last executing test programs:

1m17.444782548s ago: executing program 3 (id=404):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r1, 0x0)
write$binfmt_script(r1, &(0x7f0000000140)={'#! ', './file0', [{0x20, '/dev/v4l-subdev#\x10'}], 0xa, "2567efcde038f12c8fa3c33d16b7e4f459f8f82beb8506a59c326c883f8a41c5ea7212161ab88a9b33facaefeca563225f78663070eb05dc8a0a1a5dfb5671227c324d91b5a24f2e009b06d448b1bbeb560576d2ebef8d14f9e8539fcce611e285a16be0d14635a359fff84c38"}, 0x8a)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000500), 0x800, 0x0)
ioctl$BLKRRPART(r2, 0x125f, 0x0)

1m16.408055177s ago: executing program 3 (id=409):
write(0xffffffffffffffff, &(0x7f0000000040)="0f0300001900255107", 0x9)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x6, 0x1, &(0x7f00000000c0)=@gcm_256={{0x304}, '\x00', "5193bb672965593497c184a80e0000000000000000000000000700000000001c", '\x00\x00=*', "1202000000040030"}, 0x38)
setsockopt$inet6_tcp_TCP_MD5SIG(r0, 0x6, 0xe, &(0x7f0000000400)={@in6={{0xa, 0x4e24, 0x8, @loopback}}, 0x0, 0x0, 0x41, 0x0, "b208405cce4456e4fc8f2dabd194ff3763f799f91cf7e5e8260998f956ec57c24451db07550335ebf4a3d0168ccaa268e928f39cd7494c2b19ebef230a3373685fbacfcf3b6e9633bd997a9bfcf08f67"}, 0xd8)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36)
sendto$inet6(r0, 0x0, 0x0, 0x20000000, &(0x7f0000000380)={0xa, 0x4e21, 0x10001, @empty, 0x2}, 0x1c)

1m14.537177822s ago: executing program 3 (id=412):
syz_usb_connect(0x0, 0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201000009003940422c021664da010203010902120001000000040904"], 0x0)
close(0x3)
syz_usb_connect$uac1(0x5, 0x71, &(0x7f0000000000)=ANY=[], 0x0)
setsockopt$netlink_NETLINK_PKTINFO(0xffffffffffffffff, 0x10e, 0x3, 0x0, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
futex(&(0x7f000000cffc), 0x5, 0x1000000, 0x0, &(0x7f0000000000)=0x6, 0x4ffffff)

1m11.149260105s ago: executing program 3 (id=421):
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]})
syz_mount_image$msdos(&(0x7f0000000140), &(0x7f0000000180)='./file2\x00', 0x8084, &(0x7f00000002c0)=ANY=[@ANYRES16=0x0, @ANYBLOB="80b7f1dded0be5465c9cd804863166c61147515d22b0e11a7ae008a0d0309009d87c45c353a16843d136b003e5a3f1f6fa9b1d36cfd1089371d41775c1cdf49f5a51ef2fc178d443484e53808b8900ac2fff", @ANYRES64, @ANYBLOB="c0db4d85ec1be56c05cf69be920fbf12adadae45293462a6afb356d72ca11e3d0585977b46e26a6e96357515e755077541503e1ceb07637af803b23e1ffb7d78e619d332cd6fabb5813c4c70bde39deb1c2b7cdffe1dae804679c27cac55a1c363cad4dfabad4c3061b8d33a20c5ac45dd248b08f7750675"], 0xfe, 0x16b, &(0x7f0000000780)="$eJzs20GrElEUB/Azab73avPW0WKgTSupVi2LeEE0UBQualVgbTSE3Eyt/BSt+4JBuGrVDZ3QEkWknJHn77fxwB+958rMXO7AfXPzw6A/Gr8fPZ/GaZZF+0Hk8TOL87gSrahMAgC4TH6kFN9TSulkEmdfI6XUdEcAwL5Z/wHg+Gxd/+831BgAsDf2/wBwfF6+ev30YVFcvMjz04hvk7JX9qrPKn/8pLi4k8+dL781Lctea5HfrfL87/xqXPud31ubd+L2rSqfZY+eFSv59ejvf/oAAABwFLr5wtr9fbe7Ka+qP94PrOzf23GjXds0AIAdjD99HrwdDt99rKE4m4+Y1TvobsWXBv6Wgy1acRBtKLYWs0v2f/9yk08loA7Lm77pTgAAAAAAAAAAAAAAgE3+8ahQJyLWRBGdbScLTmqfKgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACz8CgAA//9vQEW+")
mount$bind(&(0x7f0000000280)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
chroot(&(0x7f0000000580)='./file0/../file0\x00')
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000008c0)='./file0\x00', 0x0, 0x2a05004, 0x0)
pivot_root(&(0x7f0000000600)='./file0\x00', &(0x7f00000001c0)='./file0/../file0\x00')

1m10.171941379s ago: executing program 3 (id=424):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000feffff10850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x20842, 0xc0)
write$P9_RLERRORu(r1, &(0x7f0000000300)=ANY=[@ANYRESHEX], 0x10)
write$binfmt_misc(r1, &(0x7f00000000c0)="4fb9", 0x2)
mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1, 0x10012, r1, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r0, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000240)=[0x4], 0x0, 0x0, 0x1, 0x1}}, 0x40)

1m9.256343802s ago: executing program 0 (id=426):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x23)
pwrite64(r0, &(0x7f0000000140)='2', 0xfdef, 0xfecc)
mkdirat(0xffffffffffffff9c, &(0x7f0000000600)='./file0\x00', 0x19)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
openat(0xffffffffffffff9c, &(0x7f00000005c0)='./file0/file1\x00', 0x42, 0x0)

1m8.972290787s ago: executing program 3 (id=427):
r0 = landlock_create_ruleset(&(0x7f0000000040)={0x2, 0x3, 0x3}, 0x18, 0x0)
landlock_restrict_self(r0, 0x9)
r1 = fsopen(&(0x7f0000000200)='pstore\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
fsmount(r1, 0x0, 0xf)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0)

1m5.791358823s ago: executing program 32 (id=427):
r0 = landlock_create_ruleset(&(0x7f0000000040)={0x2, 0x3, 0x3}, 0x18, 0x0)
landlock_restrict_self(r0, 0x9)
r1 = fsopen(&(0x7f0000000200)='pstore\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0)
fsmount(r1, 0x0, 0xf)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0)

1m5.710964211s ago: executing program 0 (id=429):
syz_open_dev$usbfs(&(0x7f0000000080), 0x75, 0x10b701)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff0000/0x1000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff0000/0xd000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000fe9000/0x3000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0xc4)
r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0x1e3})
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x17, 0x3, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)

1m5.031588577s ago: executing program 0 (id=434):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x8, 0x3, 0x4c8, 0x170, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x3f8, 0xffffffff, 0xffffffff, 0x3f8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0x148, 0x170, 0x0, {}, [@common=@unspec=@helper={{0x48}}, @common=@inet=@hashlimit1={{0x58}, {'bond_slave_1\x00', {0x41, 0x1ff, 0x6, 0xb0e2, 0x10001, 0x84e, 0xfffffffb, 0x18, 0x8}, {0x1}}}]}, @common=@unspec=@NFQUEUE0={0x28}}, {{@uncond, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'vcan0\x00', {0x3, 0x0, 0x41, 0x0, 0x2, 0x1000, 0x6, 0xb, 0x0, 0x18}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x528)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e20, 0x4, @remote, 0xb}, 0x1c)
syz_emit_ethernet(0x7e, &(0x7f0000000300)={@local, @local, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010100", 0x48, 0x11, 0x0, @remote, @local, {[], {0x4e20, 0xe22, 0x48, 0x0, @wg=@cookie={0x3, 0x2, "88c73b21f267636d01dbe5712c1c941e1cdafbbb43f09c28", "e13808ca72381f41e5fff9620915b6f78670dfaf9a2038083179cf6b7931c9b4"}}}}}}}, 0x0)

1m2.958837948s ago: executing program 0 (id=437):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x2800000, &(0x7f0000000080)={[{@debug}, {@jqfmt_vfsold}, {@inlinecrypt}, {@test_dummy_encryption}, {@user_xattr}, {@errors_continue}, {@nobarrier}, {@barrier}]}, 0x1, 0xbd6, &(0x7f0000001080)="$eJzs3M1rHOcZAPBnRp+25a5cSql9sUopNpSuZReZ2hRqF5deeggk14CFvDJC6w8kBUeyIKvkHwhJzoFcAklMgg/x2ZcEcs0lca4xOQRMUKwEQogVZj8kWdqVLGulUeTfD17N8847M+/zaKSdGdjdAJ5ZA9mPNOJwRFxMIgr19WlEdFej3ohKbbuF+dmRH+dnR5JYXHz+uySSiHg4PzvSOFZSXx6od3oj4vP/JPH719bOOzk9Mz5cLpcm6v0TU1eun5icnvn72JXhy6XLpasnT/9z6NTQ6cEzQ22r9aevz9354c//+6by8/u/3Pr+zXeTOBd99bGVddSr3rKBGFj6nazUGRHDbTj+btBRr2dlnUnnBjul25wUAAAtpSvu4f4YheiI5Zu3QnzyRa7JAQAAAG2x2BGxCAAAAOxxied/AAAA2OMa7wN4OD870mj5viNhZz04HxH9tfoX6q020hmV6rI3uiJi/8MkVn6sNanttmUDEXH/qzMfZS2afA55u1XmIuJPzc5/Uq2/v/5J6NX1pxEx2Ib5B1b1f0v1n2vD/HnXD8Cz6e752oVs7fUvXbr/iSbXv84m166nkff1r3H/t7Dm/m+5/o4W93/PPeEcN997+0arsaz+f93574eNls2fLbdU1CY8mIs40tms/mSp/qRF/Rc3OHYStUMUHt0otdom7/oX34k4Fs3rb0jW/36iE6Nj5dJg7WfTOeY+G/qg1fx515+d//0t6l/n/Pdm664/dqQ1X+pzpBG8eOHC7Vbzb1x/+m138kI16q6veXl4amriZER38v+160+tX29jm8YxsvqP/2X9//9mf//Za0Kl/reRVT5XX2b9V1fN+e9bNz9er/7s2S/P839p8+e/uu71J5zjr5++cbzV2Mrn36xl899Pas/CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANCQRkRfJGkxIpJqnKbFYsSBiPhD7E/L1yan/jZ67aWrl7KxiP7oSkfHyqXBiCjU+knWP1mNl/unVvX/ERGHIuKtwr5qv7h4rXwp7+IBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABYciAi+iJJixGRRsRCIU2LxbyzAgAAANquP+8EAAAAgG3n+R8AAAD2Ps//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbLNDR+/eSyKicnZftWW662NduWYGbLc07wSA3HTknQCQm868EwBys8lnfLcLsAclG4z3thzpaXsuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOxexw7fvZdEROXsvmrLdNfHuprucXQHswO2U5p3AkBuOtYb7Ny5PICd99T/4gfbmwew87riUd4pADlLNhjvXd6m8vhIz7blBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDu01dtSVqMiLQap2mxGHEwIvqjKxkdK5cGI+J3EfFloasn6/fknTQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABtNzk9Mz5cLpcmniZItra7QNAqeGV3pLGzQbI70qgFeb8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQh8npmfHhcrk0MZl3JgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDeJqdnxofL5dLEEwS3N7PxiiDvGgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyM+vAQAA///6eA+C")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0)
r1 = fanotify_init(0x200, 0x0)
fanotify_mark(r1, 0x1, 0x4800003e, r0, 0x0)
mount$afs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f00000002c0), 0x5, &(0x7f0000000640)=ANY=[@ANYBLOB='dyn'])
fanotify_mark(r1, 0x1, 0x40000020, r0, &(0x7f00000000c0)='./file0\x00')

59.63463698s ago: executing program 0 (id=440):
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)=<r0=>0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000)

54.935039352s ago: executing program 0 (id=453):
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0xe)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x0, 0x0)
syz_mount_image$fuse(&(0x7f0000000580), &(0x7f0000000040)='./file0\x00', 0x30160f8, &(0x7f0000000700)=ANY=[], 0x81, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000009840)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
setuid(0xee01)
utimensat(r0, 0x0, &(0x7f0000000080)={{}, {0x77359400}}, 0x0)

51.385763806s ago: executing program 33 (id=453):
mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0xe)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x0, 0x0)
syz_mount_image$fuse(&(0x7f0000000580), &(0x7f0000000040)='./file0\x00', 0x30160f8, &(0x7f0000000700)=ANY=[], 0x81, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000009840)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
setuid(0xee01)
utimensat(r0, 0x0, &(0x7f0000000080)={{}, {0x77359400}}, 0x0)

21.578116789s ago: executing program 1 (id=510):
sendmmsg$sock(0xffffffffffffffff, &(0x7f0000001680)=[{{0x0, 0x0, &(0x7f0000000580)=[{&(0x7f00000004c0)="aa86ed61cf68ef600cde22bef2273ed67187829b151344b7647da8b91dc0c7b9b1f5f7dddff0e8a8d1d9027b5e9e3fa59f97bde0b14a154bb11dc4be7af75b5c311c6a61949c5d5ef4bf583d80bfb9dd079550aa2a60d831432b3f4d5c92053543ae92261bdc9835818bfa669914a6aee51fd8cbdcd26ab85434595a9ecc497e5081b8e445f65c4a", 0x88}], 0x1}}], 0x1, 0x8015)
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000280)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000002c0)='cubic', 0xb)

19.955584656s ago: executing program 1 (id=514):
r0 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000400)={0x0, &(0x7f0000000140)=[<r1=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f00000002c0)={0x0, 0x0, r1, 0x0, 0x81, 0x5, 0x9, 0x0, {0x9, 0x4, 0x101c, 0x10, 0x4, 0x401, 0x23ca, 0xa, 0x0, 0x52, 0x43, 0x7e9, 0x401, 0x9aa5, "cb630dab3a0338057401a192419598961f50dc45c87d55a52a28b8f01c0e0e7a"}})
r2 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r2, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r3=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r2, 0xc06864a1, &(0x7f00000001c0)={0x0, 0xffffffffffffffba, r3})

19.065286072s ago: executing program 1 (id=517):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x48)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f00000005c0)={0xe, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00'}, 0xda)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r1}, &(0x7f0000000500), &(0x7f00000002c0)=r0}, 0x20)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000240)=ANY=[@ANYRES32=r1, @ANYRES32=r2, @ANYBLOB="05"], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r1}, &(0x7f00000006c0), &(0x7f0000000700)=r0}, 0x20)

18.082411482s ago: executing program 1 (id=519):
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mount$bpf(0x200000000000, &(0x7f0000000000)='./file0/../file0\x00', 0x0, 0x989046, 0x0)
mount$bpf(0x200000000000, &(0x7f0000000000)='.\x00', 0x0, 0x8b7848, 0x0)
mount$bpf(0x0, &(0x7f0000000180)='./file0\x00', 0x0, 0x20000, 0x0)
mount$bpf(0x200000000000, &(0x7f0000000440)='./file0\x00', 0x0, 0x98d046, 0x0)
mount$bpf(0x200000000000, &(0x7f0000000200)='.\x00', 0x0, 0x8b7840, 0x0)

17.127768977s ago: executing program 1 (id=522):
pipe2$9p(&(0x7f0000000400)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
syz_mount_image$squashfs(&(0x7f00000001c0), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000240), 0x1, 0x1a1, &(0x7f0000000440)="$eJzskLFrE1Ecxz+/d+/uUqG2UXGIoAGLMaWY3CkOTsEpgicOLoIFQxobMVHby6K0WAfpEqiTs051FAcnEQXn4iA46Ll0k2YIDiIiJ3d5/hV9H7j7vu+X93u/33vdeCX2gb/jtTYNchwO8glBA75MMqUm+sb4H0a3JsJF44dCvvOl8aXY406r1+usli+UKWbBg4cmAH6WSWcQTBSf4KhiJDSQL+O1dktuRqQN+mpp9jGz6GdXTL+SnuaIwiGtDLmkWBEXmKkN+vdr8Z80Tfut5c5y524Ynj1fP1f3CWuPnuaV4iOK56xTjfAjpqrruIs82dEHWBCk2lWJI/MjvEW2dpzTJxdGqOoeKcL7ygj/m+6W1TVOUbiRXajJYeEFTsTcZaYUmlu3e516E7mqXkugP+tfrqKw4Thn2vd6S5vXlfz2thuyV5BgF7cSEM4HZNOXOMQHNhPmEpoJ2wm73xF5m3UZmvfUG9n/lXHHOA4etAaD1cCDj1KJCLOvCNP5cSqbyy3CO1NjhK//FxaLxWKxWCwWi8Vi2Qf8CwAA//+GP1+J")
r2 = dup(r1)
write$FUSE_DIRENTPLUS(r2, 0x0, 0x138)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f0000000140)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r0}})
getsockopt$ARPT_SO_GET_ENTRIES(r2, 0x0, 0x61, 0x0, 0x0)

16.444039477s ago: executing program 1 (id=524):
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffcffffff, 0x20031, 0xffffffffffffffff, 0xbe9f5000)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x12d})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000400)={&(0x7f00006c6000/0x400000)=nil, &(0x7f000018b000/0x3000)=nil, 0x400000, 0x1, 0x18100})
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0)

13.200123276s ago: executing program 34 (id=524):
mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffcffffff, 0x20031, 0xffffffffffffffff, 0xbe9f5000)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040)={0xaa, 0x12d})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x4})
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000400)={&(0x7f00006c6000/0x400000)=nil, &(0x7f000018b000/0x3000)=nil, 0x400000, 0x1, 0x18100})
mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x0)

11.343383884s ago: executing program 4 (id=531):
syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000080))
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0xe}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000005140)='./file0\x00', 0x0, &(0x7f0000000040)={[{@nodatacow}, {@flushoncommit}]}, 0x11, 0x5109, &(0x7f000000f400)="$eJzs3U+IVVUcB/Dz5o8zKcw8QcighS3chhQtVIYeYZCL9KUQtDAnF0EIMtguwWxEEIwaCaSsQAuG3MgDIUGYEBe1CTRJEFqY4KaVQrtaFO/de968d67vvueojennEzP3nvu759zzHncx35fnvgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhhDVv194vq09tvHJh4eyWg7MHGsdvzh89EkKldbyS13e/8tqOd3fufn08dph+I9tWq72GzLr+njVWdB1s9uv+eSeEMJoMMJxvXx0ujNq5u784YKlrx/adnj25fdPCmvVTl3bNnyu+dJrGl3sCyyW/r24t3ku11u+h5Ix2u+PWq3Tdoln/9Ib7T14EAHBPNtRbm/afo/mfuO32obSetGtJey5px78Q5jobS5GNu6LXPNel9WWaZy2LCmM955nU8/e/3a6n/ZN2EjXuYZ7dp+aRZrzXPGeS+nLNEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBRcqb2wday+tTGKxcWzm45OHugcfzm/NEjIVRbxytZufL07RMjY9e3/fDRja9PvrT66t/Deb+4Hek4OVyPOxsnQ9jTUbkVh/1jIoR6d6HVDF8UC++1drbGAgAAAI+TZ1q/h9rtLA6OdrUrrTRZaf0XZWHx2rF9p2dPbt+0sGb91KVd8+eWPl69x3i1u47XblcXfyodwTjG33S8xXo8dX9hnHLpiGmeP//Ltq/K+hfyf7U8/8d3Tv4HAADgfsj/6Tjl+uX/PZufnSnrX8j/67ouWcj/ccYx/w+FpeV/AAAAeJQ97PxfK4xTrl/+f/Hwm9+X9S/k/w2D5f+RzmnHgz/HCe+dDGFDv6kDAAAAPcT/77740ULM69knB2lev/rNU7+WjVfI/7XB8v/oA31VAAAAwP3YXr3xfFm9kP/rg+X/sYc6awAAAOBefF75ZLasXsj/04Pl/5X5Nl/5kHX6Mf4rhM8mQxhv7sxkhZ/C3MvtAgAAAPCAxJz+6cffXi47r5D/Z8qf/x+fdBDX/3c9/6+w/r+jkD31b7MHAwAAAPAkKq7nj4/Hz765oNf37w+6/n/i5u3vyq5fyP+HBsv/w53bB/n9fwAAALAE/7fv/3urME65fs///2von4tl/Qv5f26w/B+3qzpf3sX4/hyeDGFtcyd/muCZeLm9SaEx2lFoqSc9dsYeeaEx1lFomUl6vDAZwnPNnUNJYXUszCWFOxN54VRSuBwL+f3QLpxNChfjnXZiIp9uWjgfC/kCi0ZcQbGqvSQi6fFnrx7Nwl17/Na+OAAAwBMlhuc8y452N0MaZRuVfies7HfCUL8ThvudMJKckJ7Y63iY7i7E4x/uOP1lKFHI/6cGy//xrViRbXqt/w9x/X/+vYbt9f/TsVBNCo1YqKdPDKjHa2Rh91i8RrWe97iztl0AAACAx1r8XGB4mecBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/7J3rzFyXfUBwM8+Z3e93l0TpASKYAElIZW8Xm+wpZAgbKAEgQSbynyoUISNvUk33iTGDwmHh9YOQaAUNSkpCShQuxUUf0lWVIhHgVioGFVN1SiVkNOURwgUIUFNSJSKOpGrmXvP7J1zdx6Odx1v+vtJ3jkz//O8c2c85947ZwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP8fjt3xhotaxd981SPf/u4Db//44Y8s3P3EVz51RwjTtce7snDXxac+11s5+Z7vHfrpF7+wad2jp/vzcnk8rKn+6c7vfCLW+ou1IXyjK4TeNLB+OAv05feHY32vGg5hXVgM1EvMDGUl0obDDwZDOBIWA/WqvjUYwnAhsO3R7z/0mWrinsEQLg0hVNI2flzJ2hhMA5f1Z4GhNHBrbxb4nzOZeuCb3VkAzll8MdR3+oXpxgxjS5drsv/1LVvHXlzp8HpiYqx5vt9uXeFOFfSnD0yf09NWqo4VUXp5HPdqWwWvttJ2vsvTVvwglX9CObMYqoTuXTM37Dgwtz8+0h0mJnqa1bRCz/NjT31059mkV81+GDswtiz74b2f//nHvvTktfff98l3XP/gM78fP9dunixs0mJ6pVVCvs+tmucx2uL9ZBW8/EqfksbbPm21Ii/xD12f/tnf/kmreGn+P9Z6/h9353jb3ZA71np6JJubx0eGY+LUSDY3BwAAgFVjNRw1nf/K1VOt6ivN/8c7O/8fT/nnk/lstMdD2FJL3D4awiW1x7PAsdjcB0dDeG0tNd0Y2JoEjofwilriinpVSYmBWGI8CfxqJA9sSQInYmA6CXw5Bu5KAp+IgYUksDMGjieBt8ZAmG0cxx+P5OPoODAYA9uzjbgQr0J4eiS2lmyrx+tVAQAALJN8dtjXeLdwrcO5ZojTy4XBdhniFdhNM1SSGtIZbH1a1bSG3nY1dLeroT7u+dbDL9Xc1a7m0mUYXY0Z9n70d38WWijN/ydbz/8rS3Skq3T+P4Tran9j7u48MlePb59uyAAAAACcgzVbb9nWKl6a/2/p7Pr/eEykp5A5PBwPQ+weDWGyMZBVe3U5kJ31XpMHAAAAYDWon4+vnwufzW+zS7TT+XQ5//RZ5o8n/rcsmf/X73zTTa36W5r/T3d2/f9Q423WiROxF58dDWGgEPhh7GU1UDMeAz97S2MgH/+JuAHujFXlFybUq7ozltgeA5NJ4EizEo/US1zSGMifrHrjt9fHMZuXKAQAAADgvIuHA+J5+Xj9/2MHTr6tVbnS/H/72V3/X5sHly7vn1sTwobeEHrSLwY8PJQtDBgDw1154rtDWV09aVWHhkK4pjqwtKon8vX/e9M1Bh8dzKqKgUte99WnLqsm/m4whA3FwI/ef3RTNbE/CdQbf99gCK+pjjZt/OsDWeN9aeP3DoTw6kKgXtUHB0KoNtafVvX9Sv47BmlVD1ZCuKgQqFe1uRLCwQDAKhX/K91VfHDfwdt275ibm9m7gol4DH8w3DA7NzOx89a5XZUmfdqV9LlhGaND5TE1XQ4p8Xi+RNGx564a6SRd/57gZLEv+XH80oWD+f34WaivNs6pvoa7V6ZDfsPry02EwiepF2vIQ8VKFp/EUv0xf39YEwYO7JvZO/HhHfv3792Y/e00+1T2Nw4q21Yb0201tFTfLoDd4/JiJRv237xnw76Dt62fvXnHjTM3ztwyNfnGTZs3TU1u3ryhOqrJ7G+boV6+VNXJUM8cPf9DfWVvoZLz8a4hISGx2hLztx9d0+rtpzT/39N6/h/fdeI7f74+Q7Pz/2PxNH/2+OJp/u0xcKTT8/9jzc7m1y8MGE8C8zEw7zQ/AAAALw3xcGQ87BiPWvcfvfI3rcqV5v/znX3/f5nW/68vXf+uZsv8XxFLTDZb/z9d5r++/v98s/X/02X+6+v/H3kR1v8/UA8km+Rp6/8DAAAvBedv/f+2y/unPxBQytB2ef/0BwJKGdou49/pDwSc9fr/Uzf99BehhdL8/67O5v8W7gcAAIALx93/9NRrWsVL8/8jnc3/z//6f6HZ9f/jzQLTzRYGtP4fAAAAq1Sz9f/OjP7F+1qVK83/Fzqb/8fLLrobcsdaT49ka9qFdE27UyP1rwwAAADA6tAdJib6OszbsDLq1hfe5mP5UqCt0kU/vPq/bmxVX2n+f7yz+X/D9zLu/fzPP/alJ6+9//R9n3zH9Q8+8/vxxfP/AAAAwMrp9LgEAAAAAAAAAAAAAADw4jvwgX891Spe+v5/uK72eLPv/8ff/YvfL3h5Q+5Ya/v1//L72979wMHakoUPj4Tw+mJg9+Hd60L+2/yXFwMPXX/FxdXE4bTEd37y1l9WEx9IA+9c/7Jnq4lrksD2uEjiK9JA/FXFZ9cmgbi84r+ngbg9FtJAfx749NpsHF3ptvr1cLatutJt9R/DIYwWAvVt9Y3hrI2udID3JIH6AD+UBuIA35MHutNePbAm61UMDMeif7Mm6xUAABes+CmwL9wwOzczGT/Cx9tX9jbeRg1Llh0qV9vTYfOP50uTHXvuqpFO0j3pZ9HF3xrvC5XqEDaWPq4Ws3TVRrk8tbTZdC9vMuR2q72t1Kbrbz6iwWxEEztvndvV13bgV7bPMtXbNsvG0mSnmKW7tkk7qKWDvnQwog63TQddjve7w8RET5LrTTE4Fhq02yM6/b5+cZ2/ZntBMc+hub7nW9VXmv+PdTb/rxTH9Wz+YwDz8Zf1/nLUMv8AAACwsj699Q/3xX/fGX3vf7bKW5r/j3c2/48HxvJTwdnRjuPx9/9vHw2h9tP6Y1ngWGzug6MhvLaWmo4lsh/Uf1csMZkFjsUDJlfEEtunG6saiIGFJPCrkTxwPAmciIH8KMVXQ34o5+6REDbVUtc1ltgTS4wlgffGwHgSmIiBySSwNga2JIHfrM0D00ngX2IgzDZuq39Ym28rAACAs5HPs/oa74Z0nrfQ2y5DV7sMQ+0ydLfLUGmXodko4v2vxQx9xfPxeYb4UF9a62BSSylD/DH8s+5XKUN4pDFnWrDUdP1KkrHGnDHDtoXDa0MLpfn/ZGfz/6HG26z1E3H+v/j7f1ngh7F7n42Xjo/HwM/e0hjIDwyciJPdO+tVTecl8kn7nbHElhgYTwJ7YmBLEth+XR44cnFjIJ9p1xu/vd74bF6iEAAAAIDzLh4giIdp4vz/vwee/+tW5Urz/y2dzf9je2uKjX0i1vqLtSF8o2uxN/XA+uEsEI9jDMevx79qOIR1hQMc9RIzQ1mJ/qTh8IPB7Bvq/WlV3xrMvnwQ72979PsPfaaauGcwhEsLR1/qbfy4krUxmAYu688CQ2ng1t4sEI/81APf7M4CcM7qRwXjDpVf6lI3tnS5JvvfS+U3QdPhlY6BLpFvqe9crZRK+kB+TLXu7J62UnWsjHT7H/dqWw2vtufz/4Pr/fJqK36QOpNsnuoQu3fN3LDjwNz++Ejxm6wlK/Q8F7+l2kl6GfbD+Rfe26i7aaSSdmAyefuYXLrc0vthV6zu3s///GNfevLa++/75Duuf/CZ34+362C7/Td+UfiWm/535GRh8660Ssj3uQv+/SR9YNr7yWr4byB9YNzTFkK4Y+GSp1vFS/P/6c7m/73Jbc0f4sbcNxrCGwob9+G4+d82mr0PFgLZu+RF5UB2yv3JkabvnAAAALDc6oc76scLZvPb7ILwdJ5czj99lvnj8YotS+bvtN8fufTSf2wVL83/t7ee/w8k3XT+3/l/Vojz/0u60A9FD6QPzJ/ToehSdayI0svD+f+wCl5tpTM1zv8H5/+X7N8ynP9vzvn/lpz/X90u9Ket9Clpjw9dIYTBr1/9SKt4af6/p7P5v/X/ll60r77+3/Zm6//tabb+37z1/wAAgBXVZKG5dJ5XWr2vlCFdva+Uoe0CgW2XGLT+31mv/zf0V+//XWihNP+f72z+H3eHNcXWV8v6f+PXNanqrhjYY2FAAAAALkTNDhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw4vrVyaG3t4q/+apHvv3dB97+8cMfWbj7ia986o4QZmuPd2XhrotPfa63cvI93zv00y9+YdO6R09X8nJ9+e0fNeSOtZ4eCeFI4ZHhmDg1Ur2zGNj27gcO9lYTD4+E8PpiYPfh3euqiS+PhHB5MfDQ9VdcXE0cTkt85ydv/WU18YE08M71L3u2mrgmD3Sl3b1/bdbdrrS7n1kbwmghUO/uTWsbq6q3cW0e6E7b+PvhrI0YGI5F7xvO2oiBuVhidiCEDb0h9KRV/XMlq6onrerblayqnrSqj1dCuCaE0JtW9ZP+rKredOT/1p9VFQOXvO6rT11WTRzpD2FDMfCj9x/dVE18KAnUG//T/hBeU91l0sa/1pc13pc2fk9fCK8OIfSnJZ7pzUr0pyWe6A3hokKg3vif94ZwMPCSEN98dhUf3Hfwtt075uZm9q5goj9vazDcMDs3M7Hz1rldlaRPzXQV0mcOlePdHY798ac+urN6e+y5q0Y6Sffm5fpqXZ7qa7h75XL1vmuFeh/7NVSsZPH5KNUf8/eHNWHgwL6ZvRMf3rF//96N2d9Os09lf3vyaLatNi7XturUC91Wlxcr2bD/5j0b9h28bf3szTtunLlx5papyTdu2rxpanLz5g3VUU1mf5djqEfL8Z4VHuorewuVnI83AAkJidWW6G54d5u80P/LLn3QX+xoX6jU3qBL04pilq7aKJdj0Ftbx89y0NUeNf+c0nZEG0sTh1KWqfZZrixNJhazDGZZap/rSpPDYk3dtU0a73eHiYmm/9ONNd4tbr7fLrF5O/VYvuk6TQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwf+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwLAAAAAAgzN86jJ4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAA///jqU04")
r0 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x389b0d52417bb201)
pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x6a012}], 0x1, 0x2000, 0x0, 0x3)

10.270496917s ago: executing program 2 (id=533):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010600000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff1b000000020000000900010073797a30000001000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
bind$xdp(0xffffffffffffffff, &(0x7f0000000100)={0x2c, 0x2}, 0x10)
sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a01020000000000000000010000000900010073797a300000000058000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000002c0003800800014000000000080002400000000010000380140001007465616d3000000000000000000000005c000000160a0101000b000000000000010000000900020073797a30000000000900010073797a3000000000300003802c00038014"], 0xfc}}, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0xa2f01, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})

9.265838129s ago: executing program 4 (id=534):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="120100007882b740422c0917b7ca010203010902120001000000000904"], 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000600)={0x24, &(0x7f0000000280)=ANY=[@ANYBLOB="000701"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000140)={0x40, 0x9, 0x1, "f9"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac3(r0, 0x0, 0x0)
syz_usb_control_io$uac3(r0, 0x0, &(0x7f0000000cc0)={0x24, &(0x7f0000000580)=ANY=[@ANYBLOB="403101"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

7.249045963s ago: executing program 2 (id=535):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000003, 0x20000000ec072, 0xffffffffffffffff, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000bed000/0x4000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f00001a1000/0x2000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ffe000/0x1000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f000068c000/0xc000)=nil, &(0x7f0000817000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0x30bd, 0xc000, 0x8, 0x68})
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
keyctl$session_to_parent(0x12)
syz_clone(0x2048000, 0x0, 0x0, 0x0, 0x0, 0x0)

5.967162894s ago: executing program 4 (id=536):
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
setrlimit(0x1, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff})
r0 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000140)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
r1 = add_key$user(&(0x7f0000000080), &(0x7f0000000000), &(0x7f0000000240)='XX', 0x2, r0)
r2 = add_key$user(&(0x7f0000000200), &(0x7f00000005c0), &(0x7f00000000c0), 0x390, 0xfffffffffffffffd)
keyctl$dh_compute(0x17, &(0x7f0000000100)={r1, r2, r2}, 0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)={'streebog512-generic\x00'}})

5.835877383s ago: executing program 2 (id=537):
r0 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
r1 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nfc(&(0x7f0000000100), r1)
ioctl$IOCTL_GET_NCIDEV_IDX(r0, 0x0, &(0x7f00000000c0)=<r3=>0x0)
readv(r0, &(0x7f0000000680)=[{&(0x7f0000000040)=""/2, 0x2}], 0x1)
sendmsg$NFC_CMD_DEV_UP(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r2, @ANYBLOB="010026bd70003c0200000200000008000100", @ANYRES32=r3], 0x1c}}, 0x0)

4.488106209s ago: executing program 4 (id=538):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
syz_mount_image$btrfs(&(0x7f0000000100), &(0x7f0000000000)='./bus\x00', 0x810, &(0x7f0000000180)={[{@discard}, {@compress_algo={'compress', 0x3d, 'zstd'}}, {@discard_async}, {@usebackuproot}, {@skip_balance}, {@autodefrag}, {@commit={'commit', 0x3d, 0x9}}, {@acl}]}, 0xff, 0x5122, &(0x7f0000006440)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paWLOSWiSzMILauJDCCNyGhrlwoxhILtpp3HvOc+fe53jPvTONjennIzPnPOd3nuc893IW93udc04AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAEMJzv31ypKx++vr02fMz9d2Hts1cOTC94UwIlfb2Sl7ftf3pl17fsev5idhh9sVsWav1GzLreiFrrOnZ2OrX+/NqCGEsGaCaL59aVxi1e3VfccBSNy7tPbZlf33ziaPN6rXL504VXzotE6s9gdWSn1cXF8+levv3SLJHp9116lV6TtGsf3rC/SsvAgBYkqlGe9H5OJp/xO20D6b1pF1P2s2kHT8hNLsby5GNu6bfPDel9VWaZz2LCuN955nU8/e/026k/ZN2EjWWMM/eXfNIM9FvnnNJfbXmCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHA7eejN0QfK6qevT589P1PffWjbzJUD0xvOhFBrb69k5crad4/W//xm+/FDP2z98sTFZx+p5v3icrRr5/BrXHlsMoTXuioX47CX1ofQ6C20m+HzYuGN9sozsQAAAMCd5N7275FOO4uDYz3tSjtNVtr/oiws3ri099iW/fXNJ442q9cunzu1/PEafcar33S8Tru2+FPpCsYx/qbjLdbjrvsK45RLR0zz/KMXpv4q61/I/7Xy/B/fOfkfAACAf0L+T8cpNyj/f/vK7x+V9S/k/009hyzk/zjjmP9HwvLyPwAAANzObnX+rxfGKTco/4+/MPZVWf9C/p8aLv+Pdk87bvwlTnjPZAhTg6YOAAAA9BH/333xq4WY17NvDtK8/sTDh8+XjVfI//Xh8v9Y+GJ+RV8YAAAAsGzzn+18sKxeyP+N4fL/+C2dNQAAALAUb70/8V5ZvZD/Z4fL/2vzZX7lQ9bpx/hXCEcmQ5horcxlhZ9C88lOAQAAAFghMaf/8fHu78v2K+T/ufL7/8c7HcTr/3vu/1e4/r+rkN3173E3BgAAAOBuVLyeP94eP3tyQb/n7w97/f99/zv8ctnxC/n/4HD5v9q9XMnn/wEAAMAy/Nee/7ezME65Qff/v+eDt38u61/I/83h8n9crut+eScrlez9eWcyhI2tlfxugl/Hw+1JCgtjXYW2RtJjR+yRFxbGuwptc0mPrZMh3N9aOZgU/h8LzaRwdX1emE8KZ2IhPx86heNJ4WQ80z5dn083LXwXC/kFFgvxCop1nUsikh7X+vVoFW7a41zn4AAAAHeVGJ7zLDvW2wxplF2oDNph7aAdRgbtUB20w2iyQ7pjv+1htrcQtzfPbl7a8//nh8v/8a1Yky36Xf8f4vX/+XMNO9f/z8ZCLSksxEIjvWNAIx4jC7sfxmPUGnmPqxs7BQAAALijxe8Fqqs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgL/Zu9cYua76AOBnn+N9eHcTqAgpggXqGBe8XtvhoTYV6zRVUShlXVKiClFs7HVYvMHGdgqOADk2KEURNC2R4EOjOEKozoekFgkKNIniRsIoah4oVSOSKBFpnSCi0DSAQiESrmbuPbN3zt15+LGON/39JO+cmf953nl4zr13zgUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/hyNf+szftorf/9tLHn/q8qlP7t9w+fOfv+Tch0OYrj3elYW7Bq+9cernt1582/671t10x7FL396fl8vjYaj6pzu/88VY67HlIdzZFUJvGlg9nAX68vvDsb43DIdwTpgP1EvMDGYl0obD9wdCOBjmA/WqvjcQwnAhcNkj9937lWrihoEQVoQQKmkbT1ayNgbSwAX9WWAwDezozQK/Op6pB77bnQXglMU3Q/1Ff3i6McPYwuWavP76TlvHXlnp8HpiYqx5vp9tWOROFfSnD0yf0tNWqo5FUXp7HPFuWwLvttJ2vt7TVvwilX9DOT4fqoTurTPbNl81tyc+0h0mJnqa1bRIz/NjL35uy4mkl8zrMHZg7LS8Dr/60Ipbe1Z94ME7Vq949tA7Djx3qt38UWGTFtOLrRLy19ySeR6jKZ8nS+DtV/qWNO5LVwhh2yd+74Ot4qX5/1jr+X98Ocfb7obcsdaXR7K5eXxkOCZeGMnm5gAAALBkLIW9pjsm7nlPofhoJamvNP8f7+z4fzzkn0/ms9EeCWGqljgwGsJ5tcezwC2xuY+PhvDmWmq6MbAhCRwJ4fW1xKp6VUmJZbHEeBL4yUgemEoCR2NgOgl8KwauTwJfjIHDSWBLDBxJAhfHQJhtHMfvj+Tj6DgwEAObso14OJ6F8IuR2FqyrZ6oVwUAAHCa5LPDvsa7hXMdTjVDnF4eHmiXIZ6B3TRDJakhncHWp1VNa+htV0N3uxrq497Xevilmrva1Vw6DaOrMcONv/ybD4UWSvP/ydbz/8oCHekqHf8PYWPtb8zdnUfm6vFN0w0ZAAAAgFMw9L9Pf7NVvDT/n+rs/P+4T6SnkDk8EHdDbB8NYbIxkFX7h+VAdtR7KA8AAADAUlA/Hl8/Fj6b32anaKfz6XL+6RPMHw/8Ty2Yv//I3Zta9bc0/5/u7Pz/wcbbrBNHYy++NhrCskLgB7GX1UDNeAz8+L2NgXz8R+MGuC5WlZ+YUK/qulhiUwxMJoGDzUr8sF7ivMZA/mTVGz9QH8dsXqIQAAAAgDMu7g6Ix+Xj+f9v+c26z7QqV5r/bzqx8/9r8+DS6f1zQyGs6Q2hJ/1hwAOD2cKAMTDclSfuGczq6kmrumYwhIuqA0urejpf/783XWPwkYGsqhg47y2HXrygmvjmQAhrioFHP3LzO6uJPUmg3vhfDoTwpupo08a/syxrvC9t/OvLQnhjIVCv6uPLQqg21p9WdV8lv45BWtU/V0J4TSFQr+pdlRD2BgCWqPhf6dbig7v3Xr1989zczK5FTMR9+ANh2+zczMSWHXNbK036tDXpc8MyRteUx9TplW+eyJco+vDtG4c7Sdd/JzhZbCvfj186cTC/H78L9dXGua6v4e76dMhve2u5iVD4JtVsyN2LPOTBYiXzT2Kp/pi/PwyFZVftntk18dnNe/bsWpv97TT7uuxvPMyUbau16bYaXKhvHbw8mq6WlTjZbbWyWMmaPVfuXLN779WrZ6/cfMXMFTOfWvuudZMXTq6ffPeFa6qjmsz+thnqyoWqToZ6/OYOx3Uah3p+b6GSM/GpISEhsdQSO4ZWtvw/uTT/39l6/h8/deInf74+Q7Pj/2PxMH/2+Pxh/k0xcLDT4/9jzY7m108MGE8C+2Jgn8P8AAAAvDrESX7cmxn3Sv901XeebVWuNP/f19nv/0/T+v/1pesvbbbM/6pYYrLZ+v/pMv/19f/3NVv/P13mv77+/8FXYP3/q+qBZJP8wvr/AADAq8GZW/+/7fL+6QUCShnaLu+fXiCglKHtMv6dXiDghNf/f/I//+q/Qwul+f/1nc3/LdwPAAAAZ48v/NlnfqdVvDT/P9jZ/P/Mr/8Xmp3/P94sMN1sYUDr/wEAALBENVv/b+zawY+1Klea/x/ubP4fT7vobsgda315JFvTLqRr2r0wUv/JAAAAACwN3WFioq/DvA0ro244+TYfy5cCbZUuevpPjp3Y+f9HOpv/N/wu46sPrbi1Z9UHHnz5jtUrnj30jgPPzR//BwAAABZPp/slAAAAAAAAAAAAAACAV97T/7F/fat46ff/YWPt8Wa//4/X/Yu/L3htQ+5Ya/v1//L7l73/tr21JQsfGAnhrcXA9v3bzwn5tflXFgP3fnTV66qJ/WmJu5+6+Jlq4mNp4H2rz32pmrgoCWyKiyS+Pg3Eqyq+tDwJxOUV/z0NxO1xOA3054EvL8/G0ZVuq58OZ9uqK91Wjw+HMFoI1LfVncNZG13pAG9IAvUBfjoNxAH+eR7oTnt121DWqxgYjkVvGsp6BQDAWSt+C+wL22bnZibjV/h4e35v423UsGTZNeVquzps/ol8abIP375xuJN0T/pddP5a432hUh3C2tLX1WKWrtooT08tbTbda5sMud1qb91NyqVOdNP1Nx/RQDaiiS075rb2tR34+vZZ1vW2zbK2NNkpZumubdIOaumgLx2MqMNt00GX4/3uMDHRk+T6gxgcCw3avSI6/b1+cZ2/Zq+CYp5PHTvwq1b1leb/Y53N/yvFcb2UXwxgX7yy3t+NWuYfAAAAFteXN/z6G/Hfh669/9FWeUvz//HO5v9xD1Z+KDjb23EkXv//wGgItUvrj2WBW2JzHx8N4c211HQskV1Q/9JYYjIL3BJ3mKyKJTZNN1a1LAYOJ4GfjOSBI0ngaAzkeykOhXxXzt+PhPDOWmpjY4mdscRYEvhgDIwngYkYmEwCy2NgKgk8vzwPTCeBf4uBMNu4rW5fnm8rAACADtWu4ZbPs+Lx5zjtSud5h3vbZehql2GwXYbudhkqLTP0hcPNRhHvfztm6EtOXukqZOpLmx1IailliBfDb9rxtlu3fvj/h40504KlpuP5B/XzDboaM9z1nt5KaKE0/5/sbP4/2HibtX40zv/nr/+XBX4Qu/e1eOr4eAz8+L2NgXzHwNE42b2uXtV0XiKftF8XS0zFwHgS2BkDU0lg08Y8cPB1jYF8pl1v/EC98dm8RCEAAAAAZ1zcQRB308T5/027vzTUqlxp/j/V2fw/tjdUbOyLsdZjy0O4s2u+N/XA6uEsEPdjDMefx79hOIRzCjs46iVmBrMS/UnD4fsD2S/U+9OqvjeQ/fgg3r/skfvu/Uo1ccNACCsKe1/qbTxZydoYSAMX9GeBwTSwozcLxD0/9cB3u7MAnLL6XsH4gspPdakbW7hck9ffq+WaoOnwSvtAF8i30G+uFktph2u+T7XuxJ62lvtvOW1Kb48j3m1L8d025t1W/CKVf0M5Ph+qhO6tM9s2XzW3Jz5S/CVrySI9z8VfqXaSPg2vw30n39v2KmkHJpOPj8mFyy38OuyK1X31oRW39qz6wIN3rF7x7KF3HHiu4240EX8ofN/n/3X4R4XNu9gqIX/NLbnPk2mfJ0viv4Hk3T3uaQshbHz+69e1ipfm/9Odzf97k9uaX8eNuXs0hLcVNu4DcfP/8Wj2OVgIZJ+SrykHskPu/zXS9JMTAAAATrf67o76/oLZ/DY7ITydJ5fzT4dwfPQE8sf9FVML5u+034N//dEVreKl+f+m1vP/ZUk3Hf93/J9F4vj/gs72XdHL0gf2ndKu6FJ1LArH/xd0tr/bHP9fkOP/jv8vxPH/Nhz/X9DZ/rSVviXt9KUrhPDsH93zeKt4af6/s7P5v/X/Fl60r77+36Zm6//tbLb+3z7r/wEAAIuqyUJz6TyvtHpfKUO6el8pQ9sFAtsuMdh6/b8W6+y9atb/K23Uduv/PXP+k78JLZTm//s6m//Hl8NQsfWlsv7f+MYmVV0fAzstDAgAAMDZqNm+CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF5Zd/3D/2xtFb//t5c8/tTlU5/cv+Hy5z9/ybkPhzBbe7wrC3cNXnvj1M9vvfi2/Xetu+mOY5e+vZKX68tvf7chd6z15ZEQDhYeGY6JF0aqd+YDl73/tr291cQDIyG8NQsM55VsP6f691sjIawslrj3o6teV03sny+RBe5+6uJnqomPpYH3rT73pWriojzQlXb3H5dn3e1Ku/uV5SGMFgL17n5yeWNV9Tb+NA90p23803DWRgwMx6LfGM7aiIG5WGJ2WQhrekPoSau6v5JV1ZNW9S+VrKqetKovVEK4KITQm1b1VH9WVW868of7s6pi4Ly3HHrxgmriYH8Ia4qBRz9y8zuriU8ngXrjf9EfwpuqL5m08W/3ZY33pY3f0BfCG0MI/WmJX/ZmJfrTEk/3hvCaQqDe+Cd6Q9gbeFWIHz4Nn2i79169ffPc3MyuxUh8JEv0520NhG2zczMTW3bMba0kfWqmq5A+fs3Jj/2JFz+3pXr74ds3DneS7s3L9dW6vK6v4e76s733sV+DxUrmn5hS/TF/fxgKy67aPbNr4rOb9+zZtTb722n2ddnfnjyabau1S2VbrSxWsmbPlTvX7N579erZKzdfMXPFzKfWvmvd5IWT6yfffeGa6qgms7+nY6g3N4QGzsRQz+8tVLKoHwASEhJnILF2EWrubvh0mzzbP8hLX/TnO9oXKrUP6NK0opilqzbK0zHoDSc54pP5ntJ2RGtLE4dSlnULZLmmMcv60mRivpaBLEvte11pclhsrLu2SeP97jAx0dNsO4w13i1u3p+dwuZ9LN90naYBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+D924EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsAMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYUdOBYAAAAAEOZvHUbPBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXAoAAP//t/8lBw==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x101142, 0xeaff)
write$binfmt_aout(r0, &(0x7f0000000240)=ANY=[@ANYBLOB="929f67cc42da692966e6066cc4b1c5d01c74112294709f4588e96d6003f16c"], 0x29f)
ioctl$FICLONERANGE(r0, 0x4020940d, &(0x7f00000000c0)={{r0}, 0x0, 0x0, 0x100000})

2.018127015s ago: executing program 4 (id=539):
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0x1, 0x8, 0x7fffffff, 0x2, 0x80007, 0x7f, 0x20000006, 0xca, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x100001, 0x3, 0x0, 0x5, 0x6, 0x2000001, 0x7, 0x3c5b, 0x1, 0x24, 0x8006, 0x1, 0x5, 0xffffffff, 0xe661, 0x4, 0x7, 0x89d2, 0x8, 0x4c74, 0x80000000, 0x40000, 0x3, 0xe, 0xfffffffc, 0x80008071, 0x7, 0x17, 0xd, 0x3, 0x2, 0x3e, 0x8f, 0x4006, 0x6, 0x80000000, 0x0, 0x4, 0x8, 0x400, 0x80, 0x0, 0x4, 0x7, 0x8, 0x4, 0x5, 0x40], [0x10000007, 0xf0000000, 0x8000012f, 0x8004, 0x5, 0x6, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0x10, 0x312, 0xd, 0x8, 0xffffffff, 0x4, 0x7, 0x7fff, 0x5a7c, 0x7ffe, 0x401, 0x6, 0x0, 0xff, 0x1, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x20009, 0x8, 0x9, 0x9, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0xfffffffe, 0x7, 0x9, 0x5, 0x3, 0x8, 0xa6d, 0x3, 0x6c0, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x8004, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x9, 0x5, 0x2000000, 0x1ef, 0x5, 0x8, 0x10000, 0x3, 0x5, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x1, 0x800003, 0x1fe, 0x7e, 0x7, 0x4, 0x2950bfaf, 0xffe, 0xa2, 0x7, 0x4000a9, 0x5, 0x9, 0xac8, 0x2000af, 0xfffffffe, 0x8, 0x7ff, 0x12b, 0x4, 0x1, 0x0, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2004, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0x2, 0x5, 0x42c2, 0x6, 0x6, 0x0, 0xb9, 0x4e7, 0x5, 0x2, 0x57, 0x4, 0x8000003, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0x2000a620, 0x2, 0x5, 0x1, 0x2, 0x5, 0xe7, 0x8, 0x16, 0xfffffffe, 0x80000003, 0x6, 0x4, 0xc8, 0x9, 0xfffff000, 0x10000, 0x3, 0x7e, 0x6, 0x9602, 0x7, 0xaf, 0x8, 0x6, 0xffffffff, 0x5, 0x45, 0x8, 0x30b1d693, 0x5, 0x1f40, 0x7, 0x41, 0x6c1b, 0x0, 0x804, 0xac1, 0xb1e, 0xd7, 0x9, 0xffff3441, 0xfff]}, 0x45c)
syz_open_dev$vim2m(&(0x7f0000000000), 0x47b, 0x2)
ppoll(&(0x7f00000000c0)=[{}, {0xffffffffffffffff, 0x300}], 0x20000000000000dc, 0x0, 0x0, 0x0)
ioctl$DRM_IOCTL_MODE_GETPROPERTY(0xffffffffffffffff, 0xc04064aa, 0x0)
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r0, 0xffffffffffffffff, 0x0)

1.882605067s ago: executing program 2 (id=540):
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
pipe(&(0x7f0000000100)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
r3 = fanotify_init(0x200, 0x0)
fanotify_mark(r3, 0x1, 0x1002, r2, 0x0)
write(r2, &(0x7f00000004c0)='g', 0x1)
tee(r1, r0, 0x3, 0x0)

987.160034ms ago: executing program 2 (id=541):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x2a05404, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x2b5b09b, 0x0)
mount$bind(0x0, &(0x7f00000002c0)='./file0\x00', 0x0, 0x80000, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x1101)

292.289097ms ago: executing program 4 (id=542):
r0 = gettid()
r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000100), 0x20082, 0x0)
writev(r1, &(0x7f0000000040)=[{&(0x7f0000000e40)='\b', 0x17ff}], 0x5)
close(0x3)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)

0s ago: executing program 2 (id=543):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x181002, 0x0)
ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000080)={0x49db, 0x0, 0xfff9, 0xbfff, 0x18, "ec28a144f13d7607"})
write$binfmt_aout(r0, &(0x7f00000000c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000180)={0x0, 0xffefef7b, 0x0, 0x0, 0x12, "1b000000e678000000101000"})
r1 = syz_open_pts(r0, 0x48000)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f00000001c0)=0xa)

kernel console output (not intermixed with test programs):

73339][ T5578] 8021q: adding VLAN 0 to HW filter on device team0
[  222.711409][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[  222.719192][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[  222.895856][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  222.903690][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  222.956315][ T5572] 8021q: adding VLAN 0 to HW filter on device team0
[  223.136477][ T1130] bridge0: port 1(bridge_slave_0) entered blocking state
[  223.144174][ T1130] bridge0: port 1(bridge_slave_0) entered forwarding state
[  223.286811][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[  223.294955][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[  223.500017][ T5584] 8021q: adding VLAN 0 to HW filter on device bond0
[  223.912661][ T5584] 8021q: adding VLAN 0 to HW filter on device team0
[  224.071792][ T1130] bridge0: port 1(bridge_slave_0) entered blocking state
[  224.079539][ T1130] bridge0: port 1(bridge_slave_0) entered forwarding state
[  224.339066][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  224.346780][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  225.479084][ T5582] 8021q: adding VLAN 0 to HW filter on device batadv0
[  226.591268][ T5576] 8021q: adding VLAN 0 to HW filter on device batadv0
[  227.475339][ T5576] veth0_vlan: entered promiscuous mode
[  227.702992][ T5576] veth1_vlan: entered promiscuous mode
[  228.195452][ T5578] 8021q: adding VLAN 0 to HW filter on device batadv0
[  228.528496][ T5572] 8021q: adding VLAN 0 to HW filter on device batadv0
[  228.542382][ T5576] veth0_macvtap: entered promiscuous mode
[  228.725501][ T5576] veth1_macvtap: entered promiscuous mode
[  228.793727][ T5582] veth0_vlan: entered promiscuous mode
[  228.848513][ T5584] 8021q: adding VLAN 0 to HW filter on device batadv0
[  228.983447][ T5582] veth1_vlan: entered promiscuous mode
[  229.039703][ T5576] batman_adv: batadv0: Interface activated: batadv_slave_0
[  229.095521][ T5576] batman_adv: batadv0: Interface activated: batadv_slave_1
[  229.117196][ T5578] veth0_vlan: entered promiscuous mode
[  229.216946][   T12] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  229.262115][   T12] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  229.275637][   T12] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  229.318806][   T12] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  229.445512][ T5578] veth1_vlan: entered promiscuous mode
[  229.520722][ T5572] veth0_vlan: entered promiscuous mode
[  229.795648][ T5572] veth1_vlan: entered promiscuous mode
[  229.819639][ T5582] veth0_macvtap: entered promiscuous mode
[  229.933042][ T5584] veth0_vlan: entered promiscuous mode
[  229.958408][ T5582] veth1_macvtap: entered promiscuous mode
[  230.151766][ T5578] veth0_macvtap: entered promiscuous mode
[  230.183677][ T5584] veth1_vlan: entered promiscuous mode
[  230.280244][ T5578] veth1_macvtap: entered promiscuous mode
[  230.320418][ T5582] batman_adv: batadv0: Interface activated: batadv_slave_0
[  230.501010][ T5582] batman_adv: batadv0: Interface activated: batadv_slave_1
[  230.652484][ T5572] veth0_macvtap: entered promiscuous mode
[  230.756371][  T298] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  230.788728][  T298] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  230.858065][ T5578] batman_adv: batadv0: Interface activated: batadv_slave_0
[  230.883578][  T298] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  230.921603][ T5572] veth1_macvtap: entered promiscuous mode
[  231.021370][  T298] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  231.096773][ T5578] batman_adv: batadv0: Interface activated: batadv_slave_1
[  231.307395][  T298] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  231.397351][  T298] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  231.435966][   T12] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  231.465582][   T12] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  231.507471][ T5584] veth0_macvtap: entered promiscuous mode
[  231.547318][ T5572] batman_adv: batadv0: Interface activated: batadv_slave_0
[  231.657749][ T5584] veth1_macvtap: entered promiscuous mode
[  231.719797][ T5572] batman_adv: batadv0: Interface activated: batadv_slave_1
[  231.962677][ T1130] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  231.987480][ T1130] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  232.040338][ T1130] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  232.084821][ T1130] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  232.270637][ T5584] batman_adv: batadv0: Interface activated: batadv_slave_0
[  232.440368][ T5584] batman_adv: batadv0: Interface activated: batadv_slave_1
[  232.647612][   T55] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  232.697167][   T55] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  232.733008][   T55] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  232.815113][   T55] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  234.398520][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  234.440189][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  234.743440][  T138] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  234.794498][  T138] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  235.467063][ T5576] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[  237.395348][ T5805] loop2: detected capacity change from 0 to 32768
[  237.525525][ T5805] XFS (loop2): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  237.848046][ T5805] XFS (loop2): Ending clean mount
[  237.876637][ T5805] XFS (loop2): Quotacheck needed: Please wait.
[  237.984082][ T5805] XFS (loop2): Quotacheck: Done.
[  238.211824][ T5576] XFS (loop2): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  239.018149][   T55] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  239.067817][   T55] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  239.257031][ T5832] loop2: detected capacity change from 0 to 512
[  239.368881][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  239.405686][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  239.498094][ T5832] EXT4-fs (loop2): Cannot turn on journaled quota: type 0: error -2
[  239.540660][ T5832] EXT4-fs (loop2): 1 truncate cleaned up
[  239.595722][ T5832] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  240.532752][ T5576] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  240.920148][ T1155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  240.963251][ T1155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  241.389949][ T3242] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  241.446046][ T3242] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  242.165477][   T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  242.203658][   T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  242.713101][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  242.761439][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  242.805169][ T5861] netlink: 182 bytes leftover after parsing attributes in process `syz.2.10'.
[  243.060560][ T1155] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  243.104714][ T1155] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  243.480906][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  243.521512][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  243.662193][ T5867] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[  244.922413][ T5879] loop2: detected capacity change from 0 to 128
[  244.997649][ T5879] =======================================================
[  244.997649][ T5879] WARNING: The mand mount option has been deprecated and
[  244.997649][ T5879]          and is ignored by this kernel. Remove the mand
[  244.997649][ T5879]          option from the mount to silence this warning.
[  244.997649][ T5879] =======================================================
[  245.102196][ T5882] input: syz1 as /devices/virtual/input/input5
[  245.142415][ T5879] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  245.220897][ T5879] hpfs: filesystem error: improperly stopped
[  245.249382][ T5883] netlink: 4 bytes leftover after parsing attributes in process `syz.1.15'.
[  245.269968][ T5879] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  245.290623][ T5883] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  245.328472][ T5879] hpfs: You really don't want any checks? You are crazy...
[  245.401319][ T5879] hpfs: hpfs_map_sector(): read error
[  245.448057][ T5879] hpfs: code page support is disabled
[  245.500953][ T5879] hpfs: hpfs_map_4sectors(): unaligned read
[  245.547662][ T5879] hpfs: hpfs_map_4sectors(): unaligned read
[  245.577609][ T5879] hpfs: filesystem error: unable to find root dir
[  245.609772][ T5883] batman_adv: batadv0: Removing interface: batadv_slave_1
[  247.020948][ T5890] loop0: detected capacity change from 0 to 4096
[  248.150261][ T5903] loop3: detected capacity change from 0 to 4096
[  248.298489][ T5905] loop1: detected capacity change from 0 to 2048
[  248.787131][ T5905] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  248.862462][ T5903] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  248.994743][ T5908] loop4: detected capacity change from 0 to 32768
[  249.039358][ T5908] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.25 (5908)
[  249.120690][ T5908] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  249.131414][ T5908] BTRFS info (device loop4): using sha256 checksum algorithm
[  249.462344][ T5908] BTRFS info (device loop4): setting nodatasum
[  249.469262][ T5908] BTRFS info (device loop4): enabling ssd optimizations
[  249.476669][ T5908] BTRFS info (device loop4): turning on async discard
[  249.483664][ T5908] BTRFS info (device loop4): enabling free space tree
[  249.659634][ T5578] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  250.354596][ T5582] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  251.068177][ T5938] input: syz1 as /devices/virtual/input/input6
[  252.401419][ T5944] loop3: detected capacity change from 0 to 1024
[  252.648347][ T5944] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  253.532353][ T5578] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  254.529508][ T5960] loop4: detected capacity change from 0 to 4096
[  257.078282][   T10] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  257.316161][   T10] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  257.390018][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  257.463464][   T10] usb 3-1: config 0 descriptor??
[  257.748932][   T40] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  257.786303][   T40] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0
[  257.870799][   T40] hid-generic 0000:0000:0000.0001: hidraw0: <UNKNOWN> HID v0.00 Device [syz0] on syz0
[  258.857544][   T10] usb 3-1: Cannot set autoneg
[  258.885398][   T10] MOSCHIP usb-ethernet driver 3-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  259.006520][   T10] usb 3-1: USB disconnect, device number 2
[  259.517764][   T10] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  259.774105][   T10] usb 5-1: Using ep0 maxpacket: 32
[  259.821959][   T10] usb 5-1: config 0 has an invalid interface number: 51 but max is 0
[  259.887346][   T10] usb 5-1: config 0 has no interface number 0
[  259.961999][   T10] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  260.021146][   T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  260.079589][   T10] usb 5-1: Product: syz
[  260.112940][   T10] usb 5-1: Manufacturer: syz
[  260.142900][   T10] usb 5-1: SerialNumber: syz
[  260.249145][   T10] usb 5-1: config 0 descriptor??
[  260.361020][   T10] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  260.577878][ T5997] fido_id[5997]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  260.671393][   T10] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  260.769683][ T6008] netlink: 4 bytes leftover after parsing attributes in process `syz.2.54'.
[  260.796482][   T10] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  261.042116][    C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71
[  261.076066][   T10] usb 5-1: USB disconnect, device number 2
[  261.189659][   T10] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  261.279772][   T10] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  261.357653][   T10] quatech2 5-1:0.51: device disconnected
[  263.252632][ T6021] loop4: detected capacity change from 0 to 4096
[  263.330483][ T6021] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512).
[  263.791088][ T6021] ntfs3(loop4): ino=19, mi_enum_attr
[  263.818614][ T6021] ntfs3(loop4): Mark volume as dirty due to NTFS errors
[  265.227706][ T6047] netlink: 8 bytes leftover after parsing attributes in process `syz.0.69'.
[  265.251617][ T6047] netlink: 'syz.0.69': attribute type 26 has an invalid length.
[  265.294490][ T6047] netlink: 4 bytes leftover after parsing attributes in process `syz.0.69'.
[  265.342377][ T6047] netlink: 8 bytes leftover after parsing attributes in process `syz.0.69'.
[  265.389400][ T6047] netlink: 'syz.0.69': attribute type 26 has an invalid length.
[  265.418493][ T6047] netlink: 4 bytes leftover after parsing attributes in process `syz.0.69'.
[  265.504036][ T6047] Zero length message leads to an empty skb
[  266.451079][ T6056] netlink: 8 bytes leftover after parsing attributes in process `syz.0.75'.
[  268.992760][ T6083] 9pnet_virtio: no channels available for device ./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
[  269.053394][ T6083] 
@0Ù: renamed from bond_slave_1 (while UP)
[  271.418438][ T1309] ieee802154 phy0 wpan0: encryption failed: -22
[  271.431361][ T1309] ieee802154 phy1 wpan1: encryption failed: -22
[  271.829008][   T10] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  272.137896][   T10] usb 4-1: Using ep0 maxpacket: 16
[  272.212864][   T10] usb 4-1: config 128 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  272.300556][ T6101] loop2: detected capacity change from 0 to 32768
[  272.386545][   T10] usb 4-1: config 128 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  272.388792][ T6101] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  272.415022][   T10] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  272.520792][   T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  272.616223][ T6101] XFS (loop2): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  273.012741][ T6101] XFS (loop2): Starting recovery (logdev: internal)
[  273.123202][ T6101] XFS (loop2): Ending recovery (logdev: internal)
[  273.281880][   T29] audit: type=1800 audit(1778585316.074:2): pid=6101 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.92" name="file1" dev="loop2" ino=4422 res=0 errno=0
[  273.364370][   T10] mcp2221 0003:04D8:00DD.0002: item fetching failed at offset 1/5
[  273.524637][   T10] mcp2221 0003:04D8:00DD.0002: can't parse reports
[  273.589407][   T10] mcp2221 0003:04D8:00DD.0002: probe with driver mcp2221 failed with error -22
[  273.589691][ T5576] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  273.748958][   T10] usb 4-1: USB disconnect, device number 2
[  276.558392][ T6138] loop1: detected capacity change from 0 to 16
[  276.664411][ T6138] erofs (device loop1): EXPERIMENTAL EROFS subpage compressed block support in use. Use at your own risk!
[  276.739717][ T6138] erofs (device loop1): mounted with root inode @ nid 36.
[  277.925642][ T6151] loop1: detected capacity change from 0 to 128
[  278.033098][ T6151] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  278.141634][ T6151] hpfs: filesystem error: improperly stopped
[  278.280293][ T6156] futex_wake_op: syz.4.107 tries to shift op by -1; fix this program
[  278.284020][ T6151] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  278.383277][ T6151] hpfs: You really don't want any checks? You are crazy...
[  278.434476][ T6151] hpfs: hpfs_map_sector(): read error
[  278.492780][ T6151] hpfs: code page support is disabled
[  278.529199][ T6151] hpfs: hpfs_map_4sectors(): unaligned read
[  278.615583][ T6151] hpfs: hpfs_map_4sectors(): unaligned read
[  278.659348][ T6151] hpfs: filesystem error: unable to find root dir
[  279.885156][ T6164] loop2: detected capacity change from 0 to 128
[  279.941280][ T6164] FAT-fs (loop2): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1)
[  280.114280][   T29] audit: type=1800 audit(1778585322.904:3): pid=6164 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.110" name="file1" dev="loop2" ino=1048605 res=0 errno=0
[  280.256791][   T29] audit: type=1800 audit(1778585322.944:4): pid=6164 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.110" name="file1" dev="loop2" ino=1048605 res=0 errno=0
[  280.664589][   T10] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[  280.934415][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  280.952295][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  280.970275][   T10] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  281.051000][   T10] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  281.086214][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  281.107737][ T6180] input: syz0 as /devices/virtual/input/input7
[  281.173156][   T10] usb 1-1: config 0 descriptor??
[  281.905506][   T10] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  282.055739][   T10] usb 1-1: USB disconnect, device number 2
[  282.891521][ T6190] loop1: detected capacity change from 0 to 1024
[  283.011433][ T6190] hfsplus: Filesystem was not cleanly unmounted, running fsck.hfsplus is recommended.  mounting read-only.
[  283.325395][ T6189] fido_id[6189]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  284.842176][ T6203] netlink: 'syz.1.125': attribute type 3 has an invalid length.
[  284.885118][ T6206] netlink: 24 bytes leftover after parsing attributes in process `syz.4.127'.
[  284.902355][ T6206] netlink: 24 bytes leftover after parsing attributes in process `syz.4.127'.
[  289.405921][ T6250] loop0: detected capacity change from 0 to 1024
[  289.489028][ T6250] EXT4-fs: inline encryption not supported
[  289.576266][ T6250] EXT4-fs (loop0): bad geometry: bigalloc file system with non-zero first_data_block
[  289.576266][ T6250] 
[  289.797156][ T6250] netlink: 16 bytes leftover after parsing attributes in process `syz.0.142'.
[  290.155709][ T6258] loop1: detected capacity change from 0 to 256
[  295.103481][ T6301] input: syz0 as /devices/virtual/input/input8
[  295.522778][ T6305] loop1: detected capacity change from 0 to 512
[  295.653594][ T6305] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  295.812409][   T29] audit: type=1800 audit(1778585338.604:5): pid=6305 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.161" name="file1" dev="loop1" ino=15 res=0 errno=0
[  296.115940][ T6311] loop4: detected capacity change from 0 to 16
[  296.227085][ T6311] erofs (device loop4): mounted with root inode @ nid 36.
[  296.292006][ T6314] af_packet: tpacket_rcv: packet too big, clamped from 1 to 4294967272. macoff=96
[  296.362928][ T6311] syz.4.163: attempt to access beyond end of device
[  296.362928][ T6311] loop4: rw=524288, sector=8, nr_sectors = 24 limit=16
[  296.476768][ T6311] erofs (device loop4): invalid de[0].nameoff 0 @ nid 89
[  296.652620][ T5584] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  297.467112][ T6328] netlink: 'syz.1.167': attribute type 64 has an invalid length.
[  298.346262][ T6336] blktrace: Concurrent blktraces are not allowed on loop0
[  298.402395][ T6337] binder: 6335:6337 ioctl c0306201 2000000003c0 returned -14
[  298.902769][ T6339] loop3: detected capacity change from 0 to 2048
[  299.102956][ T6339] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  299.198989][   T29] audit: type=1800 audit(1778585341.994:6): pid=6339 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.174" name="file2" dev="loop3" ino=16 res=0 errno=0
[  299.298728][   T29] audit: type=1800 audit(1778585342.074:7): pid=6339 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.174" name="file2" dev="loop3" ino=16 res=0 errno=0
[  299.322372][ T6347] loop0: detected capacity change from 0 to 512
[  299.459756][ T6347] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  299.534189][ T6352] loop1: detected capacity change from 0 to 256
[  299.576588][   T29] audit: type=1800 audit(1778585342.374:8): pid=6347 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.177" name="file1" dev="loop0" ino=15 res=0 errno=0
[  299.780627][ T5578] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  299.882476][ T6352] FAT-fs (loop1): Directory bread(block 64) failed
[  299.934752][ T6352] FAT-fs (loop1): Directory bread(block 65) failed
[  300.004611][ T5677] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  300.015101][ T6352] FAT-fs (loop1): Directory bread(block 66) failed
[  300.057695][ T6352] FAT-fs (loop1): Directory bread(block 67) failed
[  300.111003][ T6352] FAT-fs (loop1): Directory bread(block 68) failed
[  300.159068][ T6352] FAT-fs (loop1): Directory bread(block 69) failed
[  300.201485][ T6352] FAT-fs (loop1): Directory bread(block 70) failed
[  300.229846][ T5677] usb 5-1: Using ep0 maxpacket: 16
[  300.271954][ T5677] usb 5-1: config 0 has an invalid interface number: 34 but max is 0
[  300.296493][ T6352] FAT-fs (loop1): Directory bread(block 71) failed
[  300.323376][ T6352] FAT-fs (loop1): Directory bread(block 72) failed
[  300.334616][ T5677] usb 5-1: config 0 has no interface number 0
[  300.359993][ T6352] FAT-fs (loop1): Directory bread(block 73) failed
[  300.370853][ T5677] usb 5-1: config 0 interface 34 altsetting 0 bulk endpoint 0xA has invalid maxpacket 1023
[  300.477313][ T5677] usb 5-1: config 0 interface 34 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 80
[  300.577702][ T5572] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  300.615244][ T5677] usb 5-1: New USB device found, idVendor=0b95, idProduct=772a, bcdDevice=82.73
[  300.652938][ T5677] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  300.714770][ T5677] usb 5-1: Product: syz
[  300.740599][ T5677] usb 5-1: Manufacturer: syz
[  300.774869][   T40] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  300.780641][ T5677] usb 5-1: SerialNumber: syz
[  300.865541][ T5677] usb 5-1: config 0 descriptor??
[  300.918373][ T6355] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  300.965954][ T6355] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  300.979123][   T40] usb 3-1: Using ep0 maxpacket: 16
[  301.039305][   T40] usb 3-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config
[  301.100141][   T40] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  301.157590][   T40] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 12336, setting to 1024
[  301.217764][   T40] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 1024
[  301.282572][   T40] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  301.310858][ T6355] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  301.339879][ T6355] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  301.368700][   T40] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  301.447117][   T40] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  301.494501][   T40] usb 3-1: Manufacturer: syz
[  301.587182][   T40] usb 3-1: config 0 descriptor??
[  301.658640][ T5677] asix 5-1:0.34 (unnamed net_device) (uninitialized): invalid hw address, using random
[  301.879195][ T5677] asix 5-1:0.34 (unnamed net_device) (uninitialized): invalid PHY address: 252
[  302.141372][ T5673] usb 5-1: USB disconnect, device number 3
[  302.447255][   T40] rc_core: IR keymap rc-hauppauge not found
[  302.472687][   T40] Registered IR keymap rc-empty
[  302.501131][   T40] mceusb 3-1:0.0: Error: mce write urb status = -71
[  302.574556][   T40] mceusb 3-1:0.0: Error: mce write urb status = -71
[  302.640834][   T40] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[  302.644786][ T5677] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  302.721406][   T40] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input9
[  302.789349][ T6374] netlink: 4 bytes leftover after parsing attributes in process `syz.0.186'.
[  302.841320][   T40] mceusb 3-1:0.0: Error: mce write urb status = -71
[  302.935310][   T40] mceusb 3-1:0.0: Error: mce write urb status = -71
[  302.935912][ T5677] usb 2-1: Using ep0 maxpacket: 16
[  302.966041][   T40] mceusb 3-1:0.0: Error: mce write urb status = -71
[  302.996715][   T40] mceusb 3-1:0.0: Error: mce write urb status = -71
[  303.024708][ T5677] usb 2-1: config 128 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  303.046324][   T40] mceusb 3-1:0.0: Error: mce write urb status = -71
[  303.072824][ T5677] usb 2-1: config 128 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  303.111398][ T5677] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  303.119303][   T40] mceusb 3-1:0.0: Error: mce write urb status = -71
[  303.186520][   T40] mceusb 3-1:0.0: Error: mce write urb status = -71
[  303.190875][ T5677] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  303.252483][   T40] mceusb 3-1:0.0: Error: mce write urb status = -71
[  303.306574][   T40] mceusb 3-1:0.0: Error: mce write urb status = -71
[  303.359606][   T40] mceusb 3-1:0.0: Error: mce write urb status = -71
[  303.442421][   T40] mceusb 3-1:0.0: Registered  with mce emulator interface version 1
[  303.508970][   T40] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  303.592081][   T40] usb 3-1: USB disconnect, device number 3
[  303.821387][ T5677] mcp2221 0003:04D8:00DD.0004: item fetching failed at offset 1/5
[  303.894075][ T5677] mcp2221 0003:04D8:00DD.0004: can't parse reports
[  303.931369][ T5677] mcp2221 0003:04D8:00DD.0004: probe with driver mcp2221 failed with error -22
[  304.059953][ T5677] usb 2-1: USB disconnect, device number 2
[  306.267450][ T6398] loop3: detected capacity change from 0 to 512
[  306.559442][ T6398] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  306.870293][   T29] audit: type=1800 audit(1778585349.604:9): pid=6398 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.193" name="file1" dev="loop3" ino=15 res=0 errno=0
[  307.040933][ T6394] loop1: detected capacity change from 0 to 40427
[  307.124127][ T6394] F2FS-fs (loop1): invalid crc value
[  307.499926][ T6394] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  307.510769][ T6394] F2FS-fs (loop1): Start checkpoint disabled!
[  307.521626][ T6394] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0
[  307.540712][ T6394] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  308.119810][ T5578] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  308.362962][  T298] kworker/u8:7: attempt to access beyond end of device
[  308.362962][  T298] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  308.483269][  T298] CPU: 0 UID: 0 PID: 298 Comm: kworker/u8:7 Not tainted syzkaller #0 PREEMPT(full) 
[  308.483428][  T298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  308.483576][  T298] Workqueue: writeback wb_workfn (flush-7:1)
[  308.483807][  T298] Call Trace:
[  308.483864][  T298]  <TASK>
[  308.483920][  T298]  __dump_stack+0x26/0x30
[  308.484103][  T298]  dump_stack_lvl+0x14c/0x1c0
[  308.484279][  T298]  dump_stack+0x1e/0x25
[  308.484435][  T298]  f2fs_stop_checkpoint+0xac3/0xc70
[  308.484701][  T298]  f2fs_write_end_io+0x1207/0x2200
[  308.484944][  T298]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  308.485094][  T298]  bio_endio+0xfcc/0x1120
[  308.485276][  T298]  submit_bio_noacct+0x533/0x2920
[  308.485516][  T298]  submit_bio+0x57a/0x620
[  308.485699][  T298]  f2fs_submit_write_bio+0x115/0x310
[  308.485935][  T298]  __submit_merged_bio+0x16b/0x700
[  308.486148][  T298]  ? kmsan_get_metadata+0xf1/0x160
[  308.486375][  T298]  __submit_merged_write_cond+0x4ba/0xae0
[  308.486636][  T298]  f2fs_write_data_pages+0x4f4d/0x5c60
[  308.486967][  T298]  ? get_nth_filter+0x5d0/0x7f0
[  308.487136][  T298]  ? trace_lock_elapsed_time_end+0x158/0x10e0
[  308.487298][  T298]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  308.487520][  T298]  ? restore_priority+0x17e/0x410
[  308.487685][  T298]  ? kmsan_get_metadata+0xf1/0x160
[  308.487891][  T298]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  308.488121][  T298]  ? kmsan_get_metadata+0xf1/0x160
[  308.488328][  T298]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  308.488542][  T298]  ? kmsan_get_metadata+0xf1/0x160
[  308.488743][  T298]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  308.488953][  T298]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  308.489119][  T298]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  308.489290][  T298]  do_writepages+0x3f2/0x860
[  308.489495][  T298]  ? stack_depot_save_flags+0x35/0x790
[  308.489698][  T298]  ? kmsan_get_metadata+0xf1/0x160
[  308.489907][  T298]  ? kmsan_get_metadata+0xf1/0x160
[  308.490131][  T298]  __writeback_single_inode+0x101/0x10a0
[  308.490384][  T298]  writeback_sb_inodes+0xb1a/0x1d50
[  308.490766][  T298]  wb_writeback+0x4d3/0xc50
[  308.490995][  T298]  ? queue_io+0x4a1/0x7b0
[  308.491199][  T298]  wb_workfn+0x3a2/0x1970
[  308.491377][  T298]  ? kmsan_get_metadata+0xf1/0x160
[  308.491612][  T298]  ? __pfx_wb_workfn+0x10/0x10
[  308.491798][  T298]  process_scheduled_works+0xb65/0x1e40
[  308.492068][  T298]  worker_thread+0xee4/0x1590
[  308.492297][  T298]  kthread+0x53f/0x600
[  308.492496][  T298]  ? __pfx_worker_thread+0x10/0x10
[  308.492706][  T298]  ? __pfx_kthread+0x10/0x10
[  308.492909][  T298]  ret_from_fork+0x20f/0x8d0
[  308.493077][  T298]  ? __switch_to+0x573/0x7a0
[  308.493289][  T298]  ? __pfx_kthread+0x10/0x10
[  308.493499][  T298]  ret_from_fork_asm+0x1a/0x30
[  308.493740][  T298]  </TASK>
[  308.901140][  T298] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  309.747385][ T6422] capability: warning: `syz.4.205' uses deprecated v2 capabilities in a way that may be insecure
[  310.492959][ T6427] loop0: detected capacity change from 0 to 2048
[  310.665378][ T6427] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  310.855077][ T6427] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  310.907433][ T6427] EXT4-fs (loop0): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 11 with error 28
[  310.934082][   T40] usb 5-1: new full-speed USB device number 4 using dummy_hcd
[  310.997357][ T6427] EXT4-fs (loop0): This should not happen!! Data will be lost
[  310.997357][ T6427] 
[  311.076771][ T6427] EXT4-fs (loop0): Total free blocks count 0
[  311.107778][   T40] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  311.109070][ T6427] EXT4-fs (loop0): Free/Dirty block details
[  311.141824][   T40] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64
[  311.195466][ T6427] EXT4-fs (loop0): free_blocks=2415919504
[  311.199171][   T40] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 512, setting to 64
[  311.221846][ T6427] EXT4-fs (loop0): dirty_blocks=16
[  311.260138][ T6427] EXT4-fs (loop0): Block reservation details
[  311.280272][   T40] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  311.302853][ T6427] EXT4-fs (loop0): i_reserved_data_blocks=1
[  311.327457][   T40] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  311.382619][   T40] usb 5-1: Product: syz
[  311.413219][   T40] usb 5-1: Manufacturer: syz
[  311.451409][   T40] usb 5-1: SerialNumber: syz
[  311.833759][ T6432] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  311.900156][ T6432] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  311.927696][ T5572] EXT4-fs warning (device loop0): ext4_evict_inode:195: inode #15: comm syz-executor: data will be lost
[  312.006544][ T5572] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  312.598474][ T6441] loop2: detected capacity change from 0 to 512
[  312.626466][ T6432] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  312.698272][ T6432] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  312.799589][ T6441] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  312.812852][ T6441] ext4 filesystem being mounted at /44/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  312.935997][   T40] cdc_ncm 5-1:1.0: MAC-Address: 42:42:42:42:42:42
[  312.960934][   T40] cdc_ncm 5-1:1.0: dwNtbInMaxSize=17 is too small. Using 2048
[  312.996825][   T40] cdc_ncm 5-1:1.0: setting rx_max = 2048
[  313.141398][   T40] cdc_ncm 5-1:1.0: setting tx_max = 88
[  313.260348][   T40] cdc_ncm 5-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.4-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[  313.402138][   T40] usb 5-1: USB disconnect, device number 4
[  313.443398][   T40] cdc_ncm 5-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.4-1, CDC NCM (NO ZLP)
[  313.607667][ T5576] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  314.234626][ T6453] loop3: detected capacity change from 0 to 512
[  314.320070][ T6453] EXT4-fs (loop3): 1 truncate cleaned up
[  314.351845][ T6453] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  315.087394][ T5578] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  315.591600][ T6465] loop0: detected capacity change from 0 to 1024
[  315.780245][ T6465] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  316.098996][ T6475] netlink: 1243 bytes leftover after parsing attributes in process `syz.4.221'.
[  316.776843][ T5572] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  318.985747][ T6507] netlink: 4 bytes leftover after parsing attributes in process `syz.3.236'.
[  319.587556][ T6513] netlink: 876 bytes leftover after parsing attributes in process `syz.0.238'.
[  319.682767][ T6513] netlink: 8 bytes leftover after parsing attributes in process `syz.0.238'.
[  320.779434][ T6524] loop1: detected capacity change from 0 to 1024
[  320.822920][ T6524] EXT4-fs (loop1): bad geometry: bigalloc file system with non-zero first_data_block
[  320.822920][ T6524] 
[  321.228947][ T6524] loop1: detected capacity change from 0 to 512
[  321.468081][ T6524] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  321.584115][ T6524] ext4 filesystem being mounted at /46/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  321.897249][ T6533] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1317: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  322.111049][ T6533] EXT4-fs (loop1): Remounting filesystem read-only
[  322.818887][ T6535] loop3: detected capacity change from 0 to 40427
[  322.850094][ T5584] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  322.886717][ T6535] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  322.895089][ T6535] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  322.937549][ T6535] F2FS-fs (loop3): invalid crc value
[  323.329600][ T6535] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  323.370487][ T6535] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  323.378476][ T6535] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  323.386731][ T6540] loop4: detected capacity change from 0 to 1024
[  323.453941][   T29] audit: type=1800 audit(1778585366.244:10): pid=6535 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.246" name="file1" dev="loop3" ino=10 res=0 errno=0
[  323.760263][ T6540] hfsplus: hfsplus: Invalid key length: 29235
[  325.024777][ T6555] loop2: detected capacity change from 0 to 512
[  325.097278][ T6555] EXT4-fs: Ignoring removed i_version option
[  325.180900][ T6557] netlink: 'syz.4.254': attribute type 13 has an invalid length.
[  325.193428][ T6555] EXT4-fs (loop2): 1 truncate cleaned up
[  325.328009][ T6555] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  325.900248][ T5576] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  327.044475][ T6557] bridge0: port 2(bridge_slave_1) entered disabled state
[  327.054828][ T6557] bridge0: port 1(bridge_slave_0) entered disabled state
[  327.378630][ T5683] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  327.392676][ T6569] [U] 
[  327.395758][ T6569] [U] 
[  327.398916][ T6569] [U] 
[  327.401930][ T6569] [U] 
[  327.444820][ T6569] [U] 
[  327.447912][ T6569] [U] 
[  327.450970][ T6569] [U] 
[  327.453986][ T6569] [U] 
[  327.478348][ T6569] [U] 
[  327.481445][ T6569] [U] 
[  327.484488][ T6569] [U] 
[  327.535631][ T6567] [U] 
[  327.595070][ T5683] usb 3-1: Using ep0 maxpacket: 32
[  327.611800][ T5683] usb 3-1: config 0 has an invalid interface number: 188 but max is 0
[  327.666122][ T5683] usb 3-1: config 0 has no interface number 0
[  327.686519][ T5683] usb 3-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32
[  327.738916][ T5683] usb 3-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36
[  327.761170][ T5683] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  327.780881][ T5683] usb 3-1: Product: syz
[  327.792142][ T5683] usb 3-1: Manufacturer: syz
[  327.807256][ T5683] usb 3-1: SerialNumber: syz
[  327.852120][ T5683] usb 3-1: config 0 descriptor??
[  327.885345][ T6566] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  327.970803][ T6557] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  328.167160][ T6557] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  328.228071][ T6566] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  329.308529][ T5683] asix 3-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71
[  329.348890][ T5683] asix 3-1:0.188: probe with driver asix failed with error -71
[  329.442646][ T5683] usb 3-1: USB disconnect, device number 4
[  329.891753][ T1155] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  329.946760][ T1155] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  330.006374][ T1155] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  330.059618][ T1155] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  330.401675][ T6580] loop3: detected capacity change from 0 to 128
[  330.494706][ T6582] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  330.502891][ T6580] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  330.519996][ T6580] ext4 filesystem being mounted at /51/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  330.664861][ T6590] loop2: detected capacity change from 0 to 128
[  330.672096][ T6587] loop4: detected capacity change from 0 to 512
[  330.737275][ T6590] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  330.749458][ T5578] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  330.782775][ T6587] EXT4-fs error (device loop4): ext4_orphan_get:1397: inode #15: comm syz.4.264: inode has both inline data and extents flags
[  330.818742][ T6587] loop4: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[  330.823060][ T6587] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz.4.264: couldn't read orphan inode 15 (err -117)
[  330.832971][    C1] EXT4-fs (loop4): error count since last fsck: 1
[  330.833077][    C1] EXT4-fs (loop4): initial error at time 1778585373: ext4_orphan_get:1397: inode 15
[  330.833263][    C1] EXT4-fs (loop4): last error at time 1778585373: ext4_orphan_get:1397: inode 15
[  330.920518][ T6590] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  330.957672][ T6587] loop4: lost filesystem error report for type 5 error -117
[  330.979220][ T6587] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  331.717918][ T6593] loop0: detected capacity change from 0 to 4096
[  332.278296][ T5582] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  332.857519][ T1309] ieee802154 phy0 wpan0: encryption failed: -22
[  332.867652][ T1309] ieee802154 phy1 wpan1: encryption failed: -22
[  333.055444][   T10] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  333.056922][   T40] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  333.303147][   T10] usb 3-1: config 160 has an invalid interface number: 200 but max is 0
[  333.348774][   T10] usb 3-1: config 160 has no interface number 0
[  333.374332][   T40] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  333.394173][   T10] usb 3-1: config 160 interface 200 has no altsetting 0
[  333.439066][   T40] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  333.504470][   T10] usb 3-1: New USB device found, idVendor=21bb, idProduct=2070, bcdDevice=87.0b
[  333.518219][   T40] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  333.551415][   T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  333.588569][   T40] usb 5-1: config 0 descriptor??
[  333.603355][   T10] usb 3-1: Product: syz
[  333.624826][   T10] usb 3-1: Manufacturer: syz
[  333.668242][   T10] usb 3-1: SerialNumber: syz
[  334.003447][   T40] usbhid 5-1:0.0: can't add hid device: -71
[  334.004458][ T6611] netlink: 'syz.0.274': attribute type 1 has an invalid length.
[  334.029315][   T40] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  334.119949][ T6604] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  334.926054][ T4872] Bluetooth: hci2: command 0x0406 tx timeout
[  334.933125][ T4872] Bluetooth: hci0: command 0x0406 tx timeout
[  334.941367][ T4872] Bluetooth: hci1: command 0x0406 tx timeout
[  334.948019][ T4872] Bluetooth: hci3: command 0x0406 tx timeout
[  335.131643][ T6604] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  335.143629][   T40] usb 5-1: USB disconnect, device number 5
[  335.321864][ T6617] loop1: detected capacity change from 0 to 40427
[  335.342289][ T6617] F2FS-fs (loop1): Small segment_count (9 < 1 * 24)
[  335.350762][ T6617] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  335.674640][ T6617] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  335.693560][ T6617] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  335.701300][ T6617] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  335.717495][   T10] usb 3-1: Quirk or no altset; falling back to MIDI 1.0
[  335.786164][   T10] usb 3-1: MIDIStreaming interface descriptor not found
[  336.024226][   T40] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  336.391159][ T5584] syz-executor: attempt to access beyond end of device
[  336.391159][ T5584] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  336.487164][ T5584] CPU: 0 UID: 0 PID: 5584 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  336.487367][ T5584] Tainted: [L]=SOFTLOCKUP
[  336.487425][ T5584] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  336.487523][ T5584] Call Trace:
[  336.487579][ T5584]  <TASK>
[  336.487634][ T5584]  __dump_stack+0x26/0x30
[  336.487818][ T5584]  dump_stack_lvl+0x14c/0x1c0
[  336.488004][ T5584]  dump_stack+0x1e/0x25
[  336.488167][ T5584]  f2fs_stop_checkpoint+0xac3/0xc70
[  336.488433][ T5584]  f2fs_write_end_io+0x1207/0x2200
[  336.488686][ T5584]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  336.488855][ T5584]  bio_endio+0xfcc/0x1120
[  336.489040][ T5584]  submit_bio_noacct+0x533/0x2920
[  336.489283][ T5584]  submit_bio+0x57a/0x620
[  336.489468][ T5584]  f2fs_submit_write_bio+0x115/0x310
[  336.489710][ T5584]  __submit_merged_bio+0x16b/0x700
[  336.489923][ T5584]  ? kmsan_get_metadata+0xf1/0x160
[  336.490150][ T5584]  __submit_merged_write_cond+0x4ba/0xae0
[  336.490408][ T5584]  f2fs_write_data_pages+0x4f4d/0x5c60
[  336.490576][ T5584]  ? preempt_schedule_irq+0x79/0xa0
[  336.490907][ T5584]  ? kmsan_internal_set_shadow_origin+0x7a/0x110
[  336.491098][ T5584]  ? kmsan_get_metadata+0xf1/0x160
[  336.491298][ T5584]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  336.491519][ T5584]  ? __pfx_lru_cache_disable+0x1/0x10
[  336.491718][ T5584]  ? filter_irq_stacks+0x49/0x190
[  336.491897][ T5584]  ? kmsan_get_metadata+0xf1/0x160
[  336.492100][ T5584]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  336.492308][ T5584]  ? kmsan_get_metadata+0xf1/0x160
[  336.492515][ T5584]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  336.492722][ T5584]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  336.492888][ T5584]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  336.493048][ T5584]  do_writepages+0x3f2/0x860
[  336.493264][ T5584]  ? _raw_spin_unlock+0x30/0x50
[  336.493412][ T5584]  ? wbc_attach_and_unlock_inode+0x131/0x660
[  336.493626][ T5584]  filemap_fdatawrite+0x207/0x260
[  336.493877][ T5584]  f2fs_sync_dirty_inodes+0x2ad/0xa30
[  336.494077][ T5584]  f2fs_write_checkpoint+0x10e1/0x3c50
[  336.494356][ T5584]  ? __pfx_irq_cpu_rmap_notify+0x10/0x10
[  336.494608][ T5584]  kill_f2fs_super+0x320/0x990
[  336.494830][ T5584]  ? __pfx_kill_f2fs_super+0x10/0x10
[  336.495005][ T5584]  deactivate_locked_super+0xcb/0x3c0
[  336.495217][ T5584]  deactivate_super+0x12f/0x140
[  336.495385][ T5584]  cleanup_mnt+0x7eb/0x870
[  336.495576][ T5584]  ? __pfx___cleanup_mnt+0x10/0x10
[  336.495748][ T5584]  __cleanup_mnt+0x22/0x30
[  336.495902][ T5584]  task_work_run+0x208/0x2b0
[  336.496069][ T5584]  exit_to_user_mode_loop+0x306/0x1ea0
[  336.496249][ T5584]  ? user_path_at+0x1fc/0x330
[  336.496442][ T5584]  ? __x64_sys_umount+0x1dc/0x250
[  336.496669][ T5584]  do_syscall_64+0x236/0xf80
[  336.496844][ T5584]  ? clear_bhb_loop+0x50/0xa0
[  336.497016][ T5584]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  336.497182][ T5584] RIP: 0033:0x7fd7d4f9e017
[  336.497309][ T5584] Code: a2 c7 05 dc 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  336.497443][ T5584] RSP: 002b:00007ffc40386ed8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  336.497602][ T5584] RAX: 0000000000000000 RBX: 00007fd7d5032120 RCX: 00007fd7d4f9e017
[  336.497707][ T5584] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc40386f90
[  336.497805][ T5584] RBP: 00007ffc40386f90 R08: 00007ffc40387f90 R09: 00000000ffffffff
[  336.497915][ T5584] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc40388020
[  336.498015][ T5584] R13: 00007fd7d5032120 R14: 0000000000051f9b R15: 00007ffc40388060
[  336.498165][ T5584]  </TASK>
[  337.031861][   T10] usb 3-1: USB disconnect, device number 5
[  337.135063][ T5584] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  337.805607][ T5935] udevd[5935]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:160.200/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  338.554229][ T6630] loop0: detected capacity change from 0 to 32768
[  338.564838][ T6630] btrfs: Deprecated parameter 'usebackuproot'
[  338.571138][ T6630] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  338.621710][ T6630] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.280 (6630)
[  338.671880][ T6630] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  338.685946][ T6630] BTRFS info (device loop0): using crc32c checksum algorithm
[  338.906646][  T298] BTRFS warning (device loop0): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  338.993525][ T6630] BTRFS error (device loop0): failed to load root extent
[  339.001195][ T6630] BTRFS warning (device loop0): try to load backup roots slot 1
[  339.011568][  T298] BTRFS warning (device loop0): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  339.025619][ T6630] BTRFS warning (device loop0): couldn't read tree root
[  339.032853][ T6630] BTRFS warning (device loop0): try to load backup roots slot 2
[  339.045698][ T1155] BTRFS error (device loop0): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  339.130656][ T6630] BTRFS warning (device loop0): couldn't read tree root
[  339.142253][ T6630] BTRFS warning (device loop0): try to load backup roots slot 3
[  339.195807][ T6630] BTRFS info (device loop0): rebuilding free space tree
[  339.231922][ T6630] BTRFS info (device loop0): checking UUID tree
[  339.243194][ T6630] BTRFS info (device loop0): enabling ssd optimizations
[  339.250757][ T6630] BTRFS info (device loop0): turning on async discard
[  339.257968][ T6630] BTRFS info (device loop0): enabling free space tree
[  339.265097][ T6630] BTRFS info (device loop0): force clearing of disk cache
[  339.272433][ T6630] BTRFS info (device loop0): enabling auto defrag
[  339.279500][ T6630] BTRFS info (device loop0): trying to use backup root at mount time
[  339.288059][ T6630] BTRFS info (device loop0): use zstd compression, level 3
[  340.031583][ T6659] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check.
[  340.180446][ T5572] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  342.135884][   T40] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  342.343945][   T40] usb 1-1: Using ep0 maxpacket: 8
[  342.437309][   T40] usb 1-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77
[  342.475870][   T40] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=239
[  342.515050][   T40] usb 1-1: Product: syz
[  342.542871][   T40] usb 1-1: Manufacturer: syz
[  342.558700][   T40] usb 1-1: SerialNumber: syz
[  342.610856][   T40] usb 1-1: config 0 descriptor??
[  342.696699][   T40] gspca_main: sq905-2.14.0 probing 2770:9120
[  342.851378][ T6683] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  343.569602][ T6686] loop4: detected capacity change from 0 to 1024
[  343.767445][   T40] gspca_sq905: bulk read fail (-22) len 0/4
[  343.785822][   T40] sq905 1-1:0.0: probe with driver sq905 failed with error -5
[  343.832293][ T6686] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  344.098070][   T40] usb 1-1: USB disconnect, device number 3
[  344.871682][ T6692] loop2: detected capacity change from 0 to 32768
[  344.976434][ T6692] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  345.316642][ T5582] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  345.479937][ T6692] XFS (loop2): Ending clean mount
[  345.498346][ T6692] XFS (loop2): Quotacheck needed: Please wait.
[  345.616444][ T6692] XFS (loop2): Quotacheck: Done.
[  345.873456][ T5576] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  346.169770][ T6713] loop3: detected capacity change from 0 to 512
[  346.318034][ T6713] EXT4-fs error (device loop3): ext4_orphan_get:1397: inode #15: comm syz.3.302: inode has both inline data and extents flags
[  346.338029][ T6713] loop3: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[  346.341858][    C1] EXT4-fs (loop3): error count since last fsck: 1
[  346.358074][    C1] EXT4-fs (loop3): initial error at time 1778585395: ext4_orphan_get:1397: inode 15
[  346.367977][    C1] EXT4-fs (loop3): last error at time 1778585395: ext4_orphan_get:1397: inode 15
[  346.449342][ T6713] EXT4-fs error (device loop3): ext4_orphan_get:1402: comm syz.3.302: couldn't read orphan inode 15 (err -117)
[  346.499251][ T6713] loop3: lost filesystem error report for type 5 error -117
[  346.569811][ T6713] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  346.730874][ T6713] EXT4-fs (loop3): Online defrag not supported for non-extent files
[  347.233076][ T5578] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  349.289357][ T6751] loop4: detected capacity change from 0 to 256
[  349.415926][   T55] nci: nci_rf_intf_activated_ntf_packet: unsupported rf_interface 0x7
[  350.525855][ T6754] loop0: detected capacity change from 0 to 32768
[  350.601306][ T6754] 
[  350.601306][ T6754]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  350.601306][ T6754] 
[  350.609776][ T6757] faux_driver vgem: [drm] Unknown color mode 13; guessing buffer size.
[  350.700359][ T6754] 
[  350.700359][ T6754]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  350.700359][ T6754] 
[  350.711449][ T6754] 
[  350.711449][ T6754]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  350.711449][ T6754] 
[  350.722314][ T6754] 
[  350.722314][ T6754]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  350.722314][ T6754] 
[  350.733101][ T6754] 
[  350.733101][ T6754]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  350.733101][ T6754] 
[  350.772177][ T6754] 
[  350.772177][ T6754]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  350.772177][ T6754] 
[  350.784087][ T6754] 
[  350.784087][ T6754]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  350.784087][ T6754] 
[  350.795088][ T6754] 
[  350.795088][ T6754]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  350.795088][ T6754] 
[  350.805927][ T6754] 
[  350.805927][ T6754]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  350.805927][ T6754] 
[  350.819553][  T118] 
[  350.819553][  T118]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  350.819553][  T118] 
[  350.895945][ T6754] 
[  350.895945][ T6754]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  350.895945][ T6754] 
[  350.907073][ T6754] 
[  350.907073][ T6754]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  350.907073][ T6754] 
[  350.918197][ T6754] 
[  350.918197][ T6754]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  350.918197][ T6754] 
[  350.929029][ T6754] 
[  350.929029][ T6754]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  350.929029][ T6754] 
[  350.947965][ T6754] 
[  350.947965][ T6754]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  350.947965][ T6754] 
[  351.040517][ T5572] 
[  351.040517][ T5572]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  351.040517][ T5572] 
[  351.099984][ T5572] 
[  351.099984][ T5572]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  351.099984][ T5572] 
[  351.178590][ T6764] loop4: detected capacity change from 0 to 256
[  351.415977][ T6764] exFAT-fs (loop4): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  351.451772][ T6764] exFAT-fs (loop4): failed to load alloc-bitmap
[  351.493323][ T6764] exFAT-fs (loop4): failed to recognize exfat type
[  351.549683][   T10] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  351.704644][ T6764] process 'syz.4.318' launched './file0' with NULL argv: empty string added
[  351.806768][   T10] usb 4-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config
[  351.915759][   T10] usb 4-1: New USB device found, idVendor=7a69, idProduct=0001, bcdDevice=a8.6b
[  351.962957][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  352.009193][   T10] usb 4-1: Product: syz
[  352.032987][   T10] usb 4-1: Manufacturer: syz
[  352.060088][   T10] usb 4-1: SerialNumber: syz
[  352.205320][   T10] usb 4-1: dvb_usb_v2: found a '774 Friio White ISDB-T USB2.0' in warm state
[  352.717084][   T10] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  352.764405][   T10] dvbdev: DVB: registering new adapter (774 Friio White ISDB-T USB2.0)
[  353.759988][   T10] usb 4-1: media controller created
[  353.852157][ T6778] loop0: detected capacity change from 0 to 32768
[  353.862806][ T6778] btrfs: Deprecated parameter 'usebackuproot'
[  353.869299][ T6778] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  353.898730][ T6778] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.323 (6778)
[  353.957705][ T6778] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  353.968638][ T6778] BTRFS info (device loop0): using crc32c checksum algorithm
[  354.162357][ T1155] BTRFS warning (device loop0): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  354.199826][ T6778] BTRFS error (device loop0): failed to load root extent
[  354.207349][ T6778] BTRFS warning (device loop0): try to load backup roots slot 1
[  354.216883][ T1130] BTRFS warning (device loop0): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  354.223718][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  354.306468][ T6778] BTRFS warning (device loop0): couldn't read tree root
[  354.314630][ T6778] BTRFS warning (device loop0): try to load backup roots slot 2
[  354.347999][ T1155] BTRFS error (device loop0): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  354.441698][ T6778] BTRFS warning (device loop0): couldn't read tree root
[  354.454595][ T6778] BTRFS warning (device loop0): try to load backup roots slot 3
[  354.612486][ T6778] BTRFS info (device loop0): rebuilding free space tree
[  354.672071][ T6778] BTRFS info (device loop0): checking UUID tree
[  354.683364][ T6778] BTRFS info (device loop0): enabling ssd optimizations
[  354.696833][ T6778] BTRFS info (device loop0): turning on async discard
[  354.704104][ T6778] BTRFS info (device loop0): enabling free space tree
[  354.711228][ T6778] BTRFS info (device loop0): force clearing of disk cache
[  354.718740][ T6778] BTRFS info (device loop0): enabling auto defrag
[  354.725372][ T6778] BTRFS info (device loop0): trying to use backup root at mount time
[  354.733840][ T6778] BTRFS info (device loop0): use zstd compression, level 3
[  355.997405][ T6804] loop1: detected capacity change from 0 to 32768
[  356.041105][ T6804] (syz.1.327,6804,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  356.058819][ T6804] (syz.1.327,6804,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  356.209273][ T6804] JBD2: Ignoring recovery information on journal
[  356.461245][ T6804] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  356.682366][   T29] audit: type=1800 audit(1778585405.487:11): pid=6804 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.327" name="file0" dev="loop1" ino=16978 res=0 errno=0
[  356.898458][ T5572] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  357.445698][ T5584] ocfs2: Unmounting device (7,1) on (node local)
[  357.647805][   T40] usb 4-1: USB disconnect, device number 3
[  357.938579][ T6812] loop7: detected capacity change from 0 to 7
[  358.051713][ T6812] Dev loop7: unable to read RDB block 7
[  358.098185][ T6812]  loop7: unable to read partition table
[  358.161104][ T6812] loop7: partition table beyond EOD, truncated
[  358.235158][ T6812] loop_reread_partitions: partition scan of loop7 (þ被xü—ŸÑà– ) failed (rc=-5)
[  360.294152][ T6830] netlink: 180 bytes leftover after parsing attributes in process `syz.4.340'.
[  361.085722][ T6842] Bluetooth: MGMT ver 1.23
[  361.243806][ T6844] netlink: 16 bytes leftover after parsing attributes in process `syz.4.344'.
[  361.295080][ T6844] netem: incorrect gi model size
[  361.316280][ T6844] netem: change failed
[  362.511693][ T6854] loop1: detected capacity change from 0 to 2048
[  362.558433][ T6857] loop0: detected capacity change from 0 to 512
[  362.650524][ T6854] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  362.670325][ T6854] ext4 filesystem being mounted at /68/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  362.787549][ T6857] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  363.014754][ T6869] warning: `syz.3.353' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  363.335652][ T6836] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  363.360582][ T5584] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  363.493758][ T5572] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  364.149691][   T40] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  364.407722][   T40] usb 2-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[  364.438906][   T40] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  364.475297][   T40] usb 2-1: Product: syz
[  364.492980][   T40] usb 2-1: Manufacturer: syz
[  364.518694][   T40] usb 2-1: SerialNumber: syz
[  364.653713][   T40] usb 2-1: config 0 descriptor??
[  364.787229][   T40] gspca_main: sunplus-2.14.0 probing 04fc:504a
[  364.842260][ T6879] loop0: detected capacity change from 0 to 4096
[  365.632306][ T6618] Bluetooth: hci4: command 0x0406 tx timeout
[  366.097435][   T40] gspca_sunplus: reg_w_riv err -71
[  366.130641][   T40] sunplus 2-1:0.0: probe with driver sunplus failed with error -71
[  366.176546][   T40] usb 2-1: USB disconnect, device number 3
[  366.345931][ T6894] loop2: detected capacity change from 0 to 64
[  367.172017][ T6901] loop0: detected capacity change from 0 to 1024
[  367.360669][ T6901] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  367.554118][ T6901] EXT4-fs error (device loop0): ext4_read_inline_dir:1494: inode #12: block 7: comm syz.0.365: path /67/file1/file0: bad entry in directory: rec_len is smaller than minimal - offset=40, inode=14, rec_len=8, size=80 fake=0
[  368.097742][   T10] IPVS: starting estimator thread 0...
[  368.201158][ T5572] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  368.221323][ T6914] IPVS: using max 192 ests per chain, 9600 per kthread
[  368.425802][ T6916] netlink: 104 bytes leftover after parsing attributes in process `syz.1.370'.
[  369.795140][ T6920] loop2: detected capacity change from 0 to 32768
[  369.805679][ T6920] btrfs: Deprecated parameter 'usebackuproot'
[  369.812360][ T6920] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  369.833022][ T6920] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.372 (6920)
[  369.957049][ T6920] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  369.968121][ T6920] BTRFS info (device loop2): using crc32c checksum algorithm
[  370.050507][ T6927] loop1: detected capacity change from 0 to 128
[  370.051438][   T81] BTRFS warning (device loop2): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  370.141015][ T6927] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  370.206722][ T6920] BTRFS error (device loop2): failed to load root extent
[  370.214347][ T6920] BTRFS warning (device loop2): try to load backup roots slot 1
[  370.231332][   T13] BTRFS warning (device loop2): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  370.340623][ T6920] BTRFS warning (device loop2): couldn't read tree root
[  370.347889][ T6920] BTRFS warning (device loop2): try to load backup roots slot 2
[  370.360719][   T12] BTRFS error (device loop2): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  370.394170][ T6920] BTRFS warning (device loop2): couldn't read tree root
[  370.401759][ T6920] BTRFS warning (device loop2): try to load backup roots slot 3
[  370.500097][ T6920] BTRFS info (device loop2): rebuilding free space tree
[  370.551642][ T6920] BTRFS info (device loop2): checking UUID tree
[  370.560677][ T6920] BTRFS info (device loop2): enabling ssd optimizations
[  370.568002][ T6920] BTRFS info (device loop2): turning on async discard
[  370.575285][ T6920] BTRFS info (device loop2): enabling free space tree
[  370.582504][ T6920] BTRFS info (device loop2): force clearing of disk cache
[  370.590109][ T6920] BTRFS info (device loop2): trying to use backup root at mount time
[  370.598410][ T6920] BTRFS info (device loop2): use zstd compression, level 3
[  370.997900][ T5576] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  370.999203][ T6950] UDF-fs: error (device loop1): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40)
[  372.119266][   T10] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  372.344911][   T10] usb 3-1: Using ep0 maxpacket: 16
[  372.509893][   T10] usb 3-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  372.638102][   T10] usb 3-1: config 0 interface 0 has no altsetting 0
[  372.750209][   T10] usb 3-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  372.833810][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  372.955812][   T10] usb 3-1: config 0 descriptor??
[  373.103729][ T6961] loop4: detected capacity change from 0 to 32768
[  373.114313][ T6961] btrfs: Deprecated parameter 'usebackuproot'
[  373.120946][ T6961] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  373.138661][ T6961] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.382 (6961)
[  373.165315][ T6961] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  373.180388][ T6961] BTRFS info (device loop4): using crc32c checksum algorithm
[  373.344146][ T1155] BTRFS warning (device loop4): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  373.452494][ T6961] BTRFS error (device loop4): failed to load root extent
[  373.460186][ T6961] BTRFS warning (device loop4): try to load backup roots slot 1
[  373.471137][   T81] BTRFS warning (device loop4): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  373.491722][ T6961] BTRFS warning (device loop4): couldn't read tree root
[  373.499087][ T6961] BTRFS warning (device loop4): try to load backup roots slot 2
[  373.509755][   T81] BTRFS error (device loop4): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  373.521806][ T6961] BTRFS warning (device loop4): couldn't read tree root
[  373.529191][ T6961] BTRFS warning (device loop4): try to load backup roots slot 3
[  373.619079][ T6961] BTRFS info (device loop4): rebuilding free space tree
[  373.658349][ T6961] BTRFS info (device loop4): checking UUID tree
[  373.671015][ T6961] BTRFS info (device loop4): enabling ssd optimizations
[  373.678360][ T6961] BTRFS info (device loop4): turning on async discard
[  373.689075][ T6961] BTRFS info (device loop4): enabling free space tree
[  373.696185][ T6961] BTRFS info (device loop4): force clearing of disk cache
[  373.704885][ T6961] BTRFS info (device loop4): enabling auto defrag
[  373.711934][ T6961] BTRFS info (device loop4): trying to use backup root at mount time
[  373.720461][ T6961] BTRFS info (device loop4): use zstd compression, level 3
[  373.773523][   T10] nzxt-smart2 0003:1E71:2009.0005: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.2-1/input0
[  374.089826][ T6961] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  375.920782][   T10] usb 3-1: USB disconnect, device number 6
[  377.815047][ T7014] loop1: detected capacity change from 0 to 512
[  377.972047][ T7014] EXT4-fs error (device loop1): ext4_orphan_get:1397: inode #15: comm syz.1.396: inode has both inline data and extents flags
[  377.996904][ T7014] loop1: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[  377.997843][ T7014] EXT4-fs error (device loop1): ext4_orphan_get:1402: comm syz.1.396: couldn't read orphan inode 15 (err -117)
[  378.007673][    C0] EXT4-fs (loop1): error count since last fsck: 1
[  378.007781][    C0] EXT4-fs (loop1): initial error at time 1778585426: ext4_orphan_get:1397: inode 15
[  378.007963][    C0] EXT4-fs (loop1): last error at time 1778585426: ext4_orphan_get:1397: inode 15
[  378.056833][ T7014] loop1: lost filesystem error report for type 5 error -117
[  378.069895][ T7014] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  378.518478][ T7021] loop4: detected capacity change from 0 to 128
[  378.663374][ T7021] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  378.775848][   T10] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  378.814062][ T7021] ext4 filesystem being mounted at /85/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  378.890333][ T7025] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  378.958618][   T10] usb 1-1: Using ep0 maxpacket: 32
[  379.014490][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  379.069269][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  379.136836][   T10] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  379.190426][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  379.268657][ T5584] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  379.279577][   T10] usb 1-1: config 0 descriptor??
[  379.355807][   T10] hub 1-1:0.0: USB hub found
[  379.621944][   T10] hub 1-1:0.0: 1 port detected
[  379.697415][ T7029] bridge0: port 2(bridge_slave_1) entered disabled state
[  379.707384][ T7029] bridge0: port 1(bridge_slave_0) entered disabled state
[  379.976980][ T5582] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  380.299515][   T10] hub 1-1:0.0: activate --> -90
[  380.412348][ T7034] overlayfs: statfs failed on './file0'
[  380.730604][ T5673] usb 1-1: USB disconnect, device number 4
[  381.224104][ T7038]  nullb0: AHDI p1
[  381.684986][ T7044] team0: Port device syz_tun added
[  381.877379][ T7046] team0: Port device syz_tun removed
[  381.936737][ T7046] bridge_slave_0: left allmulticast mode
[  381.965507][ T7046] bridge_slave_0: left promiscuous mode
[  382.024145][ T7046] bridge0: port 1(bridge_slave_0) entered disabled state
[  382.212379][ T7046] bridge_slave_1: left allmulticast mode
[  382.328039][ T7046] bridge_slave_1: left promiscuous mode
[  382.373806][ T7046] bridge0: port 2(bridge_slave_1) entered disabled state
[  382.700504][ T7046] bond0: (slave bond_slave_0): Releasing backup interface
[  382.835325][ T7046] bond0: (slave bond_slave_1): Releasing backup interface
[  382.856564][ T5677] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  382.908366][ T7049] loop0: detected capacity change from 0 to 32768
[  382.920160][ T7049] btrfs: Deprecated parameter 'usebackuproot'
[  382.926663][ T7049] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  382.938828][ T7049] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.408 (7049)
[  382.962716][ T7049] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  382.973585][ T7049] BTRFS info (device loop0): using crc32c checksum algorithm
[  382.983092][ T7046] team0: Port device team_slave_0 removed
[  383.094121][ T5677] usb 2-1: Using ep0 maxpacket: 16
[  383.109055][ T1155] BTRFS warning (device loop0): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  383.170512][ T7049] BTRFS error (device loop0): failed to load root extent
[  383.178898][ T7049] BTRFS warning (device loop0): try to load backup roots slot 1
[  383.192676][   T13] BTRFS warning (device loop0): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  383.215909][ T5677] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0102, bcdDevice= 0.40
[  383.217743][ T7046] team0: Port device team_slave_1 removed
[  383.225949][ T5677] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  383.226095][ T5677] usb 2-1: Product: syz
[  383.246112][ T7049] BTRFS warning (device loop0): couldn't read tree root
[  383.247047][ T5677] usb 2-1: Manufacturer: syz
[  383.253758][ T7049] BTRFS warning (device loop0): try to load backup roots slot 2
[  383.258256][ T5677] usb 2-1: SerialNumber: syz
[  383.272264][  T298] BTRFS error (device loop0): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  383.320498][ T7049] BTRFS warning (device loop0): couldn't read tree root
[  383.334665][ T7049] BTRFS warning (device loop0): try to load backup roots slot 3
[  383.361837][ T7046] batman_adv: batadv0: Removing interface: batadv_slave_0
[  383.422662][ T7049] BTRFS info (device loop0): rebuilding free space tree
[  383.471657][ T7049] BTRFS info (device loop0): checking UUID tree
[  383.480492][ T7049] BTRFS info (device loop0): enabling ssd optimizations
[  383.488456][ T7049] BTRFS info (device loop0): turning on async discard
[  383.496007][ T7049] BTRFS info (device loop0): enabling free space tree
[  383.503312][ T7049] BTRFS info (device loop0): force clearing of disk cache
[  383.513730][ T7049] BTRFS info (device loop0): enabling auto defrag
[  383.521357][ T7049] BTRFS info (device loop0): trying to use backup root at mount time
[  383.529804][ T7049] BTRFS info (device loop0): use zstd compression, level 3
[  383.541880][ T7046] batman_adv: batadv0: Removing interface: batadv_slave_1
[  383.630835][ T7046] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[  384.071269][ T5677] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -71
[  384.167833][ T5677] usb 2-1: USB disconnect, device number 4
[  384.259949][ T5572] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  384.285800][ T5673] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  384.585758][ T5673] usb 4-1: New USB device found, idVendor=2c42, idProduct=1602, bcdDevice=da.64
[  384.629029][ T5673] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  384.674781][ T5673] usb 4-1: Product: syz
[  384.696326][ T5673] usb 4-1: Manufacturer: syz
[  384.713082][ T5673] usb 4-1: SerialNumber: syz
[  384.783452][ T5673] usb 4-1: config 0 descriptor??
[  384.816240][ T5673] hub 4-1:0.0: bad descriptor, ignoring hub
[  384.859115][ T5673] hub 4-1:0.0: probe with driver hub failed with error -5
[  384.910022][ T5673] f81232 4-1:0.0: f81534a converter detected
[  385.118539][ T5673] f81534a ttyUSB0: f81232_set_register failed status: -71
[  385.156477][ T5673] f81534a ttyUSB0: probe with driver f81534a failed with error -5
[  385.424480][ T5673] usb 4-1: reset high-speed USB device number 4 using dummy_hcd
[  385.798470][ T7086] overlayfs: failed to clone upperpath
[  386.105727][ T5677] usb 4-1: USB disconnect, device number 4
[  386.156206][ T5677] f81232 4-1:0.0: device disconnected
[  387.279354][ T7097] loop3: detected capacity change from 0 to 128
[  389.219657][   T56] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  389.710966][   T56] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  389.859666][ T7104] loop2: detected capacity change from 0 to 40427
[  389.892845][ T7104] F2FS-fs (loop2): build fault injection rate: 690
[  389.908798][ T7104] F2FS-fs (loop2): invalid crc value
[  390.141267][   T56] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  390.282793][ T7104] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  390.295214][ T7104] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  390.531085][   T56] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  390.846713][ T5576] syz-executor: attempt to access beyond end of device
[  390.846713][ T5576] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  390.907301][ T5576] CPU: 1 UID: 0 PID: 5576 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  390.907505][ T5576] Tainted: [L]=SOFTLOCKUP
[  390.907564][ T5576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  390.907656][ T5576] Call Trace:
[  390.907713][ T5576]  <TASK>
[  390.907770][ T5576]  __dump_stack+0x26/0x30
[  390.907957][ T5576]  dump_stack_lvl+0x14c/0x1c0
[  390.908138][ T5576]  dump_stack+0x1e/0x25
[  390.908306][ T5576]  f2fs_stop_checkpoint+0xac3/0xc70
[  390.908573][ T5576]  f2fs_write_end_io+0x1207/0x2200
[  390.908819][ T5576]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  390.909067][ T5576]  bio_endio+0xfcc/0x1120
[  390.909252][ T5576]  submit_bio_noacct+0x533/0x2920
[  390.909491][ T5576]  submit_bio+0x57a/0x620
[  390.909679][ T5576]  f2fs_submit_write_bio+0x115/0x310
[  390.909917][ T5576]  __submit_merged_bio+0x16b/0x700
[  390.910139][ T5576]  ? kmsan_get_metadata+0xf1/0x160
[  390.910367][ T5576]  __submit_merged_write_cond+0x4ba/0xae0
[  390.910628][ T5576]  f2fs_write_data_pages+0x4f4d/0x5c60
[  390.910976][ T5576]  ? kmsan_internal_set_shadow_origin+0x7a/0x110
[  390.911171][ T5576]  ? kmsan_get_metadata+0xf1/0x160
[  390.911376][ T5576]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  390.911603][ T5576]  ? filter_irq_stacks+0x49/0x190
[  390.911792][ T5576]  ? kmsan_get_metadata+0xf1/0x160
[  390.912005][ T5576]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  390.912217][ T5576]  ? kmsan_get_metadata+0xf1/0x160
[  390.912423][ T5576]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  390.912636][ T5576]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  390.912804][ T5576]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  390.912977][ T5576]  do_writepages+0x3f2/0x860
[  390.913206][ T5576]  ? _raw_spin_unlock+0x30/0x50
[  390.913360][ T5576]  ? wbc_attach_and_unlock_inode+0x131/0x660
[  390.913575][ T5576]  filemap_fdatawrite+0x207/0x260
[  390.913840][ T5576]  f2fs_sync_dirty_inodes+0x2ad/0xa30
[  390.914068][ T5576]  f2fs_write_checkpoint+0x10e1/0x3c50
[  390.914357][ T5576]  ? __pfx_irq_cpu_rmap_notify+0x10/0x10
[  390.914594][ T5576]  kill_f2fs_super+0x320/0x990
[  390.914822][ T5576]  ? __pfx_kill_f2fs_super+0x10/0x10
[  390.915026][ T5576]  deactivate_locked_super+0xcb/0x3c0
[  390.915264][ T5576]  deactivate_super+0x12f/0x140
[  390.915446][ T5576]  cleanup_mnt+0x7eb/0x870
[  390.915627][ T5576]  ? __pfx___cleanup_mnt+0x10/0x10
[  390.915801][ T5576]  __cleanup_mnt+0x22/0x30
[  390.915972][ T5576]  task_work_run+0x208/0x2b0
[  390.916145][ T5576]  exit_to_user_mode_loop+0x306/0x1ea0
[  390.916326][ T5576]  ? user_path_at+0x1fc/0x330
[  390.916524][ T5576]  ? __x64_sys_umount+0x1dc/0x250
[  390.916749][ T5576]  do_syscall_64+0x236/0xf80
[  390.916943][ T5576]  ? clear_bhb_loop+0x50/0xa0
[  390.917121][ T5576]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  390.917293][ T5576] RIP: 0033:0x7fd2a659e017
[  390.917414][ T5576] Code: a2 c7 05 dc 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  390.917547][ T5576] RSP: 002b:00007ffdf461e8d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  390.917695][ T5576] RAX: 0000000000000000 RBX: 00007fd2a6632120 RCX: 00007fd2a659e017
[  390.917800][ T5576] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdf461e990
[  390.917899][ T5576] RBP: 00007ffdf461e990 R08: 00007ffdf461f990 R09: 00000000ffffffff
[  390.918016][ T5576] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdf461fa20
[  390.918116][ T5576] R13: 00007fd2a6632120 R14: 000000000005f4d6 R15: 00007ffdf461fa60
[  390.918266][ T5576]  </TASK>
[  391.377459][ T5576] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  392.137336][   T56] bridge_slave_1: left allmulticast mode
[  392.169298][   T56] bridge_slave_1: left promiscuous mode
[  392.202079][   T56] bridge0: port 2(bridge_slave_1) entered disabled state
[  392.251679][   T56] bridge_slave_0: left allmulticast mode
[  392.267326][   T56] bridge_slave_0: left promiscuous mode
[  392.275793][   T56] bridge0: port 1(bridge_slave_0) entered disabled state
[  393.993937][   T56] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  394.140466][   T56] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  394.177515][ T6618] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  394.200228][ T6618] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  394.217242][ T6618] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  394.246148][ T6618] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  394.270440][ T1309] ieee802154 phy0 wpan0: encryption failed: -22
[  394.277564][ T1309] ieee802154 phy1 wpan1: encryption failed: -22
[  394.291162][ T6618] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  394.306745][   T56] bond0 (unregistering): Released all slaves
[  395.056617][   T10] libceph: connect (1)[c::]:6789 error -101
[  395.115469][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  395.439254][   T10] libceph: connect (1)[c::]:6789 error -101
[  395.449946][ T7129] loop4: detected capacity change from 0 to 32768
[  395.460809][ T7129] btrfs: Deprecated parameter 'usebackuproot'
[  395.467462][ T7129] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  395.491788][ T7129] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.435 (7129)
[  395.506853][   T10] libceph: mon0 (1)[c::]:6789 connect error
[  395.567686][ T7129] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  395.579031][ T7129] BTRFS info (device loop4): using crc32c checksum algorithm
[  395.628040][ T7132] ceph: No mds server is up or the cluster is laggy
[  395.708565][   T55] BTRFS warning (device loop4): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  395.738578][ T7129] BTRFS error (device loop4): failed to load root extent
[  395.746134][ T7129] BTRFS warning (device loop4): try to load backup roots slot 1
[  395.756251][   T55] BTRFS warning (device loop4): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  395.845143][ T7129] BTRFS warning (device loop4): couldn't read tree root
[  395.854416][ T7129] BTRFS warning (device loop4): try to load backup roots slot 2
[  395.863891][   T55] BTRFS error (device loop4): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  395.937093][ T7129] BTRFS warning (device loop4): couldn't read tree root
[  395.944526][ T7129] BTRFS warning (device loop4): try to load backup roots slot 3
[  396.015998][ T7129] BTRFS info (device loop4): rebuilding free space tree
[  396.068156][ T7129] BTRFS info (device loop4): checking UUID tree
[  396.083600][ T7129] BTRFS info (device loop4): enabling ssd optimizations
[  396.090957][ T7129] BTRFS info (device loop4): turning on async discard
[  396.103813][ T7129] BTRFS info (device loop4): enabling free space tree
[  396.111138][ T7129] BTRFS info (device loop4): force clearing of disk cache
[  396.118758][ T7129] BTRFS info (device loop4): enabling auto defrag
[  396.125509][ T7129] BTRFS info (device loop4): trying to use backup root at mount time
[  396.134063][ T7129] BTRFS info (device loop4): use zstd compression, level 3
[  396.344867][ T6618] Bluetooth: hci2: command tx timeout
[  396.752484][ T7151] loop0: detected capacity change from 0 to 4096
[  396.856104][ T7151] EXT4-fs: inline encryption not supported
[  396.894809][ T5582] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  397.042228][ T7151] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  397.106563][   T56] hsr_slave_0: left promiscuous mode
[  397.113773][ T7151] EXT4-fs (loop0): Test dummy encryption mode enabled
[  397.167184][   T56] hsr_slave_1: left promiscuous mode
[  397.227060][   T56] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  397.229297][ T7151] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0002]
[  397.257877][   T56] batman_adv: batadv0: Removing interface: batadv_slave_0
[  397.282616][ T7151] System zones: 0-5
[  397.292211][   T56] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  397.307114][   T56] batman_adv: batadv0: Removing interface: batadv_slave_1
[  397.397813][ T7151] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  397.444555][   T56] veth1_macvtap: left promiscuous mode
[  397.448352][ T7161] loop1: detected capacity change from 0 to 2048
[  397.475457][   T56] veth0_macvtap: left promiscuous mode
[  397.500668][   T56] veth1_vlan: left promiscuous mode
[  397.526255][   T56] veth0_vlan: left promiscuous mode
[  397.723982][ T7161] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  398.002839][   T29] audit: type=1800 audit(1778585446.817:12): pid=7161 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.438" name="file1" dev="loop1" ino=18 res=0 errno=0
[  398.407422][ T5572] Quota error (device loop0): do_check_range: Getting block 16646149 out of range 1-5
[  398.426377][ T6618] Bluetooth: hci2: command tx timeout
[  398.433159][ T5572] Quota error (device loop0): qtree_read_dquot: Can't read quota structure for id 0
[  398.502066][ T5572] EXT4-fs error (device loop0): ext4_acquire_dquot:7034: comm syz-executor: Failed to acquire dquot type 1
[  398.728264][ T5584] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  400.500948][ T6618] Bluetooth: hci2: command tx timeout
[  400.917891][   T56] team0 (unregistering): Port device team_slave_1 removed
[  400.972627][ T7196] loop4: detected capacity change from 0 to 256
[  401.200111][   T56] team0 (unregistering): Port device team_slave_0 removed
[  402.576340][ T6618] Bluetooth: hci2: command tx timeout
[  402.761737][ T5228] 8021q: adding VLAN 0 to HW filter on device eth1
[  402.871823][ T5572] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  402.931132][ T7213] netlink: 48 bytes leftover after parsing attributes in process `syz.2.452'.
[  403.379836][ T7208] loop1: detected capacity change from 0 to 4096
[  404.104432][ T3242] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  404.316565][   T29] audit: type=1800 audit(1778585453.141:13): pid=7208 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.451" name="file1" dev="loop1" ino=33 res=0 errno=0
[  404.358111][   T10] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  404.467813][ T3242] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  404.572971][   T10] usb 3-1: Using ep0 maxpacket: 8
[  404.611316][   T10] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  404.653401][   T10] usb 3-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[  404.691155][   T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  404.770093][   T10] usb 3-1: config 0 descriptor??
[  404.849103][ T3242] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  404.865530][   T10] gspca_main: vc032x-2.14.0 probing 046d:0892
[  405.148425][ T3242] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  406.134354][   T10] gspca_vc032x: reg_w err -71
[  406.144791][   T10] vc032x 3-1:0.0: probe with driver vc032x failed with error -71
[  406.177279][   T10] usb 3-1: USB disconnect, device number 7
[  406.400340][ T3242] bridge_slave_1: left allmulticast mode
[  406.419751][ T3242] bridge_slave_1: left promiscuous mode
[  406.452937][ T3242] bridge0: port 2(bridge_slave_1) entered disabled state
[  406.484924][ T3242] bridge_slave_0: left allmulticast mode
[  406.507825][ T3242] bridge_slave_0: left promiscuous mode
[  406.524359][ T3242] bridge0: port 1(bridge_slave_0) entered disabled state
[  407.058394][ T7238] loop4: detected capacity change from 0 to 16
[  407.098924][ T7238] erofs (device loop4): mounted with root inode @ nid 36.
[  408.295973][ T3242] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  408.659374][ T3242] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  409.072849][ T3242] bond0 (unregistering): Released all slaves
[  409.272097][ T5580] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  409.284339][ T5580] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  409.294381][ T5580] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  409.316758][ T5580] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  409.331643][ T5580] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  409.468566][ T3242] bond1 (unregistering): Released all slaves
[  411.450269][ T5580] Bluetooth: hci0: command tx timeout
[  411.727532][ T5228] 8021q: adding VLAN 0 to HW filter on device eth2
[  411.872651][ T5683] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  412.079587][ T5683] usb 5-1: Using ep0 maxpacket: 16
[  412.118472][ T5683] usb 5-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15
[  412.149276][ T5683] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  412.169111][ T5683] usb 5-1: Product: syz
[  412.179097][ T5683] usb 5-1: Manufacturer: syz
[  412.186078][ T5683] usb 5-1: SerialNumber: syz
[  412.211311][ T5683] usb 5-1: config 0 descriptor??
[  412.259596][ T5683] ssu100 5-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected
[  413.030896][ T3242] hsr_slave_0: left promiscuous mode
[  413.061155][ T3242] hsr_slave_1: left promiscuous mode
[  413.097887][ T3242] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  413.133302][ T3242] batman_adv: batadv0: Removing interface: batadv_slave_0
[  413.166378][ T3242] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  413.199794][ T3242] batman_adv: batadv0: Removing interface: batadv_slave_1
[  413.279865][ T3242] veth1_macvtap: left promiscuous mode
[  413.298907][ T3242] veth0_macvtap: left promiscuous mode
[  413.317226][ T3242] veth1_vlan: left promiscuous mode
[  413.328778][ T3242] veth0_vlan: left promiscuous mode
[  413.530773][ T5580] Bluetooth: hci0: command tx timeout
[  413.555884][ T5683] ssu100 5-1:0.0: probe with driver ssu100 failed with error -71
[  413.655501][ T5683] usb 5-1: USB disconnect, device number 7
[  414.978901][ T7347] loop1: detected capacity change from 0 to 512
[  415.045605][ T7347] EXT4-fs: journaled quota format not specified
[  415.181881][ T3242] team0 (unregistering): Port device team_slave_1 removed
[  415.208304][ T7350] loop2: detected capacity change from 0 to 2048
[  415.297820][ T7350] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found
[  415.326407][ T7350] UDF-fs: Scanning with blocksize 512 failed
[  415.371176][ T3242] team0 (unregistering): Port device team_slave_0 removed
[  415.445023][ T7350] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  415.612505][ T5580] Bluetooth: hci0: command tx timeout
[  416.345480][ T7353] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  417.686295][ T5580] Bluetooth: hci0: command tx timeout
[  419.301426][ T7389] loop4: detected capacity change from 0 to 512
[  419.393867][ T7389] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[  419.453943][ T7389] EXT4-fs (loop4): Errors on filesystem, clearing orphan list.
[  419.493910][ T7389] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  419.573418][ T7389] EXT4-fs warning (device loop4): dx_probe:837: inode #2: comm syz.4.479: Unimplemented hash flags: 0x0001
[  419.611510][ T7389] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.479: Corrupt directory, running e2fsck is recommended
[  419.639722][ T7395] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  419.674392][ T7389] EXT4-fs error (device loop4): ext4_readdir:265: inode #2: block 3: comm syz.4.479: path /103/file0: bad entry in directory: directory entry overrun - offset=0, inode=4294967295, rec_len=196612, size=1024 fake=0
[  420.042801][ T7125] bridge0: port 1(bridge_slave_0) entered blocking state
[  420.103339][ T7125] bridge0: port 1(bridge_slave_0) entered disabled state
[  420.129531][ T7125] bridge_slave_0: entered allmulticast mode
[  420.142255][ T5582] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  420.170083][ T7125] bridge_slave_0: entered promiscuous mode
[  420.317560][ T7125] bridge0: port 2(bridge_slave_1) entered blocking state
[  420.349447][ T7125] bridge0: port 2(bridge_slave_1) entered disabled state
[  420.389047][ T7125] bridge_slave_1: entered allmulticast mode
[  420.429702][ T7125] bridge_slave_1: entered promiscuous mode
[  420.722966][ T7403] loop1: detected capacity change from 0 to 2048
[  420.805216][ T7408] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  420.939063][ T7125] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  421.066048][ T7125] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  421.726055][ T7125] team0: Port device team_slave_0 added
[  421.942362][   T29] audit: type=1800 audit(1778585470.769:14): pid=7403 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.483" name="file1" dev="loop1" ino=15 res=0 errno=0
[  421.965478][ T7125] team0: Port device team_slave_1 added
[  422.071206][ T7408] NILFS (loop1): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  422.126146][ T7408] NILFS error (device loop1): nilfs_bmap_propagate: broken bmap (inode number=4)
[  422.152175][ T7408] Remounting filesystem read-only
[  422.211015][ T7419] netlink: 'syz.2.486': attribute type 4 has an invalid length.
[  422.580074][ T7422] loop4: detected capacity change from 0 to 512
[  422.588160][ T5584] NILFS (loop1): disposed unprocessed dirty file(s) when stopping log writer
[  422.616480][ T5228] 8021q: adding VLAN 0 to HW filter on device eth3
[  422.665826][ T7125] batman_adv: batadv0: Adding interface: batadv_slave_0
[  422.699985][ T7422] EXT4-fs error (device loop4): ext4_orphan_get:1397: inode #15: comm syz.4.487: inode has both inline data and extents flags
[  422.724872][ T7125] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  422.814147][ T7422] loop4: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[  422.818763][ T7422] EXT4-fs error (device loop4): ext4_orphan_get:1402: comm syz.4.487: couldn't read orphan inode 15 (err -117)
[  422.828536][    C1] EXT4-fs (loop4): error count since last fsck: 1
[  422.828640][    C1] EXT4-fs (loop4): initial error at time 1778585471: ext4_orphan_get:1397: inode 15
[  422.828820][    C1] EXT4-fs (loop4): last error at time 1778585471: ext4_orphan_get:1397: inode 15
[  422.934143][ T7422] loop4: lost filesystem error report for type 5 error -117
[  422.937493][ T7422] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  422.955922][ T7125] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  423.132500][ T7125] batman_adv: batadv0: Adding interface: batadv_slave_1
[  423.198476][ T7125] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  423.370041][ T7125] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  423.781153][ T5683] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  424.021800][ T5683] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  424.048689][ T5683] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  424.093877][ T5683] usb 2-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  424.120655][ T5683] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  424.147272][ T5683] usb 2-1: Product: syz
[  424.161093][ T7125] hsr_slave_0: entered promiscuous mode
[  424.170056][ T5683] usb 2-1: Manufacturer: syz
[  424.177370][ T5683] usb 2-1: SerialNumber: syz
[  424.229489][ T7125] hsr_slave_1: entered promiscuous mode
[  424.266081][ T5683] usb 2-1: config 0 descriptor??
[  424.292500][ T5582] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  424.329800][ T7434] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  424.341032][ T7432] loop2: detected capacity change from 0 to 40427
[  424.354550][ T7125] debugfs: 'hsr0' already exists in 'hsr'
[  424.360966][ T7434] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  424.374890][ T7432] F2FS-fs (loop2): build fault injection rate: 174
[  424.381798][ T7432] F2FS-fs (loop2): build fault injection type: 0x3bfe8c
[  424.395643][ T7432] F2FS-fs (loop2): invalid crc value
[  424.407981][ T7125] Cannot create hsr debugfs directory
[  424.758569][ T7432] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  424.771037][ T7434] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  424.788976][ T7432] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  424.789438][ T7434] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  425.151303][ T5576] syz-executor: attempt to access beyond end of device
[  425.151303][ T5576] loop2: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  425.255293][ T5576] CPU: 0 UID: 0 PID: 5576 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  425.255491][ T5576] Tainted: [L]=SOFTLOCKUP
[  425.255550][ T5576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  425.255643][ T5576] Call Trace:
[  425.255700][ T5576]  <TASK>
[  425.255757][ T5576]  __dump_stack+0x26/0x30
[  425.255949][ T5576]  dump_stack_lvl+0x14c/0x1c0
[  425.256136][ T5576]  dump_stack+0x1e/0x25
[  425.256300][ T5576]  f2fs_stop_checkpoint+0xac3/0xc70
[  425.256570][ T5576]  f2fs_write_end_io+0x1207/0x2200
[  425.256824][ T5576]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  425.256993][ T5576]  bio_endio+0xfcc/0x1120
[  425.257181][ T5576]  submit_bio_noacct+0x533/0x2920
[  425.257428][ T5576]  submit_bio+0x57a/0x620
[  425.257616][ T5576]  f2fs_submit_write_bio+0x115/0x310
[  425.257854][ T5576]  __submit_merged_bio+0x16b/0x700
[  425.258063][ T5576]  ? kmsan_get_metadata+0xf1/0x160
[  425.258283][ T5576]  __submit_merged_write_cond+0x4ba/0xae0
[  425.258542][ T5576]  f2fs_write_data_pages+0x4f4d/0x5c60
[  425.258881][ T5576]  ? kmsan_get_metadata+0xf1/0x160
[  425.259084][ T5576]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  425.259296][ T5576]  ? kmsan_get_metadata+0xf1/0x160
[  425.259497][ T5576]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  425.259741][ T5576]  ? kmsan_internal_set_shadow_origin+0x7a/0x110
[  425.260038][ T5576]  ? kmsan_get_metadata+0xf1/0x160
[  425.260242][ T5576]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  425.260455][ T5576]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  425.260626][ T5576]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  425.260796][ T5576]  do_writepages+0x3f2/0x860
[  425.261035][ T5576]  ? _raw_spin_unlock+0x30/0x50
[  425.261189][ T5576]  ? wbc_attach_and_unlock_inode+0x131/0x660
[  425.261411][ T5576]  filemap_fdatawrite+0x207/0x260
[  425.261682][ T5576]  f2fs_sync_dirty_inodes+0x2ad/0xa30
[  425.261905][ T5576]  f2fs_write_checkpoint+0x10e1/0x3c50
[  425.262192][ T5576]  ? __pfx_irq_cpu_rmap_notify+0x10/0x10
[  425.262421][ T5576]  kill_f2fs_super+0x320/0x990
[  425.262648][ T5576]  ? __pfx_kill_f2fs_super+0x10/0x10
[  425.262830][ T5576]  deactivate_locked_super+0xcb/0x3c0
[  425.263032][ T5576]  deactivate_super+0x12f/0x140
[  425.263212][ T5576]  cleanup_mnt+0x7eb/0x870
[  425.263396][ T5576]  ? __pfx___cleanup_mnt+0x10/0x10
[  425.263565][ T5576]  __cleanup_mnt+0x22/0x30
[  425.263725][ T5576]  task_work_run+0x208/0x2b0
[  425.263901][ T5576]  exit_to_user_mode_loop+0x306/0x1ea0
[  425.264078][ T5576]  ? user_path_at+0x1fc/0x330
[  425.264272][ T5576]  ? __x64_sys_umount+0x1dc/0x250
[  425.264496][ T5576]  do_syscall_64+0x236/0xf80
[  425.264679][ T5576]  ? clear_bhb_loop+0x50/0xa0
[  425.264861][ T5576]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  425.265029][ T5576] RIP: 0033:0x7fd2a659e017
[  425.265149][ T5576] Code: a2 c7 05 dc 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  425.265283][ T5576] RSP: 002b:00007ffdf461e8d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  425.265431][ T5576] RAX: 0000000000000000 RBX: 00007fd2a6632120 RCX: 00007fd2a659e017
[  425.265535][ T5576] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdf461e990
[  425.265630][ T5576] RBP: 00007ffdf461e990 R08: 00007ffdf461f990 R09: 00000000ffffffff
[  425.265734][ T5576] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdf461fa20
[  425.265849][ T5576] R13: 00007fd2a6632120 R14: 0000000000067bb7 R15: 00007ffdf461fa60
[  425.265992][ T5576]  </TASK>
[  425.608910][ T5683] dm9601: No valid MAC address in EEPROM, using 00:00:00:00:00:00
[  425.677120][ T5576] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  425.713770][ T5576] CPU: 0 UID: 0 PID: 5576 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  425.713977][ T5576] Tainted: [L]=SOFTLOCKUP
[  425.714036][ T5576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  425.714125][ T5576] Call Trace:
[  425.714183][ T5576]  <TASK>
[  425.714241][ T5576]  __dump_stack+0x26/0x30
[  425.714429][ T5576]  dump_stack_lvl+0x14c/0x1c0
[  425.714616][ T5576]  dump_stack+0x1e/0x25
[  425.714793][ T5576]  f2fs_stop_checkpoint+0xac3/0xc70
[  425.715060][ T5576]  f2fs_write_end_io+0x1207/0x2200
[  425.715294][ T5576]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  425.715461][ T5576]  bio_endio+0xfcc/0x1120
[  425.715643][ T5576]  submit_bio_noacct+0x533/0x2920
[  425.715896][ T5576]  submit_bio+0x57a/0x620
[  425.716084][ T5576]  f2fs_submit_write_bio+0x115/0x310
[  425.716323][ T5576]  __submit_merged_bio+0x16b/0x700
[  425.716534][ T5576]  ? kmsan_get_metadata+0xf1/0x160
[  425.716741][ T5576]  __submit_merged_write_cond+0x4ba/0xae0
[  425.717000][ T5576]  f2fs_write_data_pages+0x4f4d/0x5c60
[  425.717327][ T5576]  ? kmsan_get_metadata+0xf1/0x160
[  425.717530][ T5576]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  425.717758][ T5576]  ? kmsan_get_metadata+0xf1/0x160
[  425.717967][ T5576]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  425.718213][ T5576]  ? kmsan_internal_set_shadow_origin+0x7a/0x110
[  425.718417][ T5576]  ? kmsan_get_metadata+0xf1/0x160
[  425.718623][ T5576]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  425.718844][ T5576]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  425.719012][ T5576]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  425.719171][ T5576]  do_writepages+0x3f2/0x860
[  425.719396][ T5576]  ? _raw_spin_unlock+0x30/0x50
[  425.719546][ T5576]  ? wbc_attach_and_unlock_inode+0x131/0x660
[  425.719768][ T5576]  filemap_fdatawrite+0x207/0x260
[  425.720044][ T5576]  f2fs_sync_dirty_inodes+0x2ad/0xa30
[  425.720267][ T5576]  f2fs_write_checkpoint+0x10e1/0x3c50
[  425.720562][ T5576]  ? __pfx_irq_cpu_rmap_notify+0x10/0x10
[  425.720778][ T5576]  kill_f2fs_super+0x320/0x990
[  425.721002][ T5576]  ? __pfx_kill_f2fs_super+0x10/0x10
[  425.721174][ T5576]  deactivate_locked_super+0xcb/0x3c0
[  425.721369][ T5576]  deactivate_super+0x12f/0x140
[  425.721549][ T5576]  cleanup_mnt+0x7eb/0x870
[  425.721731][ T5576]  ? __pfx___cleanup_mnt+0x10/0x10
[  425.721905][ T5576]  __cleanup_mnt+0x22/0x30
[  425.722060][ T5576]  task_work_run+0x208/0x2b0
[  425.722229][ T5576]  exit_to_user_mode_loop+0x306/0x1ea0
[  425.722411][ T5576]  ? user_path_at+0x1fc/0x330
[  425.722610][ T5576]  ? __x64_sys_umount+0x1dc/0x250
[  425.722844][ T5576]  do_syscall_64+0x236/0xf80
[  425.723029][ T5576]  ? clear_bhb_loop+0x50/0xa0
[  425.723206][ T5576]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  425.723378][ T5576] RIP: 0033:0x7fd2a659e017
[  425.723497][ T5576] Code: a2 c7 05 dc 06 25 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  425.723632][ T5576] RSP: 002b:00007ffdf461e8d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  425.723780][ T5576] RAX: 0000000000000000 RBX: 00007fd2a6632120 RCX: 00007fd2a659e017
[  425.723892][ T5576] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdf461e990
[  425.723991][ T5576] RBP: 00007ffdf461e990 R08: 00007ffdf461f990 R09: 00000000ffffffff
[  425.724098][ T5576] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdf461fa20
[  425.724196][ T5576] R13: 00007fd2a6632120 R14: 0000000000067bb7 R15: 00007ffdf461fa60
[  425.724347][ T5576]  </TASK>
[  426.098041][ T5576] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  426.282899][ T5683] dm9601 2-1:0.0 (unnamed net_device) (uninitialized): MDIO read error: -71
[  426.327030][ T5683] dm9601 2-1:0.0 eth9: register 'dm9601' at usb-dummy_hcd.1-1, Davicom DM96xx USB 10/100 Ethernet, 4e:4e:11:7e:76:6b
[  426.346286][ T5683] usb 2-1: USB disconnect, device number 5
[  426.355843][ T5683] dm9601 2-1:0.0 eth9: unregister 'dm9601' usb-dummy_hcd.1-1, Davicom DM96xx USB 10/100 Ethernet
[  427.648927][ T7457] loop4: detected capacity change from 0 to 512
[  427.718002][ T7318] bridge0: port 1(bridge_slave_0) entered blocking state
[  427.735755][ T7318] bridge0: port 1(bridge_slave_0) entered disabled state
[  427.742710][ T7457] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a842c018, mo2=0002]
[  427.745101][ T7318] bridge_slave_0: entered allmulticast mode
[  427.765338][ T7318] bridge_slave_0: entered promiscuous mode
[  427.809115][ T7457] System zones: 1-20
[  427.858163][ T7457] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  427.859906][ T7318] bridge0: port 2(bridge_slave_1) entered blocking state
[  427.947732][ T7318] bridge0: port 2(bridge_slave_1) entered disabled state
[  427.986553][ T7318] bridge_slave_1: entered allmulticast mode
[  428.041765][ T7318] bridge_slave_1: entered promiscuous mode
[  428.119570][   T29] audit: type=1800 audit(1778585476.942:15): pid=7457 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.495" name=2E02 dev="loop4" ino=19 res=0 errno=0
[  428.467038][ T5582] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  428.702336][ T7318] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  428.887397][ T7318] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  429.043647][ T5683] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  429.240681][ T5683] usb 2-1: Using ep0 maxpacket: 32
[  429.313358][ T5683] usb 2-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c
[  429.346374][ T5683] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  429.383002][ T5683] usb 2-1: Product: syz
[  429.415159][ T5683] usb 2-1: Manufacturer: syz
[  429.418921][ T7318] team0: Port device team_slave_0 added
[  429.457988][ T5683] usb 2-1: SerialNumber: syz
[  429.491560][ T5683] usb 2-1: config 0 descriptor??
[  429.513260][ T7318] team0: Port device team_slave_1 added
[  429.529631][ T5683] gspca_main: gspca_topro-2.14.0 probing 06a2:0003
[  429.539654][ T7125] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  429.668821][ T7125] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  429.848001][ T7125] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  429.918531][ T7125] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  430.119248][ T7125] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  430.254418][ T7125] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  430.294417][ T7125] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  430.392734][ T7125] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  430.454019][ T7318] batman_adv: batadv0: Adding interface: batadv_slave_0
[  430.480872][ T7318] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  430.588525][ T7318] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  430.693906][ T7318] batman_adv: batadv0: Adding interface: batadv_slave_1
[  430.720746][ T7318] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  430.806414][ T7318] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  430.818815][ T5683] gspca_topro: reg_w err -71
[  430.879927][ T5683] gspca_topro: Sensor soi763a
[  430.964281][ T5683] usb 2-1: USB disconnect, device number 6
[  431.411067][ T7318] hsr_slave_0: entered promiscuous mode
[  431.424638][ T7318] hsr_slave_1: entered promiscuous mode
[  431.436840][ T7318] debugfs: 'hsr0' already exists in 'hsr'
[  431.620314][ T7318] Cannot create hsr debugfs directory
[  432.351638][ T5228] 8021q: adding VLAN 0 to HW filter on device eth4
[  434.676870][ T7318] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  434.793445][ T7318] 8021q: adding VLAN 0 to HW filter on device netdevsim0
[  434.882086][ T7318] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  434.967053][ T7508] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  435.001569][ T7318] 8021q: adding VLAN 0 to HW filter on device netdevsim1
[  435.050182][ T7318] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  435.174982][ T7318] 8021q: adding VLAN 0 to HW filter on device netdevsim2
[  435.217052][ T7512] loop1: detected capacity change from 0 to 8
[  435.269814][ T7318] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  435.289084][ T7512] SQUASHFS error: lzo decompression failed, data probably corrupt
[  435.300757][ T7512] SQUASHFS error: Failed to read block 0x0: -5
[  435.307914][ T7512] SQUASHFS error: lzo decompression failed, data probably corrupt
[  435.316128][ T7512] SQUASHFS error: Failed to read block 0x0: -5
[  435.325676][   T29] audit: type=1800 audit(1778585484.166:16): pid=7512 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.506" name="file2" dev="loop1" ino=3 res=0 errno=0
[  435.347017][ T7512] SQUASHFS error: lzo decompression failed, data probably corrupt
[  435.355671][ T7512] SQUASHFS error: Failed to read block 0x0: -5
[  435.395881][ T7512] SQUASHFS error: lzo decompression failed, data probably corrupt
[  435.407946][ T7512] SQUASHFS error: Failed to read block 0x0: -5
[  435.415024][ T7512] SQUASHFS error: lzo decompression failed, data probably corrupt
[  435.415182][ T7318] 8021q: adding VLAN 0 to HW filter on device netdevsim3
[  435.423454][ T7512] SQUASHFS error: Failed to read block 0x0: -5
[  435.438320][ T7512] SQUASHFS error: lzo decompression failed, data probably corrupt
[  435.446401][ T7512] SQUASHFS error: Failed to read block 0x0: -5
[  435.453637][ T7512] SQUASHFS error: lzo decompression failed, data probably corrupt
[  435.461866][ T7512] SQUASHFS error: Failed to read block 0x0: -5
[  435.476752][   T29] audit: type=1800 audit(1778585484.206:17): pid=7512 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.506" name="file2" dev="loop1" ino=3 res=0 errno=0
[  435.675514][ T7517] loop4: detected capacity change from 0 to 512
[  435.709154][ T7125] 8021q: adding VLAN 0 to HW filter on device bond0
[  435.810519][ T7517] EXT4-fs (loop4): orphan cleanup on readonly fs
[  435.945963][ T7517] EXT4-fs warning (device loop4): ext4_xattr_inode_get:546: inode #11: comm syz.4.507: ea_inode file size=4 entry size=6
[  436.028869][ T7517] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2860: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  436.086252][ T7517] EXT4-fs error (device loop4): ext4_do_update_inode:5690: inode #15: comm syz.4.507: corrupted inode contents
[  436.126961][ T7517] loop4: lost file I/O error report for ino 15 type 5 pos 0x0 len 0x0 error -117
[  436.136985][    C1] EXT4-fs (loop4): error count since last fsck: 1
[  436.153504][    C1] EXT4-fs (loop4): initial error at time 1778585484: ext4_do_update_inode:5690: inode 15
[  436.163940][    C1] EXT4-fs (loop4): last error at time 1778585484: ext4_do_update_inode:5690: inode 15
[  436.188972][ T7517] EXT4-fs (loop4): Remounting filesystem read-only
[  436.222929][ T7517] EXT4-fs warning (device loop4): ext4_evict_inode:287: xattr delete (err -30)
[  436.270447][ T7125] 8021q: adding VLAN 0 to HW filter on device team0
[  436.282010][ T7517] EXT4-fs (loop4): 1 orphan inode deleted
[  436.326079][ T7517] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  436.526746][ T7307] bridge0: port 1(bridge_slave_0) entered blocking state
[  436.534612][ T7307] bridge0: port 1(bridge_slave_0) entered forwarding state
[  436.884481][ T7293] bridge0: port 2(bridge_slave_1) entered blocking state
[  436.892309][ T7293] bridge0: port 2(bridge_slave_1) entered forwarding state
[  437.065414][ T5582] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  438.044877][ T7535] loop4: detected capacity change from 0 to 2048
[  438.181072][ T7535] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  438.922887][ T7545] loop2: detected capacity change from 0 to 128
[  438.986950][ T7318] 8021q: adding VLAN 0 to HW filter on device bond0
[  439.418321][ T7318] 8021q: adding VLAN 0 to HW filter on device team0
[  439.619085][ T7309] bridge0: port 1(bridge_slave_0) entered blocking state
[  439.627005][ T7309] bridge0: port 1(bridge_slave_0) entered forwarding state
[  439.876902][ T7307] bridge0: port 2(bridge_slave_1) entered blocking state
[  439.884617][ T7307] bridge0: port 2(bridge_slave_1) entered forwarding state
[  440.700589][ T5228] 8021q: adding VLAN 0 to HW filter on device eth5
[  441.052238][ T7318] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  441.746730][ T7309] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  442.043699][ T7309] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  442.161032][ T7568] loop2: detected capacity change from 0 to 2048
[  442.319568][ T7575] input: syz1 as /devices/virtual/input/input10
[  442.346779][ T7568] hpfs: hpfs_map_sector(): read error
[  442.404407][ T7309] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  442.816072][ T7309] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  443.781708][ T7309] bridge_slave_1: left allmulticast mode
[  443.809892][ T7309] bridge_slave_1: left promiscuous mode
[  443.831203][ T7309] bridge0: port 2(bridge_slave_1) entered disabled state
[  443.887862][ T7309] bridge_slave_0: left allmulticast mode
[  443.921528][ T7309] bridge_slave_0: left promiscuous mode
[  443.928788][ T7309] bridge0: port 1(bridge_slave_0) entered disabled state
[  444.761112][ T7309] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  444.814895][ T7309] bond0 (unregistering): (slave 
c
@0Ù): Releasing backup interface
[  444.831711][ T7309] bond0 (unregistering): Released all slaves
[  444.979469][ T7125] 8021q: adding VLAN 0 to HW filter on device batadv0
[  445.346260][ T7600] loop2: detected capacity change from 0 to 128
[  446.249900][ T7309] hsr_slave_0: left promiscuous mode
[  446.285940][ T7309] hsr_slave_1: left promiscuous mode
[  446.322293][ T7309] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  446.361978][ T7309] batman_adv: batadv0: Removing interface: batadv_slave_0
[  446.491710][ T7309] veth1_macvtap: left promiscuous mode
[  446.512591][ T7309] veth0_macvtap: left promiscuous mode
[  446.543772][ T7309] veth1_vlan: left promiscuous mode
[  446.566418][ T7309] veth0_vlan: left promiscuous mode
[  446.899482][ T6618] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  446.909968][ T6618] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  446.920445][ T6618] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  446.937513][ T6618] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  446.952548][ T6618] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  448.060003][ T7621] netlink: 8 bytes leftover after parsing attributes in process `syz.2.533'.
[  448.132650][ T7616] loop4: detected capacity change from 0 to 32768
[  448.151085][ T7616] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.531 (7616)
[  448.176252][ T7616] BTRFS info (device loop4): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  448.188004][ T7616] BTRFS info (device loop4): using crc32c checksum algorithm
[  448.357291][ T7616] BTRFS info (device loop4): setting nodatasum
[  448.365984][ T7616] BTRFS info (device loop4): setting nodatacow
[  448.374898][ T7616] BTRFS info (device loop4): enabling ssd optimizations
[  448.382296][ T7616] BTRFS info (device loop4): turning on flush-on-commit
[  448.389560][ T7616] BTRFS info (device loop4): turning on async discard
[  448.396809][ T7616] BTRFS info (device loop4): enabling free space tree
[  448.449161][   T29] audit: type=1800 audit(1778585497.293:18): pid=7616 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.531" name="bus" dev="loop4" ino=263 res=0 errno=0
[  448.711198][ T5580] Bluetooth: hci0: command tx timeout
[  448.886688][ T5582] BTRFS info (device loop4): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  449.033815][ T5580] Bluetooth: hci4: command tx timeout
[  449.401447][   T40] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  449.414629][ T7309] team0 (unregistering): Port device team_slave_1 removed
[  449.479805][ T7309] team0 (unregistering): Port device team_slave_0 removed
[  449.618462][   T40] usb 5-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7
[  449.638081][   T40] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  449.646732][   T40] usb 5-1: Product: syz
[  449.652029][   T40] usb 5-1: Manufacturer: syz
[  449.656991][   T40] usb 5-1: SerialNumber: syz
[  449.693803][   T40] usb 5-1: config 0 descriptor??
[  450.057242][ T5228] 8021q: adding VLAN 0 to HW filter on device eth6
[  451.027163][   T40] usb 5-1: f81604_read: reg: 100e failed: -EPROTO
[  451.110270][ T5580] Bluetooth: hci4: command tx timeout
[  451.150326][   T40] usb 5-1: f81604_read: reg: 200f failed: -EPROTO
[  451.257797][   T40] usb 5-1: USB disconnect, device number 8
[  451.330581][   T40] usb 5-1: f81604_read: reg: 100f failed: -ENODEV
[  451.501040][ T7318] 8021q: adding VLAN 0 to HW filter on device batadv0
[  451.578062][   T40] usb 5-1: f81604_read: reg: 200f failed: -ENODEV
[  453.189014][ T5580] Bluetooth: hci4: command tx timeout
[  453.369231][ T7125] veth0_vlan: entered promiscuous mode
[  454.835970][ T7676] loop4: detected capacity change from 0 to 32768
[  454.849561][ T7676] btrfs: Deprecated parameter 'usebackuproot'
[  454.855887][ T7676] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  454.868586][ T7676] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.538 (7676)
[  454.911691][ T7676] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  454.922258][ T7676] BTRFS info (device loop4): using crc32c checksum algorithm
[  455.063889][ T1130] BTRFS warning (device loop4): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  455.101488][ T7676] BTRFS error (device loop4): failed to load root extent
[  455.109216][ T7676] BTRFS warning (device loop4): try to load backup roots slot 1
[  455.119949][ T6618] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  455.129889][ T1130] BTRFS warning (device loop4): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  455.144174][ T7676] BTRFS warning (device loop4): couldn't read tree root
[  455.144664][ T6618] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  455.154209][ T7676] BTRFS warning (device loop4): try to load backup roots slot 2
[  455.168982][ T1130] BTRFS error (device loop4): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  455.180505][ T7676] BTRFS warning (device loop4): couldn't read tree root
[  455.181552][ T6618] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  455.188158][ T7676] BTRFS warning (device loop4): try to load backup roots slot 3
[  455.215796][ T6618] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  455.228315][ T6618] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  455.234606][ T7676] BTRFS info (device loop4): rebuilding free space tree
[  455.272040][ T5580] Bluetooth: hci4: command tx timeout
[  455.295679][ T7676] BTRFS info (device loop4): checking UUID tree
[  455.319611][ T7676] BTRFS info (device loop4): enabling ssd optimizations
[  455.326867][ T7676] BTRFS info (device loop4): turning on async discard
[  455.334168][ T7676] BTRFS info (device loop4): enabling free space tree
[  455.341267][ T7676] BTRFS info (device loop4): force clearing of disk cache
[  455.348693][ T7676] BTRFS info (device loop4): enabling auto defrag
[  455.357522][ T7676] BTRFS info (device loop4): trying to use backup root at mount time
[  455.365836][ T7676] BTRFS info (device loop4): use zstd compression, level 3
[  455.544365][ T7666] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512
[  455.682996][ T1309] ieee802154 phy0 wpan0: encryption failed: -22
[  455.693867][ T1309] ieee802154 phy1 wpan1: encryption failed: -22
[  456.224845][ T5582] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  457.346508][ T5580] Bluetooth: hci5: command tx timeout
[  457.386155][ T7318] veth0_vlan: entered promiscuous mode
[  457.572119][ T7318] veth1_vlan: entered promiscuous mode
[  457.971174][ T5228] 8021q: adding VLAN 0 to HW filter on device eth7
[  458.322766][ T7298] =====================================================
[  458.330295][ T7298] BUG: KMSAN: uninit-value in n_tty_receive_buf_standard+0xd32/0xc780
[  458.339067][ T7298]  n_tty_receive_buf_standard+0xd32/0xc780
[  458.345292][ T7298]  n_tty_receive_buf_common+0x1a63/0x25a0
[  458.351718][ T7298]  n_tty_receive_buf2+0x4c/0x60
[  458.357127][ T7298]  tty_ldisc_receive_buf+0xc6/0x2c0
[  458.362604][ T7298]  tty_port_default_receive_buf+0xd7/0x1a0
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  458.368966][ T7298]  flush_to_ldisc+0x43e/0xe40
[  458.373976][ T7298]  process_scheduled_works+0xb65/0x1e40
[  458.380007][ T7298]  worker_thread+0xee4/0x1590
[  458.384899][ T7298]  kthread+0x53f/0x600
[  458.389452][ T7298]  ret_from_fork+0x20f/0x8d0
[  458.394293][ T7298]  ret_from_fork_asm+0x1a/0x30
[  458.399430][ T7298] 
[  458.405798][ T7298] Uninit was stored to memory at:
[  458.411208][ T7298]  n_tty_receive_buf_standard+0xd2b/0xc780
[  458.417402][ T7298]  n_tty_receive_buf_common+0x1a63/0x25a0
[  458.423388][ T7298]  n_tty_receive_buf2+0x4c/0x60
[  458.428630][ T7298]  tty_ldisc_receive_buf+0xc6/0x2c0
[  458.434037][ T7298]  tty_port_default_receive_buf+0xd7/0x1a0
[  458.441280][ T7298]  flush_to_ldisc+0x43e/0xe40
[  458.446322][ T7298]  process_scheduled_works+0xb65/0x1e40
[  458.452087][ T7298]  worker_thread+0xee4/0x1590
[  458.457215][ T7298]  kthread+0x53f/0x600
[  458.461556][ T7298]  ret_from_fork+0x20f/0x8d0
[  458.468590][ T7298]  ret_from_fork_asm+0x1a/0x30
[  458.473577][ T7298] 
[  458.476542][ T7298] Uninit was created at:
[  458.481054][ T7298]  __kmalloc_noprof+0x482/0x1660
[  458.486379][ T7298]  __tty_buffer_request_room+0x3d4/0x7a0
[  458.492214][ T7298]  __tty_insert_flip_string_flags+0x157/0x6e0
[  458.498629][ T7298]  uart_insert_char+0x368/0x930
[  458.503701][ T7298]  serial8250_read_char+0x1ba/0x670
[  458.509270][ T7298]  serial8250_handle_irq_locked+0x6d4/0xa40
[  458.515374][ T7298]  serial8250_handle_irq+0x189/0x710
[  458.520947][ T7298]  serial8250_default_handle_irq+0x116/0x350
[  458.527759][ T7298]  serial8250_interrupt+0xcb/0x3f0
[  458.533175][ T7298]  __handle_irq_event_percpu+0x118/0xf30
[  458.539231][ T7298]  handle_irq_event+0xe0/0x2a0
[  458.544186][ T7298]  handle_edge_irq+0x2a9/0xaf0
[  458.549297][ T7298]  __common_interrupt+0x9d/0x180
[  458.554418][ T7298]  common_interrupt+0x94/0xb0
[  458.559581][ T7298]  asm_common_interrupt+0x2b/0x40
[  458.564788][ T7298] 
[  458.567385][ T7298] CPU: 1 UID: 0 PID: 7298 Comm: kworker/u8:27 Tainted: G             L      syzkaller #0 PREEMPT(full) 
[  458.578937][ T7298] Tainted: [L]=SOFTLOCKUP
[  458.583455][ T7298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  458.593839][ T7298] Workqueue: ttyS-serial_8250 flush_to_ldisc
[  458.600243][ T7298] =====================================================
[  458.607452][ T7298] Disabling lock debugging due to kernel taint
[  458.840614][ T7298] Kernel panic - not syncing: kmsan.panic set ...
[  458.847254][ T7298] CPU: 1 UID: 0 PID: 7298 Comm: kworker/u8:27 Tainted: G    B        L      syzkaller #0 PREEMPT(full) 
[  458.858627][ T7298] Tainted: [B]=BAD_PAGE, [L]=SOFTLOCKUP
[  458.864303][ T7298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  458.874551][ T7298] Workqueue: ttyS-serial_8250 flush_to_ldisc
[  458.880789][ T7298] Call Trace:
[  458.884192][ T7298]  <TASK>
[  458.887238][ T7298]  __dump_stack+0x26/0x30
[  458.891873][ T7298]  dump_stack_lvl+0x50/0x1c0
[  458.896774][ T7298]  ? dump_stack+0x12/0x25
[  458.901322][ T7298]  dump_stack+0x1e/0x25
[  458.905684][ T7298]  vpanic+0x7b4/0x1430
[  458.910013][ T7298]  panic+0x15d/0x160
[  458.914209][ T7298]  kmsan_report+0x31a/0x320
[  458.918956][ T7298]  ? __msan_warning+0x1b/0x30
[  458.923945][ T7298]  ? n_tty_receive_buf_standard+0xd32/0xc780
[  458.930196][ T7298]  ? n_tty_receive_buf_common+0x1a63/0x25a0
[  458.936445][ T7298]  ? n_tty_receive_buf2+0x4c/0x60
[  458.941791][ T7298]  ? tty_ldisc_receive_buf+0xc6/0x2c0
[  458.947403][ T7298]  ? tty_port_default_receive_buf+0xd7/0x1a0
[  458.953626][ T7298]  ? flush_to_ldisc+0x43e/0xe40
[  458.958698][ T7298]  ? process_scheduled_works+0xb65/0x1e40
[  458.964657][ T7298]  ? worker_thread+0xee4/0x1590
[  458.969741][ T7298]  ? kthread+0x53f/0x600
[  458.974243][ T7298]  ? ret_from_fork+0x20f/0x8d0
[  458.979304][ T7298]  ? ret_from_fork_asm+0x1a/0x30
[  458.984481][ T7298]  ? ret_from_fork_asm+0x1a/0x30
[  458.989748][ T7298]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  458.995838][ T7298]  ? kmsan_get_metadata+0x146/0x160
[  459.001288][ T7298]  ? kmsan_internal_set_shadow_origin+0x7a/0x110
[  459.007873][ T7298]  ? kmsan_get_metadata+0xf1/0x160
[  459.013316][ T7298]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  459.019390][ T7298]  ? ktime_get_mono_fast_ns+0x55b/0x5a0
[  459.025195][ T7298]  ? kmsan_get_metadata+0xf1/0x160
[  459.030559][ T7298]  ? kmsan_get_metadata+0xf1/0x160
[  459.035929][ T7298]  __msan_warning+0x1b/0x30
[  459.040654][ T7298]  n_tty_receive_buf_standard+0xd32/0xc780
[  459.046782][ T7298]  ? kmsan_get_metadata+0xf1/0x160
[  459.052180][ T7298]  ? kmsan_internal_set_shadow_origin+0x7a/0x110
[  459.058798][ T7298]  ? kmsan_internal_unpoison_memory+0x14/0x20
[  459.065223][ T7298]  n_tty_receive_buf_common+0x1a63/0x25a0
[  459.071374][ T7298]  n_tty_receive_buf2+0x4c/0x60
[  459.076643][ T7298]  ? __pfx_n_tty_receive_buf2+0x10/0x10
[  459.082456][ T7298]  tty_ldisc_receive_buf+0xc6/0x2c0
[  459.087915][ T7298]  tty_port_default_receive_buf+0xd7/0x1a0
[  459.093997][ T7298]  flush_to_ldisc+0x43e/0xe40
[  459.099001][ T7298]  ? __pfx_tty_port_default_receive_buf+0x10/0x10
[  459.105698][ T7298]  ? __pfx_flush_to_ldisc+0x10/0x10
[  459.111142][ T7298]  process_scheduled_works+0xb65/0x1e40
[  459.117007][ T7298]  worker_thread+0xee4/0x1590
[  459.121965][ T7298]  kthread+0x53f/0x600
[  459.126293][ T7298]  ? __pfx_worker_thread+0x10/0x10
[  459.132091][ T7298]  ? __pfx_kthread+0x10/0x10
[  459.136906][ T7298]  ret_from_fork+0x20f/0x8d0
[  459.141729][ T7298]  ? __switch_to+0x573/0x7a0
[  459.146582][ T7298]  ? __pfx_kthread+0x10/0x10
[  459.151429][ T7298]  ret_from_fork_asm+0x1a/0x30
[  459.156467][ T7298]  </TASK>
[  459.160066][ T7298] Kernel Offset: disabled
[  459.164451][ T7298] Rebooting in 86400 seconds..