last executing test programs:

3m40.30297987s ago: executing program 2 (id=740):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount(0x0, &(0x7f0000000240)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x0, &(0x7f0000000300)='usrquota')
chdir(&(0x7f0000000080)='./file1\x00')
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='net_prio.prioidx\x00', 0x275a, 0x0)
quotactl_fd$Q_SETQUOTA(r0, 0x80000300, 0x0, 0x0)

3m39.975339222s ago: executing program 2 (id=741):
setresgid(0x0, 0x0, 0xee01)
r0 = socket$qrtr(0x2a, 0x2, 0x0)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000002ec0)={0x0, 0x0, <r1=>0x0}, &(0x7f0000002f00)=0xc)
getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f0000002f40)={0x0, 0x0, <r2=>0x0}, &(0x7f0000002f80)=0xc)
setresgid(r1, r2, 0x0)

3m39.601799073s ago: executing program 2 (id=745):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000a80)={0x68, r2, 0xb7a006d1969b963b, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @NL80211_ATTR_FRAME={0x48, 0x33, @assoc_req={{{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x1}, {0x4}, @broadcast, @device_a, @from_mac, {}, @value=@ver_80211n={0x0, 0x75f, 0x3, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1}}, 0x100, 0x400, {0x0, 0x6, @default_ibss_ssid}, @void, @val={0x2d, 0x1a, {0x1, 0x0, 0x1, 0x0, {0x1000, 0x9, 0x0, 0x3fe, 0x0, 0x1, 0x0, 0x2}, 0x8, 0x3, 0x5}}}}]}, 0x68}, 0x1, 0x0, 0x0, 0x880}, 0x14)

3m39.301760545s ago: executing program 2 (id=747):
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x0, &(0x7f00000002c0), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=")
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
umount2(&(0x7f00000002c0)='./file0/../file0\x00', 0xc)

3m38.793244175s ago: executing program 2 (id=754):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d80000001c0081044e81f782db44b9040a1d08030e000000e8fea4a1180015000600142603600e1208000f1000810401a80016000a0001", 0x37}], 0x1, 0x0, 0x0, 0x7400}, 0x10)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, 0x0, 0x0, 0x0, 0x5c8}, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce620300fe"], 0xfe1b)
r0 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001800599c6d0eab070004000523"], 0xfe33)

3m37.623470152s ago: executing program 2 (id=763):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000740), &(0x7f0000000040)='%ps    \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r1}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x6, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0feffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000801000085000000a500000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r2, 0x2f08, 0xe, 0x0, &(0x7f00000003c0)="46c33c56e981df5e1559014932a2", 0x0, 0x447, 0x6000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

3m36.405578803s ago: executing program 32 (id=763):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x48)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000280)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000740), &(0x7f0000000040)='%ps    \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f00000000c0)={r1}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x6, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0feffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000801000085000000a500000095"], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r2, 0x2f08, 0xe, 0x0, &(0x7f00000003c0)="46c33c56e981df5e1559014932a2", 0x0, 0x447, 0x6000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

2m35.789805216s ago: executing program 3 (id=1293):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0))
ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000200)=0x8)
ioctl$PPPIOCSFLAGS1(r0, 0x40047459, &(0x7f0000000100)=0x2000004)
pwritev(r0, &(0x7f00000002c0)=[{&(0x7f0000000300)="00214717a7070000000203060000000000000000aaa6", 0x16}], 0x1, 0x7, 0x1)

2m35.58733099s ago: executing program 3 (id=1295):
syz_mount_image$ext4(&(0x7f0000000640)='ext4\x00', &(0x7f0000000680)='./file0\x00', 0x0, &(0x7f00000006c0), 0x1, 0x603, &(0x7f0000000700)="$eJzs3V1oXGkZAOD3TH5q29hUEcFepVgwaJ00P5YGFFuvhFqpraCoWGMy+SGTTEwm0ASkahEKCu2FqCAWcqGCKAQU7wT1yp8L/9iLdpdCFxZ2C6FLt7AXe5HlTGbS6WaaNJs0Z+k8D5z2+76Zk+898/Y9nfP1dCaAptWV/pKL+EhE3EgiOusea43qg11rz1vqXx5PtyRWVy/eTyJJ9+lfHq89P6n+frC6W3dE/O2HEWfbN847t7A4OVQsFmar/Z7y1EzP3MLiJyemhsYKY4XpvoETg4ODA/2DJ3btWH/2u1+//vGvfO5/V39w9vcr/7j6zSROR0f1sfrj2C1d0VV9TdridP0DScTJ3Z4sY7msA2DbTvYcO95SrfO2SM8BndFSrfrSL7/xoDP+eftJ+y6/efO1vYwV2H1XImIVaFKJ+ocmVXsfkF7/1ra9eu/xmx/v1Uw8ycqZtQvAG9W1naX1/LeurQ3F+yrXhgfeSKpXhmuS2trRDtzKpz/j/gf/k//zn9ItntE6DO9Nyy9nHQFZah/IOgKydORLWUdAlv59LesIyNL/V7KOgCxduJh1BGTpi8/bP4KzLb+4n3UE/OVMRBxvtP6XW1//iQbrPwcjYqd35vzxSERXvPDz+rGN6z+5ezuchk2snIn4dN29XUt1+a863FLtvT/tRFsyOlEspLk/FBHd0bYv7fduMseLx/7++UbjX72b5v/mhdr6X7ql89fWAqtx3Gvd9/h+I0PloZ0eN2tWvh9xpLVR/pP1+k8a1H/65+H8U85Rul663mj80K00/7+6unn+eZZWlyI+1rD+k/XnJJvfn9lTOR/01M4KG1347ytzjcZPHU3z/+BT8p+dtP4PbJ7/yvl//X7dhpnc3GfHOm80Gr/7ozT/b3373Zz/25MvVwKs3Vp8eahcnu2NaE++sHG8b/sxP69qr0ft9Urz3/3Rxn//b3b+3x8R33rKOf/63buvNhr/2mSa/399Xf1nJ83/yBb1nzxW/9tvnP/M0SuN5v7waJr/U/u3rv+BSjDd1RHv/7b2tAnKOk4AAAAAAAAAAAAAAAAAAAAAAIBmk4uIjkhy+fV2LpfPr32+74fiQK5Ymit/YrQ0Pz0Sle/KPhxtudonPXbWfR5sb6X9qN/3jn5/RHwgIq617K/088Ol4kjWBw9NqiPizh++M9zgm/kBAAAAAAAAAAAAAAAAAICsHHzC//9PvdSSdXTAs9ARcWf0Jy3fS9sP1Tk0lbT+f/tw6myof2g66h+al/qH5qX+oXmpf2he6h+al/qH5qX+oXmpf2he9fUPAAAAADyfzp87l26rS/3L42l/ujQ2MTk+M9h3Ij81P5wfLs3O5MdKpbHKN/ZPbf3ziqXSTG9fzF/uKRfmyj1zC4uXpkrz0+VLE1NDY4VLhbY9OCZga7d/OjCedQwAAAAAAAAAAAAAAAAAAMAjcwuLk0PFYmFWQ0NDY72R9ZkJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB55OwAA//8t2VDh")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
pwritev2(r0, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5412, 0x0, 0x0)
ioctl$EXT4_IOC_CLEAR_ES_CACHE(r0, 0x6628)
creat(0x0, 0x48)

2m35.30730111s ago: executing program 3 (id=1297):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r0, &(0x7f0000000040)=[{{&(0x7f00000003c0)={0xa, 0xe21, 0x0, @rand_addr=' \x01\x00'}, 0x1c, &(0x7f0000000080)=[{&(0x7f0000000000)="7f", 0x1}], 0x1}}], 0x1, 0x0)
listen(r0, 0xfff)
setsockopt$inet6_IPV6_DSTOPTS(r0, 0x29, 0x3b, &(0x7f0000000400)={0x67}, 0x8)
accept(r0, 0xfffffffffffffffd, &(0x7f0000000680))

2m34.259230897s ago: executing program 3 (id=1310):
syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000500)='./bus\x00', 0x18418, &(0x7f0000000200)=ANY=[@ANYRES8=0x0, @ANYRES8], 0xfe, 0x4b1, &(0x7f0000001d00)="$eJzs201sVNUbx/HfM3c6TIf+/5YXCxgCTTSxgkBfsEBqYnix0YQXLVQj8SWVTrHSdkinKCUgLNWdC5Yu3bpwZdwaEpfGhcEYFibIxs2sxB3m3LlvM5TOjG1nKP1+CJx7zzx3OOc8c+ecM5kRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQjrx6uLfPWt0KAADQTCdPj/QOMP8DALCmnGH/DwAAsJaYPP0u054LJTvhn5dlj0/OXLo8emx44cvaTaaUPD/e/c329Q/sf2nwwMGwXPz65bZNp06fOdx9tDB9cTZfLObHu0dnJs8VxvN1P8NSr6+2yx+A7ukLl8YnJord/XsHKh6+3Hlv3fquzqHB945mwtjRY8PDpxMx6bb//L8/5FEr/Iw8vSDTx99/ayclpbT0sajx2llp7X4ndvmdGD027HdkanJsZs49aKkgKlU5JplwjJqQiyVJSa5dllmePVubPP0g05F9JTslyQvHYbf/wXBd7WmFtNu6SurRKsjZY2ydPH0g0619nXojGFc//xnpaqsbhxWXDu7/gpXsTf/9wN1P7m3z+Fvdr89MFBKxlgruqNU+PzTTY/7elJWnU/4dX7IR7Wx1c9Bk7fI0LVPmq0/8dYX8delTQwd27DyUXGFsqfE8LnZvcHPVMye3BUsHS7k/y98v1Cdrnv6U6f5vWf+8J5wDpBsPFrvwj6Y0DyvNPE3J9M+1klnVvtRL7O8jq33uX9n2t2ePFi7Oz06e/2huwcdz2cMfFudmx84t/HB57+ola2rtY6ulGtuS5ay84/v801J0XbAH+F/5LG7NN1fj10JPVRlKvn7qOa57F9vAOsq1yczTXZkm3t9anmeUa3hs1gKX/2GZiqWfLcx0kP90+SyR/5fj8ctaZRnxc/v/8uda4Vpi29nNj6pfify7Nrn8vyPTkb+3Bp9plPPvVcW6uC6Z3r25PYhLZVxcOuxO+RknJqfyvS72gUwbfwpj5cfmgthNcWyfiy3K9MWtytj1QezmOLbfxd6W6c6vC8c+HccOuNh5l6873WFszsXuCGK74ti95wpT47WG1eW/X6a3r79mYZ8fmf/E/X+jqow8lPPFj5cr/52JuhtBXs8G+U/XyP+XMs3/tT3stz/24ctqg/9vnH+3Vv7uZmVsuKHcGMf21dutVnP53yDTvVduR30O+hacxhlK5v+ZdGUZjWuL8r8hUdcZtCvT4FisRcX5KxfGpqbysxxwwAEH0UGr35nQDG7+H3Gz+qBn4TommP87ymfxiun+Z/H8P1RVRlo0/29M1A0Fq5a2tJSdm77YtkXKFuev7JmcHjufP5+fGdg/2Nt/aH/vwMG2TLi4i4/qHrsngcv/bpmu/fhLtI+pXP8tvP7PVZWRFuV/U7JPFeuauodiTXL575Bp8O7taL+52Po/3P/3PFtZRvdfi/K/OVHXGbSro8GxAAAAAAAAAAAAAAAAAIDVJGeenpPp8siLFv6GqJ7v/41XlZHl//5X+YfJNb7/1ZWoG2/S7xoaGmgAAAAAAAAAAIAmScnT1zI9r5JddxUd0olkiSfavwEAAP//G6xIAA==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
syz_mount_image$fuse(&(0x7f0000000640), &(0x7f0000000680)='./file0\x00', 0x40000, &(0x7f0000000a80)={{}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, 0xee01}}, 0x1, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x80)
lseek(r0, 0x101, 0x0)

2m33.969498297s ago: executing program 3 (id=1312):
r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x4f3, 0x755, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x40, 0xb1, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x101, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xc}}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000340)={0x2c, &(0x7f0000000040)={0x20, 0xa, 0x7, {0x7, 0xf, "00f4000000"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = syz_open_dev$hidraw(&(0x7f0000000280), 0x82, 0x2)
write(r1, 0x0, 0x0)

2m32.509432134s ago: executing program 3 (id=1326):
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c)
recvfrom$inet6(r0, 0x0, 0x0, 0x22, 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97004d88c19e9ace5ffb2e9fc603dd282100000002ff02000000000000000000000000000104004e200023b0"], 0x0)

2m32.21725271s ago: executing program 33 (id=1326):
r0 = socket$inet6(0xa, 0x80002, 0x88)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c)
recvfrom$inet6(r0, 0x0, 0x0, 0x22, 0x0, 0x0)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0)
syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97004d88c19e9ace5ffb2e9fc603dd282100000002ff02000000000000000000000000000104004e200023b0"], 0x0)

2m32.197450242s ago: executing program 5 (id=1329):
r0 = syz_io_uring_setup(0x136f, &(0x7f00000001c0)={0x0, 0x49fa, 0x10, 0x0, 0x4e}, &(0x7f0000000180)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f0000000300)=[0xffffffffffffffff], 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_FILES_UPDATE={0x14, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=[0xffffffffffffffff], 0x1})
io_uring_enter(r0, 0x47f6, 0x0, 0x0, 0x0, 0x0)

2m31.755232682s ago: executing program 5 (id=1332):
syz_emit_ethernet(0xbe, &(0x7f00000002c0)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c20000000800450000b00000000000119078000000000000000000004e20009c907801000000000000007b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af584cbf2649a50f2dbc43efa8698dfa871c51852e44519d330bb57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424dbcfd56f1373669caaa16af32b442f2e52f19935e6996c7096ffe4f3a4745a8f762b9649a3bfbc1f39cb307b3472eb9cdb042d2643fcbb2c5a57df67d544af6e8dafe09cfe9163a238744cdcf497da113327d18ef59066a471f409eb1ecde5c89eac37a917bb36c0ae44cc63c905e949b53b0e37cee8b16224b58732b693a963ad22bc1e0a3f5dfdb315c679fd1ef1fd73bc63ad4c24e39b6c4743af097edfdf01e89aa38e730dabd63da75ebd532dba2540954300bfa92d05c27"], 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', 0x0)
sendmsg$unix(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000300), 0x9, &(0x7f0000000040)}, 0x0)
bind$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x4e23, 0x0, @mcast1, 0x4}, 0x1c)
mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='nfs4\x00', 0x0, &(0x7f00000001c0)='\x01')

2m31.581130647s ago: executing program 5 (id=1333):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000700)=ANY=[@ANYBLOB="12010000000000408c0d220000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, &(0x7f0000000240)={0x2c, &(0x7f0000000980)=ANY=[@ANYBLOB="00000001000000090090"], 0x0, 0x0, 0x0, 0x0}, 0x0)
r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x4, 0x0)
ioctl$EVIOCGKEYCODE_V2(r1, 0x80284504, &(0x7f0000000040)=""/185)

2m29.616346416s ago: executing program 5 (id=1345):
syz_mount_image$udf(&(0x7f0000000080), &(0x7f0000000500)='./bus\x00', 0x18418, &(0x7f0000000200)=ANY=[@ANYRES8=0x0, @ANYRES8], 0xfe, 0x4b1, &(0x7f0000001d00)="$eJzs201sVNUbx/HfM3c6TIf+/5YXCxgCTTSxgkBfsEBqYnix0YQXLVQj8SWVTrHSdkinKCUgLNWdC5Yu3bpwZdwaEpfGhcEYFibIxs2sxB3m3LlvM5TOjG1nKP1+CJx7zzx3OOc8c+ecM5kRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACQjrx6uLfPWt0KAADQTCdPj/QOMP8DALCmnGH/DwAAsJaYPP0u054LJTvhn5dlj0/OXLo8emx44cvaTaaUPD/e/c329Q/sf2nwwMGwXPz65bZNp06fOdx9tDB9cTZfLObHu0dnJs8VxvN1P8NSr6+2yx+A7ukLl8YnJord/XsHKh6+3Hlv3fquzqHB945mwtjRY8PDpxMx6bb//L8/5FEr/Iw8vSDTx99/ayclpbT0sajx2llp7X4ndvmdGD027HdkanJsZs49aKkgKlU5JplwjJqQiyVJSa5dllmePVubPP0g05F9JTslyQvHYbf/wXBd7WmFtNu6SurRKsjZY2ydPH0g0619nXojGFc//xnpaqsbhxWXDu7/gpXsTf/9wN1P7m3z+Fvdr89MFBKxlgruqNU+PzTTY/7elJWnU/4dX7IR7Wx1c9Bk7fI0LVPmq0/8dYX8delTQwd27DyUXGFsqfE8LnZvcHPVMye3BUsHS7k/y98v1Cdrnv6U6f5vWf+8J5wDpBsPFrvwj6Y0DyvNPE3J9M+1klnVvtRL7O8jq33uX9n2t2ePFi7Oz06e/2huwcdz2cMfFudmx84t/HB57+ola2rtY6ulGtuS5ay84/v801J0XbAH+F/5LG7NN1fj10JPVRlKvn7qOa57F9vAOsq1yczTXZkm3t9anmeUa3hs1gKX/2GZiqWfLcx0kP90+SyR/5fj8ctaZRnxc/v/8uda4Vpi29nNj6pfify7Nrn8vyPTkb+3Bp9plPPvVcW6uC6Z3r25PYhLZVxcOuxO+RknJqfyvS72gUwbfwpj5cfmgthNcWyfiy3K9MWtytj1QezmOLbfxd6W6c6vC8c+HccOuNh5l6873WFszsXuCGK74ti95wpT47WG1eW/X6a3r79mYZ8fmf/E/X+jqow8lPPFj5cr/52JuhtBXs8G+U/XyP+XMs3/tT3stz/24ctqg/9vnH+3Vv7uZmVsuKHcGMf21dutVnP53yDTvVduR30O+hacxhlK5v+ZdGUZjWuL8r8hUdcZtCvT4FisRcX5KxfGpqbysxxwwAEH0UGr35nQDG7+H3Gz+qBn4TommP87ymfxiun+Z/H8P1RVRlo0/29M1A0Fq5a2tJSdm77YtkXKFuev7JmcHjufP5+fGdg/2Nt/aH/vwMG2TLi4i4/qHrsngcv/bpmu/fhLtI+pXP8tvP7PVZWRFuV/U7JPFeuauodiTXL575Bp8O7taL+52Po/3P/3PFtZRvdfi/K/OVHXGbSro8GxAAAAAAAAAAAAAAAAAIDVJGeenpPp8siLFv6GqJ7v/41XlZHl//5X+YfJNb7/1ZWoG2/S7xoaGmgAAAAAAAAAAIAmScnT1zI9r5JddxUd0olkiSfavwEAAP//G6xIAA==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
syz_mount_image$fuse(&(0x7f0000000640), &(0x7f0000000680)='./file0\x00', 0x40000, &(0x7f0000000a80)={{}, 0x2c, {'rootmode', 0x3d, 0x1000}, 0x2c, {'user_id', 0x3d, 0xee01}}, 0x1, 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x80)
lseek(r0, 0x101, 0x0)

2m29.402751948s ago: executing program 5 (id=1347):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = memfd_create(&(0x7f0000000780)='\x01\xfd\xae.+\xa6\x8c\xb6?2\x199\x94S,|x?Ue[\xbd\xe1!\x033\xbc\'#\xff\x17\x9b%\xf3[d \x06\x00\x00\x00\x97A\xc2\xd8\xf0Uq!\xe4\xc4\xb1\xa2\x1c\xffC;\x94Q\r\xb6}\x9c\xecC\v\xcf\xeb\xe4\x9aR\xe5,\x82\x03\x00\x19\x8d\xe8\xc6\xb9\xe4\xb4\x99\x8a\x19\xe5\xb8\x8cx\b\x99\x04R\x05\xaf\xa2\xea5\f\xcc\x1a\x9b\x00Uf\xa5\xf7\x80Tgiz\nX\b\x91\xfd0\x8e\xb6\xa3\v#\x16\xdf\xb4\xc0\xe6\xb4\xef\xa8i\xd8\xa2\xd2(\x98\x9bA\x8f\x13\xeb\xf4b/\xef!\x8f\xf6]-\xf1k\xb62\x89gEv\x13\xf4\xc7\xb2\xf5\\\x17\x90\xb5\xa6\xa8\xb8o\x0f\xe2 \xe7\x9c$\xd7\xf2@\xf7cdv[\t\x00\x8d\xf3\xcc1\r$\x1e\xff\xf0P\xb2\x97\xb8\xbc\xeb\x91\x87\x8bu\xbf\xd4\'\xff\x1f\f\x016\x9dQ\xeeT\xe8\bY\x00\xb2\x06\xa6\xbel\x9b.o\xbe\x80\x9dx\xd5O\xd6h\\I\xc9\x8d\a\x1d\xc9k\x83\xfc\xa4\xad4\x03\xa2X\x0f\x82\xdbs\xc7\x83L\x9e\xa2\xd1\xb3\xac\x8d\xd8\xb4\xb4\xea\x90Q\xd8\xc7\xeb%\x8bOp\x1ab\x96\xcf\xbb\x15\xcf\xfcN\xed\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00s\xaf\xa2\x14]p+\x96\x1ei|n\xda\xee\\\xae\x96*\x82*\xb8j\xda\xaa\x14\x1f\x1d\xf8\xf8\xae\xfcH\xc4\xb3j\xe8\xcfO\xef\x0e\xafe\xb5*\x89\x18\xb2w\x96\b\x1by\xeaT\xdd\xb3g6\xbc\x85\xb2Y\xccv\x06\x00\x00\x00\xc5e\x90\xc51\x9f\v_# \b\xa5\xbcP,|\xe9\xd6s\x1f\x1f\xbe\xd3\x80\xb1\xa8 \xce|df\x903\v\x02\xea.\x03X\xb5\xe4,8\xb7\xadEI\xdcA\xa7\xcc\xd7\xf9n\x1b\x95\xf8\x11Z\xe6:\x03\xce\xfe\x02\x8ctdy~_oC\x9e\xef\xf0\xa2K\xe9;\x8e:\x01\x03C\x92\xeb\x16\x1c\xbf\xbe\xef\xccUxhg\xdfY\xe6\x83\xa6z\xff\x01\x9d o_{!O\xaajU\x84 \xe9\xb59r\x9cw\x18Z\xd3\xcd\x0e\xba\\\xdb\xf0\xe1\x86\t\xaf\vi\xdc\xbf?\xf5\n\xbd^\x05\xc0\xceuC}\xa8\xc7\xad\x86\xd7\x15&\xb9]1\x05J\x96\xf0\x84\xc1\f\xa6p\x96?\x00\x00\x00\x00\x00\x00\x00\x12\x88\xc8\x9c\xc9Cn\xd4\xa47V\'+\xcc\xbf\r\xa9\x10\x1d\xcf\xebKl\xcc\xa4:\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00G\xdf\xbb\xc0_\x99F\xf4n]\x14\xbc\xcd\xd3\x9f\x9fe\xc5\xe6\xe8Mb\xc6\x82\x82\xcb\xcaXe\xe1\xa2\xaa\x02\x86\xb8\x18\xe2C\xeb\xa9\x17&\x01&\'w\xa1t0\x80\xf0\x93\x80\x9f\x9b\xe0\x9f\xea\xb9\x9eD]#V\xda\x92\xca\xc6\xfa.\xd6\xe31\xfe\xe8\x02\xebX\xbd\nz\x01O\xd3r\xa2\xa9u\x93>m\xd7q\'\xdf\xfajo\xd8n\xa7\xecJi\xde\xdf\x7f\xe3\xc4*Z 4\xe8S$\xa1H=\xdf\x05\xf3\xc3T\xd1\xdd\xc6f\xa4\xb4\x96\\\xa0\xf9\x0f\x17\x11{\xb6\x9d\xd21\xc1\x90Vj\x13r\x00\x00\xde\x03\xab\xff\x8as0\xc6E\xca\"\xd9*\x9a\x15\xb95r\x8f\xaaj\x82\xd6\xd2%\xed\xa2WQ\xec2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xccX\xfdRB\xffU\xe9\xfa\x1f\xf6\xce\b\xde@\x061\xc6z\xe4\xe0\xc9?\xa7\x94>\x9c\xd1\xa5o\x04\xaaim\xae\xfe\xc7f\xa3\x96\xd7\xb4c)r{\r#\xddI&\n\xf2\xec\xd4\xff\x9f\x136zZ-2\x80\xfbH+\x9b8\xf3\xed\xdf\xa2my\xb28c[\xc3\xfe\xb5M\x84\x97\xa5\'s\xe9\xdc=)I\xabLt2\x9c\v\xd9S', 0x6)
fallocate(r1, 0x0, 0x9, 0x4)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x300000a, 0x12, r1, 0x0)
sendmmsg$unix(r0, &(0x7f00000bd000), 0x318, 0x0)

2m28.021525191s ago: executing program 5 (id=1353):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3in6={0x18, 0x1, {0x0, r0, 0x3, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x3a)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
connect$pppl2tp(r1, &(0x7f0000000980)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x101, 0x0, 0x0, 0x0, {0xa, 0x0, 0x4, @local, 0xd8}}}, 0x32)

2m27.688158608s ago: executing program 34 (id=1353):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
connect$pppl2tp(r1, &(0x7f0000000000)=@pppol2tpv3in6={0x18, 0x1, {0x0, r0, 0x3, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x3a)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
connect$pppl2tp(r1, &(0x7f0000000980)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x101, 0x0, 0x0, 0x0, {0xa, 0x0, 0x4, @local, 0xd8}}}, 0x32)

30.3254022s ago: executing program 4 (id=2520):
r0 = socket(0x28, 0x5, 0x0)
r1 = syz_io_uring_setup(0x4f6, &(0x7f0000000380)={0x0, 0x80fd, 0x10, 0x4, 0x2cf}, &(0x7f0000000300)=<r2=>0x0, &(0x7f00000002c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r0, 0x80, &(0x7f00000000c0)=@vsock={0x28, 0x0, 0xffffffff}, 0x0, 0x0, 0x1})
io_uring_enter(r1, 0x47bc, 0xf5, 0x0, 0x0, 0x0)

30.089411837s ago: executing program 4 (id=2522):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000280)=0xf)
ioctl$TCFLSH(r0, 0x400455c8, 0x1)
syz_usb_connect(0x2, 0xfffffffffffffe86, 0x0, 0x0)
ioctl$TIOCVHANGUP(r0, 0x5437, 0x0)

27.283128851s ago: executing program 4 (id=2558):
setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0)
syz_usb_connect(0x5, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000fe76181004160780a6af011703010902120001000000000904"], 0x0)
syz_io_uring_setup(0x239, 0x0, &(0x7f0000000180), &(0x7f00000001c0))
r0 = syz_open_dev$sndctrl(&(0x7f0000000380), 0x3, 0xbc01)
ioctl$SNDRV_CTL_IOCTL_HWDEP_INFO(r0, 0x80dc5521, &(0x7f0000000180)=""/135)

25.781517818s ago: executing program 4 (id=2567):
syz_mount_image$ext4(&(0x7f0000000440)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x0, &(0x7f00000000c0)={[{@nodioread_nolock}, {@init_itable_val={'init_itable', 0x3d, 0x4}}, {@mblk_io_submit}, {@minixdf}, {@jqfmt_vfsv0}, {@usrjquota, 0x2e}], [], 0x2e}, 0x84, 0x450, &(0x7f0000000940)="$eJzs289vFFUcAPDvzLYgv2xF/MEPtYrGxh8tLagcvGg04WJiogc81lIIslBDayKESDUGj4a/QD2a+Bd40otRTxqvejcmxHARPZgxszsDS7tbd7tbtrCfTzLtezNv973vzLzdN/N2AhhYY/mfJGJ7RPwaESP17M0Fxur/rl29MPv31QuzSWTZG38mtXJ/Xb0wWxYtX7etyIynEenHSextUu/CufOnZqrVubNFfnLx9LuTC+fOP3vy9MyJuRNzZ6YPHz50cOqF56ef60mcO/K27vlgft/uI29dfm326OW3f/gqb+/2YntjHHWjXdc5FmM378sGT3T97hvLjoZ0MtTHhtCRSkTkh2u41v9HohI3Dt5IvPpRXxsHrKssy7LNK9ZWysRSBtzBkuh3C4D+KL/o8+vfcrmFw4++u/JS/QIoj/tasdS3DEValBledn3bS2MRcXTpn8/yJZrehwAA6K1v8vHPM83Gf2nc31Du7mJuaDQi7omInRFxb0Tsioj7ImplH4iIBzusf2xZfuX45+ctawqsTfn478Vibuvm8V85+ovRSpHbUYt/ODl+sjp3oNgn4zG8Oc9PrVLHt6/88mmrbY3jv3zJ6y/HgkU7/hhadoPu2MziTDcxN7ryYcSeoWbxJ9fnrvL/uyNizxreP99nJ5/6cl+r7f8f/yp6MM+UfRHxZP34L8Wy+EvJ6vOTk3dFde7AZHlWrPTjT5deb1V/V/H3QH78tzY9/6/HP5o0ztcudF7Hpd8+aXlNs9bzf1PyZi29qVj3/szi4tmpiE3J0sr10zdeW+bL8nn84/ub9/+dEf9+Xrxub0TkJ/FDEfFwRDxStP3RiHgsIvavEv/3Lz/+ztrjX195/Mc6Ov6dJyqnvvu6Vf3tHf9DtdR4saadz792G9jNvgMAAIDbRVr7DXySTlxPp+nERP03/Ltia1qdX1h8+vj8e2eO1X8rPxrDaXmna6ThfuhUcW+4zE8vyx+s3TfOsizbUstPzM5X12tOHWjPthb9P/d7pd+tA9ZdR/NorZ5oA25LnteEwaX/w+DS/2Fw6f8wuJr1/4sR1/rQFOAW8/0Pg0v/h8Gl/8Pg0v9hIHXzXP9qiZ1H1uud77REZWM0o+NEpBuiGWtLpBujGfXE5ohot/DFuFUN6/cnEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQG/8FwAA//8Hl+jb")
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
quotactl$Q_QUOTAON(0xffffffff80000200, &(0x7f0000000080)=@loop={'/dev/loop', 0x0}, 0x0, &(0x7f0000000000)='./file0\x00')

25.280915816s ago: executing program 4 (id=2572):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100)={0xaa, 0x1c8})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
ioctl$UFFDIO_CONTINUE(r0, 0xc020aa08, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})

23.793447545s ago: executing program 4 (id=2579):
r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fff, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0xb, 0x1, 0x4, 0x0, 0x87})
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000000)=0x1)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x7fffffff, 0x2, 0x7, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x7, 0x3, 0x0, 0x5, 0x24, 0x1, 0x7, 0x3c5a, 0x1, 0x24, 0x6, 0x1, 0x5, 0xffffffff, 0xe661, 0x4, 0x7, 0x89d2, 0x8, 0x4c74, 0x80000000, 0x40000, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0xd, 0x407, 0x5, 0x3e, 0x8f, 0x4006, 0x6, 0x80000000, 0x0, 0x4, 0x8, 0x400, 0x80, 0x0, 0x4, 0x7, 0x8, 0x4, 0xfffffffe, 0x40], [0x10000007, 0xf0000000, 0x8000012f, 0x8004, 0x5, 0x6, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0x10, 0x312, 0xd, 0xea4, 0xffffffff, 0x4, 0x7, 0x7fff, 0x5a7c, 0x420, 0x401, 0x6, 0x0, 0xff, 0x1, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x20009, 0x8, 0x9, 0x9, 0x4a, 0x8000, 0x1, 0xfe000000, 0xffff, 0xfffffffe, 0x7, 0x9, 0x5, 0x3, 0x8, 0x1, 0x3, 0x6c0, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x8004, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x9, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x10000, 0x3, 0x5, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x1, 0x800003, 0x200, 0x7e, 0x7, 0x4, 0x2950bfaf, 0xffe, 0xa2, 0x7, 0xa9, 0x5, 0x9, 0xac8, 0x2000bf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0x0, 0x0, 0x5, 0x1c, 0x120000, 0xffffff49, 0x2004, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x4, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x9, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0x2000a620, 0x2, 0x5, 0x1, 0x2, 0x5, 0xe7, 0x6, 0x16, 0xfffffffe, 0x80000003, 0x6, 0x1, 0xc8, 0x9, 0xfffff000, 0x10000, 0x3, 0x7e, 0xfd, 0x9602, 0x7, 0xaf, 0x8, 0x6, 0xffffffff, 0x5, 0x5, 0x8, 0x30b1d693, 0x5, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)

23.189993244s ago: executing program 35 (id=2579):
r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x7fff, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r0, 0xc0145608, &(0x7f00000000c0)={0xb, 0x1, 0x4, 0x0, 0x87})
ioctl$vim2m_VIDIOC_STREAMOFF(r0, 0x40045612, &(0x7f0000000000)=0x1)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x7fffffff, 0x2, 0x7, 0x7f, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x7, 0x3, 0x0, 0x5, 0x24, 0x1, 0x7, 0x3c5a, 0x1, 0x24, 0x6, 0x1, 0x5, 0xffffffff, 0xe661, 0x4, 0x7, 0x89d2, 0x8, 0x4c74, 0x80000000, 0x40000, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0xd, 0x407, 0x5, 0x3e, 0x8f, 0x4006, 0x6, 0x80000000, 0x0, 0x4, 0x8, 0x400, 0x80, 0x0, 0x4, 0x7, 0x8, 0x4, 0xfffffffe, 0x40], [0x10000007, 0xf0000000, 0x8000012f, 0x8004, 0x5, 0x6, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0x10, 0x312, 0xd, 0xea4, 0xffffffff, 0x4, 0x7, 0x7fff, 0x5a7c, 0x420, 0x401, 0x6, 0x0, 0xff, 0x1, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x20009, 0x8, 0x9, 0x9, 0x4a, 0x8000, 0x1, 0xfe000000, 0xffff, 0xfffffffe, 0x7, 0x9, 0x5, 0x3, 0x8, 0x1, 0x3, 0x6c0, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x8004, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x9, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x10000, 0x3, 0x5, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x1, 0x800003, 0x200, 0x7e, 0x7, 0x4, 0x2950bfaf, 0xffe, 0xa2, 0x7, 0xa9, 0x5, 0x9, 0xac8, 0x2000bf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0x0, 0x0, 0x5, 0x1c, 0x120000, 0xffffff49, 0x2004, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x4, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x9, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0x2000a620, 0x2, 0x5, 0x1, 0x2, 0x5, 0xe7, 0x6, 0x16, 0xfffffffe, 0x80000003, 0x6, 0x1, 0xc8, 0x9, 0xfffff000, 0x10000, 0x3, 0x7e, 0xfd, 0x9602, 0x7, 0xaf, 0x8, 0x6, 0xffffffff, 0x5, 0x5, 0x8, 0x30b1d693, 0x5, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)

13.820236453s ago: executing program 1 (id=2633):
syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff)
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000012c0)=ANY=[@ANYBLOB="120100001ddf8208c007121522300000000109021b0001000000010904000001faf40d000905820349"], 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_open_dev$char_usb(0xc, 0xb4, 0x0)
syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x1380, &(0x7f0000000080)=ANY=[])

10.498510058s ago: executing program 1 (id=2659):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
rt_sigaction(0x4, &(0x7f00000004c0)={&(0x7f0000000440)="c44241b6fc3ef0408160bb841e97fbc421a9db9297c80000c462f9237e0ec42241096aa8260f01f9f6892d00000000430fc4890a0000009bc421a96db290474df23b9967a554eb", 0x4, 0x0, {[0x8]}}, 0x0, 0x8, &(0x7f0000000500))
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
syz_usb_connect(0x5, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x43, 0x92, 0xd5, 0x20, 0x54c, 0x6c3, 0xeb7a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x8, 0x87, 0x70, 0x7, [{{0x9, 0x4, 0xcb, 0x1, 0x0, 0x4f, 0x3e, 0xaf, 0xb5}}]}}]}}, 0x0)
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)

8.262530132s ago: executing program 1 (id=2679):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b7030000faffffff850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000480)={&(0x7f0000000080)='kmem_cache_free\x00', r0, 0x0, 0x6}, 0x18)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r1)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)={0x1c, r2, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)

7.192466156s ago: executing program 1 (id=2685):
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000000180)='./bus\x00', 0x0, &(0x7f0000000440), 0x1, 0x559d, &(0x7f0000005680)="$eJzs3X1sVWcdB/BzeynlJaFlyjLUhfkPThCpmFiEoEVgAoPRgSbDwCgO2BAGhQRhY9OOOZ0jk4Y5xoovDKQCxq6+rJiYIbqIcU4mi8OGEXnJIuICK4yoJNOZ3nufy73n0vYO5zq3z4e05z73d57nPPfk/HG/lz7nRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABBF0cHlC/627gfLv/nQdSenbLz/zAMnap57fNP4u+fsHnX4gVVXtp1uaip99fmzNyy67+GqoSf2zD8URYlUv0Sm/7xPTZ65aNa86X3CgLU3prcVFZ0dMt31WLrRO+/Jjn75P/OjKCqNDZDMbCf1z2kn4geIVhYO2KXtVWNWDdw4cdrmssmDFibrGgtfOh369PQEekrmunrx4rVUnfpdEtsj28659BJ5l2i6f/yCe1NeBADwulTWpDbZt6OZt7jZdn28HmtXx9oNsXZ4h9CQ27gc6XF7dzbPa+L1HppndToqlHU6z1g9c/6z7Zp4/1g7FjVexzzzd81Emj6dzbMuVu+peQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8ldx9/JanSzb96H1L149MHh887BdfbdryvUnt5VO+tm9D2+9bn3tPU1Ppq8+fvWHRfQ9XDT2xZ/6hKKpI9Uukuyfm7mjd8LMVU1b/fM6jzefee8euZGbcsO2Vs3PUFh58vDyKPp9TeTEMe2pAFNXkF1LN6NHCwuLUgymhAAAAwNvJ4NTvkmw7HQdL89qJVJpMpP4F6bC4vWrMqoEbJ07bXDZ50MJkXePlj1fTyXjVlxwv2664+JPICcYh/sbHu1gPu64sGKdr8RHjeX7U0AuHj3x9+Ya1jf1P7u87MDnpV1+uHXzFnNGvXDt2zG1/fWRHQf6v6Dr/hzMn/wMAAPDfkP/j43Stu/w/7Mj9Z+469dN1tZ/ZNvf4+G/UDnhX5Zo/NX/4c+uHTZ3Y69iVWwry/zV5hyzI/2HGIf+XRJeX/wEAAOCt7H+d/6sLxulad/l/2ZoRf592YdbEJ8Zd+OGZO4f88uCRaG/9iC+03P6B/bP7DWj4SUH+rywu//fKnXZ48pkw4SXlUVRZ/EkFAAAA8oT/d7/40ULI6+lPDuJ5fc75g5NuLn3w7EdmXzt029Ehu9rP/2PJ8k0XRjfPGF716acrNhTk/+ri8n/pm/NyAQAAgCI8tfgTN+2Mpk/6UPU9h/cv2P5I/bK1K5c2liWm/ntl2/X/au5dkP9risv/ZT3zcgAAAIBLOPSlbbtfm7msdXhz2fmtf3jtz49fPXz1gabKoyt/O7B0RWvt4oL8X1tc/u+X2WZWPqQ77Q9/hfBQeRT16XhQly78Jmr4ZLYAAAAAvEFCTv/nsbaRO68r+/VT339586zvfHvQ3m/NONj43Qn9b5n44IEZB56sLcj/dV3f/z/c6SCs/8+7/1/B+v+cQvquf2PdGAAAAIB3osL1/OH2+OlvLujs+/eLXf9/4xdbXzp++/yvtL97yE3LXr7tils/Nv7UH6ffmdw57q6SqVNfOl2Q/+uLy//J3O0b+f1/AAAAcBn+377/b3bBOF3r7v7/Mx+752j7X14YN2Jm49pFJ8dv/PG8Lc88trvq6nMLbu77wWeX7i3I/w3F5f+w7Z/78vaF83NveRRd1fEgczfBXWG6S2KFltKcQvrEx3rMCj0yhZaynEJKXazHqPIoen/Hg/pYYWAoNMQK7QMyha2xwrOhkLkesoXmWGFfuNI2DchMN17YEwqZBRYtYQVF/+ySiFiPVzrr0VG4ZI8XsgcHAAB4RwnhOZNlS/ObUTzKtiS626FfdzuUdLdDsrsdesV2iO/Y2fNRbX4hPH9+zRO/q/xoyWcP3XrHhOEjF667t2HsgeTcCdc/uaPvuRWnR68uyP9bi8v/4VT0Tm86W/8fhfX/me81zK7/rw2FilihJRRq4ncMqAnHSIfd9eEYFTWZHu1XZQsAAADwthY+F0j28DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgP+zde5xU1Z0g8NNNP2homhbjK2JsdW1Fh6ZBUT/BB2omGmBNo+zMuPhohEaRVhBhIq5RULObxMEoKlFnRmEVRlZx8AVkNQE1ooloNI5mRh1DMGrcjR/FiH6yxrif7lunqLrVZRcCSjvf7x9dp+p3nrceXefeW+cCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/Max/9MYj/umiJ0eP2jBvwPJXDv/vH9YfumzRO//rT89ed9ve8763ftWSJZV/en7jSZO/c8PhjRtWTnghhJbOcmVJ8bLTF6/4waoLvvGtB0+76e5395y9tCpTbyYe+nb8Kc/cuTK2+tt+IawsC6EiHRhcmwQqM/drY30Da0PYKWwOZEu09UlKpBsOj9WEsDBsDmSr+lFNCLU5gXG/fGT1vI7E9TUh7B9CqE638e/VSRs16UBjVRLokw5Mq0gCH3ycyAZWlScB2GrxzZB90S9vyc9Q33W5Iq+/ym3Wsc9Xeni9YqK+eL63jt3OncpRlX6gZauetoLq2C4K3h5rvNt6wLutYDtf42nL/SKV+Yby8eZQdSif1DZ5wqz2mfGR8tDU1KtYTdvpeX5x4yUTtyTdY16HsQP12+R1+Pj5A+9c0Dhm15sf3jD59apnF2xtN4tt3u2tOmRecz3meYxG+jzpAW+/gm9JDb50hRBuP37T2799aez//dWDTw9+75tDzxrywitD627+7rR+f332/6m8ZerGgvl//SfP/+PLOd6W5+WOrX5Yl8zN4yO1MfF2XTI3BwAAgB6jJ+w1fWPEQW/Xrmt4eN+vr5h83qJ5r51+7p+rftp3wkEnnjL0+3fcOPW0gvl/Q2nH/+Mh/9rc0a4JYWRn4or+Ieze+XgSWBq7c1b/EPbpTLXkB45NBdaEsEdnYlC2qlSJ3rFEQyrwRl0mMDIVWBsDLanA4hi4JhW4MgaWpwITY2BNKnBcDIQp+eM4qC4zjpIDNTHQmmzE5fEshD/UxdZS2+qlbFUAAADbSGZ2WJl/N+dch63NEKeXy2u6yxDPwC6aoTpVQ3oGm51WFa2horsayrurITvuOZ88/IKay7qrueA0jLL8DO8deN/c1Q/8249vnHDYUwd92HrGy+tXPTp6U6+/e2fMjy8dN3/Y+IL5f/Mnz/+ru+hIWcHx/xDGdv6NucszkfZsvLUlLwMAAACwFSpeW3ryL+Z+VLbkZ+ds3P8vTxt3de8V++47YO3B9/2/hjcHHL9q/4L5/8jSzv+P+0R65WQO6+JuiKn9Q2jODyTVjigMJEe9+2YCAAAA0BNkj8dnj4VPydwmp2in59OF+Vu2MH888D+yy/yDx129rnn17adMGXHomjWbztj15WUbntpl/3deOPDk00+4f2rDPQXz/5bSzv/vk3+bdGJt7MV1/UPonRN4PPayI9CpIQbWH5MfyIx/bdwAV8WqMicmZKu6KpZojYHmVGBhsRLPZEvsnh/IPFnZxq/IjmNKpkROAAAAAD5zcXdAPC4fz/9/+tx+j/7jslsueXDJutD37OW/uOzo4QPnD+791rRnDnnkb989eWrB/L91y87/75wHF5ze3943hCEVIfRK/zBgXZ9kYcAYqC3LJH7cJ6mrV7qqy/uEMKJjYOmqNmTW/69IrzH4XE1SVQzsvu8dGxs7ErfXhDAkN/DC+EXDOxKzUoFs439VE8LeHaNNN76id9J4ZbrxG3uH8JWcQLaqib1D6GisKl3Vo9WZ6xikq1peHcLOOYFsVYdXhzA7ANBTxf+lk3IfvHD2xVMntLe3zdiOibgTvyZMntLe1jRxWvuk6iJ9mpTqc946RnMLx1TqpW9ezqxRdNeopv6lpLM/FGzObSuzI7/gzMHM/fhlqLJznMMq8+4ekh7ygfsVNhFyvkoVG3L5dh5yn9xKNj+JBfXH/FWhb+g968K2GU0XTZg5c8bQ5G+p2Yclf+NxpmRbDU1vqz5d9a2El0fR5bJSPu22asytZMjM86YPuXD2xYOnnDfh7Laz284/bPhhRxwx7NBDhw/pGFRz8rebkTZ2VXNqpB8vKnFY23CkX67IqeSz+NCQkJDoaYlVv9vj5aN3Wfq9FbcsnvHz9qPafv71nXces6Tqmy9suvSy/Z/+Hx8UzP+nf/L8P37qxA/+zPoMxY7/18fD/Mnjmw/zt8bAwlKP/9cXO5qfPTGgIRWYEwNzHOYHAADgiyHujox7M+NO6Ufm7/Yvd467b8z89Qc/ue65svV9Dv77D39fXnnZuP9yzAMNt333bwrm/3NK+/3/Nlr/P7t0/ahiy/wPiiWai63/n17mP7v+/5xi6/+nl/nPrv+/8HNY/39WNpDaJH+w/j8AAPBF8Nmt/9/t8v7pCwQUZOh2ef/0BQIKMnS7jH+pFwjY4vX/H2k4aORPVn/nN43LLpj2zn8bct/oAXs2/O6Rva6cNHXk6NEjBv9Lwfz/mtLm/xbuBwAAgB3HAROPfWrjpL2Pvfp/3rbTHj9p/fauh+3y/WVHts3ftH7i39z27jl/XTD/X1ja/P+zX/8vFDv/v6FYoKXYwoDW/wMAAKCHKrb+39Abv3X5q4uPu/+ey6eNam0dP/uKq/dbfUD1qeGl0fMb/mLGvR8VzP+Xlzb/j6ddlOfljr35sC5Z0y6k17R7uy77kwEAAADoGcpDU1NliXnzFkY99tO3+WJmKdBPSud68sH9nn/gqyNOnL+46urXynYb9vFT1888+Piv/fDVjXtdcse55+1XMP9fU9r8P+93GY+fP/DOBY1jdv3w5oc3TH696tkFm4//AwAAANtPqfslAAAAAAAAAAAAAACAz98JD//k6rcnLvnanIW/3PWnvcY+u3zDrDlNs2uvf/WH1/7qiDsfHlfw+/8wtrNcsd//x+v+xd8XfCkvd2y1+/X/MvfHjb57dueShevqQtgvNzD18qk7hcy1+Q/IDaw+fdBuHYnL0yUeeuW41zoSZ6YDJw4e8H5H4shUoDUukrhHOhCvqvh+v1QgLq/4XDoQt8fydKAqE/hev2QcZelt9WZtsq3K0tvqxdoQ+ucEsttqZW3SRll6gNenAtkBXpAOxAGelAmUp3t1d9+kVzFQG4ve2jfpFQAAO6z4LbAyTJ7S3tYcv8LH2y9X5N9GeUuWzS2stqzE5l/OLE1216im/qWke6W/i26+1nhlqO4YwtCCr6u5Wco6R7ltaulm032pyJC7W+2tvEi5tC3ddFXFR1STjKhp4rT2SZXdDvyQ7rMMq+g2y9CCyU5ulvLOTVpCLSX0pYQRlbhtSuhyvF8empp6pXJ9NQbrQ57uXhGl/l4/d52/Yq+C3DxPvtn+1BP//PzKfR7/89Nnf/BXk7596byzznj3yHOq/+E/lz39XwfuXDD/ry9t/l+dO673MxcDmBOvrDeifwitJY4IAAAAvvjOOf+V+d999No31rc0vjZtyLWr/3X2jRdX1C298i9ffOhvN42/+sytjb/58zv2eXjyhGe+dO4hy054fZ+DL2s88637/mLeuAev6nvLD+ff8YOC+X9DafP/uAcrcyg42duxJl7//4r+IXReWr8+CSyNwz2rfwj7dKZaYonkgvqjYonmJLA07jAZFEu0tuRX1TsGlqcCb9RlAmtSgbUxkNlLcUfI7Mq5ti6E4Z2psfklpscS9anAN2OgIRVoioHmVKBfDIxMBX7fLxNoSQWejIEwJX9b3dcvs60AAAC2RGaeVZl/N6TnecsrustQ1l2GPt1lKO8uQ3V3GYqNIt6/N2aoTJ28UpaTqTJda02qloIM8WL4W9yvggzhmfyc6YIFTcfzD7LnG5TlZ3jg5K/ec9WCyYPKf/XR2qWt790/ccWts49eec5Df/fEpH0X3XX93gXz/+bS5v998m+T1tfG+f/m6/8lgcdj966Lp443xMD6Y/IDmR0Da+Nk96psVS2ZEplJ+1WxxMgYaEgFpsfAyFSgdWwmsHC3/EBmpp1t/Ips41MyJXICAAAA8JmLOwjibpo4///jsmePeqxi0V3/+ur4u+6d89Y99/70nntuvXf07Zu+/twVF7970UcF8/+Rpc3/Y3t9cxu7Mvbmt/1CWFm2uTfZwODaJBD3Y9TGn8cPrA1hp5wdHNkSbX2SElWphsNjNckv1KvSVf2oJlljIN4f98tHVs/rSFxfE8L+OXtfsm38e3XSRk060FiVBPqkA9MqkkDc85MNrCpPArDVsnsF4wsqc6pLVn3X5Yq8/r4o1wRND69gH2gX+br6zdX2Up1+ILNPNWvLnraC6tguCt4ea7zbeuK7rd67LfeLVOYbysebQ9WhfFLb5Amz2mfGR3J/yVpgOz3Pub9SLSW9DV6Hcz59b7tXne5Ac+rjo7nrcl2/DstidY+fP/DOBY1jdr354Q2TX696dkHJ3Sgi/lD4maoB9bmbd3urDpnXXI/7PGnxedIT/w00eNpCCBsuPeG6kVXTr1g5+pAj93rttFOqZ7437+/vf+mBd/f9xxUTh31tQMH8v6W0+X9F6rbTH+PGvLB/CAfmbNx1cfMf3z/5HMwJJJ+SOxcGkkPur9YV/eQEAACAbS27uyO7v2BK5jY5ITw9Ty7M37KF+eP+ipFd5i+13z8adMpe9+9297hrTz3qpn/+zdh+G8e/uOSYFa1HNS49+mf/6cyaeQXz/9ZPnv/3TnXT8X/H/9lOHP/v0o6+K7p3+oE5W7UruqA6tgvH/7u0o7/bHP/vkuP/jv93xfH/bjj+36Ud/Wkr+JY03ZeuEMKwMWcMrr1r8BPvD1z96yeemvJvc1sn3PONq27Z8+Nv1y9eUL9r34L5//TS5v/W/+t60b7s+n+txdb/m15s/b851v8DAAC2qyILzaXneQWr9xVkSK/eV5Ch2wUCu11i0Pp/W7z+32NHHTl++ejFv16z95gDLus7d+6puzx504stM9+vue2D93f7xYGjCub/c0qb/8eXQ9/c1nvK+n8NY4tUdU0MTLcwIAAAADuiYjsIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+HztfsN1449prj7pN8dfWjP6+w+tO6D6mldOvXTZhFsnfeX28wfNWrFkSeWfnt940uTv3HB444aVE14IYUpnubKkeNnpi1f8YNUF3/jWg6fddPe7e85eWp2ptzJzu2de7tjqh3UhLMx5pDYm3q7ruLM5MG703bMrOhLr6kLYLzcw9fKpO3UkFteFcEBuYPXpg3brSFyeLvHQK8e91pE4Mx04cfCA9zsSR2YCZenu/kO/pLtl6e7O6xdC/5xAtrvn9suvKtvGCZlAebqNf6pN2oiB2lj0xtqkjRhojyWm9A5hSEUIvdJV/aw6qapXuqr/XZ1U1Std1WXVIYwIIVSkq/p1VVJVRXrkz1QlVcXA7vvesbGxI7GoKoQhuYEXxi8a3pGYkQpkGz+lKoS9O14y6cbvq0war0w3fkNlCF8JIVSlS2yqSEpUpUtsqAhh55zA5o1YEcLswBdD/PSZlPvghbMvnjqhvb1txnZMVGXaqgmTp7S3NU2c1j6pOtWnYspy0h/P/fRjf3njJRM7bu8a1dS/lHRFplxlZ5eHVebdPWRH733sV5/cSjY/HwX1x/xVoW/oPevCthlNF02YOXPG0ORvqdmHJX97ZaLJthraU7ZVY24lQ2aeN33IhbMvHjzlvAlnt53ddv5hww874ohhhx46fEjHoJqTv9tipIs++5F+uSKnks/i/S8hIdHTEuV5n27NO/rneMEX/c0drQzVnR/QBdOK3CxlnaPcFoM+9lOO+NN8Tel2REMLJg4FWYZ1n+WQgsnE5iw1SZbOr3UFk8Pcmso7N2m8Xx6amnoV2w71+XdzN+9bW7F5X8xsulLTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMD/ZwcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IFjAQAAAABh/tZh9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFwKAAD//y85Ijg=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x130)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
fallocate(r1, 0x0, 0xeffb, 0x9)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r0, 0x0)

6.262134999s ago: executing program 7 (id=2696):
r0 = socket$inet6(0xa, 0x3, 0xff)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x7, 0x2, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
dup2(r0, r0)

5.919721148s ago: executing program 9 (id=2701):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = syz_io_uring_setup(0xa0, &(0x7f00000002c0)={0x0, 0x305cc6, 0x1, 0x3, 0x20a}, &(0x7f0000000100)=<r2=>0x0, &(0x7f00000000c0)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0xc000000, &(0x7f0000000000)=[{&(0x7f0000001600)=""/4096, 0x1000}, {0x0}], 0x2, 0x12})
io_uring_enter(r1, 0x847ba, 0x0, 0xe, 0x0, 0x0)

5.737688069s ago: executing program 9 (id=2702):
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600002, 0x600002, 0x7, &(0x7f0000a00000/0x600000)=nil)

5.448485062s ago: executing program 7 (id=2703):
r0 = io_uring_setup(0x8c3, &(0x7f0000000280)={0x0, 0x93d0, 0x2, 0x42, 0xfc})
ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000000)={0x0, 0x0, 0x0, &(0x7f00000004c0)=""/243, 0x0, 0x80a0000})
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e20, @private=0xa010100}]}, &(0x7f0000000180)=0x10)
io_uring_enter(r0, 0x100000, 0x2, 0xf, &(0x7f0000000000), 0x18)

5.341806464s ago: executing program 8 (id=2704):
openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r0 = syz_io_uring_setup(0x49a, &(0x7f0000000140)={0x0, 0x79af, 0x3180, 0x1, 0x40024e}, &(0x7f0000000340)=<r1=>0x0, &(0x7f0000000040)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000001c0)=@IORING_OP_WRITE={0x17, 0x48, 0x4007, @fd_index=0x3, 0x88, 0x0, 0x0, 0x6, 0x1})
io_uring_enter(r0, 0x627, 0x4c1, 0x63, 0x0, 0x0)

2.962429605s ago: executing program 7 (id=2706):
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000059"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x16, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000005c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, @flow_dissector=0x11, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000000)={r1, 0x2000000, 0xe, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)

2.962203662s ago: executing program 9 (id=2708):
socket$inet_udplite(0x2, 0x2, 0x88)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f00000003c0)={0x385200080, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r0}}, 0x58)

2.950768831s ago: executing program 8 (id=2709):
r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f0000000340)={{0x1, 0x3}})
readv(r0, &(0x7f00000002c0)=[{&(0x7f0000000080)=""/119, 0x77}], 0x1)
ioctl$SNDRV_TIMER_IOCTL_START(r0, 0x54a0)
readv(r0, &(0x7f0000000200)=[{&(0x7f0000003140)=""/4096, 0x8}], 0x2)

2.949703807s ago: executing program 1 (id=2719):
syz_mount_image$nilfs2(&(0x7f0000000000), &(0x7f0000000300)='./file2\x00', 0x0, &(0x7f0000000040)=ANY=[@ANYRES16=0x0], 0x1, 0xabd, &(0x7f0000000e00)="$eJzs3U2MW0cBAODx7nqz2x/ilIQuaWgTCm356abZLOEngqRKhETUVIhLpYpLlKYlIgSJIgFVJZKcuNGqChInfsSpl6ogJHpBUU9cKtFIFVJPhQMHoiAqcSiBxCj2zNvniZ1nb3btdfx90ux43szzzPM+P7+/eROAiTXV+ru8vFAL4fwbrxz+x0N/n78+5UBRotH6O1NK1UMItZieyd7vvel2fPX9F493i2thqfU3pcOTl4t57wwhnAk7w4XQCNvPX3z5raUnjp49cm7X26/uv7Q+Sw8AAJPl6xf2L2/765/v23LltfsPhk3F9LR/3ojpu+J+/8G445/2/6dCZ7pWCmWzWbmZGKbmO8tNdylXrqeelZvpUf9sVn+9R7lN4eb1T5emdVtuGGdpPW6E2tRiR3pqanGxfUweWsf1s7XF0ydPPfv8iBoKrLl/PxBC2FkKh851pjdaOLAB2rDK0NwAbRjLcHB4dV1pto18mYcUmptHvQUCaMuvF97gTH5m4dYU7zbTX/2XH5/qPj+sgWGv/wPVPzvi+oP6f3PWFoe1c7uuTWm50vforpjOryPk9y/1/v7lVzo6p+bXI+p9trPXdYRxub7Qq53TQ27HavVqf75e3K6+HOP0OXylI/eBju9P/j8dl/8x0N0H+fl/QRA2dggd6fqtvFdzxNsfYOPK75trpuujUX5fX56/qSJ/riJ/viL/jor8OyvyYZL97vs/DS/VVs535cf0g50PnyvOs90d4w8N2J78fOSg5+Pz+34Hdav15/cTw0b2h2NPnfjCM09fbN//XyvW/2txfU+HG4343boQC6Tzhfl59eLe/0ZnPVM9yt2TtefuLuVbr7d2lqttXXmfUNrO3NCOhc75Nvcqt6OzXCMrNx/DXNbefP/kjmy+tP8x3d71KOabyZa3ni3HbNaOtF3ZEuO8HbAa6fvb6/7/tH4uhHrt2ZOnTjwW02k9/dN0fdP16XuG3G7g1vXb/2chdPb/uauYXp8qbxc2r0yvtbcLr8f365y+VNRTml76UUu/c9+anm+VXzz+3VPPrPGyw6R7/kcvfPvYqVMnvufFql98dWM0Y5AX6bBlo7THi0Ff7FzvKka8YQLW3e4ft3cCHj35nWPPnXjuxOm9+/btXVra98W9y7tb+/W7y3v3ZWdG0FpgLa386I+6JQAAAAAAAAAAAEC/fnDk8MV33vz8u+3+/yv9/1L//3Tnb+r//5Os/3/eTz71g0/9ALd0yW+VyR6wOpuVq8fw4ay9W7N6tmXzfSTGxTh+sf9/qi5/rmtqz73Z9HqPZPY4gRuelzKbPYMkHy/w4zE+F+NfBxih2nz3yTG+yfOtax+U1vX0fIpSF96m5wOPj/R/a60NpUcapf7fXZ/r1KW/NuNlGD0WR72MQHf/nKjnf/9rZcFH3hahd5gZbn0/n9x1otlzL73fEWwA1saox/9M5z1TfPqPX5u7HlKxy493bi/z55fCIP7yTmd6o48/ud715+P2Dbv+US//sMf/LMa/63v7l42Y11hdvf/5xaV3S9WG7f3Wny9/eg701sHqvxLrT0vzcOiv/uavsvrzC0J9+m9W/x191n/D8u9YXf3/i/Wnj+2RB/utv93i2lRnO+az5UjX//LzxsnVbPnTsz1vUv83Xui2/KscqPFarB8mWdU4s+M6nkW2H1HstK9+/N/ozNqO/1s0Ntus5fdhfC6m04Y43eeQj3cyaPvT/RXpd2Bb9v61it834/+Oty/FuOr7kMb/TetjI/7kl9KtzzKl610+23EZ0xomxXsTdf1vWOFS+zBodfPPjb79wgChOb2K+Yr96hG3v9lsru8JrQojrZyRf/6jPk4Ydf2j/vyr5OP/5vvw+fi/eX4+/m+en4//m+fPx/9Qr/x8/N/888zH/83z783eNx8feKEi/6MV+du75xeH7fdVzL+jIv9jFfm7ivwDHSVS/v03nX+lXK/3v6ci/8GK/E9U5H+yIv+hivxHSvnlMaBT/qcq5r/dpf4ocfnrk7b8MMny/nm+/zA50vWfXt//rRX5wPj62Wt7Dj3922822v3/Z4vzIek63sGYrsfjpx/GdH7dO5TS1/PejOm/Zfkb/XwHTJL8+Rn57/vDFfnA+Er3efl+wwSqzXWfHOOq51b12s9nvHw6xp+J8Wdj/GiMF2O8O8Z7Yrw0pPaxPg69/vv9L9VWjvc3Z/n93k+e9wfqeE5UCGFvn+3Jzw8Mej97/hy/Qd1q/avsDgYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAyU62/y8sLtRDOv/HK4aeOntx9fcqBokSj9XemlKoX84XwWIynY/zL+OLq+y8eL8fXYlwLS6EWasX08OTloqY7Qwhnws5wITTC9vMXX35r6YmjZ4+c2/X2q/svrd8nAAAAALe//wcAAP//di0VJA==")
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
fcntl$setstatus(r0, 0x4, 0x6000)
io_setup(0x202, &(0x7f0000000200)=<r1=>0x0)
io_submit(r1, 0x3b, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x0, 0x1, 0x0, r0, &(0x7f0000000000), 0x4000, 0x2000}])

2.758413438s ago: executing program 0 (id=2710):
unshare(0x22020000)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x4c, 0x2, 0x6, 0x201, 0xe4340000, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x4c}}, 0x2)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)={0x5c, 0x9, 0x6, 0x801, 0x0, 0x0, {0x7}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x34, 0x7, 0x0, 0x1, [@IPSET_ATTR_IP={0x18, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV6={0x14, 0x2, 0x1, 0x0, @remote}}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0xe1f}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x88}, @IPSET_ATTR_PORT_TO={0x6, 0x5, 0x1, 0x0, 0x4e22}]}]}, 0x5c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90)

2.736538656s ago: executing program 9 (id=2711):
timer_create(0x0, 0x0, &(0x7f0000000300)=<r0=>0x0)
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9)
timer_delete(r0)

2.522317737s ago: executing program 0 (id=2712):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0xa4242, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x7, 0x38011, r0, 0x0)
r1 = dup(r0)
write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c)
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)

2.522114376s ago: executing program 7 (id=2713):
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
eventfd2(0xa, 0x0)
pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0xffffffffffffffff, 0x0, 0x800, 0x2, 0x80000000000004, 0x6}, 0x0, &(0x7f0000000400)={0x1f, 0x0, 0x800000000000, 0x0, 0x1000000000, 0x0, 0xfffffffffffffffe}, 0x0, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x3, 0x0, @loopback}, 0x1c)
shutdown(r0, 0x1)

2.513932485s ago: executing program 6 (id=2714):
mmap$IORING_OFF_SQES(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x4, 0x93031, 0xffffffffffffffff, 0x10000000)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000ffb000/0x2000)=nil, 0x2000, &(0x7f0000002d80)='\x00')
r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='smaps\x00')
read$FUSE(r0, &(0x7f0000005780)={0x2020}, 0x2020)
read$FUSE(r0, &(0x7f0000003740)={0x2020}, 0x2020)

2.380590102s ago: executing program 6 (id=2715):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000003c0)={<r0=>0xffffffffffffffff})
r1 = syz_io_uring_setup(0x497, &(0x7f0000000000)={0x0, 0xf62c, 0x1, 0x3, 0x37d}, &(0x7f0000000340)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_READ_FIXED={0x4, 0x0, 0x4000, @fd=r0, 0x5749d4c5, 0x6, 0x5, 0x4, 0x0, {0x1}})
io_uring_enter(r1, 0x3516, 0x0, 0x0, 0x0, 0x0)

1.939537754s ago: executing program 8 (id=2716):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e20, @empty}], 0x10)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f00000000c0)={<r1=>0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x20}}]}, &(0x7f0000000100)=0x10)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f0000000240)={0x0, @in={{0x2, 0x0, @empty}}, 0xff, 0x3}, 0x90)
setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000840)={r1, @in6={{0xa, 0x4e20, 0x3ae, @empty, 0x129}}, 0x2, 0x2, 0x614, 0x1, 0xd, 0x7, 0x4}, 0x9c)

1.937158399s ago: executing program 6 (id=2730):
mremap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x3000, 0xa, &(0x7f0000ffb000/0x3000)=nil)
r0 = syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0)
r1 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0)
read$midi(r0, &(0x7f00000012c0)=""/232, 0xe8)
ioctl$SNDCTL_SEQ_PANIC(r1, 0x5100)

1.649455898s ago: executing program 9 (id=2717):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
r0 = syz_open_dev$MSR(&(0x7f0000000080), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
kexec_load(0x1000d0ffc2, 0x1, &(0x7f0000000000)=[{0x0, 0x0, 0x3e0000, 0x2000000}], 0x0)

1.54348861s ago: executing program 7 (id=2720):
sched_setscheduler(0x0, 0x2, 0x0)
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000002, 0x28011, r1, 0x0)
migrate_pages(0x0, 0x3, &(0x7f0000000300)=0x3, &(0x7f0000000040)=0x13e)

1.542687069s ago: executing program 6 (id=2733):
r0 = socket$inet6_udplite(0xa, 0x2, 0x88)
bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4621, 0x3, @ipv4={'\x00', '\xff\xff', @empty}, 0x4}, 0x1c)
setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000000)=0xd, 0x4)
connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e21, 0x659, @empty, 0xff}, 0x1c)
sendto$inet6(r0, 0x0, 0x0, 0x80, 0x0, 0x0)

1.501991383s ago: executing program 0 (id=2721):
r0 = socket$inet6(0xa, 0x5, 0x0)
setsockopt$inet_int(r0, 0x0, 0xf, &(0x7f0000000340)=0xfffffffffffffff9, 0x4)
setsockopt$inet6_int(r0, 0x29, 0x1a, &(0x7f00000003c0)=0x6, 0x4)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000100)=[@in6={0xa, 0x0, 0x0, @loopback}, @in6={0xa, 0x0, 0xffffffff, @private0}], 0x38)
setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_REM(r0, 0x84, 0x65, &(0x7f0000000080)=[@in={0x2, 0x4e23, @private=0xa010101}], 0x10)

1.235135587s ago: executing program 6 (id=2722):
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r0 = add_key$keyring(&(0x7f0000000280), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffe)
r1 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x3}, 0x0, 0x0, r0)
add_key$keyring(&(0x7f0000000440), &(0x7f0000000480)={'syz', 0x3}, 0x0, 0x0, r1)
keyctl$KEYCTL_MOVE(0x1e, r1, r1, r0, 0x0)

1.234278222s ago: executing program 0 (id=2723):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000140)={0x26, 'hash\x00', 0x0, 0x0, 'blake2b-160\x00'}, 0x58)
r1 = accept4(r0, 0x0, 0x0, 0x800)
r2 = accept4$tipc(r1, 0x0, 0x0, 0x0)
setsockopt$sock_int(r2, 0x1, 0x22, &(0x7f00000000c0)=0x1, 0x4)

1.098176256s ago: executing program 1 (id=2724):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000240)='./file0\x00', 0x8c0, &(0x7f0000000100)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6572726f72733d72656d6f756e742d726f2c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c696e74722c6e6f61636c2c001967b9b8a6cdd636d75428f2c5e8054d01858eef552755576e749526b36860cf2511040d1ce5a743ffd83d29d1ba3a54a59d8c7aa249f08d3c8c6d04ac105d67934db6190d59f2323b55a5a4"], 0x1, 0x4431, &(0x7f00000088c0)="$eJzs3b9PHFceAPA3Az6Dz/ZhnwufdNKtdJbudHdC4OoSLAVjbAw2ceTELtKsF1jbJAtrwRKlcEE6S6kipYhSWImUjspCSu38CWlSOrWlpEgTKZIVop2dxcywGzaEhdj6fIod5v2G78zbN8Xw4lTt7vxyYX65UFosVGdvL58tvFetrCyUQ7xPWvZ/aP/6pzPduE5+rc0v92zktHLtwqU3b54N4au5b55ubGxshLre0NLwlp9//OH+7NZjU5yrU2+3dWt75e0Qwqlt46rrCSH0hRCiEML5NG0sPfaHEI6leTfvf3irsEejefSkfK74bPrB+siZqbWH6+1/9yiETyt/+9+dhe/+2TPy7X/2qHsAAAAAAAAAAAAAAAAAAF5wE9ev3XhjaDg8jkLvWrT9fd2J9Nju/diNPfOP7v+yAAAAAAAAAAAAAAAAAAAA8Af1/P3/QnSyxfv/4+lxtE39jde6P0a6Z/L1a+MXh4bT/d+jbfn/T5O+P98TTrTY9z2///v5XP3W+79v72e3muNr9jsQongwcx7Hg4MhfJ5u/H46OhJXqsu1/96urizO7dkwXljZ+Dd2789EJ93Qv8P4x2O59ru///9ft11N9fNbe3eJvdSy8e9pW+6LD6KO7v8LuXr7EX92Lxv/3iStf2uB0cYEUI//R707x38813634n88hFCI6mMtZGaA+hqmnt5uvUJWNv6HkrTM1Jn+Idvd/z/l4n8x1/5Bzf+r+S8iWsrG/09JWl+mxOHkM4l/vPP9fynX/kHEvz7+Vd//HcnGvxHr0JspkvwlO53/J3Ltt43/4d837htxOs7jUeYKWIsa6e3+Xx1Z2fj3bct//vwXd7T+u5yrv1/Pf81+m89/zen/31Hj+Y/WsvHvb1uu0/t/Mlev2/P/aLL+Y7ey8T+SpGXXzgPJZ6fxn8q13634J08lfc34P59Pfj7cSP/M+q8j2fj/uZEYby2xmnwm679o5/X/lVz7B7H+q49/Ne5ury+LbPyPti1Xj//XHXz/X83V6378Qxiy1t+1bPyPtS2X3P99O8d/Olev2/H/VzcbBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgBjKXHgRDFg5nzOB4cDOFCen46HIlmSnPFmUp19t3lEMbT9EI4Gd2pVGdKleL8YnWuXCxVKtXZEC6m+adCX7RcqdaKC6V7lzbb6o/ulktLtZlyqRZCmEjT/x6ONduama8tlO6FEC5v5v0lri7du1taLM7NL706NDQ0FCY3x3AiKr9fKy/WGr03ckOY2qw7EG0ZXJJ9ZXMsR6N3qitLi6VKkn51S51KdbZU2VJnOs37OJyIaksri7OlWrlYqd5p9neQRtPj+OT1t65fHd6WfytqHMf2d1gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/EaPR175JITQ2ziLQwijzR+iVuUfPSmfKz6bfrA+cmZq7eH603blAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgF3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwS8eoCQRRGIDfTIokXY6Rakm6tBsCISmyQfAEegwPo0fxEt7BwsLWQgTZRV13YRutvq95MD8z78E8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGCY71E1/n97j0jxtH+MWE5X6/P8t67zz+77D3eYkdv5+au+Tn+YrvKP+mhT5mO6284m0VEbi9aetPfpss9z71x9+9Y3X9P3JVIuIqKs89eUc1EMewsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgwA4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRR9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC/AgAA////gRtE")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cgroup.controllers\x00', 0x275a, 0x0)
write$cgroup_int(r1, &(0x7f0000000040), 0xfea0)
ioctl$FITRIM(r0, 0x40406f06, &(0x7f0000000180)={0xa0fe, 0x4009, 0x108})

957.555674ms ago: executing program 0 (id=2725):
set_mempolicy(0x8006, &(0x7f0000000040)=0xfff, 0x5)
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000000)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='mm_page_alloc\x00', r1}, 0x18)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000008"], 0x48)

957.187329ms ago: executing program 6 (id=2726):
syz_mount_image$ocfs2(&(0x7f00000002c0), &(0x7f0000000140)='./file1\x00', 0x8c0, &(0x7f0000000500)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6572726f72733d72656d6f756e742d726f2c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c6572726f72733d72656d6f756e742d726f2c61636c2c00a9b504852143b698d2e379891a0dde7f9adfca8cc85bf8e749e04e", @ANYRES16, @ANYRESOCT, @ANYRES16], 0x11, 0x445c, &(0x7f0000004a80)="$eJzs3c9vE9kdAPA3k1ASyo+EcqBSpVoqUqu2ihJOtEFqEgIhgZSKFlT1YpzEQFonRolT9YBEekPtqVIPVQ9oV9pbTij/APsn7GWP7BlpOexlpZXQemV7HDwTezFgh2X1+Rw89vvtfGee3xwmL05U7q5u5lY3c4X1XHn59ubZ3N/Lpa21YogPSNv+Dx1c/3TnNc+TsN37Numhaxcu/fHm2RA+Xvn0WbVarYaawdDWRMv7L7+4v9x6bIozdWrttm+tV/4SQji1b1w1AyGEPycDmk7SZpLjcAjhWAghCiHcvP/vW7kejebx0+L5/IvFh7uTZxZ2Hu12/u5RCP8v/fjXd9Y+/9nA5Ge/7FH3AAAAAAAAAAAAAAAAAAC85+auX7vxh/GJ8CQKgzvR/ud155Jjp+djqz3z005D/FdPvzAAAAAAAAAAAAAAAAAAAAB8B718/j8XnWzz/P9scpzqUL/6uw4Zh3s7Tvpj/vfXZi+OTyT7v0f78s8lSc+nB8Jom33fs/u/T2fqt9//PWl04O3H3xxfs9+REMVj1Qd7+SMhjsfGQvgw2fj9dHQkLpU3K7+6Xd5aX3n7/t936fg3NstPnQXJ/vndxn8m037/9///UcietbXPt/afyrSRjn/nC/Kjf0Zdxf9Cpt5BxJ83l47/YD1tuLXAVGMCqMX/P4Ovjv9spv1+xf94CCEX1caaS80AtTVMLb3TeoW0dPwP1dNSU2fyh+x0/X+Vif/FTPud4n+i/vqDHnyD9vP/dvaHiLbS8W/EYyhV4uX1Pxp3vv6bc8alTPvv4ve/Nv5tv/9dScc/uWkbTBWp/yW7nf/nMu33K/434mScx6PUGbATNdI7/b860tLxH9qXfy5q3KU9n467Wv9dztT/1vu/Hmje/zX7rd//tdyH/CJq3P/RXjr+wx3LdXv9z2fq9Xv+n6qv/3hT6fgfqael184j9ddu47+Qab9f8a+vSoaa8X85n3x9uJH+gfVfV9Lx/2EjMW4tsV1/ra//onTcq9Xqg+z6/0qm/Xex/quNfzvub6/fF+n4H+1Yrhb/T7r4/b+aqdf/+Icwbq3/xtLxP5bJnapWq4139et/6NXxX8y00O/4/7yfjQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8B2aS40iI4rHU5zgeGwvhQvL5dDgSLRVW8kul8vLfNkOYTdJz4WR0p1ReKpTyq+vllWK+UCqVl0O4mOSfCkPRZqlcya8V7l3aa2s4ulssbFSWioVKCGEuSf9JONZsa2m1sla4F0K4vJd3Ii5v3LtbWM+vrG78dnx8fDzM741hNCr+o1JcrzR6b+SGsLBXdyRqGVw9+8reWI5Gfy1vbawXSvX0qy11SuXlQqmlzmKS998wGlU2ttaXC5VivlS+0+zvXZpKjrPz1/90/erEvvxbUeM4c7DDAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOA1PZn8zf9CCIONT3EIYar5JmpX/vHT4vn8i8WHu5NnFnYe7T7rVA4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Bt24EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsEvHKBEDURiA34yF2nkMq5B0tgmKaGFE8AR6DA8Tj+IlvIOFha2FCGYGNO5Cmt3q+5oH+Xl5PyQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKxzeTfe37ZdRIqjr8OIl8fXt9/5dZnTMM+82D/YU0924+pmPL9ou/Ld07/8rDx67/NP+vnx9BAbZvU8/N1f/k+zeud4a69pWNe/9qt3TyLlJiL6kp+mnJtm3bsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+GYHDgQAAAAAgPxfG6GqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoKO3AsAAAAACDM3zqKvg0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgVwAAAP//xmUngw==")
openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
truncate(&(0x7f0000000900)='./file1\x00', 0x3000000)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000d80)='./file1\x00', 0x143042, 0x0)
ioctl$FS_IOC_FIEMAP(r0, 0xc020660b, &(0x7f0000005880)=ANY=[@ANYBLOB="010000000000000080e0"])

805.249154ms ago: executing program 8 (id=2727):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f0000000100)='memory.numa_stat\x00', 0x0, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x14)
sendfile(r2, r1, 0x0, 0x17)

634.166071ms ago: executing program 7 (id=2728):
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000005c0)='./file1\x00', 0x8205, &(0x7f0000001340)={[{@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0x15}}, {@stripe}, {@grpid}, {@errors_remount}, {@data_err_ignore}, {@noblock_validity}, {@minixdf}, {@min_batch_time={'min_batch_time', 0x3d, 0x13}}]}, 0x1, 0x60a, &(0x7f0000001c40)="$eJzs3c9rHNcdAPDvzEqqZKuVXYqpTUsFPdhQrB+uqduebF/qg6GG+lBCDhaW5AivbGHJEDuGyJBDAgmEkGsIvuQfyD2YXHMLgSS3nANOCA45JMEbZnbHXla78lrR/pDn84FZvXkzu+999+lp3uzo7QRQWtPZQxpxOCIuJRFTTdsmo75xurHfw+/uXM6WJGq1/32bRNLIK/Z/1Pi5P3tIIsYj4tOzEb+vbC13/dbtqwvVWt2rEbMbq2uz67duH19ZXbiydGXp2vyJf548Nfev+ZPzuxJnEde58//901uvvfSP5c+qx5M4HRdHX1mMljh2y3RMx6NGiM35IxFxKku0eV/2miKEZMD1YGcqjd/H0Yg4FFNRydfqpmLlzYFWDuipWiWiBpRUov9DSRXjgOLcvhfnwcPswZn6CdDW+Efqn43EeH5utO9h0nRmVD/fPbAL5Wdl/HznyHvZEh0+hxjZhXI62bwbEX9sF3+S1+1A/ilOFn8aadPzsvRcRIw13ot0h+VPt6z3+/fvWeJvbocs3tONn1n+2R2WP+j4ASin+2caB/LNbO3J8S8bGRbjn2gz/plsc+zaiUEf/zqP/4rj/Xj+GXnaMg7LxjwX2r/kaGvGV2+ce6dT+c3jv2zJyi/Ggv3w4G7EkZb4X88Hc8nj9k/atH+2y6Uuy/jP59+c67Rt0PHX7kUcbXv+8+SKVpaa3VhdK/Jark/OLq9Ul+bqj23L+OiTFz/oVP6g48/aPzrEv137Z3lrXZbx4YV7q522TT41/vTrseRinhpr5Ly8sLFxYz5iLDnf2KUp/8T2dSn2KV4ji//YX9v3/23izxt6s8v41/5/9WE9tfUqadftv+WvSu5Rrcs6dJLFv7jD9n+7yzJ+eOHmn1uyJorEdvFPbH2ppNv3HAAAAAAAAMooza/BJunM43SazszU5/D+Ifal1evrG39bvn7z2mLEsfz/IUfT4kr3VH09ydbnG/8PW6yfaFn/e0QcjIh3KxP5+szl69XFQQcPAAAAAAAAAAAAAAAAAAAAQ2J/Y/5/cZ/q7yv1+f9d2TjU49oBPdfLG8wBw03/h/LK+/9O7+AK7GmO/1Be+j+Ul/4P5aX/Q3np/1Be+j+Ul/4P5aX/AwAAAMBz6eBf7n+ZRMTmvyfyJTPW2DY60JoBvfbsfXy6J/UA+q/S16cBw+TxpX/T/6F0uhr//9j4csDeVwcYgKRdZj44qG3f+e+3fSYAAAAAAAAAAAAA0ANHD5v/D2WVxseDrgIwIL9iIr/vAIA9zlf/Q3k5xweeNot/vNMG8/8BAAAAAAAAAAAAoG8m8yVJZxq3AJ2MNJ2ZifhtRByI0WR5pbo0FxG/i4gvKqO/ydbnB11pAAAAAAAAAAAAAAAAAAAAeM6s37p9daFaXbrRnPhpS87znSjugjos9WlORNL/QiciYhhi701ipCknidjMWn4oKnZjPYaiGmlejQH/YQIAAAAAAAAAAAAAAAAAgBJqmnvc3pH3+1wjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOi/J/f/33kiecrrDDpGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGBv+iUAAP//q+Q5KA==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r0, 0x8004587d, &(0x7f0000000080)={@desc={0x1, 0x0, @desc1}})
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90)
getdents64(r1, &(0x7f0000001f80)=""/4097, 0x1001)

525.967199ms ago: executing program 0 (id=2729):
r0 = socket(0x1e, 0x4, 0x0)
setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000140)=@req3={0x7813, 0x3, 0x0, 0x7d, 0x1ff, 0x1, 0x1}, 0x1c)
recvmmsg$unix(r0, &(0x7f0000002d00)=[{{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000940)=""/4096, 0x1000}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x400000a0, 0x0)
sendmmsg(r0, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000)
readv(r0, &(0x7f0000000240)=[{&(0x7f0000000180)=""/64, 0x40}], 0x1)

445.544179ms ago: executing program 8 (id=2731):
prlimit64(0x0, 0x6, &(0x7f0000000140), 0x0)
r0 = syz_io_uring_setup(0x110, &(0x7f0000000140)={0x0, 0xfec9}, &(0x7f0000000240)=<r1=>0x0, &(0x7f0000000280)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0xc, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x842a}})
io_uring_enter(r0, 0xdb4, 0x0, 0x0, 0x0, 0x0)

137.938415ms ago: executing program 9 (id=2732):
r0 = semget$private(0x0, 0x6, 0x200)
semtimedop(r0, &(0x7f00000003c0)=[{0x0, 0x1}], 0x1, 0x0)
semop(r0, &(0x7f00000000c0)=[{0x4, 0xfffc}], 0x1)
semop(r0, &(0x7f0000001240)=[{}, {0x0, 0x0, 0x2000}], 0x2)
semctl$SETVAL(r0, 0x2, 0x10, 0x0)

0s ago: executing program 8 (id=2734):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000bc0)=ANY=[@ANYBLOB="0b000000080000000c0000000000008001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x21, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000400)='mm_migrate_pages\x00', r1, 0x0, 0x5}, 0x18)
mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2)

kernel console output (not intermixed with test programs):

device number 5
[  346.422952][ T5847] dvb-usb: Artec T14 - USB2.0 DVB-T successfully deinitialized and disconnected.
[  346.469220][ T5925] elan 0003:04F3:0755.0020: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.6-1/input0
[  346.497311][ T5925] usb 5-1: USB disconnect, device number 19
[  346.518629][T10798] loop1: detected capacity change from 0 to 32768
[  346.543657][T10798] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  346.565311][T10798] (syz.1.1782,10798,0):ocfs2_read_blocks_sync:112 ERROR: status = -12
[  346.574099][T10798] (syz.1.1782,10798,0):ocfs2_get_suballoc_slot_bit:2811 ERROR: read block 8589934592 failed -12
[  346.584716][T10798] (syz.1.1782,10798,0):ocfs2_get_suballoc_slot_bit:2844 ERROR: status = -12
[  346.594260][T10798] (syz.1.1782,10798,1):ocfs2_test_inode_bit:2926 ERROR: get alloc slot and bit failed -12
[  346.604474][T10798] (syz.1.1782,10798,1):ocfs2_test_inode_bit:2967 ERROR: status = -12
[  346.613306][T10798] (syz.1.1782,10798,1):ocfs2_get_dentry:78 ERROR: test inode bit failed -12
[  346.707406][ T5835] ocfs2: Unmounting device (7,1) on (node local)
[  347.879763][T10832] (syz.7.1796,10832,0):dlmfs_mkdir:421 ERROR: invalid domain name for directory.
[  347.937650][T10834] sp0: Synchronizing with TNC
[  348.000006][   T49] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  348.179472][   T49] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  348.199907][   T49] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  348.217726][   T49] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  348.235653][   T49] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  348.250109][   T49] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  348.270084][   T49] usb 1-1: config 0 descriptor??
[  348.610892][ T5912] usb 7-1: USB disconnect, device number 9
[  348.694647][   T49] plantronics 0003:047F:FFFF.0021: reserved main item tag 0xd
[  348.740327][   T49] plantronics 0003:047F:FFFF.0021: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  348.754065][T10850] vivid-004: =================  START STATUS  =================
[  348.763480][T10850] vivid-004: Radio HW Seek Mode: Bounded
[  348.770834][T10850] vivid-004: Radio Programmable HW Seek: false
[  348.777137][T10850] vivid-004: RDS Rx I/O Mode: Block I/O
[  348.783110][ T5912] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  348.790795][T10850] vivid-004: Generate RBDS Instead of RDS: false
[  348.797166][T10850] vivid-004: RDS Reception: true
[  348.820337][T10850] vivid-004: RDS Program Type: 0 inactive
[  348.826296][T10850] vivid-004: RDS PS Name:  inactive
[  348.831935][T10850] vivid-004: RDS Radio Text:  inactive
[  348.837554][T10850] vivid-004: RDS Traffic Announcement: false inactive
[  348.898893][T10850] vivid-004: RDS Traffic Program: false inactive
[  348.905326][T10850] vivid-004: RDS Music: false inactive
[  348.919451][T10850] vivid-004: ==================  END STATUS  ==================
[  348.950592][ T5912] usb 7-1: Using ep0 maxpacket: 16
[  348.966467][ T5912] usb 7-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 178, changing to 11
[  348.993312][   T49] usb 1-1: USB disconnect, device number 18
[  348.998020][ T5912] usb 7-1: config 0 interface 0 has no altsetting 0
[  349.016022][ T5912] usb 7-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  349.047702][ T5912] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  349.072942][ T5912] usb 7-1: config 0 descriptor??
[  349.133544][T10846] loop8: detected capacity change from 0 to 32768
[  349.272791][T10846] XFS (loop8): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  349.327327][T10846] XFS (loop8): Ending clean mount
[  349.504161][ T9720] XFS (loop8): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  349.520130][ T5912] hid (null): global environment stack underflow
[  349.538079][ T5912] hid (null): unknown global tag 0xd
[  349.568479][ T5912] hid (null): unknown global tag 0x86
[  349.594628][ T5912] hid (null): unknown global tag 0x90
[  349.604456][ T5912] hid (null): unknown global tag 0xe3
[  349.619923][ T5912] hid (null): unknown global tag 0xc
[  349.632462][ T5912] hid (null): invalid report_size 249916996
[  349.807684][ T5912] usb 7-1: USB disconnect, device number 10
[  350.261766][T10871] loop7: detected capacity change from 0 to 40427
[  350.266642][T10886] geneve2: entered allmulticast mode
[  350.288795][T10871] F2FS-fs (loop7): build fault injection rate: 690
[  350.297040][   T62] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 20004 - 0
[  350.316601][   T62] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 20004 - 0
[  350.325687][T10871] F2FS-fs (loop7): invalid crc value
[  350.339589][   T62] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 20004 - 0
[  350.372779][   T62] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 20004 - 0
[  350.565034][T10887] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  350.663717][   T30] audit: type=1326 audit(1761472670.212:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10892 comm="syz.1.1814" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f8ac478efc9 code=0x0
[  350.685414][    C1] vkms_vblank_simulate: vblank timer overrun
[  350.703026][T10871] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  350.769724][T10871] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  350.787880][T10887] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  350.800656][ T5925] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  350.884302][T10887] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  350.944031][T10900] hsr0: entered promiscuous mode
[  350.952816][T10900] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1819'.
[  350.978193][ T5925] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  350.989902][ T5925] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  351.010318][ T5925] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  351.013495][T10887] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  351.019378][ T5925] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  351.040671][T10894] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  351.054531][ T5925] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  351.085068][ T9642] syz-executor: attempt to access beyond end of device
[  351.085068][ T9642] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  351.100065][ T9642] CPU: 1 UID: 0 PID: 9642 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  351.100112][ T9642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  351.100134][ T9642] Call Trace:
[  351.100146][ T9642]  <TASK>
[  351.100159][ T9642]  dump_stack_lvl+0x16c/0x1f0
[  351.100207][ T9642]  f2fs_handle_critical_error+0x624/0x9f0
[  351.100250][ T9642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  351.100296][ T9642]  ? f2fs_build_fault_attr+0x53/0x1f0
[  351.100369][ T9642]  f2fs_write_end_io+0x958/0xcf0
[  351.100419][ T9642]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  351.100469][ T9642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  351.100528][ T9642]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  351.100570][ T9642]  bio_endio+0x713/0x860
[  351.100634][ T9642]  submit_bio_noacct+0x306/0x1f60
[  351.100687][ T9642]  __submit_merged_bio+0x33c/0x770
[  351.100740][ T9642]  __submit_merged_write_cond+0x319/0x3f0
[  351.100799][ T9642]  f2fs_write_cache_pages+0x2067/0x2570
[  351.100883][ T9642]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  351.100940][ T9642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  351.101002][ T9642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  351.101045][ T9642]  ? __lock_acquire+0x622/0x1c90
[  351.101155][ T9642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  351.101202][ T9642]  ? find_held_lock+0x2b/0x80
[  351.101293][ T9642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  351.101337][ T9642]  ? mod_memcg_lruvec_state+0x389/0x5f0
[  351.101396][ T9642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  351.101451][ T9642]  f2fs_write_data_pages+0x4ad/0xd90
[  351.101515][ T9642]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  351.101563][ T9642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  351.101628][ T9642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  351.101680][ T9642]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  351.101737][ T9642]  do_writepages+0x27a/0x600
[  351.101783][ T9642]  ? __pfx_do_writepages+0x10/0x10
[  351.101819][ T9642]  ? do_raw_spin_unlock+0x172/0x230
[  351.101863][ T9642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  351.101907][ T9642]  ? _raw_spin_unlock+0x28/0x50
[  351.101951][ T9642]  filemap_fdatawrite_wbc+0x104/0x160
[  351.101995][ T9642]  __filemap_fdatawrite_range+0xb9/0x100
[  351.102048][ T9642]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  351.102168][ T9642]  ? find_held_lock+0x2b/0x80
[  351.102219][ T9642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  351.102265][ T9642]  ? do_raw_spin_unlock+0x172/0x230
[  351.102309][ T9642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  351.102363][ T9642]  f2fs_sync_dirty_inodes+0x2a2/0x980
[  351.102441][ T9642]  block_operations+0x2b0/0xfe0
[  351.102492][ T9642]  ? __pfx_stack_trace_save+0x10/0x10
[  351.102558][ T9642]  ? __pfx_block_operations+0x10/0x10
[  351.102614][ T9642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  351.102725][ T9642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  351.102775][ T9642]  ? ktime_get+0x200/0x310
[  351.102829][ T9642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  351.102874][ T9642]  ? lockdep_hardirqs_on+0x7c/0x110
[  351.102917][ T9642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  351.102962][ T9642]  ? rcu_is_watching+0x12/0xc0
[  351.103020][ T9642]  f2fs_write_checkpoint+0x32b/0x5300
[  351.103077][ T9642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  351.103129][ T9642]  ? kfree+0x2b8/0x6d0
[  351.103171][ T9642]  ? f2fs_stop_gc_thread+0x79/0xd0
[  351.103232][ T9642]  ? _raw_spin_unlock_irqrestore+0x3b/0x80
[  351.103289][ T9642]  kill_f2fs_super+0x3d6/0x490
[  351.103345][ T9642]  ? __pfx_kill_f2fs_super+0x10/0x10
[  351.103421][ T9642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  351.103486][ T9642]  deactivate_locked_super+0xc1/0x1a0
[  351.103541][ T9642]  deactivate_super+0xde/0x100
[  351.103603][ T9642]  cleanup_mnt+0x225/0x450
[  351.103663][ T9642]  task_work_run+0x150/0x240
[  351.103708][ T9642]  ? __pfx_task_work_run+0x10/0x10
[  351.103746][ T9642]  ? srso_alias_return_thunk+0x5/0xfbef5
[  351.103796][ T9642]  ? __pfx___x64_sys_umount+0x10/0x10
[  351.103867][ T9642]  exit_to_user_mode_loop+0xec/0x130
[  351.103911][ T9642]  do_syscall_64+0x426/0xfa0
[  351.103960][ T9642]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  351.103998][ T9642] RIP: 0033:0x7f90841902f7
[  351.104026][ T9642] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  351.104064][ T9642] RSP: 002b:00007fff19d7aaf8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  351.104099][ T9642] RAX: 0000000000000000 RBX: 00007f9084211d7d RCX: 00007f90841902f7
[  351.104122][ T9642] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff19d7abb0
[  351.104146][ T9642] RBP: 00007fff19d7abb0 R08: 0000000000000000 R09: 0000000000000000
[  351.104169][ T9642] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff19d7bc40
[  351.104193][ T9642] R13: 00007f9084211d7d R14: 0000000000055ac6 R15: 00007fff19d7bc80
[  351.104250][ T9642]  </TASK>
[  351.104799][ T9642] F2FS-fs (loop7): Stopped filesystem due to reason: 3
[  351.302444][ T5925] usb 7-1: USB disconnect, device number 11
[  351.460065][T10900] hsr_slave_0: left promiscuous mode
[  351.607307][T10900] hsr_slave_1: left promiscuous mode
[  351.638531][T10900] hsr0 (unregistering): left promiscuous mode
[  351.738080][   T62] netdevsim netdevsim4 eth0: set [1, 0] type 2 family 0 port 20004 - 0
[  351.790221][   T60] netdevsim netdevsim4 eth1: set [1, 0] type 2 family 0 port 20004 - 0
[  351.836903][ T1164] netdevsim netdevsim4 eth2: set [1, 0] type 2 family 0 port 20004 - 0
[  351.871082][ T1164] netdevsim netdevsim4 eth3: set [1, 0] type 2 family 0 port 20004 - 0
[  352.961292][T10924] netlink: 'syz.6.1829': attribute type 39 has an invalid length.
[  353.709804][T10949] loop6: detected capacity change from 0 to 64
[  354.364299][T10959] netlink: 83 bytes leftover after parsing attributes in process `syz.6.1845'.
[  355.111383][T10978] capability: warning: `syz.8.1856' uses 32-bit capabilities (legacy support in use)
[  355.434451][T10965] loop6: detected capacity change from 0 to 40427
[  355.464727][T10965] F2FS-fs (loop6): build fault injection rate: 14
[  355.472764][T10965] F2FS-fs (loop6): build fault injection type: 0x3bfe8c
[  355.515438][T10965] F2FS-fs (loop6): invalid crc value
[  355.534824][    C0] F2FS-fs (loop6): inject read IO error in f2fs_read_end_io of bio_endio+0x713/0x860
[  355.565947][    C0] F2FS-fs (loop6): inject read IO error in f2fs_read_end_io of bio_endio+0x713/0x860
[  355.577929][T10989] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  355.590107][ T5849] Bluetooth: hci5: command 0x0405 tx timeout
[  355.666867][T10965] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  355.676095][T10965] F2FS-fs (loop6): inject page alloc in f2fs_grab_cache_folio of f2fs_recover_fsync_data+0x49d/0x98b0
[  355.700149][T10965] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  355.801784][T10996] loop1: detected capacity change from 0 to 1024
[  355.880729][ T5912] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  355.910781][T10965] F2FS-fs (loop6): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_get_node_info+0xd42/0x11e0
[  355.979076][T11000] F2FS-fs (loop6): inject dquot initialize in f2fs_dquot_initialize of f2fs_new_inode+0x556/0x2750
[  355.996208][   T30] audit: type=1800 audit(1761472675.522:88): pid=10965 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.1850" name="file1" dev="loop6" ino=10 res=0 errno=0
[  356.089407][ T5912] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  356.098557][ T5912] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  356.155694][ T5912] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  356.169152][ T5912] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  356.184669][ T5912] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  356.191347][ T8046] syz-executor: attempt to access beyond end of device
[  356.191347][ T8046] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  356.197814][ T5912] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  356.219160][ T5912] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  356.227196][ T5912] usb 1-1: Product: syz
[  356.231793][ T5912] usb 1-1: Manufacturer: syz
[  356.240103][ T8046] CPU: 0 UID: 0 PID: 8046 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  356.240149][ T8046] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  356.240172][ T8046] Call Trace:
[  356.240183][ T8046]  <TASK>
[  356.240197][ T8046]  dump_stack_lvl+0x16c/0x1f0
[  356.240244][ T8046]  f2fs_handle_critical_error+0x624/0x9f0
[  356.240285][ T8046]  ? srso_alias_return_thunk+0x5/0xfbef5
[  356.240331][ T8046]  ? f2fs_build_fault_attr+0x53/0x1f0
[  356.240400][ T8046]  f2fs_write_end_io+0x958/0xcf0
[  356.240448][ T8046]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  356.240496][ T8046]  ? srso_alias_return_thunk+0x5/0xfbef5
[  356.240551][ T8046]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  356.240600][ T8046]  bio_endio+0x713/0x860
[  356.240654][ T8046]  submit_bio_noacct+0x306/0x1f60
[  356.240704][ T8046]  __submit_merged_bio+0x33c/0x770
[  356.240753][ T8046]  __submit_merged_write_cond+0x319/0x3f0
[  356.240809][ T8046]  f2fs_write_cache_pages+0x2067/0x2570
[  356.240887][ T8046]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  356.240942][ T8046]  ? srso_alias_return_thunk+0x5/0xfbef5
[  356.241002][ T8046]  ? srso_alias_return_thunk+0x5/0xfbef5
[  356.241045][ T8046]  ? __lock_acquire+0x622/0x1c90
[  356.241201][ T8046]  ? srso_alias_return_thunk+0x5/0xfbef5
[  356.241254][ T8046]  f2fs_write_data_pages+0x4ad/0xd90
[  356.241312][ T8046]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  356.241360][ T8046]  ? srso_alias_return_thunk+0x5/0xfbef5
[  356.241416][ T8046]  ? srso_alias_return_thunk+0x5/0xfbef5
[  356.241466][ T8046]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  356.241520][ T8046]  do_writepages+0x27a/0x600
[  356.241564][ T8046]  ? __pfx_do_writepages+0x10/0x10
[  356.241606][ T8046]  ? do_raw_spin_unlock+0x172/0x230
[  356.241648][ T8046]  ? srso_alias_return_thunk+0x5/0xfbef5
[  356.241696][ T8046]  ? _raw_spin_unlock+0x28/0x50
[  356.241737][ T8046]  filemap_fdatawrite_wbc+0x104/0x160
[  356.241780][ T8046]  __filemap_fdatawrite_range+0xb9/0x100
[  356.241831][ T8046]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  356.241940][ T8046]  ? find_held_lock+0x2b/0x80
[  356.241989][ T8046]  ? srso_alias_return_thunk+0x5/0xfbef5
[  356.242035][ T8046]  ? do_raw_spin_unlock+0x172/0x230
[  356.242077][ T8046]  ? srso_alias_return_thunk+0x5/0xfbef5
[  356.242128][ T8046]  f2fs_sync_dirty_inodes+0x2a2/0x980
[  356.242201][ T8046]  block_operations+0x2b0/0xfe0
[  356.242266][ T8046]  ? __pfx_block_operations+0x10/0x10
[  356.242373][ T8046]  ? srso_alias_return_thunk+0x5/0xfbef5
[  356.242422][ T8046]  ? ktime_get+0x200/0x310
[  356.242475][ T8046]  ? srso_alias_return_thunk+0x5/0xfbef5
[  356.242519][ T8046]  ? lockdep_hardirqs_on+0x7c/0x110
[  356.242561][ T8046]  ? srso_alias_return_thunk+0x5/0xfbef5
[  356.242610][ T8046]  ? rcu_is_watching+0x12/0xc0
[  356.242665][ T8046]  f2fs_write_checkpoint+0x32b/0x5300
[  356.242729][ T8046]  ? kfree+0x2b8/0x6d0
[  356.242769][ T8046]  ? f2fs_stop_gc_thread+0x79/0xd0
[  356.242830][ T8046]  ? srso_alias_return_thunk+0x5/0xfbef5
[  356.242874][ T8046]  ? rcu_is_watching+0x12/0xc0
[  356.242922][ T8046]  ? srso_alias_return_thunk+0x5/0xfbef5
[  356.242966][ T8046]  ? kthread_stop+0x272/0x630
[  356.243005][ T8046]  kill_f2fs_super+0x3d6/0x490
[  356.243059][ T8046]  ? __pfx_kill_f2fs_super+0x10/0x10
[  356.243130][ T8046]  ? srso_alias_return_thunk+0x5/0xfbef5
[  356.243191][ T8046]  deactivate_locked_super+0xc1/0x1a0
[  356.243246][ T8046]  deactivate_super+0xde/0x100
[  356.243298][ T8046]  cleanup_mnt+0x225/0x450
[  356.243356][ T8046]  task_work_run+0x150/0x240
[  356.243399][ T8046]  ? __pfx_task_work_run+0x10/0x10
[  356.243437][ T8046]  ? srso_alias_return_thunk+0x5/0xfbef5
[  356.243485][ T8046]  ? __pfx___x64_sys_umount+0x10/0x10
[  356.243551][ T8046]  exit_to_user_mode_loop+0xec/0x130
[  356.243598][ T8046]  do_syscall_64+0x426/0xfa0
[  356.243644][ T8046]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  356.243681][ T8046] RIP: 0033:0x7f90d51902f7
[  356.243708][ T8046] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  356.243745][ T8046] RSP: 002b:00007ffd2c770208 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  356.243779][ T8046] RAX: 0000000000000000 RBX: 00007f90d5211d7d RCX: 00007f90d51902f7
[  356.243803][ T8046] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd2c7702c0
[  356.243827][ T8046] RBP: 00007ffd2c7702c0 R08: 0000000000000000 R09: 0000000000000000
[  356.243849][ T8046] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd2c771350
[  356.243872][ T8046] R13: 00007f90d5211d7d R14: 0000000000056eb7 R15: 00007ffd2c771390
[  356.243924][ T8046]  </TASK>
[  356.244281][ T8046] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  356.447907][T11006] loop8: detected capacity change from 0 to 1024
[  356.453319][ T5912] cdc_wdm 1-1:1.0: skipping garbage
[  356.713631][ T5912] cdc_wdm 1-1:1.0: skipping garbage
[  356.764131][ T5912] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  356.772261][T11006] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  356.794204][ T5912] cdc_wdm 1-1:1.0: Unknown control protocol
[  356.820736][T11006] EXT4-fs error (device loop8): ext4_mb_mark_diskspace_used:4192: comm syz.8.1867: Allocating blocks 385-513 which overlap fs metadata
[  356.837141][ T1152] hfsplus: b-tree write err: -5, ino 4
[  356.867793][T11006] EXT4-fs (loop8): pa ffff888055f16658: logic 16, phys. 129, len 24
[  356.876368][T11006] EXT4-fs error (device loop8): ext4_mb_release_inode_pa:5443: group 0, free 0, pa_free 8
[  356.956976][ T9720] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  358.363253][T11050] loop4: detected capacity change from 0 to 128
[  358.405929][T11050] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  358.653334][ T5912] usb 1-1: USB disconnect, device number 19
[  358.909948][T11043] loop6: detected capacity change from 0 to 32768
[  358.953114][T11058] loop8: detected capacity change from 0 to 4096
[  358.995814][T11063] NILFS (loop8): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  359.142168][T11058] NILFS error (device loop8): nilfs_bmap_lookup_contig: broken bmap (inode number=12)
[  359.178111][T11058] Remounting filesystem read-only
[  359.431251][ T9720] NILFS (loop8): disposed unprocessed dirty file(s) when detaching log writer
[  359.768811][T11074] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  359.794378][T11074] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  360.565801][T11097] input: syz1 as /devices/virtual/input/input40
[  360.574564][T11097] input: failed to attach handler leds to device input40, error: -6
[  360.627144][T11099] tipc: Started in network mode
[  360.632817][T11099] tipc: Node identity ac14142f, cluster identity 4711
[  360.640597][T11099] tipc: New replicast peer: 0.0.0.0
[  360.647534][T11099] tipc: Enabled bearer <udp:syz2>, priority 10
[  360.657475][T11099] tipc: New replicast peer: 0000:0000:0000:0000:0000:0000:0000:0000
[  360.862985][T11104] loop8: detected capacity change from 0 to 128
[  360.870837][T11104] FAT-fs (loop8): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  360.892854][T11104] FAT-fs (loop8): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  361.152973][ T1152] FAT-fs (loop8): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  361.248551][T11116] syz.6.1913 calls setitimer() with new_value NULL pointer. Misfeature support will be removed
[  361.510362][T11124] loop4: detected capacity change from 0 to 256
[  361.764757][   T49] tipc: Node number set to 2886997039
[  362.016286][T11141] loop6: detected capacity change from 0 to 2048
[  362.062318][T11141] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  362.252884][T11146] loop4: detected capacity change from 0 to 128
[  362.288385][T11146] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  362.326259][T11146] hpfs: filesystem error: improperly stopped
[  362.339527][T11146] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  362.355157][T11146] hpfs: You really don't want any checks? You are crazy...
[  362.374582][T11146] hpfs: hpfs_map_sector(): read error
[  362.391804][T11146] hpfs: code page support is disabled
[  362.411876][T11146] hpfs: hpfs_map_4sectors(): unaligned read
[  362.435188][T11146] hpfs: hpfs_map_4sectors(): unaligned read
[  362.451376][T11146] hpfs: filesystem error: unable to find root dir
[  362.533390][T11146] hpfs: hpfs_map_4sectors(): unaligned read
[  362.566755][T11146] hpfs: hpfs_map_sector(): read error
[  362.717574][T11152] netlink: 'syz.0.1927': attribute type 1 has an invalid length.
[  362.740308][T11152] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  362.748108][T11152] IPv6: NLM_F_CREATE should be set when creating new route
[  362.755435][T11152] IPv6: NLM_F_CREATE should be set when creating new route
[  362.822137][T11156] netlink: 'syz.0.1927': attribute type 1 has an invalid length.
[  362.876487][T11156] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  363.487197][T11174] loop7: detected capacity change from 0 to 128
[  363.642044][T11174] EXT4-fs (loop7): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  363.681541][T11174] ext4 filesystem being mounted at /84/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  364.299934][T11185] syz.6.1937 (11185): /proc/11184/oom_adj is deprecated, please use /proc/11184/oom_score_adj instead.
[  364.336705][ T9642] EXT4-fs (loop7): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  364.605503][T11191] loop4: detected capacity change from 0 to 2048
[  364.728461][T11191] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  364.810353][T11191] ext4 filesystem being mounted at /336/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  364.879937][   T30] audit: type=1326 audit(1761472684.422:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11198 comm="syz.7.1945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f908418efc9 code=0x7ffc0000
[  364.969983][   T30] audit: type=1326 audit(1761472684.422:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11198 comm="syz.7.1945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f908418efc9 code=0x7ffc0000
[  365.030496][   T30] audit: type=1326 audit(1761472684.422:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11198 comm="syz.7.1945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f908418efc9 code=0x7ffc0000
[  365.076373][   T30] audit: type=1326 audit(1761472684.422:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11198 comm="syz.7.1945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f908418efc9 code=0x7ffc0000
[  365.110711][   T30] audit: type=1326 audit(1761472684.422:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11198 comm="syz.7.1945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f908418efc9 code=0x7ffc0000
[  365.161068][   T30] audit: type=1326 audit(1761472684.422:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11198 comm="syz.7.1945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f908418efc9 code=0x7ffc0000
[  365.183581][ T5831] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  365.196218][   T30] audit: type=1326 audit(1761472684.422:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11198 comm="syz.7.1945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f908418efc9 code=0x7ffc0000
[  365.233427][   T30] audit: type=1326 audit(1761472684.422:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11198 comm="syz.7.1945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f908418efc9 code=0x7ffc0000
[  365.297287][   T30] audit: type=1326 audit(1761472684.432:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11198 comm="syz.7.1945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f908418efc9 code=0x7ffc0000
[  365.380141][   T30] audit: type=1326 audit(1761472684.452:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11198 comm="syz.7.1945" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f908418efc9 code=0x7ffc0000
[  365.380693][T11215] syzkaller1: entered promiscuous mode
[  365.431302][T11215] syzkaller1: entered allmulticast mode
[  365.779939][    T9] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[  365.823212][T11233] netlink: 20 bytes leftover after parsing attributes in process `syz.6.1960'.
[  365.955006][    T9] usb 9-1: unable to get BOS descriptor or descriptor too short
[  365.970961][    T9] usb 9-1: unable to read config index 0 descriptor/start: -71
[  365.984429][    T9] usb 9-1: can't read configurations, error -71
[  366.379977][ T5912] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  366.464184][T11250] loop6: detected capacity change from 0 to 4096
[  366.557495][ T5912] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  366.569265][ T5912] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  366.590036][ T5912] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  366.610670][ T5912] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  366.624199][T11247] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  366.636982][ T5912] usb 5-1: Quirk or no altset; falling back to MIDI 1.0
[  366.688981][T11241] loop7: detected capacity change from 0 to 32768
[  367.013488][    T9] usb 5-1: USB disconnect, device number 20
[  367.350054][ T5977] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  367.448236][T11274] loop8: detected capacity change from 0 to 8192
[  367.523669][T11274] FAT-fs (loop8): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  367.873401][T11280] loop6: detected capacity change from 0 to 40427
[  367.881425][T11280] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[  367.889201][T11280] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  367.916014][T11280] F2FS-fs (loop6): invalid crc value
[  367.922049][ T5977] usb 2-1: Using ep0 maxpacket: 32
[  368.013666][ T5977] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11
[  368.030478][T11280] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  368.039713][ T5977] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024
[  368.051861][ T5977] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  368.066780][T11280] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  368.073908][T11280] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  368.091359][ T5977] usb 2-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22
[  368.104663][ T5977] usb 2-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131
[  368.113195][ T5977] usb 2-1: Product: syz
[  368.117440][ T5977] usb 2-1: Manufacturer: syz
[  368.127553][ T5977] usb 2-1: SerialNumber: syz
[  368.140349][T11268] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  368.191824][ T5977] input: appletouch as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input41
[  368.595501][T11312] loop8: detected capacity change from 0 to 2048
[  368.615455][    T9] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  368.643549][T11314] netlink: 20 bytes leftover after parsing attributes in process `syz.7.1996'.
[  368.645978][T11312] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  368.718721][T11312] ext4 filesystem being mounted at /97/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  368.773212][    T9] usb 1-1: Using ep0 maxpacket: 16
[  368.791987][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  368.819975][    T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  368.829788][    T9] usb 1-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[  368.843132][   T49] usb 2-1: USB disconnect, device number 14
[  368.852235][    T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  368.877680][    T9] usb 1-1: config 0 descriptor??
[  368.898848][   T49] appletouch 2-1:1.0: input: appletouch disconnected
[  368.915391][T11321] binder: 11320:11321 ioctl 400c620e 200000000240 returned -22
[  368.967887][ T9720] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  369.181336][T11331] input: syz1 as /devices/virtual/input/input42
[  369.314275][    T9] appleir 0003:05AC:8241.0023: unknown main item tag 0x0
[  369.356122][    T9] appleir 0003:05AC:8241.0023: unknown main item tag 0x0
[  369.370019][    T9] appleir 0003:05AC:8241.0023: unknown main item tag 0x0
[  369.384380][    T9] appleir 0003:05AC:8241.0023: unknown main item tag 0x0
[  369.400123][    T9] appleir 0003:05AC:8241.0023: unknown main item tag 0x0
[  369.427431][    T9] appleir 0003:05AC:8241.0023: hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.0-1/input0
[  369.608413][T11339] can0: slcan on pty32.
[  369.615519][ T5977] usb 1-1: USB disconnect, device number 20
[  370.213849][T11338] can0 (unregistered): slcan off pty32.
[  371.705749][T11387] loop8: detected capacity change from 0 to 128
[  371.732128][T11387] UDF-fs: error (device loop8): udf_read_tagged: read failed, block=256, location=256
[  372.389444][T11388] loop4: detected capacity change from 0 to 32768
[  372.514166][   T30] kauditd_printk_skb: 5 callbacks suppressed
[  372.514190][   T30] audit: type=1326 audit(1761472692.062:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11410 comm="syz.8.2033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa95558efc9 code=0x7ffc0000
[  372.579496][   T30] audit: type=1326 audit(1761472692.102:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11410 comm="syz.8.2033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa95558efc9 code=0x7ffc0000
[  372.647158][   T30] audit: type=1326 audit(1761472692.102:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11410 comm="syz.8.2033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=252 compat=0 ip=0x7fa95558efc9 code=0x7ffc0000
[  372.683610][   T30] audit: type=1326 audit(1761472692.102:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11410 comm="syz.8.2033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa95558efc9 code=0x7ffc0000
[  372.710543][   T30] audit: type=1326 audit(1761472692.102:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11410 comm="syz.8.2033" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa95558efc9 code=0x7ffc0000
[  372.848974][T11420] netlink: 96 bytes leftover after parsing attributes in process `syz.6.2038'.
[  373.022610][T11432] loop6: detected capacity change from 0 to 1024
[  373.030378][T11432] EXT4-fs: Ignoring removed bh option
[  373.039223][T11432] EXT4-fs (loop6): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  373.113916][T11432] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  373.207893][T11432] EXT4-fs error (device loop6): ext4_check_all_de:658: inode #12: block 7: comm syz.6.2041: bad entry in directory: rec_len is too small for name_len - offset=16, inode=14, rec_len=40, size=56 fake=0
[  373.261580][T11432] EXT4-fs (loop6): Remounting filesystem read-only
[  373.442239][ T8046] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  373.495421][T11438] loop4: detected capacity change from 0 to 32768
[  373.503612][T11438] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.2044 (11438)
[  373.523764][T11438] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  373.533970][T11438] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm
[  373.634678][T11438] BTRFS info (device loop4): setting nodatasum
[  373.641381][T11438] BTRFS info (device loop4): setting nodatacow
[  373.647555][T11438] BTRFS info (device loop4): turning on async discard
[  373.654417][T11438] BTRFS info (device loop4): enabling free space tree
[  373.661642][T11438] BTRFS info (device loop4): max_inline set to 0
[  373.837420][ T5831] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  374.160203][ T5977] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  374.255838][T11468] loop6: detected capacity change from 0 to 16
[  374.286241][T11468] erofs (device loop6): mounted with root inode @ nid 36.
[  374.367572][ T5977] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  374.393041][ T5977] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  374.413146][ T5977] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  374.432571][ T5977] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  374.451240][ T5977] usb 1-1: config 0 descriptor??
[  374.510483][   T24] usb 5-1: new full-speed USB device number 21 using dummy_hcd
[  374.662055][   T24] usb 5-1: config 0 has an invalid interface number: 41 but max is 0
[  374.680341][   T24] usb 5-1: config 0 has no interface number 0
[  374.687874][T11465] loop8: detected capacity change from 0 to 32768
[  374.700464][   T24] usb 5-1: config 0 interface 41 has no altsetting 0
[  374.739322][   T24] usb 5-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a
[  374.758778][   T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  374.777246][   T24] usb 5-1: Product: syz
[  374.787166][   T24] usb 5-1: Manufacturer: syz
[  374.801434][   T24] usb 5-1: SerialNumber: syz
[  374.827506][   T24] usb 5-1: config 0 descriptor??
[  374.844518][T11465] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode.
[  374.871545][ T5977] keytouch 0003:0926:3333.0024: fixing up Keytouch IEC report descriptor
[  374.887250][ T5977] input: HID 0926:3333 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/0003:0926:3333.0024/input/input43
[  375.089386][ T5977] keytouch 0003:0926:3333.0024: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.0-1/input0
[  375.170455][ T5977] usb 1-1: USB disconnect, device number 21
[  375.229537][ T9720] (syz-executor,9720,1):ocfs2_inode_is_valid_to_delete:947 ERROR: Skipping delete of system file 72
[  375.276751][ T9720] ocfs2: Unmounting device (7,8) on (node local)
[  375.352952][T11485] loop6: detected capacity change from 0 to 2048
[  375.383335][T11485] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  375.919466][   T24] CoreChips 5-1:0.41: probe with driver CoreChips failed with error -71
[  375.955447][T11498] netlink: 12 bytes leftover after parsing attributes in process `syz.7.2061'.
[  375.981858][   T24] usb 5-1: USB disconnect, device number 21
[  376.340434][T11505] bridge0: entered promiscuous mode
[  376.346407][T11505] macvlan2: entered promiscuous mode
[  376.347217][T11509] loop8: detected capacity change from 0 to 512
[  376.356988][T11505] bridge0: port 3(macvlan2) entered blocking state
[  376.366021][T11505] bridge0: port 3(macvlan2) entered disabled state
[  376.374083][T11505] macvlan2: entered allmulticast mode
[  376.379479][T11505] bridge0: entered allmulticast mode
[  376.399040][T11509] EXT4-fs error (device loop8): ext4_orphan_get:1392: inode #15: comm syz.8.2066: inode has both inline data and extents flags
[  376.422535][T11505] macvlan2: left allmulticast mode
[  376.427799][T11505] bridge0: left allmulticast mode
[  376.434467][T11505] bridge0: left promiscuous mode
[  376.445496][T11509] EXT4-fs error (device loop8): ext4_orphan_get:1395: comm syz.8.2066: couldn't read orphan inode 15 (err -117)
[  376.477790][T11509] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  376.564794][ T9720] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  377.000329][   T49] usb 9-1: new high-speed USB device number 8 using dummy_hcd
[  377.161674][   T49] usb 9-1: Using ep0 maxpacket: 32
[  377.179090][   T49] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  377.180242][T11530] loop7: detected capacity change from 0 to 4096
[  377.211100][   T49] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  377.221018][   T49] usb 9-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  377.230313][T11530] ntfs3(loop7): Different NTFS sector size (1024) and media sector size (512).
[  377.248643][   T49] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  377.267930][   T49] usb 9-1: config 0 descriptor??
[  377.293401][T11530] ntfs3(loop7): Mark volume as dirty due to NTFS errors
[  377.390992][T11518] loop4: detected capacity change from 0 to 32768
[  377.435301][T11518] ocfs2: Slot 0 on device (7,4) was already allocated to this node!
[  377.462975][T11518] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  377.751401][   T49] savu 0003:1E7D:2D5A.0025: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.8-1/input0
[  377.836668][ T5831] ocfs2: Unmounting device (7,4) on (node local)
[  378.014434][T11546] loop6: detected capacity change from 0 to 256
[  378.034319][    T9] usb 9-1: USB disconnect, device number 8
[  379.776282][T11610] io-wq is not configured for unbound workers
[  380.114688][T11614] loop7: detected capacity change from 0 to 32768
[  380.128903][T11614] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.2108 (11614)
[  380.147466][T11614] BTRFS info (device loop7): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  380.148169][T11618] loop4: detected capacity change from 0 to 4096
[  380.157638][T11614] BTRFS info (device loop7): using blake2b (blake2b-256-generic) checksum algorithm
[  380.239171][T11618] ntfs3(loop4): ino=1a, mi_enum_attr
[  380.258416][T11614] BTRFS info (device loop7): enabling ssd optimizations
[  380.267281][T11614] BTRFS info (device loop7): turning on async discard
[  380.272223][T11618] ntfs3(loop4): Mark volume as dirty due to NTFS errors
[  380.274083][T11614] BTRFS info (device loop7): enabling free space tree
[  380.383523][T11614] BTRFS info (device loop7): setting incompat feature flag for COMPRESS_LZO (0x8)
[  380.507020][ T9642] BTRFS info (device loop7): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  380.511012][T11642] vivid-001: disconnect
[  380.570287][T11642] vivid-001: reconnect
[  380.869615][T11647] loop8: detected capacity change from 0 to 1764
[  380.891325][T11647] iso9660: Bad value for 'session'
[  380.955450][T11647]  nullb0: [CUMANA/ADFS] p1 [Linux] p2 < >
[  380.990666][T11654] syzkaller1: entered promiscuous mode
[  381.054151][T11654] syzkaller1: entered allmulticast mode
[  381.196277][T11658] netlink: 'syz.8.2123': attribute type 39 has an invalid length.
[  381.539599][T11668] loop7: detected capacity change from 0 to 4096
[  381.610314][T11668] ntfs3(loop7): ino=1a, mi_enum_attr
[  381.615668][T11668] ntfs3(loop7): Mark volume as dirty due to NTFS errors
[  381.930095][  T934] usb 7-1: new high-speed USB device number 12 using dummy_hcd
[  382.085622][  T934] usb 7-1: Using ep0 maxpacket: 16
[  382.099120][  T934] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  382.129372][  T934] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  382.150046][  T934] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  382.183380][  T934] usb 7-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00
[  382.209971][  T934] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  382.240795][  T934] usb 7-1: config 0 descriptor??
[  382.385978][T11666] loop4: detected capacity change from 0 to 40427
[  382.401765][T11666] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  382.409576][T11666] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  382.441256][T11666] F2FS-fs (loop4): invalid crc value
[  382.578776][T11666] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  382.592810][    T9] usb 1-1: new full-speed USB device number 22 using dummy_hcd
[  382.621478][T11666] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  382.628570][T11666] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  382.659599][  T934] shield 0003:0955:7214.0026: unknown main item tag 0x0
[  382.667043][  T934] shield 0003:0955:7214.0026: unknown main item tag 0x0
[  382.676123][  T934] shield 0003:0955:7214.0026: unknown main item tag 0x0
[  382.683789][  T934] shield 0003:0955:7214.0026: unknown main item tag 0x0
[  382.690815][  T934] shield 0003:0955:7214.0026: unknown main item tag 0x0
[  382.707037][  T934] input: HID 0955:7214 Haptics as /devices/virtual/input/input45
[  382.748658][  T934] shield 0003:0955:7214.0026: Registered Thunderstrike controller
[  382.758577][  T934] shield 0003:0955:7214.0026: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.6-1/input0
[  382.770235][    T9] usb 1-1: config 0 has an invalid interface number: 128 but max is 0
[  382.770273][    T9] usb 1-1: config 0 has no interface number 0
[  382.780494][    T9] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  382.804851][    T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  382.813626][    T9] usb 1-1: Product: syz
[  382.817906][    T9] usb 1-1: Manufacturer: syz
[  382.857368][    T9] usb 1-1: SerialNumber: syz
[  382.874123][    T9] usb 1-1: config 0 descriptor??
[  382.891386][T11670] netlink: 244 bytes leftover after parsing attributes in process `syz.6.2128'.
[  382.921942][   T24] usb 7-1: USB disconnect, device number 12
[  382.932231][  T934] shield 0003:0955:7214.0026: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO
[  382.975718][  T934] shield 0003:0955:7214.0026: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  383.002729][  T934] shield 0003:0955:7214.0026: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  383.034729][  T934] shield 0003:0955:7214.0026: Failed to output Thunderstrike HOSTCMD request HID report due to -ENODEV
[  383.331685][    T9] usb 1-1: Firmware: major: 0, minor: 16, hardware type: UNKNOWN (106)
[  383.532712][    T9] usb 1-1: failed to fetch extended address, random address set
[  383.550122][    T9] usb 1-1: atusb_probe: initialization failed, error = -524
[  383.557678][    T9] atusb 1-1:0.128: probe with driver atusb failed with error -524
[  383.594224][    T9] usb 1-1: USB disconnect, device number 22
[  383.677596][T11716] pim6reg1: entered promiscuous mode
[  383.692000][T11716] pim6reg1: entered allmulticast mode
[  383.715037][T11718] loop8: detected capacity change from 0 to 1024
[  383.725072][T11718] EXT4-fs (loop8): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  383.752375][ T5977] kernel read not supported for file /dsp (pid: 5977 comm: kworker/0:7)
[  383.822875][T11718] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  383.953089][T11723] overlayfs: invalid origin (000000790065726c6179000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000)
[  384.023077][T11714] loop4: detected capacity change from 0 to 32768
[  384.035160][ T9720] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  384.056903][T11714] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.2141 (11714)
[  384.095054][T11714] BTRFS info (device loop4): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  384.108744][T11714] BTRFS info (device loop4): using blake2b (blake2b-256-generic) checksum algorithm
[  384.322313][T11714] BTRFS info (device loop4): enabling ssd optimizations
[  384.340242][T11714] BTRFS info (device loop4): turning on async discard
[  384.357262][T11714] BTRFS info (device loop4): enabling free space tree
[  384.461129][ T5977] usb 9-1: new high-speed USB device number 9 using dummy_hcd
[  384.565108][ T5831] BTRFS info (device loop4): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  384.627548][ T5977] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  384.646934][ T5977] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  384.694613][ T5977] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  384.726874][ T5977] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  384.750687][ T5977] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  384.762277][ T5977] usb 9-1: config 0 descriptor??
[  384.920685][T11762] sch_tbf: burst 9 is lower than device lo mtu (65550) !
[  385.221406][ T5977] plantronics 0003:047F:FFFF.0027: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.8-1/input0
[  385.396225][T11766] loop4: detected capacity change from 0 to 512
[  385.508100][T11774] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci5/hci5:200/input47
[  385.508481][T11766] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  385.534744][ T5977] usb 9-1: USB disconnect, device number 9
[  385.545457][T11766] ext4 filesystem being mounted at /368/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  385.584859][T11766] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #2: comm syz.4.2158: corrupted inode contents
[  385.621948][T11766] EXT4-fs error (device loop4): ext4_dirty_inode:6517: inode #2: comm syz.4.2158: mark_inode_dirty error
[  385.663540][T11766] EXT4-fs error (device loop4): ext4_do_update_inode:5632: inode #2: comm syz.4.2158: corrupted inode contents
[  385.729617][T11766] EXT4-fs error (device loop4): __ext4_ext_dirty:206: inode #2: comm syz.4.2158: mark_inode_dirty error
[  385.928385][ T5831] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  387.604020][T11831] loop8: detected capacity change from 0 to 164
[  387.680413][T11831] Unable to read rock-ridge attributes
[  388.157665][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  389.084072][T11848] 9pnet_fd: Insufficient options for proto=fd
[  389.321006][T11849] loop4: detected capacity change from 0 to 32768
[  389.329150][T11849] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.2191 (11849)
[  389.366191][T11849] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  389.376425][T11849] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm
[  389.603579][T11849] BTRFS info (device loop4): setting nodatasum
[  389.609893][T11849] BTRFS info (device loop4): enabling ssd optimizations
[  389.617195][T11849] BTRFS info (device loop4): disabling tree log
[  389.623498][T11849] BTRFS info (device loop4): turning on sync discard
[  389.630214][T11849] BTRFS info (device loop4): enabling free space tree
[  389.636987][T11849] BTRFS info (device loop4): max_inline set to 0
[  389.792910][   T30] audit: type=1800 audit(1761472709.342:109): pid=11849 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.2191" name="file1" dev="loop4" ino=260 res=0 errno=0
[  389.820958][T11849] BTRFS info (device loop4): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  389.951282][   T24] usb 9-1: new high-speed USB device number 10 using dummy_hcd
[  390.145476][   T24] usb 9-1: Using ep0 maxpacket: 8
[  390.198576][   T24] usb 9-1: config index 0 descriptor too short (expected 30, got 18)
[  390.230460][   T52] Bluetooth: hci3: command 0x0405 tx timeout
[  390.244976][   T24] usb 9-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  390.284026][ T5831] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  390.294459][   T24] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  390.347590][   T24] usb 9-1: Product: syz
[  390.440368][   T24] usb 9-1: Manufacturer: syz
[  390.445009][   T24] usb 9-1: SerialNumber: syz
[  390.511094][   T24] usb 9-1: config 0 descriptor??
[  390.576580][   T24] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  390.631042][   T24] usb 9-1: setting power ON
[  390.636092][   T24] dvb-usb: bulk message failed: -22 (2/0)
[  390.673837][   T24] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  390.700557][   T24] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  390.719210][   T24] usb 9-1: media controller created
[  390.779127][   T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  390.785362][T11877] dvb-usb: bulk message failed: -22 (3/0)
[  390.828457][T11898] input: syz1 as /devices/virtual/input/input48
[  390.840566][T11877] dvb-usb: bulk message failed: -22 (3/0)
[  390.874770][   T24] usb 9-1: selecting invalid altsetting 6
[  390.919897][   T24] usb 9-1: digital interface selection failed (-22)
[  390.950110][   T24] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  390.958612][T11877] dvb-usb: bulk message failed: -22 (3/0)
[  391.006941][   T24] usb 9-1: setting power OFF
[  391.011978][   T24] dvb-usb: bulk message failed: -22 (2/0)
[  391.017717][   T24] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  391.070152][   T24] (NULL device *): no alternate interface
[  391.183530][   T24] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  391.277109][   T24] usb 9-1: USB disconnect, device number 10
[  391.961634][T11919] input: syz1 as /devices/virtual/input/input49
[  392.040001][  T934] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  392.206051][  T934] usb 1-1: Using ep0 maxpacket: 32
[  392.243556][  T934] usb 1-1: config 0 interface 0 has no altsetting 0
[  392.274721][  T934] usb 1-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e
[  392.290023][  T934] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  392.298039][  T934] usb 1-1: Product: syz
[  392.326097][  T934] usb 1-1: Manufacturer: syz
[  392.337755][  T934] usb 1-1: SerialNumber: syz
[  392.358475][  T934] usb 1-1: config 0 descriptor??
[  392.650046][   T30] audit: type=1326 audit(1761472712.182:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11940 comm="syz.8.2225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa95558efc9 code=0x7ffc0000
[  392.690027][   T30] audit: type=1326 audit(1761472712.182:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11940 comm="syz.8.2225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa95558efc9 code=0x7ffc0000
[  392.713587][   T30] audit: type=1326 audit(1761472712.192:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11940 comm="syz.8.2225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7fa95558efc9 code=0x7ffc0000
[  392.735849][    C0] vkms_vblank_simulate: vblank timer overrun
[  392.777944][  T934] gs_usb 1-1:0.0: Configuring for 1 interfaces
[  392.807136][   T30] audit: type=1326 audit(1761472712.192:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11940 comm="syz.8.2225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa95558efc9 code=0x7ffc0000
[  392.841840][   T30] audit: type=1326 audit(1761472712.192:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11940 comm="syz.8.2225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa95558efc9 code=0x7ffc0000
[  392.871132][   T30] audit: type=1326 audit(1761472712.192:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11940 comm="syz.8.2225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fa95558efc9 code=0x7ffc0000
[  392.894303][   T30] audit: type=1326 audit(1761472712.192:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11940 comm="syz.8.2225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa95558efc9 code=0x7ffc0000
[  392.916645][    C0] vkms_vblank_simulate: vblank timer overrun
[  392.944892][   T30] audit: type=1326 audit(1761472712.232:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11940 comm="syz.8.2225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fa95558efc9 code=0x7ffc0000
[  392.967073][    C0] vkms_vblank_simulate: vblank timer overrun
[  393.051101][  T979] usb 7-1: new high-speed USB device number 13 using dummy_hcd
[  393.384857][  T934] gs_usb 1-1:0.0: Couldn't get extended bit timing const for channel 0 (-EPROTO)
[  393.394716][  T934] gs_usb 1-1:0.0: probe with driver gs_usb failed with error -71
[  393.423561][  T934] usb 1-1: USB disconnect, device number 23
[  393.750155][ T5977] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  393.791214][T11975] loop8: detected capacity change from 0 to 64
[  393.919944][ T5977] usb 5-1: Using ep0 maxpacket: 32
[  393.927320][ T5977] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  393.938638][ T5977] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  393.951427][ T5977] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  393.960530][ T5977] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  393.972804][ T5977] usb 5-1: config 0 descriptor??
[  393.980873][ T5977] hub 5-1:0.0: USB hub found
[  394.191851][ T5977] hub 5-1:0.0: 1 port detected
[  394.537526][T12000] loop8: detected capacity change from 0 to 512
[  394.606959][ T5977] usb 5-1: USB disconnect, device number 22
[  394.693963][T12000] EXT4-fs (loop8): revision level too high, forcing read-only mode
[  394.702603][T12000] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e040e018, mo2=0002]
[  394.715210][T12000] System zones: 0-1, 15-15, 18-18, 34-34
[  394.722776][T12000] EXT4-fs (loop8): orphan cleanup on readonly fs
[  394.739373][T12000] Quota error (device loop8): v2_read_header: Failed header read: expected=8 got=0
[  394.757531][T12000] EXT4-fs warning (device loop8): ext4_enable_quotas:7176: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  394.779944][T12000] EXT4-fs (loop8): Cannot turn on quotas: error -22
[  394.804315][T12000] EXT4-fs error (device loop8): ext4_validate_block_bitmap:440: comm syz.8.2251: bg 0: block 40: padding at end of block bitmap is not set
[  394.820384][T12000] EXT4-fs error (device loop8) in ext4_mb_clear_bb:6667: Corrupt filesystem
[  394.829759][T12000] EXT4-fs (loop8): 1 truncate cleaned up
[  394.838693][T12000] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  394.911986][ T9720] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  395.219822][T12020] loop4: detected capacity change from 0 to 64
[  395.448236][T12029] input: syz0 as /devices/virtual/input/input50
[  395.542606][T12031] loop7: detected capacity change from 0 to 1024
[  395.959997][   T49] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  396.123468][   T49] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  396.134799][   T49] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  396.146245][   T49] usb 1-1: config 0 descriptor??
[  396.172002][   T49] cp210x 1-1:0.0: cp210x converter detected
[  396.422752][ T5977] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  396.580077][ T5977] usb 5-1: Using ep0 maxpacket: 16
[  396.590918][ T5977] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  396.612473][ T5977] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  396.625705][ T5977] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  396.642019][ T5977] usb 5-1: Product: syz
[  396.646194][ T5977] usb 5-1: Manufacturer: syz
[  396.650884][ T5977] usb 5-1: SerialNumber: syz
[  396.658608][ T5977] usb 5-1: config 0 descriptor??
[  396.666113][ T5977] hub 5-1:0.0: bad descriptor, ignoring hub
[  396.684873][ T5977] hub 5-1:0.0: probe with driver hub failed with error -5
[  396.713551][ T5977] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input51
[  396.782310][   T49] cp210x 1-1:0.0: failed to get vendor val 0x000e size 678: -71
[  396.791009][   T49] cp210x 1-1:0.0: GPIO initialisation failed: -71
[  396.802760][   T49] usb 1-1: cp210x converter now attached to ttyUSB0
[  396.815712][   T49] usb 1-1: USB disconnect, device number 24
[  396.826883][   T49] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  396.837867][   T49] cp210x 1-1:0.0: device disconnected
[  397.195801][ T5977] usb 7-1: new high-speed USB device number 14 using dummy_hcd
[  397.378799][ T5977] usb 7-1: Using ep0 maxpacket: 8
[  397.397303][ T5977] usb 7-1: config 179 has an invalid interface number: 65 but max is 0
[  397.406967][ T5977] usb 7-1: config 179 has no interface number 0
[  397.419922][ T5977] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  397.444694][ T5977] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  397.470091][ T5977] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  397.502654][ T5977] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  397.524470][ T5977] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  397.559086][ T5977] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  397.591834][ T5977] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  397.613974][T12072] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  397.865057][  T805] input: Generic X-Box pad as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:179.65/input/input52
[  398.101413][T12108] loop7: detected capacity change from 0 to 1024
[  398.138928][T12108] hfsplus: inconsistency in B*Tree (31095,1,255,1,0)
[  398.379271][T12119] loop7: detected capacity change from 0 to 512
[  398.480711][T12119] Quota error (device loop7): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0
[  398.498082][T12119] Quota error (device loop7): qtree_read_dquot: Can't read quota structure for id 0
[  398.522794][T12119] EXT4-fs error (device loop7): ext4_acquire_dquot:6943: comm syz.7.2297: Failed to acquire dquot type 1
[  398.636389][T12119] EXT4-fs (loop7): 1 truncate cleaned up
[  398.671493][T12128] loop8: detected capacity change from 0 to 1024
[  398.671781][T12119] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  398.694520][T12119] ext4 filesystem being mounted at /160/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  398.883820][ T9642] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  399.928640][T12149] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  400.070922][  T805] usb 7-1: USB disconnect, device number 14
[  400.070996][    C0] xpad 7-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  400.085195][    C0] xpad 7-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  400.093637][    C0] vkms_vblank_simulate: vblank timer overrun
[  400.233738][ T5912] usb 5-1: USB disconnect, device number 23
[  400.301662][T12157] erspan0: entered promiscuous mode
[  400.722856][T12175] netlink: 'syz.4.2321': attribute type 1 has an invalid length.
[  400.733498][T12176] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  400.742139][T12175] netlink: 136 bytes leftover after parsing attributes in process `syz.4.2321'.
[  400.754146][T12175] netlink: 'syz.4.2321': attribute type 1 has an invalid length.
[  400.856000][ T5849] Bluetooth: hci2: Invalid connection link type handle 0x00c8
[  400.907136][T12182] loop8: detected capacity change from 0 to 128
[  400.917751][T12182] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  400.937513][T12182] hpfs: filesystem error: improperly stopped
[  400.944094][T12182] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  400.952360][T12182] hpfs: You really don't want any checks? You are crazy...
[  400.963110][T12182] hpfs: hpfs_map_sector(): read error
[  400.968733][T12182] hpfs: code page support is disabled
[  400.975504][T12182] hpfs: hpfs_map_4sectors(): unaligned read
[  400.981606][T12182] hpfs: hpfs_map_4sectors(): unaligned read
[  400.987786][T12182] hpfs: filesystem error: unable to find root dir
[  401.015450][T12182] hpfs: hpfs_map_4sectors(): unaligned read
[  401.798691][T12204] sp0: Synchronizing with TNC
[  402.045105][T12198] loop4: detected capacity change from 0 to 32768
[  402.106850][T12198] XFS (loop4): Mounting V5 Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[  402.181918][T12198] XFS (loop4): Ending clean mount
[  402.284738][ T5831] XFS (loop4): Unmounting Filesystem 9f1cad42-11bd-4e12-8f0b-f07876b81d9a
[  402.530747][ T5912] IPVS: starting estimator thread 0...
[  402.623809][T12237] IPVS: using max 22 ests per chain, 52800 per kthread
[  402.687509][T12241] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  402.818523][   T30] audit: type=1326 audit(1761472722.362:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12244 comm="syz.0.2349" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fbd0fd8efc9 code=0x0
[  402.840323][    C0] vkms_vblank_simulate: vblank timer overrun
[  402.942423][T12248] loop1: detected capacity change from 0 to 8192
[  404.067344][T12279] loop8: detected capacity change from 0 to 4096
[  404.079643][T12279] ntfs3(loop8): Different NTFS sector size (1024) and media sector size (512).
[  404.187245][T12279] ntfs3(loop8): ino=1e, "file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ni_find_attr
[  404.262396][T12286] ntfs3(loop8): ino=1e, "file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ni_find_attr
[  404.302880][T12285] input: syz1 as /devices/virtual/input/input53
[  404.832193][T12306] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2376'.
[  404.880081][T12306] bridge0: port 2(bridge_slave_1) entered disabled state
[  404.971694][T12304] loop8: detected capacity change from 0 to 4096
[  405.008422][T12304] NILFS (loop8): broken superblock, retrying with spare superblock (blocksize = 1024)
[  405.039728][T12306] bridge_slave_1 (unregistering): left allmulticast mode
[  405.055591][T12308] loop4: detected capacity change from 0 to 4096
[  405.070103][T12306] bridge0: port 2(bridge_slave_1) entered disabled state
[  405.071363][T12304] NILFS (loop8): broken superblock, retrying with spare superblock (blocksize = 4096)
[  405.133814][T12314] NILFS (loop8): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  405.248488][T12304] NILFS error (device loop8): nilfs_bmap_lookup_contig: broken bmap (inode number=15)
[  405.304229][T12304] Remounting filesystem read-only
[  405.310227][T12304] NILFS error (device loop8): nilfs_bmap_lookup_contig: broken bmap (inode number=15)
[  405.344490][T12304] NILFS error (device loop8): nilfs_bmap_lookup_contig: broken bmap (inode number=15)
[  405.369441][T12304] NILFS error (device loop8): nilfs_bmap_lookup_contig: broken bmap (inode number=15)
[  405.379453][T12304] NILFS error (device loop8): nilfs_bmap_lookup_contig: broken bmap (inode number=15)
[  405.389661][T12304] NILFS error (device loop8): nilfs_bmap_lookup_contig: broken bmap (inode number=15)
[  405.433389][T12304] NILFS error (device loop8): nilfs_bmap_lookup_contig: broken bmap (inode number=15)
[  405.460578][T12304] NILFS error (device loop8): nilfs_bmap_lookup_contig: broken bmap (inode number=15)
[  405.480078][T12304] NILFS error (device loop8): nilfs_bmap_lookup_contig: broken bmap (inode number=15)
[  405.491944][T12304] NILFS error (device loop8): nilfs_bmap_lookup_contig: broken bmap (inode number=15)
[  405.501745][T12304] NILFS error (device loop8): nilfs_bmap_lookup_contig: broken bmap (inode number=15)
[  405.520114][T12304] NILFS error (device loop8): nilfs_bmap_lookup_contig: broken bmap (inode number=15)
[  405.544171][T12304] NILFS error (device loop8): nilfs_bmap_lookup_contig: broken bmap (inode number=15)
[  405.558227][T12304] NILFS error (device loop8): nilfs_bmap_lookup_contig: broken bmap (inode number=15)
[  405.569828][T12304] NILFS error (device loop8): nilfs_bmap_lookup_contig: broken bmap (inode number=15)
[  405.580202][T12304] NILFS error (device loop8): nilfs_bmap_lookup_contig: broken bmap (inode number=15)
[  405.594500][T12304] NILFS error (device loop8): nilfs_bmap_lookup_contig: broken bmap (inode number=15)
[  405.607943][T12304] NILFS error (device loop8): nilfs_bmap_lookup_contig: broken bmap (inode number=15)
[  405.661925][T12304] NILFS error (device loop8): nilfs_bmap_lookup_contig: broken bmap (inode number=15)
[  405.754205][T12328] loop4: detected capacity change from 0 to 4096
[  405.771219][ T9720] NILFS (loop8): disposed unprocessed dirty file(s) when detaching log writer
[  405.956206][T12339] trusted_key: encrypted key: instantiation of keys using provided decrypted data is disabled since CONFIG_USER_DECRYPTED_DATA is set to false
[  406.052382][  T979] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  406.114987][T12345] loop1: detected capacity change from 0 to 256
[  406.122741][T12345] exfat: Deprecated parameter 'utf8'
[  406.130637][   T49] usb 9-1: new high-speed USB device number 11 using dummy_hcd
[  406.155706][T12345] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe3865569, utbl_chksum : 0xe619d30d)
[  406.210103][  T979] usb 7-1: Using ep0 maxpacket: 32
[  406.223791][  T979] usb 7-1: config 8 has an invalid interface number: 203 but max is 0
[  406.232612][  T979] usb 7-1: config 8 has no interface number 0
[  406.238714][  T979] usb 7-1: config 8 interface 203 has no altsetting 0
[  406.253447][  T979] usb 7-1: New USB device found, idVendor=054c, idProduct=06c3, bcdDevice=eb.7a
[  406.270054][  T979] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  406.278132][  T979] usb 7-1: Product: syz
[  406.284282][  T979] usb 7-1: Manufacturer: syz
[  406.289401][  T979] usb 7-1: SerialNumber: syz
[  406.297743][   T49] usb 9-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69
[  406.311240][   T49] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  406.322472][   T49] usb 9-1: Product: syz
[  406.326651][   T49] usb 9-1: Manufacturer: syz
[  406.333936][   T49] usb 9-1: SerialNumber: syz
[  406.343845][   T49] usb 9-1: config 0 descriptor??
[  406.354975][   T49] hub 9-1:0.0: bad descriptor, ignoring hub
[  406.364746][   T49] hub 9-1:0.0: probe with driver hub failed with error -5
[  406.557034][  T979] port100 7-1:8.203: NFC: Could not find bulk-in or bulk-out endpoint
[  406.574601][   T49] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in warm state.
[  406.586913][  T979] usb 7-1: USB disconnect, device number 15
[  406.595920][   T49] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  406.610395][   T49] dvbdev: DVB: registering new adapter (Pinnacle PCTV Hybrid Stick Solo)
[  406.620823][   T49] usb 9-1: media controller created
[  406.653403][   T49] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  406.781032][   T49] DVB: Unable to find symbol dib7000p_attach()
[  406.787411][   T49] dvb-usb: no frontend was attached by 'Pinnacle PCTV Hybrid Stick Solo'
[  406.907096][   T49] rc_core: IR keymap rc-dib0700-rc5 not found
[  406.913338][   T49] Registered IR keymap rc-empty
[  406.922459][   T49] dvb-usb: could not initialize remote control.
[  406.930073][   T49] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully initialized and connected.
[  407.144166][T12353] loop4: detected capacity change from 0 to 32768
[  407.232488][T12353] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  407.443458][ T5831] (syz-executor,5831,0):ocfs2_inode_is_valid_to_delete:947 ERROR: Skipping delete of system file 72
[  407.467344][ T5831] ocfs2: Unmounting device (7,4) on (node local)
[  407.495266][T12375] dvmrp1: entered allmulticast mode
[  407.507414][T12375] dvmrp1: left allmulticast mode
[  407.727669][   T30] audit: type=1326 audit(1761472727.272:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12379 comm="syz.0.2406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbd0fd8efc9 code=0x7ffc0000
[  407.760838][   T30] audit: type=1326 audit(1761472727.302:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12379 comm="syz.0.2406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=34 compat=0 ip=0x7fbd0fd8efc9 code=0x7ffc0000
[  407.979263][T12390] syzkaller1: entered promiscuous mode
[  407.985644][T12390] syzkaller1: entered allmulticast mode
[  408.023757][T12392] netlink: 'syz.1.2410': attribute type 21 has an invalid length.
[  408.031946][T12392] netlink: 128 bytes leftover after parsing attributes in process `syz.1.2410'.
[  408.042980][T12392] netlink: 'syz.1.2410': attribute type 4 has an invalid length.
[  408.051574][T12392] netlink: 'syz.1.2410': attribute type 3 has an invalid length.
[  408.059451][T12392] netlink: 3 bytes leftover after parsing attributes in process `syz.1.2410'.
[  408.359994][  T979] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  408.530036][  T979] usb 5-1: Using ep0 maxpacket: 32
[  408.540720][  T979] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  408.569992][  T979] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  408.579769][  T979] usb 5-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  408.592558][  T979] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  408.604858][  T979] usb 5-1: config 0 descriptor??
[  408.624568][T12403] loop7: detected capacity change from 0 to 128
[  408.642488][T12403] UDF-fs: error (device loop7): udf_read_tagged: read failed, block=256, location=256
[  408.667814][T12403] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  409.028344][  T979] ft260 0003:0403:6030.0028: unknown main item tag 0x7
[  409.161235][T12421] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  409.222612][  T979] ft260 0003:0403:6030.0028: chip code: 6424 8183
[  409.430181][   T52] Bluetooth: hci6: command 0x1003 tx timeout
[  409.437735][ T5849] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  409.629308][   T24] usb 5-1: USB disconnect, device number 24
[  410.754649][T12457] overlayfs: invalid origin (0000)
[  411.968423][   T24] usb 7-1: new full-speed USB device number 16 using dummy_hcd
[  412.172249][   T24] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 12592, setting to 64
[  412.191205][   T24] usb 7-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  412.201178][   T24] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  412.212166][  T805] usb 9-1: USB disconnect, device number 11
[  412.219346][   T24] usb 7-1: config 0 descriptor??
[  412.240805][T12472] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  412.260666][   T24] hub 7-1:0.0: USB hub found
[  412.289982][  T979] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[  412.294609][  T805] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully deinitialized and disconnected.
[  412.450069][  T979] usb 5-1: Using ep0 maxpacket: 8
[  412.478665][  T979] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  412.500245][   T24] hub 7-1:0.0: 1 port detected
[  412.505227][  T979] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  412.519958][  T979] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  412.553529][  T979] usb 5-1: config 0 descriptor??
[  412.599282][T12494] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  412.697319][T12498] syzkaller1: entered promiscuous mode
[  412.704101][T12498] syzkaller1: entered allmulticast mode
[  412.760024][T12501] netlink: 'syz.8.2460': attribute type 3 has an invalid length.
[  412.768024][T12501] netlink: 32 bytes leftover after parsing attributes in process `syz.8.2460'.
[  412.781089][  T979] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  413.600156][ T5849] Bluetooth: hci5: command 0x0405 tx timeout
[  413.674260][T12523] loop8: detected capacity change from 0 to 256
[  413.683006][T12523] exfat: Deprecated parameter 'utf8'
[  413.689574][T12523] exfat: Deprecated parameter 'utf8'
[  413.706963][T12523] exFAT-fs (loop8): failed to load upcase table (idx : 0x00010000, chksum : 0x23a77120, utbl_chksum : 0xe619d30d)
[  414.147460][ T5912] usb 7-1: USB disconnect, device number 16
[  414.147843][  T979] hub 7-1:0.0: hub_ext_port_status failed (err = -71)
[  414.269248][T12504] loop7: detected capacity change from 0 to 131072
[  414.277533][T12504] F2FS-fs (loop7): Wrong CP boundary, start(512) end(1536) blocks(0)
[  414.285714][T12504] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[  414.317650][T12504] F2FS-fs (loop7): invalid crc value
[  414.413265][T12504] F2FS-fs (loop7): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  414.425265][T12504] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[  414.432374][T12504] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e4
[  414.674009][T12541] bridge0: port 2(bridge_slave_1) entered disabled state
[  414.681848][T12541] bridge0: port 1(bridge_slave_0) entered disabled state
[  414.931103][T12541] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  414.946745][T12541] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  414.995207][T12547] loop6: detected capacity change from 0 to 512
[  415.100015][  T934] usb 5-1: USB disconnect, device number 25
[  415.368866][   T60] netdevsim netdevsim8 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  415.390469][   T60] netdevsim netdevsim8 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  415.407734][   T60] netdevsim netdevsim8 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  415.427475][   T60] netdevsim netdevsim8 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  416.419975][ T5977] IPVS: starting estimator thread 0...
[  416.539988][T12581] IPVS: using max 22 ests per chain, 52800 per kthread
[  416.586117][T12589] loop6: detected capacity change from 0 to 512
[  416.654574][T12589] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  416.667853][T12591] netlink: 27 bytes leftover after parsing attributes in process `syz.7.2497'.
[  416.726225][T12589] ext4 filesystem being mounted at /317/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  416.864962][T12602] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2500'.
[  416.941593][T12602] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2500'.
[  416.999980][  T934] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  417.017783][ T8046] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  417.160410][  T934] usb 1-1: Using ep0 maxpacket: 16
[  417.170850][  T934] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  417.183855][  T934] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  417.204118][  T934] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  417.224728][  T934] usb 1-1: Product: syz
[  417.234839][  T934] usb 1-1: Manufacturer: syz
[  417.244812][  T934] usb 1-1: SerialNumber: syz
[  417.246963][T12609] loop6: detected capacity change from 0 to 512
[  417.273451][  T934] usb 1-1: config 0 descriptor??
[  417.291531][  T934] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  417.313586][T12609] EXT4-fs error (device loop6): ext4_orphan_get:1392: inode #15: comm syz.6.2501: inode has both inline data and extents flags
[  417.317559][  T934] em28xx 1-1:0.0: DVB interface 0 found: bulk
[  417.353235][T12609] EXT4-fs error (device loop6): ext4_orphan_get:1395: comm syz.6.2501: couldn't read orphan inode 15 (err -117)
[  417.374879][T12609] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  417.567074][T12585] loop8: detected capacity change from 0 to 40427
[  417.914750][  T934] em28xx 1-1:0.0: chip ID is em2765
[  418.415073][  T934] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  418.480761][T12585] F2FS-fs (loop8): Small segment_count (9 < 1 * 24)
[  418.529957][T12585] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock
[  418.664554][  T934] em28xx 1-1:0.0: board has no eeprom
[  418.687253][T12698] loop4: detected capacity change from 0 to 8
[  418.875293][  T934] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  418.911029][  T934] em28xx 1-1:0.0: dvb set to bulk mode.
[  418.930912][  T979] em28xx 1-1:0.0: Binding DVB extension
[  418.946188][ T8046] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  418.954688][  T934] usb 1-1: USB disconnect, device number 25
[  419.008500][  T934] em28xx 1-1:0.0: Disconnecting em28xx
[  419.267228][T12585] F2FS-fs (loop8): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  419.270860][  T979] em28xx 1-1:0.0: Registering input extension
[  419.317115][  T934] em28xx 1-1:0.0: Closing input extension
[  419.330551][T12585] F2FS-fs (loop8): Try to recover 1th superblock, ret: 0
[  419.344611][T12585] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  419.374311][  T934] em28xx 1-1:0.0: Freeing device
[  419.409741][T12585] F2FS-fs (loop8): f2fs_check_nid_range: out-of-range nid=0, run fsck to fix.
[  419.460034][T12585] F2FS-fs (loop8): Should run fsck to repair first.
[  419.478618][T12710] overlayfs: failed to clone upperpath
[  419.560178][ T9720] syz-executor: attempt to access beyond end of device
[  419.560178][ T9720] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  419.582329][ T9720] CPU: 1 UID: 0 PID: 9720 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  419.582377][ T9720] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  419.582400][ T9720] Call Trace:
[  419.582412][ T9720]  <TASK>
[  419.582426][ T9720]  dump_stack_lvl+0x16c/0x1f0
[  419.582476][ T9720]  f2fs_handle_critical_error+0x624/0x9f0
[  419.582520][ T9720]  ? srso_alias_return_thunk+0x5/0xfbef5
[  419.582566][ T9720]  ? f2fs_build_fault_attr+0x53/0x1f0
[  419.582641][ T9720]  f2fs_write_end_io+0x958/0xcf0
[  419.582691][ T9720]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  419.582743][ T9720]  ? srso_alias_return_thunk+0x5/0xfbef5
[  419.582802][ T9720]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  419.582846][ T9720]  bio_endio+0x713/0x860
[  419.582908][ T9720]  submit_bio_noacct+0x306/0x1f60
[  419.582963][ T9720]  __submit_merged_bio+0x33c/0x770
[  419.583016][ T9720]  __submit_merged_write_cond+0x319/0x3f0
[  419.583078][ T9720]  f2fs_write_cache_pages+0x2067/0x2570
[  419.583166][ T9720]  ? __pfx_f2fs_write_cache_pages+0x10/0x10
[  419.583226][ T9720]  ? srso_alias_return_thunk+0x5/0xfbef5
[  419.583292][ T9720]  ? srso_alias_return_thunk+0x5/0xfbef5
[  419.583338][ T9720]  ? __lock_acquire+0x622/0x1c90
[  419.583503][ T9720]  ? srso_alias_return_thunk+0x5/0xfbef5
[  419.583549][ T9720]  ? mod_memcg_lruvec_state+0x389/0x5f0
[  419.583603][ T9720]  ? srso_alias_return_thunk+0x5/0xfbef5
[  419.583649][ T9720]  ? __mod_zone_page_state+0xcc/0x1a0
[  419.583697][ T9720]  ? srso_alias_return_thunk+0x5/0xfbef5
[  419.583754][ T9720]  f2fs_write_data_pages+0x4ad/0xd90
[  419.583818][ T9720]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  419.583895][ T9720]  ? srso_alias_return_thunk+0x5/0xfbef5
[  419.583943][ T9720]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  419.584001][ T9720]  do_writepages+0x27a/0x600
[  419.584048][ T9720]  ? __pfx_do_writepages+0x10/0x10
[  419.584085][ T9720]  ? do_raw_spin_unlock+0x172/0x230
[  419.584131][ T9720]  ? srso_alias_return_thunk+0x5/0xfbef5
[  419.584177][ T9720]  ? _raw_spin_unlock+0x28/0x50
[  419.584223][ T9720]  filemap_fdatawrite_wbc+0x104/0x160
[  419.584270][ T9720]  __filemap_fdatawrite_range+0xb9/0x100
[  419.584328][ T9720]  ? __pfx___filemap_fdatawrite_range+0x10/0x10
[  419.584453][ T9720]  ? find_held_lock+0x2b/0x80
[  419.584506][ T9720]  ? srso_alias_return_thunk+0x5/0xfbef5
[  419.584553][ T9720]  ? do_raw_spin_unlock+0x172/0x230
[  419.584599][ T9720]  ? srso_alias_return_thunk+0x5/0xfbef5
[  419.584654][ T9720]  f2fs_sync_dirty_inodes+0x2a2/0x980
[  419.584734][ T9720]  block_operations+0x2b0/0xfe0
[  419.584787][ T9720]  ? bpf_ksym_find+0x124/0x1c0
[  419.584860][ T9720]  ? __pfx_block_operations+0x10/0x10
[  419.584912][ T9720]  ? srso_alias_return_thunk+0x5/0xfbef5
[  419.584959][ T9720]  ? __kernel_text_address+0xd/0x40
[  419.585071][ T9720]  ? srso_alias_return_thunk+0x5/0xfbef5
[  419.585122][ T9720]  ? ktime_get+0x200/0x310
[  419.585181][ T9720]  ? srso_alias_return_thunk+0x5/0xfbef5
[  419.585227][ T9720]  ? lockdep_hardirqs_on+0x7c/0x110
[  419.585272][ T9720]  ? srso_alias_return_thunk+0x5/0xfbef5
[  419.585319][ T9720]  ? rcu_is_watching+0x12/0xc0
[  419.585378][ T9720]  f2fs_write_checkpoint+0x32b/0x5300
[  419.585473][ T9720]  kill_f2fs_super+0x3d6/0x490
[  419.585531][ T9720]  ? __pfx_kill_f2fs_super+0x10/0x10
[  419.585609][ T9720]  ? srso_alias_return_thunk+0x5/0xfbef5
[  419.585676][ T9720]  deactivate_locked_super+0xc1/0x1a0
[  419.585734][ T9720]  deactivate_super+0xde/0x100
[  419.585792][ T9720]  cleanup_mnt+0x225/0x450
[  419.585859][ T9720]  task_work_run+0x150/0x240
[  419.585906][ T9720]  ? __pfx_task_work_run+0x10/0x10
[  419.585946][ T9720]  ? srso_alias_return_thunk+0x5/0xfbef5
[  419.585997][ T9720]  ? __pfx___x64_sys_umount+0x10/0x10
[  419.586071][ T9720]  exit_to_user_mode_loop+0xec/0x130
[  419.586116][ T9720]  do_syscall_64+0x426/0xfa0
[  419.586167][ T9720]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  419.586206][ T9720] RIP: 0033:0x7fa9555902f7
[  419.586235][ T9720] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  419.586274][ T9720] RSP: 002b:00007ffd24c17478 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  419.586311][ T9720] RAX: 0000000000000000 RBX: 00007fa955611d7d RCX: 00007fa9555902f7
[  419.586337][ T9720] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd24c17530
[  419.586362][ T9720] RBP: 00007ffd24c17530 R08: 0000000000000000 R09: 0000000000000000
[  419.586386][ T9720] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffd24c185c0
[  419.586412][ T9720] R13: 00007fa955611d7d R14: 000000000006668e R15: 00007ffd24c18600
[  419.586472][ T9720]  </TASK>
[  420.045486][ T9720] F2FS-fs (loop8): Stopped filesystem due to reason: 3
[  420.120825][T12716] loop4: detected capacity change from 0 to 512
[  420.169661][T12716] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  420.192972][T12716] ext4 filesystem being mounted at /431/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  420.394482][ T5831] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  421.561120][T12765] loop7: detected capacity change from 0 to 1
[  421.626221][T12765] Dev loop7: unable to read RDB block 1
[  421.632229][T12765]  loop7: unable to read partition table
[  421.638214][T12765] loop7: partition table beyond EOD, truncated
[  421.644881][T12765] loop_reread_partitions: partition scan of loop7 (îÝ·ÂU@™:ÖB$Œ{
W) failed (rc=-5)
[  422.094462][T12784] loop7: detected capacity change from 0 to 1764
[  422.103239][T12784] iso9660: Bad value for 'session'
[  422.128746][T12786] loop8: detected capacity change from 0 to 128
[  422.143583][T12784]  nullb0: [CUMANA/ADFS] p1 [Linux] p2 < >
[  422.161296][  T805] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  422.200182][  T979] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[  422.330056][  T805] usb 2-1: Using ep0 maxpacket: 8
[  422.339546][  T805] usb 2-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  422.348700][  T805] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  422.350191][  T979] usb 1-1: Using ep0 maxpacket: 8
[  422.356730][  T805] usb 2-1: Product: syz
[  422.365900][  T805] usb 2-1: Manufacturer: syz
[  422.366142][  T979] usb 1-1: config 179 has an invalid interface number: 65 but max is 0
[  422.370520][  T805] usb 2-1: SerialNumber: syz
[  422.373786][  T805] usb 2-1: config 0 descriptor??
[  422.381950][  T979] usb 1-1: config 179 has no interface number 0
[  422.387967][  T805] gspca_main: se401-2.14.0 probing 047d:5003
[  422.388676][  T979] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  422.412264][  T934] usb 9-1: new high-speed USB device number 12 using dummy_hcd
[  422.420112][  T979] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  422.435782][  T979] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  422.447008][  T979] usb 1-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  422.458513][  T979] usb 1-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  422.473420][  T979] usb 1-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  422.483400][  T979] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  422.504367][T12780] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22
[  422.568513][T12789] bridge0: entered promiscuous mode
[  422.574003][T12789] macvlan0: entered promiscuous mode
[  422.580363][  T934] usb 9-1: Using ep0 maxpacket: 32
[  422.589115][T12789] bridge0: port 2(macvlan0) entered blocking state
[  422.597265][T12789] bridge0: port 2(macvlan0) entered disabled state
[  422.604305][  T934] usb 9-1: config 13 has an invalid interface number: 108 but max is 0
[  422.612829][  T934] usb 9-1: config 13 has no interface number 0
[  422.620231][T12789] macvlan0: entered allmulticast mode
[  422.626143][T12789] bridge0: entered allmulticast mode
[  422.636430][  T934] usb 9-1: New USB device found, idVendor=06cd, idProduct=010c, bcdDevice=71.09
[  422.645731][  T934] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  422.653941][  T934] usb 9-1: Product: syz
[  422.658275][  T934] usb 9-1: Manufacturer: syz
[  422.664710][  T934] usb 9-1: SerialNumber: syz
[  422.675478][T12789] macvlan0: left allmulticast mode
[  422.682801][T12789] bridge0: left allmulticast mode
[  422.697012][  T934] keyspan 9-1:13.108: Keyspan 1 port adapter converter detected
[  422.703654][T12789] bridge0: left promiscuous mode
[  422.705545][  T934] keyspan 9-1:13.108: found no endpoint descriptor for endpoint 84
[  422.744877][  T934] keyspan 9-1:13.108: found no endpoint descriptor for endpoint 81
[  422.753356][  T934] keyspan 9-1:13.108: found no endpoint descriptor for endpoint 1
[  422.755145][ T5912] usb 1-1: USB disconnect, device number 26
[  422.761280][    C1] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  422.761364][    C1] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  422.784053][  T934] keyspan 9-1:13.108: found no endpoint descriptor for endpoint 2
[  422.792450][  T934] keyspan 9-1:13.108: found no endpoint descriptor for endpoint 83
[  422.800950][  T934] keyspan 9-1:13.108: found no endpoint descriptor for endpoint 3
[  422.820185][  T934] usb 9-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[  422.829729][  T805] gspca_se401: ExtraFeatures: 117
[  422.834986][  T805] gspca_se401: Too many frame sizes
[  422.894021][T12795] loop6: detected capacity change from 0 to 512
[  422.903848][T12795] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  422.912823][  T934] usb 9-1: USB disconnect, device number 12
[  422.924352][  T934] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[  422.929284][T12795] EXT4-fs (loop6): 1 truncate cleaned up
[  422.934432][  T934] keyspan 9-1:13.108: device disconnected
[  422.942397][T12795] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  422.966571][T12795] EXT4-fs (loop6): shut down requested (2)
[  422.975012][T12795] EXT4-fs warning (device loop6): ext4_resize_fs:2019: can't read last block, resize aborted
[  423.013373][ T8046] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  423.070944][  T979] usb 2-1: USB disconnect, device number 15
[  423.190545][ T5849] Bluetooth: hci6: Opcode 0x1003 failed: -110
[  423.206113][T12800] IPVS: Scheduler module ip_vs_ not found
[  423.296658][T12804] input: syz0 as /devices/virtual/input/input57
[  423.560962][T12806] syz.0.2548 (12806) used greatest stack depth: 19720 bytes left
[  423.592801][T12813] netlink: 64 bytes leftover after parsing attributes in process `syz.8.2551'.
[  424.130183][  T979] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  424.152812][ T5912] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[  424.255647][T12833] loop1: detected capacity change from 0 to 1024
[  424.294690][  T979] usb 7-1: New USB device found, idVendor=05ac, idProduct=0324, bcdDevice= 0.00
[  424.307379][  T979] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  424.321017][ T5912] usb 5-1: Using ep0 maxpacket: 16
[  424.332140][T12833] EXT4-fs: Ignoring removed i_version option
[  424.338200][T12833] EXT4-fs: inline encryption not supported
[  424.342900][  T979] usb 7-1: config 0 descriptor??
[  424.354485][ T5912] usb 5-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6
[  424.364069][ T5912] usb 5-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  424.380372][ T5912] usb 5-1: Product: syz
[  424.388327][ T5912] usb 5-1: Manufacturer: syz
[  424.400513][ T5912] usb 5-1: SerialNumber: syz
[  424.423018][ T5912] usb 5-1: config 0 descriptor??
[  424.450235][T12833] EXT4-fs: Ignoring removed nobh option
[  424.586105][T12833] EXT4-fs (loop1): Test dummy encryption mode enabled
[  424.652690][ T5912] usb 5-1: USB disconnect, device number 26
[  424.686417][T12833] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  424.786328][  T979] magicmouse 0003:05AC:0324.0029: item fetching failed at offset 1/5
[  424.802804][  T979] magicmouse 0003:05AC:0324.0029: magicmouse hid parse failed
[  424.822764][  T979] magicmouse 0003:05AC:0324.0029: probe with driver magicmouse failed with error -22
[  424.832050][   T30] audit: type=1804 audit(1761473000.377:121): pid=12833 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.2555" name="/newroot/306/file0/bus" dev="loop1" ino=18 res=1 errno=0
[  424.917931][   T30] audit: type=1800 audit(1761473000.467:122): pid=12833 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2555" name="bus" dev="loop1" ino=18 res=0 errno=0
[  424.986949][  T979] usb 7-1: USB disconnect, device number 17
[  425.323901][ T5835] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  425.373322][T12858] loop4: detected capacity change from 0 to 512
[  425.384294][T12858] EXT4-fs: Ignoring removed mblk_io_submit option
[  425.394727][T12858] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -13
[  425.408845][T12858] EXT4-fs error (device loop4): ext4_clear_blocks:874: inode #13: comm syz.4.2567: attempt to clear invalid blocks 2 len 1
[  425.410054][T12858] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1286: group 0, block bitmap and bg descriptor inconsistent: 218 vs 220 free clusters
[  425.438790][T12858] EXT4-fs error (device loop4): ext4_free_branches:1020: inode #13: comm syz.4.2567: invalid indirect mapped block 1819239214 (level 0)
[  425.453988][T12858] EXT4-fs error (device loop4): ext4_free_branches:1020: inode #13: comm syz.4.2567: invalid indirect mapped block 1819239214 (level 1)
[  425.470404][T12858] EXT4-fs (loop4): 1 truncate cleaned up
[  425.492369][T12858] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  425.634236][ T5831] EXT4-fs error (device loop4): htree_dirblock_to_tree:1077: inode #2: block 13: comm syz-executor: bad entry in directory: rec_len % 4 != 0 - offset=108, inode=4294901777, rec_len=65535, size=1024 fake=0
[  425.643301][ T5831] EXT4-fs error (device loop4): ext4_iget_extra_inode:5074: inode #15: comm syz-executor: corrupted in-inode xattr: e_value out of bounds
[  425.680817][ T5831] EXT4-fs error (device loop4): ext4_iget_extra_inode:5074: inode #15: comm syz-executor: corrupted in-inode xattr: e_value out of bounds
[  426.076380][   T52] Bluetooth: hci2: command 0x0406 tx timeout
[  426.152981][T12866] loop7: detected capacity change from 0 to 32768
[  426.163697][T12866] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.2571 (12866)
[  426.176937][T12875] loop6: detected capacity change from 0 to 512
[  426.207817][T12866] BTRFS info (device loop7): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  426.218097][T12866] BTRFS info (device loop7): using crc32c (crc32c-lib) checksum algorithm
[  426.272950][T12875] Quota error (device loop6): find_tree_dqentry: Cycle in quota tree detected: block 3 index 0
[  426.291779][T12875] Quota error (device loop6): qtree_read_dquot: Can't read quota structure for id 0
[  426.327492][T12875] EXT4-fs error (device loop6): ext4_acquire_dquot:6943: comm syz.6.2575: Failed to acquire dquot type 1
[  426.353911][T12875] EXT4-fs (loop6): 1 truncate cleaned up
[  426.361919][T12875] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  426.374809][ T5912] usb 9-1: new high-speed USB device number 13 using dummy_hcd
[  426.390135][T12875] ext4 filesystem being mounted at /337/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  426.422469][T12649] netdevsim netdevsim4 eth3 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  426.457828][T12866] BTRFS info (device loop7): setting nodatasum
[  426.464140][T12866] BTRFS info (device loop7): setting nodatacow
[  426.470426][T12866] BTRFS info (device loop7): turning on async discard
[  426.477203][T12866] BTRFS info (device loop7): enabling free space tree
[  426.484206][T12866] BTRFS info (device loop7): max_inline set to 0
[  426.568803][ T5912] usb 9-1: Using ep0 maxpacket: 8
[  426.582478][ T5912] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  426.623002][T12649] netdevsim netdevsim4 eth2 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  426.640911][ T5912] usb 9-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  426.652548][ T5912] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  426.673700][ T5912] usb 9-1: config 0 descriptor??
[  426.698302][ T8046] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  426.716619][ T9642] BTRFS info (device loop7): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  426.796375][T12649] netdevsim netdevsim4 eth1 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  426.955480][T12897] erspan0: entered promiscuous mode
[  426.963865][ T5912] iowarrior 9-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  426.993589][T12649] netdevsim netdevsim4 eth0 (unregistering): unset [1, 0] type 2 family 0 port 20004 - 0
[  427.175626][ T5831] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  427.440375][T12649] bridge_slave_1: left allmulticast mode
[  427.446051][T12649] bridge_slave_1: left promiscuous mode
[  427.463164][T12649] bridge0: port 2(bridge_slave_1) entered disabled state
[  427.513370][T12649] bridge_slave_0: left allmulticast mode
[  427.543523][T12649] bridge_slave_0: left promiscuous mode
[  427.549298][T12649] bridge0: port 1(bridge_slave_0) entered disabled state
[  428.309077][T12899] loop6: detected capacity change from 0 to 32768
[  428.694280][   T52] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  428.703918][   T52] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  428.712208][   T52] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  428.720505][   T52] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  428.738172][   T52] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  428.776038][T12649] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  428.801422][T12649] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  428.823508][T12649] bond0 (unregistering): Released all slaves
[  429.048664][T12918] loop6: detected capacity change from 0 to 1024
[  429.100392][   T49] usb 9-1: USB disconnect, device number 13
[  429.146377][T12918] EXT4-fs (loop6): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  429.190512][T12918] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  429.334611][ T8046] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  429.513207][T12914] loop1: detected capacity change from 0 to 32768
[  429.566953][T12649] hsr_slave_0: left promiscuous mode
[  429.582971][T12649] hsr_slave_1: left promiscuous mode
[  429.589432][T12649] batman_adv: batadv0: Removing interface: batadv_slave_0
[  429.600928][T12649] batman_adv: batadv0: Removing interface: batadv_slave_1
[  429.627331][T12914] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  429.800203][   T49] usb 9-1: new high-speed USB device number 14 using dummy_hcd
[  429.969310][   T49] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  429.983729][   T49] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  429.994069][   T49] usb 9-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40
[  430.003434][   T49] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  430.016218][   T49] usb 9-1: config 0 descriptor??
[  430.071420][ T5835] (syz-executor,5835,1):ocfs2_inode_is_valid_to_delete:947 ERROR: Skipping delete of system file 72
[  430.089642][ T5835] ocfs2: Unmounting device (7,1) on (node local)
[  430.339482][T12649] team0 (unregistering): Port device team_slave_0 removed
[  430.442843][   T49] keytouch 0003:0926:3333.002A: fixing up Keytouch IEC report descriptor
[  430.477312][   T49] input: HID 0926:3333 as /devices/platform/dummy_hcd.8/usb9/9-1/9-1:0.0/0003:0926:3333.002A/input/input58
[  430.599723][   T49] keytouch 0003:0926:3333.002A: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.8-1/input0
[  430.695413][    T9] usb 9-1: USB disconnect, device number 14
[  430.794082][ T5849] Bluetooth: hci1: command tx timeout
[  431.056751][T12952] loop7: detected capacity change from 0 to 1
[  431.114923][T12915] chnl_net:caif_netlink_parms(): no params data found
[  431.196590][T12952] Dev loop7: unable to read RDB block 1
[  431.202625][T12952]  loop7: unable to read partition table
[  431.222973][T12952] loop7: partition table beyond EOD, truncated
[  431.247829][T12952] loop_reread_partitions: partition scan of loop7 (îÝ·ÂU@™:ÖB$Œ{
W) failed (rc=-5)
[  431.421127][T12954] sp0: Synchronizing with TNC
[  431.668233][T12915] bridge0: port 1(bridge_slave_0) entered blocking state
[  431.688491][T12915] bridge0: port 1(bridge_slave_0) entered disabled state
[  431.702312][T12915] bridge_slave_0: entered allmulticast mode
[  431.716318][T12915] bridge_slave_0: entered promiscuous mode
[  431.726886][T12915] bridge0: port 2(bridge_slave_1) entered blocking state
[  431.749357][T12915] bridge0: port 2(bridge_slave_1) entered disabled state
[  431.770350][T12915] bridge_slave_1: entered allmulticast mode
[  431.788803][T12915] bridge_slave_1: entered promiscuous mode
[  431.815631][T12649] IPVS: stop unused estimator thread 0...
[  431.936907][T12915] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  432.010089][T12915] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  432.099192][T12915] team0: Port device team_slave_0 added
[  432.108315][T12915] team0: Port device team_slave_1 added
[  432.259193][T12980] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci1/hci1:200/input59
[  432.872144][ T5849] Bluetooth: hci1: command tx timeout
[  433.041455][T12915] batman_adv: batadv0: Adding interface: batadv_slave_0
[  433.048532][T12915] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  433.080598][T12915] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  433.112111][T12915] batman_adv: batadv0: Adding interface: batadv_slave_1
[  433.129293][T12915] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  433.191075][T12915] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  433.355969][T12915] hsr_slave_0: entered promiscuous mode
[  433.362825][T12915] hsr_slave_1: entered promiscuous mode
[  433.369318][T12915] debugfs: 'hsr0' already exists in 'hsr'
[  433.378000][T12915] Cannot create hsr debugfs directory
[  433.469948][  T979] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[  433.593848][ T5977] usb 9-1: new high-speed USB device number 15 using dummy_hcd
[  433.638661][  T979] usb 1-1: Using ep0 maxpacket: 32
[  433.647505][  T979] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  433.668727][  T979] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  433.692593][  T979] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  433.703627][T12915] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  433.723078][  T979] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  433.725915][T12915] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  433.748718][T12915] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  433.756962][  T979] usb 1-1: config 0 descriptor??
[  433.770220][ T5977] usb 9-1: Using ep0 maxpacket: 8
[  433.780440][T12915] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  433.791868][ T5977] usb 9-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c
[  433.791984][  T979] hub 1-1:0.0: USB hub found
[  433.802330][ T5977] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  433.819259][ T5977] usb 9-1: Product: syz
[  433.827112][ T5977] usb 9-1: Manufacturer: syz
[  433.832354][ T5977] usb 9-1: SerialNumber: syz
[  433.846953][ T5977] usb 9-1: config 0 descriptor??
[  433.867941][ T5977] gspca_main: se401-2.14.0 probing 047d:5003
[  434.008424][T12915] 8021q: adding VLAN 0 to HW filter on device bond0
[  434.030171][  T979] hub 1-1:0.0: 1 port detected
[  434.063777][T12915] 8021q: adding VLAN 0 to HW filter on device team0
[  434.119615][ T1152] bridge0: port 1(bridge_slave_0) entered blocking state
[  434.126824][ T1152] bridge0: port 1(bridge_slave_0) entered forwarding state
[  434.149038][ T1152] bridge0: port 2(bridge_slave_1) entered blocking state
[  434.156228][ T1152] bridge0: port 2(bridge_slave_1) entered forwarding state
[  434.167640][T13005] input: syz1 as /devices/virtual/input/input60
[  434.295608][ T5977] gspca_se401: ExtraFeatures: 117
[  434.309993][ T5977] gspca_se401: Too many frame sizes
[  434.368621][T13010] loop7: detected capacity change from 0 to 512
[  434.398728][T13010] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  434.423597][T13007] loop1: detected capacity change from 0 to 512
[  434.431532][T13010] EXT4-fs (loop7): 1 truncate cleaned up
[  434.443361][T13010] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  434.443549][  T979] usb 1-1: USB disconnect, device number 27
[  434.461070][T13007] EXT4-fs error (device loop1): ext4_orphan_get:1392: inode #15: comm syz.1.2612: inode has both inline data and extents flags
[  434.475576][T13007] EXT4-fs error (device loop1): ext4_orphan_get:1395: comm syz.1.2612: couldn't read orphan inode 15 (err -117)
[  434.493668][T13007] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  434.497965][T13010] EXT4-fs (loop7): shut down requested (2)
[  434.545993][ T5847] usb 9-1: USB disconnect, device number 15
[  434.574190][T13010] EXT4-fs warning (device loop7): ext4_resize_fs:2019: can't read last block, resize aborted
[  434.638646][ T9642] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  434.698949][T12915] 8021q: adding VLAN 0 to HW filter on device batadv0
[  434.835149][ T5835] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  434.950084][ T5849] Bluetooth: hci1: command tx timeout
[  435.330437][T12915] veth0_vlan: entered promiscuous mode
[  435.347437][T12915] veth1_vlan: entered promiscuous mode
[  435.427716][T12915] veth0_macvtap: entered promiscuous mode
[  435.452359][T12915] veth1_macvtap: entered promiscuous mode
[  435.709534][T12915] batman_adv: batadv0: Interface activated: batadv_slave_0
[  435.730107][  T934] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[  435.766247][T12915] batman_adv: batadv0: Interface activated: batadv_slave_1
[  435.805012][T12649] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  435.835792][T12649] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  435.855542][T12649] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  435.887518][T12649] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  435.900516][  T934] usb 1-1: Using ep0 maxpacket: 8
[  435.919100][  T934] usb 1-1: config index 0 descriptor too short (expected 30, got 18)
[  435.943409][  T934] usb 1-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  435.960094][  T934] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  435.968234][  T934] usb 1-1: Product: syz
[  435.978357][  T934] usb 1-1: Manufacturer: syz
[  435.988483][  T934] usb 1-1: SerialNumber: syz
[  436.052648][T13037] loop8: detected capacity change from 0 to 32768
[  436.074133][  T934] usb 1-1: config 0 descriptor??
[  436.087171][  T934] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  436.095643][T13037] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop8 (7:8) scanned by syz.8.2634 (13037)
[  436.109996][  T934] usb 1-1: setting power ON
[  436.114510][  T934] dvb-usb: bulk message failed: -22 (2/0)
[  436.132840][  T934] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  436.145485][  T934] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  436.165166][  T934] usb 1-1: media controller created
[  436.192998][  T934] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  436.216138][  T934] usb 1-1: selecting invalid altsetting 6
[  436.222332][  T934] usb 1-1: digital interface selection failed (-22)
[  436.234934][T13037] BTRFS info (device loop8): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  436.246188][T13037] BTRFS info (device loop8): using blake2b (blake2b-256-generic) checksum algorithm
[  436.294426][  T934] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  436.296272][T13041] dvb-usb: bulk message failed: -22 (3/0)
[  436.317148][  T934] usb 1-1: setting power OFF
[  436.325224][T13041] dvb-usb: bulk message failed: -22 (3/0)
[  436.344402][  T934] dvb-usb: bulk message failed: -22 (2/0)
[  436.364657][ T1152] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  436.377706][  T934] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  436.392832][T13041] dvb-usb: bulk message failed: -22 (3/0)
[  436.411060][ T1152] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  436.422086][  T934] (NULL device *): no alternate interface
[  436.461770][  T934] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  436.480835][T12623] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  436.489050][T12623] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  436.489500][T13037] BTRFS info (device loop8): enabling ssd optimizations
[  436.503018][  T934] usb 1-1: USB disconnect, device number 28
[  436.520216][T13037] BTRFS info (device loop8): turning on async discard
[  436.527017][T13037] BTRFS info (device loop8): enabling free space tree
[  436.671297][T13060] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  436.780501][ T9720] BTRFS info (device loop8): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  436.849081][T13064] IPVS: Scheduler module ip_vs_ not found
[  437.034132][ T5849] Bluetooth: hci1: command tx timeout
[  437.489965][  T805] usb 10-1: new full-speed USB device number 2 using dummy_hcd
[  437.601135][  T934] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  437.657343][  T805] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 12592, setting to 64
[  437.671154][  T805] usb 10-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  437.705240][  T805] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  437.716987][  T805] usb 10-1: config 0 descriptor??
[  437.730898][T13077] raw-gadget.1 gadget.9: fail, usb_ep_enable returned -22
[  437.740547][  T805] hub 10-1:0.0: USB hub found
[  437.769964][  T934] usb 2-1: Using ep0 maxpacket: 8
[  437.792433][  T934] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  437.820220][  T934] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  437.850122][  T934] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  437.871350][  T934] usb 2-1: config 0 descriptor??
[  437.960863][  T805] hub 10-1:0.0: 1 port detected
[  438.093270][T13098] hsr0: entered promiscuous mode
[  438.099255][  T934] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  438.116067][T13098] netlink: 4 bytes leftover after parsing attributes in process `syz.6.2642'.
[  438.125529][T13098] hsr_slave_0: left promiscuous mode
[  438.132152][T13098] hsr_slave_1: left promiscuous mode
[  438.157528][T13098] hsr0 (unregistering): left promiscuous mode
[  438.788028][  T805] hub 10-1:0.0: hub_ext_port_status failed (err = -71)
[  438.789325][  T979] usb 10-1: USB disconnect, device number 2
[  439.609987][ T5912] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  439.754245][T13117] loop6: detected capacity change from 0 to 4096
[  439.775398][T13117] ntfs3(loop6): Different NTFS sector size (1024) and media sector size (512).
[  439.779978][ T5912] usb 10-1: Using ep0 maxpacket: 8
[  439.840443][ T5912] usb 10-1: config index 0 descriptor too short (expected 30, got 18)
[  439.851754][ T5912] usb 10-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  439.861640][ T5912] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  439.869735][ T5912] usb 10-1: Product: syz
[  439.885262][T13117] ntfs3(loop6): ino=1e, "file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ni_find_attr
[  439.912558][ T5912] usb 10-1: Manufacturer: syz
[  439.912594][ T5912] usb 10-1: SerialNumber: syz
[  439.931589][ T5912] usb 10-1: config 0 descriptor??
[  439.942522][ T5912] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  439.946496][T13117] ntfs3(loop6): ino=1e, "file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" ni_find_attr
[  439.960573][ T5912] usb 10-1: setting power ON
[  440.005388][ T5912] dvb-usb: bulk message failed: -22 (2/0)
[  440.032508][ T5912] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  440.069171][ T5912] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  440.089958][ T5912] usb 10-1: media controller created
[  440.157920][ T5912] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  440.175409][T13106] dvb-usb: bulk message failed: -22 (3/0)
[  440.181288][T13106] dvb-usb: bulk message failed: -22 (3/0)
[  440.192944][T13106] dvb-usb: bulk message failed: -22 (3/0)
[  440.240848][ T5912] usb 10-1: selecting invalid altsetting 6
[  440.246690][ T5912] usb 10-1: digital interface selection failed (-22)
[  440.279450][T13131] loop6: detected capacity change from 0 to 128
[  440.279900][ T5912] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  440.302447][T13131] UDF-fs: error (device loop6): udf_read_tagged: read failed, block=256, location=256
[  440.309025][ T5912] usb 10-1: setting power OFF
[  440.317829][ T5912] dvb-usb: bulk message failed: -22 (2/0)
[  440.332444][ T5912] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  440.336110][T13131] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  440.351305][ T5912] (NULL device *): no alternate interface
[  440.417770][ T5912] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  440.466700][ T5912] usb 10-1: USB disconnect, device number 3
[  440.472777][   T30] audit: type=1326 audit(1761473016.017:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13132 comm="syz.8.2658" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa95558efc9 code=0x0
[  440.499385][ T5847] usb 2-1: USB disconnect, device number 16
[  440.969959][ T5847] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  441.120095][ T5847] usb 2-1: Using ep0 maxpacket: 32
[  441.127305][ T5847] usb 2-1: config 8 has an invalid interface number: 203 but max is 0
[  441.141239][ T5847] usb 2-1: config 8 has no interface number 0
[  441.154068][ T5847] usb 2-1: config 8 interface 203 has no altsetting 0
[  441.175606][ T5847] usb 2-1: New USB device found, idVendor=054c, idProduct=06c3, bcdDevice=eb.7a
[  441.188258][ T5847] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  441.209518][ T5847] usb 2-1: Product: syz
[  441.217090][ T5847] usb 2-1: Manufacturer: syz
[  441.227783][ T5847] usb 2-1: SerialNumber: syz
[  441.425923][T13162] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  441.670245][ T5847] port100 2-1:8.203: NFC: Could not find bulk-in or bulk-out endpoint
[  441.692272][ T5847] usb 2-1: USB disconnect, device number 17
[  442.795445][T13188] loop6: detected capacity change from 0 to 128
[  443.082643][ T5912] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[  443.259991][ T5912] usb 7-1: Using ep0 maxpacket: 32
[  443.285722][ T5912] usb 7-1: config 13 has an invalid interface number: 108 but max is 0
[  443.296648][ T5912] usb 7-1: config 13 has no interface number 0
[  443.314249][ T5912] usb 7-1: New USB device found, idVendor=06cd, idProduct=010c, bcdDevice=71.09
[  443.324632][ T5912] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  443.332711][ T5912] usb 7-1: Product: syz
[  443.336989][ T5912] usb 7-1: Manufacturer: syz
[  443.341729][ T5912] usb 7-1: SerialNumber: syz
[  443.386441][ T5912] keyspan 7-1:13.108: Keyspan 1 port adapter converter detected
[  443.394569][ T5912] keyspan 7-1:13.108: found no endpoint descriptor for endpoint 84
[  443.411362][ T5912] keyspan 7-1:13.108: found no endpoint descriptor for endpoint 81
[  443.419526][ T5912] keyspan 7-1:13.108: found no endpoint descriptor for endpoint 1
[  443.440084][ T5912] keyspan 7-1:13.108: found no endpoint descriptor for endpoint 2
[  443.450061][ T5912] keyspan 7-1:13.108: found no endpoint descriptor for endpoint 83
[  443.470984][ T5912] keyspan 7-1:13.108: found no endpoint descriptor for endpoint 3
[  443.490706][ T5912] usb 7-1: Keyspan 1 port adapter converter now attached to ttyUSB0
[  443.630067][ T5912] usb 7-1: USB disconnect, device number 18
[  443.641239][ T5912] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0
[  443.660442][ T5912] keyspan 7-1:13.108: device disconnected
[  443.799527][T13203] input: syz1 as /devices/virtual/input/input61
[  443.822878][T13204] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  443.966720][   T30] audit: type=1326 audit(1761473019.517:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13209 comm="syz.7.2683" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f908418efc9 code=0x0
[  443.988539][    C0] vkms_vblank_simulate: vblank timer overrun
[  444.471641][ T5847] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[  444.640053][ T5847] usb 1-1: Using ep0 maxpacket: 8
[  444.653355][ T5847] usb 1-1: config 0 has an invalid interface number: 186 but max is 0
[  444.661821][ T5847] usb 1-1: config 0 has no interface number 0
[  444.676272][ T5847] usb 1-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A
[  444.698294][ T5847] usb 1-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7
[  444.722904][ T5847] usb 1-1: New USB device found, idVendor=07c0, idProduct=1500, bcdDevice=b8.c5
[  444.732782][ T5847] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  444.740934][ T5847] usb 1-1: Product: syz
[  444.747392][ T5847] usb 1-1: Manufacturer: syz
[  444.752118][ T5847] usb 1-1: SerialNumber: syz
[  444.762175][ T5847] usb 1-1: config 0 descriptor??
[  444.985292][ T5847] iowarrior 1-1:0.186: IOWarrior product=0x1500, serial=42424242 interface=186 now attached to iowarrior0
[  445.129792][T13219] loop1: detected capacity change from 0 to 32768
[  445.139448][T13219] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.2685 (13219)
[  445.278649][ T5847] usb 1-1: USB disconnect, device number 29
[  445.329973][  T979] usb 7-1: new high-speed USB device number 19 using dummy_hcd
[  445.356944][T13219] BTRFS info (device loop1): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  445.402076][T13219] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  445.484973][  T979] usb 7-1: Using ep0 maxpacket: 8
[  445.495287][  T979] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  445.509254][  T979] usb 7-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  445.521700][  T979] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  445.533077][  T979] usb 7-1: config 0 descriptor??
[  445.644823][T13219] BTRFS info (device loop1): enabling ssd optimizations
[  445.652390][T13219] BTRFS info (device loop1): turning on async discard
[  445.659489][T13219] BTRFS info (device loop1): enabling free space tree
[  445.748895][  T979] iowarrior 7-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  445.829744][ T5835] BTRFS info (device loop1): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  448.107015][  T979] usb 7-1: USB disconnect, device number 19
[  448.822535][T13294] loop1: detected capacity change from 0 to 2048
[  449.185996][T13307] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  449.458055][T13307] NILFS (loop1): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  449.489003][T13307] NILFS error (device loop1): nilfs_bmap_propagate: broken bmap (inode number=4)
[  449.506294][T13307] Remounting filesystem read-only
[  449.595557][ T1298] ieee802154 phy1 wpan1: encryption failed: -22
[  450.009631][ T5835] NILFS (loop1): disposed unprocessed dirty file(s) when stopping log writer
[  450.587863][T13335] loop7: detected capacity change from 0 to 1024
[  450.650298][T13335] EXT4-fs (loop7): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  450.691161][T13335] EXT4-fs (loop7): revision level too high, forcing read-only mode
[  450.700697][T13335] EXT4-fs (loop7): orphan cleanup on readonly fs
[  450.805663][T13335] EXT4-fs error (device loop7): __ext4_get_inode_loc:4831: comm syz.7.2728: Invalid inode table block 0 in block_group 0
[  450.904655][T13335] EXT4-fs (loop7): Remounting filesystem read-only
[  450.914751][T13335] Quota error (device loop7): write_blk: dquota write failed
[  450.951665][T13335] Quota error (device loop7): qtree_write_dquot: Error -117 occurred while creating quota
[  450.983377][T13335] EXT4-fs (loop7): 1 truncate cleaned up
[  450.990421][T13331] loop6: detected capacity change from 0 to 32768
[  451.016187][T13335] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  451.039711][T13331] ocfs2: Slot 0 on device (7,6) was already allocated to this node!
[  451.073518][T13335] EXT4-fs (loop7): shut down requested (1)
[  451.090324][T13331] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  451.122146][T13331] 
[  451.122164][ T1152] (kworker/u8:7,1152,0):ocfs2_check_dir_entry:321 ERROR: bad entry in directory #72: rec_len % 4 != 0 - offset=312, inode=13845347915746889, rec_len=25793, name_len=214
[  451.124472][T13331] ======================================================
[  451.148624][T13331] WARNING: possible circular locking dependency detected
[  451.155645][T13331] syzkaller #0 Not tainted
[  451.160057][T13331] ------------------------------------------------------
[  451.167062][T13331] syz.6.2726/13331 is trying to acquire lock:
[  451.173116][T13331] ffff888057273ff8 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_calc_xattr_init+0x5e5/0xc90
[  451.183081][T13331] 
[  451.183081][T13331] but task is already holding lock:
[  451.190445][T13331] ffff88805727a640 (&ocfs2_sysfile_lock_key[INODE_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_suballoc_bits+0x11c/0x4910
[  451.203803][T13331] 
[  451.203803][T13331] which lock already depends on the new lock.
[  451.203803][T13331] 
[  451.214204][T13331] 
[  451.214204][T13331] the existing dependency chain (in reverse order) is:
[  451.223210][T13331] 
[  451.223210][T13331] -> #3 (&ocfs2_sysfile_lock_key[INODE_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}:
[  451.233831][T13331]        down_write+0x92/0x200
[  451.238619][T13331]        ocfs2_remove_inode+0x15b/0x8a0
[  451.244174][T13331]        ocfs2_wipe_inode+0x446/0x1210
[  451.249646][T13331]        ocfs2_evict_inode+0x6e0/0x1680
[  451.255197][T13331]        evict+0x3e6/0x920
[  451.259616][T13331]        iput.part.0+0x6a9/0xb00
[  451.264557][T13331]        iput+0x35/0x40
[  451.268722][T13331]        ocfs2_dentry_iput+0x139/0x330
[  451.274198][T13331]        dentry_unlink_inode+0x282/0x480
[  451.279837][T13331]        __dentry_kill+0x1d0/0x600
[  451.284957][T13331]        dput.part.0+0x4b1/0x9b0
[  451.289901][T13331]        dput+0x1f/0x30
[  451.294063][T13331]        do_renameat2+0x7e8/0xc20
[  451.299131][T13331]        __x64_sys_rename+0x7d/0xa0
[  451.304332][T13331]        do_syscall_64+0xcd/0xfa0
[  451.309365][T13331]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  451.315789][T13331] 
[  451.315789][T13331] -> #2 (&ocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE]){+.+.}-{4:4}:
[  451.326413][T13331]        down_write+0x92/0x200
[  451.331194][T13331]        ocfs2_del_inode_from_orphan+0x112/0x700
[  451.337553][T13331]        ocfs2_dio_end_io_write+0x2cb/0xf30
[  451.343449][T13331]        ocfs2_dio_end_io+0x136/0x2c0
[  451.348824][T13331]        dio_complete+0x224/0x970
[  451.353873][T13331]        __blockdev_direct_IO+0x3027/0x3c40
[  451.359790][T13331]        ocfs2_direct_IO+0x263/0x360
[  451.365078][T13331]        generic_file_direct_write+0x19a/0x410
[  451.371254][T13331]        __generic_file_write_iter+0x11b/0x240
[  451.377435][T13331]        ocfs2_file_write_iter+0xbc4/0x21b0
[  451.383332][T13331]        iter_file_splice_write+0xa24/0x12e0
[  451.389334][T13331]        direct_splice_actor+0x192/0x6c0
[  451.394992][T13331]        splice_direct_to_actor+0x345/0xa30
[  451.400909][T13331]        do_splice_direct+0x174/0x240
[  451.406298][T13331]        do_sendfile+0xb06/0xe50
[  451.411259][T13331]        __x64_sys_sendfile64+0x1d8/0x220
[  451.416983][T13331]        do_syscall_64+0xcd/0xfa0
[  451.422018][T13331]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  451.428444][T13331] 
[  451.428444][T13331] -> #1 (&ocfs2_file_ip_alloc_sem_key){++++}-{4:4}:
[  451.437236][T13331]        down_write+0x92/0x200
[  451.442014][T13331]        ocfs2_try_remove_refcount_tree+0xa7/0x320
[  451.448533][T13331]        ocfs2_truncate_file+0xbba/0x17c0
[  451.454275][T13331]        ocfs2_setattr+0x1594/0x2560
[  451.459585][T13331]        notify_change+0x6d2/0x12a0
[  451.464797][T13331]        do_truncate+0x1d7/0x230
[  451.469757][T13331]        path_openat+0x2678/0x2cb0
[  451.474889][T13331]        do_filp_open+0x20b/0x470
[  451.479935][T13331]        do_sys_openat2+0x11b/0x1d0
[  451.485139][T13331]        __x64_sys_openat+0x174/0x210
[  451.490516][T13331]        do_syscall_64+0xcd/0xfa0
[  451.495565][T13331]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  451.501986][T13331] 
[  451.501986][T13331] -> #0 (&oi->ip_xattr_sem){++++}-{4:4}:
[  451.509823][T13331]        __lock_acquire+0x126f/0x1c90
[  451.515270][T13331]        lock_acquire+0x179/0x350
[  451.520296][T13331]        down_read+0x9b/0x480
[  451.524989][T13331]        ocfs2_calc_xattr_init+0x5e5/0xc90
[  451.530800][T13331]        ocfs2_mknod+0xa2b/0x2540
[  451.535828][T13331]        ocfs2_create+0x17c/0x460
[  451.540861][T13331]        lookup_open.isra.0+0x11d3/0x1580
[  451.546596][T13331]        path_openat+0x893/0x2cb0
[  451.551640][T13331]        do_filp_open+0x20b/0x470
[  451.556685][T13331]        do_sys_openat2+0x11b/0x1d0
[  451.561889][T13331]        __x64_sys_openat+0x174/0x210
[  451.567269][T13331]        do_syscall_64+0xcd/0xfa0
[  451.572301][T13331]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  451.578799][T13331] 
[  451.578799][T13331] other info that might help us debug this:
[  451.578799][T13331] 
[  451.589012][T13331] Chain exists of:
[  451.589012][T13331]   &oi->ip_xattr_sem --> &ocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE] --> &ocfs2_sysfile_lock_key[INODE_ALLOC_SYSTEM_INODE]
[  451.589012][T13331] 
[  451.608076][T13331]  Possible unsafe locking scenario:
[  451.608076][T13331] 
[  451.615514][T13331]        CPU0                    CPU1
[  451.620867][T13331]        ----                    ----
[  451.626219][T13331]   lock(&ocfs2_sysfile_lock_key[INODE_ALLOC_SYSTEM_INODE]);
[  451.633601][T13331]                                lock(&ocfs2_sysfile_lock_key[ORPHAN_DIR_SYSTEM_INODE]);
[  451.643411][T13331]                                lock(&ocfs2_sysfile_lock_key[INODE_ALLOC_SYSTEM_INODE]);
[  451.653307][T13331]   rlock(&oi->ip_xattr_sem);
[  451.657984][T13331] 
[  451.657984][T13331]  *** DEADLOCK ***
[  451.657984][T13331] 
[  451.666112][T13331] 3 locks held by syz.6.2726/13331:
[  451.671300][T13331]  #0: ffff88803235e420 (sb_writers#25){.+.+}-{0:0}, at: path_openat+0x1f0f/0x2cb0
[  451.680689][T13331]  #1: ffff8880572742c0 (&type->i_mutex_dir_key#17){++++}-{4:4}, at: path_openat+0x1534/0x2cb0
[  451.691120][T13331]  #2: ffff88805727a640 (&ocfs2_sysfile_lock_key[INODE_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_suballoc_bits+0x11c/0x4910
[  451.704914][T13331] 
[  451.704914][T13331] stack backtrace:
[  451.710792][T13331] CPU: 1 UID: 0 PID: 13331 Comm: syz.6.2726 Not tainted syzkaller #0 PREEMPT(full) 
[  451.710835][T13331] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  451.710860][T13331] Call Trace:
[  451.710872][T13331]  <TASK>
[  451.710885][T13331]  dump_stack_lvl+0x116/0x1f0
[  451.710927][T13331]  print_circular_bug+0x275/0x350
[  451.710985][T13331]  check_noncircular+0x14c/0x170
[  451.711047][T13331]  __lock_acquire+0x126f/0x1c90
[  451.711113][T13331]  lock_acquire+0x179/0x350
[  451.711142][T13331]  ? ocfs2_calc_xattr_init+0x5e5/0xc90
[  451.711181][T13331]  ? __pfx___might_resched+0x10/0x10
[  451.711227][T13331]  ? kasan_quarantine_put+0x10a/0x240
[  451.711284][T13331]  down_read+0x9b/0x480
[  451.711329][T13331]  ? ocfs2_calc_xattr_init+0x5e5/0xc90
[  451.711363][T13331]  ? srso_alias_return_thunk+0x5/0xfbef5
[  451.711408][T13331]  ? __pfx_down_read+0x10/0x10
[  451.711461][T13331]  ocfs2_calc_xattr_init+0x5e5/0xc90
[  451.711501][T13331]  ? __pfx_ocfs2_calc_xattr_init+0x10/0x10
[  451.711537][T13331]  ? __pfx_ocfs2_get_init_inode+0x10/0x10
[  451.711603][T13331]  ocfs2_mknod+0xa2b/0x2540
[  451.711642][T13331]  ? __brelse+0x7f/0xa0
[  451.711696][T13331]  ? srso_alias_return_thunk+0x5/0xfbef5
[  451.711740][T13331]  ? __pfx_ocfs2_mknod+0x10/0x10
[  451.711780][T13331]  ? srso_alias_return_thunk+0x5/0xfbef5
[  451.711826][T13331]  ? do_raw_spin_unlock+0x172/0x230
[  451.711870][T13331]  ? srso_alias_return_thunk+0x5/0xfbef5
[  451.711912][T13331]  ? _raw_spin_unlock+0x28/0x50
[  451.711949][T13331]  ? srso_alias_return_thunk+0x5/0xfbef5
[  451.711993][T13331]  ? srso_alias_return_thunk+0x5/0xfbef5
[  451.712036][T13331]  ? find_held_lock+0x2b/0x80
[  451.712083][T13331]  ? srso_alias_return_thunk+0x5/0xfbef5
[  451.712126][T13331]  ? do_raw_spin_unlock+0x172/0x230
[  451.712166][T13331]  ? srso_alias_return_thunk+0x5/0xfbef5
[  451.712209][T13331]  ? srso_alias_return_thunk+0x5/0xfbef5
[  451.712253][T13331]  ? srso_alias_return_thunk+0x5/0xfbef5
[  451.712295][T13331]  ? rcu_is_watching+0x12/0xc0
[  451.712345][T13331]  ocfs2_create+0x17c/0x460
[  451.712381][T13331]  ? __pfx_ocfs2_create+0x10/0x10
[  451.712415][T13331]  ? srso_alias_return_thunk+0x5/0xfbef5
[  451.712458][T13331]  ? srso_alias_return_thunk+0x5/0xfbef5
[  451.712501][T13331]  ? security_inode_permission+0xbf/0x260
[  451.712560][T13331]  ? srso_alias_return_thunk+0x5/0xfbef5
[  451.712602][T13331]  ? inode_permission+0x156/0x630
[  451.712643][T13331]  ? __pfx_ocfs2_create+0x10/0x10
[  451.712680][T13331]  lookup_open.isra.0+0x11d3/0x1580
[  451.712732][T13331]  ? __pfx_lookup_open.isra.0+0x10/0x10
[  451.712785][T13331]  ? find_held_lock+0x2b/0x80
[  451.712833][T13331]  ? __pfx_down_write+0x10/0x10
[  451.712881][T13331]  ? srso_alias_return_thunk+0x5/0xfbef5
[  451.712930][T13331]  path_openat+0x893/0x2cb0
[  451.712991][T13331]  ? __pfx_path_openat+0x10/0x10
[  451.713047][T13331]  ? __lock_acquire+0xb8a/0x1c90
[  451.713106][T13331]  do_filp_open+0x20b/0x470
[  451.713160][T13331]  ? __pfx_do_filp_open+0x10/0x10
[  451.713230][T13331]  ? srso_alias_return_thunk+0x5/0xfbef5
[  451.713272][T13331]  ? alloc_fd+0x471/0x7d0
[  451.713330][T13331]  do_sys_openat2+0x11b/0x1d0
[  451.713369][T13331]  ? __pfx_do_sys_openat2+0x10/0x10
[  451.713416][T13331]  __x64_sys_openat+0x174/0x210
[  451.713457][T13331]  ? __pfx___x64_sys_openat+0x10/0x10
[  451.713501][T13331]  ? srso_alias_return_thunk+0x5/0xfbef5
[  451.713549][T13331]  do_syscall_64+0xcd/0xfa0
[  451.713590][T13331]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  451.713626][T13331] RIP: 0033:0x7f90d518efc9
[  451.713653][T13331] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  451.713688][T13331] RSP: 002b:00007f90d60e8038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  451.713720][T13331] RAX: ffffffffffffffda RBX: 00007f90d53e5fa0 RCX: 00007f90d518efc9
[  451.713744][T13331] RDX: 0000000000000042 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  451.713767][T13331] RBP: 00007f90d5211f91 R08: 0000000000000000 R09: 0000000000000000
[  451.713789][T13331] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  451.713811][T13331] R13: 00007f90d53e6038 R14: 00007f90d53e5fa0 R15: 00007ffd2c770f78
[  451.713847][T13331]  </TASK>
[  452.175831][ T9642] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  452.297035][ T8046] ocfs2: Unmounting device (7,6) on (node local)
[  452.367400][T13343] loop1: detected capacity change from 0 to 32768
[  452.378247][T13343] ocfs2: Slot 0 on device (7,1) was already allocated to this node!
[  452.389607][T13343] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  452.458910][ T5835] ocfs2: Unmounting device (7,1) on (node local)