last executing test programs:

2m43.137976451s ago: executing program 2 (id=253):
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140))
read(r0, &(0x7f00000001c0)=""/83, 0x53)
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
syz_io_uring_setup(0x131, &(0x7f0000000600)={0x0, 0x800006, 0x2}, &(0x7f0000ffe000), 0x0)
ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000})

2m41.896743213s ago: executing program 2 (id=259):
r0 = fsopen(&(0x7f0000000040)='cgroup2\x00', 0x1)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x82)
fchdir(r1)
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffffb)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x14e174135c0b87af)

2m41.093039061s ago: executing program 2 (id=262):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="0f000000040000000400000012"], 0x48)
r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000340)={0xe, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="18020000801000000000000004000000850000002700000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x40f00}, 0x80)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000500)=ANY=[@ANYRES32=r1, @ANYRES32=r2, @ANYBLOB="05"], 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{r1}, &(0x7f00000006c0), &(0x7f0000000700)=r0}, 0x20)
bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000380)={r1, &(0x7f00000007c0)}, 0x20)

2m40.521067876s ago: executing program 2 (id=266):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$cgroup2(0x0, &(0x7f0000000480)='./file0\x00', &(0x7f00000004c0), 0x800010, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
pivot_root(&(0x7f0000000140)='./file0\x00', &(0x7f0000000240)='./file0/../file0\x00')

2m39.497016473s ago: executing program 2 (id=271):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x4098, &(0x7f0000000080)={[{@nogrpid}, {@errors_remount}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x66}}, {@nodioread_nolock}, {@nodiscard}, {@noquota}]}, 0x3, 0x438, &(0x7f0000000d80)="$eJzs289rHFUcAPDv7GZT01+Jpf5oWjVaxeCPpElr7cGLouBBQdBDPcYkLbHbRpoItgSNIvUoBe/iUfAv8KQXUU8Fr3oXoUgurZ5WZncm2d1sfnaTrd3PByb5vpm3vPfNzNt9My8bQNcaSn8kEfsj4veI6K8VGysM1X7dXlqY/GdpYTKJSuXtv5NqvVtLC5N51fx1+/JCT0Th8ySOtmh37srVCxPl8vTlrDw6f/GD0bkrV5+fuThxfvr89KXxM2dOnRx78fT4C23JM83r1uDHs8eOvP7u9Tcnz15/75fvkjz/pjzaZGi9g09VKm1urrMO1MVJTwc7wpYUa8M0StXx3x/FWDl5/fHaZx3tHLCjKpVK5cG1Dy9WgHtYEp3uAdAZ+Qd9ev+bb7s09bgr3Hy5dgOU5n0722pHeqKQ1Sk13d+201BEnF389+t0i515DgEA0OCHdP7zXKv5XyHqnwsdzNZQBiLi/og4FBGnI+JwRDwQUa37UEQ8vMX2mxdJVs9/Dm4rr81K538vZWtbjfO/fPYXA8WsdKCafyk5N1OePpH1bDhKe9Ly2Dpt/Pjqb1+2PJA1kc//0i1tP58LZpX+6tnT+LKpifmJO8m53s1PIwZ7WuWfLK8EJBFxJCIGt9nGzDPfHlvr2NCG+a+jDetMlW8inq6d/8Voyj+XrL8+OXpflKdPjOZXxWq/3rj21lrt31H+bZCe/70tr//l/AeS+vXaua23ce2PL9a8p9k4/9bXf2/yTsO+jybm5y+PRfQmb9Q6Xb9/vKne+Er9NP/h463H/6FY+UscjYj0In4kIh6NiMeyvj8eEU9ExPHVqd3ozYKfX3ny/WpQ2k7+OyvNf2pL538l6I3mPa2D4oWfvm9odGAr+afn/1Q1Gs72bOb9bzP92t7VDAAAAP8/hYjYH0lhZDkuFEZGav/Dfzj2Fsqzc/PPnpv98NJU7TsCA1Eq5E+6+uueh45lt/V5ebypfDJ7bvxVsa9aHpmcLU91OnnocvvWGP+pP4ud7h2w43xfC7qX8Q/dy/iH7mX8Q/dqMf77OtEPYPe1+vz/pAP9AHZf0/i37AddxP0/dC/jH7qX8Q9daa4vNv6SvECwKojCXdENwQ4FnX5nAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAaI//AgAA//9Lr+a0")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
write$binfmt_script(r0, &(0x7f0000000240), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r0, 0x0)
openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file2\x00', 0x204000, 0x5)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)

2m38.203395321s ago: executing program 2 (id=275):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file1\x00', 0x810, &(0x7f0000000140)={[{@nossd_spread}, {@nodatacow}, {@enospc_debug}, {@nossd}, {@nodatasum}, {@autodefrag}, {@discard_async}, {@max_inline={'max_inline', 0x3d, [0x65, 0x38, 0x78, 0x39, 0x70, 0x36]}}]}, 0x1, 0x50f3, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
ftruncate(r0, 0x8008976)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000002c0)={0x6, 0x2, 0x1, 0x0, 0x0, [{{r0}, 0x559}]})

2m34.836353869s ago: executing program 32 (id=275):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x2)
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file1\x00', 0x810, &(0x7f0000000140)={[{@nossd_spread}, {@nodatacow}, {@enospc_debug}, {@nossd}, {@nodatasum}, {@autodefrag}, {@discard_async}, {@max_inline={'max_inline', 0x3d, [0x65, 0x38, 0x78, 0x39, 0x70, 0x36]}}]}, 0x1, 0x50f3, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
ftruncate(r0, 0x8008976)
ioctl$FIDEDUPERANGE(r0, 0xc0189436, &(0x7f00000002c0)={0x6, 0x2, 0x1, 0x0, 0x0, [{{r0}, 0x559}]})

2m12.535335892s ago: executing program 4 (id=355):
r0 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000040)=0x46c, 0x4)
r1 = socket(0xa, 0x2, 0x0)
symlink(&(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38//file0\x00', 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'ip6gretap0\x00', <r2=>0x0})
sendto$packet(r0, &(0x7f0000000080)="3303160081fd140000007ef52f555f2a0c0900000000000000f786dd3baa4b1f0f858c4632f47042195e", 0xfdef, 0x40008c1, &(0x7f00000000c0)={0x11, 0x0, r2, 0x1, 0x62, 0x6, @broadcast}, 0x14)

2m11.854651404s ago: executing program 4 (id=357):
pipe2(&(0x7f00000000c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80000)
fcntl$setpipe(r0, 0x407, 0x0)
write$FUSE_INIT(r0, &(0x7f0000000340)={0x50, 0x0, 0x0, {0x7, 0x28, 0x0, 0x0, 0x0, 0x0, 0x4}}, 0x50)
vmsplice(r0, &(0x7f0000000140)=[{&(0x7f0000000100)="eb", 0x20000101}], 0x1, 0x0)
fcntl$setpipe(r0, 0x407, 0x2000000)
prctl$PR_SET_THP_DISABLE(0x29, 0x0)

2m9.782450744s ago: executing program 4 (id=364):
socket(0x80000000000000a, 0x2, 0x0)
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f0000000780)={0x0, 0x22, 0xf, {[@global=@item_4={0x3, 0x1, 0x6, "2f70c30a"}, @global=@item_4={0x3, 0x1, 0x6, "f8d5844f"}, @main=@item_4={0x3, 0x0, 0x9, "5aa8257f"}]}}, 0x0}, 0x0)
r1 = syz_open_dev$hiddev(&(0x7f0000000140), 0x0, 0x0)
ioctl$HIDIOCSREPORT(r1, 0x400c4808, &(0x7f0000000080)={0x2, 0x0, 0x7})

2m5.612219924s ago: executing program 4 (id=373):
syz_mount_image$minix(&(0x7f0000000300), &(0x7f0000000180)='./file2\x00', 0x4000, &(0x7f0000001f00)=ANY=[], 0x1, 0x210, &(0x7f0000000700)="$eJzs28tOE1Ecx/Hf9EZFI17iJa5MTIwbqQIJ6Up5ADcuTVyQWkjjoEbcQEiUl3Dv1pWPQKLv4QvAwp0rjjkzp2nHDp0LM0yg309C50/n/M6cAc6h04sAzKznwa0nT+2gMsZ8vi/p1QtJjYoHB6BUxm2PDYDZU8899V8P1xAA59LRWl1SWwee9PvPXu/QfbVTPn44WquFhScdjuUvpc3ve8H2XiOan5d0eaL15AWJ+RbmH2qYtyPf613JePx5RY+va2nz4fk/eqCmxvJXJS1IQTfXJd2QdFOas21vSapFjt9y343yd8M79lOeBgAAAAAAU9mrz8XT5hM7qEt6ErvHXgdvDPx+/N5kTZd/mjPfcvmlaY1Mcn55/M7aSa29UdkMN3Muv9h777/JMG6gCLVs83/iaUH7F32Q0MGJ08GtDNH530w/GveM4Mbga6YMgND2zu7bdd/vfyyyeDatjZS1Q7siFDzC+OK7LfQ3fGWk5GPlKeximzc+fEGm6IF9UXIbk6LNRSoaxf6cf8r7f542IpPoh/vdZuj5ZdyuliLzNKJ+xgsTgNJ1Pm196Gzv7D4ebK1v9jf771ZWu93VleWlbid4WG5vzULVowRQhtF//5idad/EAwAAAAAAAAAAAAAAKnVb0p2g+nWcIcY7AwAAAIBz6Cw+FFX1OQIAAAAAAAAAAAAAcNH9CwAA///UBDZV")
mount$overlay(0x0, 0x0, 0x0, 0x2000000, &(0x7f00000001c0)={[{@volatile}, {@volatile, 0x3a}], [], 0x2f})
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x3a})
chdir(&(0x7f0000000100)='./file0\x00')
setreuid(0x0, 0xee00)
fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffffb)

2m4.626939888s ago: executing program 4 (id=376):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={0x0}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000002f40)={&(0x7f0000000080)=@newtaction={0x70, 0x30, 0x9, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_skbedit={0x58, 0x1, 0x0, 0x0, {{0xc}, {0x48, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PRIORITY={0x8, 0x4}, @TCA_SKBEDIT_PARMS={0x18}, @TCA_SKBEDIT_PTYPE={0x6, 0xa}]}, {0x4}, {0xc, 0x5}, {0xc, 0x9, {0x4c}}}}]}]}, 0x70}}, 0x0)
socketpair$unix(0x1, 0x5, 0x0, 0x0)
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r1, 0x8b19, &(0x7f0000000080)={'wlan1\x00', @random="02001c00004a"})

2m3.302336936s ago: executing program 4 (id=380):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000400)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000140)={0x28, 0x4, r1, 0x0, &(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x5})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000000)={0x28, 0x4, r1, 0x0, &(0x7f00004f9000/0x3000)=nil, 0x3000})
ioctl$IOMMU_IOAS_COPY(r0, 0x3b83, &(0x7f0000000040)={0x28, 0x5, r1, r1, 0x3, 0xfffffffffffffffa, 0x3fff})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000280)={0x28, 0x4, r1, 0x0, &(0x7f00004f9000/0x4000)=nil, 0x4000, 0xf3})

2m1.791384215s ago: executing program 33 (id=380):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000400)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000140)={0x28, 0x4, r1, 0x0, &(0x7f0000ffa000/0x2000)=nil, 0x2000, 0x5})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000000)={0x28, 0x4, r1, 0x0, &(0x7f00004f9000/0x3000)=nil, 0x3000})
ioctl$IOMMU_IOAS_COPY(r0, 0x3b83, &(0x7f0000000040)={0x28, 0x5, r1, r1, 0x3, 0xfffffffffffffffa, 0x3fff})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000280)={0x28, 0x4, r1, 0x0, &(0x7f00004f9000/0x4000)=nil, 0x4000, 0xf3})

59.605262525s ago: executing program 5 (id=561):
syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x8e, 0x88, 0x5, 0x20, 0x8086, 0x9500, 0xb6d8, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x1, 0x0, 0x0, 0x15, 0xcc, 0x1c}}]}}]}}, 0x0)
syz_open_dev$I2C(&(0x7f0000000040), 0x1, 0x2003)
socket$key(0xf, 0x3, 0x2)
r0 = socket$nl_route(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0xc, &(0x7f0000000200)=0x82, 0x4)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="240000001a0001000000ff7f0000000080000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\b\x00', @ANYRES32=r0], 0x24}}, 0x0)

57.211793893s ago: executing program 5 (id=570):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
ioctl$int_in(r1, 0x5452, &(0x7f0000000040)=0x8001)
r2 = getpgid(0x0)
fcntl$setownex(r1, 0xf, &(0x7f0000000140)={0x2, r2})
fcntl$setsig(r1, 0xa, 0x1c)
sendmmsg$unix(r0, &(0x7f0000006c40)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000300)="11", 0x1}], 0x1}}], 0x1, 0x40015)

56.331009329s ago: executing program 5 (id=573):
open(&(0x7f0000000000)='./file0\x00', 0x1607c0, 0x78e22799f4a46ffe)
r0 = open(&(0x7f00009e1000)='./file0\x00', 0x8060, 0x0)
fcntl$setlease(r0, 0x400, 0x0)
r1 = open(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)
fcntl$lock(r1, 0x25, &(0x7f00000002c0))
execve(&(0x7f0000000040)='./file0\x00', 0x0, 0x0)

55.472530576s ago: executing program 5 (id=577):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000400)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000007c0)={0x28, 0x7, r1, 0x0, &(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x4})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000280)={0x28, 0x3, r1, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x100000001})
ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000001100)={0x28, 0x3, r1, 0x0, &(0x7f0000001000)='Q', 0x1, 0x100000000})
ioctl$IOMMU_IOAS_COPY(r0, 0x3b83, &(0x7f0000000380)={0x28, 0x4, r1, r1, 0x11000, 0x5, 0x9})

54.839725805s ago: executing program 5 (id=581):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8000000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_mount_image$jfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x1010000, &(0x7f0000000200)=ANY=[@ANYBLOB="696f636861727365743d6d616363726f617469616e2c646973636172643d3078303030303030303030303030303030332c6e6f646973636172642c6572726f72733d636f6e74696e75652c696f636861727365743d6d6163637972696c6c69632c0067add4ceec7cb8702b1b4a0ff322839e69b507d7478e0706b00408dc59283f5c0159b8e3c0289dcb182504844ef8e6972cdb3f50680fc9602ed27c1f6b47a91f941f154ae205d34a9b7a7c67efa0c0e2a70251d664fce12ae64a5a521aa83080b7672c4e1566a61a0ade4b6c9d78151053d9fb31fd2cfc77f269f873e14e5fe3c46c0acbb22d40391ae31d2025dcd947adf76739ae4ecbe3b630040b37e2b09d7816e0b93981de1147532cf2f46d4d4904f68fb43cd165b9"], 0x1, 0x61d0, &(0x7f000000cb40)="$eJzs3c2OHFfZB/Cn+ms+8saxsojyWghNEgMJIf4MxhAgyQIWbFggb5GtySSycADZBjmRhSeaDQsuAoTEEhBLVlxAFmzZcQFYspGArFKoZs4Z1zTd7rGd6eqZ8/tJk6qnTtX0qfy7prtdVX0CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIjvffcHZ6uIuPzztOB4xP9FP6IXsdLUaxGxsnY8rz+IiOdjuzmei4jhUkSVG5+JeD0iPj4Wce/+7fVm0bl99uM7f/zbb3/41Pf/+vvh6X//6Wb/jWnr3br1q3/9+c7j7y8AAACUqK7rukof80+kz/e9rjsFAMxFfv2vk7xcvXD15oL1R61Wq9WHsG6rJ7vTLiJis71N857B6XgAOGQ245Ouu0CH5F+0QUQ81XUngIVWdd0BDsS9+7fXq5Rv1X49WNtpz9eC7Ml/s9q9v2PadJbxa0zm9fzain48O6U/K3PqwyLJ+ffG87+80z5K6x10/vMyLf/Rzq1Pxcn598fzH3N08u9NzL9UOf/BI+Xflz8AAAAAACyw/O//xzs+/7v05LuyLw87/7s2pz4AAAAAAAAAwGftScf/21UZ/w8AAAAWVfNZvfHrYw+WTfsutmb5pSri6bH1gcKkm2VWu+4HAAAAAAAAAAAAAJRksHMN76UqYhgRT6+u1nXd/LSN14/qSbc/7ErffyhZ13/kAQBgx8fHxu7lryKWI+JS+q6/4erqal0vr6zWq/XKUn4/O1parldan2vztFm2NNrHG+LBqG5+2XJru7ZZn5dntY//vuaxRnV/Hx2bjw4DB4CI2Hk1uucV6Yip62ei63c5HA6O/6PH8c9+dP08BQAAAA5eXdd1lb7O+0Q659/rulMAwFzk1//x8wJqtVqtVquPXt1WT3anXUTEZnub5j2D4fgB4JDZjE+67gIdkn/RBhHxfNedABZa1XUHOBD37t9er1K+Vfv1II3vnq8F2ZP/ZrW9Xd5+0nSW8WtM5vX82op+PDulP8/NqQ+LJOffG8//8k77KK130PnPy7T8m/083kF/upbz74/nP+bo5N+bmH+pcv6DR8q/L38AAAAAAFhg+d//jy/U+d/R4+7OTA87/7t2YI8KAAAAAAAAAAfr3v3b6/m+13z+/3MT1nP/59GU86/kX6Scf7r/f/fCm5fH1uu35u++/SD/f96/vf67m//4/zzdb/5LeaZKz6wqPSOq9EjVIE0fc8em2Br2R80jDatef5Cu+amH78bVuBYbcWbPur10PDxoP7unvenpcLu97u+0n9vTPthtz9uf39M+TFc61Su5/VSsx0/iWryz3d60Lc3Y/+UZ7fWM9px/3/FfpJz/oPXT5L+a2quxaePuR73/Oe7b00mP89bVz//yzMHvzkxb0d/dt7Zm/17soD/b/0+eGsXPbmxcP3Xrys2b189GmuxZei7S5DOW8x+mn5z/yy/ttOe/++3j9e5Ho0fOf1FsxWBq/i+15pv9fWXOfetCzn+UfnL+76T2ycf/Yc5/+vH/agf9AQAAAAAAAAAAAAAAgIep63r7FtG3IuJCuv+nq3szAYD5yq//dZKXz6vuP+72f9i7H131X62ec10tWH/mWn9aL1Z/1AtZ/2fB+rNwdVs92ZvtIiL+0t6mec/wi0m/DABYZJ9GxN+77gSdkX/B8vf9NdOTXXcGmKsbH3z4oyvXrm1cv9F1TwAAAAAAAACAx5XH/1xrjf98sq7rO2Pr7Rn/9e1Ye9LxPwd5ZneA0SkDVfcffZ8eZqs36vdaw42/ENPG/x7uzj1s/O/BjMcbzmgfzWhfmtG+PKN94o0eLTn/F1rjnZ+MiBNjw6+XMP7r+Jj3Jcj5v9h6Pjf5f2lsvXb+9W8Oc/69Pfmfvvn+T0/f+ODD166+f+W9jfc2fnz+7Nkz5y9cuHjx4ul3r17bOLPz3w57fLBy/nnsa9eBliXnnzOXf1ly/l9ItfzLkvP/YqrlX5acf36/J/+y5PzzZx/5lyXn/0qq5V+WnP+XUy3/suT8X021/MuS8/9KquVflpz/a6mWf1ly/qdSLf+y5PxPp3qf+a8cdL+Yj5x/PsPl+C9Lzj9f2SD/suT8z6Va/mXJ+Z9PtfzLkvN/PdXyL0vO/6upln9Zcv4XUi3/suT8v5Zq+Zcl538x1fIvS87/66mWf1ly/t9ItfzLkvN/I9XyL0vO/5upln9Zcv7fSrX8y5Lz/3aq5V+WnP+bqZZ/WR58/78ZM2bM5Jmu/zIBAAAAAAAAAAAAAOPmcTlx1/sIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB/2YEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUV9u4tRq67vgP4mb1540BiIKROasLGMcY4m+z6El9oXUy4NtxKQij0gu1612bBN7x2CTSqHQVKJIyKKtqGh7aAUJuXCqvigVaA8oBaVaoE7QN9QVSoPERVQAGpKq0gW82c//+/M7OzM7ve8ebMOZ+PlPyyM2fmnDnzn9n92vnuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM3ufMPsp2pZltVqtfyCTVn2ovq8YWJT45LXvrDHBwAAAKzdLxr/fu7mdMHhFdyoaZt/uuPbX11YWFjI3jf8p6OfW1hIV0xk2eiGLGtcF139wftrzdsEj2fjtaGmr4d67H64x/UjPa4f7XH9WI/rN/S4frzH9UtOwBI3ZLV0Z9sa/7kpP6XZLdlo47ptHW71eG3DUP3cpdtmtcZtFkZPZHPZqWw2m27ZPt+21tj+63fW9/XWLO5rqGlfW+or5CePHo/HUAvneFvLvhbvM/rR67OJn/7k0eN/feHZ2zrNnqeh5f7y49yxtX6cnwiX5MdayzakcxKPc6jpOLd0eE6GW46z1rhd/b/bj/O5FR7n8OJhrqv253w8G2r893ca52mklnU4T1vCZT+7K8uyy4uH3b7Nkn1lQ9nGlkuGFp+f8XxF1u+jvpRemo2sap3euYJ1Wp8z21rXaftrIj7/d4bbjSxzDM1P048eG2t63n++cC3rNKo/6uVeK+1rsN+vlaKswbguvtN40E90XIPbwuN/dPvya7Dj2umwBtPjblqDW3utwaGx4cYxpyeh1rjN4hrc1bL9cGNPtcZ8Znv3NTh14fS5qfmPffyeudPHTs6enD2zZ9eu6T379h04cGDqxNyp2en839d4totvYzaUXgNbw7mLr4FXt23bvFQXvji25P33Wl+H411eh5vatu3363Ck/cHV1ucFuXRN56+N99RP+viVoWyZ11jj+dm59tdhetxNr8ORptdhx+8pHV6HIyt4Hda3ObdzZT+zjDT90+kYlv9esLY1uKlpDbb/PNK+Bvv980hR1uB4WBff27n894It4XifmFztzyPDS9Zgerjhvad+Sfp5f/xAY3Ral7fXr7hxLLs4P3v+3keOXbhwflcWxrp4WdNaaV+vG5seU7ZkvQ6ter0enrvjids7XL4pnKvxe+r/Gl/2uapvs/fe7s9V47tb5/PZcunuLIw+W+/z2em7ef18jmXZ57/12IPfePTzb1j2fNbz5iem1v6zeMqlTe+/o8u8/8bc/3y+v3RXjw+PjuSv3+F0dkZb3o9bn6qRxntXrbHv56ZW9n48Gv5Z7/fjW7q8H29u27bf78ej7Q8uvh/Xev1px9q0P5/jYZ2cmu7+flzfZvPu1a7Jka7vx3eFWQvn/zUhKaRc1LR2llu3aV8jI6PhcY3EPbSu0z0t24+GbFbf11O7r22d7rgrv6/h9OgWrdc6nWjbtt/rNP3Z13LrtNbrT9+uTfvzOR7WxS17uq/T+jZP7137e+cN8T+b3jvHeq3B0eGx+jGPpkXYeL/PFm6Ia/De7Hh2NjuVzTSuHWusp1pjX5P3rWwNjoV/1vu9cnOXNbijbdt+r8H0fWy5tVcbWfrg+6D9+RwP6+LJ+7qvwfo2b9zf359dd4RL0jZNP7u2//nacn/mdXvbabpea2UkHOe39nf/s9n6NqcOrDZndj9Pd4dLbuxwntpfv8u9pmay9TlPm8NxPntg+fNUP576Np87uML1dDjLsksfub/x573h71f+7uJ3v9ry9y6d/k7n0kfu//GLT/zjao4fgMH3fD425t/rmv5maiV//w8AAAAMhJj7h8JM5H8AAAAojZj74/8Vnsj/AAAAUBox94+EmVQk/29+47Nzz1/KUjN/IYjXp9PwQL5d7LhOh68nFhbVL7//y7P//Q+XVrbvoSzLfv7AH3TcfvMD8bhyE+E4r76p9fIlvnrPivZ99OFLab/N/fUvhPuPj2ely6BTBXc6y7Kv3/yZxn4m3n+lMZ9+4GhjPnj5icfr2zx3MP863v6Zl+Xb/0Uo/x4+cazl9s+E8/DDMKff1vl8xNt95cprtux/7+L+4u1qW29qPOwnP5Dfb/w9OZ99PN8+nufljv8bn37qK/XtH3lV5+O/NNT5+J8K9/vlMP/3Ffn2zc9B/et4u0+G44/7i7e790vf7Hj8Vz+Vb3/uzfl2R8OM+98Rvt725mfnms/XI7VjLY8re0u+Xdz/9Hf/uHF9vL94/+3HP37kSsv5aF8fT/9bfj9TbdvHy+N+or9v23/9fprXZ9z/U390tOU899r/1QefeUX9ftv3f3fbduc+srOx/8X7a/2NTX/5yc903F88nsN/e67l8Rx+d3gdh/0/+YGwHsP1/3c1v7/2365w9N2t7z9x+y9sutTyeKK3/jTf/9XXnWzMDeM3bLzxRS++6fIr6+cuy76zIb+/Xvs/+VdnW47/i7fm5yNeHzv67ftfTtz/+Y9Onjk7f3FuJp3VR29u/O6ct+fHE4/35vDe2v71kbMXPjh7fmJ6YjrLJsr7K/Su2ZfC/HE+LnffemHJO+jOh8Pzefuff33j9n/9dLz839+TX37lbfn3rVeH7T4bLt8Unr/V7X+pJ++8tfH6rj0djnBh6e8LXost2/7rwIo2DI+//eeCuN7PvfyDjfNQv67xfSO+rtd4/N+fye/na+G8LoTfzLz11sX9NW8ffzfClYfy1/uaz194m4vP69+E5/sdP8zvPx5XfLzfDz/HfHNz6/tdXB9fuzTUfv+N3+JxObyfZJfz6+NW8Xxfee7WjocXfw9Jdvm2xtd/ku7ntlU9zOXMf2x+6tTcmYuPTF2Ynb8wNf+xjx85ffbimQtHGr/L88iHet1+8f1pY+P9aWZ2396s8W51Nh/X2Qt9/OcePj6zf3r7zOyJYxdPXHj43Oz5k8fn54/PzsxvP3bixOxHe91+bubQrt0H9+zfPXlybubQgYMH9xycnDtztn4Y+UH1sG/6w5Nnzh9p3GT+0N6Du+67b+/05OmzM7OH9k9PT17sdfvG96bJ+q1/f/L87KljF+ZOz07Oz3189tCug/v27e752wBPnzsxPzF1/uKZqYvzs+en8scycaFxcf17X6/bU07z/5H/PNuulv8ivuxdd+9Lv5+17suPLXtX+SZtv0D02fC7aP75JecOrOTrmPtHw0wqkv8BAACgCmLuHwszkf8BAACgNGLu3xBmIv8DAABAacTcPx5mUpH8X7r+/+ZLK9q//r/+f/P50v+vWP//oaL1//P3C/3//lhr/17/P9D/1//X/9f/1/+nD4rW/4+5/4Ysq2T+BwAAgCqIuX9jmIn8DwAAAKURc/+NYSbyPwAAAJRGzP0vCjOpSP7X/9f/1//X/9f/77x//f/BpP/fnf5/D/r/U1m1+v+X+3n8+v/6/yxVtP5/zP0vDjOpSP4HAACAKoi5/6YwE/kfAAAASiPm/pvDTOR/AAAAKI2Y+zeFmVQk/+v/6//r/+v/6/933r/+/2DS/+9O/78H/X+f/6//r/9PXxWt/x9z/0vCTCqS/wEAAKAKYu5/aZiJ/A8AAADFM3JtN4u5/2VhJkvy/zXuAAAAAHjBxdx/S9ZWBK/I3//r/+v/F7//vyFdp/+v/58Vsv8/nOn/F4f+f3f6/z3o/+v/6//r/9NXRev/N3J/Np69PMykIvkfAAAAqiDm/lvDTOR/AAAAKI2Y+38pzET+BwAAgNKIuX9zmElF8r/+v/5/8fv/Pv9f/7/o/X+f/18k+v/d6f/3oP+v/6//r/9PXxWt/x9z/21hJhXJ/wAAAFAFMfffHmYi/wMAAEBpxNz/y2Em8j8AAACURsz9W8JMKpL/9f8L3v+PzVH9f/1//X/9f/3/FdH/707/vwf9f/1//X/9f/qqaP3/mPtfEWZSkfwPAAAAVRBz/x1hJvI/AAAAlEbM/a8MM5H/AQAAoDRi7p8IM6lI/tf/L3j/P+/Bj/n8f/1//X/9f/3/ldH/707/vwf9f/3/vvT/Fy7p/+v/kyta/z/m/jvDTCqS/wEAAKAKYu7fGmYi/wMAAEBpxNx/V5iJ/A8AAAClEXP/tjCTiuR//f+B6P9n+v/6//r/+v/6/yuj/9+d/n8P+v/6/z7/X/+fvipa/z/m/leFmVQk/wMAAEAVxNy/PcxE/gcAAIDSiLn/1WEm8j8AAACURsz9O8JMKpL/9f/1//X/9f/1/zvvX/9/MOn/d6f/34P+v/6//r/+P31VtP5/zP2vCTOpSP4HAACAKoi5f2eYifwPAAAApRFz/91hJvI/AAAAlEbM/ZNhJhXJ//r/+v/6//r/+v+d96//P5j0/7vT/+9B/1//X/9f/5++Klr/P+b+e8JMKpL/AQAAoApi7r83zET+BwAAgNKIuX8qzET+BwAAgNKIuX86zKQi+V//X/9f/1//f1X9/1cu3q/+f07/v1j0/7vT/+9B/1///wXv/4/q/1MqRev/x9y/K8ykIvkfAAAAqiDm/t1hJvI/AAAAlEbM/XvCTOR/AAAAKI2Y+/eGmVQk/+v/6//r/+v/+/z/zvvX/x9M+v/d9b//Hx+i/r/+v/6/z//X/2epovX/Y+6/L8ykIvkfAAAAqiDm/n1hJvI/AAAAlEbM/fvDTOR/AAAAKI2Y+w+EmVQk/+v/6//r/+v/6/933r/+/2DS/+/O5//3oP+v/6//r//PGj30h81fFa3/H3P/wTCTiuR/AAAAqIKY+18bZiL/AwAAQGnE3P8rYSbyPwAAAJRGzP2/GmZSkfyv/9/SPa8/XP1//X/9f/3/Bv3/waT/353+fw/6//r/+v/6//TVsv3/EL3Xu/8fc/+hMJOK5H8AAACogpj7fy3MRP4HAACA0oi5/3VhJvI/AAAAlEbM/YfDTCqS//X/ff6//r/+v/5/5/2vd/9/LN6v/v+a6P93p//fg/6//r/+v/4/fVW0z/+Puf/1YSYVyf8AAABQBTH33x9mIv8DAABAacTc/4YwE/kfAAAASiPm/jeGmVQk/+v/6//r/+v/6/933r/P/x9M+v/d6f/3oP+v/6//r/9PXxWt/x9z/5vCTCqS/wEAAKAKYu5/c5iJ/A8AAAClEXP/W8JM5H8AAAAojZj73xpmUpH8r/+v/6//r/+v/995//r/g0n/vzv9/x70//X/9f/1/+mrovX/Y+7/9TCTiuR/AAAAqIKY+x8IM5H/AQAAoDRi7n9bmIn8DwAAAKURc//bw0wqkv/1//X/9f/1//X/O+9f/38w6f93N2D9/1/cFC7X/8/p/xf7+Ffb/x9p+/q69P9/sFz/f2FD++31/7keitb/j7n/HWEmFcn/AAAAUAUx978zzET+BwAAgNKIuf9dYSbyPwAAAJRGzP2/EWZSkfyv/18/jsX2sv5/Wfv/Q/r/+v/6/xWh/9/dgPX/ff5/G/3/Yh+/z//X/2epovX/Y+5/d5hJRfI/AAAAVEHM/Q+Gmcj/AAAAUBox9z8UZiL/AwAAQGnE3P+eMJOK5H/9f5//X43+v8//z/T/9f8rQv+/O/3/HvT/9f+L1v//T/1/BlvR+v8x9z8cZlKR/A8AAABVEHP/e8NM5H8AAAAojZj7fzPMRP4HAACA0oi5/31hJhXJ//r/g9L/nxjQ/v9j+v/Xsf9/x035dvr/+v8s0v/vTv+/B/1//f+i9f99/j8Drmj9/5j73x9msvL8P77iLQEAAIAXRMz9vxVmUpG//wcAAIAqiLn/t8NM5H8AAAAojZj7fyfMpCL5X/9/UPr/Pv8/0//3+f9tj0f/X/+/k/Xr/8d3Hv1//X/9/0j/X/9f/592Rev/x9z/u2EmFcn/AAAAUAUx938gzET+BwAAgIHQ6f/Jbhdz/5EwE/kfAAAASiPm/qNhJhXJ//r/+v/6/wXt///Z1n/53rffeXSX/r/+v/7/qqzr5//XX/w+/1//X/8/0f/X/9f/p13R+v8x9x8LM6lI/gcAAIAqiLn/98JM5H8AAAAojZj7j4eZyP8AAABQGjH3z4SZVCT/6//r/+v/F7T/P8Cf/x/Ph/5/q771/+Obrv5/R3n/Pq2i69v/f+9iT1z/f7X9/7GOl+r/6/8P8vHr/+v/s1TR+v8x98+GmVQk/wMAAEAVhNw/dCKfi1fI/wAAAFAaMfefDDOR/wEAAKA0Yu7/YJhJRfK//r/+v/6//r/P/++8/279/9qIz/8vqtS//1njhaL/36Y4/f/O9P/1/wf5+PX/9f9Zqmj9/5j758JMKpL/AQAAoApi7v9QmIn8DwAAAKURc/+Hw0zkfwAAACiNmPtPhZlUJP/r/+v/6//r/+v/d95/YT//X/+/q7X27/X/A/3/avf//0f/X/9f/5/+KFr/P+b+02EmFcn/AAAAUAUx958JM5H/AQD+n707abKzLvs4fvp5wpNO8SzcuXBjlUtfAgtd6wtw4caNVZYLJ1ScCc4jioqzIjgPOIAgooLzAE4ozqDiPA84IUrFonNdV9Ldd9+nOzndfd///+ezyCVtmnOkUgm/dL7eANCM3P2PjVvsfwAAAGhG7v7HxS2d7H/9/9n0/6cqZf3/5vc/if7/Qfr/nV5f/6//b5n+f5z+fwn9v+f/6//1/6zU1Pr/3P2Pj1s62f8AAADQg9z9T4hb7H8AAABoRu7+8+MW+x8AAACakbv/iXFLJ/t/S/+/tuiz/8+M1/P/W+r/Pf9/x9fX/+v/W3aw/f9F9/7Mp//X/+v/g/5/V/3/0Z0+X/9Pi6bW/+fuf1Lc0sn+BwAAgB7k7n9y3GL/AwAAQDNy918Qt9j/AAAA0Izc/U+JWzrZ/6t7/v+xjY/PtP8v+n/9/8YH9P/6f/3/bHn+/7ie+v/zbz33MXdee7/r9vL6+n/9v+f/6/9Zran1/7n7nxq3dLL/AQAAoAe5+58Wt9j/AAAA0Izc/U+PW+x/AAAAaEbu/mfELZ3s/9X1/7N+/n/R/+v/Nz6g/9f/6/9nS/8/rqf+/0xeX/+v/9f/6/9Zran1/7n7nxm3dLL/AQAAoAe5+58Vt9j/AAAA0Izc/RfGLfY/AAAANCN3//G4pZP9r//f//7/Hv2//j+u/l//r//ff/r/cfr/JfT/+n/9v/6flZpa/5+7/6K4pZP9DwAAAD3I3f/suMX+BwAAgGbk7n9O3GL/AwAAQDNy9z83bulk/+v/Pf9f/6//1/8Pv77+f570/+P0/0vo/8+2nz9H/6//1/9zuj32/3eP/LS9kv4/d//z4pZO9j8AAAD0IHf/8+MW+x8AAACakbv/BXGL/Q8AAADNyN3/wrilk/2v/9f/6//1/2fc/2//obdB/z9M/38w9P/jJtP/rx0Z/LD+f/b9v+f/6//1/2wytef/5+5/UdzSyf4HAACAHuTuf3HcMrL/9/yb+QAAAMChyt3/krjF1/8BAABg9rI6y93/0rilk/2v/9f/6//1/57/P/z6Y/3/dae9P/3/tOj/x02m/9+B/l//P+f3r//X/7Pd1Pr/3P0vi1s62f8AAADQg9z9F8ct9j8AAAA0I3f/y+MW+x8AAACakbv/FXFLJ/t/uP8/9d/r/3dH/7/5/ev/h398rKr/z7+j/n+0/3+w5//3Sf8/7uD7/6P6/81/f/3/Pjrs9994/39s2efr/xkytf4/d/8lcUsn+x8AAAB6kLv/lXGL/Q8AAADNyN3/qrjF/gcAAIBm5O5/ddzSyf73/H/9v/5/fv2/5/+fdJjP/18ceP9/RP+/S/r/cZ7/v4T+X/+v//f8f1Zqav1/7v5L45ZO9j8AAAD04NK7Fhu7/zWLhf0PAAAAc3T6nx3Y+gdKQ+7+18Yt9j8AAAA0I3f/6+KWTva//l//r//X/+v/h19/Wv2/5//vlv5/nP5/Cf3/fvTzRxrr/y/b6fOn0P9fqP9nYjb1/zec+vhh9f+5+18ft3Sy/wEAAKAHufvfELfY/wAAANCM3P1vjFvsfwAAAGhG7v43xS2d7P997/+P7fza+n/9v/5f/6//1/+vmv5/nP5/Cf2/5/97/r/+n5U61f9v/vnwsPr/3P1vjls62f8AAADQg9z9b4lb7H8AAABoRu7+y+IW+x8AAACakbv/rXFLJ/vf8//1//p//b/+f/j19f/zpP8fp/9fQv+v/9f/6/9ZqU3P/z/NYfX/ufsvj1s62f8AAADQg9z9V8Qt9j8AAAA0I3f/2+IW+x8AAACakbv/7XFLJ/tf/7+//X9+XP+v/1/o//X/+v8D0W3/vzb0K9F2O/T/Nz/q+EM3f0T/r//X/+v/9f+swCT6/xOn/u0yd/874pZO9j8AAAD0IHf/O+MW+x8AAACakbv/XXGL/Q8AAADNyN3/7rhlj/v/Pit9VwdH/+/5//p//b/+f/j19f/z1G3/v0ue/7+E/l//r//X/7NSk+j/T/vr3P3viVt8/R8AAACakbv/vXGL/Q8AAADNyN3/vrjF/gcAAIBm5O5/f9zSyf7X/+v/9f/6f/3/8Oufaf+/vhim/z8Y+v9x+v8l9P/6f/2//p+Vmlr/n7v/yrilk/0PAAAAPcjd/4G4xf4HAACAZuTu/2DcYv8DAABAM3L3fyhu6WT/6//1//p//b/+f/j1Pf9/nvT/4/T/i8XiqpE3MNT/nziq/9f/6//1/5yhqfX/ufs/HLd0sv8BAACgB7n7r4pb7H8AAABoRu7+q+MW+x8AAACakbv/I3FLJ/tf/6//1//r//X/w6+v/58n/f84/f8Snv+v/9f/6/9Zqan1/7n7r4lbOtn/AAAA0IPc/dfGLfY/AAAANCN3/0fjFvsfAAAAmpG7/7q4pZP9r//X/+v/9f/70v8f1/9vpf8/GPvX/y/0//p//f8S+n/9v/6frQ6q/787fr5f1v/n7v9Y3NLJ/gcAAIAe5O6/Pm6x/wEAAKAZufs/HrfY/wAAANCM3P2fiFs62f/6f/2//l//7/n/w6+v/58nz/8fp/9fQv+v/9f/6/9ZqYPq/3fq/bf+de7+T8Ytnex/AAAA6EHu/hviFvsfAAAAmpG7/8a4xf4HAACAZuTu/1Tc0sn+1//r/zf3/4uF/l//r/8/6QD6//WF/n/l9P/j9P9L6P/b7P//Z9FQ/39sx8/X/zNFU+v/c/d/Om7pZP8DAABAD3L3fyZusf8BAACgGbn7Pxu32P8AAADQjNz9n4tbWtr/9+ycvs2//z+65RP1/4vF4rYLPP9f/z/y+vr/yfT/9U9V/786+v9x+v8l9P9t9v+e/6//59BMrf/P3f/5uKWl/Q8AAACdy93/hbjF/gcAAIBm5O7/Ytxi/wMAAEAzcvd/KW7pZP/Pv//f+on6/8VZPf9f/7/xAf2//l//P1tn299fvh6/pun/9f/6/8F+fm2Hf+9Z6P/1//p/Bkyt/8/d/+W4pZP9DwAAAD3I3X9T3GL/AwAAQDNy998ct9j/AAAA0Izc/V+JWzrZ//p//b/+f579/7r+X/+v/x80lef/n3feQ27R/+v/W+z/x+j/9f/6f7aaWv+fu/+rcUsn+x8AAAB6kLv/a3GL/Q8AAADNyN3/9bjF/gcAAIBm5O7/RtzSyf7f3v+fszhZqJ401P9Ho6b/P43+f/P71/8P//jw/H/9v/5//02l//f8/zN7//p//f+c3/+e+v/7b/98/T8tmlr/n7v/lrilk/0PAAAAPcjd/824xf4HAACAZuTu/1bcYv8DAABAM3L33xq3dLL/Pf9f/6//1//r/4dfX/8/T/r/cfr/JfT/Z9/P58+q+v/5Pv//f/X/rM7U+v/c/d+OWzaG3wP+/wz/ZwIAAAATkrv/O3FLJ1//BwAAgB7k7v9u3GL/AwAAQDNy938vbulk/+v/9f/6f/2//n/49fX/86T/H6f/X6Kf/n996IOH3c+frcN+/830/57/zwpNrf/P3f/9uKWT/Q8AAABtu2vj29z9P4hb7H8AAABoRu7+H8Yt9j8AAAA0I3f/bXFLJ/tf/6//b7//f4T+f8vr6//1/y3T/+ev6MP0/0v00/8POux+fu7vX/+v/2e7qfX/uftvj1s62f8AAADQg9z9P4pb7H8AAABoRu7+H8ct9j8AAAA0I3f/T+KWTva//r+v/n9t0WP/7/n/+n/9f0/m0/9fcWToo57/r//X/8/3/ev/9f9sN7X+P3f/HWtHutz/AAAAMFcPe+Cjb9/t971j49v1xU/jFvsfAAAAmpG7/2dxi/0PAAAAzcjd//O4pZP9r//vq//v8/n/+n/9v/6/J/Pp/4fp//X/+v/5vn/9v/6f7abW/+fu/0XcctrwG/w/6AEAAAAOz//t7bvn7v9l3NLJ1/8BAACgB7n7fxW3bNv/J3b5p9oBAACAqcnd/+u4pZOv/+v/J97/L/ap/4/vp/8/Sf+v/x96ff3/POn/x51l/39iTf+v/x+h/9f/6//Zamr9f+7+669ZdLn/AQAAoFGbfkfhNxvfri9+G7fY/wAAANCM3P2/i1vsfwAAAGhG7v7fxy2d7H/9/8T7/zN6/v+x+k+e/995/3/x+uDr6//1/y3T/4/z/P8l9P/6f/2//p+V2kP/vzFI97v/z93/h7ilk/0PAAAAPcjd/8e4xf4HAACAZuTu/1PcYv8DAABAM3L3/zlu6WT/6/8Pof+/5Ohisa/9/y6e/6//76P/3+H12+n/73vu8Zse/sirr9T/c8pB9v/5Y0H/r//X/5+k/9f/6//ZamrP/8/d/5e4pZP9DwAAAD3I3X9n3GL/AwAAQDNy9/81brl3/994WO8KAAAAWKXc/X+LWzr5+r/+v8Xn/8+z/89/1ofQ/x+fX/+fTXHv/b/n/+v/t/P8/3H6/yX0//p//b/+n5WaWv+fu//vcUsn+x8AAAB6kLv/H3FL7v+1Pf/WPQAAADAxufv/Gbf4+j8AAAA0I3f/XXFLJ/tf/6//n0r/nzz//9Tnef7/Sfp//f9e6P/H6f+X0P/r//X/+n9Wamr9f+7+f8Utnex/AAAA6EHu/rvjFvsfAAAAmpG7/99xi/0PAAAAzcjd/5+4pZP9r//X/+v/9f/6/+HX1//Pk/5/nP5/Cf2//l//r/9npabW/+fu/28AAAD//xDQcaQ=")
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xcc48, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x141042, 0xa4)
pwrite64(r0, &(0x7f0000000140)='2', 0xff10, 0x8000c61)

53.219721181s ago: executing program 5 (id=585):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'bridge_slave_1\x00', <r3=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="7c0000001000010400"/20, @ANYRES32=r3, @ANYBLOB="00000000000000005c001280110001006272696467655f736c61766500000000440005800500050000000000050020000100000005000800000000", @ANYRES32=r1], 0x7c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
sendmmsg(r0, &(0x7f0000000000), 0x400000000000235, 0x0)

37.828006132s ago: executing program 34 (id=585):
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket(0x10, 0x3, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000200)={'bridge_slave_1\x00', <r3=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="7c0000001000010400"/20, @ANYRES32=r3, @ANYBLOB="00000000000000005c001280110001006272696467655f736c61766500000000440005800500050000000000050020000100000005000800000000", @ANYRES32=r1], 0x7c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
sendmmsg(r0, &(0x7f0000000000), 0x400000000000235, 0x0)

7.209645084s ago: executing program 1 (id=712):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x400000001, &(0x7f0000000300), 0x13f, 0x9}}, 0x20)
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000240)={0x1, &(0x7f0000000300)=[{0x6, 0xb5, 0x1, 0x5}]})
io_uring_setup(0xf69, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

5.351799805s ago: executing program 0 (id=716):
syz_mount_image$exfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000001880)=ANY=[], 0x1, 0x153b, &(0x7f0000000340)="$eJzs3AucTlXXAPC19t5nDImnSS7D3nsdnuSyTZLkkiSXJEmSJLeEpEleSUgMIUlDEpLLkMQQksvEpHG/3y8JSdIkSUhuyf5+E37qrb73/b73/fL+vln/3+/87DXnrH3WedZznuecg/m269BaTWpXb0RE8C/BC38kAUAsAAwEgLwAEABA+bjycYAB5JSY9K/thP17PZh6pStgVxL3P3vj/mdv3P/sjfufvXH/szfuf/bG/c/euP+MZWebphW6hpfsu/x1z/+Bn///x+Hv//9HMsuM/XJNmeu6AcT8sync/+yN+///VvDPbMT9z964/9lV7JUugP0H4PM/O8jxp2u4/9kb95+x7OxKP3++0gtE/sNegyM5LzTmrzp+xhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGPsL3DaX6YA4NL4StfFGGOMMcYYY4yxfx+f40pXwBhjjDHGGGOMsf97CAIkKAggBnJALOSEXCAA4GrIA3khAtdAHFwL+eA6yA8FoCAUgngoDEVAgwELBCEUhWIQheuhONwAJaAklILS4KAMJMCNUBZugnJwM5SHW6AC3AoVoRJUhipwG1SF26Ea3AHV4U6oATWhFtSGu6AO3A114R6oB/dCfbgPGsD90BAegEbwIDSGh6AJPAxN4RFoBs2hBbSEVv+r/OehJ7wAvaA3JEEf6AsvQj/oDwPgJRgIL8MgeAUGw6uQDENgKLwGw+B1GA5vwAgYCaPgTRgNb8EYGAvjYDykwASYCG/DJHgHJsO7MAWmQipMg+nwHsyAmTAL3ofZ8AHMgbkwD+ZDGnwIC2AhpMNHsAg+hgxYDEtgKSyD5bACVsIqWA1rYC2sg/WwATbCJtgMW2ArbIPtsAM+gZ3wKeyC3bAHPoO98Pmv8gGSfunnf5d/6u/yuyEgoECBChXGYAzGYizmwlyYG3NjHsyDEYxgHMZhPsyH+TE/FsSCGI/xWASLoEGDhIRFsShGMYrFsTiWwBJYCkuhQ4cJmIBl8SYsh+WwPJbHClgBK2IlrIRVsApWxapYDathdayONbAG1sJaeBfehX2wLtbFelgP62P9S4+nsBE2wsbYGJtgE2yKTbEZNsMW2AJbYStsja2xDbbBdtgO22N77IAdMBETsSN2xE7YCTtjZ+yCXbArdsVu2B27Zz6fA/AFfAF7Yw3RB/tiX+yHyTkG4Ev4Er6Mg/AVfAVfxWQcgkPxNXwNX8fheBJH4EgchaOwqngLx+BYJDEeUzAFJ+JEnISTMKvQd3EqpuI0nI7TcQbOxJn4Ps7GD/ADnItzcT6mYRouwIWYjum4CE9hBi7GJbgUl+FyXIYrcRWuxDW4FtfgelyPG3EjbsbNuBW34nbcjp+gAsBPcTfuxmTci3txH+7D/bgfD+ABzMRMPIgH8RAewsN4GI/gETyKx/A4HsMTeAJP4ik8jafxLJ7Fc/hs/NeNPym5OhlEFiWUiBExIlbEilwil8gtcos8Io+IiIiIE3Ein8gn8ov8oqAoKOJFvCgiiggjjCARxgCAiIqoKC6KixKihCglSgknnEgQCaKsKCvKiXKivLhFVBC3ioqikmjrqogqoqpo56qJO0R1UV3UEDVFLVFb1BZ1RB1RV9QV9UQ9UV/UFw3E/aKh6IMD8EGR1ZkmYgg2FUOxmWgu5MVPsNZiOLYRbUU78bgYiSOwg2jtEsVToqMYg53E38RYfEZ0EeOxq3hOdBPdRQ/xvOgp2rheoreYjH1EXzEV+4n+YoB4SczAmuJ9nJ2zlnhVJIshYqh4TczH18Vw8YYYIUaKUeJNMVq8JcaIsWKcGC9SxAQxUbwtJol3xGTxrpgipopUMU1MF++JGWKmmCXeF7PFB2KOmCvmifkiTXwoFoiFIl18JBaJj0WGWCyWiKVimVguVoiVYpVYLdaItWKdWC82iI1ik9gstoitYpvYLnaIT8RO8anYJXaLPeIzsVd8LvaJL8R+8aU4IL4SmeJrcVB8Iw6Jb8Vh8Z04Ir4XR8UxcVz8IE6IH8VJcUqcFmfEWfGTOCd+FueFFyBRCimlkoGMkTlkrMwpc8mrZG4ZXHx1r5Fx8lqZT14n88sCsqAsJONlYVlEammklSRDWVQWk1F5vSwub5AlZElZSpaWTpaRCfJGWVbeJMvJm2V5eYusIG+VFWUlWVlWkbfJqvJ2CZEL+6gha8pasra8SybB3bKuvEfWk/fK+vI+2UDeLxvKB2Qj+aBsLB+STeTDsql8RDaTzWUL2VK2ko/K1vIx2Ua2le3k47K9fEJ2kE/KRPmU7Cj9xbfIM7KLfFZ2lc/JbrK77CF/luell71kbwl9QPaVL8p+sr8cEAsA8mU5SL4iB8tXZbIcIofK1+Qw+bocLt+QI+RIOUq+KUfLt+QYOVaOk+NlipwgJ8q35ST5jpws35VT5FSZKqfJAXLgLzPNkvIf5r/9B/mDf9n7RrlJbpZb5Fa5TW6XO+QncqfcKXfJXXKP3CP3yr1yn9wn98v98oA8IDNlpjwoD8pD8pA8LA/LI/KIPCqPyTPyB3lC/ihPylPylDwjz8qz8tzF1wAUKqGkUipQMSqHilU5VS51lcqtrlZ5VF4VUdeoOHWtyqeuU/lVAVVQFVLxqrAqorQyyipSoSqqiqmouh4vvmFUKVVaOVVGJagb/yf5qri6QZVQJX+Tf6m+pD+pr5VqpVqr1qqNaqPaqXaqvWqvOqgOKlElqo6qo+qkOqnOqrPqorqorqqr6qa6qR6qh+qpeqpeqpdKUkmqr3pR9VP91QD1khqoXlaD1CA1WA1WySpZDVVD1TA1TA1Xw9UINUKNUqPUaDVajVFj1Dg1TqWoFDVRTVST1CQ1WU1WU9QUlapS1XQ1Xc1QM9QsNUvNVrPVHDVHzVPzVJpKUwvUApWu0tUitUhlqMVqsVqqlqrlarlaqVaq1Wq1WqvWqvVqvcpQm9QmtUVtUdvUNrVD7VA71U61S+1Se9QetVftVfvUPrVf7VcH1AGVqTLVQXVQHVKH1GF1WB1RR9RRdVQdV8fVCXVCnVQn1Wl1Wp1VZ9U5dU6dV+ezLvsCEYhABSqICWKC2CA2yBXkCnIHuYM8QZ4gEkSCuCAuyBdcF+QPCgQFg0JBfFA4KBLowAQ2EBebHg2uD4oHNwQlgpJBqaB04IIyQUJwY1A2uCkoF9wclA9uCSoEtwYVg0pB5aBKcFtQNbg9qBbcEVQP7gxqBDWDWkHt4K6gTnB3UDe4J6gX3BvUD+4LGgT3Bw2DB4JGwYNB4+ChoEnwcNA0eCRoFjQPWgQtg1b/4vxZp/zl+b0/WeAx10v31km6j+6rX9T9dH89QL+kB+qX9SD9ih6sX9XJeogeql/Tw/Trerh+Q4/QI/Uo/aYerd/SY/RYPU6P1yl6gp6o39aT9Dt6sn5XT9FTdaqepqfr9/QMPVPP0u/r2foDPUfP1fP0fJ2mP9QL9EKdrj/Si/THOkMv1kv0Ur1ML9cr9Eq9Sq/Wa/RavU6v1xv0Rr1Jb9Zb9Fa9TW/XO/Qneqf+VO/Su/Ue/Zneqz/X+/QXer/+Uh/QX+lM/bU+qL/Rh/S3+rD+Th/R3+uj+pg+rn/QJ/SP+qQ+pU/rM/qs/kmf0z/r89pnXdxnfb0bZZSJMTEm1sSaXCaXyW1ymzwmj4mYiIkzcSafyWfym/ymoClo4k28KWKKmCxkyBQ1RU3URE1xU9yUMCVMKVPKOONMgkkwZU1ZU86UM+VNeVPBVDAVTUVT2VQ2t5nbzO3mdnOHucPcae40NU1NU9vUNnVMHVPX1DX1TD1T39Q3DUwD09A0NI1MI9PYNDZNTBPT1DQ1zUwz08K0MK1MK9PatDZtTBvTzrQz7U1708F0MIkm0XQ0HU0n08l0Np1NF9PFdDVdTTfTzfQwPUxP09P0Mr1MkkkyfU1f08/0MwPMADPQDDSDzCAz2Aw2ySbZDDVDzTAzzAw3w80IM9KMyrpQNW+ZMWasGWfGmxSTYiaaiWaSmWQmm8lmipliUk2qmW6mmxlmhpllZpnZZraZY+aYeWaeSTNpZoFZYNJNullkFpkMk2GWmCVmmVlmVpgVZpVZZdaYNWYdrDMbzAazyWwyW8wWs81sMzvMDrPT7DS7zC6zx+wxe81es8/sM/vNfnPAHDCZJtMcNAfNIXPIHDaHzRFzxBw1R81xc9ycMCfMSXPSnDanzVlT4OL3pTexNqfNZa+yue3VNo/Na/8+LmgL2Xhb2Bax2ua3BX4TG2ttCVvSlrKlrbNlbIK98XdxRVvJVrZV7G22qr3dVvtdXMfebevae2w9e6+tbe/6TVzf3mcb2IdtQ0QA29w2ti1tE/uwbWofsc1sc9vCtrTt7RO2g33SJtqnbEf79O/iBXahXWVX2zV2rd1ld9vT9ow9ZL+1Z+1PtpftbQfal+0g+4odbF+1yXbI7+JR9k072r5lx9ixdpwd/7t4ip1qU+00O92+Z2fYmb+L0+yHdrZNt3PsXDvPzv8lzqop3X5kF9mPbYYNYIldapfZ5XaFXXmpVp/Xrrcb7Ea7035qt9itdpvdbndcuhC2u+0e+5ndaz+3B+03dr/90h6wh22m/fqXOOv4Dtvv7BH7vT1qj9nj9gd7wv6oLmVnHfsP9md73noLhAQkSVFAMZSDYikn5aKrKDddTXkoL0XoGoqjaykfXUf5qQAVpEIUT4WpCGkyZIkopKJUjKJ0PV0qrxSVJkdlKIFupLJ0E5Wjm6k83UIV6FaqSJWoMlWh26gq3U7V6A6qTndSDapJtag23UV16G6qS/dQPbqX6tN91IDup4b0ADWiB6kxPURN6GFqSo9QM2pOLagltaJHqTU9Rm2oLbWjx6k9PUEd6ElKpKeoIz1Nnehv1JmeoS70LHWl56gbdace9Dz1pBeoF/WmJOpDfelF6kf9aQC9RAPpZRpEr9BgepWSaQgNpddoGL1Ow+kNGkEjaRS9SaPpLRpDY2kcjacUmkAT6W2aRO/QZHqXptBUSqVpNJ3eoxk0k2bR+zSbPqA5NJfm0XxKow9pAS2kdPqIFtHHlEGLaQktpWW0nFbQSlpFq2kNraV1tJ420EbaRJtpC22lbbSddtAntJM+pV20m/bQZ7SXPqd99AXtpy/pAH1FmfQ1HaRv6BB9S4fpO9+bvqejdIyO0w90gn6kk3SKTtMZOks/0Tn6mc6TJwgxFKEMVRiEMWGOMDbMGeYKrwpzh1eHecK8YSS8JowLrw3zhdeF+cMCYcGwUBgfFg6LhDo0oQ0pDMOiYbEwGl4fFg9vCEuEJcNSYenQhWXChPDGsGx4U1guvDksH94SVghvDSuGlcKH760S3hZWDW8Pq4V3hNXDO8MaYc2wVlg7vCusE94d1g3vCeuF94blwvvCBuH9YcPwgbBR+GDYOHwobBI+HDYNHwmbhc3DFmHLsFX4aNg6fCxsE7YN24WPh+3DJ8IO4ZNhYvhU2DF8+pf19y388/VJYZ+wb/hi+GLo/T1yXnR+NC36YXRBdGE0PfpRdFH042hGdHF0SXRpdFl0eXRFdGV0VXR1dE10bXRddH10Q3Rj1PvaOcChE0465QIX43K4WJfT5XJXudzuapfH5XURd42Lc9e6fO46l98VcAVdIRfvCrsiTjvjrCMXuqKumIu6611xd4Mr4Uq6Uq60c66MS3AtXSvXyrV2j7k2rq1r5x53j7sn3BPuSfeke8p1dE+7Tu5vrrN7xnVxz7pn3XOum+vuerjnXU83Ic+FczLJ9XV9XT/Xzw1wA9xAN9ANcoPcYDfYJbtkN9QNdcPcMDfcDXcj3Ag3yo1yo91oN8aNcePcOJfiUtxEN9FNcpPcZDfZTXFTXKpLddPddDfDzXBVZ17Yyxw3x81z81yaS3MLXNY1Y7pb5Ba5DJfhlrglbplb5la4FW6VW+XWuDVunVvnNrgNbpPb5La4LW6b2+Z2uB1up9vpdvm8FyZ1e90+t8/td/vdAfeVy3Rfu4PuG3fIfesOu+/cEfe9O+qOuePuB3fC/ehOulPutDvjzrqf3Dn3szvvvEuJTIhMjLwdmRR5JzI58m5kSmRqJDUyLTI98l5kRmRmZFbk/cjsyAeROZG5kXmR+ZG0yIeRBZGFkfTIR5FFkY8jGZHFkSWRpZFlkeUR7wtvCX1RX8xH/fW+uL/Bl/AlfSlf2jtfxif4G31Zf5Mv52/25f0tvoK/1Vf0lXxl/4hv5pv7Fr6lb+Uf9a39Y76Nb+vb+cd9e/+E7+Cf9In+Kd/RP+07+b/5zv4Z38U/67v653w339338M/7nv4F38v39km+j+/rX/T9fH8/wL/kB/qX/SD/ih/sX/XJfogf6l/zw/zrfrh/w4/wI/2omDf96Eu3yDDep/gJfqJ/20/y7/jJ/l0/xU/1qX6an+7f8zP8TD/Lv+9n+w/8HD/Xz/PzfZr/0C/wC326/8gv8h/7DL/40kNlv8Kv9Kv8ar/Gr/Xr/Hq/wW/0m/xmv8Vv9dv8dr/Df+J3+k/9Lr/b7/Gf+b3+c7/Pf+H3+y/9Af+Vz/Rf+4P+G3/If+sP++/8Ef+9P+qP+eP+B3/C/+hP+lP+tD/jz/qf/Dn/sz/P/2eNMcYYY+yfMuHyUPx2zYXH+X3+IEf8auO+AHD11kKZv16fdUW5Lv+FcX8R3z4CAE/17vrgpaVGjaSkpIvbZkgIis0FuPQ3QVli4HK8GNrBE5AIbaHsH9bfX3Q/S/9g/ugtALl+lRMLl+PL838BgEl/MP+jj49aUCE8HfffzD8XoESxyzk54XK8GNr98nylLZT7k/oLtP6T+vHi/Dm/TAFo86uc3HA5vlx/AjwGT0Pib7ZkjDHGGGOMMcYu6C8qd750/3npX3z+0f15vLqckwMux//o/pwxxhhjjDHGGGNX3jPdezz5aGJi287/80G1/1XWPz1oCv9XM/PgDwfeA1z6iQKAf3FCgKyB/CuPYvNfsq/ki6fO369adsYH8J/Ryn/H4Ap/MDHGGGOMMcb+7S5f9P/25+pKFcQYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjGVDf8WvE7vSx8gYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4xdaf8VAAD//3aq+3A=")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_mems\x00', 0x275a, 0x0)
mount$nfs(&(0x7f0000000100)='...', 0x0, 0x0, 0x40000, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x24)
rename(&(0x7f0000000040)='./file1\x00', &(0x7f0000000100)='./file0/file0\x00')

5.351565266s ago: executing program 1 (id=717):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x3000046, &(0x7f0000000280)={[{@delalloc}, {@nodelalloc}, {@init_itable_val={'init_itable', 0x3d, 0x3}}, {@inlinecrypt}, {@data_err_ignore}, {@nodiscard}, {@data_err_ignore}, {@grpquota}, {@nobh}, {@user_xattr}, {@bh}, {@dioread_nolock}]}, 0x1, 0x557, &(0x7f0000000fc0)="$eJzs3c+LG1UcAPDvZHf7W9tCKSoiCz1Yqc12d/1RwUM9ihYLeq9hM13KJk3ZZEt3Ldge7MWLFEHEgnjXu8fiP+BfUdBCkbLowUtkspNt2k266TZttubzgSnvZSZ5852Z7+ubvFkSwMiazP4pRLwcEd8kEfsjIsnXjUe+cnJtu9V7V+ayJYlm89O/ktZ2Wb39We337c0rL0XEb19FHCtsbLe+vLJQqlTSxbw+1ahenKovrxw/Xy3Np/PphZlm8+TbszPvvfvOwGJ948w/339y68OTXx9Z/e6XOwdvJHEq9uXrOuN4Alc7K5MxmR+TiTj10IbTA2hsO0mGvQNsyVie5xOR9QH7YyzPeuD/78uIaAIjKpH/MKLa44D2vf2A7oOfG3c/WLsB2hj/+Np3I7GrdW+0ZzV54M4ou989MID2szZ+/fPmjWyJwX0PAbCpq9ci4sT4+Mb+L8n7v6070cc2D7eh/4Nn51Y2/nmz2/insD7+iS7jn71dcncrNs//wp0BNNNTNv57v+v4d33S6sBYXnuhNeabSM6dr6RZ3/ZiRByNiZ1Z/VHzOSdXbzd7resc/2VL1n57LJjvx53xnQ++p1xqlJ4k5k53r0W80nX8m6yf/6TL+c+Ox5k+2zic3nyt17rN43+6mj9FvN71/N+f0Uq6zk/Ozubzk1Ot62GqfVVs9Pf1w7/3an/Y8Wfnf8+j4z+QdM7X1h+/jR93/Zv2WvdA/NH/9b8j+axV3pG/drnUaCxOR+xIPt74+sz997br7e2z+I8eeXT/1+363x0Rn/cZ//VDP7/aV/xDOv/lxzr/j1+4/dEXP/Rqv7/+761W6Wj+Sj/9X787+CTHDgAAAAAAALabQkTsi6RQXC8XCsXi2vMdh2JPoVKrN46dqy1dKMe1fWvPPxTaM937O56HmM6fh23XZx6qz0bEwYj4dmx3q16cq1XKww4eAAAAAAAAAAAAAAAAAAAAtom9Pf7+P/PH2LD3Dnjq/OQ3jK5N838Qv/QEbEv+/4fRJf9hdMl/GF3yH0aX/IfRJf9hdMl/GF3yHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAbqzOnT2dJcvXdlLquXLy0vLdQuHS+n9YVidWmuOFdbvFicr9XmK2lxrlbd7PMqtdrF6ZlYujzVSOuNqfryytlqbelC4+z5amk+PZtOPJOoAAAAAAAAAAAAAAAAAAAA4PlSX15ZKFUq6aKCwpYK49tjNxQGXBh2zwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9/0XAAD//zWdOco=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4042, 0x1ff)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x89901)
r2 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x6200, 0x0)
sendfile(r0, r2, 0x0, 0x20fffe82)
unlinkat(r1, &(0x7f0000000080)='./file1\x00', 0x0)

4.991592982s ago: executing program 7 (id=624):
r0 = socket(0x28, 0x5, 0x0)
bind$vsock_stream(r0, &(0x7f0000000040), 0x10)
listen(r0, 0x0)
accept4$vsock_stream(r0, &(0x7f00000001c0)={0x28, 0x0, 0x2710}, 0x10, 0x0)
r1 = socket(0x28, 0x5, 0x0)
connect$vsock_stream(r1, &(0x7f0000000080), 0x10)

4.651596596s ago: executing program 6 (id=719):
socket$packet(0x11, 0xa, 0x300)
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201})
r1 = socket$kcm(0x2, 0xa, 0x2)
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}})
write$tun(r0, &(0x7f00000002c0)={@val={0x0, 0x86dd}, @val={0x0, 0x4, 0x11, 0x4, 0x0, 0xa6b9}, @mpls={[], @ipv6=@gre_packet={0xe, 0x6, "ec00be", 0x44, 0x2f, 0xff, @local, @mcast2, {[], {{0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x88be, 0x0, 0x3}, {0x0, 0x0, 0x1, 0x1}, {0x1, 0x0, 0x1}, {0xa888, 0x88be, 0x2, {{0x6, 0x1, 0x9, 0x2, 0x1, 0x0, 0x3, 0x4}, 0x1, {0x8100}}}, {0x8, 0x22eb, 0x20000, {{0x0, 0x2, 0xc, 0x0, 0x0, 0x2, 0x7, 0x2}, 0x2, {0x2, 0x4, 0x0, 0x5, 0x1, 0x1, 0x1}}}, {0x8, 0x6558, 0x2}}}}}}, 0x7a)

4.279717991s ago: executing program 3 (id=720):
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, 0x0, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, &(0x7f0000000400)=0x1, 0x4)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_buf(r1, 0x0, 0x10, &(0x7f0000000080)="170000000200020000ffbe8c5ee17688a2003c000303000afdff02a257fc5ad90200bb6a880000d6c9db0000db00000200df01800a0000ebfc0607bdff59100ac45761547a681f009cee4a5acba400001fb700674f00c88ebbf9315033bf79ac2dfc061f15003901dee2ffffffffe9000000000000000062068f5ee50ce5af9b1c568302ffff02ff0331dd3bab0840024f0298e9e90539062a80e605007f71174ab498a30b3e5a1b47b63a6323ded2aa084cd36276a3afff", 0xb8)
sendto$inet(r1, 0x0, 0x0, 0x2406c014, &(0x7f0000000040)={0x2, 0x4e20, @local}, 0x10)

4.049371253s ago: executing program 0 (id=721):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r1, &(0x7f00000000c0), 0x12)
unshare(0x2c020400)
shmget$private(0x0, 0xfffffffffeffffff, 0x4800, &(0x7f0000ffc000/0x3000)=nil)

3.989696198s ago: executing program 7 (id=722):
r0 = inotify_init()
inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0x400017e)
syz_mount_image$fuse(0x0, &(0x7f0000000840)='./file0\x00', 0x50880, 0x0, 0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x68cd42, 0x4)
openat$cgroup_ro(r1, &(0x7f0000000900)='net_prio.prioidx\x00', 0x275a, 0xb)
read$FUSE(r0, &(0x7f0000001fc0)={0x2020}, 0x2020)

3.706189616s ago: executing program 1 (id=723):
r0 = memfd_create(&(0x7f00000005c0)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10`\xee\xa9\x8b\x06%\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xa96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xd9Jx\xaa\x8f~\xb94a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x05\x1d\xa1\xce\x8b\x19\xea\xef\xe3\xd6m\xf7@]iNP\xf1\x1d\xab\x13\xce\x152s\xb8\x85\x98\x84\xbf\x8c\x80{\x16\t\xd6\x17P3\xe9\xebGKL\xd3\x88\xd2\rLG\x8e\xd6\xa72\xf4\x92\xeb&\xa5\xcc\x14FZN\x98%[p\x989\xf6\xf5\xb6\xedk\xe6\xb0\xa1\x8f\x90\xdb\xd6h)\x0f6\x88\x03P\x8ak\xf9\xc9\x82`\xa7Ku\x99\xab\xd4\xb2\xaa1\x99O\x8b\x99-\xe3', 0x1)
r1 = dup(r0)
r2 = fanotify_init(0x0, 0x40000)
fanotify_mark(r2, 0x1, 0xb, r1, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4606ff78a03e0200000000000002003e00cd000000c9030000000000004000000000000000ea0200000000000000000100050038000600"], 0x178)
execveat(r1, &(0x7f0000000000)='\x00', 0x0, 0x0, 0x1000)

3.661738536s ago: executing program 6 (id=724):
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x140, 0x82)
r1 = fanotify_init(0x2, 0x1000)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x0, 0x0)
fanotify_mark(r1, 0x445, 0x800002a, r2, 0x0)
fanotify_mark(r1, 0x105, 0x40001032, r0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x80)

3.647475336s ago: executing program 3 (id=725):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[<r1=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000001c0)={r1, <r2=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000240)=[<r3=>0x0], &(0x7f0000000040), 0x1, r2})
ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r0, 0xc02064b9, &(0x7f0000000340)={0x0, 0x0, 0x0, r3})

3.337024006s ago: executing program 7 (id=726):
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x4003, 0x2, 0x81, 0x1ff, 0x1, 0x1}, 0x1c)
recvmsg$unix(r0, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20)
sendmmsg(r0, 0x0, 0x0, 0x9200000000000000)
syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4)
syz_usb_connect(0x3, 0x2d, &(0x7f0000000640)={{0x12, 0x1, 0x200, 0xee, 0x3b, 0x25, 0x20, 0x65a, 0x9, 0x6065, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x4, 0x8, 0x40, 0x0, [{{0x9, 0x4, 0x8, 0x1, 0x1, 0xb0, 0xd7, 0x42, 0x2, [], [{{0x9, 0x5, 0x8a, 0x2, 0x200, 0x80, 0x1, 0x6}}]}}]}}]}}, 0x0)

3.233160334s ago: executing program 0 (id=727):
r0 = creat(&(0x7f00000001c0)='./bus\x00', 0x77)
r1 = open(&(0x7f0000000100)='./bus\x00', 0x0, 0x10)
truncate(&(0x7f0000000000)='./bus\x00', 0x9471)
lsetxattr$security_ima(&(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), &(0x7f0000000040)=@ng={0x4, 0x14}, 0x2, 0x1)
dup3(r1, r0, 0x80000)
finit_module(r1, 0x0, 0x0)

2.982649852s ago: executing program 3 (id=728):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$tmpfs(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000400), 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB='huge=always'])
chdir(&(0x7f0000000140)='./file0\x00')
mknodat$null(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0, 0x103)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x89901)
statx(r0, 0x0, 0x1000, 0x800, 0x0)

2.847322125s ago: executing program 1 (id=729):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000180)='./file1\x00', 0x2000c16, &(0x7f0000000280)={[{@usrquota}, {@nodelalloc}]}, 0xff, 0x25e, &(0x7f0000000e80)="$eJzs3U1IHGcYB/BnZndr1aXY9lIo/YBSSiuIvRV6sZcWhCJSSqEtWErppUULVulNe8olh+QYkuApFwm5xeQYvEguCYGcTOLBXAKJ5BDJIQnZsDsr+JVo3HUnZH4/WOfDd97nHWb+74g4GEBh9UXEUESUIqI/IioRkWxu8HH26WtuznUvjUXUaj/cTxrtsu3MxnG9ETEbEV9FxGKaxF/liOmFX1YfLn/32dGpyqdnFn7u7uhJNq2trny/fnrkyPnhL6evXr87ksRQVLecV/slu+wrJxHvHEaxV0RSznsE7Mfof+du1HP/bkR80sh/JdLILt6xyTcWK/HFqecde/zetfc7OVag/Wq1Sv0ZOFsDCieNiGok6UBEZOtpOjCQ/Qx/s9ST/j0x+W//nxNT43/kPVMB7VKNWPn2YteF3m35v1PK8g+8prJfSq38ODp/q76yXsp7QEBHfJAt6s///t9mPg/5h8KRfygu+Yfikn8oLvmH4pJ/KC75h4J42vxjv0275B+KS/6huA6c/xNPDm9QQEdszj8AUCy1rgO9Ndzel5CBXOQ9/wAAAAAAAAAAAAAAAAAAADvNdS+NbXza02N5zxaXT0asfZM13Vm/1Ph/xBFvNr72PEi29Jjsq8KL/fpRix206GzOb1+/dTvf+lc+zLf+zHjE7P8RMVgu77z/kub9d3Bv7/H9yu8tFnhJybbtr3/qbP3tHs/nW394OeJSff4Z3G3+SeO9xnL3+adav34t1v/nUYsdAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0DHPAgAA///B2nXP")
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x101042, 0x45)
r1 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0xc9)
ftruncate(r1, 0x2007ffc)
sendfile(r1, r1, 0x0, 0x800000009)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000140))

2.830404488s ago: executing program 6 (id=730):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendto$inet6(r0, &(0x7f0000000640)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0xfec0ffffffffffff, 0x1c9ae7fffe9a6f34}}, 0x1c)
setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x88, 0xfe, 0x0, 0x2a}, 0xe)
shutdown(r0, 0x1)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x2e, &(0x7f0000000000)=0x21ea, 0x4)
recvmmsg(r0, &(0x7f0000000840)=[{{0x0, 0x41, 0x0}}], 0x414, 0x406, 0x0)

2.288951756s ago: executing program 3 (id=731):
r0 = getpgid(0x0)
r1 = syz_pidfd_open(r0, 0x0)
r2 = pidfd_getfd(r1, r1, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, 0x2}, 0x94)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
name_to_handle_at(r2, &(0x7f00000001c0)='./file1\x00', &(0x7f0000000200)=ANY=[], 0x0, 0x1200)

2.222410117s ago: executing program 0 (id=732):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
pipe(&(0x7f0000000ec0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
splice(r0, 0x0, r3, 0x0, 0x39000, 0x0)
splice(r2, 0x0, r1, 0x0, 0x408cd, 0x0)
write$binfmt_elf64(r1, &(0x7f0000000100)=ANY=[], 0xfffffe3e)
close(0x3)

1.797631074s ago: executing program 6 (id=733):
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x1f7ff6, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f0000000040)={0x1, 0x1, 0x1})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xe1000, 0x280000b, 0x28011, r0, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x2)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r1, 0x0)

1.652212819s ago: executing program 1 (id=734):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
r1 = socket$igmp(0x2, 0x3, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r2=>0x0})
bind$can_j1939(r0, &(0x7f0000000100)={0x1d, r2, 0x1, {0x0, 0x0, 0x4}, 0xfe}, 0x18)
setsockopt$sock_int(r0, 0x1, 0x6, &(0x7f0000000040)=0x1, 0x4)
sendmmsg(r0, &(0x7f0000006f80)=[{{0x0, 0x0, &(0x7f0000000580)=[{0x0}, {&(0x7f0000000380)="b98a5240", 0x4}], 0x2}}], 0x1, 0x4040)

1.43476391s ago: executing program 3 (id=735):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r0, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=@newqdisc={0x78, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xc}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x2, 0x80000000, 0x994, 0x1, 0x3}, 0x2, 0x0, 0x66a4, 0x6, 0x6, 0x10, 0x5f, 0x23, 0x6, 0x8, {0x7, 0x6, 0x0, 0xae29, 0x9, 0x6}}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x4000000}, 0x20040084)

1.309899558s ago: executing program 0 (id=736):
munmap(&(0x7f0000002000/0x4000)=nil, 0x4000)
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000000c0)=0xb0000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x1})
setsockopt$IP_VS_SO_SET_DEL(0xffffffffffffffff, 0x0, 0x484, &(0x7f0000001280)={0x20000000000084, @remote, 0x0, 0x0, 'rr\x00'}, 0x2c)
ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000080)={{@my=0x1, 0x2}, @local, 0x0, 0x0, 0x5e, 0x200000000000, 0x100000000000006})

1.185832081s ago: executing program 7 (id=737):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x44}}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000500)=ANY=[], 0xa0}}, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="380000001800010000000000000000020a000000000000000000000008000400", @ANYRES32=r0, @ANYBLOB="060015000a0000000c001680080001"], 0x38}}, 0x10)
r1 = socket(0x10, 0x3, 0x0)
sendmmsg(r1, &(0x7f0000000000), 0x4000000000001f2, 0xfff0)

854.432144ms ago: executing program 6 (id=738):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = socket(0x10, 0x803, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff5653f, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd25, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0xa, 0x4}, {0x0, 0x9}, {0xf, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ETH_TYPE={0x6, 0x8, 0x8848}, @TCA_FLOWER_KEY_MPLS_TC={0x5, 0x45, 0x6c}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x5}, 0x20040054)

655.296336ms ago: executing program 3 (id=739):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r1, &(0x7f00000000c0), 0x12)
r2 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0)
writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1)

636.721822ms ago: executing program 1 (id=740):
r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f0000000040)=ANY=[], 0x8)
connect$inet6(r0, &(0x7f00000004c0)={0xa, 0x0, 0x0, @mcast2, 0x7}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000080)='bridge0\x00', 0x10)
sendmmsg$inet6(r0, &(0x7f0000000000)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000100)="8f73", 0x2}], 0x1}}], 0x1, 0x4400c800)
sendto$inet6(r0, &(0x7f0000000140)="2aeaffffffff000000005c202b171e34f8a05f87b4d96ee15e05", 0x1a, 0x20003380, 0x0, 0x0)

578.005549ms ago: executing program 0 (id=741):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000480)=ANY=[], 0x18}}, 0x20004000)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@gettaction={0x50, 0x32, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0xffffffffffffff23, 0x1, [{0xc, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x63, 0x1, 'bpf\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}]}, @action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0x10, 0x7, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0x4, 0x1b, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x40}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x4048840)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b0001006272696467650000180002"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

426.465755ms ago: executing program 7 (id=742):
r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
r1 = dup(r0)
r2 = syz_io_uring_setup(0x10e, &(0x7f0000000140)={0x0, 0xfad6, 0x0, 0x800000, 0x98}, &(0x7f00000003c0)=<r3=>0x0, &(0x7f00000000c0)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_ACCEPT={0xd, 0x40, 0x5, r1, 0x0, 0x0, 0x0, 0x80000})
io_uring_enter(r2, 0x47f5, 0x0, 0x0, 0x0, 0x0)

0s ago: executing program 6 (id=743):
r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2})
ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000180)={&(0x7f0000000040)=[<r1=>0x0], 0x1})
ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000001c0)={r1, <r2=>0x0, <r3=>0x0, 0x0, 0x0, 0x0, 0x0})
ioctl$VHOST_SET_VRING_CALL(0xffffffffffffffff, 0x8001af85, 0x0)
ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000500)={0x0, 0x0, r2, r3, 0x5, 0x2001, 0x4, 0x5, {0x200004, 0x5, 0x5, 0xa, 0x8000, 0x9, 0xed, 0x5, 0x9, 0xd25, 0x7, 0x60b, 0x6d, 0xfffb, "6f4f1b1330d057b30bd15586b7445443c528a97436419c2cd5ae7297dceeb0be"}})

kernel console output (not intermixed with test programs):

vice loop0): force zlib compression, level 3
[  273.604794][ T2107] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  273.702670][ T5955] usb 2-1: Using ep0 maxpacket: 8
[  273.788124][ T5955] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  273.896715][ T5955] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  273.908410][ T5955] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  273.918873][ T5955] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  273.929401][ T5955] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  273.942846][ T5955] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  273.952234][ T5955] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  274.114825][ T2107] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  274.355556][ T5792] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  274.397720][ T2107] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  274.430147][ T6884] loop4: detected capacity change from 0 to 40427
[  274.463955][ T6884] F2FS-fs (loop4): Image doesn't support compression
[  274.476333][ T6884] F2FS-fs (loop4): build fault injection rate: 14
[  274.486076][ T6884] F2FS-fs (loop4): build fault injection type: 0x0
[  274.582817][ T6884] F2FS-fs (loop4): invalid crc value
[  274.650835][ T2107] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  274.869133][ T6884] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  274.942761][ T6884] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  274.992103][ T5955] usb 2-1: usb_control_msg returned -32
[  274.998086][ T5955] usbtmc 2-1:16.0: can't read capabilities
[  275.523719][ T2107] bridge0: port 3(team0) entered disabled state
[  275.585005][ T2107] bridge_slave_1: left allmulticast mode
[  275.590824][ T2107] bridge_slave_1: left promiscuous mode
[  275.604270][ T2107] bridge0: port 2(bridge_slave_1) entered disabled state
[  275.723605][ T2107] bridge_slave_0: left allmulticast mode
[  275.729447][ T2107] bridge_slave_0: left promiscuous mode
[  275.736401][ T2107] bridge0: port 1(bridge_slave_0) entered disabled state
[  275.841093][ T6890] usbtmc 2-1:16.0: usb_control_msg returned -32
[  276.048143][ T5955] usb 2-1: USB disconnect, device number 4
[  276.813802][ T2107] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  276.919130][ T2107] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  277.007685][ T2107] bond0 (unregistering): Released all slaves
[  277.396152][ T6898] netlink: 44 bytes leftover after parsing attributes in process `syz.0.277'.
[  277.405479][ T6898] netlink: 'syz.0.277': attribute type 6 has an invalid length.
[  277.413693][ T6898] netlink: 'syz.0.277': attribute type 5 has an invalid length.
[  277.421864][ T6898] netlink: 'syz.0.277': attribute type 4 has an invalid length.
[  277.471334][ T6899] netlink: 104 bytes leftover after parsing attributes in process `syz.4.280'.
[  277.508764][ T6899] netlink: 104 bytes leftover after parsing attributes in process `syz.4.280'.
[  277.903245][ T2107] hsr_slave_0: left promiscuous mode
[  277.932105][ T2107] hsr_slave_1: left promiscuous mode
[  277.939804][ T2107] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  277.948768][ T2107] batman_adv: batadv0: Removing interface: batadv_slave_0
[  278.039223][ T2107] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  278.046949][ T2107] batman_adv: batadv0: Removing interface: batadv_slave_1
[  278.130961][ T6903] loop3: detected capacity change from 0 to 512
[  278.202196][ T2107] veth1_macvtap: left promiscuous mode
[  278.207916][ T2107] veth0_macvtap: left promiscuous mode
[  278.246198][ T6908] loop1: detected capacity change from 0 to 512
[  278.256506][ T2107] veth1_vlan: left promiscuous mode
[  278.292500][ T2107] veth0_vlan: left promiscuous mode
[  278.296848][ T6908] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  278.311542][ T6908] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  278.424843][ T6903] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2858: Unable to expand inode 17. Delete some EAs or run e2fsck.
[  278.486723][ T6903] EXT4-fs (loop3): 1 truncate cleaned up
[  278.493141][ T5799] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  278.499081][ T5799] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  278.510740][ T5799] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  278.534059][ T5799] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  278.559450][ T6903] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  278.583861][ T5799] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  278.645163][ T6908] EXT4-fs (loop1): 1 truncate cleaned up
[  278.737763][ T6908] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  279.145952][ T5791] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  279.744370][ T5794] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  280.450481][ T2107] team_slave_1 (unregistering): left promiscuous mode
[  280.457830][ T2107] team_slave_1 (unregistering): left allmulticast mode
[  280.484675][ T2107] team0 (unregistering): Port device team_slave_1 removed
[  280.612252][ T2107] team_slave_0 (unregistering): left promiscuous mode
[  280.619253][ T2107] team_slave_0 (unregistering): left allmulticast mode
[  280.658565][ T5082] Bluetooth: hci0: command tx timeout
[  280.695945][ T2107] team0 (unregistering): Port device team_slave_0 removed
[  281.491134][ T6951] netlink: 4 bytes leftover after parsing attributes in process `syz.4.293'.
[  281.861935][ T6909] bond1: (slave lo): enslaved VLAN challenged slave. Adding VLANs will be blocked as long as it is part of bond.
[  281.968972][ T6909] bond1: (slave lo): Enslaving as a backup interface with an up link
[  282.051684][ T6909] A link change request failed with some changes committed already. Interface tunl0 may have been left with an inconsistent configuration, please check.
[  282.068389][ T6950] veth0: entered promiscuous mode
[  282.722386][ T5082] Bluetooth: hci0: command tx timeout
[  283.341123][ T6964] loop0: detected capacity change from 0 to 32768
[  283.356806][ T6964] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.298 (6964)
[  283.390532][ T6964] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  283.401616][ T6964] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[  283.698838][ T6964] BTRFS info (device loop0): rebuilding free space tree
[  283.733183][ T6964] BTRFS info (device loop0): disabling free space tree
[  283.740566][ T6964] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  283.750728][ T6964] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  283.814228][ T6964] BTRFS info (device loop0): setting nodatasum
[  283.820598][ T6964] BTRFS info (device loop0): setting nodatacow
[  283.827333][ T6964] BTRFS info (device loop0): turning off barriers
[  283.834176][ T6964] BTRFS info (device loop0): force clearing of disk cache
[  284.148919][ T6968] loop4: detected capacity change from 0 to 32768
[  284.489915][ T5792] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  284.805974][ T5082] Bluetooth: hci0: command tx timeout
[  285.354159][ T7004] netdevsim netdevsim1 netdevsim0: entered allmulticast mode
[  285.555338][ T6914] chnl_net:caif_netlink_parms(): no params data found
[  285.973095][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  285.979711][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  286.892218][ T5082] Bluetooth: hci0: command tx timeout
[  288.076581][ T6914] bridge0: port 1(bridge_slave_0) entered blocking state
[  288.084403][ T6914] bridge0: port 1(bridge_slave_0) entered disabled state
[  288.242885][ T6914] bridge_slave_0: entered allmulticast mode
[  288.352204][ T6914] bridge_slave_0: entered promiscuous mode
[  288.456914][ T6914] bridge0: port 2(bridge_slave_1) entered blocking state
[  288.464979][ T6914] bridge0: port 2(bridge_slave_1) entered disabled state
[  288.606379][ T6914] bridge_slave_1: entered allmulticast mode
[  288.822987][ T6914] bridge_slave_1: entered promiscuous mode
[  289.114522][ T7030] loop4: detected capacity change from 0 to 65536
[  289.182552][ T7030] XFS (loop4): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  289.490053][ T7030] XFS (loop4): Ending clean mount
[  289.576898][ T6914] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  289.593763][    T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!!
[  289.703073][ T6914] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  290.035162][    T0] NOHZ tick-stop error: local softirq work is pending, handler #c0!!!
[  290.050138][ T5800] XFS (loop4): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  290.194889][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  290.215214][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  290.329547][ T6914] team0: Port device team_slave_0 added
[  290.368413][    T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!!
[  290.413972][ T6914] team0: Port device team_slave_1 added
[  290.607874][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  290.886381][ T6914] batman_adv: batadv0: Adding interface: batadv_slave_0
[  290.893691][ T6914] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  290.920421][ T6914] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  291.139331][ T6914] batman_adv: batadv0: Adding interface: batadv_slave_1
[  291.146477][ T5839] IPVS: starting estimator thread 0...
[  291.152344][ T6914] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  291.183672][ T6914] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  291.242036][ T7071] IPVS: using max 240 ests per chain, 12000 per kthread
[  291.812504][ T7081] loop1: detected capacity change from 0 to 128
[  291.856917][ T7081] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  292.056939][ T6914] hsr_slave_0: entered promiscuous mode
[  292.100069][ T6914] hsr_slave_1: entered promiscuous mode
[  292.153331][ T6914] debugfs: 'hsr0' already exists in 'hsr'
[  292.159441][ T6914] Cannot create hsr debugfs directory
[  292.514069][ T7087] UDF-fs: error (device loop1): udf_bitmap_new_block: bitmap for partition 0 corrupted (block 264 marked as free, partition length is 40)
[  293.145023][ T7094] IPVS: sed: UDP 224.0.0.2:0 - no destination available
[  293.178521][ T7096] loop3: detected capacity change from 0 to 128
[  293.355010][ T7096] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  293.420903][ T7096] ext4 filesystem being mounted at /71/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  293.671182][ T7105] netlink: 'syz.1.332': attribute type 14 has an invalid length.
[  293.679504][ T7105] netlink: 4 bytes leftover after parsing attributes in process `syz.1.332'.
[  293.986834][ T5791] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  294.063659][ T7105] netlink: 'syz.1.332': attribute type 14 has an invalid length.
[  294.072006][ T7105] netlink: 4 bytes leftover after parsing attributes in process `syz.1.332'.
[  294.145124][ T2107] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  294.198627][ T2107] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  294.314788][ T2107] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  294.478900][ T2107] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  294.811839][ T6914] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  294.926963][ T6914] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  295.029871][ T6914] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  295.057971][ T7120] loop1: detected capacity change from 0 to 1024
[  295.113050][ T7120] EXT4-fs: Ignoring removed orlov option
[  295.119138][ T7120] EXT4-fs: Ignoring removed nomblk_io_submit option
[  295.156579][ T6914] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  295.236445][ T7120] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  295.273563][   T30] audit: type=1800 audit(1769099511.922:17): pid=7120 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.338" name="bus" dev="loop1" ino=18 res=0 errno=0
[  295.604224][ T5794] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  296.202968][ T7132] warning: `syz.1.341' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  296.378178][ T7139] binder: 7138:7139 ioctl c0306201 2000000001c0 returned -14
[  296.463400][ T5839] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  296.572862][ T6914] 8021q: adding VLAN 0 to HW filter on device bond0
[  296.673978][ T5839] usb 5-1: Using ep0 maxpacket: 16
[  296.718670][ T5839] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  296.728283][ T5839] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  296.738811][ T5839] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  296.878657][ T5839] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  296.889382][ T5839] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  296.898496][ T5839] usb 5-1: Product: syz
[  296.903322][ T5839] usb 5-1: Manufacturer: syz
[  296.908086][ T5839] usb 5-1: SerialNumber: syz
[  296.926151][ T6914] 8021q: adding VLAN 0 to HW filter on device team0
[  297.014969][ T3826] bridge0: port 1(bridge_slave_0) entered blocking state
[  297.022703][ T3826] bridge0: port 1(bridge_slave_0) entered forwarding state
[  297.135444][   T62] bridge0: port 2(bridge_slave_1) entered blocking state
[  297.143233][   T62] bridge0: port 2(bridge_slave_1) entered forwarding state
[  297.484619][ T5839] usb 5-1: 0:2 : does not exist
[  297.607812][ T7151] netlink: 36 bytes leftover after parsing attributes in process `syz.3.348'.
[  297.849014][ T7154] netlink: 'syz.1.349': attribute type 11 has an invalid length.
[  297.857176][ T7154] netlink: 44 bytes leftover after parsing attributes in process `syz.1.349'.
[  297.942880][ T7158] netlink: 'syz.1.349': attribute type 11 has an invalid length.
[  297.950963][ T7158] netlink: 44 bytes leftover after parsing attributes in process `syz.1.349'.
[  298.040306][ T7159] loop0: detected capacity change from 0 to 256
[  298.176255][ T7159] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  298.247167][ T7136] Bluetooth: hci1: command 0x0406 tx timeout
[  298.247295][ T7135] Bluetooth: hci4: command 0x0406 tx timeout
[  298.247403][ T7135] Bluetooth: hci3: command 0x0406 tx timeout
[  298.257177][ T7136] Bluetooth: hci2: command 0x0406 tx timeout
[  298.494117][ T5839] usb 5-1: USB disconnect, device number 2
[  298.842202][ T5988] udevd[5988]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  299.156485][   T30] audit: type=1326 audit(1769099515.772:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7168 comm="syz.1.352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c9b19acb9 code=0x7fc00000
[  299.348396][ T7176] netlink: 'syz.0.353': attribute type 22 has an invalid length.
[  299.362979][ T7176] netlink: 4 bytes leftover after parsing attributes in process `syz.0.353'.
[  299.457211][ T7175] loop3: detected capacity change from 0 to 1024
[  299.574075][ T7175] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  299.609522][ T7176] netlink: 'syz.0.353': attribute type 22 has an invalid length.
[  299.617699][ T7176] netlink: 4 bytes leftover after parsing attributes in process `syz.0.353'.
[  299.693935][   T30] audit: type=1326 audit(1769099516.322:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7168 comm="syz.1.352" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f0c9b194ad7 code=0x7fc00000
[  299.754972][ T5040] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  299.802167][ T7175] ext4 filesystem being mounted at /76/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  299.829426][ T2107] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  299.912268][ T2107] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  299.987298][ T3826] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  300.030468][ T7175] EXT4-fs error (device loop3): ext4_free_blocks:6728: comm syz.3.354: Freeing blocks not in datazone - block = 0, count = 16
[  300.084853][ T6914] 8021q: adding VLAN 0 to HW filter on device batadv0
[  300.449386][ T5791] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  300.461047][ T7194] loop0: detected capacity change from 0 to 512
[  300.522764][ T7194] EXT4-fs warning (device loop0): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  300.535209][ T7194] EXT4-fs warning (device loop0): dx_probe:849: Enable large directory feature to access it
[  300.546183][ T7194] EXT4-fs warning (device loop0): dx_probe:934: inode #2: comm syz.0.358: Corrupt directory, running e2fsck is recommended
[  300.608253][ T7194] EXT4-fs (loop0): Cannot turn on journaled quota: type 1: error -117
[  300.635706][ T7194] EXT4-fs error (device loop0): ext4_iget_extra_inode:5073: inode #15: comm syz.0.358: corrupted in-inode xattr: e_name out of bounds
[  300.720800][ T7194] EXT4-fs (loop0): Remounting filesystem read-only
[  300.753846][ T7194] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  300.910776][ T7194] EXT4-fs warning (device loop0): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  300.923130][ T7194] EXT4-fs warning (device loop0): dx_probe:849: Enable large directory feature to access it
[  300.933892][ T7194] EXT4-fs warning (device loop0): dx_probe:934: inode #2: comm syz.0.358: Corrupt directory, running e2fsck is recommended
[  301.153180][ T7194] EXT4-fs warning (device loop0): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  301.169866][ T7194] EXT4-fs warning (device loop0): dx_probe:849: Enable large directory feature to access it
[  301.180466][ T7194] EXT4-fs warning (device loop0): dx_probe:934: inode #2: comm syz.0.358: Corrupt directory, running e2fsck is recommended
[  301.352282][ T7202] EXT4-fs warning (device loop0): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  301.367032][ T7202] EXT4-fs warning (device loop0): dx_probe:849: Enable large directory feature to access it
[  301.377565][ T7202] EXT4-fs warning (device loop0): dx_probe:934: inode #2: comm syz.0.358: Corrupt directory, running e2fsck is recommended
[  301.446688][ T7194] EXT4-fs warning (device loop0): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  301.916151][ T5792] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  302.734701][ T5842] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  302.971192][ T5842] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  302.983708][ T5842] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  302.994451][ T5842] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  303.006579][ T6914] veth0_vlan: entered promiscuous mode
[  303.008725][ T5842] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  303.022536][ T5842] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  303.136988][ T7216] loop3: detected capacity change from 0 to 4096
[  303.167605][ T6914] veth1_vlan: entered promiscuous mode
[  303.197120][ T5842] usb 5-1: config 0 descriptor??
[  303.636912][ T6914] veth0_macvtap: entered promiscuous mode
[  303.766171][ T6914] veth1_macvtap: entered promiscuous mode
[  303.782459][ T7229] loop1: detected capacity change from 0 to 256
[  303.816597][ T7229] exfat: Deprecated parameter 'utf8'
[  303.872072][ T5842] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  303.983763][ T7229] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe3865569, utbl_chksum : 0xe619d30d)
[  304.056885][ T6914] batman_adv: batadv0: Interface activated: batadv_slave_0
[  304.220633][ T6914] batman_adv: batadv0: Interface activated: batadv_slave_1
[  304.484071][ T5040] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  304.597894][ T2107] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  304.668648][   T12] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  304.773147][   T12] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  305.895014][ T5438] usb 5-1: USB disconnect, device number 3
[  306.023773][ T7240] loop3: detected capacity change from 0 to 32768
[  306.115432][ T7240] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  306.124650][ T7240] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  306.205214][ T7240] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  306.272974][ T5839] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  306.279924][ T5839] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  306.635598][ T7253] loop4: detected capacity change from 0 to 64
[  306.738186][ T5839] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 458ms
[  306.803760][ T5839] gfs2: fsid=syz:syz.0: jid=0: Done
[  306.809353][ T7240] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  307.050138][ T7258] netlink: 4 bytes leftover after parsing attributes in process `syz.1.374'.
[  307.173724][ T5800] VFS: Lookup of 'Ŕ.' in minix loop4 would have caused loop
[  307.214994][ T7240] gfs2: fsid=syz:syz.0: found 1 quota changes
[  307.222411][ T5800] VFS: Lookup of 'Ŕ.' in minix loop4 would have caused loop
[  307.571087][ T5791] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error - inode = 11 2339, function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 402
[  307.585954][ T5791] gfs2: fsid=syz:syz.0: G:  s:EX n:2/923 f:aqonN t:EX d:EX/0 a:0 v:0 r:2 m:20 p:1
[  307.595642][ T5791] gfs2: fsid=syz:syz.0:  H: s:EX f:H e:0 p:5791 [syz-executor] gfs2_quota_sync+0x695/0xb20
[  307.606157][ T5791] gfs2: fsid=syz:syz.0:  I: n:11/2339 t:0 f:0x00 d:0x00000000 s:0 p:0
[  307.614915][ T5791] CPU: 0 UID: 0 PID: 5791 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(voluntary) 
[  307.615084][ T5791] Tainted: [L]=SOFTLOCKUP
[  307.615132][ T5791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  307.615216][ T5791] Call Trace:
[  307.615262][ T5791]  <TASK>
[  307.615306][ T5791]  __dump_stack+0x26/0x30
[  307.615458][ T5791]  dump_stack_lvl+0x14c/0x1c0
[  307.615612][ T5791]  dump_stack+0x1e/0x25
[  307.615747][ T5791]  gfs2_withdraw+0xd5/0x270
[  307.615875][ T5791]  gfs2_consist_inode_i+0x1a9/0x240
[  307.616030][ T5791]  inode_go_instantiate+0x13bf/0x1ed0
[  307.616155][ T5791]  ? stack_depot_save_flags+0x35/0x790
[  307.616356][ T5791]  ? __pfx_inode_go_instantiate+0x10/0x10
[  307.616481][ T5791]  gfs2_instantiate+0x24f/0x4b0
[  307.616632][ T5791]  gfs2_glock_wait+0x26a/0x3b0
[  307.616782][ T5791]  gfs2_glock_nq+0x1531/0x2c80
[  307.616917][ T5791]  ? kmsan_get_metadata+0xf1/0x160
[  307.617153][ T5791]  do_sync+0x6c4/0x1610
[  307.617309][ T5791]  ? gfs2_quota_sync+0x695/0xb20
[  307.617497][ T5791]  ? kmsan_get_metadata+0xf1/0x160
[  307.617669][ T5791]  ? gfs2_quota_sync+0x695/0xb20
[  307.617851][ T5791]  gfs2_quota_sync+0x695/0xb20
[  307.618038][ T5791]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  307.618231][ T5791]  gfs2_sync_fs+0x57/0x100
[  307.618370][ T5791]  ? __pfx_gfs2_sync_fs+0x10/0x10
[  307.618515][ T5791]  sync_filesystem+0x131/0x3c0
[  307.618687][ T5791]  ? shrink_dcache_for_umount+0xf9/0x210
[  307.618837][ T5791]  generic_shutdown_super+0x8d/0x4b0
[  307.619023][ T5791]  kill_block_super+0x42/0xd0
[  307.619188][ T5791]  gfs2_kill_sb+0x4a9/0x580
[  307.619327][ T5791]  ? __pfx_gfs2_kill_sb+0x10/0x10
[  307.619448][ T5791]  deactivate_locked_super+0xcb/0x3c0
[  307.619613][ T5791]  deactivate_super+0x12f/0x140
[  307.619763][ T5791]  cleanup_mnt+0x7eb/0x870
[  307.619905][ T5791]  ? __pfx___cleanup_mnt+0x10/0x10
[  307.620041][ T5791]  __cleanup_mnt+0x22/0x30
[  307.620165][ T5791]  task_work_run+0x208/0x2b0
[  307.620337][ T5791]  exit_to_user_mode_loop+0x2ff/0x1b20
[  307.620509][ T5791]  ? user_path_at+0x241/0x3e0
[  307.620662][ T5791]  ? __x64_sys_umount+0x1dc/0x250
[  307.620827][ T5791]  do_syscall_64+0x1d7/0xf80
[  307.620988][ T5791]  ? clear_bhb_loop+0x40/0x90
[  307.621125][ T5791]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  307.621262][ T5791] RIP: 0033:0x7fa35b59bf17
[  307.621356][ T5791] Code: a2 c7 05 7c 96 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  307.621461][ T5791] RSP: 002b:00007fff63880268 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  307.621574][ T5791] RAX: 0000000000000000 RBX: 00007fa35b60471f RCX: 00007fa35b59bf17
[  307.621654][ T5791] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff63880320
[  307.621728][ T5791] RBP: 00007fff63880320 R08: 00007fff63881320 R09: 00000000ffffffff
[  307.621812][ T5791] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff638813b0
[  307.621889][ T5791] R13: 00007fa35b60471f R14: 000000000004b086 R15: 00007fff638813f0
[  307.622012][ T5791]  </TASK>
[  307.925589][ T5791] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  308.246717][ T7264] netlink: 36 bytes leftover after parsing attributes in process `syz.0.378'.
[  308.301085][ T7267] loop1: detected capacity change from 0 to 16
[  308.314843][ T7267] erofs (device loop1): mounted with root inode @ nid 36.
[  308.382509][ T7264] bridge0: port 2(bridge_slave_1) entered disabled state
[  308.392248][ T7264] bridge0: port 1(bridge_slave_0) entered disabled state
[  308.556289][ T2107] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  308.755962][ T2107] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  308.890568][ T2107] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  308.974562][ T7271] binder: 7270:7271 ioctl c0306201 200000000640 returned -22
[  309.017656][ T2107] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  309.463799][ T2107] bridge_slave_1: left allmulticast mode
[  309.469649][ T2107] bridge_slave_1: left promiscuous mode
[  309.476565][ T2107] bridge0: port 2(bridge_slave_1) entered disabled state
[  309.568956][ T2107] bridge_slave_0: left allmulticast mode
[  309.575058][ T2107] bridge_slave_0: left promiscuous mode
[  309.581401][ T2107] bridge0: port 1(bridge_slave_0) entered disabled state
[  310.073971][ T2107] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  310.136149][ T2107] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  310.165993][ T2107] bond0 (unregistering): Released all slaves
[  310.935167][ T2107] hsr_slave_0: left promiscuous mode
[  310.951042][   T51] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  310.960991][ T2107] hsr_slave_1: left promiscuous mode
[  310.972165][   T51] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  310.982187][   T51] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  310.995163][   T51] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  311.000403][ T7287] loop1: detected capacity change from 0 to 1024
[  311.009535][   T51] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  311.024983][ T2107] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  311.032870][ T2107] batman_adv: batadv0: Removing interface: batadv_slave_0
[  311.106932][ T2107] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  311.114704][ T2107] batman_adv: batadv0: Removing interface: batadv_slave_1
[  311.165075][ T7287] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  311.198556][ T7287] ext4 filesystem being mounted at /87/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  311.211142][ T2107] veth1_macvtap: left promiscuous mode
[  311.234210][ T2107] veth0_macvtap: left promiscuous mode
[  311.240087][ T2107] veth1_vlan: left promiscuous mode
[  311.257332][ T2107] veth0_vlan: left promiscuous mode
[  311.307380][ T7287] EXT4-fs error (device loop1): ext4_map_blocks:825: inode #15: block 3: comm syz.1.385: lblock 3 mapped to illegal pblock 3 (length 3)
[  311.411936][ T7287] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 3 with error 117
[  311.424688][ T7287] EXT4-fs (loop1): This should not happen!! Data will be lost
[  311.424688][ T7287] 
[  311.659850][ T5998] EXT4-fs error (device loop1): ext4_map_blocks:825: inode #15: block 8: comm kworker/u8:13: lblock 8 mapped to illegal pblock 8 (length 8)
[  311.686361][ T5998] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 8 with max blocks 8 with error 117
[  311.701879][ T5998] EXT4-fs (loop1): This should not happen!! Data will be lost
[  311.701879][ T5998] 
[  311.727353][ T5794] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  312.309705][ T2107] team0 (unregistering): Port device team_slave_1 removed
[  312.335524][ T2107] team0 (unregistering): Port device team_slave_0 removed
[  313.029444][ T7311] netlink: 'syz.1.388': attribute type 3 has an invalid length.
[  313.123072][   T51] Bluetooth: hci4: command tx timeout
[  313.202040][ T5791] gfs2: fsid=syz:syz.0: warning: assertion "gfs2_log_is_empty(sdp)" failed - function = gfs2_make_fs_ro, file = fs/gfs2/super.c, line = 564
[  313.216787][ T5791] CPU: 1 UID: 0 PID: 5791 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(voluntary) 
[  313.216955][ T5791] Tainted: [L]=SOFTLOCKUP
[  313.217003][ T5791] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  313.217074][ T5791] Call Trace:
[  313.217119][ T5791]  <TASK>
[  313.217164][ T5791]  __dump_stack+0x26/0x30
[  313.217315][ T5791]  dump_stack_lvl+0x14c/0x1c0
[  313.217473][ T5791]  dump_stack+0x1e/0x25
[  313.217613][ T5791]  gfs2_assert_warn_i+0x2d8/0x470
[  313.217769][ T5791]  gfs2_make_fs_ro+0x500/0x510
[  313.217964][ T5791]  ? __pfx_autoremove_wake_function+0x10/0x10
[  313.218119][ T5791]  gfs2_put_super+0x3bc/0x10b0
[  313.218271][ T5791]  ? kmsan_get_metadata+0xf1/0x160
[  313.218450][ T5791]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  313.218635][ T5791]  ? __pfx_gfs2_put_super+0x10/0x10
[  313.218790][ T5791]  generic_shutdown_super+0x1b0/0x4b0
[  313.218955][ T5791]  kill_block_super+0x42/0xd0
[  313.219121][ T5791]  gfs2_kill_sb+0x4a9/0x580
[  313.219264][ T5791]  ? __pfx_gfs2_kill_sb+0x10/0x10
[  313.219390][ T5791]  deactivate_locked_super+0xcb/0x3c0
[  313.219554][ T5791]  deactivate_super+0x12f/0x140
[  313.219697][ T5791]  cleanup_mnt+0x7eb/0x870
[  313.219837][ T5791]  ? __pfx___cleanup_mnt+0x10/0x10
[  313.219971][ T5791]  __cleanup_mnt+0x22/0x30
[  313.220094][ T5791]  task_work_run+0x208/0x2b0
[  313.220261][ T5791]  exit_to_user_mode_loop+0x2ff/0x1b20
[  313.220441][ T5791]  ? user_path_at+0x241/0x3e0
[  313.220597][ T5791]  ? __x64_sys_umount+0x1dc/0x250
[  313.220774][ T5791]  do_syscall_64+0x1d7/0xf80
[  313.220938][ T5791]  ? clear_bhb_loop+0x40/0x90
[  313.221079][ T5791]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  313.221211][ T5791] RIP: 0033:0x7fa35b59bf17
[  313.221306][ T5791] Code: a2 c7 05 7c 96 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  313.221412][ T5791] RSP: 002b:00007fff63880268 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  313.221524][ T5791] RAX: 0000000000000000 RBX: 00007fa35b60471f RCX: 00007fa35b59bf17
[  313.221602][ T5791] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff63880320
[  313.221679][ T5791] RBP: 00007fff63880320 R08: 00007fff63881320 R09: 00000000ffffffff
[  313.221767][ T5791] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff638813b0
[  313.221847][ T5791] R13: 00007fa35b60471f R14: 000000000004b086 R15: 00007fff638813f0
[  313.221975][ T5791]  </TASK>
[  313.757195][ T2107] IPVS: stop unused estimator thread 0...
[  315.031822][ T7288] chnl_net:caif_netlink_parms(): no params data found
[  315.086214][ T2107] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  315.094500][ T2107] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  315.204346][   T51] Bluetooth: hci4: command tx timeout
[  315.412487][ T7336] loop0: detected capacity change from 0 to 128
[  315.511921][ T1303] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  315.520022][ T1303] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  315.785514][ T7340] loop3: detected capacity change from 0 to 1024
[  315.944179][ T7340] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  316.637278][ T5791] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  317.255477][ T7288] bridge0: port 1(bridge_slave_0) entered blocking state
[  317.264064][ T7288] bridge0: port 1(bridge_slave_0) entered disabled state
[  317.292822][ T7356] loop5: detected capacity change from 0 to 32768
[  317.306489][   T51] Bluetooth: hci4: command tx timeout
[  317.384623][ T7288] bridge_slave_0: entered allmulticast mode
[  317.395268][ T7288] bridge_slave_0: entered promiscuous mode
[  317.412557][ T7288] bridge0: port 2(bridge_slave_1) entered blocking state
[  317.420078][ T7288] bridge0: port 2(bridge_slave_1) entered disabled state
[  317.430168][ T7356] XFS (loop5): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  317.433447][ T7288] bridge_slave_1: entered allmulticast mode
[  317.454161][ T7288] bridge_slave_1: entered promiscuous mode
[  317.555155][ T7288] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  317.628304][ T7288] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  317.740129][ T7356] XFS (loop5): Ending clean mount
[  317.750426][ T7356] XFS (loop5): Quotacheck needed: Please wait.
[  317.773364][ T7362] loop1: detected capacity change from 0 to 2048
[  317.846874][ T7356] XFS (loop5): Quotacheck: Done.
[  317.902178][ T7362] UDF-fs: error (device loop1): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  318.007341][ T7362] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  318.069306][ T6914] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  318.243711][ T7288] team0: Port device team_slave_0 added
[  318.527341][ T7288] team0: Port device team_slave_1 added
[  318.676467][ T7382] loop5: detected capacity change from 0 to 64
[  318.878867][ T7382] hfs: request for non-existent node 24 in B*Tree
[  318.885833][ T7382] hfs: request for non-existent node 24 in B*Tree
[  318.992557][ T7288] batman_adv: batadv0: Adding interface: batadv_slave_0
[  318.999686][ T7288] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  319.030304][ T7288] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  319.049985][ T7386] hfs: request for non-existent node 25 in B*Tree
[  319.057626][ T7386] hfs: request for non-existent node 25 in B*Tree
[  319.155917][ T7386] hfs: request for non-existent node 26 in B*Tree
[  319.162968][ T7386] hfs: request for non-existent node 26 in B*Tree
[  319.234095][ T7382] hfs: request for non-existent node 27 in B*Tree
[  319.240812][ T7382] hfs: request for non-existent node 27 in B*Tree
[  319.266497][ T7288] batman_adv: batadv0: Adding interface: batadv_slave_1
[  319.273807][ T7288] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  319.300957][ T7288] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  319.391592][   T51] Bluetooth: hci4: command tx timeout
[  319.960173][ T7288] hsr_slave_0: entered promiscuous mode
[  320.013321][ T7288] hsr_slave_1: entered promiscuous mode
[  320.067879][ T7288] debugfs: 'hsr0' already exists in 'hsr'
[  320.074313][ T7288] Cannot create hsr debugfs directory
[  322.398466][ T7421] loop3: detected capacity change from 0 to 32768
[  322.528348][ T7421] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.413 (7421)
[  322.642564][ T7423] loop0: detected capacity change from 0 to 32768
[  323.437093][ T7425] loop5: detected capacity change from 0 to 40427
[  323.452281][ T7425] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12
[  323.460017][ T7421] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  323.460201][ T7425] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  323.471051][ T7421] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  323.542898][ T7425] F2FS-fs (loop5): invalid crc value
[  323.892272][ T7425] F2FS-fs (loop5): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  323.916001][ T7425] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  323.923431][ T7425] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  324.162616][ T7425] F2FS-fs (loop5): Stopped filesystem due to reason: 0
[  324.175332][ T7421] BTRFS info (device loop3): enabling ssd optimizations
[  324.182933][ T7421] BTRFS info (device loop3): turning on async discard
[  324.190061][ T7421] BTRFS info (device loop3): enabling free space tree
[  324.297247][ T7288] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  324.426194][ T7288] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  324.556740][ T7288] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  324.661342][ T5791] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  324.774791][ T7450] loop1: detected capacity change from 0 to 1024
[  324.807188][ T7288] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  325.406322][ T7450] hfsplus: xattr search failed
[  325.502278][ T7454] hfsplus: xattr searching failed
[  326.103818][ T5794] hfsplus: node 4:3 still has 1 user(s)!
[  327.289362][ T7288] 8021q: adding VLAN 0 to HW filter on device bond0
[  327.454714][ T7476] loop1: detected capacity change from 0 to 32768
[  328.190335][ T7484] loop3: detected capacity change from 0 to 40427
[  328.232199][ T7484] F2FS-fs (loop3): invalid crc value
[  328.508651][ T7484] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  328.546498][ T7288] 8021q: adding VLAN 0 to HW filter on device team0
[  328.562921][ T7484] F2FS-fs (loop3): Start checkpoint disabled!
[  328.576715][ T7484] F2FS-fs (loop3): f2fs_disable_checkpoint() finish, err:0
[  328.593688][ T7484] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  328.658993][ T1303] bridge0: port 1(bridge_slave_0) entered blocking state
[  328.666607][ T1303] bridge0: port 1(bridge_slave_0) entered forwarding state
[  328.958949][ T1303] bridge0: port 2(bridge_slave_1) entered blocking state
[  328.966539][ T1303] bridge0: port 2(bridge_slave_1) entered forwarding state
[  329.572502][   T31] usb 6-1: new high-speed USB device number 2 using dummy_hcd
[  329.630588][ T7497] loop1: detected capacity change from 0 to 1024
[  329.689529][ T5438] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  329.741891][   T31] usb 6-1: Using ep0 maxpacket: 16
[  329.760579][ T7497] EXT4-fs: Ignoring removed oldalloc option
[  329.769527][ T7497] EXT4-fs: Ignoring removed bh option
[  329.782172][   T31] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  329.791250][   T31] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  329.801950][   T31] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  329.966255][   T31] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  329.977561][   T31] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  329.986519][   T31] usb 6-1: Product: syz
[  329.990857][   T31] usb 6-1: Manufacturer: syz
[  329.995892][   T31] usb 6-1: SerialNumber: syz
[  330.003481][ T5438] usb 1-1: Using ep0 maxpacket: 32
[  330.081135][ T5438] usb 1-1: config 0 has no interfaces?
[  330.177393][ T5438] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  330.186989][ T5438] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  330.195358][ T5438] usb 1-1: SerialNumber: syz
[  330.208359][ T5438] usb 1-1: config 0 descriptor??
[  330.246057][ T7497] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  330.444842][ T5438] usb 1-1: USB disconnect, device number 3
[  330.602833][   T31] usb 6-1: 0:2 : does not exist
[  330.989333][ T5794] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  331.452573][ T5438] usb 6-1: USB disconnect, device number 2
[  331.697954][ T5988] udevd[5988]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  332.456105][ T7288] 8021q: adding VLAN 0 to HW filter on device batadv0
[  333.500459][ T7526] loop3: detected capacity change from 0 to 40427
[  333.513063][ T7526] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[  333.520983][ T7526] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  333.544878][ T7526] F2FS-fs (loop3): invalid crc value
[  333.887274][ T7526] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  333.917523][ T7526] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  333.925010][ T7526] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  333.998715][ T7526] syz.3.428: attempt to access beyond end of device
[  333.998715][ T7526] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  336.179920][ T7562] romfs: block size(65536) > page size(4096) not supported by filesystem
[  336.189488][ T7562] VFS: Can't find a romfs filesystem on dev nullb0.
[  336.189488][ T7562] 
[  336.596378][ T7288] veth0_vlan: entered promiscuous mode
[  336.776552][ T7568] netlink: 'syz.0.440': attribute type 1 has an invalid length.
[  336.793713][ T7288] veth1_vlan: entered promiscuous mode
[  337.085976][ T7573] netlink: 8 bytes leftover after parsing attributes in process `syz.3.442'.
[  337.095241][ T7573] netlink: 'syz.3.442': attribute type 5 has an invalid length.
[  337.103627][ T7573] netlink: 4 bytes leftover after parsing attributes in process `syz.3.442'.
[  337.393260][ T7573] geneve2: entered promiscuous mode
[  337.398919][ T7573] geneve2: entered allmulticast mode
[  337.490553][ T1303] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 8192 - 0
[  337.516982][ T7288] veth0_macvtap: entered promiscuous mode
[  337.708212][ T1303] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 8192 - 0
[  337.770742][ T7288] veth1_macvtap: entered promiscuous mode
[  337.887434][ T1303] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 8192 - 0
[  337.964719][ T1303] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 8192 - 0
[  338.097060][ T7288] batman_adv: batadv0: Interface activated: batadv_slave_0
[  338.240838][ T7288] batman_adv: batadv0: Interface activated: batadv_slave_1
[  338.446586][ T1142] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  338.568047][ T1005] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  338.629956][ T1005] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  338.704090][ T1005] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  340.638225][ T7614] loop1: detected capacity change from 0 to 512
[  340.795150][ T7614] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  340.970095][ T7614] EXT4-fs error (device loop1): ext4_orphan_get:1417: comm syz.1.454: bad orphan inode 131083
[  341.104278][ T7614] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  341.240410][ T7614] EXT4-fs error (device loop1): ext4_check_all_de:659: inode #12: block 7: comm syz.1.454: bad entry in directory: directory entry overrun - offset=16, inode=1560281102, rec_len=1024, size=124 fake=0
[  341.843590][ T5794] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  342.561781][   T10] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  342.782280][   T10] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  342.794686][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  342.805911][   T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  342.815946][   T10] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  342.829287][   T10] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  342.838808][   T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  343.061213][   T10] usb 2-1: config 0 descriptor??
[  343.686306][   T10] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  343.827014][ T7658] @: renamed from vlan0 (while UP)
[  344.487289][ T5955] usb 2-1: USB disconnect, device number 5
[  344.897819][ T7675] loop0: detected capacity change from 0 to 128
[  345.185119][ T7681] mmap: syz.0.468 (7681) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  345.766555][ T6086] kworker/u8:15: attempt to access beyond end of device
[  345.766555][ T6086] loop0: rw=1, sector=145, nr_sectors = 8 limit=128
[  345.932043][ T6086] kworker/u8:15: attempt to access beyond end of device
[  345.932043][ T6086] loop0: rw=1, sector=161, nr_sectors = 8 limit=128
[  346.088996][ T6086] kworker/u8:15: attempt to access beyond end of device
[  346.088996][ T6086] loop0: rw=1, sector=177, nr_sectors = 8 limit=128
[  346.231824][ T6086] kworker/u8:15: attempt to access beyond end of device
[  346.231824][ T6086] loop0: rw=1, sector=193, nr_sectors = 8 limit=128
[  346.353903][ T6086] kworker/u8:15: attempt to access beyond end of device
[  346.353903][ T6086] loop0: rw=1, sector=209, nr_sectors = 8 limit=128
[  346.410935][ T7686] loop1: detected capacity change from 0 to 40427
[  346.440336][ T7686] F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0x1f52010)
[  346.449005][ T7686] F2FS-fs (loop1): Can't find valid F2FS filesystem in 2th superblock
[  346.462398][ T7686] F2FS-fs (loop1): Image doesn't support compression
[  346.469263][ T7686] F2FS-fs (loop1): build fault injection type: 0x4
[  346.501083][ T7686] F2FS-fs (loop1): invalid crc value
[  346.802904][ T7686] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  346.813690][ T7686] F2FS-fs (loop1): Start checkpoint disabled!
[  346.827329][ T7686] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0
[  346.848214][ T7686] F2FS-fs (loop1): Try to recover 2th superblock, ret: 0
[  346.855605][ T7686] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  347.213421][   T62] kworker/u8:4: attempt to access beyond end of device
[  347.213421][   T62] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  347.228591][   T62] CPU: 0 UID: 0 PID: 62 Comm: kworker/u8:4 Tainted: G             L      syzkaller #0 PREEMPT(voluntary) 
[  347.228752][   T62] Tainted: [L]=SOFTLOCKUP
[  347.228801][   T62] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  347.228925][   T62] Workqueue: writeback wb_workfn (flush-7:1)
[  347.229091][   T62] Call Trace:
[  347.229134][   T62]  <TASK>
[  347.229176][   T62]  __dump_stack+0x26/0x30
[  347.229322][   T62]  dump_stack_lvl+0x14c/0x1c0
[  347.229471][   T62]  dump_stack+0x1e/0x25
[  347.229608][   T62]  f2fs_handle_critical_error+0xa6f/0xc20
[  347.229828][   T62]  f2fs_stop_checkpoint+0x65/0x80
[  347.229961][   T62]  f2fs_write_end_io+0x101c/0x1bb0
[  347.230135][   T62]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  347.230265][   T62]  bio_endio+0xf92/0x10e0
[  347.230415][   T62]  submit_bio_noacct+0x200a/0x2930
[  347.230614][   T62]  submit_bio+0x57a/0x620
[  347.230766][   T62]  f2fs_submit_write_bio+0x92/0x250
[  347.230945][   T62]  __submit_merged_bio+0x16f/0x6a0
[  347.231109][   T62]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  347.231293][   T62]  __submit_merged_write_cond+0x44a/0x990
[  347.231484][   T62]  f2fs_write_data_pages+0x4d18/0x57a0
[  347.231745][   T62]  ? f2fs_balance_fs_bg+0x11ee/0x1250
[  347.231913][   T62]  ? stack_depot_save_flags+0x35/0x790
[  347.232065][   T62]  ? kmsan_get_metadata+0xf1/0x160
[  347.232249][   T62]  ? kmsan_get_metadata+0xf1/0x160
[  347.232417][   T62]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  347.232609][   T62]  ? f2fs_write_node_pages+0x7ab/0xb30
[  347.232763][   T62]  ? kmsan_get_metadata+0xf1/0x160
[  347.232940][   T62]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  347.233123][   T62]  ? kmsan_get_metadata+0xf1/0x160
[  347.233289][   T62]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  347.233472][   T62]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  347.233603][   T62]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  347.233733][   T62]  do_writepages+0x3f2/0x860
[  347.233866][   T62]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  347.234061][   T62]  ? kmsan_get_metadata+0xf1/0x160
[  347.234236][   T62]  ? kmsan_get_metadata+0xf1/0x160
[  347.234424][   T62]  __writeback_single_inode+0x101/0x1180
[  347.234593][   T62]  ? kmsan_get_metadata+0xf1/0x160
[  347.234779][   T62]  writeback_sb_inodes+0xb2d/0x1f10
[  347.235028][   T62]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  347.235232][   T62]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  347.235417][   T62]  wb_writeback+0x4d0/0xc00
[  347.235582][   T62]  ? queue_io+0x471/0x790
[  347.235734][   T62]  wb_workfn+0x397/0x1910
[  347.235865][   T62]  ? kmsan_get_metadata+0xf1/0x160
[  347.236066][   T62]  ? __pfx_wb_workfn+0x10/0x10
[  347.236192][   T62]  process_scheduled_works+0xb03/0x1da0
[  347.236374][   T62]  worker_thread+0xede/0x1590
[  347.236536][   T62]  kthread+0xd5a/0xf00
[  347.236668][   T62]  ? __pfx_worker_thread+0x10/0x10
[  347.236816][   T62]  ? __pfx_kthread+0x10/0x10
[  347.236973][   T62]  ret_from_fork+0x207/0x6f0
[  347.237087][   T62]  ? __switch_to+0x521/0x750
[  347.237237][   T62]  ? __pfx_kthread+0x10/0x10
[  347.237377][   T62]  ret_from_fork_asm+0x1a/0x30
[  347.237563][   T62]  </TASK>
[  347.356553][   T62] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  347.386975][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  347.449558][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  347.453231][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  347.593259][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  347.606502][   T10] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  347.939564][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  347.947778][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  347.969891][   T10] usb 4-1: Using ep0 maxpacket: 16
[  348.053979][   T10] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  348.066436][   T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  348.234516][   T10] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  348.244118][   T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  348.252566][   T10] usb 4-1: Product: syz
[  348.256910][   T10] usb 4-1: Manufacturer: syz
[  348.265147][   T10] usb 4-1: SerialNumber: syz
[  348.278049][   T10] usb 4-1: config 0 descriptor??
[  348.307452][   T10] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  348.317184][   T10] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class)
[  348.983134][   T10] em28xx 4-1:0.0: unknown em28xx chip ID (0)
[  349.052346][   T10] em28xx 4-1:0.0: Config register raw data: 0xfffffffb
[  349.466273][ T5955] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  349.718982][ T5955] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  349.733110][ T5955] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  349.744271][ T5955] usb 7-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00
[  349.753686][ T5955] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  349.988729][ T7721] loop0: detected capacity change from 0 to 32768
[  349.989409][ T5955] usb 7-1: config 0 descriptor??
[  349.998702][ T7721] BTRFS warning: excessive commit interval 2147483712, use with care
[  350.011194][   T10] em28xx 4-1:0.0: AC97 chip type couldn't be determined
[  350.018544][   T10] em28xx 4-1:0.0: No AC97 audio processor
[  350.047890][ T7721] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.480 (7721)
[  350.064682][   T10] usb 4-1: USB disconnect, device number 2
[  350.166051][   T10] em28xx 4-1:0.0: Disconnecting em28xx
[  350.181743][ T7721] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  350.192399][ T7721] BTRFS info (device loop0): using crc32c (crc32c-lib) checksum algorithm
[  350.227952][   T10] em28xx 4-1:0.0: Freeing device
[  350.393880][ T2107] BTRFS warning (device loop0): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  350.408024][ T7721] BTRFS error (device loop0): failed to load root extent
[  350.415519][ T7721] BTRFS warning (device loop0): try to load backup roots slot 1
[  350.442268][ T2107] BTRFS warning (device loop0): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  350.460748][ T7721] BTRFS warning (device loop0): couldn't read tree root
[  350.469373][ T7721] BTRFS warning (device loop0): try to load backup roots slot 2
[  350.511735][ T2107] BTRFS error (device loop0): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  350.522814][ T7721] BTRFS warning (device loop0): couldn't read tree root
[  350.530061][ T7721] BTRFS warning (device loop0): try to load backup roots slot 3
[  350.624491][ T7721] BTRFS info (device loop0): checking UUID tree
[  350.638171][ T7721] BTRFS info (device loop0): enabling ssd optimizations
[  350.646007][ T7721] BTRFS info (device loop0): using spread ssd allocation scheme
[  350.659474][ T7721] BTRFS info (device loop0): turning on async discard
[  350.667002][ T7721] BTRFS info (device loop0): enabling free space tree
[  350.674069][ T7721] BTRFS info (device loop0): enabling auto defrag
[  350.680662][ T7721] BTRFS info (device loop0): trying to use backup root at mount time
[  350.689093][ T7721] BTRFS info (device loop0): use zlib compression, level 3
[  350.763573][ T5955] steelseries 0003:1038:12B6.0004: hidraw0: USB HID v0.00 Device [HID 1038:12b6] on usb-dummy_hcd.6-1/input0
[  351.136608][ T5792] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  351.613022][ T7756] loop3: detected capacity change from 0 to 256
[  351.642713][ T7756] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  351.707529][ T7756] FAT-fs (loop3): error, fat_bmap_cluster: request beyond EOF (i_pos 196)
[  351.716471][ T7756] FAT-fs (loop3): Filesystem has been set read-only
[  351.791066][ T7755] loop5: detected capacity change from 0 to 2048
[  351.988667][ T7755] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: writeback.
[  352.371278][ T7755] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  352.474501][ T7755] EXT4-fs (loop5): Remounting filesystem read-only
[  352.533955][ T7755] EXT4-fs (loop5): error restoring inline_data for inode -- potential data loss! (inode 18, error -30)
[  352.772192][   T24] usb 7-1: USB disconnect, device number 2
[  352.816026][ T7771] evm: overlay not supported
[  353.075215][ T6914] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000900.
[  353.733869][ T7782] netlink: 20 bytes leftover after parsing attributes in process `syz.1.493'.
[  353.803704][ T7782] netlink: 20 bytes leftover after parsing attributes in process `syz.1.493'.
[  355.764416][ T7812] netlink: 8 bytes leftover after parsing attributes in process `syz.1.502'.
[  355.778893][ T7812] netlink: 8 bytes leftover after parsing attributes in process `syz.1.502'.
[  357.450499][ T7829] loop1: detected capacity change from 0 to 40427
[  357.461198][ T7829] F2FS-fs (loop1): Magic Mismatch, valid(0xf2f52010) - read(0xbdf52010)
[  357.470286][ T7829] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  357.539303][ T7829] F2FS-fs (loop1): invalid crc value
[  357.858483][ T7829] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  357.915329][ T7829] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  357.925697][ T7829] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  358.087668][   T30] audit: type=1800 audit(1769099574.732:20): pid=7829 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.507" name="file1" dev="loop1" ino=10 res=0 errno=0
[  358.222902][ T5794] syz-executor: attempt to access beyond end of device
[  358.222902][ T5794] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  358.242646][ T5794] CPU: 0 UID: 0 PID: 5794 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(voluntary) 
[  358.242810][ T5794] Tainted: [L]=SOFTLOCKUP
[  358.242858][ T5794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  358.242930][ T5794] Call Trace:
[  358.242975][ T5794]  <TASK>
[  358.243021][ T5794]  __dump_stack+0x26/0x30
[  358.243177][ T5794]  dump_stack_lvl+0x14c/0x1c0
[  358.243329][ T5794]  dump_stack+0x1e/0x25
[  358.243463][ T5794]  f2fs_handle_critical_error+0xa6f/0xc20
[  358.243684][ T5794]  f2fs_stop_checkpoint+0x65/0x80
[  358.243810][ T5794]  f2fs_write_end_io+0x101c/0x1bb0
[  358.243976][ T5794]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  358.244092][ T5794]  bio_endio+0xf92/0x10e0
[  358.244231][ T5794]  submit_bio_noacct+0x200a/0x2930
[  358.244414][ T5794]  submit_bio+0x57a/0x620
[  358.244562][ T5794]  f2fs_submit_write_bio+0x92/0x250
[  358.244741][ T5794]  __submit_merged_bio+0x16f/0x6a0
[  358.244913][ T5794]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  358.245114][ T5794]  __submit_merged_write_cond+0x44a/0x990
[  358.245325][ T5794]  f2fs_write_data_pages+0x4d18/0x57a0
[  358.245594][ T5794]  ? trace_user_fault_read+0x680/0x7a0
[  358.245737][ T5794]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  358.245933][ T5794]  ? free_unref_folios+0x2910/0x2970
[  358.246079][ T5794]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  358.246270][ T5794]  ? __rcu_read_unlock+0x6c/0xd0
[  358.246462][ T5794]  ? kmsan_get_metadata+0xf1/0x160
[  358.246646][ T5794]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  358.246832][ T5794]  ? kmsan_get_metadata+0xf1/0x160
[  358.247013][ T5794]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  358.247195][ T5794]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  358.247327][ T5794]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  358.247459][ T5794]  do_writepages+0x3f2/0x860
[  358.247604][ T5794]  ? _raw_spin_unlock+0x30/0x50
[  358.247741][ T5794]  ? wbc_attach_and_unlock_inode+0x131/0x670
[  358.247910][ T5794]  filemap_fdatawrite+0x207/0x260
[  358.248138][ T5794]  f2fs_sync_dirty_inodes+0x2aa/0x9d0
[  358.248311][ T5794]  f2fs_write_checkpoint+0x10a3/0x3720
[  358.248547][ T5794]  ? stack_depot_save_flags+0x35/0x790
[  358.248746][ T5794]  kill_f2fs_super+0x320/0x990
[  358.248931][ T5794]  ? __pfx_kill_f2fs_super+0x10/0x10
[  358.249078][ T5794]  deactivate_locked_super+0xcb/0x3c0
[  358.249243][ T5794]  deactivate_super+0x12f/0x140
[  358.249395][ T5794]  cleanup_mnt+0x7eb/0x870
[  358.249540][ T5794]  ? __pfx___cleanup_mnt+0x10/0x10
[  358.249673][ T5794]  __cleanup_mnt+0x22/0x30
[  358.249799][ T5794]  task_work_run+0x208/0x2b0
[  358.249968][ T5794]  exit_to_user_mode_loop+0x2ff/0x1b20
[  358.250152][ T5794]  ? user_path_at+0x241/0x3e0
[  358.250308][ T5794]  ? __x64_sys_umount+0x1dc/0x250
[  358.250486][ T5794]  do_syscall_64+0x1d7/0xf80
[  358.250649][ T5794]  ? clear_bhb_loop+0x40/0x90
[  358.250789][ T5794]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  358.250929][ T5794] RIP: 0033:0x7f0c9b19bf17
[  358.251029][ T5794] Code: a2 c7 05 7c 96 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  358.251143][ T5794] RSP: 002b:00007ffec5cac0d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  358.251270][ T5794] RAX: 0000000000000000 RBX: 00007f0c9b20471f RCX: 00007f0c9b19bf17
[  358.251358][ T5794] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffec5cac190
[  358.251436][ T5794] RBP: 00007ffec5cac190 R08: 00007ffec5cad190 R09: 00000000ffffffff
[  358.251525][ T5794] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffec5cad220
[  358.251604][ T5794] R13: 00007f0c9b20471f R14: 00000000000576d6 R15: 00007ffec5cad260
[  358.251731][ T5794]  </TASK>
[  358.621660][ T5794] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  359.315185][ T7853] loop3: detected capacity change from 0 to 1024
[  359.333177][ T7853] EXT4-fs: inline encryption not supported
[  359.339237][ T7853] EXT4-fs: Ignoring removed orlov option
[  359.489778][   T10] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  359.499108][ T7853] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  359.737733][   T10] usb 1-1: Using ep0 maxpacket: 16
[  359.782153][   T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  359.793587][   T10] usb 1-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00
[  359.802994][   T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  359.848194][   T10] usb 1-1: config 0 descriptor??
[  360.095990][ T5791] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  360.496547][   T10] kye 0003:0458:5016.0005: control desc unexpectedly large
[  360.595298][   T10] input: HID 0458:5016 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0458:5016.0005/input/input10
[  360.878408][   T10] input: HID 0458:5016 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0458:5016.0005/input/input11
[  361.229926][   T10] kye 0003:0458:5016.0005: input,hiddev0,hidraw0: USB HID v0.09 Device [HID 0458:5016] on usb-dummy_hcd.0-1/input0
[  361.556052][   T24] usb 1-1: USB disconnect, device number 4
[  362.277156][ T7879] fido_id[7879]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  362.337807][ T7887] netlink: 'syz.3.521': attribute type 2 has an invalid length.
[  362.346483][ T7887] netlink: 48 bytes leftover after parsing attributes in process `syz.3.521'.
[  363.064161][ T7894] loop5: detected capacity change from 0 to 512
[  363.192479][ T7894] EXT4-fs warning (device loop5): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  363.205360][ T7894] EXT4-fs warning (device loop5): dx_probe:849: Enable large directory feature to access it
[  363.215826][ T7894] EXT4-fs warning (device loop5): dx_probe:934: inode #2: comm syz.5.523: Corrupt directory, running e2fsck is recommended
[  363.324353][ T7894] EXT4-fs (loop5): Cannot turn on journaled quota: type 1: error -117
[  363.389727][ T7894] EXT4-fs error (device loop5): ext4_iget_extra_inode:5073: inode #15: comm syz.5.523: corrupted in-inode xattr: e_name out of bounds
[  363.498000][ T7894] EXT4-fs (loop5): Remounting filesystem read-only
[  363.511776][ T5955] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  363.541612][ T7894] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  363.747712][ T5955] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  363.757636][ T5955] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  363.767857][ T5955] usb 4-1: Product: syz
[  363.772981][ T5955] usb 4-1: Manufacturer: syz
[  363.777747][ T5955] usb 4-1: SerialNumber: syz
[  363.834358][ T7894] EXT4-fs warning (device loop5): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  363.846473][ T7894] EXT4-fs warning (device loop5): dx_probe:849: Enable large directory feature to access it
[  363.857125][ T7894] EXT4-fs warning (device loop5): dx_probe:934: inode #2: comm syz.5.523: Corrupt directory, running e2fsck is recommended
[  364.042848][ T7904] overlayfs: overlapping lowerdir path
[  364.100796][ T7907] overlayfs: overlapping lowerdir path
[  364.323772][ T6914] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  365.106536][ T7918] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  365.117087][ T5955] cdc_ncm 4-1:1.0: MAC-Address: 42:42:42:42:42:42
[  365.167950][   T24] usb 6-1: new full-speed USB device number 3 using dummy_hcd
[  365.375464][ T5955] cdc_ncm 4-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.3-1, CDC NCM (NO ZLP), 42:42:42:42:42:42
[  365.526569][   T24] usb 6-1: unable to get BOS descriptor or descriptor too short
[  365.536903][ T5955] usb 4-1: USB disconnect, device number 3
[  365.568088][   T24] usb 6-1: unable to read config index 0 descriptor/start: -71
[  365.576667][   T24] usb 6-1: can't read configurations, error -71
[  365.584989][ T5955] cdc_ncm 4-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.3-1, CDC NCM (NO ZLP)
[  366.049811][ T7929] loop6: detected capacity change from 0 to 47
[  366.369519][ T7925] loop1: detected capacity change from 0 to 32768
[  366.438196][ T7925] JBD2: Ignoring recovery information on journal
[  366.631951][ T7925] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  366.753120][ T7925] OCFS2: ERROR (device loop1): int ocfs2_validate_gd_parent(struct super_block *, struct ocfs2_dinode *, struct buffer_head *, int): Group descriptor #32 has bit count of 1024
[  366.771090][ T7925] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  366.781260][ T7925] OCFS2: File system is now read-only.
[  366.787062][ T7925] (syz.1.533,7925,0):ocfs2_search_chain:1818 ERROR: status = -30
[  366.795132][ T7925] (syz.1.533,7925,0):ocfs2_search_chain:1941 ERROR: status = -30
[  366.803403][ T7925] (syz.1.533,7925,0):ocfs2_claim_suballoc_bits:2021 ERROR: status = -30
[  366.812129][ T7925] (syz.1.533,7925,0):ocfs2_claim_suballoc_bits:2074 ERROR: status = -30
[  366.820681][ T7925] (syz.1.533,7925,0):__ocfs2_claim_clusters:2449 ERROR: status = -30
[  366.833063][ T7925] (syz.1.533,7925,0):__ocfs2_claim_clusters:2457 ERROR: status = -30
[  366.841375][ T7925] (syz.1.533,7925,0):ocfs2_local_alloc_new_window:1199 ERROR: status = -30
[  366.856239][ T7925] (syz.1.533,7925,0):ocfs2_local_alloc_new_window:1224 ERROR: status = -30
[  366.865257][ T7925] (syz.1.533,7925,0):ocfs2_local_alloc_slide_window:1298 ERROR: status = -30
[  366.874705][ T7925] (syz.1.533,7925,0):ocfs2_local_alloc_slide_window:1317 ERROR: status = -30
[  366.885868][ T7925] (syz.1.533,7925,0):ocfs2_reserve_local_alloc_bits:672 ERROR: status = -30
[  366.895014][ T7925] (syz.1.533,7925,0):ocfs2_reserve_local_alloc_bits:710 ERROR: status = -30
[  366.904094][ T7925] (syz.1.533,7925,0):ocfs2_reserve_clusters_with_limit:1173 ERROR: status = -30
[  366.913502][ T7925] (syz.1.533,7925,0):ocfs2_reserve_clusters_with_limit:1222 ERROR: status = -30
[  366.923005][ T7925] (syz.1.533,7925,0):ocfs2_lock_allocators:2786 ERROR: status = -30
[  366.931230][ T7925] (syz.1.533,7925,0):ocfs2_write_begin_nolock:1723 ERROR: status = -30
[  366.944468][ T7925] (syz.1.533,7925,0):ocfs2_write_begin:1887 ERROR: status = -30
[  367.360977][ T5794] ocfs2: Unmounting device (7,1) on (node local)
[  367.559942][ T7943] xt_hashlimit: size too large, truncated to 1048576
[  368.150972][ T7952] loop5: detected capacity change from 0 to 1024
[  368.300888][ T7952] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  368.512331][ T7948] netlink: 12 bytes leftover after parsing attributes in process `syz.1.541'.
[  368.727188][ T7962] netlink: 'syz.0.544': attribute type 3 has an invalid length.
[  368.946858][ T6914] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  369.565503][ T7966] loop0: detected capacity change from 0 to 2048
[  369.640816][ T7966] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  369.831357][ T7972] loop3: detected capacity change from 0 to 512
[  370.053407][ T7972] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  370.733398][ T7986] loop1: detected capacity change from 0 to 512
[  370.759847][ T5791] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  370.782002][ T7986] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  370.961792][ T7986] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #16: comm syz.1.554: invalid indirect mapped block 4294967295 (level 0)
[  371.053000][ T7986] EXT4-fs error (device loop1): ext4_free_branches:1023: inode #16: comm syz.1.554: invalid indirect mapped block 4294967295 (level 1)
[  371.140408][ T7986] EXT4-fs (loop1): 1 orphan inode deleted
[  371.146617][ T7986] EXT4-fs (loop1): 1 truncate cleaned up
[  371.208223][ T7993] loop5: detected capacity change from 0 to 256
[  371.343349][ T7986] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  371.368282][ T7993] exFAT-fs (loop5): failed to load upcase table (idx : 0x00011e5d, chksum : 0x63a11b78, utbl_chksum : 0xe619d30d)
[  371.458512][ T7995] loop3: detected capacity change from 0 to 1024
[  371.476228][ T7986] EXT4-fs error (device loop1): htree_dirblock_to_tree:1080: inode #2: block 13: comm syz.1.554: bad entry in directory: rec_len is too small for name_len - offset=12, inode=2, rec_len=12, size=1024 fake=0
[  371.575345][   T30] audit: type=1800 audit(1769099588.222:21): pid=7993 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.557" name="file1" dev="loop5" ino=1048627 res=0 errno=0
[  371.631259][ T7986] EXT4-fs error (device loop1): htree_dirblock_to_tree:1080: inode #2: block 13: comm syz.1.554: bad entry in directory: rec_len is too small for name_len - offset=12, inode=2, rec_len=12, size=1024 fake=0
[  371.856168][ T7998] netlink: 'syz.6.558': attribute type 36 has an invalid length.
[  372.115865][ T1005] hfsplus: b-tree write err: -5, ino 4
[  372.170796][ T5794] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  372.786976][   T10] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  373.009536][   T10] usb 6-1: Using ep0 maxpacket: 32
[  373.048035][   T10] usb 6-1: config 0 has an invalid interface number: 1 but max is 0
[  373.056704][   T10] usb 6-1: config 0 has no interface number 0
[  373.163934][   T10] usb 6-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8
[  373.173592][   T10] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  373.186587][   T10] usb 6-1: Product: syz
[  373.190943][   T10] usb 6-1: Manufacturer: syz
[  373.197109][   T10] usb 6-1: SerialNumber: syz
[  373.362290][   T10] usb 6-1: config 0 descriptor??
[  373.418818][   T10] usb 6-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state
[  373.428184][   T10] usb 6-1: selecting invalid altsetting 1
[  373.434322][   T10] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-22
[  373.468153][ T8020] input: syz1 as /devices/virtual/input/input12
[  373.520913][   T10] usb 6-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  373.539397][   T10] dvbdev: DVB: registering new adapter (Intel CE9500 reference design)
[  373.548999][   T10] usb 6-1: media controller created
[  373.846960][   T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  374.126583][   T10] usb 6-1: dvb_usb_ce6230: usb_control_msg() failed=-71
[  374.134131][   T10] zl10353_read_register: readreg error (reg=127, ret==-71)
[  374.200415][ T8029] loop3: detected capacity change from 0 to 256
[  374.202947][   T10] usb 6-1: dvb_usb_ce6230: usb_set_interface() failed=-71
[  374.543799][ T8029] FAT-fs (loop3): Directory bread(block 64) failed
[  374.565953][ T8035] loop1: detected capacity change from 0 to 512
[  374.587509][ T8029] FAT-fs (loop3): Directory bread(block 65) failed
[  374.608300][ T8029] FAT-fs (loop3): Directory bread(block 66) failed
[  374.691772][ T8029] FAT-fs (loop3): Directory bread(block 67) failed
[  374.698812][ T8029] FAT-fs (loop3): Directory bread(block 68) failed
[  374.778960][ T8029] FAT-fs (loop3): Directory bread(block 69) failed
[  374.847338][ T8029] FAT-fs (loop3): Directory bread(block 70) failed
[  374.911028][ T8029] FAT-fs (loop3): Directory bread(block 71) failed
[  374.996274][ T8029] FAT-fs (loop3): Directory bread(block 72) failed
[  375.038952][ T8029] FAT-fs (loop3): Directory bread(block 73) failed
[  375.098244][   T10] usb 6-1: USB disconnect, device number 5
[  376.400787][ T8055] loop0: detected capacity change from 0 to 128
[  377.011878][ T5438] usb 2-1: new full-speed USB device number 6 using dummy_hcd
[  377.249185][ T5438] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  377.259557][ T5438] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  377.273217][ T5438] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  377.288189][ T5438] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  377.981836][ T8068] loop5: detected capacity change from 0 to 32768
[  378.030881][ T8068] 
[  378.030881][ T8068]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  378.030881][ T8068] 
[  378.051309][ T8068] ERROR: (device loop5): diWrite: ixpxd invalid
[  378.051309][ T8068] 
[  378.061185][ T8068] ERROR: (device loop5): txAbort: 
[  378.061185][ T8068] 
[  378.072626][ T5438] usb 2-1: usb_control_msg returned -32
[  378.078467][ T5438] usbtmc 2-1:16.0: can't read capabilities
[  378.117766][ T8068] 
[  378.117766][ T8068]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  378.117766][ T8068] 
[  378.128944][ T8068] 
[  378.128944][ T8068]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  378.128944][ T8068] 
[  378.139975][ T8068] 
[  378.139975][ T8068]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  378.139975][ T8068] 
[  378.150652][ T8068] 
[  378.150652][ T8068]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  378.150652][ T8068] 
[  378.165778][ T8068] 
[  378.165778][ T8068]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  378.165778][ T8068] 
[  378.177405][ T8068] 
[  378.177405][ T8068]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  378.177405][ T8068] 
[  378.189675][ T8068] 
[  378.189675][ T8068]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  378.189675][ T8068] 
[  378.202815][ T8068] 
[  378.202815][ T8068]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  378.202815][ T8068] 
[  378.224965][  T112] 
[  378.224965][  T112]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  378.224965][  T112] 
[  378.239684][ T8068] 
[  378.239684][ T8068]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  378.239684][ T8068] 
[  378.250555][ T8068] 
[  378.250555][ T8068]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  378.250555][ T8068] 
[  378.261218][ T8068] 
[  378.261218][ T8068]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  378.261218][ T8068] 
[  378.271888][ T8068] 
[  378.271888][ T8068]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  378.271888][ T8068] 
[  378.452874][ T8068] 
[  378.452874][ T8068]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  378.452874][ T8068] 
[  378.586504][ T6914] 
[  378.586504][ T6914]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  378.586504][ T6914] 
[  378.656888][ T6914] 
[  378.656888][ T6914]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  378.656888][ T6914] 
[  379.025529][ T8081] loop3: detected capacity change from 0 to 1024
[  379.068177][ T8081] EXT4-fs: inline encryption not supported
[  379.161687][ T8076] loop6: detected capacity change from 0 to 40427
[  379.175510][ T8076] F2FS-fs (loop6): Image doesn't support compression
[  379.182756][ T8076] F2FS-fs (loop6): build fault injection rate: 690
[  379.197351][ T8081] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  379.218615][ T8076] F2FS-fs (loop6): invalid crc value
[  379.563745][ T8076] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  379.579140][ T8076] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  379.663038][ T8081] EXT4-fs: Ignoring removed orlov option
[  379.674057][   T30] audit: type=1800 audit(1769099596.322:22): pid=8076 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.583" name="file1" dev="loop6" ino=10 res=0 errno=0
[  379.736096][ T8081] EXT4-fs (loop3): can't enable nombcache during remount
[  379.886780][ T8081] EXT4-fs error (device loop3): mb_free_blocks:2037: group 0, inode 15: block 225:freeing already freed block (bit 14); block bitmap corrupt.
[  380.016290][ T8081] EXT4-fs (loop3): Remounting filesystem read-only
[  380.103475][ T7288] syz-executor: attempt to access beyond end of device
[  380.103475][ T7288] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  380.118779][ T7288] CPU: 0 UID: 0 PID: 7288 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(voluntary) 
[  380.118949][ T7288] Tainted: [L]=SOFTLOCKUP
[  380.118999][ T7288] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  380.119074][ T7288] Call Trace:
[  380.119129][ T7288]  <TASK>
[  380.119174][ T7288]  __dump_stack+0x26/0x30
[  380.119333][ T7288]  dump_stack_lvl+0x14c/0x1c0
[  380.119494][ T7288]  dump_stack+0x1e/0x25
[  380.119630][ T7288]  f2fs_handle_critical_error+0xa6f/0xc20
[  380.119855][ T7288]  f2fs_stop_checkpoint+0x65/0x80
[  380.119987][ T7288]  f2fs_write_end_io+0x101c/0x1bb0
[  380.120170][ T7288]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  380.120302][ T7288]  bio_endio+0xf92/0x10e0
[  380.120451][ T7288]  submit_bio_noacct+0x200a/0x2930
[  380.120651][ T7288]  submit_bio+0x57a/0x620
[  380.120804][ T7288]  f2fs_submit_write_bio+0x92/0x250
[  380.120986][ T7288]  __submit_merged_bio+0x16f/0x6a0
[  380.121167][ T7288]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  380.121367][ T7288]  __submit_merged_write_cond+0x44a/0x990
[  380.121564][ T7288]  f2fs_write_data_pages+0x4d18/0x57a0
[  380.121812][ T7288]  ? kmsan_internal_set_shadow_origin+0x7a/0x110
[  380.121978][ T7288]  ? kmsan_get_metadata+0xf1/0x160
[  380.122156][ T7288]  ? folio_batch_move_lru+0x6a2/0x6d0
[  380.122329][ T7288]  ? __msan_warning+0x1b/0x30
[  380.122483][ T7288]  ? filter_irq_stacks+0x13f/0x190
[  380.122648][ T7288]  ? stack_depot_save_flags+0x35/0x790
[  380.122819][ T7288]  ? kmsan_internal_set_shadow_origin+0x7a/0x110
[  380.122994][ T7288]  ? kmsan_get_metadata+0xf1/0x160
[  380.123178][ T7288]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  380.123359][ T7288]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  380.123493][ T7288]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  380.123625][ T7288]  do_writepages+0x3f2/0x860
[  380.123764][ T7288]  ? _raw_spin_unlock+0x30/0x50
[  380.123793][ T5955] usb 2-1: USB disconnect, device number 6
[  380.123899][ T7288]  ? wbc_attach_and_unlock_inode+0x131/0x670
[  380.124070][ T7288]  filemap_fdatawrite+0x207/0x260
[  380.124366][ T7288]  f2fs_sync_dirty_inodes+0x2aa/0x9d0
[  380.124547][ T7288]  f2fs_write_checkpoint+0x10a3/0x3720
[  380.124781][ T7288]  ? stack_depot_save_flags+0x35/0x790
[  380.124981][ T7288]  kill_f2fs_super+0x320/0x990
[  380.125172][ T7288]  ? __pfx_kill_f2fs_super+0x10/0x10
[  380.125319][ T7288]  deactivate_locked_super+0xcb/0x3c0
[  380.125489][ T7288]  deactivate_super+0x12f/0x140
[  380.125641][ T7288]  cleanup_mnt+0x7eb/0x870
[  380.125782][ T7288]  ? __pfx___cleanup_mnt+0x10/0x10
[  380.125917][ T7288]  __cleanup_mnt+0x22/0x30
[  380.126043][ T7288]  task_work_run+0x208/0x2b0
[  380.126220][ T7288]  exit_to_user_mode_loop+0x2ff/0x1b20
[  380.126403][ T7288]  ? user_path_at+0x241/0x3e0
[  380.126564][ T7288]  ? __x64_sys_umount+0x1dc/0x250
[  380.126742][ T7288]  do_syscall_64+0x1d7/0xf80
[  380.126898][ T7288]  ? clear_bhb_loop+0x40/0x90
[  380.127040][ T7288]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  380.127184][ T7288] RIP: 0033:0x7ff070d9bf17
[  380.127284][ T7288] Code: a2 c7 05 7c 96 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  380.127399][ T7288] RSP: 002b:00007ffdf0637a68 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  380.127524][ T7288] RAX: 0000000000000000 RBX: 00007ff070e0471f RCX: 00007ff070d9bf17
[  380.127612][ T7288] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdf0637b20
[  380.127695][ T7288] RBP: 00007ffdf0637b20 R08: 00007ffdf0638b20 R09: 00000000ffffffff
[  380.127788][ T7288] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffdf0638bb0
[  380.127871][ T7288] R13: 00007ff070e0471f R14: 000000000005cb23 R15: 00007ffdf0638bf0
[  380.127998][ T7288]  </TASK>
[  380.128362][ T7288] F2FS-fs (loop6): Remounting filesystem read-only
[  380.778671][ T5791] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  381.634795][ T8106] loop1: detected capacity change from 0 to 8
[  381.696330][ T8106] unable to read inode lookup table
[  381.802062][ T5438] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  382.012875][ T5438] usb 1-1: Using ep0 maxpacket: 16
[  382.037679][ T5438] usb 1-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  382.049520][ T5438] usb 1-1: config 0 interface 0 has no altsetting 0
[  382.056643][ T5438] usb 1-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  382.066102][ T5438] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  382.219950][ T5438] usb 1-1: config 0 descriptor??
[  382.860770][ T5438] nzxt-smart2 0003:1E71:2009.0006: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.0-1/input0
[  383.203075][ T5438] usb 1-1: USB disconnect, device number 5
[  383.637107][ T8121] fido_id[8121]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory
[  384.220188][ T8136] loop1: detected capacity change from 0 to 256
[  384.327442][ T8136] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  386.074036][ T8159] 9pnet: p9_errstr2errno: server reported unknown error 0x0000
[  386.528874][ T8157] loop1: detected capacity change from 0 to 32768
[  386.538527][ T8157] btrfs: Deprecated parameter 'usebackuproot'
[  386.544967][ T8157] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  386.609974][ T8157] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.605 (8157)
[  387.431187][ T8157] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  387.442185][ T8157] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm
[  387.993933][ T8164] loop6: detected capacity change from 0 to 65536
[  388.101616][ T8164] XFS (loop6): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  388.198530][ T1005] BTRFS warning (device loop1): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  388.212909][ T8157] BTRFS error (device loop1): failed to load root extent
[  388.220212][ T8157] BTRFS warning (device loop1): try to load backup roots slot 1
[  388.297753][ T1005] BTRFS warning (device loop1): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  388.312394][ T8157] BTRFS warning (device loop1): couldn't read tree root
[  388.319775][ T8157] BTRFS warning (device loop1): try to load backup roots slot 2
[  388.360797][ T1005] BTRFS error (device loop1): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  388.372769][ T8157] BTRFS warning (device loop1): couldn't read tree root
[  388.380102][ T8157] BTRFS warning (device loop1): try to load backup roots slot 3
[  388.398238][ T8164] XFS (loop6): Ending clean mount
[  388.407160][ T8164] XFS (loop6): Quotacheck needed: Please wait.
[  388.448440][ T8157] BTRFS info (device loop1): rebuilding free space tree
[  388.487958][ T8157] BTRFS info (device loop1): checking UUID tree
[  388.500936][ T8164] XFS (loop6): Quotacheck: Done.
[  388.514535][ T8157] BTRFS info (device loop1): enabling ssd optimizations
[  388.522254][ T8157] BTRFS info (device loop1): turning off barriers
[  388.529209][ T8157] BTRFS info (device loop1): turning on sync discard
[  388.537283][ T8157] BTRFS info (device loop1): enabling free space tree
[  388.550598][ T8157] BTRFS info (device loop1): force clearing of disk cache
[  388.558353][ T8157] BTRFS info (device loop1): enabling auto defrag
[  388.565244][ T8157] BTRFS info (device loop1): trying to use backup root at mount time
[  388.573898][ T8157] BTRFS info (device loop1): use zstd compression, level 3
[  389.179448][ T5794] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  389.414937][ T7288] XFS (loop6): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  389.917905][ T8206] loop0: detected capacity change from 0 to 32768
[  390.481395][ T8208] loop3: detected capacity change from 0 to 32768
[  390.501167][ T8208] (syz.3.615,8208,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  390.515548][ T8208] (syz.3.615,8208,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  390.554617][ T8208] JBD2: Ignoring recovery information on journal
[  390.635650][ T8208] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  391.278513][ T8216] Bluetooth: hci1: Opcode 0x080f failed: -4
[  391.422760][ T5791] ocfs2: Unmounting device (7,3) on (node local)
[  393.315105][   T51] Bluetooth: hci1: command 0x0406 tx timeout
[  394.589937][ T8253] loop6: detected capacity change from 0 to 2048
[  394.740725][ T8253] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  395.126737][ T8260] sctp: [Deprecated]: syz.1.626 (pid 8260) Use of int in max_burst socket option deprecated.
[  395.126737][ T8260] Use struct sctp_assoc_value instead
[  395.450297][ T7161] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[  395.469288][ T7161] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[  395.483323][ T7161] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[  395.553446][ T7161] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[  395.583388][ T7161] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[  396.570561][ T8268] loop1: detected capacity change from 0 to 32768
[  396.679881][ T8268] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  396.974337][ T8268] XFS (loop1): Ending clean mount
[  397.005648][ T8268] XFS (loop1): Quotacheck needed: Please wait.
[  397.092620][ T8268] XFS (loop1): Quotacheck: Done.
[  397.361156][ T5794] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  397.382782][   T24] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  397.582544][   T24] usb 4-1: Using ep0 maxpacket: 16
[  397.646230][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  397.660155][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  397.670985][   T24] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[  397.683796][ T7161] Bluetooth: hci5: command tx timeout
[  397.684360][   T24] usb 4-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  397.698701][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  398.014079][   T24] usb 4-1: config 0 descriptor??
[  398.073684][ T8265] chnl_net:caif_netlink_parms(): no params data found
[  398.286808][ T8300] loop0: detected capacity change from 0 to 256
[  398.569393][   T24] input: HID 05ac:8241 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:05AC:8241.0007/input/input13
[  398.707647][ T8300] FAT-fs (loop0): Directory bread(block 64) failed
[  398.771746][ T8300] FAT-fs (loop0): Directory bread(block 65) failed
[  398.799772][   T24] appleir 0003:05AC:8241.0007: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.3-1/input0
[  398.847926][ T8300] FAT-fs (loop0): Directory bread(block 66) failed
[  398.920603][ T8300] FAT-fs (loop0): Directory bread(block 67) failed
[  398.951975][   T24] usb 4-1: USB disconnect, device number 4
[  399.015201][ T8300] FAT-fs (loop0): Directory bread(block 68) failed
[  399.076610][ T8300] FAT-fs (loop0): Directory bread(block 69) failed
[  399.115342][ T8300] FAT-fs (loop0): Directory bread(block 70) failed
[  399.156691][ T8300] FAT-fs (loop0): Directory bread(block 71) failed
[  399.199650][ T8300] FAT-fs (loop0): Directory bread(block 72) failed
[  399.245172][ T8300] FAT-fs (loop0): Directory bread(block 73) failed
[  399.481295][ T8307] fido_id[8307]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory
[  399.761756][ T7161] Bluetooth: hci5: command tx timeout
[  400.197932][ T8265] bridge0: port 1(bridge_slave_0) entered blocking state
[  400.212444][ T8265] bridge0: port 1(bridge_slave_0) entered disabled state
[  400.270128][ T8265] bridge_slave_0: entered allmulticast mode
[  400.320442][ T8265] bridge_slave_0: entered promiscuous mode
[  400.389794][ T8265] bridge0: port 2(bridge_slave_1) entered blocking state
[  400.397572][ T8265] bridge0: port 2(bridge_slave_1) entered disabled state
[  400.474447][ T8265] bridge_slave_1: entered allmulticast mode
[  400.489509][ T8265] bridge_slave_1: entered promiscuous mode
[  400.732697][ T8321] loop0: detected capacity change from 0 to 1024
[  400.905435][ T8265] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  400.997326][ T8265] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  401.346708][ T5898] usb 2-1: new full-speed USB device number 7 using dummy_hcd
[  401.388342][ T8265] team0: Port device team_slave_0 added
[  401.439149][ T8265] team0: Port device team_slave_1 added
[  401.573040][ T5898] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  401.583701][ T5898] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  401.675893][ T5898] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  401.685844][ T5898] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  401.694193][ T5898] usb 2-1: Product: syz
[  401.698531][ T5898] usb 2-1: Manufacturer: syz
[  401.703593][ T5898] usb 2-1: SerialNumber: syz
[  401.788237][ T8265] batman_adv: batadv0: Adding interface: batadv_slave_0
[  401.795946][ T8265] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  401.822872][ T8265] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  401.858004][ T8333] netlink: 'syz.6.651': attribute type 11 has an invalid length.
[  401.887374][ T7161] Bluetooth: hci5: command tx timeout
[  401.949580][ T8265] batman_adv: batadv0: Adding interface: batadv_slave_1
[  401.959665][ T8265] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  401.987405][ T8265] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  402.068666][ T5898] usb 2-1: 0:2 : does not exist
[  402.152240][ T5898] usb 2-1: 5:0: failed to get current value for ch 0 (-22)
[  402.171175][ T8335] loop0: detected capacity change from 0 to 512
[  402.247085][ T8335] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  402.275170][ T8335] ext4 filesystem being mounted at /145/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  402.677696][ T5898] usb 2-1: USB disconnect, device number 7
[  402.753451][ T8335] EXT4-fs (loop0): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  403.035593][ T8339] loop3: detected capacity change from 0 to 32768
[  403.143220][ T8265] hsr_slave_0: entered promiscuous mode
[  403.156035][ T8339] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  403.162503][ T8265] hsr_slave_1: entered promiscuous mode
[  403.176087][ T8265] debugfs: 'hsr0' already exists in 'hsr'
[  403.182380][ T8265] Cannot create hsr debugfs directory
[  403.409125][ T8339] XFS (loop3): Ending clean mount
[  403.664511][ T5988] udevd[5988]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  403.692608][ T5791] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  403.921663][ T7161] Bluetooth: hci5: command tx timeout
[  403.973677][ T5898] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  404.172209][ T5898] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  404.183912][ T5898] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  404.194059][ T5898] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  404.211841][ T5898] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  404.221105][ T5898] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  404.255070][ T5898] usb 2-1: config 0 descriptor??
[  404.473513][   T24] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  404.590643][ T5792] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  404.697042][   T24] usb 7-1: Using ep0 maxpacket: 32
[  404.773508][   T24] usb 7-1: config 0 has an invalid interface number: 51 but max is 0
[  404.781925][   T24] usb 7-1: config 0 has no interface number 0
[  404.814673][ T5898] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  404.867268][   T24] usb 7-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  404.876908][   T24] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  404.885451][   T24] usb 7-1: Product: syz
[  404.889790][   T24] usb 7-1: Manufacturer: syz
[  404.894674][   T24] usb 7-1: SerialNumber: syz
[  404.998389][   T24] usb 7-1: config 0 descriptor??
[  405.106074][ T8265] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  405.108587][   T24] quatech2 7-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  405.264668][ T8265] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  405.385532][   T24] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  405.398139][ T5898] usb 2-1: USB disconnect, device number 8
[  405.415151][ T8265] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  405.521678][   T24] usb 7-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  405.531559][    C1] quatech-serial ttyUSB0: qt2_process_read_urb - unsupported command 6
[  405.579061][ T8265] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  405.756673][    C1] usb 7-1: qt2_read_bulk_callback - non-zero urb status: -71
[  405.758174][ T5898] usb 7-1: USB disconnect, device number 3
[  405.774194][ T7161] Bluetooth: hci0: command 0x0406 tx timeout
[  405.878025][ T5898] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  405.892527][ T8362] fido_id[8362]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  405.993850][ T5898] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  406.024462][ T8367] loop0: detected capacity change from 0 to 1024
[  406.085000][ T8367] EXT4-fs: Ignoring removed bh option
[  406.096641][ T5898] quatech2 7-1:0.51: device disconnected
[  406.179883][ T8367] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  406.845291][ T5792] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  407.079703][ T8265] 8021q: adding VLAN 0 to HW filter on device bond0
[  407.310484][ T8265] 8021q: adding VLAN 0 to HW filter on device team0
[  407.417874][  T188] bridge0: port 1(bridge_slave_0) entered blocking state
[  407.422833][ T8383] loop6: detected capacity change from 0 to 1024
[  407.425537][  T188] bridge0: port 1(bridge_slave_0) entered forwarding state
[  407.535489][ T8383] hfsplus: invalid btree flag
[  407.540934][ T8383] hfsplus: failed to load catalog file
[  407.563986][ T1005] bridge0: port 2(bridge_slave_1) entered blocking state
[  407.571742][ T1005] bridge0: port 2(bridge_slave_1) entered forwarding state
[  408.844340][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  408.850996][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  409.282260][   T51] Bluetooth: hci4: command 0x0401 tx timeout
[  409.288608][ T8378] Bluetooth: hci4: Opcode 0x0401 failed: -110
[  409.697298][ T8265] 8021q: adding VLAN 0 to HW filter on device batadv0
[  409.746450][ T8410] fuse: root generation should be zero
[  411.039200][ T8429] loop3: detected capacity change from 0 to 2048
[  411.342668][ T8424] loop6: detected capacity change from 0 to 40427
[  411.399454][ T8424] F2FS-fs (loop6): build fault injection rate: 14
[  411.406211][ T8424] F2FS-fs (loop6): build fault injection type: 0x3bfe8c
[  411.450367][ T8424] F2FS-fs (loop6): invalid crc value
[  411.494981][    C0] F2FS-fs (loop6): inject read IO error in f2fs_read_end_io of bio_endio+0xf92/0x10e0
[  411.529920][    C0] F2FS-fs (loop6): inject read IO error in f2fs_read_end_io of bio_endio+0xf92/0x10e0
[  411.571142][ T8429] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  411.795139][ T8424] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  411.804460][ T8424] F2FS-fs (loop6): inject page alloc in f2fs_grab_cache_folio of f2fs_get_tmp_folio+0x38/0x50
[  411.852994][ T8424] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  411.971171][ T8424] F2FS-fs (loop6): inject no more block in inc_valid_node_count of f2fs_new_node_folio+0x66f/0x19b0
[  411.995147][ T8424] F2FS-fs (loop6): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x702/0x19b0
[  412.056915][ T8434] loop0: detected capacity change from 0 to 2048
[  412.136502][ T8434] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  412.268849][ T7288] F2FS-fs (loop6): inject inconsistent footer in sanity_check_node_footer of f2fs_get_dnode_of_data+0x1102/0x2ff0
[  412.281587][ T7288] F2FS-fs (loop6): inconsistent node block, node_type:3, nid:13, node_footer[nid:13,ino:3,ofs:2041,cpver:0,blkaddr:0]
[  412.302935][ T8434] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  412.539615][    C0] F2FS-fs (loop6): inject write IO error in f2fs_write_end_io of bio_endio+0xf92/0x10e0
[  412.549987][    C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Tainted: G             L      syzkaller #0 PREEMPT(voluntary) 
[  412.550154][    C0] Tainted: [L]=SOFTLOCKUP
[  412.550205][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  412.550280][    C0] Call Trace:
[  412.550326][    C0]  <TASK>
[  412.550372][    C0]  __dump_stack+0x26/0x30
[  412.550531][    C0]  dump_stack_lvl+0x14c/0x1c0
[  412.550693][    C0]  dump_stack+0x1e/0x25
[  412.550833][    C0]  f2fs_handle_critical_error+0xa6f/0xc20
[  412.551054][    C0]  f2fs_stop_checkpoint+0x65/0x80
[  412.551186][    C0]  f2fs_write_end_io+0x101c/0x1bb0
[  412.551362][    C0]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  412.551497][    C0]  bio_endio+0xf92/0x10e0
[  412.551638][    C0]  blk_update_request+0xf4c/0x1a90
[  412.551813][    C0]  blk_mq_end_request+0x50/0xb0
[  412.551945][    C0]  lo_complete_rq+0x188/0x3a0
[  412.552109][    C0]  ? __pfx_lo_complete_rq+0x10/0x10
[  412.552265][    C0]  blk_done_softirq+0x112/0x1f0
[  412.552437][    C0]  ? __pfx_blk_done_softirq+0x10/0x10
[  412.552603][    C0]  handle_softirqs+0x168/0x6e0
[  412.552778][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[  412.552937][    C0]  run_ksoftirqd+0x29/0x50
[  412.553094][    C0]  smpboot_thread_fn+0x56b/0xa10
[  412.553266][    C0]  kthread+0xd5a/0xf00
[  412.553427][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  412.553596][    C0]  ? __pfx_kthread+0x10/0x10
[  412.553743][    C0]  ret_from_fork+0x207/0x6f0
[  412.553859][    C0]  ? __switch_to+0x521/0x750
[  412.554006][    C0]  ? __pfx_kthread+0x10/0x10
[  412.554148][    C0]  ret_from_fork_asm+0x1a/0x30
[  412.554334][    C0]  </TASK>
[  412.615519][ T8434] UDF-fs: warning (device loop0): udf_truncate_tail_extent: Too long extent after EOF in inode 1346: i_size: 17247268864 lbcount: 17247270400 extent 55+4608
[  412.615920][    C0] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  412.681858][ T8434] UDF-fs: error (device loop0): udf_truncate_tail_extent: Extent after EOF in inode 1346
[  412.685803][    C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Tainted: G             L      syzkaller #0 PREEMPT(voluntary) 
[  412.685967][    C0] Tainted: [L]=SOFTLOCKUP
[  412.686015][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  412.686094][    C0] Call Trace:
[  412.686141][    C0]  <TASK>
[  412.686191][    C0]  __dump_stack+0x26/0x30
[  412.686347][    C0]  dump_stack_lvl+0x14c/0x1c0
[  412.686506][    C0]  dump_stack+0x1e/0x25
[  412.686652][    C0]  f2fs_handle_critical_error+0xa6f/0xc20
[  412.686883][    C0]  f2fs_stop_checkpoint+0x65/0x80
[  412.687018][    C0]  f2fs_write_end_io+0x101c/0x1bb0
[  412.687195][    C0]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  412.687331][    C0]  bio_endio+0xf92/0x10e0
[  412.687485][    C0]  blk_update_request+0xf4c/0x1a90
[  412.687673][    C0]  blk_mq_end_request+0x50/0xb0
[  412.687812][    C0]  lo_complete_rq+0x188/0x3a0
[  412.687980][    C0]  ? __pfx_lo_complete_rq+0x10/0x10
[  412.688148][    C0]  blk_done_softirq+0x112/0x1f0
[  412.688326][    C0]  ? __pfx_blk_done_softirq+0x10/0x10
[  412.688497][    C0]  handle_softirqs+0x168/0x6e0
[  412.688674][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[  412.688834][    C0]  run_ksoftirqd+0x29/0x50
[  412.688987][    C0]  smpboot_thread_fn+0x56b/0xa10
[  412.689156][    C0]  kthread+0xd5a/0xf00
[  412.689298][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  412.689466][    C0]  ? __pfx_kthread+0x10/0x10
[  412.689610][    C0]  ret_from_fork+0x207/0x6f0
[  412.689739][    C0]  ? __switch_to+0x521/0x750
[  412.689900][    C0]  ? __pfx_kthread+0x10/0x10
[  412.690046][    C0]  ret_from_fork_asm+0x1a/0x30
[  412.690244][    C0]  </TASK>
[  412.690292][    C0] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  412.690443][    C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Tainted: G             L      syzkaller #0 PREEMPT(voluntary) 
[  412.690605][    C0] Tainted: [L]=SOFTLOCKUP
[  412.690659][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  412.690735][    C0] Call Trace:
[  412.690783][    C0]  <TASK>
[  412.690829][    C0]  __dump_stack+0x26/0x30
[  412.690973][    C0]  dump_stack_lvl+0x14c/0x1c0
[  412.691131][    C0]  dump_stack+0x1e/0x25
[  412.691270][    C0]  f2fs_handle_critical_error+0xa6f/0xc20
[  412.691497][    C0]  f2fs_stop_checkpoint+0x65/0x80
[  412.691632][    C0]  f2fs_write_end_io+0x101c/0x1bb0
[  412.691817][    C0]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  412.691950][    C0]  bio_endio+0xf92/0x10e0
[  412.692102][    C0]  blk_update_request+0xf4c/0x1a90
[  412.692282][    C0]  blk_mq_end_request+0x50/0xb0
[  412.692420][    C0]  lo_complete_rq+0x188/0x3a0
[  412.692564][    C0]  ? __pfx_lo_complete_rq+0x10/0x10
[  412.692739][    C0]  blk_done_softirq+0x112/0x1f0
[  412.692916][    C0]  ? __pfx_blk_done_softirq+0x10/0x10
[  412.693090][    C0]  handle_softirqs+0x168/0x6e0
[  412.693260][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[  412.693436][    C0]  run_ksoftirqd+0x29/0x50
[  412.693588][    C0]  smpboot_thread_fn+0x56b/0xa10
[  412.693761][    C0]  kthread+0xd5a/0xf00
[  412.693902][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  412.694084][    C0]  ? __pfx_kthread+0x10/0x10
[  412.694230][    C0]  ret_from_fork+0x207/0x6f0
[  412.694351][    C0]  ? __switch_to+0x521/0x750
[  412.694509][    C0]  ? __pfx_kthread+0x10/0x10
[  412.694657][    C0]  ret_from_fork_asm+0x1a/0x30
[  412.694847][    C0]  </TASK>
[  412.695080][    C0] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  412.695229][    C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Tainted: G             L      syzkaller #0 PREEMPT(voluntary) 
[  412.695387][    C0] Tainted: [L]=SOFTLOCKUP
[  412.695437][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  412.695515][    C0] Call Trace:
[  412.695561][    C0]  <TASK>
[  412.695609][    C0]  __dump_stack+0x26/0x30
[  412.695762][    C0]  dump_stack_lvl+0x14c/0x1c0
[  412.695922][    C0]  dump_stack+0x1e/0x25
[  412.696062][    C0]  f2fs_handle_critical_error+0xa6f/0xc20
[  412.696287][    C0]  f2fs_stop_checkpoint+0x65/0x80
[  412.696419][    C0]  f2fs_write_end_io+0x101c/0x1bb0
[  412.696599][    C0]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  412.696740][    C0]  bio_endio+0xf92/0x10e0
[  412.696890][    C0]  blk_update_request+0xf4c/0x1a90
[  412.697070][    C0]  blk_mq_end_request+0x50/0xb0
[  412.697208][    C0]  lo_complete_rq+0x188/0x3a0
[  412.697377][    C0]  ? __pfx_lo_complete_rq+0x10/0x10
[  412.697544][    C0]  blk_done_softirq+0x112/0x1f0
[  412.697731][    C0]  ? __pfx_blk_done_softirq+0x10/0x10
[  412.697907][    C0]  handle_softirqs+0x168/0x6e0
[  412.698080][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[  412.698240][    C0]  run_ksoftirqd+0x29/0x50
[  412.698392][    C0]  smpboot_thread_fn+0x56b/0xa10
[  412.698556][    C0]  kthread+0xd5a/0xf00
[  412.698704][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  412.698869][    C0]  ? __pfx_kthread+0x10/0x10
[  412.699014][    C0]  ret_from_fork+0x207/0x6f0
[  412.699137][    C0]  ? __switch_to+0x521/0x750
[  412.699293][    C0]  ? __pfx_kthread+0x10/0x10
[  412.699442][    C0]  ret_from_fork_asm+0x1a/0x30
[  412.699643][    C0]  </TASK>
[  412.699694][    C0] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  413.244134][    C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Tainted: G             L      syzkaller #0 PREEMPT(voluntary) 
[  413.244302][    C0] Tainted: [L]=SOFTLOCKUP
[  413.244353][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  413.244429][    C0] Call Trace:
[  413.244479][    C0]  <TASK>
[  413.244522][    C0]  __dump_stack+0x26/0x30
[  413.244672][    C0]  dump_stack_lvl+0x14c/0x1c0
[  413.244825][    C0]  dump_stack+0x1e/0x25
[  413.244963][    C0]  f2fs_handle_critical_error+0xa6f/0xc20
[  413.245182][    C0]  f2fs_stop_checkpoint+0x65/0x80
[  413.245316][    C0]  f2fs_write_end_io+0x101c/0x1bb0
[  413.245498][    C0]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  413.245631][    C0]  bio_endio+0xf92/0x10e0
[  413.245783][    C0]  blk_update_request+0xf4c/0x1a90
[  413.245961][    C0]  blk_mq_end_request+0x50/0xb0
[  413.246081][    C0]  lo_complete_rq+0x188/0x3a0
[  413.246218][    C0]  ? __pfx_lo_complete_rq+0x10/0x10
[  413.246372][    C0]  blk_done_softirq+0x112/0x1f0
[  413.246540][    C0]  ? __pfx_blk_done_softirq+0x10/0x10
[  413.246707][    C0]  handle_softirqs+0x168/0x6e0
[  413.246875][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[  413.247034][    C0]  run_ksoftirqd+0x29/0x50
[  413.247181][    C0]  smpboot_thread_fn+0x56b/0xa10
[  413.247339][    C0]  kthread+0xd5a/0xf00
[  413.247475][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  413.247639][    C0]  ? __pfx_kthread+0x10/0x10
[  413.247783][    C0]  ret_from_fork+0x207/0x6f0
[  413.247901][    C0]  ? __switch_to+0x521/0x750
[  413.248051][    C0]  ? __pfx_kthread+0x10/0x10
[  413.248201][    C0]  ret_from_fork_asm+0x1a/0x30
[  413.248407][    C0]  </TASK>
[  413.248457][    C0] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  413.456594][ T7288] F2FS-fs (loop6): do_checkpoint failed err:-5, stop checkpoint
[  413.839338][ T8265] veth0_vlan: entered promiscuous mode
[  414.022496][ T8265] veth1_vlan: entered promiscuous mode
[  414.373937][ T8265] veth0_macvtap: entered promiscuous mode
[  414.430622][ T8265] veth1_macvtap: entered promiscuous mode
[  414.778440][ T8265] batman_adv: batadv0: Interface activated: batadv_slave_0
[  414.884557][ T8456] loop0: detected capacity change from 0 to 4096
[  415.016473][ T8265] batman_adv: batadv0: Interface activated: batadv_slave_1
[  415.425547][   T55] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  415.545818][   T55] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  415.668628][   T55] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  415.680843][ T8460] loop3: detected capacity change from 0 to 40427
[  415.701786][ T8460] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x1f52010)
[  415.710265][ T8460] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[  415.718907][ T8460] F2FS-fs (loop3): Image doesn't support compression
[  415.727438][ T8460] F2FS-fs (loop3): build fault injection type: 0x4
[  415.751399][ T8460] F2FS-fs (loop3): invalid crc value
[  415.906380][ T6393] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  416.037187][ T8460] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  416.058693][ T8460] F2FS-fs (loop3): Start checkpoint disabled!
[  416.076571][ T8460] F2FS-fs (loop3): f2fs_disable_checkpoint() finish, err:0
[  416.112183][ T8460] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[  416.119506][ T8460] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  416.390922][ T2107] kworker/u8:9: attempt to access beyond end of device
[  416.390922][ T2107] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  416.408267][ T2107] CPU: 1 UID: 0 PID: 2107 Comm: kworker/u8:9 Tainted: G             L      syzkaller #0 PREEMPT(voluntary) 
[  416.408436][ T2107] Tainted: [L]=SOFTLOCKUP
[  416.408485][ T2107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  416.408581][ T2107] Workqueue: writeback wb_workfn (flush-7:3)
[  416.408747][ T2107] Call Trace:
[  416.408793][ T2107]  <TASK>
[  416.408838][ T2107]  __dump_stack+0x26/0x30
[  416.408988][ T2107]  dump_stack_lvl+0x14c/0x1c0
[  416.409144][ T2107]  dump_stack+0x1e/0x25
[  416.409277][ T2107]  f2fs_handle_critical_error+0xa6f/0xc20
[  416.409524][ T2107]  f2fs_stop_checkpoint+0x65/0x80
[  416.409657][ T2107]  f2fs_write_end_io+0x101c/0x1bb0
[  416.409834][ T2107]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  416.409967][ T2107]  bio_endio+0xf92/0x10e0
[  416.410111][ T2107]  submit_bio_noacct+0x200a/0x2930
[  416.410305][ T2107]  submit_bio+0x57a/0x620
[  416.410475][ T2107]  f2fs_submit_write_bio+0x92/0x250
[  416.410659][ T2107]  __submit_merged_bio+0x16f/0x6a0
[  416.410830][ T2107]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  416.411023][ T2107]  __submit_merged_write_cond+0x44a/0x990
[  416.411212][ T2107]  f2fs_write_data_pages+0x4d18/0x57a0
[  416.411472][ T2107]  ? trace_user_fault_read+0x680/0x7a0
[  416.411606][ T2107]  ? kmsan_get_metadata+0xf1/0x160
[  416.411782][ T2107]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  416.411977][ T2107]  ? kmsan_get_metadata+0xf1/0x160
[  416.412155][ T2107]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  416.412338][ T2107]  ? update_misfit_status+0x32/0xa90
[  416.412509][ T2107]  ? kmsan_get_metadata+0xf1/0x160
[  416.412685][ T2107]  ? kmsan_get_metadata+0xf1/0x160
[  416.412863][ T2107]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  416.413046][ T2107]  ? kmsan_get_metadata+0xf1/0x160
[  416.413246][ T2107]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  416.413426][ T2107]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  416.413567][ T2107]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  416.413697][ T2107]  do_writepages+0x3f2/0x860
[  416.413831][ T2107]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  416.414023][ T2107]  ? kmsan_get_metadata+0xf1/0x160
[  416.414197][ T2107]  ? kmsan_get_metadata+0xf1/0x160
[  416.414399][ T2107]  __writeback_single_inode+0x101/0x1180
[  416.414572][ T2107]  ? kmsan_get_metadata+0xf1/0x160
[  416.414762][ T2107]  writeback_sb_inodes+0xb2d/0x1f10
[  416.415013][ T2107]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  416.415222][ T2107]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  416.415416][ T2107]  wb_writeback+0x4d0/0xc00
[  416.415590][ T2107]  ? queue_io+0x471/0x790
[  416.415762][ T2107]  wb_workfn+0x397/0x1910
[  416.415899][ T2107]  ? kmsan_get_metadata+0xf1/0x160
[  416.416106][ T2107]  ? __pfx_wb_workfn+0x10/0x10
[  416.416234][ T2107]  process_scheduled_works+0xb03/0x1da0
[  416.416448][ T2107]  worker_thread+0xede/0x1590
[  416.416617][ T2107]  kthread+0xd5a/0xf00
[  416.416753][ T2107]  ? __pfx_worker_thread+0x10/0x10
[  416.416895][ T2107]  ? __pfx_kthread+0x10/0x10
[  416.417038][ T2107]  ret_from_fork+0x207/0x6f0
[  416.417156][ T2107]  ? __switch_to+0x521/0x750
[  416.417310][ T2107]  ? __pfx_kthread+0x10/0x10
[  416.417466][ T2107]  ret_from_fork_asm+0x1a/0x30
[  416.417658][ T2107]  </TASK>
[  416.726267][ T2107] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  416.924570][   T30] audit: type=1800 audit(1769099633.562:23): pid=8466 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.690" name="file1" dev="loop0" ino=33 res=0 errno=0
[  417.982782][ T8470] loop1: detected capacity change from 0 to 32768
[  417.997868][ T8470] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.695 (8470)
[  418.028484][ T8470] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  418.042242][ T8470] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm
[  418.052115][ T8470] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  418.311795][   T31] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  418.432687][ T8470] BTRFS info (device loop1): rebuilding free space tree
[  418.466427][ T8470] BTRFS info (device loop1): disabling free space tree
[  418.473770][ T8470] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  418.483839][ T8470] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  418.511701][   T31] usb 7-1: Using ep0 maxpacket: 32
[  418.558887][ T8470] BTRFS info (device loop1): enabling ssd optimizations
[  418.566248][ T8470] BTRFS info (device loop1): turning off barriers
[  418.574011][ T8470] BTRFS info (device loop1): enabling disk space caching
[  418.581319][ T8470] BTRFS info (device loop1): force clearing of disk cache
[  418.588757][ T8470] BTRFS info (device loop1): force lzo compression, level 1
[  418.596422][ T8470] BTRFS info (device loop1): max_inline set to 0
[  418.682026][   T31] usb 7-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  418.692056][   T31] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  418.770097][ T8470] btrfs: Unknown parameter '˙˙˙˙˙˙˙˙˙˙˙˙˙˙0xffffffffffffffff˙˙˙˙˙˙˙˙0x0000000000000000˙˙˙˙'
[  418.807381][   T31] usb 7-1: config 0 descriptor??
[  418.944490][   T31] gspca_main: sunplus-2.14.0 probing 041e:400b
[  419.200322][ T8491] loop0: detected capacity change from 0 to 32768
[  419.228254][ T8491] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.697 (8491)
[  419.255609][ T8491] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  419.271950][ T8491] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[  419.522857][ T5794] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  419.553199][ T8491] BTRFS info (device loop0): enabling ssd optimizations
[  419.560354][ T8491] BTRFS info (device loop0): turning on async discard
[  419.572057][ T8491] BTRFS info (device loop0): enabling free space tree
[  420.062045][   T31] gspca_sunplus: reg_w_riv err -71
[  420.067622][   T31] sunplus 7-1:0.0: probe with driver sunplus failed with error -71
[  420.179069][   T31] usb 7-1: USB disconnect, device number 4
[  420.442364][ T5792] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  422.835504][ T8535] netlink: 'syz.6.705': attribute type 2 has an invalid length.
[  423.113586][   T30] audit: type=1326 audit(1769099639.762:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8537 comm="syz.1.706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c9b19acb9 code=0x7ffc0000
[  423.266082][   T30] audit: type=1326 audit(1769099639.792:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8537 comm="syz.1.706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0c9b19acb9 code=0x7ffc0000
[  423.289121][   T30] audit: type=1326 audit(1769099639.792:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8537 comm="syz.1.706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c9b19acb9 code=0x7ffc0000
[  423.303963][ T8538] loop1: detected capacity change from 0 to 512
[  423.312060][   T30] audit: type=1326 audit(1769099639.802:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8537 comm="syz.1.706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c9b19acb9 code=0x7ffc0000
[  423.340823][   T30] audit: type=1326 audit(1769099639.812:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8537 comm="syz.1.706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0c9b19acb9 code=0x7ffc0000
[  423.365645][   T30] audit: type=1326 audit(1769099639.852:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8537 comm="syz.1.706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0c9b19acb9 code=0x7ffc0000
[  423.388975][   T30] audit: type=1326 audit(1769099639.862:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8537 comm="syz.1.706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f0c9b19acb9 code=0x7ffc0000
[  423.411846][   T30] audit: type=1326 audit(1769099639.862:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8537 comm="syz.1.706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f0c9b19aa22 code=0x7ffc0000
[  423.434361][   T30] audit: type=1326 audit(1769099639.862:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8537 comm="syz.1.706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f0c9b15b58e code=0x7ffc0000
[  423.460826][   T30] audit: type=1326 audit(1769099639.892:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8537 comm="syz.1.706" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f0c9b19aae7 code=0x7ffc0000
[  423.511086][ T8538] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  423.775485][ T8538] EXT4-fs (loop1): 1 truncate cleaned up
[  423.804567][ T8538] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  424.415671][ T8546] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  424.432663][ T8551] netlink: 12 bytes leftover after parsing attributes in process `syz.3.710'.
[  424.490197][ T8553] netlink: 20 bytes leftover after parsing attributes in process `syz.3.710'.
[  424.628730][ T5794] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  425.501142][ T8555] loop0: detected capacity change from 0 to 32768
[  425.515272][ T8555] btrfs: Deprecated parameter 'usebackuproot'
[  425.521778][ T8555] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  425.577528][ T8555] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.711 (8555)
[  425.582487][ T5998] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  425.598727][ T5998] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  425.619224][ T8555] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  425.629801][ T8555] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[  425.870686][ T8555] BTRFS info (device loop0): rebuilding free space tree
[  425.897296][ T8555] BTRFS info (device loop0): enabling ssd optimizations
[  425.904638][ T8555] BTRFS info (device loop0): turning on async discard
[  425.911787][ T8555] BTRFS info (device loop0): enabling free space tree
[  425.922529][ T8555] BTRFS info (device loop0): force clearing of disk cache
[  425.929836][ T8555] BTRFS info (device loop0): trying to use backup root at mount time
[  426.133500][   T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  426.141719][   T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  426.453975][ T5792] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  426.547024][ T8579] netlink: 20 bytes leftover after parsing attributes in process `syz.6.715'.
[  426.596004][ T8579] netlink: 20 bytes leftover after parsing attributes in process `syz.6.715'.
[  426.903075][ T8582] loop1: detected capacity change from 0 to 1024
[  426.970557][ T8582] EXT4-fs: inline encryption not supported
[  427.034025][ T8582] EXT4-fs: Ignoring removed nobh option
[  427.039889][ T8582] EXT4-fs: Ignoring removed bh option
[  427.337542][ T8582] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  427.644771][ T8582] EXT4-fs error (device loop1): ext4_mb_mark_diskspace_used:4215: comm syz.1.717: Allocating blocks 449-513 which overlap fs metadata
[  427.782061][ T8582] EXT4-fs (loop1): pa ffff8881211972a0: logic 256, phys. 385, len 8
[  427.799178][ T8582] EXT4-fs error (device loop1): ext4_mb_release_inode_pa:5466: group 0, free 0, pa_free 4
[  428.108415][ T5794] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  429.007854][ T8610] Invalid ELF header magic: != ELF
[  429.121990][ T5955] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  429.149362][ T8616] loop1: detected capacity change from 0 to 128
[  429.262652][ T8616] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  429.326049][ T5955] usb 8-1: Using ep0 maxpacket: 32
[  429.344803][ T5955] usb 8-1: config 4 has an invalid interface number: 8 but max is 0
[  429.353263][ T5955] usb 8-1: config 4 has no interface number 0
[  429.373259][ T5955] usb 8-1: config 4 interface 8 has no altsetting 0
[  429.388605][ T5955] usb 8-1: New USB device found, idVendor=065a, idProduct=0009, bcdDevice=60.65
[  429.401163][ T5955] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  429.411181][ T5955] usb 8-1: Product: syz
[  429.415662][ T5955] usb 8-1: Manufacturer: syz
[  429.420438][ T5955] usb 8-1: SerialNumber: syz
[  429.432012][ T8616] ext4 filesystem being mounted at /175/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  429.826155][ T5955] opticon 8-1:4.8: opticon converter detected
[  429.898739][ T5955] usb 8-1: opticon converter now attached to ttyUSB0
[  429.968005][ T5955] usb 8-1: USB disconnect, device number 2
[  430.028018][ T5955] opticon ttyUSB0: opticon converter now disconnected from ttyUSB0
[  430.107415][ T5955] opticon 8-1:4.8: device disconnected
[  430.168681][ T5794] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  430.769839][ T8632] vcan0: tx drop: invalid sa for name 0x0000000000000001
[  431.464456][ T8645] netlink: 'syz.0.741': attribute type 7 has an invalid length.
[  431.502778][ T8645] netlink: 'syz.0.741': attribute type 7 has an invalid length.
[  431.822215][ T6914] jfs_flush_journal: synclist not empty
[  431.828093][ T6914] =====================================================
[  431.835495][ T6914] BUG: KMSAN: uninit-value in hex_dump_to_buffer+0xeeb/0xf20
[  431.843147][ T6914]  hex_dump_to_buffer+0xeeb/0xf20
[  431.848317][ T6914]  print_hex_dump+0x10d/0x330
[  431.853286][ T6914]  jfs_flush_journal+0x13e9/0x1670
[  431.861258][ T6914]  jfs_umount+0x1e3/0x720
[  431.867364][ T6914]  jfs_put_super+0x112/0x3d0
[  431.872283][ T6914]  generic_shutdown_super+0x1b0/0x4b0
[  431.878295][ T6914]  kill_block_super+0x42/0xd0
[  431.883299][ T6914]  deactivate_locked_super+0xcb/0x3c0
[  431.888850][ T6914]  deactivate_super+0x12f/0x140
[  431.894677][ T6914]  cleanup_mnt+0x7eb/0x870
[  431.899250][ T6914]  __cleanup_mnt+0x22/0x30
[  431.903914][ T6914]  task_work_run+0x208/0x2b0
[  431.908678][ T6914]  exit_to_user_mode_loop+0x2ff/0x1b20
[  431.914591][ T6914]  do_syscall_64+0x1d7/0xf80
[  431.919442][ T6914]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  431.927409][ T6914] 
[  431.929815][ T6914] Uninit was stored to memory at:
[  431.935443][ T6914]  hex_dump_to_buffer+0xee4/0xf20
[  431.940611][ T6914]  print_hex_dump+0x10d/0x330
[  431.945604][ T6914]  jfs_flush_journal+0x13e9/0x1670
[  431.950888][ T6914]  jfs_umount+0x1e3/0x720
[  431.955649][ T6914]  jfs_put_super+0x112/0x3d0
[  431.963742][ T6914]  generic_shutdown_super+0x1b0/0x4b0
[  431.969292][ T6914]  kill_block_super+0x42/0xd0
[  431.975272][ T6914]  deactivate_locked_super+0xcb/0x3c0
[  431.980805][ T6914]  deactivate_super+0x12f/0x140
[  431.985921][ T6914]  cleanup_mnt+0x7eb/0x870
[  431.990479][ T6914]  __cleanup_mnt+0x22/0x30
[  431.995140][ T6914]  task_work_run+0x208/0x2b0
[  431.999900][ T6914]  exit_to_user_mode_loop+0x2ff/0x1b20
[  432.005701][ T6914]  do_syscall_64+0x1d7/0xf80
[  432.010458][ T6914]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  432.016774][ T6914] 
[  432.019162][ T6914] Uninit was created at:
[  432.023746][ T6914]  kmem_cache_alloc_noprof+0x967/0x1730
[  432.029480][ T6914]  mempool_alloc_slab+0x36/0x50
[  432.034621][ T6914]  mempool_alloc_noprof+0x19d/0x3c0
[  432.039964][ T6914]  __get_metapage+0xa20/0x1790
[  432.044972][ T6914]  diWrite+0x58f/0x2190
[  432.049360][ T6914]  txCommit+0xca7/0x92e0
[  432.053897][ T6914]  jfs_mknod+0xf69/0x1190
[  432.058356][ T6914]  vfs_mknod+0x903/0x9b0
[  432.066439][ T6914]  do_mknodat+0x637/0xe90
[  432.070922][ T6914]  __x64_sys_mknod+0xc3/0x140
[  432.077356][ T6914]  x64_sys_call+0x2ef3/0x3e70
[  432.082353][ T6914]  do_syscall_64+0xc9/0xf80
[  432.087017][ T6914]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  432.093211][ T6914] 
[  432.095639][ T6914] CPU: 1 UID: 0 PID: 6914 Comm: syz-executor Tainted: G             L      syzkaller #0 PREEMPT(voluntary) 
[  432.107795][ T6914] Tainted: [L]=SOFTLOCKUP
[  432.112353][ T6914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  432.122799][ T6914] =====================================================
[  432.129818][ T6914] Disabling lock debugging due to kernel taint
[  432.136328][ T6914] Kernel panic - not syncing: kmsan.panic set ...
[  432.142863][ T6914] CPU: 1 UID: 0 PID: 6914 Comm: syz-executor Tainted: G    B        L      syzkaller #0 PREEMPT(voluntary) 
[  432.154510][ T6914] Tainted: [B]=BAD_PAGE, [L]=SOFTLOCKUP
[  432.160155][ T6914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  432.170328][ T6914] Call Trace:
[  432.173699][ T6914]  <TASK>
[  432.176717][ T6914]  __dump_stack+0x26/0x30
[  432.181233][ T6914]  dump_stack_lvl+0x50/0x1c0
[  432.185994][ T6914]  ? dump_stack+0x12/0x25
[  432.190512][ T6914]  dump_stack+0x1e/0x25
[  432.194853][ T6914]  vpanic+0x435/0xd40
[  432.199042][ T6914]  panic+0x15d/0x160
[  432.203181][ T6914]  kmsan_report+0x31a/0x320
[  432.207874][ T6914]  ? panic_on_this_cpu+0x5b/0x90
[  432.212934][ T6914]  ? __msan_warning+0x1b/0x30
[  432.217765][ T6914]  ? hex_dump_to_buffer+0xeeb/0xf20
[  432.223087][ T6914]  ? print_hex_dump+0x10d/0x330
[  432.228056][ T6914]  ? jfs_flush_journal+0x13e9/0x1670
[  432.233480][ T6914]  ? jfs_umount+0x1e3/0x720
[  432.238128][ T6914]  ? jfs_put_super+0x112/0x3d0
[  432.243051][ T6914]  ? generic_shutdown_super+0x1b0/0x4b0
[  432.249093][ T6914]  ? kill_block_super+0x42/0xd0
[  432.254100][ T6914]  ? deactivate_locked_super+0xcb/0x3c0
[  432.259795][ T6914]  ? deactivate_super+0x12f/0x140
[  432.264959][ T6914]  ? cleanup_mnt+0x7eb/0x870
[  432.269679][ T6914]  ? __cleanup_mnt+0x22/0x30
[  432.274406][ T6914]  ? task_work_run+0x208/0x2b0
[  432.279326][ T6914]  ? exit_to_user_mode_loop+0x2ff/0x1b20
[  432.285169][ T6914]  ? do_syscall_64+0x1d7/0xf80
[  432.290124][ T6914]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  432.296354][ T6914]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  432.302593][ T6914]  ? kmsan_get_metadata+0xf1/0x160
[  432.307894][ T6914]  ? kmsan_get_metadata+0xf1/0x160
[  432.313192][ T6914]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  432.319197][ T6914]  ? kmsan_get_metadata+0xf1/0x160
[  432.324485][ T6914]  ? kmsan_internal_set_shadow_origin+0x7a/0x110
[  432.330997][ T6914]  ? kmsan_internal_unpoison_memory+0x14/0x20
[  432.337240][ T6914]  ? kmsan_get_metadata+0xf1/0x160
[  432.342542][ T6914]  __msan_warning+0x1b/0x30
[  432.347213][ T6914]  hex_dump_to_buffer+0xeeb/0xf20
[  432.352418][ T6914]  ? print_hex_dump+0x5e/0x330
[  432.357314][ T6914]  print_hex_dump+0x10d/0x330
[  432.362234][ T6914]  ? kmsan_get_metadata+0xf1/0x160
[  432.367617][ T6914]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  432.373624][ T6914]  jfs_flush_journal+0x13e9/0x1670
[  432.378904][ T6914]  ? kmsan_get_metadata+0xf1/0x160
[  432.384228][ T6914]  jfs_umount+0x1e3/0x720
[  432.388723][ T6914]  jfs_put_super+0x112/0x3d0
[  432.393474][ T6914]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  432.399487][ T6914]  ? __pfx_jfs_put_super+0x10/0x10
[  432.404857][ T6914]  generic_shutdown_super+0x1b0/0x4b0
[  432.410445][ T6914]  kill_block_super+0x42/0xd0
[  432.415308][ T6914]  ? __pfx_kill_block_super+0x10/0x10
[  432.420850][ T6914]  deactivate_locked_super+0xcb/0x3c0
[  432.426419][ T6914]  deactivate_super+0x12f/0x140
[  432.431430][ T6914]  cleanup_mnt+0x7eb/0x870
[  432.436001][ T6914]  ? __pfx___cleanup_mnt+0x10/0x10
[  432.441261][ T6914]  __cleanup_mnt+0x22/0x30
[  432.445808][ T6914]  task_work_run+0x208/0x2b0
[  432.450573][ T6914]  exit_to_user_mode_loop+0x2ff/0x1b20
[  432.456225][ T6914]  ? user_path_at+0x241/0x3e0
[  432.461061][ T6914]  ? __x64_sys_umount+0x1dc/0x250
[  432.466262][ T6914]  do_syscall_64+0x1d7/0xf80
[  432.471099][ T6914]  ? clear_bhb_loop+0x40/0x90
[  432.475931][ T6914]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  432.481970][ T6914] RIP: 0033:0x7fbdde59bf17
[  432.486485][ T6914] Code: a2 c7 05 7c 96 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  432.506251][ T6914] RSP: 002b:00007ffd1335f9a8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  432.514897][ T6914] RAX: 0000000000000000 RBX: 00007fbdde60471f RCX: 00007fbdde59bf17
[  432.522974][ T6914] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd1335fa60
[  432.531047][ T6914] RBP: 00007ffd1335fa60 R08: 00007ffd13360a60 R09: 00000000ffffffff
[  432.539132][ T6914] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd13360af0
[  432.547242][ T6914] R13: 00007fbdde60471f R14: 000000000005c62d R15: 00007ffd13360b30
[  432.555562][ T6914]  </TASK>
[  432.559079][ T6914] Kernel Offset: disabled
[  432.563456][ T6914] Rebooting in 86400 seconds..