00', 'dvmrp0\x00'}, 0x0, 0x70, 0xb0}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x0, 0x7}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2d8)
socket$igmp6(0xa, 0x3, 0x2)
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x11}}}}}}}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00')
lseek(r1, 0x10000000005, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r2, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000480)=ANY=[@ANYBLOB="38000000180001000000000000000000fe060000000006001500020000001400168010000864ac00038005000100fe000000000000000000b53a259d11d266c62f3b350da8cf81d7080d3db1d3b092201061b51663ffb8e54163ad12cc05536ab35af0e310b10fb6474841f7e6776f64fab3970c455f1d88444a274dbf0fe0ca6d50ebe1834b41705f23c9af526f35503848ce9f1eb5d7c22f2295b4a08b69623480866b0879cc19f03ea5267360b1b626"], 0x38}}, 0x0)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x20004084}, 0x0)
mount(&(0x7f0000000440)=@nullb, &(0x7f0000000300)='./cgroup\x00', &(0x7f00000001c0)='hfs\x00', 0x200480, 0x0)
socket(0x1, 0x803, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
ioctl$int_in(r4, 0x5452, &(0x7f0000000080)=0x8000000ffffffff)
shutdown(r5, 0x2)

11.082756548s ago: executing program 0 (id=667):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0, 0x0)
pipe2$9p(&(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff017f000e0800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000000)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f00000003c0)=ANY=[@ANYBLOB="b0"], 0xb0)
write$FUSE_GETXATTR(r2, &(0x7f0000000480)={0x18}, 0x18)
write$FUSE_INIT(r2, &(0x7f0000000600)={0x50, 0x0, 0x0, {0x7, 0x29, 0x3, 0x0, 0x4, 0x772, 0x7, 0x0, 0x0, 0x0, 0xa0, 0x200}}, 0x50)
mount$9p_fd(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}})
r3 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
unshare(0x2c020400)
socket$nl_netfilter(0x10, 0x3, 0xc)
write$FUSE_INIT(r3, &(0x7f0000000200)={0x50, 0x0, 0x0, {0x7, 0x29, 0x1282, 0x400c6001, 0x5, 0x8, 0x10, 0xc40b, 0x0, 0x0, 0x40, 0x6}}, 0x50)

10.970899311s ago: executing program 1 (id=668):
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000f00)=[{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000340)="b92fc8d480737475599f9b3cec0ee7426057350194c5ce866b05f60343d526a746b201784a3ee55de873375a52dadc7e8ab9044dd2665909a0580519f5736b82fd6340430182bca17cdb83870fcaacfaa5", 0x51}], 0x1, 0x0, 0x0, 0x40000}], 0x1, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$NL80211_CMD_JOIN_OCB(0xffffffffffffffff, 0x0, 0x4000000)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x6, 0x9, 0x96, 0x0, 0x1, 0x2, 0x3, 0xe2, 0x0, 0x3, 0x2, 0xc1, 0x0, 0x3, 0x7, 0x4, 0x77, 0x3, 0x3a, '\x00', 0x7})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

10.82362335s ago: executing program 2 (id=669):
syz_usb_connect$hid(0x3, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000018bbdecde39739fcd1df176dde746ec834120600000000003b814e50a959736d6572462abc30ef5b65c70f73ecea54b5e5bea9836c319f653557e79a002208ce996dda659bd5ba0f4ce5c2080002223dc60000000000000044cd0a1e3686873600000000005493b4b81d5b9fa9b40fe4d76afc3a989c6d60044e89eb96e44d01a1034e3797ffa86870b82939f41ffa0f3d726f085663c29cbdc4c766a7eb77cc36160191acf5ae7469c82ab4145b595b987d75912a0fcd1c061835294cc0c618aba204f8adaa20c80108d356cd88cc86177056b06e7068c40f807d9e539f8f5b64a8ee0725aa8d00000000007cb6020d90ea79b8027cf75964dd86c2ed2b5e75779677aa8c76b848dd03dab190b5f02ec52830a17b01eaae1c3df076000000000000000000000000000083a48a6b926c668b9b90195018ea3619f9d80a0b894e212178e1a19909d764666264fa29e2c055fd7f8e67c2acfb75f0a8d41692f4542a575ee42ed94a0014fba44985cca9df12fe93bfaccf0122a6e7e593613ac0111701b125cc6799c43aa4ff708dc4a00a6decad26f0378072a571da000000b1a6bdf03fd56697e348b5b494f6fddb9f56142a47a40ef81690a7eca421bd0ad198afa58ce69d61c29deaa93c0efea0df04f20020ee84075b4e1a2ad43d1be1138de4668e7b6137545708790c501f1ed7f6a571d500000000000000"], 0x25, 0x5586, &(0x7f00000079c0)="$eJzs3EtvG2UXAOAzTtP71y9CLNh1pAopkWqrTi+CFQVacRGtKi4LVuDYruXW9kSx44SsumCJWPBPEEisWPIbWMASdogFiB0SyDMTaNoGSuM4avs80vjMHL8+874jK9KZiRzAU2sh/e2XJE7FsYiYi4iTSeT7SblF3Im4XIx9LiJOR0Tlri0p838lDkfE8Yg4NSle1EzKtz47Oz5z8ec3f/362yOHTnz+1XcHunDgQD0fEf3VYn+jX8SsU8RbZb4x7uaxf2FcxtUdNfpZkd9or+QVNhrb4xp5PN8pxmer68NJvNlrNCex072Z51cHxQmH4852nckH0luNtfy41V7JY3eY5bGzVZx3c6v427Y1HBV1WmW9j/LyMRptxyLf3mwX61m9ncfmYFTmi7pZq705ieMylqeLZtZr5fNYecSL/Bh4qztY30zH7bVhNxukF2v1F2r1S9X6WtZqj9oXqo1+69KFdLHTmwyrjtqN/uVOlnV67Voz6y+li51ms1qvp4tX2ivdxiCt12vna+eqF5fKvbPpa9ffS3utdHESX+kO1kfd3jC9ma2lxSeW0uXa+ReX0jP19J1rN9Ibb1+9eu3Gux9cef/6y9feeLUcdN+00sXlc8vL1fq56nJ96Sla/8flpP/D+pMHp3/4fm+XDQq7fMEA2N19/X/c2/+H/h+Yur30//3b5fH+9P/xMP1/TLP/n7RU+v9/738rB9D/zof+fx/XD3vyaP3/4anPAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAmftx/ovX852F4vhEmf9fmXqmPE4iohIRfzzAXBzeUXOurDO/y/j5e+bwTRJ5hck5jpTb8Yi4XG6//3+/rwIAAAA8ub68c/rTolsvXhYOekLMUnHTpnLywynVSyJifuGnKVWrTF6enVKx/Pt9KDanVC2/gXV0SsWKW26HplXtocztCEfvCkkRKjOdDgAAMBM7O4HZdiEAAADM0if/+O5LM5sHM5bE9qPM7WfB+X/e//1A8NiO9wAAAIDHUHLQEwAAAAD2Xd7/+/0/AAAAeLIVv/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf7JzP7lpA1EcgJ8Nhv5VUdV9r9IdHKNH6LLLwgF6CY5Ar9ALcAYiZZEjRBBhT5CcgBSJMU7Q90m2M+Po5xlg88bSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXbqpVrN/f77/PTdnuztPntkAAAAAx2yq1az+Y9K0P6b+z6nra2oXEVFGxLHafRCjVuYg5VQn/r96Mob/EXXCvn+cjg8R8SMd91+6/hQAAADgeq0Xy2lTrTentARw2++ouJBm0ab89DNTXhER1eQuU1q5P33LFFb/vofxO1NavYD1LlNYs+Q2PH5vlOshbYPW5XEm8/pLrFtlN88FAAD61K4ETlQhAAAAXIFffQ+AS3he2heH0+E947i5pBeC71stAAAA4A0q+h4AAAAA0Lm6/n9N+/8V9v8DAACA7Jr9/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjSplrN1ovl9NT9+Qtztrvz5JsRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLA/7ygQAmEQBnvXdyZz/8NKg4bGJlUgfPyNwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxf68pEAIBEEUzBn/O+n7H1YS9AwiREDDo4paNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxb799EZRhgEAf3anu1DUWKtpYtVgwkEvUhYEuRqjaTz4EUyassXqIgo9CGnEXryZnrkYPRpjoqm3fgfONOGCNw491MSTh5r5V2bbFRqUmUJ/v+Td99nZ4f23E9Jn3lkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABKm+/Gq+0iTtKXiTwuj93eWp5P641ddWp99c50WtK4VfO4nwCvVd8cn2puIAAAABweSZnfR8TdztpsWrcnsvy/U56T5vw/PJfHZT6/O+/f2Fo+Wnw0Xeb/v/9276WdjiaSrJ+00YXFQf/U3qGMPaYpHnjPP/SMsWzls3svSfaFtD9ceXGzk61n67tbt97vZuGROkYLADyKk2VdBOXfQ2nda3JgABwaY5XEu8z/k4lmxwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQh82VeKaMWxExPXY/Tm1sLc+Pqr9ZvTO9XpRzN2+uVttMm+hExMLioH+qxrkcXOVqXv9sbjDoX7l6re7geESM+OjG/v55Ugz/X8/pRsTQkRMvj2jn4330taudPUFxeUa9aziezu+hJ7eGjrT2LPh727kmLoC6gnbx/TyOLsZr/96Hg/La+/9brvm/IwAAnnqdoqSZ6N3O2mx6rDUZsf3jcP7/RiWOobx/+0Z+JH+/Xsn/731y7na1r2r+36tpfk+CmaVLX8xcvXb9rcVLcxf7F/ufv326907vzPmzZ8/PZPdKZhai7Y4JAAAA/0G3KNX8vz25d///WCWOB+z/51vCef7/5fe9r6t9JfL/ke5v+jU9EgAAgMOouxO98Ppff7ZGnNHqduOruaWlK738def96fy11uE+oiNFqeb/yWTTowIAAADqsLnSGtr/v1CJ4wH7/9Xn/5/96ZVfqm0mETEecTki+ifnLw8u1DedA62OHypnHXWbnikAAABNGS9Kdf+/kz3/39555KEdEW+eiPi7+A1/7DP/Tz749udqX9Xn/8/UOsuDpz2Vr0dWT0WMTTU9IgAAAJ5mR4uSJvt/dNZmP/312Eddz/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1O2fAAAA//+FVSwP")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='sched_switch\x00'}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f00000003c0)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
pipe(&(0x7f0000000240))
r3 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
ftruncate(r3, 0x2007ffc)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x40942, 0x0)
copy_file_range(r3, 0x0, r4, 0x0, 0xfffffbffa003e45b, 0x700000000000000)

9.658332078s ago: executing program 0 (id=670):
syz_usb_connect(0x0, 0x0, 0x0, 0x0)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x68c81, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1)
r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
ioctl$VIDIOC_QUERYCTRL(0xffffffffffffffff, 0xc0445624, &(0x7f0000000280)={0x7, 0x100, "77c638b05041a0115f44304807e55536b7fc5ae52727d800", 0x1ff, 0x5, 0x79, 0xdf4})
r4 = dup(r3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r4, 0x2000)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x1)
ioctl$KVM_PRE_FAULT_MEMORY(r2, 0xc040aed5, &(0x7f00000000c0)={0xf000, 0x118000})

8.013934636s ago: executing program 1 (id=671):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x2000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000340)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socket(0x10, 0x803, 0x0)
r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x302, 0x0)
ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r4 = socket(0x400000000010, 0x3, 0x0)
r5 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r6=>0x0})
sendmsg$nl_route_sched(r4, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xffff, 0xf}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x6}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x0)

7.9044864s ago: executing program 4 (id=672):
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$netlink(0xffffffffffffffff, 0x0, 0x20048195)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="10000000040000000400", @ANYRES32=0x1], 0x50)
r0 = socket$kcm(0xa, 0x5, 0x0)
r1 = socket$kcm(0xa, 0x5, 0x0)
ioctl$sock_kcm_SIOCKCMCLONE(r0, 0x8936, &(0x7f0000000000)={r1})
ioctl$sock_bt_hci(0xffffffffffffffff, 0x800448d4, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10)
r3 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
connect$bt_l2cap(r3, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}}, 0xe)
sendmmsg$sock(r3, &(0x7f0000004100)=[{{0x0, 0x0, 0x0}}], 0xffffff80, 0x0)
shutdown(r3, 0x1)

6.920143898s ago: executing program 2 (id=673):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
getpgrp(0x0)
process_madvise(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f0000000280)="90", 0x1}], 0x1, 0x2, 0x0)
prctl$PR_GET_TSC(0x43, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
syz_init_net_socket$ax25(0x3, 0x3, 0x0)
r1 = socket(0x40000000015, 0x5, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000840)={0x0, 0x0, &(0x7f0000000800)={&(0x7f0000000640)=@allocspi={0x108, 0x16, 0x401, 0x0, 0x0, {{{@in=@local, @in6=@mcast1, 0x0, 0xfd1, 0x0, 0x2, 0x2, 0x0, 0x0, 0xc}, {@in=@broadcast, 0x0, 0x33}, @in6=@loopback, {0x0, 0x0, 0x0, 0x0, 0x8000000000000000, 0x80000001}, {0x101, 0x0, 0x0, 0x800}, {0x4, 0x6, 0x400}, 0x0, 0x0, 0xa, 0x0, 0x0, 0x94}, 0x0, 0x4ad}, [@XFRMA_IF_ID={0x8}, @etimer_thresh={0x8, 0xc, 0x3}]}, 0x108}, 0x1, 0x0, 0x0, 0x20040080}, 0x0)
r2 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
connect$packet(r2, &(0x7f0000000000)={0x1f, 0xf8, 0x0, 0x1, 0x2, 0x6, @broadcast}, 0x14)
connect$inet(r1, 0x0, 0x0)
ioctl$FIONCLEX(0xffffffffffffffff, 0x5450)
mknod$loop(&(0x7f00000017c0)='./file0\x00', 0x2480, 0x0)
setuid(0xee00)
write$cgroup_pressure(0xffffffffffffffff, &(0x7f0000000140)={'full'}, 0xfffffdef)
setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, &(0x7f0000000840)=0x8, 0x4)
r3 = socket$nl_netfilter(0x10, 0x3, 0xc)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x11, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x8}, 0x94)
sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000100)={0x50, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x14, 0x3, 'hash:ip,port,ip\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0xc, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x0, 0x0, 0xeb}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}]}, 0x50}, 0x1, 0x0, 0x0, 0x4810}, 0x0)

6.403363225s ago: executing program 1 (id=674):
socket$netlink(0x10, 0x3, 0x0)
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0x14, 0x30, 0x100}, 0x14}, 0x1, 0x0, 0x0, 0x84}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(0xffffffffffffffff, 0xc0b45545, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000440), 0x0)
r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0)
r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0)
ioctl$KVM_GET_NESTED_STATE(r6, 0xc080aebe, &(0x7f00000037c0)={{0x0, 0x0, 0x80}})
r7 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001080)={&(0x7f0000000540)=ANY=[@ANYBLOB="48000000100003050000000000"], 0x48}, 0x1, 0x0, 0x0, 0x24040000}, 0x2000800)

6.40236245s ago: executing program 4 (id=675):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d031, 0xffffffffffffffff, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="30000000190001000000000000000000021800000000ff000000000008000100ac141400"], 0x30}}, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={0xffffffffffffffff, 0x58, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r4=>0x0}}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="6c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0028000002010a004c0012800900010069706970000000003c00028005000400eb000000060011004e24000008001400ffffffff080002000a01010108000100", @ANYRES32=0x0, @ANYBLOB="05000a0001000000080001", @ANYRES32=r4, @ANYBLOB="48288fb4bdb539ce04ffd732bd98ddd62ea1c24a467ea9a5baaa64f314eb750451faa1259a7eeb717b6e8b2d248fa5c8064c1d1314ec1d63711ae176c645d73e35b9313f8d64c8f6245d16cd4aeb95c8318a14743b521286ccfdf101f4f24e8aff09ae180b56526661a63557a85c8d97"], 0x6c}}, 0x0)
readv(r1, &(0x7f0000000240)=[{&(0x7f0000000040)=""/71, 0x47}], 0x1)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000082505a3a440000102030109023b000101000000090400000302060000052406000005240000000d240f0100000000000000000009058202400000000009050302"], 0x0)
r5 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r6 = socket(0x40000000015, 0x5, 0x0)
r7 = syz_open_dev$usbfs(&(0x7f0000000200), 0xec, 0x412000)
ioctl$USBDEVFS_SUBMITURB(r7, 0x8038550a, &(0x7f00000005c0)=@urb_type_control={0x2, {0xa}, 0xd9, 0x2, &(0x7f0000000500)={0x3, 0x17, 0x3, 0x2, 0x4}, 0x8, 0x3, 0x43, 0x0, 0x4dc, 0x6, &(0x7f0000000540)="4a9427d4704ee76029661ff4947a961c8cfa1172f5ce36b4ce0d6c5e6758f44ffe3fb20b43abdcf4060472594d132df6c4ed5f2a75ddc48535e298d24ea229549cf139705d9ecafbec2ca196e343f7db11836fd026933f08b893b92b84a9b5c73e"})
connect$inet(r6, &(0x7f0000000040)={0x2, 0x1, @loopback}, 0xb)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x275a, 0x0)
write$binfmt_misc(r8, &(0x7f0000000040), 0xe09)
r9 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x109301)
ioctl$USBDEVFS_DROP_PRIVILEGES(r9, 0x4004551e, &(0x7f0000000000))
socket$nl_route(0x10, 0x3, 0x0)
ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f00000002c0)={r8, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x5, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd0007008019000200000000000000022122af0e4ccfb7b3cada00", [0x0, 0x2000000000001]}})
close_range(r0, 0xffffffffffffffff, 0x0)

5.776236097s ago: executing program 3 (id=676):
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000f00)=[{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000240)="7ac8b2852c60ac24e03a2c072bab3422a80c1ff518be3d476f4613ac6966fe3d59eaa20ec88f677b15d700cd353f4e204732f26aa229fa8b1aedf5c4ea550aa6c5ca40178fde587d3ffcb3f72d9aa08a1cf5a4ead762672b35ab6c6857d8f2ea9f007085fc852af3b0a59e7f46ab8c3c4196f8bac172a062fa208cf948d3b5586ec8964672cca7da40dc5cf3c98c69e80d3e9d504c539a1318a0683ba40f5753e331a1690bfb72fb6ddb4f1502c51f872b2c3209cbb1d538cda90be4c67f875b56", 0xc1}, {&(0x7f0000000340)="b92fc8d480737475599f9b3cec0ee7426057350194c5ce866b05f60343d526a746", 0x21}], 0x2, 0x0, 0x0, 0x40000}], 0x1, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$NL80211_CMD_JOIN_OCB(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200025bd7000fedbdf256c00000008000300", @ANYRES32=0x0, @ANYBLOB="0100000012cc62"], 0x24}, 0x1, 0x0, 0x0, 0x810}, 0x4000000)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x6, 0x9, 0x96, 0x0, 0x1, 0x2, 0x3, 0xe2, 0x0, 0x3, 0x2, 0xc1, 0x0, 0x3, 0x7, 0x4, 0x77, 0x3, 0x3a, '\x00', 0x7})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

5.594197046s ago: executing program 0 (id=677):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="30000000190001000000000000000000021800000000ff000000000008000100ac141400"], 0x30}}, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={0xffffffffffffffff, 0x58, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r4=>0x0}}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="6c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0028000002010a004c0012800900010069706970000000003c00028005000400eb000000060011004e24000008001400ffffffff080002000a01010108000100", @ANYRES32=0x0, @ANYBLOB="05000a0001000000080001", @ANYRES32=r4, @ANYBLOB="48288fb4bdb539ce04ffd732bd98ddd62ea1c24a467ea9a5baaa64f314eb750451faa1259a7eeb717b6e8b2d248fa5c8064c1d1314ec1d63711ae176c645d73e35b9313f8d64c8f6245d16cd4aeb95c8318a14743b521286ccfdf101f4f24e8aff09ae180b56526661a63557a85c8d97"], 0x6c}}, 0x0)
readv(r1, &(0x7f0000000240)=[{&(0x7f0000000040)=""/71, 0x47}], 0x1)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000082505a3a440000102030109023b000101000000090400000302060000052406000005240000000d240f0100000000000000000009058202400000000009050302"], 0x0)
r5 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r6 = socket(0x40000000015, 0x5, 0x0)
r7 = syz_open_dev$usbfs(&(0x7f0000000200), 0xec, 0x412000)
ioctl$USBDEVFS_SUBMITURB(r7, 0x8038550a, &(0x7f00000005c0)=@urb_type_control={0x2, {0xa}, 0xd9, 0x2, &(0x7f0000000500)={0x3, 0x17, 0x3, 0x2, 0x4}, 0x8, 0x3, 0x43, 0x0, 0x4dc, 0x6, &(0x7f0000000540)="4a9427d4704ee76029661ff4947a961c8cfa1172f5ce36b4ce0d6c5e6758f44ffe3fb20b43abdcf4060472594d132df6c4ed5f2a75ddc48535e298d24ea229549cf139705d9ecafbec2ca196e343f7db11836fd026933f08b893b92b84a9b5c73e"})
connect$inet(r6, &(0x7f0000000040)={0x2, 0x1, @loopback}, 0xb)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x275a, 0x0)
write$binfmt_misc(r8, &(0x7f0000000040), 0xe09)
r9 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x109301)
ioctl$USBDEVFS_DROP_PRIVILEGES(r9, 0x4004551e, &(0x7f0000000000))
socket$nl_route(0x10, 0x3, 0x0)
ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f00000002c0)={r8, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x5, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd0007008019000200000000000000022122af0e4ccfb7b3cada00", [0x0, 0x2000000000001]}})
close_range(r0, 0xffffffffffffffff, 0x0)

5.075959383s ago: executing program 3 (id=678):
socket$alg(0x26, 0x5, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socket$netlink(0x10, 0x3, 0x0)
close(0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000000c0)=0xa)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x183822, 0x0)
r2 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x0, 0x100, 0x0, 0x333}, &(0x7f0000000000)=<r3=>0x0, &(0x7f00000001c0)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r1, 0x0, &(0x7f0000000100)=[{0x0}], 0x1})
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x26, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
io_uring_enter(r2, 0x47ba, 0x0, 0x0, 0x0, 0x0)

3.966801108s ago: executing program 2 (id=679):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_type(r0, &(0x7f0000000100), 0x2, 0x0)
write$cgroup_type(r1, &(0x7f0000000280), 0x9)
r2 = openat$cgroup_procs(r0, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0)
write$cgroup_pid(r2, &(0x7f0000000c40), 0x12)
r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r4 = openat$cgroup_ro(r3, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
open(&(0x7f0000000100)='./file0\x00', 0x80ff, 0x36)
r5 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, 0x0)
read$FUSE(r5, &(0x7f0000006300)={0x2020, 0x0, <r6=>0x0}, 0x2020)
write$FUSE_INIT(r5, &(0x7f0000000040)={0x50, 0x0, r6, {0x7, 0x1f, 0x0, 0x10408}}, 0x50)
open$dir(&(0x7f0000000000)='./file0\x00', 0x200, 0x12)
write$cgroup_int(r4, &(0x7f0000000200)=0x1, 0x12)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r8 = openat$cgroup_procs(r7, &(0x7f0000000180)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r8, &(0x7f0000000080), 0x12)

3.823648374s ago: executing program 3 (id=680):
socket$nl_route(0x10, 0x3, 0x0)
setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x42, 0x4, 0x278, 0xffffffff, 0x0, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x240, 0x240, 0x240, 0xffffffff, 0x4, 0x0, {[{{@ip={@rand_addr, @loopback, 0x0, 0x0, 'pimreg0\x00', 'wlan0\x00', {}, {}, 0x73, 0x1, 0x12}, 0x0, 0x70, 0x98, 0x0, {0x100000000000000}}, @REJECT={0x28}}, {{@uncond, 0x0, 0x70, 0x98}, @REJECT={0x28, 'REJECT\x00', 0x0, {0x7}}}, {{@ip={@private, @loopback, 0x0, 0x0, 'batadv_slave_0\x00', 'dvmrp0\x00'}, 0x0, 0x70, 0xb0}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x0, 0x7}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x2d8)
syz_emit_ethernet(0x4a, &(0x7f0000000000)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x11}}}}}}}, 0x0)
r0 = socket$netlink(0x10, 0x3, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='status\x00')
lseek(r2, 0x10000000005, 0x0)
r3 = socket(0x10, 0x803, 0x0)
sendmsg$IPVS_CMD_SET_INFO(r3, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000480)=ANY=[@ANYBLOB="38000000180001000000000000000000fe060000000006001500020000001400168010000864ac00038005000100fe000000000000000000b53a259d11d266c62f3b350da8cf81d7080d3db1d3b092201061b51663ffb8e54163ad12cc05536ab35af0e310b10fb6474841f7e6776f64fab3970c455f1d88444a274dbf0fe0ca6d50ebe1834b41705f23c9af526f35503848ce9f1eb5d7c22f2295b4a08b69623480866b0879cc19f03ea5267360b1b626"], 0x38}}, 0x0)
getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[], 0x3c}, 0x1, 0x0, 0x0, 0x20004084}, 0x0)
mount(&(0x7f0000000440)=@nullb, &(0x7f0000000300)='./cgroup\x00', &(0x7f00000001c0)='hfs\x00', 0x200480, 0x0)
socket(0x1, 0x803, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={<r5=>0xffffffffffffffff, <r6=>0xffffffffffffffff})
ioctl$int_in(r5, 0x5452, &(0x7f0000000080)=0x8000000ffffffff)
shutdown(r6, 0x2)

3.184544565s ago: executing program 4 (id=681):
sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000f00)=[{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000240)="7ac8b2852c60ac24e03a2c072bab3422a80c1ff518be3d476f4613ac6966fe3d59eaa20ec88f677b15d700cd353f4e204732f26aa229fa8b1aedf5c4ea550aa6c5ca40178fde587d3ffcb3f72d9aa08a1cf5a4ead762672b35ab6c6857d8f2ea9f007085fc852af3b0a59e7f46ab8c3c4196f8bac172a062fa208cf948d3b5586ec8964672cca7da40dc5cf3c98c69e80d3e9d504c539a1318a0683ba40f5753e331a1690bfb72fb6ddb4f1502c51f872b2c3209cbb1d538cda90be4c67f875b56d073", 0xc3}, {&(0x7f0000000340)="b92fc8d480737475599f9b3cec0ee7426057350194c5ce866b05f60343d526a746", 0x21}], 0x2, 0x0, 0x0, 0x40000}], 0x1, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
sendmsg$NL80211_CMD_JOIN_OCB(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000440)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="200025bd7000fedbdf256c00000008000300", @ANYRES32=0x0, @ANYBLOB="0100000012cc62"], 0x24}, 0x1, 0x0, 0x0, 0x810}, 0x4000000)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x6, 0x9, 0x96, 0x0, 0x1, 0x2, 0x3, 0xe2, 0x0, 0x3, 0x2, 0xc1, 0x0, 0x3, 0x7, 0x4, 0x77, 0x3, 0x3a, '\x00', 0x7})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

3.168152316s ago: executing program 2 (id=682):
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r0 = socket(0x400000000010, 0x3, 0x0)
r1 = socket$unix(0x1, 0x5, 0x0)
sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x409c884, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="1b00000000000d80000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000180)=ANY=[@ANYRES32=r3, @ANYBLOB="0000000000000000b702000000000000850000008600000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000040)={r4}, 0xc)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000002000)=""/102400, 0x19000)
chown(0x0, 0x0, 0xee01)
r6 = creat(0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000100)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x28, 0x28, 0x3, [@var={0x2, 0x0, 0x0, 0x11, 0x3, 0xffffffff}, @const={0x0, 0x0, 0x0, 0x2}, @func_proto={0x2, 0x0, 0x0, 0x8, 0x2}]}, {0x0, [0x0]}}, 0x0, 0x43}, 0x28)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r7=>0x0})
ioctl$TIOCGSID(r6, 0x5429, &(0x7f0000000280)=<r8=>0x0)
ptrace$ARCH_GET_GS(0x1e, r8, &(0x7f0000000380), 0x1004)
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f00000001c0)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r7, {0x10, 0xffe0}, {}, {0xd, 0xfff3}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_CT_ZONE={0x6, 0x5d, 0xfb25}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x220400b9}, 0x40040)
mount(&(0x7f00000002c0)=@nullb, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)

2.421325248s ago: executing program 3 (id=683):
syz_open_dev$usbfs(&(0x7f0000000080), 0x76, 0x40281)
openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000005000/0x18000)=nil, &(0x7f0000000380)=[@text32={0x20, &(0x7f0000000140)="b8050000000f01c10f46a78900000066ba2100b067ee66ba2000b000ee6d2f2f800000c0d23266bac0000f3066b808008ed0660f38806f008ee0", 0x3a}], 0x1, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0x12, 0x81, 0x8, 0x2, 0x0, 0x1}, 0x48)
socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f0000000040)={0x1})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x20000000, 0x0, 0x2, 0x0, 0x0, 0x2004cb, 0x3, 0x0, 0x0, 0x0, 0xfffffffffffff2a4, 0x2000000000003ff, 0x2], 0x0, 0x200306})
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000))
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2.103258229s ago: executing program 2 (id=684):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./bus\x00', 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000018bbdecde39739fcd1df176dde746ec834120600000000003b814e50a959736d6572462abc30ef5b65c70f73ecea54b5e5bea9836c319f653557e79a002208ce996dda659bd5ba0f4ce5c2080002223dc60000000000000044cd0a1e3686873600000000005493b4b81d5b9fa9b40fe4d76afc3a989c6d60044e89eb96e44d01a1034e3797ffa86870b82939f41ffa0f3d726f085663c29cbdc4c766a7eb77cc36160191acf5ae7469c82ab4145b595b987d75912a0fcd1c061835294cc0c618aba204f8adaa20c80108d356cd88cc86177056b06e7068c40f807d9e539f8f5b64a8ee0725aa8d00000000007cb6020d90ea79b8027cf75964dd86c2ed2b5e75779677aa8c76b848dd03dab190b5f02ec52830a17b01eaae1c3df076000000000000000000000000000083a48a6b926c668b9b90195018ea3619f9d80a0b894e212178e1a19909d764666264fa29e2c055fd7f8e67c2acfb75f0a8d41692f4542a575ee42ed94a0014fba44985cca9df12fe93bfaccf0122a6e7e593613ac0111701b125cc6799c43aa4ff708dc4a00a6decad26f0378072a571da000000b1a6bdf03fd56697e348b5b494f6fddb9f56142a47a40ef81690a7eca421bd0ad198afa58ce69d61c29deaa93c0efea0df04f20020ee84075b4e1a2ad43d1be1138de4668e7b6137545708790c501f1ed7f6a571d500000000000000"], 0x25, 0x5586, &(0x7f00000079c0)="$eJzs3EtvG2UXAOAzTtP71y9CLNh1pAopkWqrTi+CFQVacRGtKi4LVuDYruXW9kSx44SsumCJWPBPEEisWPIbWMASdogFiB0SyDMTaNoGSuM4avs80vjMHL8+874jK9KZiRzAU2sh/e2XJE7FsYiYi4iTSeT7SblF3Im4XIx9LiJOR0Tlri0p838lDkfE8Yg4NSle1EzKtz47Oz5z8ec3f/362yOHTnz+1XcHunDgQD0fEf3VYn+jX8SsU8RbZb4x7uaxf2FcxtUdNfpZkd9or+QVNhrb4xp5PN8pxmer68NJvNlrNCex072Z51cHxQmH4852nckH0luNtfy41V7JY3eY5bGzVZx3c6v427Y1HBV1WmW9j/LyMRptxyLf3mwX61m9ncfmYFTmi7pZq705ieMylqeLZtZr5fNYecSL/Bh4qztY30zH7bVhNxukF2v1F2r1S9X6WtZqj9oXqo1+69KFdLHTmwyrjtqN/uVOlnV67Voz6y+li51ms1qvp4tX2ivdxiCt12vna+eqF5fKvbPpa9ffS3utdHESX+kO1kfd3jC9ma2lxSeW0uXa+ReX0jP19J1rN9Ibb1+9eu3Gux9cef/6y9feeLUcdN+00sXlc8vL1fq56nJ96Sla/8flpP/D+pMHp3/4fm+XDQq7fMEA2N19/X/c2/+H/h+Yur30//3b5fH+9P/xMP1/TLP/n7RU+v9/738rB9D/zof+fx/XD3vyaP3/4anPAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAmftx/ovX852F4vhEmf9fmXqmPE4iohIRfzzAXBzeUXOurDO/y/j5e+bwTRJ5hck5jpTb8Yi4XG6//3+/rwIAAAA8ub68c/rTolsvXhYOekLMUnHTpnLywynVSyJifuGnKVWrTF6enVKx/Pt9KDanVC2/gXV0SsWKW26HplXtocztCEfvCkkRKjOdDgAAMBM7O4HZdiEAAADM0if/+O5LM5sHM5bE9qPM7WfB+X/e//1A8NiO9wAAAIDHUHLQEwAAAAD2Xd7/+/0/AAAAeLIVv/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAf7JzP7lpA1EcgJ8Nhv5VUdV9r9IdHKNH6LLLwgF6CY5Ar9ALcAYiZZEjRBBhT5CcgBSJMU7Q90m2M+Po5xlg88bSAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXbqpVrN/f77/PTdnuztPntkAAAAAx2yq1az+Y9K0P6b+z6nra2oXEVFGxLHafRCjVuYg5VQn/r96Mob/EXXCvn+cjg8R8SMd91+6/hQAAADgeq0Xy2lTrTentARw2++ouJBm0ab89DNTXhER1eQuU1q5P33LFFb/vofxO1NavYD1LlNYs+Q2PH5vlOshbYPW5XEm8/pLrFtlN88FAAD61K4ETlQhAAAAXIFffQ+AS3he2heH0+E947i5pBeC71stAAAA4A0q+h4AAAAA0Lm6/n9N+/8V9v8DAACA7Jr9/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjSplrN1ovl9NT9+Qtztrvz5JsRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLA/7ygQAmEQBnvXdyZz/8NKg4bGJlUgfPyNwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxf68pEAIBEEUzBn/O+n7H1YS9AwiREDDo4paNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxb799EZRhgEAf3anu1DUWKtpYtVgwkEvUhYEuRqjaTz4EUyassXqIgo9CGnEXryZnrkYPRpjoqm3fgfONOGCNw491MSTh5r5V2bbFRqUmUJ/v+Td99nZ4f23E9Jn3lkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABKm+/Gq+0iTtKXiTwuj93eWp5P641ddWp99c50WtK4VfO4nwCvVd8cn2puIAAAABweSZnfR8TdztpsWrcnsvy/U56T5vw/PJfHZT6/O+/f2Fo+Wnw0Xeb/v/9276WdjiaSrJ+00YXFQf/U3qGMPaYpHnjPP/SMsWzls3svSfaFtD9ceXGzk61n67tbt97vZuGROkYLADyKk2VdBOXfQ2nda3JgABwaY5XEu8z/k4lmxwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQh82VeKaMWxExPXY/Tm1sLc+Pqr9ZvTO9XpRzN2+uVttMm+hExMLioH+qxrkcXOVqXv9sbjDoX7l6re7geESM+OjG/v55Ugz/X8/pRsTQkRMvj2jn4330taudPUFxeUa9aziezu+hJ7eGjrT2LPh727kmLoC6gnbx/TyOLsZr/96Hg/La+/9brvm/IwAAnnqdoqSZ6N3O2mx6rDUZsf3jcP7/RiWOobx/+0Z+JH+/Xsn/731y7na1r2r+36tpfk+CmaVLX8xcvXb9rcVLcxf7F/ufv326907vzPmzZ8/PZPdKZhai7Y4JAAAA/0G3KNX8vz25d///WCWOB+z/51vCef7/5fe9r6t9JfL/ke5v+jU9EgAAgMOouxO98Ppff7ZGnNHqduOruaWlK738def96fy11uE+oiNFqeb/yWTTowIAAADqsLnSGtr/v1CJ4wH7/9Xn/5/96ZVfqm0mETEecTki+ifnLw8u1DedA62OHypnHXWbnikAAABNGS9Kdf+/kz3/39555KEdEW+eiPi7+A1/7DP/Tz749udqX9Xn/8/UOsuDpz2Vr0dWT0WMTTU9IgAAAJ5mR4uSJvt/dNZmP/312Eddz/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1O2fAAAA//+FVSwP")
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='sched_switch\x00', r0}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f00000003c0)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r4 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
ftruncate(r4, 0x2007ffc)
r5 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x40942, 0x0)
copy_file_range(r4, 0x0, r5, 0x0, 0xfffffbffa003e45b, 0x700000000000000)

1.999690822s ago: executing program 4 (id=685):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r1 = syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0)
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d031, 0xffffffffffffffff, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)=ANY=[@ANYBLOB="30000000190001000000000000000000021800000000ff000000000008000100ac141400"], 0x30}}, 0x0)
bpf$BPF_GET_MAP_INFO(0xf, &(0x7f00000000c0)={0xffffffffffffffff, 0x58, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, <r4=>0x0}}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="6c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="0028000002010a004c0012800900010069706970000000003c00028005000400eb000000060011004e24000008001400ffffffff080002000a01010108000100", @ANYRES32=0x0, @ANYBLOB="05000a0001000000080001", @ANYRES32=r4, @ANYBLOB="48288fb4bdb539ce04ffd732bd98ddd62ea1c24a467ea9a5baaa64f314eb750451faa1259a7eeb717b6e8b2d248fa5c8064c1d1314ec1d63711ae176c645d73e35b9313f8d64c8f6245d16cd4aeb95c8318a14743b521286ccfdf101f4f24e8aff09ae180b56526661a63557a85c8d97"], 0x6c}}, 0x0)
readv(r1, &(0x7f0000000240)=[{&(0x7f0000000040)=""/71, 0x47}], 0x1)
openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000082505a3a440000102030109023b000101000000090400000302060000052406000005240000000d240f0100000000000000000009058202400000000009050302"], 0x0)
r5 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0)
r6 = socket(0x40000000015, 0x5, 0x0)
r7 = syz_open_dev$usbfs(&(0x7f0000000200), 0xec, 0x412000)
ioctl$USBDEVFS_SUBMITURB(r7, 0x8038550a, &(0x7f00000005c0)=@urb_type_control={0x2, {0xa}, 0xd9, 0x2, &(0x7f0000000500)={0x3, 0x17, 0x3, 0x2, 0x4}, 0x8, 0x3, 0x43, 0x0, 0x4dc, 0x6, &(0x7f0000000540)="4a9427d4704ee76029661ff4947a961c8cfa1172f5ce36b4ce0d6c5e6758f44ffe3fb20b43abdcf4060472594d132df6c4ed5f2a75ddc48535e298d24ea229549cf139705d9ecafbec2ca196e343f7db11836fd026933f08b893b92b84a9b5c73e"})
connect$inet(r6, &(0x7f0000000040)={0x2, 0x1, @loopback}, 0xb)
r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x275a, 0x0)
write$binfmt_misc(r8, &(0x7f0000000040), 0xe09)
r9 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x109301)
ioctl$USBDEVFS_DROP_PRIVILEGES(r9, 0x4004551e, &(0x7f0000000000))
r10 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r10, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001ac0)=@newlink={0x40, 0x10, 0x609, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vlan={{0x9}, {0x4}}}, @IFLA_ADDRESS={0x7, 0x1, @link_local}]}, 0x40}}, 0x0)
ioctl$LOOP_CONFIGURE(r5, 0x4c0a, &(0x7f00000002c0)={r8, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x5, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd0007008019000200000000000000022122af0e4ccfb7b3cada00", [0x0, 0x2000000000001]}})
close_range(r0, 0xffffffffffffffff, 0x0)

1.702647174s ago: executing program 3 (id=686):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800714, &(0x7f0000000500), 0xff, 0x485, &(0x7f0000001500)="$eJzs3M9rHFUcAPDvTJL+bhNrrba2Gq1i8UfSpFV78KCi4EFB0EM9xiSttdtGmgi2BI0i9SgF7+JR8C/w5kXUgwheFTxKoWgQmnqKzK9mu9mkSZpkbfbzgc2+t/Nm3/vOzNt9My+zAbSt3uxPErEjIn6LiO4ie3OB3uJpZnpy+Pr05HASs7Nv/JXk5a5NTw5XRav1tpeZw2lE+mkSzyfz6x2/cPHMUK02er7M90+cfa9//MLFp06fHTo1emr03ODx48eODjz7zODTqxJnFte1/R+OHdj3yluXXxs+cfntH7/JmrX3YLG8Po5but4koCZ6s63292yucdmjy2j7nWBnXTrpbGFDWJaOiMh2V1fe/7ujI+Z2Xne8/ElLGwesqey7afPCi6dmgQ0siVa3AGiN6os+O/+tHus09PhfuPpCxKYyPTM9OTxzI/7OSMvXu9aw/t6IODH175fZI5Z7HQIAYAXysc2TzcZ/aezNn4u5jl3lHEpPRNwVEbsj4u6I2BMR90TkZe+NiPuKlWe7l1h/b0N+/vgnvdK0zaskG/89Vzf2m6mLv3zq6ShzO/P4u5KTp2ujR8ptcji6Nmf5gUXq+O6lXz9faFn9+C97ZPVXY8GyAVc6Gy7QjQxNDK3WRrj6ccT+zmbxJzdmArIjYF9E7F/eW++qEqcf//rAQoVuHf8iVmGeafariMeK/T8VDfFXksXnJ/u3RG30SH91VMz30y+XXl+o/tuKfxVk+3/bzcd/Q4nuf5JivrYrarXR8+PLr+PS758teE6z0uN/U/JmPmf98zvFax8MTUycH4jYlLya56tzuvz1wbl1q3xVPov/8KHm/X93uU4W//0RkR3EByPigYh4sGz7QxHxcEQcWiT+H1585N1F4k8iiZbu/5Gmn383jv+epH6+fgWJjjPff7vQjPnS9v+xmMo/awv5598tLLWBt7n5AAAA4I6QRsSOSNK+It27I9K0r6/4H/49sS2tjY1PPHFy7P1zI8U9Aj3RlVZXurrrrocOJFPlOxb5wfJacbX8aHnd+IuOrXm+b3isNtLi2KHdbb+5/0fV/zN/drS6dcCac78WtK/G/p+2qB3A+lvK979zAdiYmvT/ra1oB7D+nP9D+2rW/z9qyBv/w8Y0v///0eQn64CNyPgf2pf+D+1L/4e2dDv39a88Ud0ssPL32bLkO/zbJVH94sVa1rU15l6JtOUht1Ei6zHrW+ncb6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcyf4LAAD///ss5ts=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x100)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x2d)
r3 = socket$inet_smc(0x2b, 0x1, 0x0)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000640)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000600)={&(0x7f0000000580)={0x44, 0xd, 0x6, 0x301, 0x0, 0x0, {0x3}, [@IPSET_ATTR_TYPENAME={0x16, 0x3, 'hash:net,port,net\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}]}, 0x44}, 0x1, 0x0, 0x0, 0x20004800}, 0x20000001)
setsockopt$inet_tcp_int(r3, 0x6, 0x1e, 0x0, 0x0)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0)
syz_usb_connect$printer(0x2, 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000040)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}]})

1.501224861s ago: executing program 1 (id=687):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, 0xffffffffffffffff, 0x2000)
r2 = io_uring_setup(0x191a, 0x0)
io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, 0x0, 0x0)
r3 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$IPT_SO_SET_REPLACE(r3, 0x0, 0x40, &(0x7f0000000f40)=@mangle={'mangle\x00', 0x44, 0x6, 0x4e0, 0x130, 0x0, 0x200, 0x398, 0x98, 0x448, 0x448, 0x448, 0x448, 0x448, 0x6, 0x0, {[{{@ip={@local, @broadcast, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00', {0xff}, {}, 0x0, 0x0, 0x18}, 0x0, 0x70, 0x98, 0x0, {0x0, 0x2000000}}, @inet=@DSCP={0x28}}, {{@ip={@multicast2, @local, 0x0, 0x0, 'batadv_slave_1\x00', 'veth1_virt_wifi\x00', {}, {}, 0x11}, 0x0, 0x70, 0x98}, @unspec=@CHECKSUM={0x28}}, {{@ip={@broadcast, @private=0xa010101, 0x0, 0x0, 'dvmrp0\x00', 'nr0\x00'}, 0x0, 0xa8, 0xd0, 0x0, {}, [@common=@unspec=@time={{0x38}, {0xffffffff, 0x8000, 0x8d84, 0xcafc, 0xffffff8e, 0x70, 0x1}}]}, @unspec=@CHECKSUM={0x28}}, {{@ip={@loopback, @local, 0x0, 0x0, 'geneve0\x00', 'veth1_to_team\x00', {}, {}, 0x0, 0x0, 0x3}, 0x0, 0x70, 0x198}, @common=@unspec=@SECMARK={0x128, 'SECMARK\x00', 0x0, {0x1, 0x0, 'system_u:object_r:dbusd_etc_t:s0\x00'}}}, {{@uncond, 0x0, 0x70, 0xb0}, @inet=@TPROXY1={0x40, 'TPROXY\x00', 0x1, {0x3, 0x8, @ipv4=@multicast1, 0x5e20}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x540)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil)
msgrcv(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x1000)
msgsnd(0x0, 0x0, 0xf1, 0x800)
sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, 0x0, 0x4000000)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r4, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a01080000000000000000020000000900020073797a2a0000000008000440000000000900010073797a3000000000080003400000000a1400000011"], 0x64}}, 0x0)
sendmsg$NFT_BATCH(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[], 0x74}}, 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)

0s ago: executing program 2 (id=688):
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x1ff003, 0x4, 0x7f, 0x1}, 0x50)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="02000000040000000600000005"], 0x48)
syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff)
socket$inet(0x2, 0x2, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x0, 0x13580}, 0x0, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x0)
syz_usb_connect$hid(0x2, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1a34, 0xf705, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x4, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
syz_open_dev$vim2m(0x0, 0xa, 0x2)
r1 = socket$nl_route(0x10, 0x3, 0x0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="5c00000010000104000000000000000000002000", @ANYRES32=0x0, @ANYBLOB="03000000000000002c0012800c0001006d6163766c616e001c000280080001000800000006ef0200010000001ffe02000000000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n'], 0x5c}, 0x1, 0x0, 0x0, 0x4}, 0xc010)

kernel console output (not intermixed with test programs):

000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  243.390734][ T7310] netlink: 8 bytes leftover after parsing attributes in process `syz.0.329'.
[  243.427165][ T7308] netlink: 28 bytes leftover after parsing attributes in process `syz.0.329'.
[  244.208161][ T7292] usbtmc 5-1:16.0: usb_control_msg returned -32
[  245.506834][ T7331] netlink: 4 bytes leftover after parsing attributes in process `syz.3.333'.
[  245.575439][ T7322] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  245.605461][ T7322] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  245.628796][ T7322] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  245.646198][ T7322] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  245.672294][ T7322] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  246.351048][   T10] usb 5-1: USB disconnect, device number 7
[  246.391646][ T5840] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  246.860216][   T30] audit: type=1326 audit(1751361988.265:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7347 comm="syz.1.337" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f71cc78e929 code=0x0
[  247.141509][ T5893] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  247.385823][ T5893] usb 1-1: Using ep0 maxpacket: 8
[  247.398609][ T5893] usb 1-1: config 1 has an invalid descriptor of length 207, skipping remainder of the config
[  247.411322][ T5893] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 51264, setting to 1024
[  247.502684][ T5893] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024
[  247.535884][ T5929] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  247.545174][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout
[  247.615878][ T5831] Bluetooth: hci1: command 0x0c1a tx timeout
[  247.637373][ T5893] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  247.725803][ T5836] Bluetooth: hci3: command 0x0c1a tx timeout
[  247.726131][ T5847] Bluetooth: hci2: command 0x0c1a tx timeout
[  247.738300][ T5929] usb 5-1: Using ep0 maxpacket: 8
[  247.743442][ T5831] Bluetooth: hci4: command 0x0405 tx timeout
[  247.837275][ T5929] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  247.856016][ T5929] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 54240, setting to 1024
[  248.057808][ T7361] loop3: detected capacity change from 0 to 40427
[  248.067173][ T5929] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024
[  248.096806][ T5929] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  248.111407][ T7361] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  248.120475][ T7361] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  248.143956][ T5893] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  248.151739][ T7361] F2FS-fs (loop3): invalid crc value
[  248.160274][ T5893] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  248.170063][ T5893] usb 1-1: Product: syz
[  248.174309][ T5893] usb 1-1: Manufacturer: syz
[  248.179238][ T5893] usb 1-1: SerialNumber: syz
[  248.243606][ T7351] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  248.268521][ T5893] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22
[  248.311038][ T5929] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  248.330122][ T5929] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  248.360105][ T7361] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  248.362581][ T5893] usbtest 1-1:1.0: couldn't get endpoints, -22
[  248.367450][ T7361] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  248.390394][ T5929] usb 5-1: Product: syz
[  248.394693][ T5929] usb 5-1: Manufacturer: syz
[  248.399765][ T5929] usb 5-1: SerialNumber: syz
[  249.562009][   T30] audit: type=1800 audit(1751361990.065:19): pid=7372 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.340" name="file1" dev="loop3" ino=10 res=0 errno=0
[  249.601197][ T7358] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  249.787471][ T7358] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  249.893039][ T5893] usbtest 1-1:1.0: probe with driver usbtest failed with error -22
[  249.915279][   T30] audit: type=1326 audit(1751361991.005:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7368 comm="syz.1.341" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f71cc78e929 code=0x0
[  250.105926][    T9] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  250.225141][ T5929] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -71
[  250.253525][ T5929] usbtest 5-1:1.0: Linux user mode ISO test driver
[  250.262424][    T9] usb 2-1: Using ep0 maxpacket: 16
[  250.305889][    T9] usb 2-1: New USB device found, idVendor=1004, idProduct=61aa, bcdDevice=4f.75
[  250.332649][ T5929] usbtest 5-1:1.0: high-speed {control bulk-in bulk-out} tests (+alt)
[  250.358865][    T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  250.403087][ T5929] usb 5-1: USB disconnect, device number 8
[  250.414795][    T9] usb 2-1: Product: syz
[  250.443910][    T9] usb 2-1: Manufacturer: syz
[  250.487094][    T9] usb 2-1: SerialNumber: syz
[  250.532332][    T9] usb 2-1: config 0 descriptor??
[  250.545755][    T9] usb 2-1: bad CDC descriptors
[  250.775260][ T5893] usb 1-1: USB disconnect, device number 6
[  251.261487][ T5839] syz-executor: attempt to access beyond end of device
[  251.261487][ T5839] loop3: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  251.301230][ T5839] CPU: 0 UID: 0 PID: 5839 Comm: syz-executor Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  251.301257][ T5839] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  251.301273][ T5839] Call Trace:
[  251.301280][ T5839]  <TASK>
[  251.301288][ T5839]  dump_stack_lvl+0x189/0x250
[  251.301328][ T5839]  ? __pfx_dump_stack_lvl+0x10/0x10
[  251.301348][ T5839]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  251.301370][ T5839]  ? __pfx_queue_work_on+0x10/0x10
[  251.301392][ T5839]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  251.301413][ T5839]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  251.301437][ T5839]  ? f2fs_hw_is_readonly+0x39b/0x470
[  251.301462][ T5839]  f2fs_handle_critical_error+0x37c/0x540
[  251.301487][ T5839]  f2fs_write_end_io+0x495/0x810
[  251.301506][ T5839]  ? blkg_put+0x22/0x240
[  251.301536][ T5839]  __submit_merged_bio+0x27a/0x6a0
[  251.301552][ T5839]  ? up_write+0x1c4/0x420
[  251.301580][ T5839]  __submit_merged_write_cond+0x44c/0x530
[  251.301607][ T5839]  f2fs_sync_node_pages+0x1869/0x1a00
[  251.301649][ T5839]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  251.301694][ T5839]  ? f2fs_write_checkpoint+0xe43/0x1df0
[  251.301735][ T5839]  ? up_write+0x1c4/0x420
[  251.301754][ T5839]  ? do_raw_spin_unlock+0x122/0x240
[  251.301775][ T5839]  f2fs_write_checkpoint+0xe6f/0x1df0
[  251.301821][ T5839]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  251.301888][ T5839]  ? try_to_wake_up+0x7e5/0x1290
[  251.301912][ T5839]  ? kill_f2fs_super+0x298/0x6c0
[  251.301941][ T5839]  kill_f2fs_super+0x2c3/0x6c0
[  251.301970][ T5839]  ? __pfx_kill_f2fs_super+0x10/0x10
[  251.301991][ T5839]  ? radix_tree_delete_item+0x2b6/0x400
[  251.302022][ T5839]  ? shrinker_free+0x2ce/0x3e0
[  251.302051][ T5839]  deactivate_locked_super+0xbc/0x130
[  251.302075][ T5839]  cleanup_mnt+0x425/0x4c0
[  251.302093][ T5839]  ? lockdep_hardirqs_on+0x9c/0x150
[  251.302119][ T5839]  task_work_run+0x1d1/0x260
[  251.302141][ T5839]  ? __pfx_task_work_run+0x10/0x10
[  251.302156][ T5839]  ? __x64_sys_umount+0x122/0x160
[  251.302185][ T5839]  ? exit_to_user_mode_loop+0x40/0x110
[  251.302215][ T5839]  exit_to_user_mode_loop+0xec/0x110
[  251.302235][ T5839]  do_syscall_64+0x2bd/0x3b0
[  251.302250][ T5839]  ? lockdep_hardirqs_on+0x9c/0x150
[  251.302273][ T5839]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  251.302290][ T5839]  ? clear_bhb_loop+0x60/0xb0
[  251.302311][ T5839]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  251.302327][ T5839] RIP: 0033:0x7f1f84b8fc57
[  251.302349][ T5839] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  251.302362][ T5839] RSP: 002b:00007fffe063ee28 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  251.302387][ T5839] RAX: 0000000000000000 RBX: 00007f1f84c10925 RCX: 00007f1f84b8fc57
[  251.302400][ T5839] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffe063eee0
[  251.302410][ T5839] RBP: 00007fffe063eee0 R08: 0000000000000000 R09: 0000000000000000
[  251.302420][ T5839] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffe063ff70
[  251.302431][ T5839] R13: 00007f1f84c10925 R14: 000000000003cfe0 R15: 00007fffe063ffb0
[  251.302462][ T5839]  </TASK>
[  251.302540][ T5839] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  251.423722][ T7387] netlink: 4 bytes leftover after parsing attributes in process `syz.0.345'.
[  251.885221][ T5907] usb 2-1: USB disconnect, device number 4
[  252.116531][ T5929] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  252.908540][ T5929] usb 5-1: Using ep0 maxpacket: 32
[  253.064696][ T5929] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  253.122296][ T5929] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  253.172731][ T5929] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  253.214829][ T5929] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  253.316890][ T5929] usb 5-1: config 0 descriptor??
[  253.343119][ T5929] hub 5-1:0.0: USB hub found
[  253.570164][ T5929] hub 5-1:0.0: 1 port detected
[  253.900091][ T7407] loop0: detected capacity change from 0 to 40427
[  253.916534][ T5893] usb 2-1: new full-speed USB device number 5 using dummy_hcd
[  253.945457][ T7407] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  253.954394][ T7407] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  253.969428][ T7407] F2FS-fs (loop0): invalid crc value
[  254.057356][    T9] usb 3-1: new full-speed USB device number 6 using dummy_hcd
[  254.079943][ T7407] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  254.087438][ T7407] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  254.278180][ T5929] usb 5-1: USB disconnect, device number 9
[  254.462930][    T9] usb 3-1: config 0 has an invalid interface number: 207 but max is 0
[  254.496266][   T30] audit: type=1800 audit(1751361995.835:21): pid=7414 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.352" name="file1" dev="loop0" ino=10 res=0 errno=0
[  254.925520][ T5893] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  254.938728][ T5893] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0
[  254.955630][ T5893] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40
[  254.994738][ T5893] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  255.021492][ T5893] usb 2-1: SerialNumber: syz
[  255.026629][    T9] usb 3-1: config 0 has no interface number 0
[  255.065856][    T9] usb 3-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  255.083530][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  255.092543][    T9] usb 3-1: Product: syz
[  255.094264][ T5893] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22
[  255.112737][    T9] usb 3-1: Manufacturer: syz
[  255.133731][    T9] usb 3-1: SerialNumber: syz
[  255.190422][    T9] usb 3-1: config 0 descriptor??
[  255.210908][ T5893] usb-storage 2-1:1.0: USB Mass Storage device detected
[  255.215432][    T9] qmi_wwan 3-1:0.207: probe with driver qmi_wwan failed with error -22
[  255.262206][ T5893] usb-storage 2-1:1.0: Quirks match for vid 0525 pid a4a5: 10000
[  255.305903][ T5893] scsi host1: usb-storage 2-1:1.0
[  255.562057][    T9] usb 3-1: USB disconnect, device number 6
[  255.699783][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  255.712204][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  257.186023][    T9] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  257.356079][    T9] usb 3-1: Using ep0 maxpacket: 8
[  257.382156][    T9] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  257.393567][    T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 57300, setting to 1024
[  257.409986][    T9] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024
[  257.601216][    T9] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  258.129440][    T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  258.162357][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  258.194288][    T9] usb 3-1: Product: syz
[  258.239049][    T9] usb 3-1: Manufacturer: syz
[  258.384930][ T5886] usb 2-1: USB disconnect, device number 5
[  258.418239][    T9] usb 3-1: SerialNumber: syz
[  258.493553][ T7442] loop1: detected capacity change from 0 to 512
[  258.685959][ T7442] EXT4-fs error (device loop1): ext4_orphan_get:1393: inode #15: comm syz.1.358: casefold flag without casefold feature
[  258.803222][ T7438] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  258.811091][ T7438] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22
[  258.866286][ T7442] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.358: couldn't read orphan inode 15 (err -117)
[  259.402075][ T7442] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  259.451194][ T7438] netlink: 4 bytes leftover after parsing attributes in process `syz.2.356'.
[  259.468075][ T7438] loop2: detected capacity change from 0 to 7
[  259.496949][    T9] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -71
[  259.553980][    T9] usbtest 3-1:1.0: Linux user mode ISO test driver
[  259.606531][    T9] usbtest 3-1:1.0: high-speed {control bulk-in bulk-out} tests (+alt)
[  260.425257][    T9] usb 3-1: USB disconnect, device number 7
[  260.828236][ T7452] loop4: detected capacity change from 0 to 512
[  260.870733][ T7452] EXT4-fs error (device loop4): ext4_orphan_get:1393: inode #15: comm syz.4.359: casefold flag without casefold feature
[  260.987039][ T7452] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.359: couldn't read orphan inode 15 (err -117)
[  261.107755][ T7452] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  262.584946][ T5840] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  262.715149][ T7464] kvm: pic: non byte write
[  263.673298][   T10] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  264.390876][ T5832] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  264.435940][   T10] usb 2-1: Using ep0 maxpacket: 8
[  264.455402][   T10] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  264.496420][   T10] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 54240, setting to 1024
[  265.302252][   T10] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024
[  265.312265][   T10] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  265.337487][   T10] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  265.469626][ T5847] Bluetooth: hci4: command 0x0405 tx timeout
[  265.520317][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  265.680109][   T10] usb 2-1: Product: syz
[  265.684286][   T10] usb 2-1: Manufacturer: syz
[  265.697426][ T7484] loop4: detected capacity change from 0 to 512
[  265.717755][   T10] usb 2-1: SerialNumber: syz
[  265.733961][ T7471] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  265.751844][ T7471] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  265.995570][ T7484] EXT4-fs error (device loop4): ext4_orphan_get:1393: inode #15: comm syz.4.367: casefold flag without casefold feature
[  266.028417][ T7484] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.367: couldn't read orphan inode 15 (err -117)
[  266.383253][ T7484] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  266.621470][ T5830] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  266.820566][ T7498] loop3: detected capacity change from 0 to 512
[  267.611074][ T7498] EXT4-fs error (device loop3): ext4_orphan_get:1393: inode #15: comm syz.3.369: casefold flag without casefold feature
[  267.635466][ T7498] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.369: couldn't read orphan inode 15 (err -117)
[  267.706126][ T5830] usb 3-1: Using ep0 maxpacket: 8
[  267.750769][ T7498] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  267.765977][ T5830] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  267.890611][ T5830] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 61507, setting to 1024
[  268.923442][ T5830] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024
[  268.934710][ T5830] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  269.213485][   T10] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -71
[  269.256721][   T10] usbtest 2-1:1.0: Linux user mode ISO test driver
[  269.281396][   T10] usbtest 2-1:1.0: high-speed {control bulk-in bulk-out} tests (+alt)
[  269.326930][   T10] usb 2-1: USB disconnect, device number 6
[  269.369129][ T5832] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  269.413507][ T5839] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  270.191410][ T5830] usb 3-1: string descriptor 0 read error: -71
[  270.207795][ T5830] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  270.396673][ T5886] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  270.425400][ T5830] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  270.475829][ T5830] usb 3-1: can't set config #1, error -71
[  270.508831][ T5830] usb 3-1: USB disconnect, device number 8
[  270.576357][ T5886] usb 4-1: Using ep0 maxpacket: 8
[  270.604767][ T5886] usb 4-1: config 1 has an invalid descriptor of length 23, skipping remainder of the config
[  270.744778][ T5886] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 576
[  271.029423][ T5886] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  271.836007][ T5886] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  271.932746][ T5886] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  271.995396][ T5886] usb 4-1: Product: syz
[  272.022820][ T5886] usb 4-1: Manufacturer: syz
[  272.160961][ T5886] usb 4-1: SerialNumber: syz
[  272.199632][ T7516] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  272.219737][ T5886] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22
[  272.339842][ T5886] usbtest 4-1:1.0: couldn't get endpoints, -22
[  272.349688][ T5886] usbtest 4-1:1.0: probe with driver usbtest failed with error -22
[  272.392906][    T9] usb 1-1: new high-speed USB device number 7 using dummy_hcd
[  273.185776][    T9] usb 1-1: Using ep0 maxpacket: 8
[  273.349986][    T9] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  273.416308][    T9] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 61507, setting to 1024
[  273.470002][    T9] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024
[  273.490583][    T9] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  273.634304][    T9] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  273.643794][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  273.653379][    T9] usb 1-1: Product: syz
[  273.697067][    T9] usb 1-1: Manufacturer: syz
[  273.710005][    T9] usb 1-1: SerialNumber: syz
[  273.840784][ T7532] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  273.848469][ T7532] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  273.889931][ T5886] usb 4-1: USB disconnect, device number 5
[  274.679954][ T7535] netlink: 4 bytes leftover after parsing attributes in process `syz.0.376'.
[  274.729789][    T9] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -71
[  274.756226][    T9] usbtest 1-1:1.0: Linux user mode ISO test driver
[  274.764499][    T9] usbtest 1-1:1.0: high-speed {control bulk-in bulk-out} tests (+alt)
[  274.900850][    T9] usb 1-1: USB disconnect, device number 7
[  276.496225][ T6001] usb 1-1: new high-speed USB device number 8 using dummy_hcd
[  276.680700][ T6001] usb 1-1: Using ep0 maxpacket: 8
[  277.021015][ T6001] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  277.032624][ T6001] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 44809, setting to 1024
[  277.612648][ T7586] loop1: detected capacity change from 0 to 131072
[  277.673348][ T7584] kvm: pic: non byte write
[  277.724742][ T7586] XFS (loop1): Mounting V5 Filesystem b93a8937-ccd4-41a2-86c7-66a1570a2846
[  277.759547][ T6001] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024
[  277.792402][ T6001] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  277.827997][ T7586] XFS (loop1): Starting recovery (logdev: internal)
[  277.898889][ T7586] XFS (loop1): Ending recovery (logdev: internal)
[  277.976314][ T6001] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  277.992792][ T6001] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  278.077398][ T5840] XFS (loop1): Unmounting Filesystem b93a8937-ccd4-41a2-86c7-66a1570a2846
[  278.085805][ T6001] usb 1-1: Product: syz
[  278.092970][ T6001] usb 1-1: Manufacturer: syz
[  278.176601][ T6001] usb 1-1: SerialNumber: syz
[  278.235970][ T7576] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  278.267850][ T7576] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  278.557787][ T7576] netlink: 4 bytes leftover after parsing attributes in process `syz.0.388'.
[  278.581692][ T7576] loop2: detected capacity change from 0 to 7
[  278.813046][ T6001] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -71
[  278.940784][ T6001] usbtest 1-1:1.0: Linux user mode ISO test driver
[  279.026671][ T6001] usbtest 1-1:1.0: high-speed {control bulk-in bulk-out} tests (+alt)
[  279.165927][ T6001] usb 1-1: USB disconnect, device number 8
[  279.383542][ T7604] loop4: detected capacity change from 0 to 512
[  279.517460][ T7604] EXT4-fs error (device loop4): ext4_orphan_get:1393: inode #15: comm syz.4.394: casefold flag without casefold feature
[  279.648779][ T7604] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.394: couldn't read orphan inode 15 (err -117)
[  279.773689][ T7604] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  280.149928][ T7612] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  282.011635][ T7628] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  282.679891][ T5832] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  283.199361][ T7641] netlink: 'syz.0.404': attribute type 1 has an invalid length.
[  285.671581][ T7654] loop0: detected capacity change from 0 to 131072
[  285.754250][ T7654] XFS (loop0): Mounting V5 Filesystem b93a8937-ccd4-41a2-86c7-66a1570a2846
[  285.840024][ T7654] XFS (loop0): Starting recovery (logdev: internal)
[  285.891156][ T7654] XFS (loop0): Ending recovery (logdev: internal)
[  286.021005][ T5833] XFS (loop0): Unmounting Filesystem b93a8937-ccd4-41a2-86c7-66a1570a2846
[  286.665481][ T7686] hugetlbfs: syz.1.412 (7686): Using mlock ulimits for SHM_HUGETLB is obsolete
[  287.246380][ T7692] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  288.396789][ T7699] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  289.083824][ T7705] hfs: can't find a HFS filesystem on dev nullb0
[  290.047036][ T7712] Illegal XDP return value 2243037100 on prog  (id 114) dev syz_tun, expect packet loss!
[  290.060796][ T7720] netlink: 4 bytes leftover after parsing attributes in process `syz.2.423'.
[  294.934025][ T7766] loop2: detected capacity change from 0 to 7
[  295.061337][ T7767] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  295.119029][ T7766] Dev loop2: unable to read RDB block 7
[  295.124885][ T7766]  loop2: AHDI p1 p2 p3
[  295.130185][ T7766] loop2: partition table partially beyond EOD, truncated
[  295.139033][ T7766] loop2: p1 start 1601398130 is beyond EOD, truncated
[  295.145967][ T7766] loop2: p2 start 1702059890 is beyond EOD, truncated
[  295.520193][ T5201] Dev loop2: unable to read RDB block 7
[  295.538596][ T5201]  loop2: AHDI p1 p2 p3
[  295.542853][ T5201] loop2: partition table partially beyond EOD, truncated
[  295.550880][ T5201] loop2: p1 start 1601398130 is beyond EOD, truncated
[  295.557795][ T5201] loop2: p2 start 1702059890 is beyond EOD, truncated
[  296.827281][ T7774] loop2: detected capacity change from 0 to 7
[  296.882382][ T7775] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  296.937278][ T7774] Dev loop2: unable to read RDB block 7
[  296.942864][ T7774]  loop2: AHDI p1 p2 p3
[  296.947479][ T7774] loop2: partition table partially beyond EOD, truncated
[  296.954666][ T7774] loop2: p1 start 1601398130 is beyond EOD, truncated
[  296.962580][ T7774] loop2: p2 start 1702059890 is beyond EOD, truncated
[  297.875122][ T7784] netlink: 4 bytes leftover after parsing attributes in process `syz.3.437'.
[  306.023350][ T7845] netlink: 'syz.0.452': attribute type 1 has an invalid length.
[  306.996927][    T9] usb 4-1: new full-speed USB device number 6 using dummy_hcd
[  306.997512][ T7846] hfs: can't find a HFS filesystem on dev nullb0
[  307.894594][ T7857] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  307.917209][    T9] usb 4-1: config 0 has an invalid interface number: 207 but max is 0
[  307.927282][    T9] usb 4-1: config 0 has no interface number 0
[  307.948080][    T9] usb 4-1: New USB device found, idVendor=12d1, idProduct=ed56, bcdDevice=46.dd
[  308.064153][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  308.085782][    T9] usb 4-1: Product: syz
[  308.089976][    T9] usb 4-1: Manufacturer: syz
[  308.104829][    T9] usb 4-1: SerialNumber: syz
[  308.247071][    T9] usb 4-1: config 0 descriptor??
[  308.261113][    T9] usb 4-1: can't set config #0, error -71
[  308.913093][ T7866] loop2: detected capacity change from 0 to 7
[  308.921823][ T7867] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  308.986045][    T9] usb 4-1: USB disconnect, device number 6
[  308.994538][ T7866] Dev loop2: unable to read RDB block 7
[  309.000209][ T7866]  loop2: AHDI p1 p2 p3
[  309.004388][ T7866] loop2: partition table partially beyond EOD, truncated
[  309.011690][ T7866] loop2: p1 start 1601398130 is beyond EOD, truncated
[  309.018493][ T7866] loop2: p2 start 1702059890 is beyond EOD, truncated
[  309.145087][ T7861] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  309.342615][ T7861] kvm: pic: non byte read
[  309.349093][ T7861] kvm: pic: level sensitive irq not supported
[  309.349215][ T7861] kvm: pic: non byte read
[  309.422246][ T7879] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized
[  309.888838][ T7861] kvm: pic: level sensitive irq not supported
[  309.888910][ T7861] kvm: pic: non byte read
[  309.946506][ T7861] kvm: pic: level sensitive irq not supported
[  309.946574][ T7861] kvm: pic: non byte read
[  310.203416][ T7889] hfs: can't find a HFS filesystem on dev nullb0
[  310.836289][ T7894] hfs: can't find a HFS filesystem on dev nullb0
[  311.137913][ T7897] mmap: syz.2.466 (7897) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  311.186785][ T7898] netlink: 'syz.4.467': attribute type 2 has an invalid length.
[  311.209663][ T7898] netlink: 8 bytes leftover after parsing attributes in process `syz.4.467'.
[  311.218473][ T7899] syz.2.466: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  311.242833][ T7899] CPU: 0 UID: 0 PID: 7899 Comm: syz.2.466 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  311.242858][ T7899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  311.242870][ T7899] Call Trace:
[  311.242878][ T7899]  <TASK>
[  311.242885][ T7899]  dump_stack_lvl+0x189/0x250
[  311.242925][ T7899]  ? __pfx_dump_stack_lvl+0x10/0x10
[  311.242951][ T7899]  ? __pfx__printk+0x10/0x10
[  311.242984][ T7899]  warn_alloc+0x214/0x310
[  311.243003][ T7899]  ? stack_depot_save_flags+0x445/0x900
[  311.243030][ T7899]  ? __pfx_warn_alloc+0x10/0x10
[  311.243051][ T7899]  ? kasan_save_track+0x4f/0x80
[  311.243075][ T7899]  ? xskq_create+0x56/0x170
[  311.243097][ T7899]  ? xsk_init_queue+0xb0/0x110
[  311.243118][ T7899]  ? xsk_setsockopt+0x43f/0x710
[  311.243138][ T7899]  ? do_sock_setsockopt+0x25a/0x3e0
[  311.243157][ T7899]  ? __x64_sys_setsockopt+0x18b/0x220
[  311.243174][ T7899]  ? do_syscall_64+0xfa/0x3b0
[  311.243190][ T7899]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  311.243215][ T7899]  __vmalloc_node_range_noprof+0x125/0x12f0
[  311.243263][ T7899]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  311.243297][ T7899]  ? __kasan_kmalloc+0x93/0xb0
[  311.243324][ T7899]  vmalloc_user_noprof+0xad/0xf0
[  311.243342][ T7899]  ? xskq_create+0xbf/0x170
[  311.243366][ T7899]  xskq_create+0xbf/0x170
[  311.243393][ T7899]  xsk_init_queue+0xb0/0x110
[  311.243419][ T7899]  xsk_setsockopt+0x43f/0x710
[  311.243444][ T7899]  ? __pfx_xsk_setsockopt+0x10/0x10
[  311.243465][ T7899]  ? __lock_acquire+0xab9/0xd20
[  311.243490][ T7899]  ? aa_sock_opt_perm+0xff/0x1b0
[  311.243516][ T7899]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  311.243536][ T7899]  ? __pfx_xsk_setsockopt+0x10/0x10
[  311.243560][ T7899]  do_sock_setsockopt+0x25a/0x3e0
[  311.243582][ T7899]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  311.243607][ T7899]  ? __fget_files+0x2a/0x420
[  311.243634][ T7899]  __x64_sys_setsockopt+0x18b/0x220
[  311.243660][ T7899]  do_syscall_64+0xfa/0x3b0
[  311.243675][ T7899]  ? lockdep_hardirqs_on+0x9c/0x150
[  311.243700][ T7899]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  311.243717][ T7899]  ? clear_bhb_loop+0x60/0xb0
[  311.243738][ T7899]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  311.243755][ T7899] RIP: 0033:0x7f4abfd8e929
[  311.243772][ T7899] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  311.243786][ T7899] RSP: 002b:00007f4ac0c14038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  311.243804][ T7899] RAX: ffffffffffffffda RBX: 00007f4abffb6080 RCX: 00007f4abfd8e929
[  311.243817][ T7899] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000007
[  311.243827][ T7899] RBP: 00007f4abfe10b39 R08: 0000000000000004 R09: 0000000000000000
[  311.243838][ T7899] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  311.243849][ T7899] R13: 0000000000000000 R14: 00007f4abffb6080 R15: 00007ffc991e19b8
[  311.243878][ T7899]  </TASK>
[  311.243956][ T7899] Mem-Info:
[  311.535174][ T7899] active_anon:6142 inactive_anon:0 isolated_anon:0
[  311.535174][ T7899]  active_file:1494 inactive_file:39921 isolated_file:0
[  311.535174][ T7899]  unevictable:768 dirty:171 writeback:0
[  311.535174][ T7899]  slab_reclaimable:10680 slab_unreclaimable:97847
[  311.535174][ T7899]  mapped:29816 shmem:1363 pagetables:1349
[  311.535174][ T7899]  sec_pagetables:0 bounce:0
[  311.535174][ T7899]  kernel_misc_reclaimable:0
[  311.535174][ T7899]  free:1327050 free_pcp:18262 free_cma:0
[  311.580825][ T7899] Node 0 active_anon:24568kB inactive_anon:0kB active_file:5976kB inactive_file:159484kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:119264kB dirty:684kB writeback:0kB shmem:3916kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12464kB pagetables:5240kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  311.613111][ T7899] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:156kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  311.643579][ T7899] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  311.672936][ T7899] lowmem_reserve[]: 0 2498 2500 2500 2500
[  311.679309][ T7899] Node 0 DMA32 free:1398472kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:24520kB inactive_anon:0kB active_file:5976kB inactive_file:157928kB unevictable:1536kB writepending:684kB present:3129332kB managed:2558440kB mlocked:0kB bounce:0kB free_pcp:54844kB local_pcp:26524kB free_cma:0kB
[  311.712450][ T7899] lowmem_reserve[]: 0 0 1 1 1
[  311.718068][ T7899] Node 0 Normal free:24kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1556kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB
[  311.747511][ T7899] lowmem_reserve[]: 0 0 0 0 0
[  311.752760][ T7899] Node 1 Normal free:3894344kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:18176kB local_pcp:12608kB free_cma:0kB
[  311.784374][ T7899] lowmem_reserve[]: 0 0 0 0 0
[  311.789520][ T7899] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  311.803350][ T7899] Node 0 DMA32: 1734*4kB (UME) 1154*8kB (UME) 568*16kB (UME) 254*32kB (UME) 160*64kB (UME) 124*128kB (UME) 48*256kB (UME) 17*512kB (UM) 11*1024kB (UM) 6*2048kB (ME) 316*4096kB (UM) = 1398376kB
[  311.826195][ T7899] Node 0 Normal: 0*4kB 1*8kB (M) 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24kB
[  311.839601][ T7899] Node 1 Normal: 230*4kB (UME) 50*8kB (UME) 42*16kB (UME) 140*32kB (UME) 44*64kB (UME) 10*128kB (UME) 3*256kB (UM) 2*512kB (M) 1*1024kB (M) 1*2048kB (U) 947*4096kB (ME) = 3894344kB
[  311.859213][ T7899] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  311.869017][ T7899] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  311.878440][ T7899] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  311.888188][ T7899] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  311.905181][ T7899] 42768 total pagecache pages
[  311.910290][ T7899] 0 pages in swap cache
[  311.915053][ T7899] Free swap  = 124996kB
[  311.919518][ T7899] Total swap = 124996kB
[  311.924059][ T7899] 2097051 pages RAM
[  311.928145][ T7899] 0 pages HighMem/MovableOnly
[  311.933010][ T7899] 425399 pages reserved
[  311.937445][ T7899] 0 pages cma reserved
[  314.995738][ T7919] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  315.865508][ T7928] loop2: detected capacity change from 0 to 7
[  316.004491][ T7928] Dev loop2: unable to read RDB block 7
[  316.011361][ T7928]  loop2: AHDI p1 p2 p3
[  316.016885][ T7928] loop2: partition table partially beyond EOD, truncated
[  316.025060][ T7928] loop2: p1 start 1601398130 is beyond EOD, truncated
[  316.031981][ T7928] loop2: p2 start 1702059890 is beyond EOD, truncated
[  316.112843][ T7929] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  317.176605][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  317.182989][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  317.851460][ T7942] xt_CT: You must specify a L4 protocol and not use inversions on it
[  318.251860][ T7952] netlink: 12 bytes leftover after parsing attributes in process `syz.3.484'.
[  318.303994][ T7952] 8021q: adding VLAN 0 to HW filter on device bond1
[  318.338205][ T7958] 8021q: adding VLAN 0 to HW filter on device bond1
[  318.345202][ T7958] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address
[  318.357284][ T7958] bond1: (slave vxcan3): Error -95 calling set_mac_address
[  318.388774][ T7952] macvlan2: entered promiscuous mode
[  318.396220][ T7952] macvlan2: entered allmulticast mode
[  318.402049][ T7952] bond1: (slave macvlan2): Error -98 calling set_mac_address
[  318.456730][ T7960] kvm: pic: non byte write
[  322.391353][ T7993] netlink: 'syz.3.494': attribute type 2 has an invalid length.
[  322.399609][ T7993] netlink: 8 bytes leftover after parsing attributes in process `syz.3.494'.
[  323.039425][ T8006] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  323.254472][ T8013] xt_CT: You must specify a L4 protocol and not use inversions on it
[  324.086311][ T8021] kvm: pic: non byte write
[  324.733626][ T8028] kvm: pic: non byte write
[  324.738196][ T5916] usb 3-1: new full-speed USB device number 9 using dummy_hcd
[  324.955497][ T5916] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  325.029939][ T5916] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  325.419636][ T5916] usb 3-1: New USB device found, idVendor=1a34, idProduct=f705, bcdDevice= 0.00
[  325.438500][ T5916] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  325.495235][ T5916] usb 3-1: config 0 descriptor??
[  326.478112][ T8043] xt_CT: You must specify a L4 protocol and not use inversions on it
[  326.747287][ T8019] netlink: 16 bytes leftover after parsing attributes in process `syz.2.502'.
[  326.769157][ T8040] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  327.067271][ T8048] hfs: can't find a HFS filesystem on dev nullb0
[  327.368263][ T8019] team0: entered promiscuous mode
[  327.448192][ T8019] team_slave_0: entered promiscuous mode
[  327.459164][ T8019] team_slave_1: entered promiscuous mode
[  327.492593][ T8019] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  327.552532][ T8019] team0: left promiscuous mode
[  327.563430][ T8019] team_slave_0: left promiscuous mode
[  327.569592][ T8019] team_slave_1: left promiscuous mode
[  327.791101][ T5916] usbhid 3-1:0.0: can't add hid device: -71
[  328.379401][ T5916] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  329.337366][ T5916] usb 3-1: USB disconnect, device number 9
[  329.505584][ T8060] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  329.568963][ T8073] warn_alloc: 3 callbacks suppressed
[  329.568985][ T8073] syz.0.515: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  329.589216][ T8073] CPU: 0 UID: 0 PID: 8073 Comm: syz.0.515 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  329.589240][ T8073] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  329.589251][ T8073] Call Trace:
[  329.589261][ T8073]  <TASK>
[  329.589269][ T8073]  dump_stack_lvl+0x189/0x250
[  329.589300][ T8073]  ? __pfx_rcu_read_unlock_special+0x10/0x10
[  329.589322][ T8073]  ? __pfx_dump_stack_lvl+0x10/0x10
[  329.589346][ T8073]  ? __pfx__printk+0x10/0x10
[  329.589367][ T8073]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  329.589393][ T8073]  ? cpuset_print_current_mems_allowed+0x1f/0x360
[  329.589426][ T8073]  warn_alloc+0x214/0x310
[  329.589444][ T8073]  ? stack_depot_save_flags+0x40/0x900
[  329.589470][ T8073]  ? __pfx_warn_alloc+0x10/0x10
[  329.589490][ T8073]  ? kasan_save_track+0x4f/0x80
[  329.589514][ T8073]  ? xskq_create+0x56/0x170
[  329.589536][ T8073]  ? xsk_init_queue+0xb0/0x110
[  329.589565][ T8073]  ? xsk_setsockopt+0x43f/0x710
[  329.589585][ T8073]  ? do_sock_setsockopt+0x25a/0x3e0
[  329.589603][ T8073]  ? __x64_sys_setsockopt+0x18b/0x220
[  329.589621][ T8073]  ? do_syscall_64+0xfa/0x3b0
[  329.589636][ T8073]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  329.589662][ T8073]  __vmalloc_node_range_noprof+0x125/0x12f0
[  329.589710][ T8073]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  329.589743][ T8073]  ? __kasan_kmalloc+0x93/0xb0
[  329.589770][ T8073]  vmalloc_user_noprof+0xad/0xf0
[  329.589788][ T8073]  ? xskq_create+0xbf/0x170
[  329.589811][ T8073]  xskq_create+0xbf/0x170
[  329.589838][ T8073]  xsk_init_queue+0xb0/0x110
[  329.589865][ T8073]  xsk_setsockopt+0x43f/0x710
[  329.589890][ T8073]  ? __pfx_xsk_setsockopt+0x10/0x10
[  329.589912][ T8073]  ? __lock_acquire+0xab9/0xd20
[  329.589936][ T8073]  ? aa_sock_opt_perm+0xff/0x1b0
[  329.589963][ T8073]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  329.589982][ T8073]  ? __pfx_xsk_setsockopt+0x10/0x10
[  329.590007][ T8073]  do_sock_setsockopt+0x25a/0x3e0
[  329.590030][ T8073]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  329.590054][ T8073]  ? __fget_files+0x2a/0x420
[  329.590081][ T8073]  __x64_sys_setsockopt+0x18b/0x220
[  329.590107][ T8073]  do_syscall_64+0xfa/0x3b0
[  329.590125][ T8073]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  329.590141][ T8073]  ? asm_sysvec_reschedule_ipi+0x1a/0x20
[  329.590157][ T8073]  ? clear_bhb_loop+0x60/0xb0
[  329.590179][ T8073]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  329.590196][ T8073] RIP: 0033:0x7fd04d38e929
[  329.590212][ T8073] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  329.590226][ T8073] RSP: 002b:00007fd04e12e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  329.590244][ T8073] RAX: ffffffffffffffda RBX: 00007fd04d5b6080 RCX: 00007fd04d38e929
[  329.590257][ T8073] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000008
[  329.590267][ T8073] RBP: 00007fd04d410b39 R08: 0000000000000004 R09: 0000000000000000
[  329.590278][ T8073] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  329.590289][ T8073] R13: 0000000000000000 R14: 00007fd04d5b6080 R15: 00007ffc32faf288
[  329.590317][ T8073]  </TASK>
[  329.590332][ T8073] Mem-Info:
[  329.900579][ T8073] active_anon:7902 inactive_anon:0 isolated_anon:0
[  329.900579][ T8073]  active_file:1494 inactive_file:39926 isolated_file:0
[  329.900579][ T8073]  unevictable:768 dirty:215 writeback:0
[  329.900579][ T8073]  slab_reclaimable:10679 slab_unreclaimable:97608
[  329.900579][ T8073]  mapped:29872 shmem:1385 pagetables:1385
[  329.900579][ T8073]  sec_pagetables:0 bounce:0
[  329.900579][ T8073]  kernel_misc_reclaimable:0
[  329.900579][ T8073]  free:1330532 free_pcp:12889 free_cma:0
[  329.946616][ T8073] Node 0 active_anon:31608kB inactive_anon:0kB active_file:5976kB inactive_file:159504kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:119488kB dirty:860kB writeback:0kB shmem:4004kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12440kB pagetables:5384kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  329.978758][ T8073] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:156kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  330.008739][ T8073] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  330.038128][ T8073] lowmem_reserve[]: 0 2498 2500 2500 2500
[  330.044406][ T8073] Node 0 DMA32 free:1412144kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:31560kB inactive_anon:0kB active_file:5976kB inactive_file:157948kB unevictable:1536kB writepending:860kB present:3129332kB managed:2558440kB mlocked:0kB bounce:0kB free_pcp:33624kB local_pcp:13204kB free_cma:0kB
[  330.076812][ T8073] lowmem_reserve[]: 0 0 1 1 1
[  330.081872][ T8073] Node 0 Normal free:24kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1556kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB
[  330.111294][ T8073] lowmem_reserve[]: 0 0 0 0 0
[  330.116460][ T8073] Node 1 Normal free:3894600kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:17920kB local_pcp:12608kB free_cma:0kB
[  330.148138][ T8073] lowmem_reserve[]: 0 0 0 0 0
[  330.153152][ T8073] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  330.166730][ T8073] Node 0 DMA32: 1180*4kB (UE) 1232*8kB (UE) 732*16kB (UE) 174*32kB (UE) 202*64kB (UME) 120*128kB (UME) 55*256kB (UME) 17*512kB (M) 12*1024kB (UM) 5*2048kB (ME) 319*4096kB (UM) = 1412080kB
[  330.187250][ T8073] Node 0 Normal: 0*4kB 1*8kB (M) 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24kB
[  330.206004][ T8073] Node 1 Normal: 230*4kB (UME) 50*8kB (UME) 42*16kB (UME) 146*32kB (UME) 45*64kB (UME) 10*128kB (UME) 3*256kB (UM) 2*512kB (M) 1*1024kB (M) 1*2048kB (U) 947*4096kB (ME) = 3894600kB
[  330.225099][ T8073] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  330.234765][ T8073] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  330.244665][ T8073] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  330.254358][ T8073] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  330.263743][ T8073] 42795 total pagecache pages
[  330.268493][ T8073] 0 pages in swap cache
[  330.272683][ T8073] Free swap  = 124996kB
[  330.276930][ T8073] Total swap = 124996kB
[  330.281126][ T8073] 2097051 pages RAM
[  330.285086][ T8073] 0 pages HighMem/MovableOnly
[  330.289817][ T8073] 425399 pages reserved
[  330.294016][ T8073] 0 pages cma reserved
[  330.319937][ T8060] xt_CT: You must specify a L4 protocol and not use inversions on it
[  331.043778][ T8079] hfs: can't find a HFS filesystem on dev nullb0
[  331.921045][ T8092] netlink: 'syz.2.520': attribute type 1 has an invalid length.
[  331.970351][ T8093] random: crng reseeded on system resumption
[  332.344451][ T8094] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  332.352644][ T8094] batman_adv: batadv0: Removing interface: batadv_slave_0
[  332.911312][ T8094] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  332.929044][ T8094] batman_adv: batadv0: Removing interface: batadv_slave_1
[  334.404674][ T8106] kvm: pic: non byte write
[  334.456270][ T8112] kvm: pic: non byte write
[  334.624373][ T8118] xt_CT: You must specify a L4 protocol and not use inversions on it
[  335.075087][ T8121] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem
[  335.095922][    T9] kernel read not supported for file /vga_arbiter (pid: 9 comm: kworker/0:0)
[  336.125802][ T5916] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  336.879666][ T5916] usb 2-1: Using ep0 maxpacket: 8
[  340.659009][ T8172] loop4: detected capacity change from 0 to 1024
[  341.365853][ T8172] hfsplus: request for non-existent node 16777216 in B*Tree
[  341.599803][ T8172] hfsplus: request for non-existent node 16777216 in B*Tree
[  341.626317][ T8172] hfsplus: request for non-existent node 16777216 in B*Tree
[  341.677709][ T8172] hfsplus: request for non-existent node 16777216 in B*Tree
[  341.685939][ T8172] hfsplus: request for non-existent node 16777216 in B*Tree
[  341.698174][ T8172] hfsplus: request for non-existent node 16777216 in B*Tree
[  341.711759][ T8172] hfsplus: request for non-existent node 16777216 in B*Tree
[  341.721890][ T8172] hfsplus: request for non-existent node 16777216 in B*Tree
[  341.769328][ T8172] hfsplus: request for non-existent node 16777216 in B*Tree
[  341.795227][ T8172] hfsplus: request for non-existent node 16777216 in B*Tree
[  341.834136][ T8172] hfsplus: request for non-existent node 16777216 in B*Tree
[  342.015891][ T8172] hfsplus: request for non-existent node 16777216 in B*Tree
[  342.795984][ T8172] hfsplus: request for non-existent node 16777216 in B*Tree
[  342.803301][ T8172] hfsplus: request for non-existent node 16777216 in B*Tree
[  342.892043][ T8172] hfsplus: request for non-existent node 16777216 in B*Tree
[  342.905820][ T8172] hfsplus: request for non-existent node 16777216 in B*Tree
[  342.921594][ T8172] hfsplus: request for non-existent node 16777216 in B*Tree
[  342.936098][ T8172] hfsplus: request for non-existent node 16777216 in B*Tree
[  342.975234][ T8172] hfsplus: request for non-existent node 16777216 in B*Tree
[  343.035843][ T8172] hfsplus: request for non-existent node 16777216 in B*Tree
[  343.416557][ T5916] usb 2-1: unable to read config index 0 descriptor/start: -110
[  343.426292][ T5916] usb 2-1: can't read configurations, error -110
[  343.546048][ T8172] hfsplus: request for non-existent node 16777216 in B*Tree
[  343.582986][ T8172] hfsplus: request for non-existent node 16777216 in B*Tree
[  343.651773][ T8172] hfsplus: request for non-existent node 16777216 in B*Tree
[  343.653904][ T8193] loop2: detected capacity change from 0 to 512
[  343.729262][ T8172] hfsplus: request for non-existent node 16777216 in B*Tree
[  343.750833][ T8193] EXT4-fs error (device loop2): ext4_orphan_get:1393: inode #15: comm syz.2.547: casefold flag without casefold feature
[  343.790715][ T8172] hfsplus: request for non-existent node 16777216 in B*Tree
[  343.828763][ T8172] hfsplus: request for non-existent node 16777216 in B*Tree
[  343.849415][ T8193] EXT4-fs error (device loop2): ext4_orphan_get:1398: comm syz.2.547: couldn't read orphan inode 15 (err -117)
[  343.905912][ T8172] hfsplus: request for non-existent node 16777216 in B*Tree
[  343.913228][ T8172] hfsplus: request for non-existent node 16777216 in B*Tree
[  343.929774][ T8193] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  344.066663][ T8197] loop1: detected capacity change from 0 to 40427
[  344.076912][ T8172] hfsplus: request for non-existent node 16777216 in B*Tree
[  344.084272][ T8172] hfsplus: request for non-existent node 16777216 in B*Tree
[  344.093696][   T30] audit: type=1800 audit(1751362085.505:22): pid=8172 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.542" name="file1" dev="loop4" ino=20 res=0 errno=0
[  344.110428][ T8197] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  344.121154][ T8197] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  344.133269][ T8197] F2FS-fs (loop1): invalid crc value
[  344.222037][ T8197] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  344.229194][ T8197] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  345.353424][   T30] audit: type=1800 audit(1751362086.025:23): pid=8205 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.548" name="file1" dev="loop1" ino=10 res=0 errno=0
[  346.521326][ T8208] netlink: 12 bytes leftover after parsing attributes in process `syz.4.549'.
[  346.784150][ T8208] 8021q: adding VLAN 0 to HW filter on device bond2
[  346.818158][ T8219] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  346.920492][ T8208] bond1: (slave bond2): Enslaving as an active interface with an up link
[  346.926488][ T8219] xt_CT: You must specify a L4 protocol and not use inversions on it
[  347.412774][ T8221] loop4: detected capacity change from 0 to 512
[  347.468192][ T8221] EXT4-fs error (device loop4): ext4_orphan_get:1393: inode #15: comm syz.4.552: casefold flag without casefold feature
[  347.639607][ T8221] EXT4-fs error (device loop4): ext4_orphan_get:1398: comm syz.4.552: couldn't read orphan inode 15 (err -117)
[  347.667767][ T5840] syz-executor: attempt to access beyond end of device
[  347.667767][ T5840] loop1: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  347.694224][ T8221] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  347.706114][ T5840] CPU: 1 UID: 0 PID: 5840 Comm: syz-executor Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  347.706140][ T5840] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  347.706150][ T5840] Call Trace:
[  347.706157][ T5840]  <TASK>
[  347.706164][ T5840]  dump_stack_lvl+0x189/0x250
[  347.706196][ T5840]  ? __pfx_dump_stack_lvl+0x10/0x10
[  347.706217][ T5840]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  347.706240][ T5840]  ? __pfx_queue_work_on+0x10/0x10
[  347.706264][ T5840]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  347.706293][ T5840]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  347.706317][ T5840]  ? f2fs_hw_is_readonly+0x39b/0x470
[  347.706342][ T5840]  f2fs_handle_critical_error+0x37c/0x540
[  347.706370][ T5840]  f2fs_write_end_io+0x495/0x810
[  347.706390][ T5840]  ? blkg_put+0x22/0x240
[  347.706425][ T5840]  __submit_merged_bio+0x27a/0x6a0
[  347.706443][ T5840]  ? up_write+0x1c4/0x420
[  347.706512][ T5840]  __submit_merged_write_cond+0x44c/0x530
[  347.706540][ T5840]  f2fs_sync_node_pages+0x1869/0x1a00
[  347.706583][ T5840]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  347.706631][ T5840]  ? f2fs_write_checkpoint+0xe43/0x1df0
[  347.706658][ T5840]  ? up_write+0x1c4/0x420
[  347.706675][ T5840]  ? do_raw_spin_unlock+0x122/0x240
[  347.706695][ T5840]  f2fs_write_checkpoint+0xe6f/0x1df0
[  347.706740][ T5840]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  347.706799][ T5840]  ? try_to_wake_up+0x7e5/0x1290
[  347.706823][ T5840]  ? kill_f2fs_super+0x298/0x6c0
[  347.706852][ T5840]  kill_f2fs_super+0x2c3/0x6c0
[  347.706878][ T5840]  ? __pfx_kill_f2fs_super+0x10/0x10
[  347.706899][ T5840]  ? radix_tree_delete_item+0x2b6/0x400
[  347.706929][ T5840]  ? shrinker_free+0x2ce/0x3e0
[  347.706953][ T5840]  deactivate_locked_super+0xbc/0x130
[  347.706975][ T5840]  cleanup_mnt+0x425/0x4c0
[  347.706994][ T5840]  ? lockdep_hardirqs_on+0x9c/0x150
[  347.707019][ T5840]  task_work_run+0x1d1/0x260
[  347.707041][ T5840]  ? __pfx_task_work_run+0x10/0x10
[  347.707056][ T5840]  ? __x64_sys_umount+0x122/0x160
[  347.707085][ T5840]  ? exit_to_user_mode_loop+0x40/0x110
[  347.707108][ T5840]  exit_to_user_mode_loop+0xec/0x110
[  347.707128][ T5840]  do_syscall_64+0x2bd/0x3b0
[  347.707143][ T5840]  ? lockdep_hardirqs_on+0x9c/0x150
[  347.707165][ T5840]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  347.707181][ T5840]  ? clear_bhb_loop+0x60/0xb0
[  347.707202][ T5840]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  347.707218][ T5840] RIP: 0033:0x7f71cc78fc57
[  347.707235][ T5840] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  347.707248][ T5840] RSP: 002b:00007ffff1085788 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  347.707267][ T5840] RAX: 0000000000000000 RBX: 00007f71cc810925 RCX: 00007f71cc78fc57
[  347.707278][ T5840] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffff1085840
[  347.707288][ T5840] RBP: 00007ffff1085840 R08: 0000000000000000 R09: 0000000000000000
[  347.707298][ T5840] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffff10868d0
[  347.707308][ T5840] R13: 00007f71cc810925 R14: 000000000005493a R15: 00007ffff1086910
[  347.707338][ T5840]  </TASK>
[  347.707345][ T5840] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  348.337248][ T8229] loop0: detected capacity change from 0 to 40427
[  349.000753][ T8229] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  349.008629][ T8229] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  349.022768][ T8229] F2FS-fs (loop0): invalid crc value
[  349.116004][ T8229] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  349.123040][ T8229] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  349.293141][ T5827] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  350.092261][   T30] audit: type=1800 audit(1751362090.795:24): pid=8240 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.555" name="file1" dev="loop0" ino=10 res=0 errno=0
[  350.732626][ T5832] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  352.004048][ T5833] syz-executor: attempt to access beyond end of device
[  352.004048][ T5833] loop0: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  352.039556][ T5833] CPU: 0 UID: 0 PID: 5833 Comm: syz-executor Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  352.039580][ T5833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  352.039589][ T5833] Call Trace:
[  352.039595][ T5833]  <TASK>
[  352.039603][ T5833]  dump_stack_lvl+0x189/0x250
[  352.039633][ T5833]  ? __pfx_dump_stack_lvl+0x10/0x10
[  352.039653][ T5833]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  352.039673][ T5833]  ? __pfx_queue_work_on+0x10/0x10
[  352.039697][ T5833]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  352.039718][ T5833]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  352.039742][ T5833]  ? f2fs_hw_is_readonly+0x39b/0x470
[  352.039765][ T5833]  f2fs_handle_critical_error+0x37c/0x540
[  352.039791][ T5833]  f2fs_write_end_io+0x495/0x810
[  352.039811][ T5833]  ? blkg_put+0x22/0x240
[  352.039846][ T5833]  __submit_merged_bio+0x27a/0x6a0
[  352.039864][ T5833]  ? up_write+0x1c4/0x420
[  352.039892][ T5833]  __submit_merged_write_cond+0x44c/0x530
[  352.039922][ T5833]  f2fs_sync_node_pages+0x1869/0x1a00
[  352.039967][ T5833]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  352.040019][ T5833]  ? f2fs_write_checkpoint+0xe43/0x1df0
[  352.040049][ T5833]  ? up_write+0x1c4/0x420
[  352.040070][ T5833]  ? do_raw_spin_unlock+0x122/0x240
[  352.040092][ T5833]  f2fs_write_checkpoint+0xe6f/0x1df0
[  352.040139][ T5833]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  352.040209][ T5833]  ? try_to_wake_up+0x7e5/0x1290
[  352.040232][ T5833]  ? kill_f2fs_super+0x298/0x6c0
[  352.040262][ T5833]  kill_f2fs_super+0x2c3/0x6c0
[  352.040292][ T5833]  ? __pfx_kill_f2fs_super+0x10/0x10
[  352.040313][ T5833]  ? radix_tree_delete_item+0x2b6/0x400
[  352.040344][ T5833]  ? shrinker_free+0x2ce/0x3e0
[  352.040367][ T5833]  deactivate_locked_super+0xbc/0x130
[  352.040392][ T5833]  cleanup_mnt+0x425/0x4c0
[  352.040414][ T5833]  ? lockdep_hardirqs_on+0x9c/0x150
[  352.040442][ T5833]  task_work_run+0x1d1/0x260
[  352.040464][ T5833]  ? __pfx_task_work_run+0x10/0x10
[  352.040480][ T5833]  ? __x64_sys_umount+0x122/0x160
[  352.040510][ T5833]  ? exit_to_user_mode_loop+0x40/0x110
[  352.040535][ T5833]  exit_to_user_mode_loop+0xec/0x110
[  352.040557][ T5833]  do_syscall_64+0x2bd/0x3b0
[  352.040572][ T5833]  ? lockdep_hardirqs_on+0x9c/0x150
[  352.040593][ T5833]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  352.040609][ T5833]  ? clear_bhb_loop+0x60/0xb0
[  352.040630][ T5833]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  352.040648][ T5833] RIP: 0033:0x7fd04d38fc57
[  352.040665][ T5833] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  352.040679][ T5833] RSP: 002b:00007ffc32fae518 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  352.040698][ T5833] RAX: 0000000000000000 RBX: 00007fd04d410925 RCX: 00007fd04d38fc57
[  352.040711][ T5833] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc32fae5d0
[  352.040722][ T5833] RBP: 00007ffc32fae5d0 R08: 0000000000000000 R09: 0000000000000000
[  352.040733][ T5833] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc32faf660
[  352.040745][ T5833] R13: 00007fd04d410925 R14: 00000000000559c7 R15: 00007ffc32faf6a0
[  352.040775][ T5833]  </TASK>
[  352.041358][ T5833] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  352.701256][ T8256] loop4: detected capacity change from 0 to 1024
[  352.754797][ T8256] hfsplus: request for non-existent node 16777216 in B*Tree
[  352.775181][ T8256] hfsplus: request for non-existent node 16777216 in B*Tree
[  352.792483][ T8256] hfsplus: request for non-existent node 16777216 in B*Tree
[  352.809937][ T8256] hfsplus: request for non-existent node 16777216 in B*Tree
[  352.829492][ T8256] hfsplus: request for non-existent node 16777216 in B*Tree
[  352.883719][ T8256] hfsplus: request for non-existent node 16777216 in B*Tree
[  352.927592][ T8256] hfsplus: request for non-existent node 16777216 in B*Tree
[  353.002020][ T8256] hfsplus: request for non-existent node 16777216 in B*Tree
[  353.030034][ T8256] hfsplus: request for non-existent node 16777216 in B*Tree
[  353.047770][ T8256] hfsplus: request for non-existent node 16777216 in B*Tree
[  353.110966][ T8262] loop2: detected capacity change from 0 to 7
[  353.223669][ T8263] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  353.318095][ T8256] hfsplus: request for non-existent node 16777216 in B*Tree
[  353.508701][ T8256] hfsplus: request for non-existent node 16777216 in B*Tree
[  353.586631][ T8262] Dev loop2: unable to read RDB block 7
[  353.592650][ T8262]  loop2: AHDI p1 p2 p3
[  353.596915][ T8262] loop2: partition table partially beyond EOD, truncated
[  353.604141][ T8262] loop2: p1 start 1601398130 is beyond EOD, truncated
[  353.610959][ T8262] loop2: p2 start 1702059890 is beyond EOD, truncated
[  353.675954][ T8256] hfsplus: request for non-existent node 16777216 in B*Tree
[  353.707763][ T8256] hfsplus: request for non-existent node 16777216 in B*Tree
[  353.765858][ T8256] hfsplus: request for non-existent node 16777216 in B*Tree
[  353.773237][ T8256] hfsplus: request for non-existent node 16777216 in B*Tree
[  353.869349][ T8256] hfsplus: request for non-existent node 16777216 in B*Tree
[  353.914412][ T8256] hfsplus: request for non-existent node 16777216 in B*Tree
[  353.922526][ T8256] hfsplus: request for non-existent node 16777216 in B*Tree
[  353.930017][ T8256] hfsplus: request for non-existent node 16777216 in B*Tree
[  353.943008][ T8259] hfsplus: request for non-existent node 16777216 in B*Tree
[  353.950783][ T8259] hfsplus: request for non-existent node 16777216 in B*Tree
[  354.022089][ T8256] hfsplus: request for non-existent node 16777216 in B*Tree
[  354.046154][ T8271] /dev/nullb0: Can't open blockdev
[  354.352926][ T8256] hfsplus: request for non-existent node 16777216 in B*Tree
[  354.554927][ T8259] hfsplus: request for non-existent node 16777216 in B*Tree
[  354.600814][ T8259] hfsplus: request for non-existent node 16777216 in B*Tree
[  354.608750][ T8256] hfsplus: request for non-existent node 16777216 in B*Tree
[  354.621893][ T8256] hfsplus: request for non-existent node 16777216 in B*Tree
[  354.638848][ T8256] hfsplus: request for non-existent node 16777216 in B*Tree
[  354.674822][ T8256] hfsplus: request for non-existent node 16777216 in B*Tree
[  354.736762][ T8256] hfsplus: request for non-existent node 16777216 in B*Tree
[  354.744082][ T8256] hfsplus: request for non-existent node 16777216 in B*Tree
[  354.765891][ T8256] hfsplus: request for non-existent node 16777216 in B*Tree
[  354.773199][ T8256] hfsplus: request for non-existent node 16777216 in B*Tree
[  354.817498][ T8256] hfsplus: request for non-existent node 16777216 in B*Tree
[  354.840620][ T8256] hfsplus: request for non-existent node 16777216 in B*Tree
[  354.865791][ T8256] hfsplus: request for non-existent node 16777216 in B*Tree
[  354.883417][ T8256] hfsplus: request for non-existent node 16777216 in B*Tree
[  354.938716][ T8256] hfsplus: request for non-existent node 16777216 in B*Tree
[  355.065877][ T8256] hfsplus: request for non-existent node 16777216 in B*Tree
[  355.172819][   T30] audit: type=1800 audit(1751362096.575:25): pid=8256 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.561" name="file1" dev="loop4" ino=20 res=0 errno=0
[  355.516122][ T1091] hfsplus: request for non-existent node 16777216 in B*Tree
[  355.523564][ T1091] hfsplus: request for non-existent node 16777216 in B*Tree
[  355.788049][ T8284] loop4: detected capacity change from 0 to 1024
[  355.855785][ T8284] hfsplus: request for non-existent node 16777216 in B*Tree
[  355.934317][ T8284] hfsplus: request for non-existent node 16777216 in B*Tree
[  356.075780][ T2149] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  356.083478][    C1] raw-gadget.0 gadget.0: ignoring, device is not running
[  356.495418][ T8284] hfsplus: request for non-existent node 16777216 in B*Tree
[  356.720789][ T8284] hfsplus: request for non-existent node 16777216 in B*Tree
[  356.858067][ T8300] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  356.974482][ T8300] xt_CT: You must specify a L4 protocol and not use inversions on it
[  357.313287][ T8284] hfsplus: request for non-existent node 16777216 in B*Tree
[  357.320724][ T8284] hfsplus: request for non-existent node 16777216 in B*Tree
[  357.336158][ T8284] hfsplus: request for non-existent node 16777216 in B*Tree
[  357.345073][ T8284] hfsplus: request for non-existent node 16777216 in B*Tree
[  357.352866][ T8284] hfsplus: request for non-existent node 16777216 in B*Tree
[  357.360252][ T8284] hfsplus: request for non-existent node 16777216 in B*Tree
[  357.368168][ T8284] hfsplus: request for non-existent node 16777216 in B*Tree
[  357.375667][ T8284] hfsplus: request for non-existent node 16777216 in B*Tree
[  357.413383][ T8284] hfsplus: request for non-existent node 16777216 in B*Tree
[  357.445794][ T2149] usb 1-1: device descriptor read/64, error -32
[  357.468944][ T8284] hfsplus: request for non-existent node 16777216 in B*Tree
[  357.509909][ T8284] hfsplus: request for non-existent node 16777216 in B*Tree
[  357.534625][ T8284] hfsplus: request for non-existent node 16777216 in B*Tree
[  357.543989][ T8284] hfsplus: request for non-existent node 16777216 in B*Tree
[  357.554766][ T8284] hfsplus: request for non-existent node 16777216 in B*Tree
[  357.564690][ T8284] hfsplus: request for non-existent node 16777216 in B*Tree
[  357.593258][ T8284] hfsplus: request for non-existent node 16777216 in B*Tree
[  357.787740][ T2149] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  358.052245][ T8284] hfsplus: request for non-existent node 16777216 in B*Tree
[  358.270134][ T8284] hfsplus: request for non-existent node 16777216 in B*Tree
[  358.325868][ T2149] usb 1-1: Using ep0 maxpacket: 8
[  358.341318][ T2149] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  358.351729][ T2149] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 921
[  358.361627][ T2149] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  358.381347][ T2149] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  358.403253][ T2149] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  358.416466][ T8284] hfsplus: request for non-existent node 16777216 in B*Tree
[  358.424003][ T2149] usb 1-1: Product: syz
[  358.429518][ T2149] usb 1-1: Manufacturer: syz
[  358.439105][ T2149] usb 1-1: SerialNumber: syz
[  358.447084][ T8284] hfsplus: request for non-existent node 16777216 in B*Tree
[  358.468693][ T8284] hfsplus: request for non-existent node 16777216 in B*Tree
[  358.542725][ T8285] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  358.656492][ T8285] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  358.672439][ T8284] hfsplus: request for non-existent node 16777216 in B*Tree
[  358.694485][ T8284] hfsplus: request for non-existent node 16777216 in B*Tree
[  358.703667][ T8284] hfsplus: request for non-existent node 16777216 in B*Tree
[  358.723616][ T8284] hfsplus: request for non-existent node 16777216 in B*Tree
[  358.862580][ T8284] hfsplus: request for non-existent node 16777216 in B*Tree
[  359.759273][   T30] audit: type=1800 audit(1751362101.165:26): pid=8284 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.566" name="file1" dev="loop4" ino=20 res=0 errno=0
[  359.765815][ T8293] hfsplus: request for non-existent node 16777216 in B*Tree
[  359.837704][ T8293] hfsplus: request for non-existent node 16777216 in B*Tree
[  359.878337][ T8293] hfsplus: request for non-existent node 16777216 in B*Tree
[  359.902324][ T8293] hfsplus: request for non-existent node 16777216 in B*Tree
[  359.943592][ T2149] usb 1-1: can't set config #1, error -71
[  359.962905][ T2149] usb 1-1: USB disconnect, device number 10
[  360.038171][ T5959] hfsplus: request for non-existent node 16777216 in B*Tree
[  360.089700][ T5959] hfsplus: request for non-existent node 16777216 in B*Tree
[  362.608819][ T8344] kvm: pic: non byte write
[  362.889590][ T8351] loop0: detected capacity change from 0 to 1024
[  362.945238][ T8351] hfsplus: request for non-existent node 16777216 in B*Tree
[  362.987793][ T8351] hfsplus: request for non-existent node 16777216 in B*Tree
[  363.011404][ T8351] hfsplus: request for non-existent node 16777216 in B*Tree
[  363.035003][ T8351] hfsplus: request for non-existent node 16777216 in B*Tree
[  363.046908][ T8351] hfsplus: request for non-existent node 16777216 in B*Tree
[  363.058500][ T8351] hfsplus: request for non-existent node 16777216 in B*Tree
[  363.104607][ T8352] hfsplus: request for non-existent node 16777216 in B*Tree
[  363.135230][ T8352] hfsplus: request for non-existent node 16777216 in B*Tree
[  363.171557][ T8351] hfsplus: request for non-existent node 16777216 in B*Tree
[  363.240849][ T8351] hfsplus: request for non-existent node 16777216 in B*Tree
[  363.360752][ T8352] hfsplus: request for non-existent node 16777216 in B*Tree
[  363.422473][ T8352] hfsplus: request for non-existent node 16777216 in B*Tree
[  363.449087][ T8351] hfsplus: request for non-existent node 16777216 in B*Tree
[  363.506978][ T8351] hfsplus: request for non-existent node 16777216 in B*Tree
[  363.514306][ T8351] hfsplus: request for non-existent node 16777216 in B*Tree
[  364.210999][ T8351] hfsplus: request for non-existent node 16777216 in B*Tree
[  364.242871][ T8351] hfsplus: request for non-existent node 16777216 in B*Tree
[  364.289081][ T8351] hfsplus: request for non-existent node 16777216 in B*Tree
[  364.426734][ T8351] hfsplus: request for non-existent node 16777216 in B*Tree
[  364.561821][ T8351] hfsplus: request for non-existent node 16777216 in B*Tree
[  364.573789][ T8372] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  364.589712][ T8351] hfsplus: request for non-existent node 16777216 in B*Tree
[  364.604545][ T8351] hfsplus: request for non-existent node 16777216 in B*Tree
[  364.621923][ T8351] hfsplus: request for non-existent node 16777216 in B*Tree
[  364.678889][ T8351] hfsplus: request for non-existent node 16777216 in B*Tree
[  364.726867][ T8373] kvm: pic: non byte write
[  364.746145][ T6001] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  364.759286][ T8351] hfsplus: request for non-existent node 16777216 in B*Tree
[  364.809930][ T8351] hfsplus: request for non-existent node 16777216 in B*Tree
[  364.987052][ T8351] hfsplus: request for non-existent node 16777216 in B*Tree
[  365.042217][ T6001] usb 4-1: Using ep0 maxpacket: 8
[  365.273859][ T8351] hfsplus: request for non-existent node 16777216 in B*Tree
[  365.344248][ T6001] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  365.389952][ T8351] hfsplus: request for non-existent node 16777216 in B*Tree
[  365.397732][ T8351] hfsplus: request for non-existent node 16777216 in B*Tree
[  365.405129][ T8351] hfsplus: request for non-existent node 16777216 in B*Tree
[  365.415359][ T8351] hfsplus: request for non-existent node 16777216 in B*Tree
[  365.422931][ T6001] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 44809, setting to 1024
[  365.748377][ T8386] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  365.847004][ T8351] hfsplus: request for non-existent node 16777216 in B*Tree
[  365.854404][ T8351] hfsplus: request for non-existent node 16777216 in B*Tree
[  366.113788][ T8384] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  366.314285][ T6001] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024
[  366.369509][ T8386] xt_CT: You must specify a L4 protocol and not use inversions on it
[  366.380553][ T8351] hfsplus: request for non-existent node 16777216 in B*Tree
[  366.396828][ T6001] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  366.419792][ T8384] xt_CT: You must specify a L4 protocol and not use inversions on it
[  366.425758][ T8351] hfsplus: request for non-existent node 16777216 in B*Tree
[  366.435218][ T8351] hfsplus: request for non-existent node 16777216 in B*Tree
[  366.526356][ T6001] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  366.537307][ T6001] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  366.545357][ T6001] usb 4-1: Product: syz
[  366.549646][ T6001] usb 4-1: Manufacturer: syz
[  366.570593][ T8351] hfsplus: request for non-existent node 16777216 in B*Tree
[  366.572319][ T6001] usb 4-1: SerialNumber: syz
[  366.653322][ T8365] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  366.661383][ T8365] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  366.705835][ T8351] hfsplus: request for non-existent node 16777216 in B*Tree
[  366.758894][ T8351] hfsplus: request for non-existent node 16777216 in B*Tree
[  366.800481][   T30] audit: type=1800 audit(1751362108.185:27): pid=8351 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.584" name="file1" dev="loop0" ino=20 res=0 errno=0
[  366.933567][ T8365] loop2: detected capacity change from 0 to 7
[  367.102036][ T6001] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -71
[  367.150479][ T6628] hfsplus: request for non-existent node 16777216 in B*Tree
[  368.052366][ T6001] usbtest 4-1:1.0: Linux user mode ISO test driver
[  368.059003][ T6628] hfsplus: request for non-existent node 16777216 in B*Tree
[  368.135657][ T6001] usbtest 4-1:1.0: high-speed {control bulk-in bulk-out} tests (+alt)
[  368.308955][ T6001] usb 4-1: USB disconnect, device number 7
[  369.382466][ T8414] kvm: pic: non byte write
[  369.515868][    T9] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  369.571939][ T8419] loop3: detected capacity change from 0 to 1024
[  369.675793][    T9] usb 2-1: Using ep0 maxpacket: 8
[  369.682584][    T9] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  369.691318][    T9] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  369.746348][    T9] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  369.787333][ T8419] hfsplus: request for non-existent node 16777216 in B*Tree
[  369.804578][ T8419] hfsplus: request for non-existent node 16777216 in B*Tree
[  369.844698][    T9] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  369.874128][ T8419] hfsplus: request for non-existent node 16777216 in B*Tree
[  369.905908][    T9] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  369.941972][    T9] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  369.956561][ T8419] hfsplus: request for non-existent node 16777216 in B*Tree
[  369.980866][ T8429] netlink: 4 bytes leftover after parsing attributes in process `syz.4.600'.
[  370.024632][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  370.097104][ T8419] hfsplus: request for non-existent node 16777216 in B*Tree
[  370.106034][   T10] usb 1-1: new high-speed USB device number 11 using dummy_hcd
[  370.195871][ T8419] hfsplus: request for non-existent node 16777216 in B*Tree
[  370.204123][ T8423] hfsplus: request for non-existent node 16777216 in B*Tree
[  370.248474][ T8423] hfsplus: request for non-existent node 16777216 in B*Tree
[  370.291500][ T8419] hfsplus: request for non-existent node 16777216 in B*Tree
[  370.364653][ T8419] hfsplus: request for non-existent node 16777216 in B*Tree
[  370.406835][ T8419] hfsplus: request for non-existent node 16777216 in B*Tree
[  370.430166][ T8419] hfsplus: request for non-existent node 16777216 in B*Tree
[  370.445888][   T10] usb 1-1: Using ep0 maxpacket: 8
[  370.471460][ T8433] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  370.484398][   T10] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  370.509161][ T8423] hfsplus: request for non-existent node 16777216 in B*Tree
[  370.557024][ T8423] hfsplus: request for non-existent node 16777216 in B*Tree
[  370.565014][   T10] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 51223, setting to 1024
[  370.593191][ T8419] hfsplus: request for non-existent node 16777216 in B*Tree
[  370.613879][ T8419] hfsplus: request for non-existent node 16777216 in B*Tree
[  370.625344][ T8419] hfsplus: request for non-existent node 16777216 in B*Tree
[  370.635392][ T8419] hfsplus: request for non-existent node 16777216 in B*Tree
[  370.666957][ T8419] hfsplus: request for non-existent node 16777216 in B*Tree
[  370.692347][ T8419] hfsplus: request for non-existent node 16777216 in B*Tree
[  370.706046][   T10] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024
[  370.732618][ T8419] hfsplus: request for non-existent node 16777216 in B*Tree
[  370.759915][ T8419] hfsplus: request for non-existent node 16777216 in B*Tree
[  370.772951][ T8419] hfsplus: request for non-existent node 16777216 in B*Tree
[  370.789405][ T8419] hfsplus: request for non-existent node 16777216 in B*Tree
[  370.803168][ T8419] hfsplus: request for non-existent node 16777216 in B*Tree
[  370.814609][ T8419] hfsplus: request for non-existent node 16777216 in B*Tree
[  370.832915][   T10] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  370.833764][ T8419] hfsplus: request for non-existent node 16777216 in B*Tree
[  370.858411][ T8419] hfsplus: request for non-existent node 16777216 in B*Tree
[  370.867720][ T8419] hfsplus: request for non-existent node 16777216 in B*Tree
[  370.877811][ T8419] hfsplus: request for non-existent node 16777216 in B*Tree
[  370.897211][ T8419] hfsplus: request for non-existent node 16777216 in B*Tree
[  370.904846][ T8419] hfsplus: request for non-existent node 16777216 in B*Tree
[  370.923222][ T8419] hfsplus: request for non-existent node 16777216 in B*Tree
[  370.939067][ T8419] hfsplus: request for non-existent node 16777216 in B*Tree
[  370.947135][   T10] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  370.949041][ T8419] hfsplus: request for non-existent node 16777216 in B*Tree
[  370.973020][   T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  370.973055][ T8419] hfsplus: request for non-existent node 16777216 in B*Tree
[  371.112634][   T10] usb 1-1: Product: syz
[  371.118857][ T8419] hfsplus: request for non-existent node 16777216 in B*Tree
[  371.135327][   T10] usb 1-1: Manufacturer: syz
[  371.151522][   T10] usb 1-1: SerialNumber: syz
[  371.187844][ T8419] hfsplus: request for non-existent node 16777216 in B*Tree
[  371.202541][    T9] usb 2-1: usb_control_msg returned -71
[  371.211628][ T8421] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  371.235512][ T8419] hfsplus: request for non-existent node 16777216 in B*Tree
[  371.448841][ T8421] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  371.458687][    T9] usbtmc 2-1:16.0: can't read capabilities
[  371.466017][ T8419] hfsplus: request for non-existent node 16777216 in B*Tree
[  371.473635][   T30] audit: type=1800 audit(1751362112.875:28): pid=8419 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.599" name="file1" dev="loop3" ino=20 res=0 errno=0
[  372.085916][    T9] usb 2-1: USB disconnect, device number 9
[  372.204293][   T64] hfsplus: request for non-existent node 16777216 in B*Tree
[  372.275238][   T64] hfsplus: request for non-existent node 16777216 in B*Tree
[  372.363428][ T8421] loop2: detected capacity change from 0 to 7
[  372.390772][   T10] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -71
[  372.412720][   T10] usbtest 1-1:1.0: Linux user mode ISO test driver
[  372.435752][   T10] usbtest 1-1:1.0: high-speed {control bulk-in bulk-out} tests (+alt)
[  372.461112][   T10] usb 1-1: USB disconnect, device number 11
[  372.729396][ T8453] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  373.200609][ T5893] usb 3-1: new full-speed USB device number 10 using dummy_hcd
[  373.345104][ T8454] loop3: detected capacity change from 0 to 1024
[  373.396265][ T5893] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  373.450854][ T5893] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  373.515910][ T8458] syz.4.608: vmalloc error: size 8589938688, exceeds total pages, mode:0xdc0(GFP_KERNEL|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1
[  373.530913][ T8458] CPU: 1 UID: 0 PID: 8458 Comm: syz.4.608 Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  373.530940][ T8458] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  373.530956][ T8458] Call Trace:
[  373.530964][ T8458]  <TASK>
[  373.530972][ T8458]  dump_stack_lvl+0x189/0x250
[  373.531003][ T8458]  ? lockdep_hardirqs_on+0x9c/0x150
[  373.531030][ T8458]  ? __pfx_dump_stack_lvl+0x10/0x10
[  373.531073][ T8458]  warn_alloc+0x214/0x310
[  373.531093][ T8458]  ? stack_depot_save_flags+0x40/0x900
[  373.531118][ T8458]  ? __pfx_warn_alloc+0x10/0x10
[  373.531139][ T8458]  ? kasan_save_track+0x4f/0x80
[  373.531163][ T8458]  ? xskq_create+0x56/0x170
[  373.531185][ T8458]  ? xsk_init_queue+0xb0/0x110
[  373.531206][ T8458]  ? xsk_setsockopt+0x43f/0x710
[  373.531227][ T8458]  ? do_sock_setsockopt+0x25a/0x3e0
[  373.531245][ T8458]  ? __x64_sys_setsockopt+0x18b/0x220
[  373.531263][ T8458]  ? do_syscall_64+0xfa/0x3b0
[  373.531278][ T8458]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  373.531304][ T8458]  __vmalloc_node_range_noprof+0x125/0x12f0
[  373.531352][ T8458]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  373.531380][ T8458]  ? xskq_create+0x56/0x170
[  373.531402][ T8458]  ? __kmalloc_cache_noprof+0x88/0x3d0
[  373.531429][ T8458]  ? __kasan_kmalloc+0x93/0xb0
[  373.531457][ T8458]  vmalloc_user_noprof+0xad/0xf0
[  373.531474][ T8458]  ? xskq_create+0xbf/0x170
[  373.531499][ T8458]  xskq_create+0xbf/0x170
[  373.531526][ T8458]  xsk_init_queue+0xb0/0x110
[  373.531551][ T8458]  xsk_setsockopt+0x43f/0x710
[  373.531574][ T8458]  ? __pfx_xsk_setsockopt+0x10/0x10
[  373.531594][ T8458]  ? __lock_acquire+0xab9/0xd20
[  373.531618][ T8458]  ? aa_sock_opt_perm+0xff/0x1b0
[  373.531644][ T8458]  ? bpf_lsm_socket_setsockopt+0x9/0x20
[  373.531664][ T8458]  ? __pfx_xsk_setsockopt+0x10/0x10
[  373.531688][ T8458]  do_sock_setsockopt+0x25a/0x3e0
[  373.531718][ T8458]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  373.531743][ T8458]  ? __fget_files+0x2a/0x420
[  373.531771][ T8458]  __x64_sys_setsockopt+0x18b/0x220
[  373.531798][ T8458]  do_syscall_64+0xfa/0x3b0
[  373.531814][ T8458]  ? lockdep_hardirqs_on+0x9c/0x150
[  373.531839][ T8458]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  373.531857][ T8458]  ? clear_bhb_loop+0x60/0xb0
[  373.531879][ T8458]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  373.531902][ T8458] RIP: 0033:0x7fe72698e929
[  373.531919][ T8458] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  373.531934][ T8458] RSP: 002b:00007fe7277f1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  373.531954][ T8458] RAX: ffffffffffffffda RBX: 00007fe726bb6080 RCX: 00007fe72698e929
[  373.531968][ T8458] RDX: 0000000000000006 RSI: 000000000000011b RDI: 0000000000000008
[  373.531980][ T8458] RBP: 00007fe726a10b39 R08: 0000000000000004 R09: 0000000000000000
[  373.531991][ T8458] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000000
[  373.532003][ T8458] R13: 0000000000000000 R14: 00007fe726bb6080 R15: 00007ffcb2526798
[  373.532033][ T8458]  </TASK>
[  373.532140][ T8458] Mem-Info:
[  373.838231][ T8458] active_anon:6917 inactive_anon:0 isolated_anon:0
[  373.838231][ T8458]  active_file:1646 inactive_file:39950 isolated_file:0
[  373.838231][ T8458]  unevictable:768 dirty:317 writeback:0
[  373.838231][ T8458]  slab_reclaimable:10696 slab_unreclaimable:99095
[  373.838231][ T8458]  mapped:31105 shmem:1513 pagetables:1376
[  373.838231][ T8458]  sec_pagetables:0 bounce:0
[  373.838231][ T8458]  kernel_misc_reclaimable:0
[  373.838231][ T8458]  free:1323932 free_pcp:16200 free_cma:0
[  373.884713][ T8458] Node 0 active_anon:27668kB inactive_anon:0kB active_file:6584kB inactive_file:159600kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:124420kB dirty:1264kB writeback:0kB shmem:4516kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:12488kB pagetables:5348kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  373.917606][ T8458] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB kernel_stack:48kB pagetables:156kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB
[  373.947569][ T8458] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  373.977732][ T8458] lowmem_reserve[]: 0 2498 2500 2500 2500
[  373.983809][ T8458] Node 0 DMA32 free:1387904kB boost:0kB min:34248kB low:42808kB high:51368kB reserved_highatomic:0KB free_highatomic:0KB active_anon:27680kB inactive_anon:0kB active_file:6584kB inactive_file:158064kB unevictable:1536kB writepending:1264kB present:3129332kB managed:2558440kB mlocked:0kB bounce:0kB free_pcp:44616kB local_pcp:21096kB free_cma:0kB
[  374.017235][ T8458] lowmem_reserve[]: 0 0 1 1 1
[  374.022179][ T8458] Node 0 Normal free:24kB boost:0kB min:20kB low:24kB high:28kB reserved_highatomic:0KB free_highatomic:0KB active_anon:48kB inactive_anon:0kB active_file:0kB inactive_file:1556kB unevictable:0kB writepending:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:16kB local_pcp:8kB free_cma:0kB
[  374.051643][ T8458] lowmem_reserve[]: 0 0 0 0 0
[  374.056611][ T8458] Node 1 Normal free:3895368kB boost:0kB min:55632kB low:69540kB high:83448kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:200kB unevictable:1536kB writepending:4kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:17152kB local_pcp:5056kB free_cma:0kB
[  374.089043][ T8458] lowmem_reserve[]: 0 0 0 0 0
[  374.094051][ T8458] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  374.108448][ T8458] Node 0 DMA32: 290*4kB (UME) 1190*8kB (UME) 942*16kB (UME) 230*32kB (UME) 134*64kB (UME) 88*128kB (UME) 53*256kB (UME) 27*512kB (UM) 13*1024kB (UM) 2*2048kB (ME) 315*4096kB (M) = 1387992kB
[  374.128176][ T8458] Node 0 Normal: 0*4kB 1*8kB (M) 1*16kB (M) 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24kB
[  374.141043][ T8458] Node 1 Normal: 230*4kB (UME) 50*8kB (UME) 42*16kB (UME) 158*32kB (UME) 49*64kB (UME) 11*128kB (UME) 3*256kB (UM) 2*512kB (M) 1*1024kB (M) 1*2048kB (U) 947*4096kB (ME) = 3895368kB
[  374.159889][ T8458] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  374.169495][ T8458] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=2 hugepages_size=2048kB
[  374.180000][ T8458] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  374.190562][ T8458] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  374.199978][ T8458] 43102 total pagecache pages
[  374.204776][ T8458] 0 pages in swap cache
[  374.209011][ T8458] Free swap  = 124996kB
[  374.213162][ T8458] Total swap = 124996kB
[  374.217404][ T8458] 2097051 pages RAM
[  374.221215][ T8458] 0 pages HighMem/MovableOnly
[  374.225918][ T8458] 425399 pages reserved
[  374.230069][ T8458] 0 pages cma reserved
[  374.671155][ T5893] usb 3-1: New USB device found, idVendor=1a34, idProduct=f705, bcdDevice= 0.00
[  374.692786][ T5893] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  374.965143][ T5893] usb 3-1: config 0 descriptor??
[  375.027511][ T8462] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  375.556132][ T8454] hfsplus: request for non-existent node 16777216 in B*Tree
[  375.563483][ T8454] hfsplus: request for non-existent node 16777216 in B*Tree
[  375.577536][ T8454] hfsplus: request for non-existent node 16777216 in B*Tree
[  375.584861][ T8454] hfsplus: request for non-existent node 16777216 in B*Tree
[  375.602160][ T8454] hfsplus: request for non-existent node 16777216 in B*Tree
[  375.613870][ T8454] hfsplus: request for non-existent node 16777216 in B*Tree
[  375.654731][ T5893] usb 3-1: can't set config #0, error -71
[  375.669115][ T8454] hfsplus: request for non-existent node 16777216 in B*Tree
[  375.680294][ T8454] hfsplus: request for non-existent node 16777216 in B*Tree
[  375.687701][ T8454] hfsplus: request for non-existent node 16777216 in B*Tree
[  375.691948][ T5893] usb 3-1: USB disconnect, device number 10
[  375.694984][ T8454] hfsplus: request for non-existent node 16777216 in B*Tree
[  375.798352][ T8454] hfsplus: request for non-existent node 16777216 in B*Tree
[  375.841448][ T8454] hfsplus: request for non-existent node 16777216 in B*Tree
[  375.867520][ T8454] hfsplus: request for non-existent node 16777216 in B*Tree
[  375.882309][ T8454] hfsplus: request for non-existent node 16777216 in B*Tree
[  375.914251][ T8467] hfsplus: request for non-existent node 16777216 in B*Tree
[  375.996263][ T8467] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.005439][ T8454] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.013145][ T8454] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.021146][ T8467] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.029758][ T8467] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.037281][ T8454] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.055021][ T8454] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.066596][ T8454] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.073902][ T8454] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.081657][ T8454] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.095831][ T8454] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.104283][ T8454] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.111665][ T8454] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.122425][ T8454] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.129794][ T8454] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.137617][ T8454] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.144925][ T8454] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.172407][ T8472] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  376.585908][ T8454] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.593223][ T8454] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.600650][ T8454] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.632901][ T8454] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.804899][ T8454] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.805267][ T8476] loop2: detected capacity change from 0 to 1024
[  376.855799][ T8454] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.863163][ T8454] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.900636][ T8476] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.936040][ T8476] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.945585][ T8476] hfsplus: request for non-existent node 16777216 in B*Tree
[  376.972784][ T8454] hfsplus: request for non-existent node 16777216 in B*Tree
[  377.016407][ T8476] hfsplus: request for non-existent node 16777216 in B*Tree
[  377.090533][   T30] audit: type=1800 audit(1751362118.445:29): pid=8454 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.606" name="file1" dev="loop3" ino=20 res=0 errno=0
[  377.097164][ T8484] /dev/nullb0: Can't open blockdev
[  377.134907][ T8476] hfsplus: request for non-existent node 16777216 in B*Tree
[  377.432668][ T8476] hfsplus: request for non-existent node 16777216 in B*Tree
[  377.449908][ T8476] hfsplus: request for non-existent node 16777216 in B*Tree
[  377.461627][ T8476] hfsplus: request for non-existent node 16777216 in B*Tree
[  377.470770][ T8476] hfsplus: request for non-existent node 16777216 in B*Tree
[  377.479052][ T8476] hfsplus: request for non-existent node 16777216 in B*Tree
[  377.592956][ T8476] hfsplus: request for non-existent node 16777216 in B*Tree
[  377.638355][ T8476] hfsplus: request for non-existent node 16777216 in B*Tree
[  377.658868][ T8476] hfsplus: request for non-existent node 16777216 in B*Tree
[  377.677444][ T8476] hfsplus: request for non-existent node 16777216 in B*Tree
[  377.684902][ T8476] hfsplus: request for non-existent node 16777216 in B*Tree
[  377.726755][   T64] hfsplus: request for non-existent node 16777216 in B*Tree
[  377.734066][   T64] hfsplus: request for non-existent node 16777216 in B*Tree
[  377.743951][ T8476] hfsplus: request for non-existent node 16777216 in B*Tree
[  377.789153][ T8476] hfsplus: request for non-existent node 16777216 in B*Tree
[  377.839204][ T8476] hfsplus: request for non-existent node 16777216 in B*Tree
[  377.875937][ T8476] hfsplus: request for non-existent node 16777216 in B*Tree
[  377.918420][ T8476] hfsplus: request for non-existent node 16777216 in B*Tree
[  377.960556][ T8476] hfsplus: request for non-existent node 16777216 in B*Tree
[  377.973340][ T8476] hfsplus: request for non-existent node 16777216 in B*Tree
[  377.981493][ T8476] hfsplus: request for non-existent node 16777216 in B*Tree
[  377.991887][ T8476] hfsplus: request for non-existent node 16777216 in B*Tree
[  377.999364][ T8476] hfsplus: request for non-existent node 16777216 in B*Tree
[  378.009734][ T8476] hfsplus: request for non-existent node 16777216 in B*Tree
[  378.112769][ T8476] hfsplus: request for non-existent node 16777216 in B*Tree
[  378.120341][ T8476] hfsplus: request for non-existent node 16777216 in B*Tree
[  378.270691][ T8498] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  378.578285][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  378.584733][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  378.705921][ T8476] hfsplus: request for non-existent node 16777216 in B*Tree
[  378.713244][ T8476] hfsplus: request for non-existent node 16777216 in B*Tree
[  378.758995][   T30] audit: type=1800 audit(1751362120.125:30): pid=8476 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.612" name="file1" dev="loop2" ino=20 res=0 errno=0
[  380.666096][ T2149] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  380.827939][ T2149] usb 2-1: Using ep0 maxpacket: 8
[  380.865206][ T2149] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  380.901485][ T2149] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 61507, setting to 1024
[  380.935880][ T5916] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  381.069504][ T2149] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024
[  381.087152][ T5916] usb 3-1: Using ep0 maxpacket: 8
[  381.115928][ T2149] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  381.134214][ T5916] usb 3-1: config 1 has an invalid descriptor of length 22, skipping remainder of the config
[  381.154078][ T5916] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 10304, setting to 1024
[  381.188503][ T5916] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024
[  381.212007][ T5916] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  381.249338][ T5916] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  381.271621][ T5916] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  381.282733][ T5916] usb 3-1: Product: syz
[  381.294646][ T5916] usb 3-1: Manufacturer: syz
[  381.306165][ T5916] usb 3-1: SerialNumber: syz
[  381.334459][ T2149] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  381.351360][ T8524] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  381.361507][ T5916] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22
[  381.389406][ T5916] usbtest 3-1:1.0: couldn't get endpoints, -22
[  381.499984][ T5916] usbtest 3-1:1.0: probe with driver usbtest failed with error -22
[  381.510647][ T2149] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  381.601787][ T8522] loop2: detected capacity change from 0 to 7
[  381.737448][ T5916] usb 3-1: USB disconnect, device number 11
[  381.792739][ T2149] usb 2-1: Product: syz
[  381.815175][ T2149] usb 2-1: Manufacturer: syz
[  381.842703][ T2149] usb 2-1: SerialNumber: syz
[  382.028100][ T8514] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  382.035851][ T8514] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  382.596366][ T8532] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  382.610025][ T8532] xt_CT: You must specify a L4 protocol and not use inversions on it
[  382.991848][ T2149] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -71
[  383.031201][ T2149] usbtest 2-1:1.0: Linux user mode ISO test driver
[  383.072597][ T2149] usbtest 2-1:1.0: high-speed {control bulk-in bulk-out} tests (+alt)
[  383.093188][ T2149] usb 2-1: USB disconnect, device number 10
[  383.267855][ T8537] kvm: pic: non byte write
[  383.513773][ T8544] loop0: detected capacity change from 0 to 1024
[  383.619722][ T8548] netlink: 'syz.3.628': attribute type 1 has an invalid length.
[  384.150539][ T8544] hfsplus: request for non-existent node 16777216 in B*Tree
[  384.189429][ T8544] hfsplus: request for non-existent node 16777216 in B*Tree
[  384.215590][ T8544] hfsplus: request for non-existent node 16777216 in B*Tree
[  384.245102][ T8542] Bluetooth: hci0: Opcode 0x0c1a failed: -4
[  384.259849][ T8544] hfsplus: request for non-existent node 16777216 in B*Tree
[  384.271750][ T8542] Bluetooth: hci1: Opcode 0x0c1a failed: -4
[  384.281480][ T8542] Bluetooth: hci2: Opcode 0x0c1a failed: -4
[  384.291942][ T8542] Bluetooth: hci3: Opcode 0x0c1a failed: -4
[  384.295176][ T8552] hfsplus: request for non-existent node 16777216 in B*Tree
[  384.311183][ T8542] Bluetooth: hci4: Opcode 0x0c1a failed: -4
[  384.327880][ T8552] hfsplus: request for non-existent node 16777216 in B*Tree
[  384.336301][ T8552] hfsplus: request for non-existent node 16777216 in B*Tree
[  384.343673][ T8552] hfsplus: request for non-existent node 16777216 in B*Tree
[  384.459691][ T8544] hfsplus: request for non-existent node 16777216 in B*Tree
[  384.491621][ T8544] hfsplus: request for non-existent node 16777216 in B*Tree
[  384.530057][ T8544] hfsplus: request for non-existent node 16777216 in B*Tree
[  384.539332][ T8544] hfsplus: request for non-existent node 16777216 in B*Tree
[  384.548152][ T8544] hfsplus: request for non-existent node 16777216 in B*Tree
[  384.586151][ T8544] hfsplus: request for non-existent node 16777216 in B*Tree
[  384.620011][ T8558] loop2: detected capacity change from 0 to 512
[  384.629522][ T8544] hfsplus: request for non-existent node 16777216 in B*Tree
[  384.638187][ T8544] hfsplus: request for non-existent node 16777216 in B*Tree
[  384.645531][ T8544] hfsplus: request for non-existent node 16777216 in B*Tree
[  384.669765][ T8544] hfsplus: request for non-existent node 16777216 in B*Tree
[  384.683501][ T8544] hfsplus: request for non-existent node 16777216 in B*Tree
[  384.762011][ T8544] hfsplus: request for non-existent node 16777216 in B*Tree
[  384.767598][ T8558] EXT4-fs error (device loop2): ext4_orphan_get:1393: inode #15: comm syz.2.631: casefold flag without casefold feature
[  384.769456][ T8544] hfsplus: request for non-existent node 16777216 in B*Tree
[  384.789290][ T8544] hfsplus: request for non-existent node 16777216 in B*Tree
[  384.804887][ T8544] hfsplus: request for non-existent node 16777216 in B*Tree
[  384.827685][ T8558] EXT4-fs error (device loop2): ext4_orphan_get:1398: comm syz.2.631: couldn't read orphan inode 15 (err -117)
[  384.839767][ T8544] hfsplus: request for non-existent node 16777216 in B*Tree
[  384.844593][ T8558] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  384.847215][ T8544] hfsplus: request for non-existent node 16777216 in B*Tree
[  384.904476][ T8544] hfsplus: request for non-existent node 16777216 in B*Tree
[  385.047046][ T2149] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  385.084795][ T8544] hfsplus: request for non-existent node 16777216 in B*Tree
[  385.092384][ T8544] hfsplus: request for non-existent node 16777216 in B*Tree
[  385.104161][ T8544] hfsplus: request for non-existent node 16777216 in B*Tree
[  385.115360][ T8544] hfsplus: request for non-existent node 16777216 in B*Tree
[  385.125552][ T8544] hfsplus: request for non-existent node 16777216 in B*Tree
[  385.135585][ T8544] hfsplus: request for non-existent node 16777216 in B*Tree
[  385.405904][ T2149] usb 4-1: Using ep0 maxpacket: 8
[  385.725944][ T8544] hfsplus: request for non-existent node 16777216 in B*Tree
[  385.733261][ T8544] hfsplus: request for non-existent node 16777216 in B*Tree
[  385.775990][   T30] audit: type=1800 audit(1751362127.145:31): pid=8544 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.629" name="file1" dev="loop0" ino=20 res=0 errno=0
[  385.796673][ T2149] usb 4-1: config 1 has an invalid descriptor of length 33, skipping remainder of the config
[  385.807246][ T2149] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 2112, setting to 1024
[  385.818409][ T2149] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024
[  385.828529][ T2149] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  385.866363][   T49] hfsplus: request for non-existent node 16777216 in B*Tree
[  385.879081][ T2149] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  385.890027][   T30] audit: type=1326 audit(1751362127.245:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8568 comm="syz.1.633" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f71cc78e929 code=0x0
[  385.913250][   T49] hfsplus: request for non-existent node 16777216 in B*Tree
[  385.922362][ T2149] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  385.933621][ T2149] usb 4-1: Product: syz
[  385.937990][ T2149] usb 4-1: Manufacturer: syz
[  385.944034][ T2149] usb 4-1: SerialNumber: syz
[  385.959571][ T8564] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  385.975206][ T2149] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22
[  385.988588][ T2149] usbtest 4-1:1.0: couldn't get endpoints, -22
[  386.025209][ T2149] usbtest 4-1:1.0: probe with driver usbtest failed with error -22
[  386.176494][ T5831] Bluetooth: hci0: command 0x0c1a tx timeout
[  386.253132][   T10] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  386.284197][ T6001] usb 4-1: USB disconnect, device number 8
[  386.347714][ T5831] Bluetooth: hci4: command 0x0405 tx timeout
[  386.354263][ T5847] Bluetooth: hci3: command 0x0c1a tx timeout
[  386.472172][ T8579] Bluetooth: hci2: command 0x0c1a tx timeout
[  386.480813][ T8579] Bluetooth: hci1: command 0x0c1a tx timeout
[  387.025787][   T10] usb 2-1: Using ep0 maxpacket: 16
[  387.045794][ T2149] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  387.069218][   T10] usb 2-1: New USB device found, idVendor=1004, idProduct=61aa, bcdDevice=4f.75
[  387.088193][   T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  387.104772][   T10] usb 2-1: Product: syz
[  387.114199][   T10] usb 2-1: Manufacturer: syz
[  387.121876][   T10] usb 2-1: SerialNumber: syz
[  387.137169][   T10] usb 2-1: config 0 descriptor??
[  387.152961][   T10] usb 2-1: bad CDC descriptors
[  387.209658][ T2149] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  387.222382][ T2149] usb 1-1: config 0 has no interface number 0
[  387.239065][ T2149] usb 1-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  387.248438][ T2149] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  387.257546][ T2149] usb 1-1: Product: syz
[  387.261875][ T2149] usb 1-1: Manufacturer: syz
[  387.266946][ T2149] usb 1-1: SerialNumber: syz
[  387.301393][ T2149] usb 1-1: config 0 descriptor??
[  387.309725][ T8583] kvm: pic: non byte write
[  387.514024][ T2149] usb 1-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  387.577464][ T2149] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  387.608943][ T2149] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  387.747420][ T5827] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  387.762078][ T2149] usb 1-1: media controller created
[  387.826981][ T2149] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  387.927439][ T8586] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  388.180836][ T8595] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  388.595520][   T10] usb 2-1: USB disconnect, device number 11
[  389.059503][ T2149] i2c i2c-1: ec100: i2c rd failed=-110 reg=33
[  390.002975][ T2149] usb 1-1: USB disconnect, device number 12
[  390.892254][ T8628] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  392.644200][ T8642] loop2: detected capacity change from 0 to 512
[  392.695225][ T8642] EXT4-fs error (device loop2): ext4_orphan_get:1393: inode #15: comm syz.2.647: casefold flag without casefold feature
[  392.749261][ T8642] EXT4-fs error (device loop2): ext4_orphan_get:1398: comm syz.2.647: couldn't read orphan inode 15 (err -117)
[  392.855815][ T2149] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  392.872604][ T8642] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  393.070819][ T2149] usb 1-1: Using ep0 maxpacket: 8
[  393.259948][ T5496] veth0_macvtap: left promiscuous mode
[  393.827145][ T2149] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  393.877729][ T2149] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 7890, setting to 1024
[  393.899493][ T2149] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024
[  393.939548][ T2149] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  394.053796][ T2149] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  394.306350][ T8651] kvm: pic: non byte write
[  394.376154][ T2149] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  394.403660][ T2149] usb 1-1: Product: syz
[  394.415675][ T2149] usb 1-1: Manufacturer: syz
[  394.641394][ T2149] usb 1-1: SerialNumber: syz
[  396.375069][ T5827] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  396.443276][ T8681] loop1: detected capacity change from 0 to 512
[  396.555209][ T8681] EXT4-fs error (device loop1): ext4_orphan_get:1393: inode #15: comm syz.1.655: casefold flag without casefold feature
[  396.712122][ T8681] EXT4-fs error (device loop1): ext4_orphan_get:1398: comm syz.1.655: couldn't read orphan inode 15 (err -117)
[  396.731746][ T8681] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  399.331278][ T2149] usb 1-1: can't set config #1, error -71
[  399.373381][ T2149] usb 1-1: USB disconnect, device number 13
[  399.557848][ T8703] loop4: detected capacity change from 0 to 40427
[  399.593944][ T8703] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  399.601966][ T8703] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  399.612051][ T8703] F2FS-fs (loop4): invalid crc value
[  399.723941][ T8703] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  399.731155][ T8703] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  400.670260][   T30] audit: type=1800 audit(1751362141.455:33): pid=8709 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.658" name="file1" dev="loop4" ino=10 res=0 errno=0
[  400.951626][ T5847] Bluetooth: hci4: command 0x0405 tx timeout
[  401.271200][ T5840] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  401.309642][ T8714] loop0: detected capacity change from 0 to 512
[  401.353896][ T8714] EXT4-fs error (device loop0): ext4_orphan_get:1393: inode #15: comm syz.0.661: casefold flag without casefold feature
[  401.371398][ T8714] EXT4-fs error (device loop0): ext4_orphan_get:1398: comm syz.0.661: couldn't read orphan inode 15 (err -117)
[  401.404509][ T8714] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  401.464375][ T8712] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  402.262527][ T8720] loop1: detected capacity change from 0 to 1024
[  402.317817][ T8720] hfsplus: request for non-existent node 16777216 in B*Tree
[  402.384460][ T8720] hfsplus: request for non-existent node 16777216 in B*Tree
[  402.410912][ T8720] hfsplus: request for non-existent node 16777216 in B*Tree
[  402.420020][ T8720] hfsplus: request for non-existent node 16777216 in B*Tree
[  402.427830][ T8724] hfsplus: request for non-existent node 16777216 in B*Tree
[  402.438855][ T8724] hfsplus: request for non-existent node 16777216 in B*Tree
[  402.450400][ T5832] syz-executor: attempt to access beyond end of device
[  402.450400][ T5832] loop4: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  402.450703][ T8720] hfsplus: request for non-existent node 16777216 in B*Tree
[  402.475086][ T8720] hfsplus: request for non-existent node 16777216 in B*Tree
[  402.482483][ T8724] hfsplus: request for non-existent node 16777216 in B*Tree
[  402.494844][ T8724] hfsplus: request for non-existent node 16777216 in B*Tree
[  402.527868][ T8720] hfsplus: request for non-existent node 16777216 in B*Tree
[  402.562518][ T5832] CPU: 1 UID: 0 PID: 5832 Comm: syz-executor Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  402.562543][ T5832] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  402.562553][ T5832] Call Trace:
[  402.562561][ T5832]  <TASK>
[  402.562569][ T5832]  dump_stack_lvl+0x189/0x250
[  402.562601][ T5832]  ? __pfx_dump_stack_lvl+0x10/0x10
[  402.562622][ T5832]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  402.562645][ T5832]  ? __pfx_queue_work_on+0x10/0x10
[  402.562670][ T5832]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  402.562693][ T5832]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  402.562717][ T5832]  ? f2fs_hw_is_readonly+0x39b/0x470
[  402.562746][ T5832]  f2fs_handle_critical_error+0x37c/0x540
[  402.562777][ T5832]  f2fs_write_end_io+0x495/0x810
[  402.562798][ T5832]  ? blkg_put+0x22/0x240
[  402.562837][ T5832]  __submit_merged_bio+0x27a/0x6a0
[  402.562857][ T5832]  ? up_write+0x1c4/0x420
[  402.562888][ T5832]  __submit_merged_write_cond+0x44c/0x530
[  402.562919][ T5832]  f2fs_sync_node_pages+0x1869/0x1a00
[  402.562970][ T5832]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  402.563039][ T5832]  ? f2fs_write_checkpoint+0xe43/0x1df0
[  402.563070][ T5832]  ? up_write+0x1c4/0x420
[  402.563091][ T5832]  ? do_raw_spin_unlock+0x122/0x240
[  402.563113][ T5832]  f2fs_write_checkpoint+0xe6f/0x1df0
[  402.563168][ T5832]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  402.563243][ T5832]  ? try_to_wake_up+0x7e5/0x1290
[  402.563270][ T5832]  ? kill_f2fs_super+0x298/0x6c0
[  402.563300][ T5832]  kill_f2fs_super+0x2c3/0x6c0
[  402.563333][ T5832]  ? __pfx_kill_f2fs_super+0x10/0x10
[  402.563355][ T5832]  ? radix_tree_delete_item+0x2b6/0x400
[  402.563390][ T5832]  ? shrinker_free+0x2ce/0x3e0
[  402.563414][ T5832]  deactivate_locked_super+0xbc/0x130
[  402.563439][ T5832]  cleanup_mnt+0x425/0x4c0
[  402.563460][ T5832]  ? lockdep_hardirqs_on+0x9c/0x150
[  402.563488][ T5832]  task_work_run+0x1d1/0x260
[  402.563511][ T5832]  ? __pfx_task_work_run+0x10/0x10
[  402.563527][ T5832]  ? __x64_sys_umount+0x122/0x160
[  402.563562][ T5832]  ? exit_to_user_mode_loop+0x40/0x110
[  402.563586][ T5832]  exit_to_user_mode_loop+0xec/0x110
[  402.563608][ T5832]  do_syscall_64+0x2bd/0x3b0
[  402.563622][ T5832]  ? lockdep_hardirqs_on+0x9c/0x150
[  402.563643][ T5832]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  402.563660][ T5832]  ? clear_bhb_loop+0x60/0xb0
[  402.563683][ T5832]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  402.563700][ T5832] RIP: 0033:0x7fe72698fc57
[  402.563717][ T5832] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  402.563731][ T5832] RSP: 002b:00007ffcb2525a28 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  402.563750][ T5832] RAX: 0000000000000000 RBX: 00007fe726a10925 RCX: 00007fe72698fc57
[  402.563762][ T5832] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffcb2525ae0
[  402.563772][ T5832] RBP: 00007ffcb2525ae0 R08: 0000000000000000 R09: 0000000000000000
[  402.563782][ T5832] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffcb2526b70
[  402.563791][ T5832] R13: 00007fe726a10925 R14: 0000000000061f2e R15: 00007ffcb2526bb0
[  402.563826][ T5832]  </TASK>
[  402.564481][ T8720] hfsplus: request for non-existent node 16777216 in B*Tree
[  402.883845][ T5832] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  402.912273][ T8720] hfsplus: request for non-existent node 16777216 in B*Tree
[  403.018389][ T8720] hfsplus: request for non-existent node 16777216 in B*Tree
[  403.027543][ T8720] hfsplus: request for non-existent node 16777216 in B*Tree
[  403.036059][ T8720] hfsplus: request for non-existent node 16777216 in B*Tree
[  403.043518][ T8720] hfsplus: request for non-existent node 16777216 in B*Tree
[  403.053727][ T8720] hfsplus: request for non-existent node 16777216 in B*Tree
[  403.062230][ T8720] hfsplus: request for non-existent node 16777216 in B*Tree
[  403.069627][ T8720] hfsplus: request for non-existent node 16777216 in B*Tree
[  403.077010][ T8720] hfsplus: request for non-existent node 16777216 in B*Tree
[  403.084295][ T8720] hfsplus: request for non-existent node 16777216 in B*Tree
[  403.091729][ T8720] hfsplus: request for non-existent node 16777216 in B*Tree
[  403.099074][ T8720] hfsplus: request for non-existent node 16777216 in B*Tree
[  403.116471][ T8720] hfsplus: request for non-existent node 16777216 in B*Tree
[  403.656003][ T8720] hfsplus: request for non-existent node 16777216 in B*Tree
[  403.722335][ T8720] hfsplus: request for non-existent node 16777216 in B*Tree
[  403.761987][ T8720] hfsplus: request for non-existent node 16777216 in B*Tree
[  403.784788][ T8720] hfsplus: request for non-existent node 16777216 in B*Tree
[  403.794613][ T8720] hfsplus: request for non-existent node 16777216 in B*Tree
[  403.816634][ T8720] hfsplus: request for non-existent node 16777216 in B*Tree
[  403.823955][ T8720] hfsplus: request for non-existent node 16777216 in B*Tree
[  403.836899][ T8720] hfsplus: request for non-existent node 16777216 in B*Tree
[  403.844365][ T8720] hfsplus: request for non-existent node 16777216 in B*Tree
[  403.859293][   T30] audit: type=1800 audit(1751362145.255:34): pid=8720 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.660" name="file1" dev="loop1" ino=20 res=0 errno=0
[  403.981351][   T64] hfsplus: request for non-existent node 16777216 in B*Tree
[  403.992364][ T8736] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  404.024748][   T64] hfsplus: request for non-existent node 16777216 in B*Tree
[  404.044962][ T8736] kvm: pic: single mode not supported
[  404.045044][ T8736] kvm: pic: non byte read
[  404.058327][ T8736] kvm: pic: level sensitive irq not supported
[  404.058383][ T8736] kvm: pic: non byte read
[  404.095027][ T8736] kvm: pic: level sensitive irq not supported
[  404.095108][ T8736] kvm: pic: non byte read
[  404.118794][ T8736] kvm: pic: level sensitive irq not supported
[  404.118860][ T8736] kvm: pic: non byte read
[  404.408990][ T8743] hfs: can't find a HFS filesystem on dev nullb0
[  404.825627][  T925] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  404.911884][ T5833] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  405.096067][  T925] usb 4-1: Using ep0 maxpacket: 8
[  405.109466][ T8747] kvm: pic: non byte write
[  405.137582][  T925] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  405.165827][  T925] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 58417, setting to 1024
[  405.379471][ T8750] loop2: detected capacity change from 0 to 40427
[  405.398300][ T8750] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  405.408079][ T8750] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  405.434060][ T8750] F2FS-fs (loop2): invalid crc value
[  405.586933][  T925] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024
[  406.190583][ T8750] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  406.197827][ T8750] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  406.206424][  T925] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  406.396428][  T925] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  406.411799][  T925] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  407.421271][  T925] usb 4-1: Product: syz
[  407.439220][  T925] usb 4-1: Manufacturer: syz
[  407.440229][   T30] audit: type=1800 audit(1751362147.895:35): pid=8761 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.669" name="file1" dev="loop2" ino=10 res=0 errno=0
[  407.626521][  T925] usb 4-1: SerialNumber: syz
[  408.951954][ T5827] syz-executor: attempt to access beyond end of device
[  408.951954][ T5827] loop2: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  408.986064][ T5827] CPU: 1 UID: 0 PID: 5827 Comm: syz-executor Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  408.986092][ T5827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  408.986102][ T5827] Call Trace:
[  408.986110][ T5827]  <TASK>
[  408.986118][ T5827]  dump_stack_lvl+0x189/0x250
[  408.986159][ T5827]  ? __pfx_dump_stack_lvl+0x10/0x10
[  408.986180][ T5827]  ? _raw_spin_unlock_irqrestore+0x85/0x110
[  408.986204][ T5827]  ? __pfx_queue_work_on+0x10/0x10
[  408.986268][ T5827]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  408.986288][ T5827]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  408.986311][ T5827]  ? f2fs_hw_is_readonly+0x39b/0x470
[  408.986335][ T5827]  f2fs_handle_critical_error+0x37c/0x540
[  408.986363][ T5827]  f2fs_write_end_io+0x495/0x810
[  408.986383][ T5827]  ? blkg_put+0x22/0x240
[  408.986419][ T5827]  __submit_merged_bio+0x27a/0x6a0
[  408.986437][ T5827]  ? up_write+0x1c4/0x420
[  408.986466][ T5827]  __submit_merged_write_cond+0x44c/0x530
[  408.986492][ T5827]  f2fs_sync_node_pages+0x1869/0x1a00
[  408.986537][ T5827]  ? __pfx_f2fs_sync_node_pages+0x10/0x10
[  408.986583][ T5827]  ? f2fs_write_checkpoint+0xe43/0x1df0
[  408.986611][ T5827]  ? up_write+0x1c4/0x420
[  408.986629][ T5827]  ? do_raw_spin_unlock+0x122/0x240
[  408.986652][ T5827]  f2fs_write_checkpoint+0xe6f/0x1df0
[  408.986694][ T5827]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  408.986759][ T5827]  ? try_to_wake_up+0x7e5/0x1290
[  408.986784][ T5827]  ? kill_f2fs_super+0x298/0x6c0
[  408.986814][ T5827]  kill_f2fs_super+0x2c3/0x6c0
[  408.986844][ T5827]  ? __pfx_kill_f2fs_super+0x10/0x10
[  408.986865][ T5827]  ? radix_tree_delete_item+0x2b6/0x400
[  408.986897][ T5827]  ? shrinker_free+0x2ce/0x3e0
[  408.986920][ T5827]  deactivate_locked_super+0xbc/0x130
[  408.986944][ T5827]  cleanup_mnt+0x425/0x4c0
[  408.986965][ T5827]  ? lockdep_hardirqs_on+0x9c/0x150
[  408.986993][ T5827]  task_work_run+0x1d1/0x260
[  408.987015][ T5827]  ? __pfx_task_work_run+0x10/0x10
[  408.987030][ T5827]  ? __x64_sys_umount+0x122/0x160
[  408.987060][ T5827]  ? exit_to_user_mode_loop+0x40/0x110
[  408.987085][ T5827]  exit_to_user_mode_loop+0xec/0x110
[  408.987107][ T5827]  do_syscall_64+0x2bd/0x3b0
[  408.987121][ T5827]  ? lockdep_hardirqs_on+0x9c/0x150
[  408.987145][ T5827]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  408.987161][ T5827]  ? clear_bhb_loop+0x60/0xb0
[  408.987181][ T5827]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  408.987198][ T5827] RIP: 0033:0x7f4abfd8fc57
[  408.987220][ T5827] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  408.987244][ T5827] RSP: 002b:00007ffc991e0c48 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  408.987263][ T5827] RAX: 0000000000000000 RBX: 00007f4abfe10925 RCX: 00007f4abfd8fc57
[  408.987276][ T5827] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc991e0d00
[  408.987286][ T5827] RBP: 00007ffc991e0d00 R08: 0000000000000000 R09: 0000000000000000
[  408.987296][ T5827] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffc991e1d90
[  408.987312][ T5827] R13: 00007f4abfe10925 R14: 000000000006384f R15: 00007ffc991e1dd0
[  408.987341][ T5827]  </TASK>
[  408.990145][ T5827] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  409.951881][  T925] usb 4-1: can't set config #1, error -71
[  410.007186][  T925] usb 4-1: USB disconnect, device number 9
[  410.136161][ T8785] netlink: 40 bytes leftover after parsing attributes in process `syz.1.674'.
[  410.547585][ T8796] kvm: pic: non byte write
[  410.776946][ T2149] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  411.116242][ T2149] usb 1-1: Using ep0 maxpacket: 8
[  411.336254][ T2149] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64
[  411.588837][ T2149] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 22777, setting to 1024
[  411.919165][ T2149] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024
[  411.967648][ T2149] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  412.099259][ T2149] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40
[  412.186078][ T2149] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  412.229323][ T2149] usb 1-1: Product: syz
[  412.232692][ T8824] hfs: can't find a HFS filesystem on dev nullb0
[  412.329348][ T2149] usb 1-1: Manufacturer: syz
[  412.620658][ T2149] usb 1-1: SerialNumber: syz
[  412.693339][ T8797] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  412.701334][ T8797] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  413.302907][ T8797] loop2: detected capacity change from 0 to 7
[  413.313866][ T2149] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -71
[  413.347301][ T2149] usbtest 1-1:1.0: Linux user mode ISO test driver
[  413.450543][ T8831] kvm: pic: non byte write
[  413.565635][ T2149] usbtest 1-1:1.0: high-speed {control bulk-in bulk-out} tests (+alt)
[  413.631878][ T2149] usb 1-1: USB disconnect, device number 14
[  414.161846][ T8843] loop2: detected capacity change from 0 to 40427
[  414.203114][ T8843] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  414.211108][ T8843] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  414.283810][ T8843] F2FS-fs (loop2): invalid crc value
[  414.302001][ T8848] loop3: detected capacity change from 0 to 512
[  414.746772][ T8843] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  414.753888][ T8843] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  414.771912][ T8848] EXT4-fs error (device loop3): ext4_orphan_get:1393: inode #15: comm syz.3.686: casefold flag without casefold feature
[  414.948610][ T8848] EXT4-fs error (device loop3): ext4_orphan_get:1398: comm syz.3.686: couldn't read orphan inode 15 (err -117)
[  415.646739][   T30] audit: type=1800 audit(1751362156.475:36): pid=8865 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.684" name="file1" dev="loop2" ino=10 res=0 errno=0
[  415.897865][ T8848] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  416.764402][   T64] kworker/u8:4: attempt to access beyond end of device
[  416.764402][   T64] loop2: rw=1, sector=77824, nr_sectors = 2048 limit=40427
[  416.976461][   T31] INFO: task kworker/0:5:5907 blocked for more than 143 seconds.
[  417.126084][   T31]       Not tainted 6.16.0-rc4-next-20250630-syzkaller #0
[  417.138817][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  417.203444][   T31] task:kworker/0:5     state:D stack:23432 pid:5907  tgid:5907  ppid:2      task_flags:0x4208060 flags:0x00004000
[  417.241614][   T64] kworker/u8:4: attempt to access beyond end of device
[  417.241614][   T64] loop2: rw=1, sector=79872, nr_sectors = 2048 limit=40427
[  417.267235][   T31] Workqueue: events_power_efficient hub_init_func2
[  417.300075][   T31] Call Trace:
[  417.310384][   T31]  <TASK>
[  417.319311][   T31]  __schedule+0x16f5/0x4d00
[  417.330517][   T31]  ? __pfx_do_raw_spin_lock+0x10/0x10
[  417.351468][   T31]  ? schedule+0x165/0x360
[  417.364045][   T31]  ? __pfx___schedule+0x10/0x10
[  417.378847][   T31]  ? schedule+0x91/0x360
[  417.381311][   T64] kworker/u8:4: attempt to access beyond end of device
[  417.381311][   T64] loop2: rw=1, sector=49152, nr_sectors = 2048 limit=40427
[  417.404284][   T31]  schedule+0x165/0x360
[  417.415807][   T31]  schedule_preempt_disabled+0x13/0x30
[  417.432571][   T31]  __mutex_lock+0x724/0xe80
[  417.437381][   T31]  ? __mutex_lock+0x51b/0xe80
[  417.442196][   T31]  ? hub_activate+0xb7/0x1ea0
[  417.449219][   T31]  ? __pfx___mutex_lock+0x10/0x10
[  417.454493][   T31]  ? do_raw_spin_lock+0x121/0x290
[  417.465185][   T31]  ? __lock_acquire+0xab9/0xd20
[  417.471819][   T31]  hub_activate+0xb7/0x1ea0
[  417.476658][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  417.576491][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  417.582545][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  417.591972][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  417.655175][   T31]  process_scheduled_works+0xae1/0x17b0
[  417.661065][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  417.667386][   T31]  worker_thread+0x8a0/0xda0
[  417.672074][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  417.678904][   T31]  ? __kthread_parkme+0x7b/0x200
[  417.683954][   T31]  kthread+0x70e/0x8a0
[  417.688433][   T31]  ? __pfx_worker_thread+0x10/0x10
[  417.694615][   T31]  ? __pfx_kthread+0x10/0x10
[  417.699559][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  417.704882][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  417.715373][   T64] kworker/u8:4: attempt to access beyond end of device
[  417.715373][   T64] loop2: rw=1, sector=51200, nr_sectors = 2048 limit=40427
[  417.730530][   T31]  ? __pfx_kthread+0x10/0x10
[  417.735282][   T31]  ret_from_fork+0x3fc/0x770
[  417.743132][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  417.754741][   T31]  ? __switch_to_asm+0x39/0x70
[  417.827663][   T64] kworker/u8:4: attempt to access beyond end of device
[  417.827663][   T64] loop2: rw=1, sector=57344, nr_sectors = 2832 limit=40427
[  417.841938][   T31]  ? __switch_to_asm+0x33/0x70
[  417.852514][   T31]  ? __pfx_kthread+0x10/0x10
[  417.930652][   T31]  ret_from_fork_asm+0x1a/0x30
[  417.948543][   T31]  </TASK>
[  417.952972][   T31] INFO: task kworker/0:7:5929 blocked for more than 144 seconds.
[  417.967852][   T31]       Not tainted 6.16.0-rc4-next-20250630-syzkaller #0
[  417.978162][   T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message.
[  417.987649][   T31] task:kworker/0:7     state:D stack:22264 pid:5929  tgid:5929  ppid:2      task_flags:0x4288060 flags:0x00004000
[  418.006009][   T31] Workqueue: usb_hub_wq hub_event
[  418.011072][   T31] Call Trace:
[  418.014350][   T31]  <TASK>
[  418.051190][   T31]  __schedule+0x16f5/0x4d00
[  418.056891][   T31]  ? schedule+0x165/0x360
[  418.061248][   T31]  ? __pfx___schedule+0x10/0x10
[  418.079996][   T31]  ? preempt_schedule_common+0x83/0xd0
[  418.085487][   T31]  ? __pfx_preempt_schedule+0x10/0x10
[  418.110687][   T31]  ? schedule+0x91/0x360
[  418.114978][   T31]  schedule+0x165/0x360
[  418.119202][   T31]  schedule_timeout+0x9a/0x270
[  418.123973][   T31]  ? __pfx_schedule_timeout+0x10/0x10
[  418.129439][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  418.134643][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  418.140074][   T31]  ? wait_for_completion+0x267/0x5d0
[  418.145373][   T31]  wait_for_completion+0x2bf/0x5d0
[  418.150542][   T31]  ? __pfx_wait_for_completion+0x10/0x10
[  418.156301][   T31]  ? __flush_work+0xd2/0xbc0
[  418.160909][   T31]  ? __flush_work+0xd2/0xbc0
[  418.165512][   T31]  __flush_work+0x9b9/0xbc0
[  418.170096][   T31]  ? __flush_work+0xd2/0xbc0
[  418.174698][   T31]  ? __pfx___flush_work+0x10/0x10
[  418.179829][   T31]  ? __pfx_wq_barrier_func+0x10/0x10
[  418.185139][   T31]  ? __queue_work+0xc56/0xfb0
[  418.189863][   T31]  ? flush_delayed_work+0x11d/0x190
[  418.195069][   T31]  flush_delayed_work+0x13e/0x190
[  418.200154][   T31]  ? __pfx_flush_delayed_work+0x10/0x10
[  418.207546][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  418.212760][   T31]  ? usb_hcd_flush_endpoint+0x3e9/0x400
[  418.218363][   T31]  hub_quiesce+0x1f0/0x330
[  418.222791][   T31]  hub_disconnect+0xc8/0x470
[  418.227453][   T31]  usb_unbind_interface+0x26b/0x910
[  418.232659][   T31]  ? __pfx_usb_unbind_interface+0x10/0x10
[  418.238442][   T31]  device_release_driver_internal+0x4d6/0x7c0
[  418.244519][   T31]  bus_remove_device+0x34d/0x410
[  418.249695][   T31]  device_del+0x511/0x8e0
[  418.254036][   T31]  ? kfree+0x18e/0x440
[  418.258149][   T31]  ? __pfx_device_del+0x10/0x10
[  418.263051][   T31]  ? kobject_put+0x446/0x480
[  418.267686][   T31]  usb_disable_device+0x3e9/0x8a0
[  418.272716][   T31]  usb_disconnect+0x330/0x950
[  418.277460][   T31]  hub_event+0x1cdb/0x4a00
[  418.281916][   T31]  ? do_raw_spin_lock+0x121/0x290
[  418.286999][   T31]  ? register_lock_class+0x51/0x320
[  418.292206][   T31]  ? __pfx_hub_event+0x10/0x10
[  418.297031][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  418.302773][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  418.310202][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  418.316065][   T31]  ? process_scheduled_works+0x9ef/0x17b0
[  418.321790][   T31]  process_scheduled_works+0xae1/0x17b0
[  418.327407][   T31]  ? __pfx_process_scheduled_works+0x10/0x10
[  418.333407][   T31]  worker_thread+0x8a0/0xda0
[  418.338050][   T31]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  418.344392][   T31]  ? __kthread_parkme+0x7b/0x200
[  418.349485][   T31]  kthread+0x70e/0x8a0
[  418.353558][   T31]  ? __pfx_worker_thread+0x10/0x10
[  418.358867][   T31]  ? __pfx_kthread+0x10/0x10
[  418.363464][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  418.368703][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  418.373907][   T31]  ? __pfx_kthread+0x10/0x10
[  418.378536][   T31]  ret_from_fork+0x3fc/0x770
[  418.383232][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  418.388423][   T31]  ? __switch_to_asm+0x39/0x70
[  418.393186][   T31]  ? __switch_to_asm+0x33/0x70
[  418.397995][   T31]  ? __pfx_kthread+0x10/0x10
[  418.402587][   T31]  ret_from_fork_asm+0x1a/0x30
[  418.409101][   T31]  </TASK>
[  418.413199][   T31] 
[  418.413199][   T31] Showing all locks held in the system:
[  418.421297][   T31] 1 lock held by khungtaskd/31:
[  418.426229][   T31]  #0: ffffffff8e13bee0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180
[  418.436460][   T31] 2 locks held by getty/5591:
[  418.441152][   T31]  #0: ffff8880308410a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  418.450986][   T31]  #1: ffffc9000331b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400
[  418.487770][   T31] 2 locks held by syz-executor/5827:
[  418.493242][   T31]  #0: ffff88807db100e0 (&type->s_umount_key#62){+.+.}-{4:4}, at: deactivate_super+0xa9/0xe0
[  418.507118][   T31]  #1: ffffffff8e1418c0 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570
[  418.517844][   T31] 2 locks held by syz-executor/5839:
[  418.523234][   T31]  #0: ffff88806d6f40e0 (&type->s_umount_key#60){+.+.}-{4:4}, at: deactivate_super+0xa9/0xe0
[  418.533704][   T31]  #1: ffffffff8e1419f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[  418.544769][   T31] 3 locks held by kworker/0:5/5907:
[  418.550109][   T31]  #0: ffff88801a482148 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  418.562570][   T31]  #1: ffffc900045dfbc0 ((work_completion)(&(&hub->init_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  418.575618][   T31]  #2: ffff888030e65198 (&dev->mutex){....}-{4:4}, at: hub_activate+0xb7/0x1ea0
[  418.584809][   T31] 5 locks held by kworker/0:7/5929:
[  418.590194][   T31]  #0: ffff88801babe948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0
[  418.601710][   T31]  #1: ffffc900045efbc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0
[  418.621339][   T31]  #2: ffff888145b89198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a00
[  418.633527][   T31]  #3: ffff888030e65198 (&dev->mutex){....}-{4:4}, at: usb_disconnect+0xf8/0x950
[  418.645330][   T31]  #4: ffff88802a064160 (&dev->mutex){....}-{4:4}, at: device_release_driver_internal+0xb6/0x7c0
[  418.658775][   T31] 2 locks held by syz.1.687/8873:
[  418.665782][   T31]  #0: ffff88802a3414d8 (&nft_net->commit_mutex){+.+.}-{4:4}, at: nf_tables_valid_genid+0x3b/0x100
[  418.676724][   T31]  #1: ffffffff8e1419f8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730
[  418.687790][   T31] 
[  418.690210][   T31] =============================================
[  418.690210][   T31] 
[  418.704042][   T31] NMI backtrace for cpu 0
[  418.704057][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  418.704077][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  418.704094][   T31] Call Trace:
[  418.704102][   T31]  <TASK>
[  418.704109][   T31]  dump_stack_lvl+0x189/0x250
[  418.704134][   T31]  ? __wake_up_klogd+0xd9/0x110
[  418.704153][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  418.704176][   T31]  ? __pfx__printk+0x10/0x10
[  418.704204][   T31]  nmi_cpu_backtrace+0x39e/0x3d0
[  418.704228][   T31]  ? __pfx_nmi_cpu_backtrace+0x10/0x10
[  418.704247][   T31]  ? _printk+0xcf/0x120
[  418.704268][   T31]  ? __pfx__printk+0x10/0x10
[  418.704288][   T31]  ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10
[  418.704309][   T31]  nmi_trigger_cpumask_backtrace+0x17a/0x300
[  418.704331][   T31]  watchdog+0xfee/0x1030
[  418.704351][   T31]  ? watchdog+0x1de/0x1030
[  418.704374][   T31]  kthread+0x70e/0x8a0
[  418.704393][   T31]  ? __pfx_watchdog+0x10/0x10
[  418.704409][   T31]  ? __pfx_kthread+0x10/0x10
[  418.704426][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  418.704445][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  418.704464][   T31]  ? __pfx_kthread+0x10/0x10
[  418.704480][   T31]  ret_from_fork+0x3fc/0x770
[  418.704503][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  418.704529][   T31]  ? __switch_to_asm+0x39/0x70
[  418.704543][   T31]  ? __switch_to_asm+0x33/0x70
[  418.704558][   T31]  ? __pfx_kthread+0x10/0x10
[  418.704575][   T31]  ret_from_fork_asm+0x1a/0x30
[  418.704607][   T31]  </TASK>
[  418.704614][   T31] Sending NMI from CPU 0 to CPUs 1:
[  418.707146][ T5839] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  418.708998][    C1] NMI backtrace for cpu 1
[  418.709010][    C1] CPU: 1 UID: 0 PID: 5839 Comm: syz-executor Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  418.709028][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  418.709038][    C1] RIP: 0010:io_serial_out+0x7c/0xc0
[  418.709056][    C1] Code: b1 72 fc 44 89 f9 d3 e5 49 83 c6 40 4c 89 f0 48 c1 e8 03 42 80 3c 20 00 74 08 4c 89 f7 e8 dc c5 d6 fc 41 03 2e 89 d8 89 ea ee <5b> 41 5c 41 5e 41 5f 5d e9 57 5f 25 06 cc 44 89 f9 80 e1 07 38 c1
[  418.709068][    C1] RSP: 0018:ffffc900040cf530 EFLAGS: 00000006
[  418.709082][    C1] RAX: 0000000000000000 RBX: 0000000000000000 RCX: 0000000000000000
[  418.709092][    C1] RDX: 00000000000003f9 RSI: 0000000000000000 RDI: 0000000000000020
[  418.709101][    C1] RBP: 00000000000003f9 R08: 0000000000000003 R09: 0000000000000004
[  418.709110][    C1] R10: dffffc0000000000 R11: ffffffff854d1940 R12: dffffc0000000000
[  418.709122][    C1] R13: dffffc0000000000 R14: ffffffff99dfc780 R15: 0000000000000000
[  418.709132][    C1] FS:  00005555864ac500(0000) GS:ffff888125d1d000(0000) knlGS:0000000000000000
[  418.709146][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  418.709156][    C1] CR2: 00005555864df688 CR3: 000000005b742000 CR4: 00000000003526f0
[  418.709170][    C1] Call Trace:
[  418.709176][    C1]  <TASK>
[  418.709184][    C1]  serial8250_console_write+0x5ef/0x1ba0
[  418.709211][    C1]  ? __lock_acquire+0xab9/0xd20
[  418.709228][    C1]  ? __pfx_serial8250_console_write+0x10/0x10
[  418.709249][    C1]  ? console_flush_all+0x13a/0xc40
[  418.709263][    C1]  ? console_flush_all+0x13a/0xc40
[  418.709280][    C1]  ? do_raw_spin_unlock+0x122/0x240
[  418.709294][    C1]  ? console_flush_all+0x13a/0xc40
[  418.709306][    C1]  ? console_flush_all+0x13a/0xc40
[  418.709320][    C1]  console_flush_all+0x725/0xc40
[  418.709340][    C1]  ? console_flush_all+0x13a/0xc40
[  418.709357][    C1]  ? __pfx_console_flush_all+0x10/0x10
[  418.709376][    C1]  ? is_printk_cpu_sync_owner+0x32/0x40
[  418.709394][    C1]  console_unlock+0xc4/0x270
[  418.709414][    C1]  ? __pfx_console_unlock+0x10/0x10
[  418.709431][    C1]  ? vprintk_emit+0x400/0x7a0
[  418.709450][    C1]  ? vprintk_emit+0x587/0x7a0
[  418.709468][    C1]  ? vprintk_emit+0x444/0x7a0
[  418.709484][    C1]  ? vprintk_emit+0x444/0x7a0
[  418.709503][    C1]  vprintk_emit+0x5b7/0x7a0
[  418.709520][    C1]  ? vprintk_emit+0x444/0x7a0
[  418.709540][    C1]  ? __pfx_vprintk_emit+0x10/0x10
[  418.709557][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  418.709576][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  418.709604][    C1]  _printk+0xcf/0x120
[  418.709618][    C1]  ? __pfx____ratelimit+0x10/0x10
[  418.709640][    C1]  ? __pfx__printk+0x10/0x10
[  418.709652][    C1]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  418.709678][    C1]  __ext4_msg+0x293/0x2a0
[  418.709697][    C1]  ? __pfx___ext4_msg+0x10/0x10
[  418.709713][    C1]  ? kobject_put+0x43f/0x480
[  418.709731][    C1]  ext4_put_super+0xb8/0xc40
[  418.709748][    C1]  ? __pfx_ext4_put_super+0x10/0x10
[  418.709762][    C1]  generic_shutdown_super+0x132/0x2c0
[  418.709782][    C1]  kill_block_super+0x44/0x90
[  418.709801][    C1]  ext4_kill_sb+0x68/0xb0
[  418.709820][    C1]  deactivate_locked_super+0xbc/0x130
[  418.709838][    C1]  cleanup_mnt+0x425/0x4c0
[  418.709855][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  418.709876][    C1]  task_work_run+0x1d1/0x260
[  418.709893][    C1]  ? __pfx_task_work_run+0x10/0x10
[  418.709906][    C1]  ? __x64_sys_umount+0x122/0x160
[  418.709928][    C1]  ? exit_to_user_mode_loop+0x40/0x110
[  418.709947][    C1]  exit_to_user_mode_loop+0xec/0x110
[  418.709964][    C1]  do_syscall_64+0x2bd/0x3b0
[  418.709977][    C1]  ? lockdep_hardirqs_on+0x9c/0x150
[  418.709996][    C1]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  418.710010][    C1]  ? clear_bhb_loop+0x60/0xb0
[  418.710027][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  418.710040][    C1] RIP: 0033:0x7f1f84b8fc57
[  418.710053][    C1] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  418.710065][    C1] RSP: 002b:00007fffe063dd38 EFLAGS: 00000202 ORIG_RAX: 00000000000000a6
[  418.710080][    C1] RAX: 0000000000000000 RBX: 0000000000000064 RCX: 00007f1f84b8fc57
[  418.710089][    C1] RDX: 0000000000000200 RSI: 0000000000000009 RDI: 00007fffe063eee0
[  418.710099][    C1] RBP: 00007f1f84c10925 R08: 00005555864cf66b R09: 0000000000000000
[  418.710109][    C1] R10: 0000000000001000 R11: 0000000000000202 R12: 00007fffe063eee0
[  418.710119][    C1] R13: 00007f1f84c10925 R14: 00005555864ac4a8 R15: 00007fffe063ffb0
[  418.710138][    C1]  </TASK>
[  418.714997][   T31] Kernel panic - not syncing: hung_task: blocked tasks
[  418.715013][   T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc4-next-20250630-syzkaller #0 PREEMPT(full) 
[  418.715034][   T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  418.715045][   T31] Call Trace:
[  418.715053][   T31]  <TASK>
[  418.715061][   T31]  dump_stack_lvl+0x99/0x250
[  418.715098][   T31]  ? __asan_memcpy+0x40/0x70
[  418.715119][   T31]  ? __pfx_dump_stack_lvl+0x10/0x10
[  418.715143][   T31]  ? __pfx__printk+0x10/0x10
[  418.715172][   T31]  panic+0x2db/0x790
[  418.715201][   T31]  ? __pfx_panic+0x10/0x10
[  418.715223][   T31]  ? nmi_backtrace_stall_check+0x433/0x440
[  418.715250][   T31]  ? preempt_schedule_thunk+0x16/0x30
[  418.715272][   T31]  ? nmi_trigger_cpumask_backtrace+0x2b6/0x300
[  418.715300][   T31]  watchdog+0x102d/0x1030
[  418.715321][   T31]  ? watchdog+0x1de/0x1030
[  418.715346][   T31]  kthread+0x70e/0x8a0
[  418.715366][   T31]  ? __pfx_watchdog+0x10/0x10
[  418.715383][   T31]  ? __pfx_kthread+0x10/0x10
[  418.715402][   T31]  ? _raw_spin_unlock_irq+0x23/0x50
[  418.715424][   T31]  ? lockdep_hardirqs_on+0x9c/0x150
[  418.715446][   T31]  ? __pfx_kthread+0x10/0x10
[  418.715464][   T31]  ret_from_fork+0x3fc/0x770
[  418.715487][   T31]  ? __pfx_ret_from_fork+0x10/0x10
[  418.715514][   T31]  ? __switch_to_asm+0x39/0x70
[  418.715529][   T31]  ? __switch_to_asm+0x33/0x70
[  418.715545][   T31]  ? __pfx_kthread+0x10/0x10
[  418.715563][   T31]  ret_from_fork_asm+0x1a/0x30
[  418.715593][   T31]  </TASK>
[  418.721610][   T31] Kernel Offset: disabled