last executing test programs:

6.451119348s ago: executing program 4:
syz_open_dev$evdev(&(0x7f0000000180), 0x0, 0x0)
ioctl$HIDIOCINITREPORT(0xffffffffffffffff, 0x40004580, 0x0)
r0 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010102090000402505a8a44000010203010902"], &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$printer(r0, 0x0, &(0x7f00000011c0)={0x34, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001180)={0x20, 0x0, 0x1}})
syz_open_dev$char_usb(0xc, 0xb4, 0x0)

5.157127462s ago: executing program 0:
syz_mount_image$btrfs(&(0x7f0000000000), &(0x7f00000015c0)='./file0\x00', 0x0, &(0x7f0000002880)={[{@clear_cache}]}, 0x0, 0x559e, &(0x7f0000005680)="$eJzs3X9sVeX9B/BzWwoN+C39jhUYfxAgBoMkyJYtjqB4MQa24eKlgsKcCEQlBivYRDcYqUWSZcaghU4EF5GQaDJjscM/FMywy7CMZfzY5hZjs4JSaZZsAzVrHDG69N77XO49l9tembNOXy/SnvPcz3me+9yT88d9X/qcGwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAURUcSc9+d0f3i0ZE1X77/Hz+e+OjGn4zfvX/roVvu23T/gjMjbto5a1nf+mlN8zdsbDjS/PS+ObdGUSLdL5Htf9u136q/88bbvlsdBly+MLOtrS31lJmuJzON4QUP9vcr/FkRRVFVbIDK7PbV7E5FwQC53cbiAQf0Tuui6O7J8ya1dT01bklyYU/xS6df9VBPYKhkr6ue89dSMv27InZErp136SUKLtFM//gF96m8CADgY5mZSm9yb0ezb3Fz7eZ4PdZOxtotsXZ4h9CS37gYmXGHl5rnpHh9iOaZzESFESXnGatnz3+unYr3j7VjUeNjzLPw0GykqS41z7Wx+lDNEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCzZOzxo2tWtD2y575fdtQceff9OVc+8KWOw22LT4y8eunKHWum/HTWsr7105rmb9jYcKT56X1zbo2i2nS/RKZ74kTL5b9NjZ3fvXfcG427n6vpq8yOG7bD8g6OXg87s0ZH0cq8Sk8Y9q81UZQqLKSb0Y7iwl3pnW+HAgAAAJ8nX0n/rsi1M3GwqqCdSKfJRPpfkAmL77Quiu6ePG9SW9dT45YkF/Zc/HipEuMlLzherl17/ieRF4xD/I2Pd74eDm0sGmdg8RHjef7SMWPefmty/eSvT5v7xA3PjOru+r8nZ2xJ/bGu5oUrru+tf/a6ovxfO3D+D2dO/gcAAOA/If/HxxnYYPn/jqVTt7z+i2Grft3a8MTB+h1/bv3OMzsXneq54Ud9L09N3v7o1UX5f1LBUxbl/zDjkP8roovL/wAAAPBZ9t/O/8micQY2WP5vONM3+wcHX6vr+PucxXt+9dAVi8+e/tv8U7t3DV9zR8v6uoeuLMr/M8vL/8Pypx0e/F2Y8OrRUTSz/JMKAAAAFAj/737+o4WQ1zOfHMTz+rX/vKp5380ffPMbD97zpzff/s2xA7MnrdteN/PgyzfVf1j5ve3dRfk/WV7+r/p0Xi4AAABQhuePrpw773jPucfPvtB18vDu3pMznjyzrqnvdOslLatXbTr2WlH+T5WX/0cMzcsBAAAALuDeO59bsfnVl/oe2H/X2Ck9FVc1XpK4ZduOqU0TPuq8tPfy7VuL8v/y8vL/yOw2u/Ih06kz/BVC6+goqu7fWZspHIparskVAAAAgE9IyOlbP1ixbOzOsb3jj59+rObQG4dn/2Vt55yN13RXdW/uXNZ4WdH9AkJiL3X//3Cng7D+v+D+f0Xr//MKmbv+zXZjAAAAAL6Iitfzh9vjZ765oNT375e7/n9J3cQTiba33lv11XMHzo1ZsP/7129aV9/be8+El37/wz9M/6i6KP83l5f/K/O3n+T3/wEAAMBF+F/7/r+lReMMbLD7/zdV9DWsWrd3+uota7csTCw7UH3qwdV731+w5l9Tb36+qea6A0X5v6W8/B+2o/JfXkc4P5tGR9H4/p3s3QR/Hqa7OlZor8orZE58rMeNoUe20D4ir5C2Ntbja6OjaHL/TnOs8P+h0BIrnK3JFnbFCsdCIXs95Ap7YoWOcKVtq8lON154MRSyCyzawwqKUbklEbEe75Xq0V+4YI+u3JMDAAB8oYTwnM2yVYXNKB5l2xODHTBysAMqBjugcrADhsUOiB9Y6vFoeWEhPH575yMbNjVMSb7y8NzHfvbms40T9j1+WV3v5g9f2XbvxJ3TW6YW5f9d5eX/cCqGZzal1v9HYf1/9nsNc+v/l4dCbazQHgqp+B0DUuE5MmH34fActalsj7PjcwUAAAD4XAufC1QO8TwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/s3evcdJVd0JAj/d9INumqaNE9GMk3TUgGakaWwNw+AoaoxGRZpZddxkNBBoEGmE8FgFURtQZxziZ3ztrJnoCAoiu+qHGFeDwUhcxIw6iWLiA/Cxjq7r+h6VGM2E/XTfOkXVrS67EFDa+X7/6DpVv/O89eg69946FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/xjuPfjlk4YunP0PHzace8nqqqmL/kfH6Mv+cNW3vvjUPy5b9G9h/i9GnLll3kEXHjd/wbR/6Vi++ogzQmjtKleWFC977oqvPtS613HP3jFw48wbb63fUpWpNxMP/Tr/lGfuXBxbfbF/CHeXhVCRDgypSwKVmft1sb5960LYI2wLZEu01SYl0g2HB2pCWBK2BbJVra4JoS4ncMqG+++7vDNxTU0IXwkhVKfbeKY6aaMmHRhUlQRq04HpFUngt1sT2cBPypMA7LD4Zsi+6Fe15mdo6L5ckddf5U7r2KcrPbw+MdFQPN/rR+3iTuWoSj/QukNPW0F17BIFb4+13m294N1WsJ2v8LTlfpHKfEPZui1UHcontk0aP6d9dnykPDQ19SlW0y56np9+e/6E7Un3mtdh7EDDTnkdXvrYiun9lo2+9OrNvxqz4ayaA3a0m0/lbNLc9K5WHTKvuV7zPEajfJ70grdfwbekRl+6Qghbzz17xtfnTDz7iD63PLnu1QcfrNty9pwFvzhz4nmLLj55w7/Pf6lg/t/w0fP/+HKOt+V5uWOrH9Ync/P4SF1MvFmfzM0BAACg1+gNe01Xnv/6X73+/bWtMxed/u23Dj73w71afz3i/gFVB7yxrqn1/I2ff6Vg/t9Y2vH/eMi/Lne0a0MY1ZVYNCCEvbseTwIrY3e+OyCEL3elWvMDR6UCa0PYpytxULaqVIm+sURjKvByfSYwKhVYHwOtqcDyGLgiFbg4BlalAhNiYG0qcHQMhCn54/hqfWYcJQdqYmBcshFXxbMQ3qmPraW21aZsVQAAADtJZnZYmX8351yHHc0Qp5eranrKEM/ALpqhOlVDegabnVYVraGipxrKe6ohO+6Ojx5+Qc1lPdVccBpGWX6GG9f85X2LXjzsC2P3mvj5xUMvmPKz8eGst++uerx5yYtv7XvEzesK5v/NHz3/r+6mI2UFx/9DGNv1N+Yuz0Tas/FxrXkZAAAAgB1w0R//xR61Lw85oGHT+2X3zl/7xKMrfrl5j1NOf3/c8a//8PCaxnsL5v+jSjv/P+4T6ZOTOTwSd0NMHRBCc34gqXZkYSA56t0vEwAAAIDeIHs8PnssfErmNjlFOz2fLszfup3544H/Ud3m//09/7P2jq3/+mLZBd89d0TNgKX/9GrHhBNOPvqW47/1zj4VB/yyvGD+31ra+f+1+bdJJ9bHXlw9IIS+OYEHYy87A10aY+D5I/MDmfGvjxtgcawqc2JCtqrFscS4GGhOBZYUK/FotsTe+YHMk5VtfFF2HFMyJXICAAAA8ImLuwPicfl4/n/LGSNO++vvzfrbha88eN7qCy75q+Ed80eedP/THzbMvXJp2PTmEQXz/3Hbd/5/1zy44PT+9n4hDK0IoU/6hwGP1CYLA8ZAXVkmcW9tUlefdFULa0MY2TmwdFUvZNb/r0ivMfh4TVJVDOy93y1vD+pMLKsJYWhu4IlvLz2sMzEnFcg2flpNCF/qHG268bv6Jo1Xphu/tm8IX8wJZKua0DeEzsaq0lX9r+rMdQzSVa2qDmHPnEC2quHVIcwNAPRW8X/pxNwHZ82dN3V8e3vbzF2YiDvxa8KkKe1tTROmt0+sLtKniak+561jtKBwTKVe+mZTZo2ixSsnV5aSzv5QsDm3rcyO/IIzBzP345ehyq5xHlKZd7clPeQD9y9sIuR8lSo25PJdPOTa3Eq2PYkF9cf8VaFf6DtnVtvMpvPGz549c1jyt9TshyR/43GmZFsNS2+r2u76VsLLo+hyWSkfd1sNyq1k6OxpM4bOmjtvyJRp4ye3TW47p+XQP2sZMXz410YM7RxUc/K3h5EO6q7m1Ei3Li1xWDtxpF+oyKnkk/jQkJCQ6G2J/f7L5odH77n+nOt/9tqPz+/3zdPu3fvImT889KqpD1Xve/ji24ccWDD/n/HR8//4qRM/+DPrMxQ7/t8QD/Mnj287zD8uBpaUevy/odjR/OyJAY2pQEcMdDjMDwAAwGdD3B0Z92bGndKbb1m/buOSlrk/aHin5dY17Utvuum+U39y58ATvjQ47LXhuhM+VzD/7yjt9/87af3/7NL1JxRb5v+gWKK52Pr/6WX+s+v/dxRb/z+9zH92/f8ln8L6/3OygdQmecf6/wAAwGfBJ7f+f4/L+6cvEFCQocfl/dMXCCjI0OMy/qVeIGC71/9f8+Bff6Wq35g7/qTlN/WXvPZ39xzWeuS6zTP/5Etb10+877qxt6wpmP9fUdr838L9AAAAsPv4z5ddU3H02Xff0bJu6sZxbw5+98m3lgzq80HF0Q+3j3xh4Bu3nlcw/19S2vz/k1//LxQ7/7+xWKC12MKA1v8DAACglyq2/t89Q1sa/zCm/x+eHvab5Q/ePPqnj/z898v3+/mJPyvfZ8Gxz8+8bFLB/H9VafP/eNpFeV7u2JsP65M17UJ6Tbs367M/GQAAAIDeoTw0NVWWmDdvYdSjPn6bT2eWAv2odK7vvXLt2ZtfmH7c46ev+7uaEwbvOWHaBasa/2b4gXd+ftQley7ddGrB/H9tafP/vN9lXPrYiun9lo2+9MOrN/9qzIazag7YdvwfAAAA2HVK3S8BAAAAAAAAAAAAAAB8+s7tWHzhI8uOfe+bt//F/kcseXXwbXcd+Lsh/V664qoHJq1648zJXy/4/X8Y21Wu2O//43X/4u8L/igvd2y15/X/MvdPOfH2uV1LFj5SH8L+uYGpC6fuETLX5h+cG7jvjIMGdiYWpkusefbolzoT30kHjh/yuS2dicNTgXFxkcR90oF4VcUt/VOBuLzi4+lA3B6r0oGqTOCy/sk4ytLb6pW6ZFuVpbfVxroQBuQEstvq7rqkjbL0AK9JBbID/F46EAd4ciZQnu7V7f2SXsVAXSx6Q7+kVwAA7Lbit8DKMGlKe1tz/Aofb79QkX8b5S1ZtqCw2rISm9+UWZps8crJlaWk+6S/i2671nhlqO4cwrCCr6u5Wcq6Rrlzaulh0/1RkSH3tNpbeZFyadu76aqKj6gmGVHThOntEyt7HHhLz1kOqegxy7CCyU5ulvKuTVpCLSX0pYQRlbhtSuhyvF8empr6pHL9eQw2hDw9vSJK/b1+7jp/xV4FuXluO/TKt758zE+f++CfP/9E/2+cVnP7rO+/e+KvX7//wEOOuG5C05otBfP/htLm/9W549qSuRhAR7yy3sgBIYwrcUQAAADw2XfbRbfecfr09a9MWlvx5GOPTS0fc3rl1vl3zp93ycZ7Fx9/2cErdjR+2Fm//f5vBu//b89e9dJPR+7zwA03/58nD3v8z3//8I8eeqduZZ+x7xXM/xtLm//HPViZQ8HJ3o618fr/iwaE0HVp/YYksDIO97sDQvhyV6o1lkguqH9CLNGcBFbGHSYHxRLjWvOr6hsDq1KBl+szgbWpwPoYyOyluCVkduVcWR/CYV2psfklZsQSDanAmBhoTAWaYqA5FegfA6NSgdf6ZwKtqcDDMRCm5G+rH/fPbCsAAIDtkZlnVebfDel53qqKnjKU9ZShtqcM5T1lqO4pQ7FRxPt3xAyVqZNXynIyVaZrrUnVUpAhXgx/u/tVkCE8mp8zXbCg6Xj+QfZ8g7L8DFf+4NlT1w+e/tDqzcd8beBt/zhkz4Obp9e9t+CGp3475pzrnv/TQQXz/+bS5v+1+bdJ6+vj/H/b9f+SwIOxe1fHU8cbY+D5I/MDmR0D6+Nkd3G2qtZMicykfXEsMSoGGlOBGTEwKhUYNzYTWDIwP5CZaWcbX5RtfEqmRE4AAAAAPnFxB0HcTRPn/zce9YOr3x8wccuyeTPvH9vyxMmjv3H1XT+6d/9ld767YvCAce99p2D+P6q0+X9sr19uYxfH3rzYP4S7y7b1JhsYUpcE4n6Muvjz+H3rQtgjZwdHtkRbbVKiKtVweKAm+YV6Vbqq1TXJGgPx/ikb7r/v8s7ENTUhfCVn70u2jWeqkzZq0oFBVUmgNh2YXpEE4p6fbOAn5UkAdlh2r2B8QWVOdclq6L5ckdffZ+WaoOnhFewD7SZfd7+52lWq0w9k9qlmbd/TVlAdu0TB22Otd1tvfLc1eLflfpHKfEPZui1UHcontk0aP6d9dnwk95esBXbR85z7K9VS0jvhddjx8Xvbs+p0B5pTHx/N3Zfr/nVYFqu79LEV0/stG33p1Zt/NWbDWTUHlNyNIuIPhX+05X9XPpWzeXe16pB5zfW6z5NWnye98d9Ao6cthHDZ9cfsu+TdX+/33A3Pnbqu7Maxr/7lrHs2Lf+bysNHrXv/yaGjLy+Y/7eWNv+vSN12+V3cmLMGhHBgzsZ9JG7+YwYkn4M5geRTcs/CQHLI/V/ri35yAgAAwM6W3d2R3V8wJXObnBCenicX5m/dzvxxf8WobvOX2u9j121cedLQN6474G8vOPGNv7/28Kceuv6ysnXL//vYD1avuXzxe08UzP/HffT8v2+qm47/O/7PLuL4f7d2913RfdMPdOzQruiC6tglHP/v1u7+bnP8v1uO/zv+3x3H/3vg+H+3dvenreBb0gxfujonwdff+fPfTbzpg7mN+x180lPPHDrxun+6quXuu0555b+de9601761uWD+P6O0+b/1/7pftC+7/t+4Yuv/zSi2/l+H9f8AAIBdqshCc+l5XsHqfQUZ0qv3FWTocYHAHpcYtP7fdq//t3Dkv1904Q+fb7n2nTvHXb5m07Fnvvr0utXPzFpx3Lnnv9V6112tBfP/jtLm//Hl0C+39d6y/l/j2CJVXREDMywMCAAAwO6o2A4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPl2HnvbO+5d8/R/aBv1ixc1/f+v/+7/P1q594JvfuGn4L6f86RllazZcM+LMLfMOuvC4+Qum/UvH8tVHnBHClK5yZUnxsueu+OpDrXsd9+wdAzfOvPHW+i3VmXorM7d/nJc7tvphfQhLch6pi4k36zvvbAuccuLtcys6E4/Uh7B/bmDqwql7dCaW14cwODdw3xkHDexMLEyXWPPs0S91Jr6TDhw/5HNbOhOHZwJl6e5e1z/pblm6u5f3D2FATiDb3bP751eVbeO4TKA83caKuqSNGKiLRa+tS9qIgfZYYkrfEIZWhNAnXdU/VydV9UlXdU91UlWfdFUXVYcwMoRQka7quaqkqor0yB+tSqqKgb33u+XtQZ2JpVUhDM0NPPHtpYd1JmamAtnG/1NVCF/qfMmkG/9xZdJ4Zbrx/1oZwhdDCFXpEu9VJCWq0iVeqAhhz5zAto1YEcLcwGdD/PSZmPvgrLnzpo5vb2+buQsTVZm2asKkKe1tTROmt0+sTvWpmLKc9NYFH3/sm96eP6HzdvHKyZWlpCsy5Sq7unxIZd7dlt2997FftbmVbHs+CuqP+atCv9B3zqy2mU3njZ89e+aw5G+p2Q9J/vbJRJNtNay3bKtBuZUMnT1txtBZc+cNmTJt/OS2yW3ntBz6Zy0jhg//2oihnYNqTv7ujJEu/eRH+oWKnEo+ife/hIREb0uU5326Ne/un+MFX/S3dbQyVHd9QBdMK3KzlHWNcmcM+qiPOeKP8zWlxxENK5g4FGQ5pOcsLQWTiW1ZapIsXV/rCiaHuTWVd23SeL88NDX1KbYdGvLv5m7e13dg8z6d2XSlpgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCwAAAAAIMzfOoyeDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAA//8fSxmR")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdirat(r0, &(0x7f0000000040)='./bus\x00', 0x0)
mkdirat(r0, &(0x7f00000002c0)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})

5.106606264s ago: executing program 2:
syz_mount_image$btrfs(&(0x7f0000000100), &(0x7f0000005140)='./file0\x00', 0x816, &(0x7f0000000140), 0x1, 0x50ed, &(0x7f0000005180)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTsT3573JENYvrOR3E/wmHm5XUpgfKxQ6WkmPbbFHXpgfLxQ65pIemydDeHBhZX9S+H8stJPClbV54UhSOB0L+fnQLRxLCifimfb52ny6aeH7WMgvsJiPV1Cs6V4SkfS42q/HQuGGPc52Dw4AAHBPieE5z7Jjvc2QRtn52qAdVg/aYWTQDvVBO4wmO6Q79tseZnsLcXv7zMalPf//yHD5P74Vq7JFv+v/Q7z+P3+uYff6/9lYaCSF+VhopXcMaMVjZGH343iMRivvcWV9twAAAAB3tfi9QH2F5wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAP+zda4xc1X0A8LPP8T68XkiqEBolm6TGcROv1zaQqKXKmlI1IqVZNxRURRQbe00WL9ixTYlRiIxNRCMEpQ1S8qEIoyiq+QC1AhFJAeEixREqj4iqKIBAoTVEQaSUJCJNkEI1e++ZvXPuzsOPNV76+0neOTP/87zz8Jx775wLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD/w8GvXPO3zeKP/va8Z1+4ePyKPWsvfvW68059MoSJmcc7snBH/423j//87nPv2fPA6jvuO3z+R3vzcnk8DFT/dOZ3boi1Hl4cwv0dIXSngRWDWaAnvz8Y63vfYAinhNlArcRkf1YibTh8vy+EfWE2UKvqe30hDBYCFz71yMM3VxO39YWwNIRQSdt4vpK10ZcGzujNAv1pYGt3FvjVW5la4LudWQCOWXwz1F70BybqMwzPXa7B66/nuHXs7ZUOrysmhhvn+9naee5UQW/6wMQxPW2l6pgXpbfHQe+2BfBuK23nWz1txS9S+TeUt2ZDldC5aXLzhqund8ZHOsPoaFejmubpeX7m9S9tPJL0gnkdxg4MH5fX4S1PLL27a/kFj9+3YunL+z+295Vj7eaPCpu0mJ5vlZC/5hbM8xiN+zxZAG+/0rekEV+6QgibP/97n2kWL83/h5vP/+PLOd521uWOtb45lM3N4yODMfHaUDY3BwAAgAVjIew13Tr60Cea1Vea/4+0d/w/HvLPJ/PZaA+GMD6T2LskhNNmHs8Cd8XmLlsSwgdnUhP1gbVJ4GAI751JLK9VlZRYFEuMJIGfDOWB8SRwKAYmksC3YuDWJHBDDBxIAhtj4GASODcGwlT9OH5/KB9H24G+GFifbcQD8SyEXwzF1pJt9VytKgAAgOMknx321N8tnOtwrBni9PJAX6sM8QzshhkqSQ3pDLY2rWpYQ3erGjpb1VAb9+7mwy/V3NGq5tJpGB31GW7/5d98NjRRmv+PNZ//V+boSEfp+H8I62b+xtydeWS6Fl8/UZcBAAAAOAYD//viN5vFS/P/8fbO/4/7RLoKmcNjcTfEliUhjNUHsmr/sBzIjnoP5AEAAABYCGrH42vHwqfy2+wU7XQ+Xc4/cYT544H/8Tnz9x58cH2z/pbm/xPtnf/fX3+bdeJQ7MXXloSwqBD4QexlNTBjJAZ+/Mn6QD7+Q3ED3BSryk9MqFV1UyyxPgbGksC+RiV+WCtxWn0gf7Jqje+tjWMqL1EIAAAAwAkXdwfE4/Lx/P8P/Wb1Nc3Kleb/64/s/P+ZeXDp9P7pgRBWdofQlf4w4LH+bGHAGBjsyBMP9Wd1daVVXd8fwjnVgaVVvZiv/9+drjH4VF9WVQyc9qH9r59RTXyzL4SVxcDTn7vzrGpiZxKoNf6XfSF8oDratPHvLMoa70kb//qiEN5fCNSqumxRCNXGetOqHqnk1zFIq/rnSgjvKgRqVZ1dCWFXAGCBiv+Vbio+uGPXtVs2TE9Pbp/HRNyH3xc2T01Pjm7cOr2p0qBPm5I+1y1jdH15TO1e+ea5fImii+5dN9hOuvY7wbFiW/l+/NKJg/n9+F2oZ2acq3vq7q5Jh/yRD5ebCIVvUo2G3DnPQ+4vVjL7JJbqj/l7w0BYdPWOye2jX9ywc+f2VdnfdrOvzv7Gw0zZtlqVbqv+ufrWxsuj4WpZiaPdVsuKlazceeW2lTt2Xbti6soNl09ePnnVqrNXj505tmbs42eurI5qLPvbYqjL5qo6Gepbd7Y5ruM41NO7C5WciE8NCQmJhZbYOrCs6f/Jpfn/tubz//ipEz/58/UZGh3/H46H+bPHZw/zr4+Bfe0e/x9udDS/dmLASBLYHQO7HeYHAADgnSFO8uPezLhX+qfLv/Nys3Kl+f/u9n7/f5zW/68tXX9+o2X+l8cSY43W/0+X+a+t/7+70fr/6TL/tfX/970N6/9fXQskm+QX1v8HAADeCU7c+v8tl/dPLxBQytByef/0AgGlDC2X8W/3AgFHvP7/8//5V/8dmijN/29tb/5v4X4AAAA4eXz5z675nWbx0vx/X3vz/xO//l9odP7/SKPARKOFAa3/BwAAwALVaP2/4Rv7L21WrjT/P9De/D+edtFZlzvW+uZQtqZdSNe0e22o9pMBAAAAWBg6w+hoT5t561ZGXXv0bT6TLwXaLF304p8cPrLz/w+2N/+v+13GLU8svbtr+QWPv3nfiqUv7//Y3ldmj/8DAAAA86fd/RIAAAAAAAAAAAAAAMDb78X/2LOmWbz0+/+wbubxRr//j9f9i78veHdd7lhr6/X/8vsXfvqeXTNLFj42FMKHi4Ete7acEvJr8y8rBh6+ZPl7qok9aYkHXzj3pWri0jTwqRWnvlFNnJME1sdFEt+bBuJVFd9YnATi8or/ngbi9jiQBnrzwFcXZ+PoSLfVTwezbdWRbqtnB0NYUgjUttX9g1kbHekAb0sCtQF+IQ3EAf55HuhMe3XPQNarGBiMRe8YyHoFAMBJK34L7Ambp6Ynx+JX+Hh7enf9bVS3ZNn15Wo72mz+uXxpsovuXTfYTror/S46e63xnlCpDmFV6etqMUvHzCiPTy0tNt27Gwy51WpvnQ3KpY500/U2HlFfNqLRjVunN/W0HPia1llWd7fMsqo02Slm6ZzZpG3U0kZf2hhRm9umjS7H+51hdLQryfUHMTgc6rR6RbT7e/3iOn+NXgXFPFcd3vurZvWV5v/D7c3/K8VxvZFfDGB3vLLe3y2xzD8AAADMr6+u/fU34r/P3vjo083ylub/I+3N/+MerPxQcLa342C8/v/eJSHMXFp/OAvcFZu7bEkIH5xJTcQS2QX1z48lxrLAXXGHyfJYYv1EfVWLYuBAEvjJUB44mAQOxUC+l2J/yHfl/P1QCGfNpNbVl9gWSwwngc/EwEgSGI2BsSSwOAbGk8Cri/PARBL4txgIU/Xb6t7F+bYCAAA4Evk8q6f+bkjneQe6W2XoaJWhv1WGzlYZKq0yNBpFvP/tmKEnOXmlo5CpJ621L6mllCFeDP+I+1XKEH5YnzMtWGo6nn9QO9+goz7DA5/oroQmSvP/sfbm//31t1nrh+L8f/b6f1ngB7F7X4unjo/EwI8/WR/IdwwcipPdm2pVTeQl8kn7TbHEeAyMJIFtMTCeBNavywP73lMfyGfatcb31hqfyksUAgAAAHDCxR0EcTdNnP/fseMrA83Kleb/4+3N/2N7A8XGboi1Hl4cwv0ds72pBVYMZoG4H2Mw/jz+fYMhnFLYwVErMdmflehNGg7f78t+od6bVvW9vuzHB/H+hU898vDN1cRtfSEsLex9qbXxfCVroy8NnNGbBfrTwNbuLBD3/NQC3+3MAnDMansF4wsqP9WlZnjucg1ef++Ua4KmwyvtA50j31y/uZovpR2u+T7VmiN72pruv+W4Kb09Dnq3LcR327B3W/GLVP4N5a3ZUCV0bprcvOHq6Z3xkeIvWUvm6Xku/kq1nfRxeB3uPvretlZJOzCWfHyMzV1u7tdhR6zulieW3t21/ILH71ux9OX9H9v7StvdaCD+UPiR6/518EeFzTvfKiF/zS24z5MJnycL8b+BEU9bCGHdq1+/qVm8NP+faG/+353czvh13Jg7loTwkcLGfSxu/j9ekn0OFgLZp+S7yoHskPt/DTX85AQAAIDjrba7o7a/YCq/zU4IT+fJ5fwTR5g/7q8YnzN/u/3u/+tLljaLl+b/65vP/xcl3XT83/F/5onj/3M62XdFL0of2H1Mu6JL1TEvHP+f08n+bnP8f06O/zv+PxfH/1tw/H9OJ/vTVvqWtM2XrhDCy3/00LPN4qX5/7b25v/W/5t70b7a+n/rG63/t63R+n+7rf8HAADMqwYLzaXzvNLqfaUM6ep9pQwtFwhsucSg9f+OeP2/l05//jehidL8f3d78//4chgotr5Q1v8bWdegqltjYJuFAQEAADgZNdpBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwNvrgX/4n03N4o/+9rxnX7h4/Io9ay9+9brzTn0yhKmZxzuycEf/jbeP//zuc+/Z88DqO+47fP5HK3m5nvz2d+tyx1rfHAphX+GRwZh4bah6ZzZw4afv2dVdTTw2FMKHi4Ete7acUk18ayiEZcXAw5csf081sSct8eAL575UTVyaBj614tQ3qolz8kBH2t1/XJx1tyPt7s2LQ1hSCNS6e8Xi+qpqbfxpHuhM2/inwayNGBiMRb8xmLURA9OxxNSiEFZ2h9CVVvVoJauqK63qXypZVV1pVV+uhHBOCKE7reqF3qyq7nTkT/ZmVcXAaR/a//oZ1cS+3hBWFgNPf+7Os6qJLySBWuN/0RvCB6ovmbTxb/dkjfekjd/WE8L7Qwi9aYlfdmcletMSL3aH8K5CoNb457tD2BV4R4gfPnWfaDt2Xbtlw/T05PZ5TPTmbfWFzVPTk6Mbt05vqiR9aqSjkH7r+qMf+3Ovf2lj9faie9cNtpPuzsv1zHR5dU/d3TUne+9jv/qLlcw+H6X6Y/7eMBAWXb1jcvvoFzfs3Ll9Vfa33eyrs79deTTbVqsWyrZaVqxk5c4rt63csevaFVNXbrh88vLJq1advXrszLE1Yx8/c2V1VGPZ3+Mx1DtP/FBP7y5UciI+ACQkJBZaorPu023sZP8gL33Rn+1oT6jMfECXphXFLB0zozweg157lCM+mu8pLUe0qjRxKGVZ3TrLmtJkYjZLX5Zl5ntdaXJYrKlzZpPG+51hdLSr0XYYrr9b3Lw/O4bN+0y+6dpNAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwf+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwLAAAAAAgzN86jJ4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgUAAD//wNUIwc=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b70300000000000085000000830000"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, 0x0, 0x0)
sendto$packet(r3, &(0x7f00000000c0)="3f033608260812002c001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063", 0x3c, 0xa0c4, &(0x7f0000000540)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14)
ioctl$VIDIOC_S_SELECTION(0xffffffffffffffff, 0xc040565f, 0x0)
chdir(&(0x7f0000000400)='./file0\x00')
link(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='./bus\x00')
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r4)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x20081e, &(0x7f0000000040)={[{@nodelalloc}, {@grpid}, {@auto_da_alloc}]}, 0x1, 0x4ef, &(0x7f00000003c0)="$eJzs3U1vW1kZAODXzpeTyUwywywAAVOGgYKqOonbRlUXUFYIoUqILkFqQ+JGUew4ip3ShC7S/4BEJVaw5Aew7oo9GwQ7NmWBxEcEaiqxMLrXN6mb2k1oEjuKn0e6uvfcY/s9J849x36d+AQwsC5FxE5EjEbE/YiYys7nsi1ut7bkdi92Hy/u7T5ezEWzefefubQ+ORdt90m8lz1mISJ+9L2In+bejFvf2l5dqFTKG63i+Eyjuj5T39q+ulJdWC4vl9dKpfm5+dmb126UTq2vn1RHs6MvP//Dzrd+njRrMjvT3o/T1Or6yEGcxHBE/OAsgvXBUNaf0X43hHeSj4iPIuLT9PqfiqH02QQALrJmcyqaU+1lAOCiy6c5sFy+mOUCJiOfLxZbObyPYyJfqdUbVx7UNteWWrmy6RjJP1iplGezXOF0jOSS8lx6/KpcOlS+FhEfRsQvxsbTcnGxVlnq5wsfABhg7x2a//8z1pr/AYALrtDvBgAAPWf+B4DBY/4HgMFj/geAwWP+B4DBY/4HgMFj/geAgfLDO3eSrbmXff/10sOtzdXaw6tL5fpqsbq5WFysbawXl2u15fQ7e6pHPV6lVlufux6bj6a/vV5vzNS3tu9Va5trjXvp93rfK4/0pFcAwNt8+MmzP+ciYufWeLpF21oO5mq42PL9bgDQN0P9bgDQN1b7gsF1gvf40gNwQXRYovc1hYgYP3yy2Ww2z65JwBm7/AX5fxhUbfl/fwUMA0b+HwaX/D8MrmYzd9w1/+O4NwQAzjc5fqDL5/8fZfvfZh8O/GTp8C2enmWrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4HzbX/+3mK0FPhn5fLEY8X5ETMdI7sFKpTwbER9ExJ/GRsaS8lyf2wwAnFT+b7ls/a/LU59NHq4dzb0cS/cR8bNf3f3lo4VGY+OPyfl/HZxvPM3Ol/rRfgDgKPvzdLpveyP/Yvfx4v7Wy/b8/bsRUWjF39sdjb2D+MMxnO4LMRIRE//OZeWWXFvu4iR2nkTE5zv1PxeTaQ6ktfLp4fhJ7Pd7Gj//Wvx8WtfaJz+Lz51CW2DQPEvGn9udrr98XEr3na//QjpCnVw2/iUPtbiXjoGv4u+Pf0Ndxr9Lx41x/fffbx2Nv1n3JOKLwxH7sffaxp/9+Lku8T87Zvy/fOkrn3ara/464nJ0jt8ea6ZRXZ+pb21fXakuLJeXy2ul0vzc/OzNazdKM2mOeqb7bPCPW1c+6FaX9H+iS/zCEf3/+jH7/5v/3v/xV98S/5tf6xQ/Hx+/JX4yJ37jmPEXJn5X6FaXxF/q0v+jnv8rx4z//K/bbywbDgD0T31re3WhUilv9PJg/4VET4M6uAAHyW/NOWhGx4Pv9CrWaPxf92o23ylWtxHjNLJuwHlwcNFHxMt+NwYAAAAAAAAAAAAAAOioF/+x1O8+AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcHH9LwAA//89fM7W")
unlink(0x0)

4.406552392s ago: executing program 1:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff)
r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r2 = openat$cgroup_type(r1, &(0x7f00000001c0), 0x2, 0x0)
write$cgroup_type(r2, &(0x7f0000000280), 0x9)
r3 = openat$cgroup_procs(r1, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0)
write$cgroup_pid(r3, &(0x7f0000000c40), 0x12)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r5 = openat$cgroup_ro(r4, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0)
write$cgroup_int(r5, &(0x7f0000000200)=0x1, 0x12)
r6 = openat$cgroup_procs(r0, 0x0, 0x2, 0x0)
write$cgroup_pid(r6, &(0x7f0000000080), 0x12)

4.385675806s ago: executing program 3:
r0 = msgget$private(0x0, 0x0)
msgrcv(r0, 0x0, 0x0, 0x0, 0x0)
msgctl$IPC_RMID(r0, 0x0)
syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0)
mlockall(0x1)
lgetxattr(&(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0)

3.85042133s ago: executing program 0:
syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f0000000080)='./bus\x00', 0x200000, &(0x7f00000013c0)=ANY=[], 0xf, 0x6b3, &(0x7f00000000c0)="$eJzs3c9vHGcdB+DPrNdbb6iC0yZthIqIEqkgRSR2rBTChYAQyqFCVTlwthKnsbJxKttFboXABQQnJA79AwqSb5yQuAeFc7n1anGqhMQl4hBxMZrZWXvtXf+I7dgxPE80ft+Z95133vnOzDs741gb4P/WrctpPkqRW5ffXirnV1emOqsrUy/VxZ0kZb6RNLtJirmkeJzcLMuLvil96YBPZm+8+/mT1S+6c816quo3dlpviCF1l+spF5KM1Omg0b1uYlN7t5O8PFCltde2NlUsg3apTuHYrQ1Y3qH2P05vWfAs1y3wgundnYrufXPAeHIqyVj9OSD16NA4uh4+HzuNcgAAAPC/4rOHx90DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOHnq7/8v6qlRp7mQovf9/63esjp/oj067g4AAAAAAAAAwCH42tM8zVJO9+bXiup3/hermbP5z1rypXyQhcxkPleylOksZjHzmUwy3tdQa2l6cXF+cn3N0vA1rw1d89pR7TEAAAAAAAAAnGDtbUt+mVsbv/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAXQZGMdJOsJTm7XrDcaHYXp1XNJn/v5U+IYtjCR0ffDwAAADiQsX2s8+WneZqlnO7NrxXVM/9r1fPyWD7IXBYzm8V0MpM79TN0+dTfWF2Z6qyuTD0op8F2v/evZ+pG1WK67x6qLa8/rPe2fL6q0c7dzFZLruR2VedOGtWapfO9/gzv18dln4rv1gb60Bzas2Yd1nJjv9/uLcKheNZXEeN1l3sRmaj7VkbjTDcCRfWiJtkaiV2PTnPrltLI6PqWJtNYf/Nz9kAxH+5UnZb785vnGvMdLA9buB6JRqpIXOs7+17bORLJ1//yp5/c68zdv3d34fKx7NJ+jGyzvI5E7wzLVF8kXj/RkRg+DmxvoorEufX5W/lhfpzLuZB3Mp/Z/DTTWcxM9T61NF2fz+XP8Z0jdXPT3Du79aRVH5fuMdtLny7kB1VuOherdU9nNkUe5k5m8lb171om861cz/Xc6DvC57btd7Vv1VXf2HrV9470X4d2/tI36kw7yW/rdCAGteW1ru3OzsPSHfvLuJ7pi2t3JHyyXutM39g40RelV3rRGR3a+H7GxuZX6ky5jV/V6YthvI5EeQH17hK93r3ajUSzuhcNnud/qK6Nhc7c/fl70+9v0/7WAfnNOi1Pq5Wv7rWXww/F4SrPl1cyVo8km8+OsuzV8kCObC2brMrOro9AjYGyc1VZUfSu1B9te6W26s9wgy1dq8peH1o2VZWd7yvb9HkrD9PJnSOIHwAHNJ5TrfY/25+1P23/un2v/fbY91/69ktvtDL6t9HvNCdG3my8Ufw5n+bnG8//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/i18+NH96U5nZn54prF90S6Z3VrekinqL/TZ17YOMdNKchjtjG1tZ7RccOS70951d9Z+kRx5nHtfIji8zu/KTDN7afDmbnU+3lcPG0mO9zw8usxIhp8AxzwwAc/d1cUH719d+PCjb84+mH5v5r2ZudHr129M3Lj+1tTVu7OdmYnuz+PuJfA8bNz0j7snAAAAAAAAAAAAwF4N+8OAiy8fxt/AtPzPQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBQ3Lqc5qMUmZy4MlHOr65Mdcqpl9+o2UzSaCTFz5LicXIz3Snjfc0V+ePjrA3ZziezN979/MnqFxttNbv1k0adHsByPeVCkpE6Paz2bh+4veLfvT0sA3apFzg4bv8NAAD//wNS+MQ=")
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000007c0), 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000240)=0x214)
open$dir(&(0x7f0000000000)='./file0\x00', 0x10907e, 0x0)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000040), 0x12)
read(r1, &(0x7f0000000080)=""/241, 0xf1)
ioctl$TCSETAF(r1, 0x5412, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, "9f762f0bc5e584a2"})
socket$inet6(0xa, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000800)=@base={0x7, 0x0, 0x2, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x10000, 0x4}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0}, 0x90)
syz_emit_ethernet(0x0, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000100)='c:::\x00', 0x0)
open(0x0, 0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
syz_mount_image$hfs(&(0x7f0000000180), &(0x7f0000000100)='./file0\x00', 0x1010000, &(0x7f0000000040)=ANY=[@ANYRES32=0x0], 0x21, 0x2f1, &(0x7f00000001c0)="$eJzs3cFu0zAcBvDPTrt2YxphG0LiAhpMgsvEgAPi0gn1yp0TAtZOmoiG2IYEXBiII+IBuPMK8A5cQLwAnDjxAD1hZMdJk9XOuq5tWvh+UivXsZ2/m6S2I20BEf237jR/fLzxS78EECAAcBuQAOpABcBZnKs/29nf3o/araKGAlNDvwTimqKnzOZO21VV1zM1rFB/qmA+m0ejoZTa+Fl2EFSqenyxBq5tEqjZ6zBIyk4PZ5eMA+DCWEOZANlvQ3TQwXMslBgOERFNADv+SztMzJssASmBVTvsT+H479cpO4Dhuhn1ZKnCCpnx38zulNDH97TZ1F3vmSWc3i6TVWI/wVQPfZ5BfGZl5h/CzMCAglWliUXObm1XsLb5Gi2JN2hYmWLL5r0Vn7qJI6JdcaxNC/hbq+LuXK4/eUlIW9tRu6YTjviXjrfHkxNfxDdxX4T4gFY6/6sooQ+TOVLhoXmzrOr4r3maS/oY6lKwy/5GoyFzpc6YnZy3e7CO6GXdP32fsW0mNwgO0gjiOD/7ay0if1sh7t26b0/2BFty1QrTT559LedqBfZMWNt8EhXeShkdfWzEe3FPrOA3PqGZmf9LHd8q8te/vyFT0p4ZcX9m3CUrpmSYGTnigt3L5WIagVUbvIPUr3d4hFtY2Hvx8nEQRe1dnXjoSDyd3xU2p/oWcJYZIFEbUjs6gYNujtJeKdVvdTW8MHoTV4faoP79SHP05eMqrK+yNEcebxcLI/kSBk3UMRFhOBPNr8AEhHHyhFKAZ1PZP1A0DnsiOeg2Y7bkgGjc9LxLKKFHjlPozurMEkm/hQXz9OJFZr7F9XQFl7+JsGje59wruA1fs94VXGaP1z1rRrPmunQFuJzJFChcjYQ2zn+EaOI7HvD+PxERERERERERERERERERERERERHRtBnHXxqU3UciIiIiIiIiIiIiIiIiIiIiIiIiIiIiomnXx/N/lcg/D0apP45/+22e/xvy+b9EU+RvAAAA//8v+n0Y")

2.721423569s ago: executing program 1:
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000))
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001500), 0x0, 0x0)
close(r1)
openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TUNSETLINK(r1, 0xc004743e, 0x20000000)
close(r0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETLINK(r0, 0xc004743e, 0x20000000)
close(r0)

2.592191235s ago: executing program 2:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, 0x0, &(0x7f0000000100)='GPL\x00'}, 0x90)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="180100002100000000000000000000108500000075000000a50000002300000095"], &(0x7f0000000000)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000140)={@map=0x1, r0, 0x2e, 0x0, 0x0, @prog_id}, 0x20)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r2, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={@map, 0xffffffffffffffff, 0x0, 0x0, 0x0, @link_id}, 0x20)

2.582137839s ago: executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xb, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0)
socket$packet(0x11, 0x0, 0x300)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x0, @multicast2}, 0x10)
write$binfmt_misc(0xffffffffffffffff, 0x0, 0xbf)
shutdown(0xffffffffffffffff, 0x0)
recvmsg(0xffffffffffffffff, 0x0, 0x0)
ioctl$EXT4_IOC_SETFSUUID(0xffffffffffffffff, 0x4008662c, &(0x7f0000000100)={0x10, 0x0, "80da607cb7eadf686b5ed96ee78864cc"})
socket$kcm(0x10, 0x2, 0x0)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_mount_image$iso9660(&(0x7f0000000240), &(0x7f0000000080)='./file1\x00', 0x3080044, &(0x7f00000000c0)=ANY=[@ANYRESOCT=r0], 0x3, 0x7b9, &(0x7f0000001240)="$eJzs3V1sW+X5APDHaQMlSBXi/1eHqlJOC5OKVILjQFjEBRjnJDng2JHtTK2miVU0RVFTQDC00RuoJsE2bZp2tUvGLXe72zRpk3ax7WrSuNjN7pC4mkDal5imSZnOsZ3mw3HSj7Qwfj8reY+Pn/O+z3Gc8/g48esAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKJUmymXJ0pRzxpLZ5Kd1WZazYUht/f7+/WmZpOnN40bUcq/4tCh+PTv3XX/f/XmI/m3k3Gse+1YHMqbQ3H57iP3PPl/B0f62w9J6Hqd2GNcKeKtPKmL51ZXl1/dh0Ruoe//8po3+dda/n0ubWTtZrZQnUuTrN1Mpqemyo/Oz7aT2ayets+2O+lCUmul1U6zlZyqPZxMTE9PJun42eZSY26mWk/7K594pFIuTyXPji+m1Va72Xj02WjX5rN6PWvMFTGV8rcij3kifyA+l3WSTlpdSJILK6vLk7ulmgdNDLrhQPfxc+yhez56/cO/rSznD8idOin1HpiViYlKZWLq8enHnyiXD1bKlc0rylvEekSMROQR+/Kg5XPk5h7A4QaM9Op/1COLRizFmUgGXEajFjPRimYs5Nf/NLotoqdf/7/86Cd/GDbuxvrfr/L3Xb35aBT1/3j32vGd6v/AXIde7uyPcM1bDry8Fm/E5bgY52I1VmM5Xr1J/e7bZeRGeyhtujYXaTQii3Y0I4uFqBZrkt6aJKZjKqaiHM/HfMxGO5KYjSzqkUY7zkY7OpEWj6hatCKNanSiGa1I4lTU4uFIYiKmYzomI4k0xuNsNGMpGjEXM1EterkQK8X9PrklyyN3xS9e/ONH7+bL60ETw3YrfzKXB/11SNC2cj+0/q+t5c8Xtkao/190N/cADjdgrV//B7tya7MBAAAA9kOpePU9P/8fjfuLpdmsnn7tdqcFAAAA3ETFX/6P5c1ovnR/lPLz//KAyA9ueW4AAADAzVEq3mNXioixeKC7dCFW4q1YjkEvAgAAAACfQ8Xf/4/nzVjEm8WK/nQpzv8BAADgf8R3d5pj/8P+HLvtxTtLvxqNiNHSlcUzD5UuVfO46qUD3e16zVfXe+zMHi0d7nVSNFMHL99dioiDtfRYqT/75X96E/F+XHw/enB9853m+i+1WkMTiOEJFNfiB3GiG3PifLc937ul1B1lbDarp+O1Zv3JYkrE/Kvz+ksr347IR/9eY+FwKS6srC6Pv/Dy6vkil2KCxCuXehMobptHcUgua/2piO8fvMejxRsxeuOOdcctb9z/ke7mI8PHLG0c8+042Y05OdZtx/q3dMc8lI85Mf7kRFSrh0c66ZnO62sb9r6XxcQN7vnb8WA35sFTD3abAVlUNmXx0vYsKhuz2Nt9secs3j3x5pl//rZZSid3y2LyGrJYOxCxNQuA2+VCMevP1Sp0V1GF/r3Wldf/LXX3rv6WezjW/uPqKOvPMvrbb6h1B2Nrdb/a996q+1p0j+inujGnus8nDh4dUFfKA47or6y88rveEf2x93/y068f//3PinGvq7q9Hw93Y3pN3PubHWpsvs8/3FJV38u3eG/Hcdv1SimuRBz45qVX4shrb1x+ZOXSuReXX1x+qVKZnCo/Vi4/XonR4qlCrxmSKQBfXLt/xs6OEXf0uig9ttNZda/i3bv+LwXj8UK8HKtxPk4X7zaIiAcGjzu24d8QTu9y1jq24RNeTu9ybnk1trI9thQ7xH6y4R770o+L5tN9+XEAwC1xcpc6PKT+r78yf3qX8+7NtXzL2XHsXMsH+cq+3hsA8MWQtj4ujXXeKbVa2eLzE9PTE9XOfJq0mrXnklY2M5cmWaOTtmrz1cZcmiy2mp1mrf/C8UzaTtpLi4vNVieZbbaSGGlnZ4pPfk96H/3eTheqjU5Way/W02o7TWrNRqda6yQzWbuWLC49U8/a82mr2Li9mNay2axW7WTNRtJuLrVq6XiStNN0Q2A2kzY62WyWLzaSxVa2UG1diYj60kKazKTtWitb7DS7HfbHyhqzzdZC0e349t3/y62+vwHgs+C1Ny5fPLe6uvzq9S38eS/Bt3sfAYDNVGkAAAAAAAAAAAAAAPjs2/52vXztDbwj8NoW7ox9H2L3hbXbOvq+LeQ/yM9AGrd34RtPPXVxp5hn3rxvfm/9DP5NGfRW13cOR9zx8x911zy9c/B3er9/N2dPP4iI69h8rTQkZtNh4o5bf2QCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgO3+GwAA//++m2Gi")
r1 = epoll_create1(0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x0, 0x200000005c832, 0xffffffffffffffff, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x7)
pipe(&(0x7f00000001c0))
r2 = open(&(0x7f00000004c0)='./bus\x00', 0x143042, 0x0)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0, 0x12, r2, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

2.272403735s ago: executing program 0:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc086, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="180000000000000000000000000000001811", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000a80)='kfree\x00', r2}, 0x10)
syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f0000000380)={0x0, 0x0, 0x5, {0x5, 0x0, "b72916"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

2.269212147s ago: executing program 4:
syz_mount_image$bfs(&(0x7f0000000000), &(0x7f0000000100)='./file0\x00', 0x8008, &(0x7f0000000640)=ANY=[@ANYRESOCT, @ANYRESOCT=0x0, @ANYRES32, @ANYRES16, @ANYRESOCT, @ANYRESOCT, @ANYRES8, @ANYRES64, @ANYBLOB="2fecfb2b47b99181063f4ea9a91ac6f65072f0152c20c39a22fa3f98a9bf4519f1ddd806e46d4f97e3a0c06d3b224332dd50a891e19dbd12718934e5c33da190f134ef5de5cd25678f897b106a4bcc4956a5b987b8b305cec56493a127ad2c5bc1359b9c7c18c1c9cf278f262b8d7fea7e8630bec974d1d44f316f6be8491fa5febafde1aece65252ae1609105a79749c16f8ef0593680b0ab39ae08bb", @ANYRESDEC, @ANYRES8, @ANYRESDEC, @ANYRESHEX, @ANYRES8, @ANYRES32=0x0], 0xb, 0xb6, &(0x7f0000000580)="$eJzs1zFKxEAYBeCXCDGtjQgW2qbxDp7F0kqsFEG8gRfxKh4hvYVFOhF1RJNlCdul2IXl+4qBN4+fmfZ//Xw5fe6S8piU7uTmrazd3t1fP+XvTJWZJuyHOslhkjbJ2dGY3y/Hrpr6fni46oeD843h5qOUsvDh7+WjAADAMnUu5vmnTBdf0xb4H45Xfbvl/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADs2m8AAAD//6ykLvo=")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0)
openat$incfs(0xffffffffffffff9c, &(0x7f0000000000)='.pending_reads\x00', 0x3c2, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0)
fanotify_init(0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='cgroup.events\x00', 0x275a, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
r0 = memfd_create(&(0x7f0000000300)='-B\xd5NI\xc5j\x9a\b\x00\x00\x00\b\x84\xa2{\x00\v\x18\x004\xa6Ey\xdb\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0:\x9cc\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xc83\x12\xd7\xdb\x93\xcc]x\xaa\x8f~\xb90a\xa9\xb2\x04K\x98\x93=\xabQ\xf7\x05\x81\x01\xe5\x98\r\x1d\xa1\xce\x8b\x19\xea\xef\xe3\x00\x00\x00\x00\x00\x00\x00\x00\x00', 0x0)
socket$inet6(0xa, 0x80001, 0x0)
dup(r0)
socket(0x10, 0x3, 0x0)
fanotify_init(0x0, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYRES16, @ANYRES32=r2, @ANYRES16=r1], 0x20}, 0x1, 0xc00000000000000}, 0x0)
bind$bt_hci(r3, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(r3, &(0x7f0000000080)=ANY=[@ANYBLOB="4c00030007"], 0xd)

2.174759678s ago: executing program 1:
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x48241, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32})
ioctl$SIOCSIFHWADDR(0xffffffffffffffff, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @multicast})
write$tun(r0, &(0x7f0000000400)={@void, @void, @eth={@broadcast, @remote, @val={@val, {0x806}}, {@ipv4={0x800, @tipc={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @name_distributor={{0x28, 0x0, 0x0, 0x0, 0x0, 0xa}}}}}}}, 0x52)

2.100253561s ago: executing program 4:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000200), 0xf000)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0)
mbind(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, &(0x7f0000000000), 0x8, 0x6)

1.955239748s ago: executing program 1:
prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
r0 = getpid()
sched_setscheduler(r0, 0x1, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, 0x0, 0x0)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000800000000000000000001811", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000"], 0x0}, 0x90)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="180000000000000400000000dfffff1918120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f00000003c0)='sched_switch\x00', r4}, 0x10)
socketpair(0xf, 0x0, 0x0, &(0x7f00000001c0))
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f0000000000))
mkdir(&(0x7f0000000280)='./file0\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000500)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000001c0)='./bus\x00')
open(&(0x7f0000000040)='./bus\x00', 0x145142, 0x0)

1.912595007s ago: executing program 3:
r0 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r0, &(0x7f0000000000)={0x18, 0x0, {0x3, @link_local, 'ip6gretap0\x00'}}, 0x1e)
ioctl$PPPOEIOCSFWD(r0, 0x40047452, &(0x7f0000000040)={0x18, 0x0, {0x0, @empty, 'ipvlan0\x00'}})

1.910278795s ago: executing program 4:
syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000080)='./file0\x00', 0xa08886, &(0x7f0000000040)=ANY=[@ANYRES32=0x0], 0x9, 0x2a8, &(0x7f0000000500)="$eJzs3F9IU38Yx/HHPz/1Z+hGRFBQPeVNRRzcrgMdoRENjHJhCcExz2rstI2dsZqEWxB400U3/buuIEIQoosgELvoKpTwrovuvPMiu0oiOjGnudnUMnWS79fF9rDn+zl8z58dtu9g08fvXouGHSNspqS6oUqq2yUns1XilWpZkJMj10fe7zt34eLpQDDYcVa1M9Dt86tq84HR3pvDh8ZSO86/bH5dL+PeS9Mz/qnx3eN7pr93X404GnE0Fk+pqX3xeMrssy3tv+9EDdUztmU6lkZijpUs6YfteCKRUTPW39SYSFqOo2Yso1Ero6m4ppIZNa+YkZgahqFNjYKVDacfBZbvhp7Puq7MpN65bn1OXNfNv9iwidNDhc2df9ctOv93Kj0lbKKim3qDiD2UDqVDhedCPxCWiNhiSat45JvkrxH38Yg7d6nkH2/4R4KTR9++UVWvDNrZ+Xw2HaopzfvEI95CpqBQd54Kdvi0oDT/nzQW5/3ikV3l8/6y+To53FKUN8Qjk5clLrZMjB78MtU19GAhP+hTPdEVXJL/X/oXD9OzzxU6PwAAAAAAAAAArIWhP5VdvzfyA24PqGrTkn4hX+73gaXr861l1+drZW9tZfcdAAAAAIDtwskMRE3btpJ/WeS/yq/Hdv694smt3x+8v3PlMS1tNRPtH3KJrbBff1B87dkS0ygtZH71abXBNev8TlksPq3Ldqrm57f8mJO9H1+sup26X47PcsY2/q4EAAAAYCMsfuhvk2z4VTrbc+xepecEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB2s4a/HJt4WK6l+WLn03KtSu8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADASn4EAAD//xAR0Ao=")
connect$unix(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x4800, 0x0, 0x0, 0x0, &(0x7f0000000000))
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
mkdirat(r1, &(0x7f0000000280)='./bus/file0\x00', 0x0)
renameat2(r0, &(0x7f00000004c0)='./bus/file0\x00', r1, &(0x7f0000000500)='./file0\x00', 0x0)

1.786327647s ago: executing program 2:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000108500000075000000a50000002300000095"], &(0x7f0000000380)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10)
prctl$PR_GET_TSC(0x43, 0x0)
mremap(&(0x7f0000186000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f00000ad000/0x1000)=nil)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)

1.763811463s ago: executing program 3:
bpf$MAP_CREATE(0x100000000000000, 0x0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000140)='cgroup.procs\x00', 0x2, 0x0)
write$cgroup_pid(r1, &(0x7f0000000040), 0x12)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x3, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000500)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000400)='track_foreign_dirty\x00', r3}, 0x10)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
write$cgroup_int(r4, &(0x7f0000000100), 0x1001)

1.639438907s ago: executing program 4:
syz_mount_image$btrfs(&(0x7f0000000100), &(0x7f0000005140)='./file0\x00', 0x816, &(0x7f0000000140), 0x1, 0x50ed, &(0x7f0000005180)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTsT3573JENYvrOR3E/wmHm5XUpgfKxQ6WkmPbbFHXpgfLxQ65pIemydDeHBhZX9S+H8stJPClbV54UhSOB0L+fnQLRxLCifimfb52ny6aeH7WMgvsJiPV1Cs6V4SkfS42q/HQuGGPc52Dw4AAHBPieE5z7Jjvc2QRtn52qAdVg/aYWTQDvVBO4wmO6Q79tseZnsLcXv7zMalPf//yHD5P74Vq7JFv+v/Q7z+P3+uYff6/9lYaCSF+VhopXcMaMVjZGH343iMRivvcWV9twAAAAB3tfi9QH2F5wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAP+zda4xc1X0A8LPP8T68XkiqEBolm6TGcROv1zaQqKXKmlI1IqVZNxRURRQbe00WL9ixTYlRiIxNRCMEpQ1S8qEIoyiq+QC1AhFJAeEixREqj4iqKIBAoTVEQaSUJCJNkEI1e++ZvXPuzsOPNV76+0neOTP/87zz8Jx775wLAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPD/w8GvXPO3zeKP/va8Z1+4ePyKPWsvfvW68059MoSJmcc7snBH/423j//87nPv2fPA6jvuO3z+R3vzcnk8DFT/dOZ3boi1Hl4cwv0dIXSngRWDWaAnvz8Y63vfYAinhNlArcRkf1YibTh8vy+EfWE2UKvqe30hDBYCFz71yMM3VxO39YWwNIRQSdt4vpK10ZcGzujNAv1pYGt3FvjVW5la4LudWQCOWXwz1F70BybqMwzPXa7B66/nuHXs7ZUOrysmhhvn+9naee5UQW/6wMQxPW2l6pgXpbfHQe+2BfBuK23nWz1txS9S+TeUt2ZDldC5aXLzhqund8ZHOsPoaFejmubpeX7m9S9tPJL0gnkdxg4MH5fX4S1PLL27a/kFj9+3YunL+z+295Vj7eaPCpu0mJ5vlZC/5hbM8xiN+zxZAG+/0rekEV+6QgibP/97n2kWL83/h5vP/+PLOd521uWOtb45lM3N4yODMfHaUDY3BwAAgAVjIew13Tr60Cea1Vea/4+0d/w/HvLPJ/PZaA+GMD6T2LskhNNmHs8Cd8XmLlsSwgdnUhP1gbVJ4GAI751JLK9VlZRYFEuMJIGfDOWB8SRwKAYmksC3YuDWJHBDDBxIAhtj4GASODcGwlT9OH5/KB9H24G+GFifbcQD8SyEXwzF1pJt9VytKgAAgOMknx321N8tnOtwrBni9PJAX6sM8QzshhkqSQ3pDLY2rWpYQ3erGjpb1VAb9+7mwy/V3NGq5tJpGB31GW7/5d98NjRRmv+PNZ//V+boSEfp+H8I62b+xtydeWS6Fl8/UZcBAAAAOAYD//viN5vFS/P/8fbO/4/7RLoKmcNjcTfEliUhjNUHsmr/sBzIjnoP5AEAAABYCGrH42vHwqfy2+wU7XQ+Xc4/cYT544H/8Tnz9x58cH2z/pbm/xPtnf/fX3+bdeJQ7MXXloSwqBD4QexlNTBjJAZ+/Mn6QD7+Q3ED3BSryk9MqFV1UyyxPgbGksC+RiV+WCtxWn0gf7Jqje+tjWMqL1EIAAAAwAkXdwfE4/Lx/P8P/Wb1Nc3Kleb/64/s/P+ZeXDp9P7pgRBWdofQlf4w4LH+bGHAGBjsyBMP9Wd1daVVXd8fwjnVgaVVvZiv/9+drjH4VF9WVQyc9qH9r59RTXyzL4SVxcDTn7vzrGpiZxKoNf6XfSF8oDratPHvLMoa70kb//qiEN5fCNSqumxRCNXGetOqHqnk1zFIq/rnSgjvKgRqVZ1dCWFXAGCBiv+Vbio+uGPXtVs2TE9Pbp/HRNyH3xc2T01Pjm7cOr2p0qBPm5I+1y1jdH15TO1e+ea5fImii+5dN9hOuvY7wbFiW/l+/NKJg/n9+F2oZ2acq3vq7q5Jh/yRD5ebCIVvUo2G3DnPQ+4vVjL7JJbqj/l7w0BYdPWOye2jX9ywc+f2VdnfdrOvzv7Gw0zZtlqVbqv+ufrWxsuj4WpZiaPdVsuKlazceeW2lTt2Xbti6soNl09ePnnVqrNXj505tmbs42eurI5qLPvbYqjL5qo6Gepbd7Y5ruM41NO7C5WciE8NCQmJhZbYOrCs6f/Jpfn/tubz//ipEz/58/UZGh3/H46H+bPHZw/zr4+Bfe0e/x9udDS/dmLASBLYHQO7HeYHAADgnSFO8uPezLhX+qfLv/Nys3Kl+f/u9n7/f5zW/68tXX9+o2X+l8cSY43W/0+X+a+t/7+70fr/6TL/tfX/970N6/9fXQskm+QX1v8HAADeCU7c+v8tl/dPLxBQytByef/0AgGlDC2X8W/3AgFHvP7/8//5V/8dmijN/29tb/5v4X4AAAA4eXz5z675nWbx0vx/X3vz/xO//l9odP7/SKPARKOFAa3/BwAAwALVaP2/4Rv7L21WrjT/P9De/D+edtFZlzvW+uZQtqZdSNe0e22o9pMBAAAAWBg6w+hoT5t561ZGXXv0bT6TLwXaLF304p8cPrLz/w+2N/+v+13GLU8svbtr+QWPv3nfiqUv7//Y3ldmj/8DAAAA86fd/RIAAAAAAAAAAAAAAMDb78X/2LOmWbz0+/+wbubxRr//j9f9i78veHdd7lhr6/X/8vsXfvqeXTNLFj42FMKHi4Ete7acEvJr8y8rBh6+ZPl7qok9aYkHXzj3pWri0jTwqRWnvlFNnJME1sdFEt+bBuJVFd9YnATi8or/ngbi9jiQBnrzwFcXZ+PoSLfVTwezbdWRbqtnB0NYUgjUttX9g1kbHekAb0sCtQF+IQ3EAf55HuhMe3XPQNarGBiMRe8YyHoFAMBJK34L7Ambp6Ynx+JX+Hh7enf9bVS3ZNn15Wo72mz+uXxpsovuXTfYTror/S46e63xnlCpDmFV6etqMUvHzCiPTy0tNt27Gwy51WpvnQ3KpY500/U2HlFfNqLRjVunN/W0HPia1llWd7fMsqo02Slm6ZzZpG3U0kZf2hhRm9umjS7H+51hdLQryfUHMTgc6rR6RbT7e/3iOn+NXgXFPFcd3vurZvWV5v/D7c3/K8VxvZFfDGB3vLLe3y2xzD8AAADMr6+u/fU34r/P3vjo083ylub/I+3N/+MerPxQcLa342C8/v/eJSHMXFp/OAvcFZu7bEkIH5xJTcQS2QX1z48lxrLAXXGHyfJYYv1EfVWLYuBAEvjJUB44mAQOxUC+l2J/yHfl/P1QCGfNpNbVl9gWSwwngc/EwEgSGI2BsSSwOAbGk8Cri/PARBL4txgIU/Xb6t7F+bYCAAA4Evk8q6f+bkjneQe6W2XoaJWhv1WGzlYZKq0yNBpFvP/tmKEnOXmlo5CpJ621L6mllCFeDP+I+1XKEH5YnzMtWGo6nn9QO9+goz7DA5/oroQmSvP/sfbm//31t1nrh+L8f/b6f1ngB7F7X4unjo/EwI8/WR/IdwwcipPdm2pVTeQl8kn7TbHEeAyMJIFtMTCeBNavywP73lMfyGfatcb31hqfyksUAgAAAHDCxR0EcTdNnP/fseMrA83Kleb/4+3N/2N7A8XGboi1Hl4cwv0ds72pBVYMZoG4H2Mw/jz+fYMhnFLYwVErMdmflehNGg7f78t+od6bVvW9vuzHB/H+hU898vDN1cRtfSEsLex9qbXxfCVroy8NnNGbBfrTwNbuLBD3/NQC3+3MAnDMansF4wsqP9WlZnjucg1ef++Ua4KmwyvtA50j31y/uZovpR2u+T7VmiN72pruv+W4Kb09Dnq3LcR327B3W/GLVP4N5a3ZUCV0bprcvOHq6Z3xkeIvWUvm6Xku/kq1nfRxeB3uPvretlZJOzCWfHyMzV1u7tdhR6zulieW3t21/ILH71ux9OX9H9v7StvdaCD+UPiR6/518EeFzTvfKiF/zS24z5MJnycL8b+BEU9bCGHdq1+/qVm8NP+faG/+353czvh13Jg7loTwkcLGfSxu/j9ekn0OFgLZp+S7yoHskPt/DTX85AQAAIDjrba7o7a/YCq/zU4IT+fJ5fwTR5g/7q8YnzN/u/3u/+tLljaLl+b/65vP/xcl3XT83/F/5onj/3M62XdFL0of2H1Mu6JL1TEvHP+f08n+bnP8f06O/zv+PxfH/1tw/H9OJ/vTVvqWtM2XrhDCy3/00LPN4qX5/7b25v/W/5t70b7a+n/rG63/t63R+n+7rf8HAADMqwYLzaXzvNLqfaUM6ep9pQwtFwhsucSg9f+OeP2/l05//jehidL8f3d78//4chgotr5Q1v8bWdegqltjYJuFAQEAADgZNdpBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwNvrgX/4n03N4o/+9rxnX7h4/Io9ay9+9brzTn0yhKmZxzuycEf/jbeP//zuc+/Z88DqO+47fP5HK3m5nvz2d+tyx1rfHAphX+GRwZh4bah6ZzZw4afv2dVdTTw2FMKHi4Ete7acUk18ayiEZcXAw5csf081sSct8eAL575UTVyaBj614tQ3qolz8kBH2t1/XJx1tyPt7s2LQ1hSCNS6e8Xi+qpqbfxpHuhM2/inwayNGBiMRb8xmLURA9OxxNSiEFZ2h9CVVvVoJauqK63qXypZVV1pVV+uhHBOCKE7reqF3qyq7nTkT/ZmVcXAaR/a//oZ1cS+3hBWFgNPf+7Os6qJLySBWuN/0RvCB6ovmbTxb/dkjfekjd/WE8L7Qwi9aYlfdmcletMSL3aH8K5CoNb457tD2BV4R4gfPnWfaDt2Xbtlw/T05PZ5TPTmbfWFzVPTk6Mbt05vqiR9aqSjkH7r+qMf+3Ovf2lj9faie9cNtpPuzsv1zHR5dU/d3TUne+9jv/qLlcw+H6X6Y/7eMBAWXb1jcvvoFzfs3Ll9Vfa33eyrs79deTTbVqsWyrZaVqxk5c4rt63csevaFVNXbrh88vLJq1advXrszLE1Yx8/c2V1VGPZ3+Mx1DtP/FBP7y5UciI+ACQkJBZaorPu023sZP8gL33Rn+1oT6jMfECXphXFLB0zozweg157lCM+mu8pLUe0qjRxKGVZ3TrLmtJkYjZLX5Zl5ntdaXJYrKlzZpPG+51hdLSr0XYYrr9b3Lw/O4bN+0y+6dpNAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwf+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwLAAAAAAgzN86jJ4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALgUAAD//wNUIwc=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b70300000000000085000000830000"], &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, 0x0, 0x0)
sendto$packet(r3, &(0x7f00000000c0)="3f033608260812002c001e0089e9aaa911d7c2290f0086dd1327c9167c643c4a1b7880610cc96655b1b141ab059b24d0fbc50df71548a3f6c5609063", 0x3c, 0xa0c4, &(0x7f0000000540)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14)
ioctl$VIDIOC_S_SELECTION(0xffffffffffffffff, 0xc040565f, &(0x7f0000000000))
chdir(&(0x7f0000000400)='./file0\x00')
link(&(0x7f0000000000)='./file0\x00', &(0x7f0000000080)='./bus\x00')
r4 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000bc0), r4)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f00000000c0)='./file1\x00', 0x20081e, &(0x7f0000000040)={[{@nodelalloc}, {@grpid}, {@auto_da_alloc}]}, 0x1, 0x4ef, &(0x7f00000003c0)="$eJzs3U1vW1kZAODXzpeTyUwywywAAVOGgYKqOonbRlUXUFYIoUqILkFqQ+JGUew4ip3ShC7S/4BEJVaw5Aew7oo9GwQ7NmWBxEcEaiqxMLrXN6mb2k1oEjuKn0e6uvfcY/s9J849x36d+AQwsC5FxE5EjEbE/YiYys7nsi1ut7bkdi92Hy/u7T5ezEWzefefubQ+ORdt90m8lz1mISJ+9L2In+bejFvf2l5dqFTKG63i+Eyjuj5T39q+ulJdWC4vl9dKpfm5+dmb126UTq2vn1RHs6MvP//Dzrd+njRrMjvT3o/T1Or6yEGcxHBE/OAsgvXBUNaf0X43hHeSj4iPIuLT9PqfiqH02QQALrJmcyqaU+1lAOCiy6c5sFy+mOUCJiOfLxZbObyPYyJfqdUbVx7UNteWWrmy6RjJP1iplGezXOF0jOSS8lx6/KpcOlS+FhEfRsQvxsbTcnGxVlnq5wsfABhg7x2a//8z1pr/AYALrtDvBgAAPWf+B4DBY/4HgMFj/geAwWP+B4DBY/4HgMFj/geAgfLDO3eSrbmXff/10sOtzdXaw6tL5fpqsbq5WFysbawXl2u15fQ7e6pHPV6lVlufux6bj6a/vV5vzNS3tu9Va5trjXvp93rfK4/0pFcAwNt8+MmzP+ciYufWeLpF21oO5mq42PL9bgDQN0P9bgDQN1b7gsF1gvf40gNwQXRYovc1hYgYP3yy2Ww2z65JwBm7/AX5fxhUbfl/fwUMA0b+HwaX/D8MrmYzd9w1/+O4NwQAzjc5fqDL5/8fZfvfZh8O/GTp8C2enmWrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4HzbX/+3mK0FPhn5fLEY8X5ETMdI7sFKpTwbER9ExJ/GRsaS8lyf2wwAnFT+b7ls/a/LU59NHq4dzb0cS/cR8bNf3f3lo4VGY+OPyfl/HZxvPM3Ol/rRfgDgKPvzdLpveyP/Yvfx4v7Wy/b8/bsRUWjF39sdjb2D+MMxnO4LMRIRE//OZeWWXFvu4iR2nkTE5zv1PxeTaQ6ktfLp4fhJ7Pd7Gj//Wvx8WtfaJz+Lz51CW2DQPEvGn9udrr98XEr3na//QjpCnVw2/iUPtbiXjoGv4u+Pf0Ndxr9Lx41x/fffbx2Nv1n3JOKLwxH7sffaxp/9+Lku8T87Zvy/fOkrn3ara/464nJ0jt8ea6ZRXZ+pb21fXakuLJeXy2ul0vzc/OzNazdKM2mOeqb7bPCPW1c+6FaX9H+iS/zCEf3/+jH7/5v/3v/xV98S/5tf6xQ/Hx+/JX4yJ37jmPEXJn5X6FaXxF/q0v+jnv8rx4z//K/bbywbDgD0T31re3WhUilv9PJg/4VET4M6uAAHyW/NOWhGx4Pv9CrWaPxf92o23ylWtxHjNLJuwHlwcNFHxMt+NwYAAAAAAAAAAAAAAOioF/+x1O8+AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcHH9LwAA//89fM7W")
unlink(0x0)

1.552708739s ago: executing program 2:
syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f0000000080)='./bus\x00', 0x200000, &(0x7f00000013c0)=ANY=[], 0xf, 0x6b3, &(0x7f00000000c0)="$eJzs3c9vHGcdB+DPrNdbb6iC0yZthIqIEqkgRSR2rBTChYAQyqFCVTlwthKnsbJxKttFboXABQQnJA79AwqSb5yQuAeFc7n1anGqhMQl4hBxMZrZWXvtXf+I7dgxPE80ft+Z95133vnOzDs741gb4P/WrctpPkqRW5ffXirnV1emOqsrUy/VxZ0kZb6RNLtJirmkeJzcLMuLvil96YBPZm+8+/mT1S+6c816quo3dlpviCF1l+spF5KM1Omg0b1uYlN7t5O8PFCltde2NlUsg3apTuHYrQ1Y3qH2P05vWfAs1y3wgundnYrufXPAeHIqyVj9OSD16NA4uh4+HzuNcgAAAPC/4rOHx90DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOHnq7/8v6qlRp7mQovf9/63esjp/oj067g4AAAAAAAAAwCH42tM8zVJO9+bXiup3/hermbP5z1rypXyQhcxkPleylOksZjHzmUwy3tdQa2l6cXF+cn3N0vA1rw1d89pR7TEAAAAAAAAAnGDtbUt+mVsbv/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAXQZGMdJOsJTm7XrDcaHYXp1XNJn/v5U+IYtjCR0ffDwAAADiQsX2s8+WneZqlnO7NrxXVM/9r1fPyWD7IXBYzm8V0MpM79TN0+dTfWF2Z6qyuTD0op8F2v/evZ+pG1WK67x6qLa8/rPe2fL6q0c7dzFZLruR2VedOGtWapfO9/gzv18dln4rv1gb60Bzas2Yd1nJjv9/uLcKheNZXEeN1l3sRmaj7VkbjTDcCRfWiJtkaiV2PTnPrltLI6PqWJtNYf/Nz9kAxH+5UnZb785vnGvMdLA9buB6JRqpIXOs7+17bORLJ1//yp5/c68zdv3d34fKx7NJ+jGyzvI5E7wzLVF8kXj/RkRg+DmxvoorEufX5W/lhfpzLuZB3Mp/Z/DTTWcxM9T61NF2fz+XP8Z0jdXPT3Du79aRVH5fuMdtLny7kB1VuOherdU9nNkUe5k5m8lb171om861cz/Xc6DvC57btd7Vv1VXf2HrV9470X4d2/tI36kw7yW/rdCAGteW1ru3OzsPSHfvLuJ7pi2t3JHyyXutM39g40RelV3rRGR3a+H7GxuZX6ky5jV/V6YthvI5EeQH17hK93r3ajUSzuhcNnud/qK6Nhc7c/fl70+9v0/7WAfnNOi1Pq5Wv7rWXww/F4SrPl1cyVo8km8+OsuzV8kCObC2brMrOro9AjYGyc1VZUfSu1B9te6W26s9wgy1dq8peH1o2VZWd7yvb9HkrD9PJnSOIHwAHNJ5TrfY/25+1P23/un2v/fbY91/69ktvtDL6t9HvNCdG3my8Ufw5n+bnG8//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/i18+NH96U5nZn54prF90S6Z3VrekinqL/TZ17YOMdNKchjtjG1tZ7RccOS70951d9Z+kRx5nHtfIji8zu/KTDN7afDmbnU+3lcPG0mO9zw8usxIhp8AxzwwAc/d1cUH719d+PCjb84+mH5v5r2ZudHr129M3Lj+1tTVu7OdmYnuz+PuJfA8bNz0j7snAAAAAAAAAAAAwF4N+8OAiy8fxt/AtPzPQgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBQ3Lqc5qMUmZy4MlHOr65Mdcqpl9+o2UzSaCTFz5LicXIz3Snjfc0V+ePjrA3ZziezN979/MnqFxttNbv1k0adHsByPeVCkpE6Paz2bh+4veLfvT0sA3apFzg4bv8NAAD//wNS+MQ=")
getsockopt$bt_BT_VOICE(0xffffffffffffffff, 0x112, 0xb, &(0x7f00000007c0), 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$TIOCPKT(0xffffffffffffffff, 0x5420, &(0x7f0000000240)=0x214)
open$dir(&(0x7f0000000000)='./file0\x00', 0x10907e, 0x0)
write$cgroup_int(0xffffffffffffffff, &(0x7f0000000040), 0x12)
read(r1, &(0x7f0000000080)=""/241, 0xf1)
ioctl$TCSETAF(r1, 0x5412, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, "9f762f0bc5e584a2"})
socket$inet6(0xa, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000800)=@base={0x7, 0x0, 0x2, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x10000, 0x4}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[], 0x0}, 0x90)
syz_emit_ethernet(0x0, 0x0, 0x0)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
fsconfig$FSCONFIG_SET_STRING(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000100)='c:::\x00', 0x0)
open(0x0, 0x0, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0)
syz_mount_image$hfs(&(0x7f0000000180), &(0x7f0000000100)='./file0\x00', 0x1010000, &(0x7f0000000040)=ANY=[@ANYRES32=0x0], 0x21, 0x2f1, &(0x7f00000001c0)="$eJzs3cFu0zAcBvDPTrt2YxphG0LiAhpMgsvEgAPi0gn1yp0TAtZOmoiG2IYEXBiII+IBuPMK8A5cQLwAnDjxAD1hZMdJk9XOuq5tWvh+UivXsZ2/m6S2I20BEf237jR/fLzxS78EECAAcBuQAOpABcBZnKs/29nf3o/araKGAlNDvwTimqKnzOZO21VV1zM1rFB/qmA+m0ejoZTa+Fl2EFSqenyxBq5tEqjZ6zBIyk4PZ5eMA+DCWEOZANlvQ3TQwXMslBgOERFNADv+SztMzJssASmBVTvsT+H479cpO4Dhuhn1ZKnCCpnx38zulNDH97TZ1F3vmSWc3i6TVWI/wVQPfZ5BfGZl5h/CzMCAglWliUXObm1XsLb5Gi2JN2hYmWLL5r0Vn7qJI6JdcaxNC/hbq+LuXK4/eUlIW9tRu6YTjviXjrfHkxNfxDdxX4T4gFY6/6sooQ+TOVLhoXmzrOr4r3maS/oY6lKwy/5GoyFzpc6YnZy3e7CO6GXdP32fsW0mNwgO0gjiOD/7ay0if1sh7t26b0/2BFty1QrTT559LedqBfZMWNt8EhXeShkdfWzEe3FPrOA3PqGZmf9LHd8q8te/vyFT0p4ZcX9m3CUrpmSYGTnigt3L5WIagVUbvIPUr3d4hFtY2Hvx8nEQRe1dnXjoSDyd3xU2p/oWcJYZIFEbUjs6gYNujtJeKdVvdTW8MHoTV4faoP79SHP05eMqrK+yNEcebxcLI/kSBk3UMRFhOBPNr8AEhHHyhFKAZ1PZP1A0DnsiOeg2Y7bkgGjc9LxLKKFHjlPozurMEkm/hQXz9OJFZr7F9XQFl7+JsGje59wruA1fs94VXGaP1z1rRrPmunQFuJzJFChcjYQ2zn+EaOI7HvD+PxERERERERERERERERERERERERHRtBnHXxqU3UciIiIiIiIiIiIiIiIiIiIiIiIiIiIiomnXx/N/lcg/D0apP45/+22e/xvy+b9EU+RvAAAA//8v+n0Y")

1.499983241s ago: executing program 3:
r0 = memfd_create(&(0x7f00000002c0)='c\x9c\\\xd4\xa4-K\x98.\x89|K\xe6I\xac\x17H\xff\x96\x13\xae\x83\x1d\x00\x01\x00\xe1\x0eB\x13\xb7\xc9\xcc\x8c\xacn(sN\xe4\xfb?\xc0\xd0\"`\n\x02\x00\x00\x00\x8f\x97\xac\x8cP\x01\xa0ez3\'\x02m\xe9\xa8[\v\xbe\xef\xb16\xe57\xb9\x13\xc4\x81j\x10\xaf\x95\x00\x00\x90\xf7\x99V\xfa\xc0&\xf2\xb8N\xb6\x01#\xe2\x8c`QV\x9eA\xe4\x88C\x81\x85\x01P\xd1^=\xc2\xbaI\x90\xd7\xe1|u_\xf4\r\xe4\xd4\xc6+\xfc\x9e\x17\x97E\'\x93/!2RN\x81t\xc5f\x8f\b\t\n0H\x03\x96\nUD\xdb\xa2\x00\x00\x00\x00\x00\xbe=\x1e%x\xb9\xb2\x90\xbaw\x87\xd7\x8f\xce\xa3\x98`\f@7\xb6<\xfd\xb6\xf7\xd3\xd4\x8b\xf2\xbfNBZ\x1ar\r\xa0\x9f\x92\x8d\xae\xce\xe8\xeb\xe5\x14\xbf\xb5\xee\x94C3\xa7\x16\xe6\vd\x06*\xa2\xf9\xa2\xe21\xa1\xec4\r\xbc GW\xb5\xea\xee\xad\xe6+\xdcC\xd6\'+5\xcaP\x8a\xa63\xbe\xda`qz\xb0\xf5E=\xaf\x92\x91\xff\xf2\x88\xa0\xa8ral[\x10\xb3$\xa2Q\x1fX\xc8\\\x86n\xdcKe\x86V;Cc\x18\xae\x15\xcb\x9d', 0x0)
write$cgroup_pid(r0, &(0x7f0000000040)=0xffffffffffffffff, 0x1)
mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x4, 0x11, r0, 0x0)
sendfile(r0, r0, &(0x7f0000000140), 0x80000000)
r1 = socket(0x10, 0x803, 0x0)
recvmmsg(r1, 0x0, 0xfffffffffffffdd8, 0x0, &(0x7f0000003700)={0x77359400})

560.666495ms ago: executing program 2:
socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000000))
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000001500), 0x0, 0x0)
close(r1)
openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$TUNSETLINK(r1, 0xc004743e, 0x20000000)
close(r0)
openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TUNSETLINK(r0, 0xc004743e, 0x20000000)
close(r0)

547.344261ms ago: executing program 3:
r0 = syz_open_procfs(0x0, &(0x7f00000004c0)='status\x00')
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendfile(r1, r0, 0x0, 0x0)

485.67691ms ago: executing program 3:
syz_open_dev$sg(0x0, 0x0, 0x0)
ioctl$SCSI_IOCTL_SEND_COMMAND(0xffffffffffffffff, 0x1, &(0x7f0000000000)=ANY=[@ANYRES8])
write(0xffffffffffffffff, &(0x7f0000000040), 0x0)
syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0)
madvise(&(0x7f0000ada000/0x3000)=nil, 0x3000, 0x64)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
migrate_pages(0x0, 0x4, &(0x7f0000000040), 0x0)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x3)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r0, 0x0)
mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff)
socket$nl_xfrm(0x10, 0x3, 0x6)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, 0x0, 0x0)
getsockopt$bt_hci(0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0)

329.50678ms ago: executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x53}]}, &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

241.901374ms ago: executing program 1:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700)
write$cgroup_int(r0, &(0x7f0000000200), 0xf000)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, 0xffffffffffffffff, 0x0)
mbind(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, &(0x7f0000000000), 0x8, 0x6)

179.412501ms ago: executing program 0:
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
socket$inet6(0xa, 0x6, 0x0)
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x8000000000000001, 0x0)
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x1, 0x0)
mq_unlink(&(0x7f0000000340)='eth0\x00')
mq_timedsend(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
close(0xffffffffffffffff)

62.871607ms ago: executing program 2:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, 0x0, &(0x7f0000000100)='GPL\x00'}, 0x90)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000140)=ANY=[@ANYBLOB="180100002100000000000000000000108500000075000000a50000002300000095"], &(0x7f0000000000)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000140)={@map=0x1, r0, 0x2e, 0x0, 0x0, @prog_id}, 0x20)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r2, 0x0)
bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000040)={@map, 0xffffffffffffffff, 0x0, 0x0, 0x0, @link_id}, 0x20)

974.275µs ago: executing program 1:
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r0 = socket(0x10, 0x0, 0x0)
syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x2, 0x0)
r2 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), r2)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f00000000c0)={'ip6_vti0\x00', &(0x7f0000000000)={'syztnl1\x00', <r4=>r3, 0x0, 0x0, 0x0, 0x0, 0x0, @mcast2, @dev, 0x0, 0x7}})
getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0)
ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000080)={'syztnl1\x00', &(0x7f0000000180)={'syztnl1\x00', r4, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @rand_addr=' \x01\x00'}})
socket$nl_route(0x10, 0x3, 0x0)
socket(0x0, 0x0, 0x0)
sendmsg$BATADV_CMD_GET_MESH(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, 0x0}, 0x0)
getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000200))
openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x7a05, 0x1700)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x0, 0x4, 0x7fe2}, 0x48)
r5 = syz_open_dev$vim2m(&(0x7f0000000000), 0x8000, 0x2)
ioctl$vim2m_VIDIOC_ENUM_FMT(r5, 0xc0405602, &(0x7f0000000240)={0x0, 0x3, 0x0, "dd3e9db9a79317cb06000000000000009cec82438ff87936dfd60000ecff1800"})
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={0x0}, 0x10)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000000300)="d8000000180081054e81f782db4cb904021d080406037c09e8fe55a10a0015400400142603600e122f00160006000400a8000600200003400700027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a941", 0xd8}], 0x1, 0x0, 0x0, 0x4a0f0000}, 0x0)

0s ago: executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000003c0)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000108500000075000000a50000002300000095"], &(0x7f0000000380)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10)
prctl$PR_GET_TSC(0x43, 0x0)
mremap(&(0x7f0000186000/0x1000)=nil, 0x1000, 0x1000, 0x3, &(0x7f00000ad000/0x1000)=nil)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x8031, 0xffffffffffffffff, 0x0)

kernel console output (not intermixed with test programs):

or: local softirq work is pending, handler #200!!!
[   89.175602][    T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!!
[   89.831233][ T5345] tipc: Started in network mode
[   89.836189][ T5345] tipc: Node identity aaaaaaaaaa32, cluster identity 4711
[   89.878389][ T5345] tipc: Enabled bearer <eth:vlan0>, priority 10
[   89.886769][ T5348] loop2: detected capacity change from 0 to 22
[   89.941080][ T5348] romfs: Unknown parameter '•·‹ìÛ34ôï°ñ�ãbЯ)ës[°‹�S6ô·~Xö:"²ëæÉËGdæìmå
ôº*'
[   90.015872][ T5354] syzkaller0: refused to change device tx_queue_len
[   90.204729][ T5171] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   90.251463][   T29] kauditd_printk_skb: 24 callbacks suppressed
[   90.251483][   T29] audit: type=1800 audit(1718254326.004:36): pid=5362 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1965 res=0 errno=0
[   90.424173][ T5171] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   90.456996][ T5171] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   90.496993][ T5171] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[   90.548882][ T5171] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[   90.595881][ T5171] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[   90.635808][ T5171] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   90.679508][ T5171] usb 1-1: Product: syz
[   90.695539][ T5171] usb 1-1: Manufacturer: syz
[   90.722969][ T5171] usb 1-1: SerialNumber: syz
[   90.899467][   T25] tipc: Node number set to 10005162
[   91.271187][ T5370] loop2: detected capacity change from 0 to 1024
[   91.438577][ T5171] cdc_ncm 1-1:1.0: bind() failure
[   91.610791][ T5171] cdc_ncm 1-1:1.1: probe with driver cdc_ncm failed with error -71
[   91.656456][ T5171] cdc_mbim 1-1:1.1: probe with driver cdc_mbim failed with error -71
[   91.707650][ T5372] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.2'.
[   91.728480][ T5171] usbtest 1-1:1.1: probe with driver usbtest failed with error -71
[   91.820891][ T5171] usb 1-1: USB disconnect, device number 2
[   92.053734][ T5365] loop3: detected capacity change from 0 to 40427
[   92.080216][ T5365] =======================================================
[   92.080216][ T5365] WARNING: The mand mount option has been deprecated and
[   92.080216][ T5365]          and is ignored by this kernel. Remove the mand
[   92.080216][ T5365]          option from the mount to silence this warning.
[   92.080216][ T5365] =======================================================
[   92.132069][ T5365] F2FS-fs (loop3): Invalid log_blocksize (268), supports only 12
[   92.151596][ T5120] Bluetooth: hci4: command 0x0405 tx timeout
[   92.271879][ T5365] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[   92.342495][ T5365] F2FS-fs (loop3): invalid crc value
[   92.399066][ T5365] F2FS-fs (loop3): Found nat_bits in checkpoint
[   92.631027][ T5365] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[   92.648721][ T5365] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   94.464783][ T5403] syzkaller0: refused to change device tx_queue_len
[   94.706192][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   95.832274][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   95.971463][ T5413] netlink: 64 bytes leftover after parsing attributes in process `syz-executor.2'.
[   95.979771][ T5415] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   95.998644][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   96.948737][   T25] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   97.090961][ T5448] syzkaller0: refused to change device tx_queue_len
[   97.105377][ T5450] loop3: detected capacity change from 0 to 64
[   97.131264][ T5450] hfs: unable to parse mount options
[   97.160165][   T25] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[   97.179590][   T25] usb 5-1: New USB device found, idVendor=0582, idProduct=0000, bcdDevice= 0.00
[   97.204317][   T25] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   97.359099][ T5455] trusted_key: syz-executor.3 sent an empty control message without MSG_MORE.
[   97.372474][   T25] snd-usb-audio 5-1:27.0: probe with driver snd-usb-audio failed with error -22
[   97.388776][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   97.436231][ T5120] Bluetooth: hci4: command 0x0405 tx timeout
[   97.474380][ T5424] process 'syz-executor.4' launched './file1' with NULL argv: empty string added
[   97.751896][ T5461] loop4: detected capacity change from 0 to 512
[   97.838952][ T5464] netlink: 'syz-executor.2': attribute type 29 has an invalid length.
[   97.864035][ T5464] netlink: 'syz-executor.2': attribute type 29 has an invalid length.
[   97.900880][ T5466] netlink: 'syz-executor.2': attribute type 29 has an invalid length.
[   97.983063][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   98.001775][ T5461] EXT4-fs warning (device loop4): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[   98.046123][ T5464] netlink: 'syz-executor.2': attribute type 29 has an invalid length.
[   98.059298][ T5461] EXT4-fs warning (device loop4): dx_probe:880: Enable large directory feature to access it
[   98.079199][ T5461] EXT4-fs warning (device loop4): dx_probe:965: inode #2: comm syz-executor.4: Corrupt directory, running e2fsck is recommended
[   98.108369][ T5468] netlink: 'syz-executor.2': attribute type 29 has an invalid length.
[   98.179484][ T5461] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -2
[   98.227296][ T5461] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2234: inode #15: comm syz-executor.4: corrupted in-inode xattr: invalid ea_ino
[   98.248670][ T5466] netlink: 'syz-executor.2': attribute type 29 has an invalid length.
[   98.277167][ T5461] EXT4-fs error (device loop4): ext4_orphan_get:1399: comm syz-executor.4: couldn't read orphan inode 15 (err -117)
[   98.344385][ T5464] netlink: 'syz-executor.2': attribute type 29 has an invalid length.
[   98.418962][ T5461] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   98.513603][    T8] usb 5-1: USB disconnect, device number 2
[   99.126598][ T5115] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   99.333452][ T5499] netlink: 'syz-executor.3': attribute type 29 has an invalid length.
[   99.352216][ T5498] loop2: detected capacity change from 0 to 64
[   99.367212][ T5499] netlink: 'syz-executor.3': attribute type 29 has an invalid length.
[   99.377616][ T5498] hfs: unable to parse mount options
[   99.395178][ T5499] netlink: 'syz-executor.3': attribute type 29 has an invalid length.
[   99.758065][ T5172] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  100.018405][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[  100.122411][ T5172] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  100.144077][ T5172] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  100.154316][ T5172] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  100.167307][ T5172] usb 2-1: New USB device found, idVendor=046d, idProduct=c294, bcdDevice= 0.00
[  101.006841][ T5172] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  101.090694][ T5172] usb 2-1: config 0 descriptor??
[  101.558186][  T785] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  101.624481][ T5172] logitech 0003:046D:C294.0001: hidraw0: USB HID v0.00 Device [HID 046d:c294] on usb-dummy_hcd.1-1/input0
[  101.639931][ T5172] logitech 0003:046D:C294.0001: no inputs found
[  101.757500][ T5172] usb 2-1: USB disconnect, device number 2
[  101.774771][  T785] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  101.811349][  T785] usb 3-1: New USB device found, idVendor=0582, idProduct=0000, bcdDevice= 0.00
[  101.855661][  T785] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  101.954511][  T785] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -22
[  102.182123][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  102.192479][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  102.250766][ T5537] loop2: detected capacity change from 0 to 512
[  102.367791][ T5537] EXT4-fs warning (device loop2): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  102.448083][ T5537] EXT4-fs warning (device loop2): dx_probe:880: Enable large directory feature to access it
[  102.656473][ T5537] EXT4-fs warning (device loop2): dx_probe:965: inode #2: comm syz-executor.2: Corrupt directory, running e2fsck is recommended
[  103.601825][ T5537] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2
[  103.612784][ T5537] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2234: inode #15: comm syz-executor.2: corrupted in-inode xattr: invalid ea_ino
[  103.661602][ T5537] EXT4-fs error (device loop2): ext4_orphan_get:1399: comm syz-executor.2: couldn't read orphan inode 15 (err -117)
[  103.733427][ T5537] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  103.771408][   T25] usb 3-1: USB disconnect, device number 2
[  103.881927][    C0] net_ratelimit: 2 callbacks suppressed
[  103.881942][    C0] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies.
[  104.374793][ T5126] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.728679][ T5173] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  106.779861][ T5602] bond1: entered allmulticast mode
[  106.953026][ T5173] usb 1-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  106.968007][ T5173] usb 1-1: New USB device found, idVendor=0582, idProduct=0000, bcdDevice= 0.00
[  106.987720][ T5173] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  107.071599][ T5173] snd-usb-audio 1-1:27.0: probe with driver snd-usb-audio failed with error -22
[  107.244688][ T5592] loop3: detected capacity change from 0 to 32768
[  107.345316][ T5588] loop4: detected capacity change from 0 to 40427
[  107.373980][ T5588] F2FS-fs (loop4): invalid crc value
[  107.390888][ T5598] loop2: detected capacity change from 0 to 32768
[  107.400262][ T5166] usb 1-1: USB disconnect, device number 3
[  107.400644][ T5598] bcachefs (/dev/loop2): error validating superblock: Invalid superblock section journal_v2: duplicate journal buckets in ranges 9-1034, 24-25
[  107.400644][ T5598] journal_v2 (size 40):
[  107.400644][ T5598] Buckets:  9-1034 24-25
[  107.400644][ T5598] 
[  107.456008][ T5588] F2FS-fs (loop4): Found nat_bits in checkpoint
[  107.512251][ T5592] bcachefs (loop3): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=xxhash,compression=zstd,nojournal_transaction_names
[  107.531181][ T5592] bcachefs (loop3): recovering from clean shutdown, journal seq 10
[  107.550642][ T5592] bcachefs (loop3): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.9: disk_accounting_v2
[  107.550642][ T5592]   running recovery passes: check_allocations
[  107.621860][ T5588] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  107.872190][ T5592] bcachefs (loop3): accounting_read... done
[  107.893081][ T5592] bcachefs (loop3): alloc_read... done
[  107.913335][ T5592] bcachefs (loop3): stripes_read... done
[  108.518289][ T5592] bcachefs (loop3): snapshots_read... done
[  108.535389][ T5592] bcachefs (loop3): check_allocations...
[  108.585289][ T5592] btree ptr not marked in member info btree allocated bitmap
[  108.585344][ T5592]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 4fe84214937890c3 written 32 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, shutting down
[  108.792667][ T5115] syz-executor.4: attempt to access beyond end of device
[  108.792667][ T5115] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  108.793410][ T5115] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  108.893728][ T5592] bcachefs (loop3): inconsistency detected - emergency read only at journal seq 10
[  108.926272][ T5592] bcachefs (loop3): bch2_gc_mark_key(): error fsck_errors_not_fixed
[  108.989775][ T5592] bcachefs (loop3): bch2_gc_btree(): error fsck_errors_not_fixed
[  109.006990][ T5592] bcachefs (loop3): bch2_gc_btrees(): error fsck_errors_not_fixed
[  109.024516][ T5592] bcachefs (loop3): bch2_check_allocations(): error fsck_errors_not_fixed
[  109.060662][ T5592] bcachefs (loop3): bch2_fs_recovery(): error fsck_errors_not_fixed
[  109.080764][ T5592] bcachefs (loop3): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed
[  109.118061][ T5592] bcachefs (loop3): shutting down
[  109.139984][ T5633] warning: `syz-executor.0' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  109.177335][ T5592] bcachefs (loop3): shutdown complete
[  109.700566][ T5652] loop4: detected capacity change from 0 to 2048
[  109.723500][ T5652] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  109.736205][ T5652] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4
[  109.759065][ T5652] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  110.463825][ T5667] validate_nla: 4 callbacks suppressed
[  110.463875][ T5667] netlink: 'syz-executor.4': attribute type 4 has an invalid length.
[  110.875711][ T5667] syz-executor.4 (5667) used greatest stack depth: 17744 bytes left
[  111.477056][ T5645] loop1: detected capacity change from 0 to 40427
[  111.483740][ T5677] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  111.535745][ T5645] F2FS-fs (loop1): invalid crc value
[  111.543944][   T29] audit: type=1326 audit(1718254347.274:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5676 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f04a9e7cea9 code=0x0
[  111.605587][ T5645] F2FS-fs (loop1): Found nat_bits in checkpoint
[  111.651286][ T5691] bond0: (slave bond_slave_0): Releasing backup interface
[  111.786242][ T5645] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  111.917748][   T29] audit: type=1804 audit(1718254347.664:38): pid=5698 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.2" name="/root/syzkaller-testdir957534596/syzkaller.oqTe7H/44/file0" dev="sda1" ino=1965 res=1 errno=0
[  114.407098][ T5116] syz-executor.1: attempt to access beyond end of device
[  114.407098][ T5116] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  114.437798][    C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies.
[  114.445654][ T5116] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  114.650377][ T5712] loop3: detected capacity change from 0 to 2048
[  114.664126][ T5712] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  114.677925][ T5712] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 160: 0xd2 != 0xd4
[  114.690572][ T5712] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  114.971560][ T5717] loop4: detected capacity change from 0 to 2048
[  115.983491][ T5721] netlink: 'syz-executor.3': attribute type 4 has an invalid length.
[  116.943628][ T5725] loop2: detected capacity change from 0 to 32768
[  117.159957][ T5761] loop4: detected capacity change from 0 to 128
[  117.194700][ T5761] VFS: Found a Xenix FS (block size = 512) on device loop4
[  117.230600][ T5761] sysv_count_free_blocks: free block count was -2041545935, correcting to 3
[  117.278958][ T5725] bcachefs (loop2): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,nojournal_transaction_names
[  117.370201][ T5725] bcachefs (loop2): recovering from clean shutdown, journal seq 8
[  117.396435][ T5725] bcachefs (loop2): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.9: disk_accounting_v2
[  117.396435][ T5725]   running recovery passes: check_allocations
[  117.431590][ T5761] sysv_count_free_inodes: unable to read inode table
[  117.483759][ T5725] bcachefs (loop2): accounting_read... done
[  117.495178][ T5725] bcachefs (loop2): alloc_read... done
[  117.502612][ T5725] bcachefs (loop2): stripes_read... done
[  117.515357][ T5725] bcachefs (loop2): snapshots_read... done
[  117.522990][ T5725] bcachefs (loop2): check_allocations...
[  117.526704][ T5725] btree ptr not marked in member info btree allocated bitmap
[  117.526720][ T5725]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 56308231fb2a3a03 written 24 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, shutting down
[  117.582353][ T5725] bcachefs (loop2): inconsistency detected - emergency read only at journal seq 8
[  117.614396][ T5725] bcachefs (loop2): bch2_gc_mark_key(): error fsck_errors_not_fixed
[  117.639772][ T5725] bcachefs (loop2): bch2_gc_btree(): error fsck_errors_not_fixed
[  117.672232][ T5725] bcachefs (loop2): bch2_gc_btrees(): error fsck_errors_not_fixed
[  117.704097][ T5725] bcachefs (loop2): bch2_check_allocations(): error fsck_errors_not_fixed
[  117.758604][ T5725] bcachefs (loop2): bch2_fs_recovery(): error fsck_errors_not_fixed
[  117.800089][ T5725] bcachefs (loop2): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed
[  117.842594][ T5115] sysv_free_block: trying to free block not in datazone
[  117.858116][ T5725] bcachefs (loop2): shutting down
[  117.883431][ T5115] sysv_free_inode: inode 0,1,2 or nonexistent inode
[  117.931220][ T5725] bcachefs (loop2): shutdown complete
[  118.117459][ T5772] loop4: detected capacity change from 0 to 128
[  118.179982][ T5772] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[  118.424673][   T29] audit: type=1800 audit(1718254354.174:39): pid=5772 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.4" name="bus" dev="loop4" ino=1048595 res=0 errno=0
[  119.116786][   T63] FAT-fs (loop4): Invalid FSINFO signature: 0x41615252, 0x614101ff (sector = 1)
[  119.536277][ T5786] Zero length message leads to an empty skb
[  119.834581][ T5794] loop1: detected capacity change from 0 to 1024
[  119.843662][ T5794] ext4: Unknown parameter 'euid<00000000000000000000'
[  120.048536][ T5801] netlink: 830 bytes leftover after parsing attributes in process `syz-executor.1'.
[  120.264084][ T5801] loop1: detected capacity change from 0 to 512
[  120.349141][ T5801] EXT4-fs: Invalid want_extra_isize 5
[  123.369933][ T5122] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  123.380279][ T5122] Bluetooth: hci2: Injecting HCI hardware error event
[  123.574730][ T5122] Bluetooth: hci2: hardware error 0x00
[  125.040013][ T5848] kvm: emulating exchange as write
[  125.316328][ T5854] netlink: 'syz-executor.3': attribute type 29 has an invalid length.
[  125.908477][ T5122] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  125.944949][   T29] audit: type=1326 audit(1718254361.694:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5870 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f7a27cea9 code=0x7ffc0000
[  126.008309][   T29] audit: type=1326 audit(1718254361.724:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5870 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=227 compat=0 ip=0x7f5f7a27cea9 code=0x7ffc0000
[  126.063684][   T29] audit: type=1326 audit(1718254361.724:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5870 comm="syz-executor.2" exe="/root/syz-executor.2" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f7a27cea9 code=0x7ffc0000
[  126.680491][ T5854] netlink: 'syz-executor.3': attribute type 29 has an invalid length.
[  127.459595][ T5907] netlink: 'syz-executor.0': attribute type 29 has an invalid length.
[  127.488902][ T5907] netlink: 'syz-executor.0': attribute type 29 has an invalid length.
[  127.525606][ T5910] netlink: 'syz-executor.0': attribute type 29 has an invalid length.
[  127.568200][ T5907] netlink: 'syz-executor.0': attribute type 29 has an invalid length.
[  127.630422][ T5907] netlink: 'syz-executor.0': attribute type 29 has an invalid length.
[  127.851412][ T5914] loop2: detected capacity change from 0 to 2048
[  127.914433][ T5914] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[  128.009789][ T5917] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  128.029502][ T5914] syz-executor.2: attempt to access beyond end of device
[  128.029502][ T5914] loop2: rw=524288, sector=33554430, nr_sectors = 2 limit=2048
[  129.178805][ T5926] tipc: Started in network mode
[  129.183750][ T5926] tipc: Node identity aaaaaaaaaa32, cluster identity 4711
[  129.241883][ T5926] tipc: Enabled bearer <eth:vlan0>, priority 10
[  129.312633][ T5931] loop1: detected capacity change from 0 to 22
[  129.396795][ T5935] syz-executor.2[5935] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  129.396963][ T5935] syz-executor.2[5935] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  130.396009][ T5166] tipc: Node number set to 10005162
[  130.432579][ T5931] romfs: Unknown parameter '•·‹ìÛ34ôï°ñ�ãbЯ)ës[°‹�S6ô·~Xö:"²ëæÉËGdæìmå
ôº*'
[  131.110463][ T5953] loop4: detected capacity change from 0 to 2048
[  131.130314][ T5947] loop2: detected capacity change from 0 to 4096
[  131.138028][ T5953] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024)
[  131.196024][ T5954] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  131.196376][ T5953] syz-executor.4: attempt to access beyond end of device
[  131.196376][ T5953] loop4: rw=524288, sector=33554430, nr_sectors = 2 limit=2048
[  131.223619][ T5166] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  131.421610][ T5166] usb 1-1: Using ep0 maxpacket: 32
[  131.453019][ T5166] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  131.478714][ T5166] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  131.508617][ T5166] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  131.527954][ T5166] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  131.561032][ T5166] usb 1-1: config 0 descriptor??
[  131.591545][ T5166] hub 1-1:0.0: bad descriptor, ignoring hub
[  131.618053][ T5166] hub 1-1:0.0: probe with driver hub failed with error -5
[  131.636223][ T5166] usbhid 1-1:0.0: couldn't find an input interrupt endpoint
[  131.948299][ T5166] usb 1-1: USB disconnect, device number 4
[  133.204117][ T1248] ieee802154 phy0 wpan0: encryption failed: -22
[  133.212102][ T1248] ieee802154 phy1 wpan1: encryption failed: -22
[  133.451618][ T5968] loop2: detected capacity change from 0 to 32768
[  133.504879][ T5968] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (5968)
[  133.566879][ T5968] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  133.581319][ T5968] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  133.606443][ T5968] BTRFS info (device loop2): using free-space-tree
[  133.831430][ T5991] loop1: detected capacity change from 0 to 2048
[  133.871961][ T5991] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[  133.981512][ T6000] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  133.982370][ T5991] syz-executor.1: attempt to access beyond end of device
[  133.982370][ T5991] loop1: rw=524288, sector=33554430, nr_sectors = 2 limit=2048
[  134.002499][   T29] audit: type=1800 audit(1718254369.734:43): pid=5999 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="file2" dev="loop2" ino=261 res=0 errno=0
[  134.257285][ T5968] BTRFS info (device loop2): setting incompat feature flag for SIMPLE_QUOTA (0x10000)
[  134.449289][   T29] audit: type=1800 audit(1718254370.204:44): pid=5968 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.2" name="bus" dev="loop2" ino=263 res=0 errno=0
[  134.710400][ T5126] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  135.696107][ T6035] loop3: detected capacity change from 0 to 2048
[  135.722377][ T6035] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[  135.786407][ T6039] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  135.797392][ T6035] syz-executor.3: attempt to access beyond end of device
[  135.797392][ T6035] loop3: rw=524288, sector=33554430, nr_sectors = 2 limit=2048
[  136.099712][ T6041] bond_slave_0: entered promiscuous mode
[  136.106151][ T6041] bond_slave_1: entered promiscuous mode
[  136.312983][ T6040] bond_slave_0: left promiscuous mode
[  136.318960][ T6040] bond_slave_1: left promiscuous mode
[  136.493912][ T6030] loop1: detected capacity change from 0 to 40427
[  136.563750][ T6030] F2FS-fs (loop1): invalid crc value
[  136.622784][ T6030] F2FS-fs (loop1): Found nat_bits in checkpoint
[  136.739569][ T6067] netlink: 'syz-executor.4': attribute type 9 has an invalid length.
[  136.792359][ T6067] netlink: 'syz-executor.4': attribute type 7 has an invalid length.
[  136.832308][ T6030] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  136.844285][ T6067] netlink: 'syz-executor.4': attribute type 8 has an invalid length.
[  137.088789][ T6067] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
[  137.884005][ T5116] syz-executor.1: attempt to access beyond end of device
[  137.884005][ T5116] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  137.941407][ T5116] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  138.665048][   T29] audit: type=1326 audit(1718254374.414:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6090 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f04a9e7cea9 code=0x0
[  138.800816][    T8] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  139.032151][    T8] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  139.054447][    T8] usb 3-1: New USB device found, idVendor=0582, idProduct=0000, bcdDevice= 0.00
[  139.076650][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  139.142538][    T8] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -22
[  139.418472][ T6107] loop2: detected capacity change from 0 to 512
[  139.459018][ T6107] EXT4-fs warning (device loop2): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  139.502804][ T6107] EXT4-fs warning (device loop2): dx_probe:880: Enable large directory feature to access it
[  139.532555][ T6107] EXT4-fs warning (device loop2): dx_probe:965: inode #2: comm syz-executor.2: Corrupt directory, running e2fsck is recommended
[  139.593703][ T6107] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2
[  139.617496][ T6107] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2234: inode #15: comm syz-executor.2: corrupted in-inode xattr: invalid ea_ino
[  139.656228][ T6107] EXT4-fs error (device loop2): ext4_orphan_get:1399: comm syz-executor.2: couldn't read orphan inode 15 (err -117)
[  139.685965][ T6107] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  139.778289][    T8] usb 3-1: USB disconnect, device number 3
[  139.988121][ T6116] loop1: detected capacity change from 0 to 256
[  140.413116][ T5126] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  140.931786][ T6115] loop4: detected capacity change from 0 to 40427
[  140.977124][ T6115] F2FS-fs (loop4): invalid crc value
[  141.013173][ T6115] F2FS-fs (loop4): Found nat_bits in checkpoint
[  141.268022][ T6115] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  142.350810][ T5115] syz-executor.4: attempt to access beyond end of device
[  142.350810][ T5115] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  142.388256][ T5115] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  142.819337][ T6116] syz-executor.1: vmalloc error: size 268439552, failed to allocated page array size 524296, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1
[  142.878479][ T6116] CPU: 0 PID: 6116 Comm: syz-executor.1 Not tainted 6.10.0-rc3-next-20240611-syzkaller #0
[  142.888434][ T6116] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  142.898559][ T6116] Call Trace:
[  142.901880][ T6116]  <TASK>
[  142.904838][ T6116]  dump_stack_lvl+0x241/0x360
[  142.909575][ T6116]  ? __pfx_dump_stack_lvl+0x10/0x10
[  142.914821][ T6116]  ? __pfx__printk+0x10/0x10
[  142.919551][ T6116]  ? cpuset_print_current_mems_allowed+0x1f/0x350
[  142.926004][ T6116]  ? cpuset_print_current_mems_allowed+0x31e/0x350
[  142.932547][ T6116]  warn_alloc+0x278/0x410
[  142.936939][ T6116]  ? __pfx_warn_alloc+0x10/0x10
[  142.941839][ T6116]  ? xskq_create+0xb6/0x170
[  142.946389][ T6116]  ? __get_vm_area_node+0x23d/0x270
[  142.951727][ T6116]  __vmalloc_node_range_noprof+0x69f/0x1460
[  142.957701][ T6116]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  142.964095][ T6116]  ? __kasan_kmalloc+0x98/0xb0
[  142.968919][ T6116]  ? xskq_create+0x54/0x170
[  142.973491][ T6116]  vmalloc_user_noprof+0x74/0x80
[  142.978487][ T6116]  ? xskq_create+0xb6/0x170
[  142.983053][ T6116]  xskq_create+0xb6/0x170
[  142.987462][ T6116]  xsk_init_queue+0xa1/0x100
[  142.992128][ T6116]  xsk_setsockopt+0x598/0x950
[  142.996859][ T6116]  ? irqentry_exit+0x63/0x90
[  143.001508][ T6116]  ? __pfx_xsk_setsockopt+0x10/0x10
[  143.006847][ T6116]  ? __pfx_xsk_setsockopt+0x10/0x10
[  143.012106][ T6116]  ? __pfx_xsk_setsockopt+0x10/0x10
[  143.017376][ T6116]  ? __pfx_xsk_setsockopt+0x10/0x10
[  143.022620][ T6116]  do_sock_setsockopt+0x3af/0x720
[  143.028032][ T6116]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  143.033595][ T6116]  ? __fget_files+0x29/0x470
[  143.038203][ T6116]  ? __fget_files+0x3f6/0x470
[  143.042903][ T6116]  __sys_setsockopt+0x1ae/0x250
[  143.047774][ T6116]  __x64_sys_setsockopt+0xb5/0xd0
[  143.052849][ T6116]  do_syscall_64+0xf3/0x230
[  143.057372][ T6116]  ? clear_bhb_loop+0x35/0x90
[  143.062069][ T6116]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.068001][ T6116] RIP: 0033:0x7fa38dc7cea9
[  143.072545][ T6116] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  143.092171][ T6116] RSP: 002b:00007fa38ea420c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  143.100600][ T6116] RAX: ffffffffffffffda RBX: 00007fa38ddb4050 RCX: 00007fa38dc7cea9
[  143.108607][ T6116] RDX: 0000000000000002 RSI: 000000000000011b RDI: 000000000000000a
[  143.116587][ T6116] RBP: 00007fa38dcebff4 R08: 0000000000000004 R09: 0000000000000000
[  143.124566][ T6116] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000000
[  143.132566][ T6116] R13: 000000000000006e R14: 00007fa38ddb4050 R15: 00007ffc142b2868
[  143.140581][ T6116]  </TASK>
[  143.465879][ T6116] Mem-Info:
[  143.506584][ T6116] active_anon:34642 inactive_anon:0 isolated_anon:0
[  143.506584][ T6116]  active_file:0 inactive_file:46447 isolated_file:0
[  143.506584][ T6116]  unevictable:768 dirty:20 writeback:0
[  143.506584][ T6116]  slab_reclaimable:9698 slab_unreclaimable:94006
[  143.506584][ T6116]  mapped:246179 shmem:11425 pagetables:690
[  143.506584][ T6116]  sec_pagetables:0 bounce:0
[  143.506584][ T6116]  kernel_misc_reclaimable:0
[  143.506584][ T6116]  free:1360296 free_pcp:2512 free_cma:0
[  143.628871][ T6116] Node 0 active_anon:133468kB inactive_anon:0kB active_file:0kB inactive_file:185724kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:984716kB dirty:76kB writeback:0kB shmem:39064kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10152kB pagetables:2760kB sec_pagetables:0kB all_unreclaimable? no
[  143.716502][ T6116] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:64kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  143.871652][ T6116] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  143.971103][ T6116] lowmem_reserve[]: 0 2571 2571 0 0
[  143.988903][ T6116] Node 0 DMA32 free:1512420kB boost:0kB min:35108kB low:43884kB high:52660kB reserved_highatomic:0KB active_anon:125132kB inactive_anon:0kB active_file:0kB inactive_file:185400kB unevictable:1536kB writepending:76kB present:3129332kB managed:2659888kB mlocked:0kB bounce:0kB free_pcp:2136kB local_pcp:1036kB free_cma:0kB
[  144.066532][ T6116] lowmem_reserve[]: 0 0 0 0 0
[  144.097543][ T6116] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:324kB unevictable:0kB writepending:0kB present:1048576kB managed:360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  144.198671][ T6116] lowmem_reserve[]: 0 0 0 0 0
[  144.217491][ T6116] Node 1 Normal free:3927820kB boost:0kB min:54788kB low:68484kB high:82180kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:64kB unevictable:1536kB writepending:4kB present:4194304kB managed:4109116kB mlocked:0kB bounce:0kB free_pcp:7748kB local_pcp:7128kB free_cma:0kB
[  144.361674][ T6116] lowmem_reserve[]: 0 0 0 0 0
[  144.380170][ T6116] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  144.441489][ T6116] Node 0 DMA32: 252*4kB (ME) 490*8kB (UME) 369*16kB (UME) 324*32kB (ME) 206*64kB (UME) 84*128kB (UME) 34*256kB (UM) 31*512kB (UME) 12*1024kB (UM) 8*2048kB (UM) 345*4096kB (UME) = 1511504kB
[  144.528949][ T6116] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  144.550283][ T6144] loop4: detected capacity change from 0 to 64
[  144.568947][ T6116] Node 1 Normal: 1*4kB (U) 1*8kB (M) 2*16kB (UM) 1*32kB (M) 1*64kB (U) 1*128kB (U) 2*256kB (UM) 2*512kB (UM) 0*1024kB 1*2048kB (U) 958*4096kB (M) = 3927820kB
[  144.831202][ T6116] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  144.868237][ T6116] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  145.697129][ T6144] hfs: bad catalog namelength
[  145.706472][ T6116] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  145.737481][ T6144] hfs: get root inode failed
[  145.744321][ T6116] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  145.808665][ T6116] 54543 total pagecache pages
[  145.818184][ T6116] 0 pages in swap cache
[  145.850411][ T6116] Free swap  = 124728kB
[  145.865213][ T6116] Total swap = 124996kB
[  145.880340][ T6116] 2097051 pages RAM
[  145.904187][ T6116] 0 pages HighMem/MovableOnly
[  145.925760][ T6116] 400870 pages reserved
[  145.936627][ T6116] 0 pages cma reserved
[  146.324610][   T29] audit: type=1804 audit(1718254382.074:46): pid=6169 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir2911369607/syzkaller.gHhzGs/60/file1" dev="sda1" ino=1959 res=1 errno=0
[  146.428809][ T5169] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  146.513863][ T6172] loop1: detected capacity change from 0 to 2048
[  146.554416][ T6175] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  146.641991][ T5169] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  146.654848][ T5169] usb 3-1: New USB device found, idVendor=0582, idProduct=0000, bcdDevice= 0.00
[  146.671622][ T5169] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  146.757057][   T29] audit: type=1800 audit(1718254382.504:47): pid=6177 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file0" dev="sda1" ino=1960 res=0 errno=0
[  146.785704][   T29] audit: type=1804 audit(1718254382.534:48): pid=6177 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.0" name="/root/syzkaller-testdir2911369607/syzkaller.gHhzGs/62/file0" dev="sda1" ino=1960 res=1 errno=0
[  146.813656][ T5169] snd-usb-audio 3-1:27.0: probe with driver snd-usb-audio failed with error -22
[  147.232187][ T6180] loop2: detected capacity change from 0 to 512
[  147.278485][ T6180] EXT4-fs warning (device loop2): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  148.060628][ T6180] EXT4-fs warning (device loop2): dx_probe:880: Enable large directory feature to access it
[  148.078151][ T6180] EXT4-fs warning (device loop2): dx_probe:965: inode #2: comm syz-executor.2: Corrupt directory, running e2fsck is recommended
[  148.150632][ T6180] EXT4-fs (loop2): Cannot turn on journaled quota: type 1: error -2
[  148.189688][ T6180] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2234: inode #15: comm syz-executor.2: corrupted in-inode xattr: invalid ea_ino
[  148.227804][ T6180] EXT4-fs error (device loop2): ext4_orphan_get:1399: comm syz-executor.2: couldn't read orphan inode 15 (err -117)
[  148.266420][ T6180] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  148.302818][ T5171] usb 3-1: USB disconnect, device number 4
[  148.407511][ T6168] loop4: detected capacity change from 0 to 40427
[  148.440777][ T6168] F2FS-fs (loop4): invalid crc value
[  148.485418][ T6168] F2FS-fs (loop4): Found nat_bits in checkpoint
[  148.671101][ T6168] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  149.729364][ T5115] syz-executor.4: attempt to access beyond end of device
[  149.729364][ T5115] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  149.770992][ T5126] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  149.788040][ T5115] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  150.066792][ T6213] loop3: detected capacity change from 0 to 64
[  150.137718][ T6213] hfs: bad catalog namelength
[  150.148249][ T6213] hfs: get root inode failed
[  150.903891][ T6233] loop4: detected capacity change from 0 to 256
[  151.385836][   T29] audit: type=1326 audit(1718254387.134:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6245 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5f7a27cea9 code=0x0
[  151.609141][ T5169] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  151.841408][ T5169] usb 2-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  151.895078][ T6261] loop3: detected capacity change from 0 to 1024
[  151.917799][ T5169] usb 2-1: New USB device found, idVendor=0582, idProduct=0000, bcdDevice= 0.00
[  151.980686][ T5169] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  151.991373][ T6261] hfsplus: failed to load root directory
[  152.104046][ T5169] snd-usb-audio 2-1:27.0: probe with driver snd-usb-audio failed with error -22
[  152.381574][ T6265] loop3: detected capacity change from 0 to 64
[  152.424116][ T6269] loop1: detected capacity change from 0 to 512
[  152.501834][ T6265] hfs: bad catalog namelength
[  152.532330][ T6265] hfs: get root inode failed
[  152.532440][ T6269] EXT4-fs warning (device loop1): dx_probe:877: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  152.709351][ T6269] EXT4-fs warning (device loop1): dx_probe:880: Enable large directory feature to access it
[  152.749451][ T6275] netlink: 209844 bytes leftover after parsing attributes in process `syz-executor.2'.
[  152.761758][ T6269] EXT4-fs warning (device loop1): dx_probe:965: inode #2: comm syz-executor.1: Corrupt directory, running e2fsck is recommended
[  152.820873][ T6269] EXT4-fs (loop1): Cannot turn on journaled quota: type 1: error -2
[  152.875900][ T6269] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2234: inode #15: comm syz-executor.1: corrupted in-inode xattr: invalid ea_ino
[  152.921955][ T6269] EXT4-fs error (device loop1): ext4_orphan_get:1399: comm syz-executor.1: couldn't read orphan inode 15 (err -117)
[  152.978879][ T6269] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  153.004768][   T29] audit: type=1326 audit(1718254388.744:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6277 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f891567cea9 code=0x7fc00000
[  153.011487][ T6280] netlink: 104 bytes leftover after parsing attributes in process `syz-executor.3'.
[  153.054529][ T5169] usb 2-1: USB disconnect, device number 3
[  153.112972][   T29] audit: type=1800 audit(1718254388.754:51): pid=6280 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file0" dev="sda1" ino=1966 res=0 errno=0
[  153.180615][   T29] audit: type=1326 audit(1718254388.764:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6277 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f891567cea9 code=0x7fc00000
[  153.229213][   T25] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  153.575894][   T25] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  153.594790][   T25] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  154.161212][   T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  154.169427][   T25] usb 3-1: SerialNumber: syz
[  154.487373][   T29] audit: type=1326 audit(1718254390.134:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6277 comm="syz-executor.3" exe="/root/syz-executor.3" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f891567cea9 code=0x7fc00000
[  154.697030][ T6233] syz-executor.4: vmalloc error: size 268439552, failed to allocated page array size 524296, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz4,mems_allowed=0-1
[  154.718447][ T5116] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  154.739883][ T6233] CPU: 0 PID: 6233 Comm: syz-executor.4 Not tainted 6.10.0-rc3-next-20240611-syzkaller #0
[  154.749832][ T6233] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  154.759922][ T6233] Call Trace:
[  154.763226][ T6233]  <TASK>
[  154.766172][ T6233]  dump_stack_lvl+0x241/0x360
[  154.770893][ T6233]  ? __pfx_dump_stack_lvl+0x10/0x10
[  154.776103][ T6233]  ? __pfx__printk+0x10/0x10
[  154.780725][ T6233]  ? cpuset_print_current_mems_allowed+0x1f/0x350
[  154.787162][ T6233]  ? cpuset_print_current_mems_allowed+0x31e/0x350
[  154.793862][ T6233]  warn_alloc+0x278/0x410
[  154.798229][ T6233]  ? __pfx_warn_alloc+0x10/0x10
[  154.803102][ T6233]  ? xskq_create+0xb6/0x170
[  154.807631][ T6233]  ? __get_vm_area_node+0x23d/0x270
[  154.812869][ T6233]  __vmalloc_node_range_noprof+0x69f/0x1460
[  154.818821][ T6233]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  154.825280][ T6233]  ? __kasan_kmalloc+0x98/0xb0
[  154.830059][ T6233]  ? xskq_create+0x54/0x170
[  154.834590][ T6233]  vmalloc_user_noprof+0x74/0x80
[  154.839556][ T6233]  ? xskq_create+0xb6/0x170
[  154.844081][ T6233]  xskq_create+0xb6/0x170
[  154.848448][ T6233]  xsk_init_queue+0xa1/0x100
[  154.853153][ T6233]  xsk_setsockopt+0x598/0x950
[  154.857882][ T6233]  ? __pfx_xsk_setsockopt+0x10/0x10
[  154.863209][ T6233]  ? __pfx_lock_acquire+0x10/0x10
[  154.868256][ T6233]  ? aa_sock_opt_perm+0x79/0x120
[  154.873218][ T6233]  ? bpf_lsm_socket_setsockopt+0x9/0x10
[  154.878781][ T6233]  ? security_socket_setsockopt+0x87/0xb0
[  154.884518][ T6233]  ? __pfx_xsk_setsockopt+0x10/0x10
[  154.889740][ T6233]  do_sock_setsockopt+0x3af/0x720
[  154.894788][ T6233]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  154.900353][ T6233]  ? __fget_files+0x29/0x470
[  154.904963][ T6233]  ? __fget_files+0x3f6/0x470
[  154.909665][ T6233]  __sys_setsockopt+0x1ae/0x250
[  154.914550][ T6233]  __x64_sys_setsockopt+0xb5/0xd0
[  154.919607][ T6233]  do_syscall_64+0xf3/0x230
[  154.924168][ T6233]  ? clear_bhb_loop+0x35/0x90
[  154.928883][ T6233]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  154.934803][ T6233] RIP: 0033:0x7f04a9e7cea9
[  154.939245][ T6233] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  154.958971][ T6233] RSP: 002b:00007f04aabfa0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  154.967412][ T6233] RAX: ffffffffffffffda RBX: 00007f04a9fb4050 RCX: 00007f04a9e7cea9
[  154.975490][ T6233] RDX: 0000000000000002 RSI: 000000000000011b RDI: 000000000000000a
[  154.983479][ T6233] RBP: 00007f04a9eebff4 R08: 0000000000000004 R09: 0000000000000000
[  154.991467][ T6233] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000000
[  154.999536][ T6233] R13: 000000000000006e R14: 00007f04a9fb4050 R15: 00007ffd15a29e88
[  155.007533][ T6233]  </TASK>
[  155.219035][   T25] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -71
[  155.237045][   T25] usb 3-1: USB disconnect, device number 5
[  155.254890][ T6233] Mem-Info:
[  155.825936][ T6233] active_anon:31370 inactive_anon:0 isolated_anon:0
[  155.825936][ T6233]  active_file:0 inactive_file:46470 isolated_file:0
[  155.825936][ T6233]  unevictable:768 dirty:39 writeback:0
[  155.825936][ T6233]  slab_reclaimable:9823 slab_unreclaimable:93732
[  155.825936][ T6233]  mapped:292701 shmem:8175 pagetables:683
[  155.825936][ T6233]  sec_pagetables:0 bounce:0
[  155.825936][ T6233]  kernel_misc_reclaimable:0
[  155.825936][ T6233]  free:1359226 free_pcp:6573 free_cma:0
[  155.875802][ T6233] Node 0 active_anon:125480kB inactive_anon:0kB active_file:0kB inactive_file:185816kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:1170804kB dirty:152kB writeback:0kB shmem:31164kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10192kB pagetables:2732kB sec_pagetables:0kB all_unreclaimable? no
[  155.915525][ T6233] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:64kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  156.155340][ T6233] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  157.016521][ T6233] lowmem_reserve[]: 0 2571 2571 0 0
[  157.131313][ T6233] Node 0 DMA32 free:1488724kB boost:0kB min:35108kB low:43884kB high:52660kB reserved_highatomic:0KB active_anon:124816kB inactive_anon:0kB active_file:0kB inactive_file:185488kB unevictable:1536kB writepending:168kB present:3129332kB managed:2659888kB mlocked:0kB bounce:0kB free_pcp:23980kB local_pcp:1860kB free_cma:0kB
[  157.217017][ T6305] loop1: detected capacity change from 0 to 64
[  157.221273][ T6233] lowmem_reserve[]: 0 0 0 0 0
[  157.237002][ T6233] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:324kB unevictable:0kB writepending:0kB present:1048576kB managed:360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  157.290534][ T6305] hfs: get root inode failed
[  157.296997][ T6233] lowmem_reserve[]: 0 0 0 0 0
[  157.316057][ T6233] Node 1 Normal free:3923484kB boost:0kB min:54788kB low:68484kB high:82180kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:64kB unevictable:1536kB writepending:4kB present:4194304kB managed:4109116kB mlocked:0kB bounce:0kB free_pcp:12028kB local_pcp:2944kB free_cma:0kB
[  157.362576][ T6233] lowmem_reserve[]: 0 0 0 0 0
[  157.367599][ T6233] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  157.392034][ T6233] Node 0 DMA32: 2*4kB (UE) 305*8kB (UME) 318*16kB (ME) 278*32kB (UME) 194*64kB (UME) 83*128kB (UME) 37*256kB (UM) 30*512kB (UME) 12*1024kB (UM) 5*2048kB (UM) 347*4096kB (UME) = 1508144kB
[  157.437949][ T6233] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  157.472785][   T29] audit: type=1326 audit(1718254393.214:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6302 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f891567cea9 code=0x0
[  157.476878][ T6233] Node 1 Normal: 0*4kB 2*8kB (UM) 2*16kB (UM) 1*32kB (M) 0*64kB 0*128kB 2*256kB (UM) 2*512kB (UM) 0*1024kB 1*2048kB (U) 957*4096kB (M) = 3923536kB
[  157.575278][ T6233] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  157.601124][ T6233] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  157.630107][ T6233] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  157.642446][ T6233] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  157.657729][ T6233] 54575 total pagecache pages
[  157.664042][ T6233] 0 pages in swap cache
[  157.668783][ T6233] Free swap  = 124728kB
[  157.677437][ T6233] Total swap = 124996kB
[  157.686358][ T6233] 2097051 pages RAM
[  157.694296][ T6233] 0 pages HighMem/MovableOnly
[  157.702177][ T6233] 400870 pages reserved
[  157.706450][ T6233] 0 pages cma reserved
[  158.512873][ T6301] loop2: detected capacity change from 0 to 32768
[  158.593982][ T6301] XFS (loop2): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  159.341745][ T6305] loop1: detected capacity change from 0 to 32768
[  159.390215][ T6301] XFS (loop2): Ending clean mount
[  159.461977][ T6301] XFS (loop2): Quotacheck needed: Please wait.
[  159.664327][ T6319] loop4: detected capacity change from 0 to 32768
[  159.666738][ T6301] XFS (loop2): Quotacheck: Done.
[  159.678644][ T6319] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (6319)
[  159.712913][ T6319] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  159.725723][ T6319] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  159.750387][ T6305] bcachefs (loop1): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=xxhash,compression=gzip,nojournal_transaction_names
[  159.756500][ T6319] BTRFS info (device loop4): using free-space-tree
[  159.775802][ T6305] bcachefs (loop1): recovering from clean shutdown, journal seq 10
[  159.789691][ T6305] bcachefs (loop1): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.9: disk_accounting_v2
[  159.789691][ T6305]   running recovery passes: check_allocations
[  159.839684][ T5126] XFS (loop2): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  159.855453][ T6305] bcachefs (loop1): accounting_read... done
[  159.863270][ T6305] bcachefs (loop1): alloc_read... done
[  159.869860][ T6305] bcachefs (loop1): stripes_read... done
[  159.877572][ T6305] bcachefs (loop1): snapshots_read... done
[  159.884568][ T6305] bcachefs (loop1): check_allocations...
[  159.887126][ T6305] btree ptr not marked in member info btree allocated bitmap
[  159.887146][ T6305]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 4fe84214937890c3 written 32 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, shutting down
[  159.921562][ T6305] bcachefs (loop1): inconsistency detected - emergency read only at journal seq 10
[  159.932373][ T6305] bcachefs (loop1): bch2_gc_mark_key(): error fsck_errors_not_fixed
[  159.943906][ T6305] bcachefs (loop1): bch2_gc_btree(): error fsck_errors_not_fixed
[  159.953278][ T6305] bcachefs (loop1): bch2_gc_btrees(): error fsck_errors_not_fixed
[  159.974469][ T6305] bcachefs (loop1): bch2_check_allocations(): error fsck_errors_not_fixed
[  160.003430][ T6305] bcachefs (loop1): bch2_fs_recovery(): error fsck_errors_not_fixed
[  160.019031][ T6305] bcachefs (loop1): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed
[  160.096898][ T6305] bcachefs (loop1): shutting down
[  160.171868][ T6305] bcachefs (loop1): shutdown complete
[  161.374713][ T6360] sched: RT throttling activated
[  162.013126][ T6368] netlink: 209844 bytes leftover after parsing attributes in process `syz-executor.2'.
[  162.074447][ T5115] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  162.363890][   T29] audit: type=1326 audit(1718254398.114:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6379 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fea5987cea9 code=0x0
[  162.588065][   T25] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  162.662801][ T6391] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  162.687788][ T6391] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  162.942447][ T6397] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 9 (only 8 groups)
[  163.007538][   T25] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  163.041846][   T25] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  163.059482][   T25] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  163.077261][   T25] usb 3-1: SerialNumber: syz
[  163.495028][    C1] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies.
[  163.562851][   T25] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -71
[  163.617027][   T25] usb 3-1: USB disconnect, device number 6
[  163.795563][ T6409] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.0'.
[  163.830720][   T29] audit: type=1326 audit(1718254399.584:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6408 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fea5987cea9 code=0x0
[  164.089680][ T6414] netlink: 'syz-executor.1': attribute type 29 has an invalid length.
[  164.111021][ T6414] netlink: 'syz-executor.1': attribute type 29 has an invalid length.
[  164.134943][ T6414] netlink: 'syz-executor.1': attribute type 29 has an invalid length.
[  164.163660][ T6414] netlink: 'syz-executor.1': attribute type 29 has an invalid length.
[  164.192469][ T6414] netlink: 'syz-executor.1': attribute type 29 has an invalid length.
[  164.229596][ T6414] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic
[  164.413327][   T29] audit: type=1326 audit(1718254400.164:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6417 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5f7a27cea9 code=0x0
[  164.451835][   T29] audit: type=1326 audit(1718254400.204:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6420 comm="syz-executor.1" exe="/root/syz-executor.1" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa38dc7cea9 code=0x0
[  164.856788][ T6430] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  164.885134][ T6430] kvm: pic: level sensitive irq not supported
[  164.885483][ T6430] kvm: pic: non byte read
[  164.904391][ T6430] kvm: pic: level sensitive irq not supported
[  164.904536][ T6430] kvm: pic: non byte read
[  164.918476][ T6430] kvm: pic: level sensitive irq not supported
[  164.918563][ T6430] kvm: pic: non byte read
[  165.366325][ T6441] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 9 (only 8 groups)
[  165.831793][ T6456] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.4'.
[  165.979565][   T29] audit: type=1326 audit(1718254401.734:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6452 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f04a9e7cea9 code=0x0
[  166.226738][ T6467] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.1'.
[  166.306849][ T6475] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  166.357363][ T6475] kvm: pic: level sensitive irq not supported
[  166.358124][ T6475] kvm: pic: non byte read
[  166.387734][ T6475] kvm: pic: level sensitive irq not supported
[  166.394874][ T6475] kvm: pic: non byte read
[  166.413967][ T6475] kvm: pic: level sensitive irq not supported
[  166.414364][ T6475] kvm: pic: non byte read
[  166.458798][ T5169] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  166.693746][ T5169] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  166.705882][ T5169] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  166.726244][ T5169] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  166.739524][ T5169] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  166.754317][ T5169] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  166.787261][ T5169] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  166.812769][ T5169] usb 3-1: Product: syz
[  166.817033][ T5169] usb 3-1: Manufacturer: syz
[  166.829866][ T5169] usb 3-1: SerialNumber: syz
[  167.325379][ T5169] cdc_ncm 3-1:1.0: bind() failure
[  167.371149][ T5169] cdc_ncm 3-1:1.1: probe with driver cdc_ncm failed with error -71
[  167.405928][ T5169] cdc_mbim 3-1:1.1: probe with driver cdc_mbim failed with error -71
[  167.431640][ T5169] usbtest 3-1:1.1: probe with driver usbtest failed with error -71
[  167.456173][ T5169] usb 3-1: USB disconnect, device number 7
[  167.922853][ T6502] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 9 (only 8 groups)
[  169.369172][   T29] audit: type=1800 audit(1718254404.024:60): pid=6504 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.0" name="file1" dev="sda1" ino=1945 res=0 errno=0
[  170.185572][ T6541] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 9 (only 8 groups)
[  170.267960][ T5173] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  170.479906][ T5173] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  170.498862][ T6534] loop3: detected capacity change from 0 to 32768
[  170.512914][ T5173] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  170.524306][ T5173] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  170.545737][ T5173] usb 1-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  170.561701][ T6534] Dev loop3 SGI disklabel: csum bad, label corrupted
[  170.574950][ T5173] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  170.597809][ T5173] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  170.606076][ T5173] usb 1-1: Product: syz
[  170.614795][ T5173] usb 1-1: Manufacturer: syz
[  170.621415][ T5173] usb 1-1: SerialNumber: syz
[  170.948214][ T5169] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  171.046345][ T5173] cdc_ncm 1-1:1.0: bind() failure
[  171.101746][ T5173] cdc_ncm 1-1:1.1: probe with driver cdc_ncm failed with error -71
[  171.130941][ T5173] cdc_mbim 1-1:1.1: probe with driver cdc_mbim failed with error -71
[  171.158120][ T5169] usb 2-1: Using ep0 maxpacket: 8
[  171.168425][ T5173] usbtest 1-1:1.1: probe with driver usbtest failed with error -71
[  171.201248][ T5169] usb 2-1: unable to get BOS descriptor or descriptor too short
[  171.215484][ T5173] usb 1-1: USB disconnect, device number 5
[  171.263261][ T5169] usb 2-1: config 0 has no interfaces?
[  171.298098][ T5169] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  171.335809][ T5169] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  171.368740][ T5169] usb 2-1: Product: syz
[  171.388787][ T5169] usb 2-1: Manufacturer: syz
[  171.409867][ T5169] usb 2-1: SerialNumber: syz
[  171.479180][ T5169] usb 2-1: config 0 descriptor??
[  171.806016][ T6572] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.4'.
[  172.282855][    T8] usb 2-1: USB disconnect, device number 4
[  172.856366][ T6596] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 9 (only 8 groups)
[  173.609463][ T6604] bond_slave_0: entered promiscuous mode
[  173.615288][ T6604] bond_slave_1: entered promiscuous mode
[  173.723274][ T6604] bond_slave_0: left promiscuous mode
[  173.751685][ T6607] netlink: 209844 bytes leftover after parsing attributes in process `syz-executor.3'.
[  173.770900][ T6604] bond_slave_1: left promiscuous mode
[  174.264580][   T25] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  174.278226][ T6613] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.1'.
[  174.309496][ T6604] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  174.349059][ T6604] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  174.379850][ T5173] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  174.406156][ T6604] bond0 (unregistering): Released all slaves
[  174.501702][   T25] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18
[  174.558820][   T25] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  174.577755][ T5173] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  174.590070][   T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  174.606002][ T5173] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  174.633859][   T25] usb 4-1: SerialNumber: syz
[  174.643974][ T5173] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid wMaxPacketSize 0
[  174.677214][ T5173] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 0
[  174.721314][ T5173] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  174.739425][ T5173] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  174.761791][ T5173] usb 5-1: Product: syz
[  174.778584][ T5173] usb 5-1: Manufacturer: syz
[  174.788720][ T5173] usb 5-1: SerialNumber: syz
[  174.850256][ T6627] loop1: detected capacity change from 0 to 256
[  175.326697][   T25] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -71
[  175.345060][   T25] usb 4-1: USB disconnect, device number 2
[  175.426000][ T6641] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 9 (only 8 groups)
[  175.833202][ T5173] cdc_ncm 5-1:1.0: bind() failure
[  175.847029][ T5173] cdc_ncm 5-1:1.1: probe with driver cdc_ncm failed with error -71
[  175.858524][ T5173] cdc_mbim 5-1:1.1: probe with driver cdc_mbim failed with error -71
[  175.874478][ T5173] usbtest 5-1:1.1: probe with driver usbtest failed with error -71
[  175.896137][ T5173] usb 5-1: USB disconnect, device number 3
[  176.308231][ T6644] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.0'.
[  176.649222][ T6661] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.4'.
[  177.062971][ T6677] loop3: detected capacity change from 0 to 512
[  177.108705][ T6677] EXT4-fs (loop3): blocks per group (71) and clusters per group (20800) inconsistent
[  177.518596][ T6687] netlink: 4 bytes leftover after parsing attributes in process `syz-executor.3'.
[  178.273747][ T6627] syz-executor.1: vmalloc error: size 268439552, failed to allocated page array size 524296, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz1,mems_allowed=0-1
[  178.320808][ T6627] CPU: 1 PID: 6627 Comm: syz-executor.1 Not tainted 6.10.0-rc3-next-20240611-syzkaller #0
[  178.330786][ T6627] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  178.340904][ T6627] Call Trace:
[  178.344230][ T6627]  <TASK>
[  178.347203][ T6627]  dump_stack_lvl+0x241/0x360
[  178.351940][ T6627]  ? __pfx_dump_stack_lvl+0x10/0x10
[  178.357201][ T6627]  ? __pfx__printk+0x10/0x10
[  178.361867][ T6627]  ? cpuset_print_current_mems_allowed+0x1f/0x350
[  178.368425][ T6627]  ? cpuset_print_current_mems_allowed+0x31e/0x350
[  178.374991][ T6627]  warn_alloc+0x278/0x410
[  178.379439][ T6627]  ? __pfx_warn_alloc+0x10/0x10
[  178.384456][ T6627]  ? xskq_create+0xb6/0x170
[  178.389020][ T6627]  ? __get_vm_area_node+0x23d/0x270
[  178.394282][ T6627]  __vmalloc_node_range_noprof+0x69f/0x1460
[  178.400273][ T6627]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  178.406665][ T6627]  ? __kasan_kmalloc+0x98/0xb0
[  178.411565][ T6627]  ? xskq_create+0x54/0x170
[  178.416136][ T6627]  vmalloc_user_noprof+0x74/0x80
[  178.421144][ T6627]  ? xskq_create+0xb6/0x170
[  178.426264][ T6627]  xskq_create+0xb6/0x170
[  178.430651][ T6627]  xsk_init_queue+0xa1/0x100
[  178.435297][ T6627]  xsk_setsockopt+0x598/0x950
[  178.440033][ T6627]  ? __pfx_xsk_setsockopt+0x10/0x10
[  178.445286][ T6627]  ? __pfx_lock_acquire+0x10/0x10
[  178.450447][ T6627]  ? aa_sock_opt_perm+0x79/0x120
[  178.455434][ T6627]  ? bpf_lsm_socket_setsockopt+0x9/0x10
[  178.461031][ T6627]  ? security_socket_setsockopt+0x87/0xb0
[  178.466816][ T6627]  ? __pfx_xsk_setsockopt+0x10/0x10
[  178.472073][ T6627]  do_sock_setsockopt+0x3af/0x720
[  178.477152][ T6627]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  178.482739][ T6627]  ? __fget_files+0x29/0x470
[  178.487377][ T6627]  ? __fget_files+0x3f6/0x470
[  178.492113][ T6627]  __sys_setsockopt+0x1ae/0x250
[  178.497019][ T6627]  __x64_sys_setsockopt+0xb5/0xd0
[  178.502095][ T6627]  do_syscall_64+0xf3/0x230
[  178.506645][ T6627]  ? clear_bhb_loop+0x35/0x90
[  178.511461][ T6627]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  178.517403][ T6627] RIP: 0033:0x7fa38dc7cea9
[  178.521871][ T6627] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  178.541538][ T6627] RSP: 002b:00007fa38ea420c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  178.550018][ T6627] RAX: ffffffffffffffda RBX: 00007fa38ddb4050 RCX: 00007fa38dc7cea9
[  178.558036][ T6627] RDX: 0000000000000002 RSI: 000000000000011b RDI: 000000000000000a
[  178.566047][ T6627] RBP: 00007fa38dcebff4 R08: 0000000000000004 R09: 0000000000000000
[  178.575197][ T6627] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000000
[  178.583226][ T6627] R13: 000000000000006e R14: 00007fa38ddb4050 R15: 00007ffc142b2868
[  178.591274][ T6627]  </TASK>
[  178.635786][   T29] audit: type=1326 audit(1718254414.384:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6689 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f891567cea9 code=0x0
[  178.658485][ T6627] Mem-Info:
[  178.661625][ T6627] active_anon:29860 inactive_anon:0 isolated_anon:0
[  178.661625][ T6627]  active_file:0 inactive_file:47291 isolated_file:0
[  178.661625][ T6627]  unevictable:7251 dirty:987 writeback:0
[  178.661625][ T6627]  slab_reclaimable:10283 slab_unreclaimable:94211
[  178.661625][ T6627]  mapped:370317 shmem:8108 pagetables:704
[  178.661625][ T6627]  sec_pagetables:0 bounce:0
[  178.661625][ T6627]  kernel_misc_reclaimable:0
[  178.661625][ T6627]  free:1353431 free_pcp:5135 free_cma:0
[  178.718055][ T6627] Node 0 active_anon:119440kB inactive_anon:0kB active_file:0kB inactive_file:189100kB unevictable:28468kB isolated(anon):0kB isolated(file):0kB mapped:1481268kB dirty:3948kB writeback:0kB shmem:30896kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10080kB pagetables:2816kB sec_pagetables:0kB all_unreclaimable? no
[  178.754303][ T6627] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:64kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  178.792156][ T6627] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  178.847672][ T6627] lowmem_reserve[]: 0 2571 2571 0 0
[  178.863909][ T6627] Node 0 DMA32 free:1476512kB boost:0kB min:35108kB low:43884kB high:52660kB reserved_highatomic:0KB active_anon:115404kB inactive_anon:0kB active_file:0kB inactive_file:186676kB unevictable:36268kB writepending:2148kB present:3129332kB managed:2659888kB mlocked:34732kB bounce:0kB free_pcp:4312kB local_pcp:3128kB free_cma:0kB
[  178.940395][ T6627] lowmem_reserve[]: 0 0 0 0 0
[  178.948604][ T6627] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:324kB unevictable:0kB writepending:0kB present:1048576kB managed:360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  179.007414][ T6627] lowmem_reserve[]: 0 0 0 0 0
[  179.025340][ T6698] netlink: 'syz-executor.2': attribute type 29 has an invalid length.
[  179.033958][ T6627] Node 1 Normal free:3918244kB boost:0kB min:54788kB low:68484kB high:82180kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:64kB unevictable:1536kB writepending:0kB present:4194304kB managed:4109116kB mlocked:0kB bounce:0kB free_pcp:17332kB local_pcp:6080kB free_cma:0kB
[  179.047785][ T6698] netlink: 'syz-executor.2': attribute type 29 has an invalid length.
[  179.072513][ T6627] lowmem_reserve[]: 0 0 0 0 0
[  179.102624][ T6627] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  179.117136][ T6699] netlink: 'syz-executor.2': attribute type 29 has an invalid length.
[  179.126764][ T6627] Node 0 DMA32: 1*4kB (E) 3*8kB (UE) 25*16kB (E) 43*32kB (UME) 19*64kB (UME) 41*128kB (UME) 42*256kB (UME) 30*512kB (UME) 16*1024kB (UME) 4*2048kB (UM) 345*4096kB (UME) = 1472076kB
[  179.165276][ T6627] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  179.178426][ T6698] netlink: 'syz-executor.2': attribute type 29 has an invalid length.
[  179.187526][ T6627] Node 1 Normal: 1*4kB (U) 2*8kB (UM) 1*16kB (M) 2*32kB (UM) 1*64kB (U) 0*128kB 1*256kB (M) 2*512kB (UM) 1*1024kB (U) 0*2048kB 956*4096kB (M) = 3918244kB
[  179.225593][ T6699] netlink: 'syz-executor.2': attribute type 29 has an invalid length.
[  179.256505][ T6627] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  179.286234][ T6627] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  179.328075][ T6627] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  179.346857][ T6627] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  179.382547][ T6627] 54589 total pagecache pages
[  179.397934][ T6627] 0 pages in swap cache
[  179.419986][ T6627] Free swap  = 124460kB
[  179.427161][ T6627] Total swap = 124996kB
[  179.433967][ T6706] loop2: detected capacity change from 0 to 2048
[  179.444951][ T6627] 2097051 pages RAM
[  179.455114][ T6627] 0 pages HighMem/MovableOnly
[  179.470276][ T6627] 400870 pages reserved
[  179.478011][ T6627] 0 pages cma reserved
[  179.490878][ T6706] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[  179.588281][   T29] audit: type=1800 audit(1718254415.334:62): pid=6710 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.3" name="file1" dev="sda1" ino=1967 res=0 errno=0
[  181.687725][ T6712] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  181.698965][ T6706] syz-executor.2: attempt to access beyond end of device
[  181.698965][ T6706] loop2: rw=524288, sector=33554430, nr_sectors = 2 limit=2048
[  183.094791][ T6749] loop4: detected capacity change from 0 to 2048
[  183.112053][ T6749] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024)
[  183.186840][ T6749] syz-executor.4: attempt to access beyond end of device
[  183.186840][ T6749] loop4: rw=524288, sector=33554430, nr_sectors = 2 limit=2048
[  183.208140][ T6752] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  183.700942][ T6758] syz-executor.3[6758] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  183.701110][ T6758] syz-executor.3[6758] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  184.129633][ T6762] syz-executor.4 (pid 6762) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[  185.915534][ T6799] input: syz1 as /devices/virtual/input/input6
[  186.149449][ T6805] loop2: detected capacity change from 0 to 2048
[  186.184238][ T6805] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[  186.220973][   T29] audit: type=1107 audit(1718254421.974:63): pid=6808 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg=''
[  186.251577][ T6812] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  186.252568][ T6805] syz-executor.2: attempt to access beyond end of device
[  186.252568][ T6805] loop2: rw=524288, sector=33554430, nr_sectors = 2 limit=2048
[  186.647414][ T6821] syz-executor.3 uses obsolete (PF_INET,SOCK_PACKET)
[  186.688973][ T6822] syzkaller0: refused to change device tx_queue_len
[  188.335089][ T6834] loop2: detected capacity change from 0 to 1024
[  188.402840][ T5120] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  188.411294][ T6834] hfsplus: failed to load root directory
[  188.420088][ T5120] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  188.448376][ T5120] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  188.457299][ T5120] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  188.465433][ T5120] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  188.473072][ T5120] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  188.517439][   T35] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  188.717238][ T6838] loop2: detected capacity change from 0 to 64
[  188.815767][ T6838] hfs: bad catalog namelength
[  188.835569][ T6838] hfs: get root inode failed
[  188.848313][   T35] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  189.151183][   T35] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  189.341469][ T6833] loop3: detected capacity change from 0 to 32768
[  189.390042][ T6833] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor.3 (6833)
[  189.421434][ T6833] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  189.436416][   T35] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  189.442753][ T6833] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  189.489982][ T6833] BTRFS info (device loop3): using free-space-tree
[  189.877534][ T6870] syzkaller0: refused to change device tx_queue_len
[  189.892696][   T35] bridge_slave_1: left allmulticast mode
[  189.902799][   T35] bridge_slave_1: left promiscuous mode
[  189.914489][   T35] bridge0: port 2(bridge_slave_1) entered disabled state
[  189.969041][   T35] bridge_slave_0: left allmulticast mode
[  189.974862][   T35] bridge_slave_0: left promiscuous mode
[  190.006901][   T35] bridge0: port 1(bridge_slave_0) entered disabled state
[  190.549524][ T5122] Bluetooth: hci0: command tx timeout
[  190.842699][ T5114] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  191.355179][    C1] sd 0:0:1:0: [sda] tag#7583 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s
[  191.365743][    C1] sd 0:0:1:0: [sda] tag#7583 CDB: Read(6) 08 00 00 00 00 00 00 00 00 00 00 00
[  191.423117][ T6880] capability: warning: `syz-executor.1' uses deprecated v2 capabilities in a way that may be insecure
[  191.464688][   T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  191.489145][   T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  191.518607][   T35] bond0 (unregistering): Released all slaves
[  192.009732][ T6893] loop3: detected capacity change from 0 to 164
[  192.070273][ T6893] rock: corrupted directory entry. extent=41, offset=65536, size=8
[  192.659984][ T5122] Bluetooth: hci0: command tx timeout
[  192.669545][   T29] audit: type=1326 audit(1718254428.364:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6894 comm="syz-executor.0" exe="/root/syz-executor.0" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fea5987cea9 code=0x0
[  194.718262][ T5124] Bluetooth: hci0: command tx timeout
[  194.731400][ T1248] ieee802154 phy0 wpan0: encryption failed: -22
[  194.738863][ T1248] ieee802154 phy1 wpan1: encryption failed: -22
[  194.868303][ T6835] chnl_net:caif_netlink_parms(): no params data found
[  194.993441][   T35] hsr_slave_0: left promiscuous mode
[  195.014977][ T6910] loop2: detected capacity change from 0 to 256
[  195.021570][   T35] hsr_slave_1: left promiscuous mode
[  195.078498][ T6914] loop3: detected capacity change from 0 to 512
[  195.144209][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  195.167330][   T35] batman_adv: batadv0: Removing interface: batadv_slave_0
[  195.183125][ T6914] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  195.196005][ T6914] ext4 filesystem being mounted at /root/syzkaller-testdir1428997993/syzkaller.7yheiA/131/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  195.259083][   T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  195.272082][   T35] batman_adv: batadv0: Removing interface: batadv_slave_1
[  195.379967][   T35] veth1_macvtap: left promiscuous mode
[  195.387204][   T35] veth0_macvtap: left promiscuous mode
[  195.396431][   T35] veth1_vlan: left promiscuous mode
[  195.406725][   T35] veth0_vlan: left promiscuous mode
[  195.924539][ T6910] syz-executor.2: vmalloc error: size 268439552, failed to allocated page array size 524296, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0-1
[  195.951857][ T6910] CPU: 1 PID: 6910 Comm: syz-executor.2 Not tainted 6.10.0-rc3-next-20240611-syzkaller #0
[  195.961913][ T6910] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  195.972100][ T6910] Call Trace:
[  195.975425][ T6910]  <TASK>
[  195.978395][ T6910]  dump_stack_lvl+0x241/0x360
[  195.983150][ T6910]  ? __pfx_dump_stack_lvl+0x10/0x10
[  195.988393][ T6910]  ? __pfx__printk+0x10/0x10
[  195.993048][ T6910]  ? cpuset_print_current_mems_allowed+0x1f/0x350
[  195.999510][ T6910]  ? cpuset_print_current_mems_allowed+0x31e/0x350
[  196.006064][ T6910]  warn_alloc+0x278/0x410
[  196.010460][ T6910]  ? __pfx_warn_alloc+0x10/0x10
[  196.015422][ T6910]  ? xskq_create+0xb6/0x170
[  196.019986][ T6910]  ? __get_vm_area_node+0x23d/0x270
[  196.025247][ T6910]  __vmalloc_node_range_noprof+0x69f/0x1460
[  196.031216][ T6910]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  196.037661][ T6910]  ? __kasan_kmalloc+0x98/0xb0
[  196.042441][ T6910]  ? xskq_create+0x54/0x170
[  196.046968][ T6910]  vmalloc_user_noprof+0x74/0x80
[  196.051929][ T6910]  ? xskq_create+0xb6/0x170
[  196.056460][ T6910]  xskq_create+0xb6/0x170
[  196.060837][ T6910]  xsk_init_queue+0xa1/0x100
[  196.065452][ T6910]  xsk_setsockopt+0x598/0x950
[  196.070157][ T6910]  ? __pfx_xsk_setsockopt+0x10/0x10
[  196.075391][ T6910]  ? __pfx_lock_acquire+0x10/0x10
[  196.080466][ T6910]  ? aa_sock_opt_perm+0x79/0x120
[  196.085429][ T6910]  ? bpf_lsm_socket_setsockopt+0x9/0x10
[  196.091011][ T6910]  ? security_socket_setsockopt+0x87/0xb0
[  196.096774][ T6910]  ? __pfx_xsk_setsockopt+0x10/0x10
[  196.102001][ T6910]  do_sock_setsockopt+0x3af/0x720
[  196.107049][ T6910]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  196.112606][ T6910]  ? __fget_files+0x29/0x470
[  196.117214][ T6910]  ? __fget_files+0x3f6/0x470
[  196.121921][ T6910]  __sys_setsockopt+0x1ae/0x250
[  196.126794][ T6910]  __x64_sys_setsockopt+0xb5/0xd0
[  196.131838][ T6910]  do_syscall_64+0xf3/0x230
[  196.136355][ T6910]  ? clear_bhb_loop+0x35/0x90
[  196.141067][ T6910]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  196.147068][ T6910] RIP: 0033:0x7f5f7a27cea9
[  196.151503][ T6910] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  196.171158][ T6910] RSP: 002b:00007f5f7af800c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  196.179595][ T6910] RAX: ffffffffffffffda RBX: 00007f5f7a3b3f80 RCX: 00007f5f7a27cea9
[  196.187580][ T6910] RDX: 0000000000000002 RSI: 000000000000011b RDI: 000000000000000a
[  196.195566][ T6910] RBP: 00007f5f7a2ebff4 R08: 0000000000000004 R09: 0000000000000000
[  196.203550][ T6910] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000000
[  196.211531][ T6910] R13: 000000000000000b R14: 00007f5f7a3b3f80 R15: 00007ffd0c13b538
[  196.219535][ T6910]  </TASK>
[  196.246473][ T6910] Mem-Info:
[  196.274443][ T6910] active_anon:33743 inactive_anon:0 isolated_anon:0
[  196.274443][ T6910]  active_file:0 inactive_file:46552 isolated_file:0
[  196.274443][ T6910]  unevictable:768 dirty:52 writeback:0
[  196.274443][ T6910]  slab_reclaimable:10189 slab_unreclaimable:92919
[  196.274443][ T6910]  mapped:421997 shmem:10657 pagetables:682
[  196.274443][ T6910]  sec_pagetables:0 bounce:0
[  196.274443][ T6910]  kernel_misc_reclaimable:0
[  196.274443][ T6910]  free:1355126 free_pcp:8080 free_cma:0
[  196.352317][ T6910] Node 0 active_anon:135072kB inactive_anon:0kB active_file:0kB inactive_file:186144kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:1688188kB dirty:204kB writeback:0kB shmem:41092kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10176kB pagetables:2728kB sec_pagetables:0kB all_unreclaimable? no
[  196.396669][ T6910] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:64kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:4kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  196.434070][ T6910] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  196.481393][ T6910] lowmem_reserve[]: 0 2571 2571 0 0
[  196.486881][ T6910] Node 0 DMA32 free:1484424kB boost:0kB min:35108kB low:43884kB high:52660kB reserved_highatomic:0KB active_anon:135336kB inactive_anon:0kB active_file:0kB inactive_file:185820kB unevictable:1536kB writepending:200kB present:3129332kB managed:2659888kB mlocked:0kB bounce:0kB free_pcp:1268kB local_pcp:692kB free_cma:0kB
[  196.531002][ T6910] lowmem_reserve[]: 0 0 0 0 0
[  196.538457][ T6910] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:324kB unevictable:0kB writepending:4kB present:1048576kB managed:360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  196.605119][ T6910] lowmem_reserve[]: 0 0 0 0 0
[  196.617928][ T6910] Node 1 Normal free:3920660kB boost:0kB min:54788kB low:68484kB high:82180kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:64kB unevictable:1536kB writepending:4kB present:4194304kB managed:4109116kB mlocked:0kB bounce:0kB free_pcp:31204kB local_pcp:4828kB free_cma:0kB
[  196.654355][ T6910] lowmem_reserve[]: 0 0 0 0 0
[  196.663287][ T6910] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  196.681637][ T6910] Node 0 DMA32: 129*4kB (UME) 426*8kB (UME) 272*16kB (UME) 297*32kB (UME) 162*64kB (UME) 53*128kB (UME) 14*256kB (UME) 26*512kB (UME) 12*1024kB (UME) 3*2048kB (UM) 345*4096kB (UME) = 1483380kB
[  196.721576][ T6910] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  196.770636][ T6910] Node 1 Normal: 1*4kB (U) 3*8kB (UM) 4*16kB (UM) 1*32kB (M) 2*64kB (U) 1*128kB (U) 4*256kB (UM) 3*512kB (UM) 0*1024kB 1*2048kB (U) 956*4096kB (M) = 3920764kB
[  196.788227][ T5125] Bluetooth: hci3: command 0x0406 tx timeout
[  196.794347][   T54] Bluetooth: hci1: command 0x0406 tx timeout
[  196.801074][ T5122] Bluetooth: hci4: command 0x0405 tx timeout
[  196.807245][ T5120] Bluetooth: hci0: command tx timeout
[  196.847657][ T6910] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  196.879761][ T6910] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  196.911458][ T6910] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  196.931227][ T6910] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  196.975952][ T6910] 57178 total pagecache pages
[  196.988001][ T6910] 0 pages in swap cache
[  196.996287][ T6910] Free swap  = 124460kB
[  197.000765][ T6910] Total swap = 124996kB
[  197.016238][ T6910] 2097051 pages RAM
[  197.020716][ T6910] 0 pages HighMem/MovableOnly
[  197.025515][ T6910] 400870 pages reserved
[  197.030989][ T6910] 0 pages cma reserved
[  197.481215][   T35] team0 (unregistering): Port device team_slave_1 removed
[  197.591614][   T35] team0 (unregistering): Port device team_slave_0 removed
[  198.375770][ T5114] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  199.722250][ T6835] bridge0: port 1(bridge_slave_0) entered blocking state
[  199.765522][ T6835] bridge0: port 1(bridge_slave_0) entered disabled state
[  199.848354][ T6835] bridge_slave_0: entered allmulticast mode
[  199.898401][ T6835] bridge_slave_0: entered promiscuous mode
[  199.927040][ T6835] bridge0: port 2(bridge_slave_1) entered blocking state
[  199.976579][ T6835] bridge0: port 2(bridge_slave_1) entered disabled state
[  200.023953][ T6835] bridge_slave_1: entered allmulticast mode
[  200.072159][ T6835] bridge_slave_1: entered promiscuous mode
[  200.375431][   T29] audit: type=1804 audit(1718254436.124:65): pid=6969 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.1" name="/root/syzkaller-testdir960660487/syzkaller.PS4zWb/94/file0" dev="sda1" ino=1962 res=1 errno=0
[  200.600648][ T6971] loop3: detected capacity change from 0 to 256
[  201.759220][ T6835] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  201.808994][ T6835] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  202.297194][ T6835] team0: Port device team_slave_0 added
[  202.409284][ T6835] team0: Port device team_slave_1 added
[  204.109850][ T6835] batman_adv: batadv0: Adding interface: batadv_slave_0
[  204.116863][ T6835] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  204.225761][ T6835] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  204.294369][ T6835] batman_adv: batadv0: Adding interface: batadv_slave_1
[  204.303179][ T6835] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  204.397371][ T6835] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  204.699107][ T6835] hsr_slave_0: entered promiscuous mode
[  204.740592][ T6835] hsr_slave_1: entered promiscuous mode
[  204.786611][ T6835] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  204.827203][ T6835] Cannot create hsr debugfs directory
[  205.151696][ T7004] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.2'.
[  205.163537][ T7014] loop3: detected capacity change from 0 to 2048
[  205.229234][ T7016] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  205.509460][ T7021] ip6t_REJECT: TCP_RESET illegal for non-tcp
[  205.820839][ T7020] loop1: detected capacity change from 0 to 1024
[  205.990465][ T7020] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=f04cc018, mo2=0002]
[  206.000600][ T7020] System zones: 0-1, 3-36
[  206.099706][ T7020] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  207.191545][ T6835] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  207.221757][ T6835] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  207.356329][ T6835] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  207.457986][ T6835] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  207.695686][ T5116] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  207.826268][ T7034] syzkaller0: refused to change device tx_queue_len
[  208.332195][ T7043] loop3: detected capacity change from 0 to 256
[  208.442867][ T6835] 8021q: adding VLAN 0 to HW filter on device bond0
[  208.611786][ T6835] 8021q: adding VLAN 0 to HW filter on device team0
[  208.776729][   T58] bridge0: port 1(bridge_slave_0) entered blocking state
[  208.784115][   T58] bridge0: port 1(bridge_slave_0) entered forwarding state
[  209.030997][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[  209.038224][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[  209.970210][ T6835] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  210.150251][ T7046] loop2: detected capacity change from 0 to 32768
[  210.168740][ T7046] XFS: ikeep mount option is deprecated.
[  210.174442][ T7046] XFS: ikeep mount option is deprecated.
[  210.196921][ T7053] loop1: detected capacity change from 0 to 2048
[  210.235273][ T7057] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  210.309619][ T7046] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  210.322359][ T7043] warn_alloc: 1 callbacks suppressed
[  210.322375][ T7043] syz-executor.3: vmalloc error: size 268439552, failed to allocated page array size 524296, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz3,mems_allowed=0-1
[  210.359154][ T7043] CPU: 1 PID: 7043 Comm: syz-executor.3 Not tainted 6.10.0-rc3-next-20240611-syzkaller #0
[  210.369089][ T7043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  210.379165][ T7043] Call Trace:
[  210.382476][ T7043]  <TASK>
[  210.385469][ T7043]  dump_stack_lvl+0x241/0x360
[  210.390191][ T7043]  ? __pfx_dump_stack_lvl+0x10/0x10
[  210.395429][ T7043]  ? __pfx__printk+0x10/0x10
[  210.400069][ T7043]  ? __rcu_read_unlock+0xa1/0x110
[  210.405114][ T7043]  warn_alloc+0x278/0x410
[  210.409456][ T7043]  ? __pfx_warn_alloc+0x10/0x10
[  210.414323][ T7043]  ? xskq_create+0xb6/0x170
[  210.418854][ T7043]  ? __get_vm_area_node+0x23d/0x270
[  210.424118][ T7043]  __vmalloc_node_range_noprof+0x69f/0x1460
[  210.430105][ T7043]  ? __pfx___vmalloc_node_range_noprof+0x10/0x10
[  210.436495][ T7043]  ? __kasan_kmalloc+0x98/0xb0
[  210.441304][ T7043]  ? xskq_create+0x54/0x170
[  210.445866][ T7043]  vmalloc_user_noprof+0x74/0x80
[  210.450855][ T7043]  ? xskq_create+0xb6/0x170
[  210.455414][ T7043]  xskq_create+0xb6/0x170
[  210.459801][ T7043]  xsk_init_queue+0xa1/0x100
[  210.464478][ T7043]  xsk_setsockopt+0x598/0x950
[  210.469174][ T7043]  ? __pfx_xsk_setsockopt+0x10/0x10
[  210.474401][ T7043]  ? __pfx_lock_acquire+0x10/0x10
[  210.479475][ T7043]  ? aa_sock_opt_perm+0x79/0x120
[  210.484459][ T7043]  ? bpf_lsm_socket_setsockopt+0x9/0x10
[  210.490061][ T7043]  ? security_socket_setsockopt+0x87/0xb0
[  210.495836][ T7043]  ? __pfx_xsk_setsockopt+0x10/0x10
[  210.501088][ T7043]  do_sock_setsockopt+0x3af/0x720
[  210.506166][ T7043]  ? __pfx_do_sock_setsockopt+0x10/0x10
[  210.511755][ T7043]  ? __fget_files+0x29/0x470
[  210.516391][ T7043]  ? __fget_files+0x3f6/0x470
[  210.521124][ T7043]  __sys_setsockopt+0x1ae/0x250
[  210.526029][ T7043]  __x64_sys_setsockopt+0xb5/0xd0
[  210.531202][ T7043]  do_syscall_64+0xf3/0x230
[  210.535752][ T7043]  ? clear_bhb_loop+0x35/0x90
[  210.540477][ T7043]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  210.546415][ T7043] RIP: 0033:0x7f891567cea9
[  210.550866][ T7043] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  210.554665][ T7046] XFS (loop2): Ending clean mount
[  210.570486][ T7043] RSP: 002b:00007f891637d0c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000036
[  210.570517][ T7043] RAX: ffffffffffffffda RBX: 00007f89157b4050 RCX: 00007f891567cea9
[  210.570535][ T7043] RDX: 0000000000000002 RSI: 000000000000011b RDI: 000000000000000a
[  210.570550][ T7043] RBP: 00007f89156ebff4 R08: 0000000000000004 R09: 0000000000000000
[  210.570566][ T7043] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000000
[  210.570581][ T7043] R13: 000000000000006e R14: 00007f89157b4050 R15: 00007fffa07f6188
[  210.570617][ T7043]  </TASK>
[  210.724832][ T7043] Mem-Info:
[  210.739923][ T7043] active_anon:39864 inactive_anon:0 isolated_anon:0
[  210.739923][ T7043]  active_file:0 inactive_file:46556 isolated_file:0
[  210.739923][ T7043]  unevictable:768 dirty:17 writeback:0
[  210.739923][ T7043]  slab_reclaimable:10345 slab_unreclaimable:92848
[  210.739923][ T7043]  mapped:462004 shmem:16889 pagetables:666
[  210.739923][ T7043]  sec_pagetables:0 bounce:0
[  210.739923][ T7043]  kernel_misc_reclaimable:0
[  210.739923][ T7043]  free:1349072 free_pcp:8834 free_cma:0
[  210.850690][ T7046] XFS (loop2): Quotacheck needed: Please wait.
[  210.870125][ T7043] Node 0 active_anon:159756kB inactive_anon:0kB active_file:0kB inactive_file:186160kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:1850416kB dirty:68kB writeback:0kB shmem:66020kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:10580kB pagetables:2664kB sec_pagetables:0kB all_unreclaimable? no
[  210.990016][ T7043] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:64kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:16kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no
[  211.048472][ T7043] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  211.092875][ T7072] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.0'.
[  211.121208][ T7046] XFS (loop2): Quotacheck: Done.
[  211.141195][ T7043] lowmem_reserve[]: 0 2571 2571 0 0
[  211.191741][ T7043] Node 0 DMA32 free:1462996kB boost:0kB min:35108kB low:43884kB high:52660kB reserved_highatomic:0KB active_anon:158320kB inactive_anon:0kB active_file:0kB inactive_file:185836kB unevictable:1536kB writepending:68kB present:3129332kB managed:2659888kB mlocked:0kB bounce:0kB free_pcp:2732kB local_pcp:616kB free_cma:0kB
[  211.228785][ T7043] lowmem_reserve[]: 0 0 0 0 0
[  211.233734][ T7043] Node 0 Normal free:0kB boost:0kB min:4kB low:4kB high:4kB reserved_highatomic:0KB active_anon:36kB inactive_anon:0kB active_file:0kB inactive_file:324kB unevictable:0kB writepending:0kB present:1048576kB managed:360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB
[  211.318867][ T7043] lowmem_reserve[]: 0 0 0 0 0
[  211.354911][ T6835] 8021q: adding VLAN 0 to HW filter on device batadv0
[  211.374709][ T7043] Node 1 Normal free:3922728kB boost:0kB min:54788kB low:68484kB high:82180kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:64kB unevictable:1536kB writepending:0kB present:4194304kB managed:4109116kB mlocked:0kB bounce:0kB free_pcp:29172kB local_pcp:25360kB free_cma:0kB
[  211.474038][ T5126] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  211.551948][ T7043] lowmem_reserve[]: 0 0 0 0 0
[  211.592067][ T7043] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB
[  211.692951][ T7043] Node 0 DMA32: 503*4kB (UME) 56*8kB (UME) 28*16kB (UME) 186*32kB (UME) 167*64kB (UME) 44*128kB (UME) 15*256kB (UM) 36*512kB (UME) 11*1024kB (UME) 3*2048kB (UM) 342*4096kB (UME) = 1465692kB
[  211.749027][ T7043] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB
[  211.794822][ T7043] Node 1 Normal: 1*4kB (U) 3*8kB (UM) 2*16kB (UM) 1*32kB (M) 2*64kB (U) 1*128kB (U) 4*256kB (UM) 3*512kB (UM) 2*1024kB (U) 1*2048kB (U) 956*4096kB (M) = 3922780kB
[  211.855802][ T7043] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  211.878654][ T7043] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  211.902529][ T7043] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB
[  212.040295][ T7043] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB
[  212.068773][ T7043] 60112 total pagecache pages
[  212.075626][ T7043] 0 pages in swap cache
[  212.083684][ T7043] Free swap  = 124460kB
[  212.098041][ T7043] Total swap = 124996kB
[  212.121209][ T7043] 2097051 pages RAM
[  212.125046][ T7043] 0 pages HighMem/MovableOnly
[  212.153766][ T7043] 400870 pages reserved
[  212.202039][ T7043] 0 pages cma reserved
[  213.285926][ T6835] veth0_vlan: entered promiscuous mode
[  213.421630][ T7091] syzkaller0: refused to change device tx_queue_len
[  213.490031][ T6835] veth1_vlan: entered promiscuous mode
[  213.740307][ T6835] veth0_macvtap: entered promiscuous mode
[  213.771520][ T6835] veth1_macvtap: entered promiscuous mode
[  213.922309][ T6835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  213.946661][ T6835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  213.963885][ T6835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  213.998823][ T6835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  214.021258][ T6835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  214.032072][ T6835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  214.042224][ T6835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  214.052980][ T6835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  214.065956][ T6835] batman_adv: batadv0: Interface activated: batadv_slave_0
[  214.138102][ T6835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  214.184597][ T6835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  214.273454][ T6835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  214.292346][ T6835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  214.336783][ T6835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  214.370657][ T6835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  214.408029][ T6835] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  214.431393][ T6835] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  214.469410][ T6835] batman_adv: batadv0: Interface activated: batadv_slave_1
[  214.526995][ T6835] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  214.572474][ T6835] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  214.583065][ T6835] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  214.592257][ T6835] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  214.976334][ T7126] syzkaller0: entered allmulticast mode
[  215.163053][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  215.194670][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  215.538098][   T11] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  215.557948][   T11] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  215.774408][ T7139] netlink: 48 bytes leftover after parsing attributes in process `syz-executor.1'.
[  218.083186][ T7163] loop3: detected capacity change from 0 to 1024
[  218.128243][ T7163] EXT4-fs: Ignoring removed nomblk_io_submit option
[  218.188489][ T7163] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  218.242947][ T7168] syz-executor.0[7168] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  218.243071][ T7168] syz-executor.0[7168] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  218.309930][ T7168] syz-executor.0[7168] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  218.323334][ T7168] syz-executor.0[7168] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  219.493829][ T7173] syz-executor.3 (7173): drop_caches: 2
[  219.666091][ T5114] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  220.087997][   T29] audit: type=1800 audit(1718254455.834:66): pid=7179 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="file0" dev="sda1" ino=1950 res=0 errno=0
[  220.175640][ T7183] Cannot find add_set index 0 as target
[  220.223967][   T29] audit: type=1326 audit(1718254455.974:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7180 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f52f067cea9 code=0x0
[  220.609225][ T7160] loop2: detected capacity change from 0 to 32768
[  220.626620][ T7160] XFS: ikeep mount option is deprecated.
[  220.636248][ T7160] XFS: ikeep mount option is deprecated.
[  220.731392][ T7160] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  220.791494][ T7208] loop1: detected capacity change from 0 to 64
[  220.925829][ T7160] XFS (loop2): Ending clean mount
[  220.955240][ T7160] XFS (loop2): Quotacheck needed: Please wait.
[  221.055586][ T7160] XFS (loop2): Quotacheck: Done.
[  221.139176][ T5126] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  221.257371][ T7212] overlayfs: failed to resolve './file1': -2
[  221.361226][ T7212] loop4: detected capacity change from 0 to 256
[  221.408733][ T7190] loop3: detected capacity change from 0 to 32768
[  221.441594][ T7190] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor.3 (7190)
[  221.540677][ T7190] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  221.581320][ T7190] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  221.600962][ T7190] BTRFS info (device loop3): using free-space-tree
[  222.721011][ T5114] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  223.360697][ T7240] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 9 (only 8 groups)
[  223.681173][ T7243] loop3: detected capacity change from 0 to 4096
[  224.190870][ T7238] loop4: detected capacity change from 0 to 32768
[  224.250388][ T7238] btrfs: Deprecated parameter 'usebackuproot'
[  224.256780][ T7238] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  224.300298][ T7238] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (7238)
[  224.396969][ T7238] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  224.417743][   T11] kworker/u8:0: attempt to access beyond end of device
[  224.417743][   T11] loop1: rw=1, sector=65, nr_sectors = 1 limit=64
[  224.438169][ T7238] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  224.458624][   T11] Buffer I/O error on dev loop1, logical block 65, lost async page write
[  224.468910][   T11] kworker/u8:0: attempt to access beyond end of device
[  224.468910][   T11] loop1: rw=1, sector=66, nr_sectors = 1 limit=64
[  224.505073][   T11] Buffer I/O error on dev loop1, logical block 66, lost async page write
[  224.539673][   T11] kworker/u8:0: attempt to access beyond end of device
[  224.539673][   T11] loop1: rw=1, sector=67, nr_sectors = 1 limit=64
[  224.569583][   T29] audit: type=1326 audit(1718254460.324:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7253 comm="syz-executor.3" exe="/root/syz-executor.3" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f891567cea9 code=0x0
[  224.609825][   T11] Buffer I/O error on dev loop1, logical block 67, lost async page write
[  224.625538][   T11] kworker/u8:0: attempt to access beyond end of device
[  224.625538][   T11] loop1: rw=1, sector=68, nr_sectors = 1 limit=64
[  224.658102][   T11] Buffer I/O error on dev loop1, logical block 68, lost async page write
[  224.675263][ T7238] BTRFS info (device loop4): rebuilding free space tree
[  224.682477][   T11] kworker/u8:0: attempt to access beyond end of device
[  224.682477][   T11] loop1: rw=1, sector=72, nr_sectors = 1 limit=64
[  224.682554][   T11] Buffer I/O error on dev loop1, logical block 72, lost async page write
[  224.742692][ T7245] loop2: detected capacity change from 0 to 32768
[  224.755256][ T7245] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (7245)
[  224.780497][ T7245] BTRFS info (device loop2): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  224.791620][ T7245] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm
[  224.796618][   T11] kworker/u8:0: attempt to access beyond end of device
[  224.796618][   T11] loop1: rw=1, sector=73, nr_sectors = 1 limit=64
[  224.804629][ T7245] BTRFS info (device loop2): using free-space-tree
[  224.822173][   T11] Buffer I/O error on dev loop1, logical block 73, lost async page write
[  224.835248][ T7238] BTRFS info (device loop4): disabling free space tree
[  224.842632][   T11] kworker/u8:0: attempt to access beyond end of device
[  224.842632][   T11] loop1: rw=1, sector=76, nr_sectors = 1 limit=64
[  224.859672][ T7238] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  224.881504][   T11] Buffer I/O error on dev loop1, logical block 76, lost async page write
[  224.888054][ T7238] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  224.892758][   T11] kworker/u8:0: attempt to access beyond end of device
[  224.892758][   T11] loop1: rw=1, sector=77, nr_sectors = 1 limit=64
[  224.915024][   T11] Buffer I/O error on dev loop1, logical block 77, lost async page write
[  224.924411][   T11] kworker/u8:0: attempt to access beyond end of device
[  224.924411][   T11] loop1: rw=1, sector=78, nr_sectors = 89 limit=64
[  225.059028][ T7238] loop4: detected capacity change from 32768 to 0
[  225.200661][ T5126] BTRFS info (device loop2): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  225.292066][ T7290] netlink: 830 bytes leftover after parsing attributes in process `syz-executor.0'.
[  225.321159][ T7238] syz-executor.4: attempt to access beyond end of device
[  225.321159][ T7238] loop4: rw=6145, sector=10512, nr_sectors = 8 limit=0
[  225.363477][ T7238] BTRFS error (device loop4 state AL): Transaction aborted (error -5)
[  225.378942][ T7238] BTRFS: error (device loop4 state AL) in free_log_tree:3248: errno=-5 IO failure
[  225.433883][ T7238] BTRFS info (device loop4 state EAL): forced readonly
[  225.484337][ T7238] BTRFS: error (device loop4 state EAL) in free_log_tree:3248: errno=-5 IO failure
[  225.592554][ T7238] BTRFS warning (device loop4 state EAL): Skipping commit of aborted transaction.
[  225.617931][ T7238] BTRFS: error (device loop4 state EAL) in cleanup_transaction:2018: errno=-5 IO failure
[  225.774592][ T6835] BTRFS info (device loop4 state EAL): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  226.225726][ T7292] loop1: detected capacity change from 0 to 32768
[  226.275173][ T7292] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (7292)
[  226.349111][ T7292] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  226.367103][ T7292] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  226.383285][ T7292] BTRFS info (device loop1): using free-space-tree
[  226.413381][    T9] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  226.652143][ T7312] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 9 (only 8 groups)
[  226.808673][    T9] usb 3-1: Using ep0 maxpacket: 32
[  226.820157][    T9] usb 3-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7
[  226.847785][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  226.870262][    T9] usb 3-1: config 0 descriptor??
[  226.904637][ T7330] loop3: detected capacity change from 0 to 128
[  226.915413][    T9] gspca_main: sq930x-2.14.0 probing 041e:403c
[  227.149469][ T7338] Cannot find set identified by id 0 to match
[  227.714028][    T9] gspca_sq930x: ucbus_write failed -71
[  227.824392][    T9] sq930x 3-1:0.0: probe with driver sq930x failed with error -71
[  227.837491][    T9] usb 3-1: USB disconnect, device number 8
[  227.864964][ T7350] loop3: detected capacity change from 0 to 512
[  227.873956][ T7350] EXT4-fs: Ignoring removed oldalloc option
[  227.905852][ T5116] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  227.974719][ T7350] EXT4-fs error (device loop3): ext4_xattr_inode_iget:436: comm syz-executor.3: Parent and EA inode have the same ino 15
[  228.049509][ T7350] EXT4-fs warning (device loop3): ext4_expand_extra_isize_ea:2856: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  228.094621][ T7350] EXT4-fs error (device loop3): ext4_xattr_inode_iget:436: comm syz-executor.3: Parent and EA inode have the same ino 15
[  228.192202][ T7350] EXT4-fs (loop3): 1 orphan inode deleted
[  228.211244][ T7350] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  228.384024][ T5114] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  229.049301][    T9] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  229.100828][ T7394] loop3: detected capacity change from 0 to 764
[  229.248934][    T9] usb 2-1: Using ep0 maxpacket: 32
[  229.271557][    T9] usb 2-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7
[  229.307940][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  229.321604][    T9] usb 2-1: config 0 descriptor??
[  229.340341][    T9] gspca_main: sq930x-2.14.0 probing 041e:403c
[  229.438540][ T7379] loop2: detected capacity change from 0 to 32768
[  229.460287][ T7379] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (7379)
[  229.507529][ T7379] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  229.529832][ T7379] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  229.544871][ T7379] BTRFS info (device loop2): using free-space-tree
[  229.919163][    T9] gspca_sq930x: ucbus_write failed -71
[  229.925369][    T9] sq930x 2-1:0.0: probe with driver sq930x failed with error -71
[  229.937303][    T9] usb 2-1: USB disconnect, device number 5
[  230.688978][ T7434] loop4: detected capacity change from 0 to 64
[  230.722242][ T5126] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  230.960350][ T7443] loop1: detected capacity change from 0 to 764
[  231.075965][    C0] TCP: request_sock_TCP: Possible SYN flooding on port [::]:2. Sending cookies.
[  231.577992][   T58] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  231.973103][   T58] usb 5-1: device not accepting address 4, error -71
[  232.805310][ T7465] loop1: detected capacity change from 0 to 32768
[  232.848129][ T7465] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz-executor.1 (7465)
[  232.917800][ T7465] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  232.942177][ T7465] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  232.960464][ T7465] BTRFS info (device loop1): using free-space-tree
[  233.225804][ T7511] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.4'.
[  233.927219][ T7525] 9pnet: Could not find request transport: 0xffffffffffffffff
[  234.044369][ T7531] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 9 (only 8 groups)
[  234.301303][ T7521] infiniband syz2: set active
[  234.307742][ T7521] infiniband syz2: added team_slave_1
[  234.422588][ T7521] RDS/IB: syz2: added
[  234.435152][ T7521] smc: adding ib device syz2 with port count 1
[  234.441710][ T7521] smc:    ib device syz2 port 1 has pnetid 
[  234.669644][ T5116] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  235.162993][   T29] audit: type=1326 audit(1718254470.904:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7544 comm="syz-executor.2" exe="/root/syz-executor.2" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f5f7a27cea9 code=0x0
[  235.570214][ T7566] syz-executor.0[7566] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  235.570376][ T7566] syz-executor.0[7566] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  236.499404][ T7576] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 9 (only 8 groups)
[  236.642328][ T7581] netlink: 209844 bytes leftover after parsing attributes in process `syz-executor.3'.
[  237.305414][   T29] audit: type=1326 audit(1718254473.054:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7592 comm="syz-executor.4" exe="/root/syz-executor.4" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f52f067cea9 code=0x0
[  237.804273][ T7622] rdma_rxe: rxe_newlink: failed to add team_slave_1
[  238.301188][ T7639] loop1: detected capacity change from 0 to 64
[  238.429922][ T7639] Bluetooth: MGMT ver 1.23
[  238.436556][ T7639] Bluetooth: hci3: unsupported parameter 65535
[  238.444090][ T7648] EXT4-fs warning (device sda1): verify_group_input:137: Cannot add at group 9 (only 8 groups)
[  238.477415][ T7639] Bluetooth: hci3: invalid length 0, exp 2 for type 0
[  238.590343][ T7654] syz2: rxe_newlink: already configured on team_slave_1
[  239.071437][ T7660] kvm: kvm [7656]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x24600000000
[  239.108659][   T29] audit: type=1804 audit(1718254474.854:71): pid=7675 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz-executor.3" name="/root/syzkaller-testdir1428997993/syzkaller.7yheiA/190/file0" dev="sda1" ino=1966 res=1 errno=0
[  239.139746][ T7660] kvm: kvm [7656]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc2) = 0x28000000000
[  239.179381][ T7660] kvm: kvm [7656]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x3c700000800
[  239.215570][ T7660] kvm: kvm [7656]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x187) = 0x4d500000800
[  239.236871][ T7660] kvm: kvm [7656]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x186) = 0x4f000000000
[  239.294967][ T7660] kvm: kvm [7656]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0x11e) = 0x55600000000
[  241.849796][ T7702] loop3: detected capacity change from 0 to 512
[  242.147777][ T7702] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  242.161665][ T7702] ext4 filesystem being mounted at /root/syzkaller-testdir1428997993/syzkaller.7yheiA/192/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  242.191826][ T7697] Bluetooth: hci3: unsupported parameter 65535
[  242.215846][ T7697] Bluetooth: hci3: invalid length 0, exp 2 for type 0
[  242.747097][ T5114] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  244.654216][ T7726] loop2: detected capacity change from 0 to 32768
[  244.678336][ T5166] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  244.688033][ T7726] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (7726)
[  244.718286][ T7745] loop1: detected capacity change from 0 to 64
[  244.730624][ T7728] loop3: detected capacity change from 0 to 32768
[  244.737798][ T7726] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  244.761785][ T7726] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  244.771536][ T7728] BTRFS: device fsid d552757d-9c39-40e3-95f0-16d819589928 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz-executor.3 (7728)
[  244.784951][ T7726] BTRFS info (device loop2): using free-space-tree
[  244.794340][ T7745] Bluetooth: hci3: invalid length 0, exp 2 for type 17
[  244.814976][ T7728] BTRFS info (device loop3): first mount of filesystem d552757d-9c39-40e3-95f0-16d819589928
[  244.847692][ T7728] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  244.889789][ T7728] BTRFS info (device loop3): using free-space-tree
[  245.495537][ T7742] overlayfs: failed to resolve './file0': -2
[  245.830436][ T5126] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  246.208719][   T29] audit: type=1804 audit(1718254481.954:72): pid=7783 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir1428997993/syzkaller.7yheiA/193/file0/bus" dev="loop3" ino=263 res=1 errno=0
[  246.343348][   T29] audit: type=1804 audit(1718254482.084:73): pid=7787 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz-executor.3" name="/root/syzkaller-testdir1428997993/syzkaller.7yheiA/193/file0/bus" dev="loop3" ino=263 res=1 errno=0
[  246.490606][ T5166] libceph: connect (1)[c::]:6789 error -13
[  246.565835][ T5166] libceph: mon0 (1)[c::]:6789 connect error
[  246.812811][ T7785] ceph: No mds server is up or the cluster is laggy
[  246.822722][ T7794] loop4: detected capacity change from 0 to 1024
[  246.860887][ T7794] hfsplus: failed to load root directory
[  246.911958][    T9] libceph: connect (1)[c::]:6789 error -13
[  246.985560][ T7800] loop2: detected capacity change from 0 to 512
[  247.266072][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  247.310139][ T7800] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  247.322782][ T7800] ext4 filesystem being mounted at /root/syzkaller-testdir957534596/syzkaller.oqTe7H/169/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  247.659460][ T7806] loop4: detected capacity change from 0 to 64
[  247.753647][ T7806] hfs: bad catalog namelength
[  247.760453][ T5126] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  247.787640][ T7806] hfs: get root inode failed
[  248.349063][    T9] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  248.554246][    T9] usb 5-1: unable to get BOS descriptor or descriptor too short
[  248.575209][ T5114] BTRFS info (device loop3): last unmount of filesystem d552757d-9c39-40e3-95f0-16d819589928
[  248.576386][    T9] usb 5-1: config 0 has no interfaces?
[  248.609123][    T9] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  248.625955][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  248.638025][    T9] usb 5-1: Product: syz
[  248.648574][    T9] usb 5-1: Manufacturer: syz
[  248.653229][    T9] usb 5-1: SerialNumber: syz
[  248.677020][    T9] usb 5-1: config 0 descriptor??
[  248.725038][ T7798] loop1: detected capacity change from 0 to 32768
[  248.837436][ T7798] bcachefs (loop1): mounting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=xxhash,compression=zstd,nojournal_transaction_names
[  248.856522][ T7798] bcachefs (loop1): recovering from clean shutdown, journal seq 10
[  248.864846][ T7798] bcachefs (loop1): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.9: disk_accounting_v2
[  248.864846][ T7798]   running recovery passes: check_allocations
[  249.020723][ T7798] bcachefs (loop1): accounting_read... done
[  249.049023][ T7798] bcachefs (loop1): alloc_read... done
[  249.054625][ T7798] bcachefs (loop1): stripes_read... done
[  249.095028][ T7798] bcachefs (loop1): snapshots_read... done
[  249.117968][ T7798] bcachefs (loop1): check_allocations...
[  249.136044][ T7798] btree ptr not marked in member info btree allocated bitmap
[  249.136070][ T7798]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 4fe84214937890c3 written 32 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, shutting down
[  249.218327][ T7798] bcachefs (loop1): inconsistency detected - emergency read only at journal seq 10
[  249.264781][ T7798] bcachefs (loop1): bch2_gc_mark_key(): error fsck_errors_not_fixed
[  249.290401][ T7798] bcachefs (loop1): bch2_gc_btree(): error fsck_errors_not_fixed
[  249.310046][ T7798] bcachefs (loop1): bch2_gc_btrees(): error fsck_errors_not_fixed
[  249.335600][ T7798] bcachefs (loop1): bch2_check_allocations(): error fsck_errors_not_fixed
[  249.352680][ T7798] bcachefs (loop1): bch2_fs_recovery(): error fsck_errors_not_fixed
[  249.373937][ T7798] bcachefs (loop1): bch2_fs_start(): error starting filesystem fsck_errors_not_fixed
[  249.382744][ T7826] loop3: detected capacity change from 0 to 64
[  249.403997][ T7798] bcachefs (loop1): shutting down
[  249.447722][ T7798] bcachefs (loop1): shutdown complete
[  249.459046][ T7826] Bluetooth: hci3: invalid length 0, exp 2 for type 17
[  250.272284][ T7830] loop2: detected capacity change from 0 to 32768
[  250.286477][ T7830] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz-executor.2 (7830)
[  250.337436][ T7830] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  250.375133][ T7830] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  250.405161][ T7830] BTRFS info (device loop2): using free-space-tree
[  250.519266][ T7828] overlayfs: failed to resolve './file0': -2
[  251.814052][ T5170] usb 5-1: USB disconnect, device number 7
[  251.986299][ T7869] loop4: detected capacity change from 0 to 764
[  252.007949][ T5126] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  252.274999][ T7872] loop4: detected capacity change from 0 to 64
[  252.344037][ T7872] Bluetooth: hci3: invalid length 0, exp 2 for type 17
[  252.612379][ T4873] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  252.699226][ T7884] loop4: detected capacity change from 0 to 128
[  252.838677][   T29] audit: type=1800 audit(1718254488.574:74): pid=7891 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz-executor.1" name="bus" dev="sda1" ino=1966 res=0 errno=0
[  252.881560][ T4873] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  252.904199][ T4873] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  252.928039][ T4873] usb 1-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00
[  252.952546][ T4873] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  252.991525][ T4873] usb 1-1: config 0 descriptor??
[  253.080924][ T7896] loop2: detected capacity change from 0 to 1024
[  253.101695][ T7896] hfsplus: failed to load root directory
[  253.441787][ T4873] logitech-hidpp-device 0003:046D:C086.0002: item fetching failed at offset 2/5
[  253.485745][ T7901] loop2: detected capacity change from 0 to 64
[  253.507732][ T4873] logitech-hidpp-device 0003:046D:C086.0002: hidpp_probe:parse failed
[  253.549887][ T4873] logitech-hidpp-device 0003:046D:C086.0002: probe with driver logitech-hidpp-device failed with error -22
[  253.585979][ T7901] hfs: bad catalog namelength
[  253.592087][ T7901] hfs: get root inode failed
[  253.628444][ T4873] usb 1-1: USB disconnect, device number 6
[  254.072761][ T7897] loop4: detected capacity change from 0 to 32768
[  254.092921][ T7897] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz-executor.4 (7897)
[  254.129901][ T7897] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  254.150480][ T7897] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  254.174116][ T7897] BTRFS info (device loop4): using free-space-tree
[  359.577800][    C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
[  359.577824][    C1] rcu: 	Tasks blocked on level-0 rcu_node (CPUs 0-1): P1104/1:b..l P7910/1:b..l
[  359.577880][    C1] rcu: 	(detected by 1, t=10502 jiffies, g=29489, q=317 ncpus=2)
[  359.577910][    C1] task:syz-executor.3  state:R  running task     stack:23808 pid:7910  tgid:7909  ppid:5114   flags:0x00004006
[  359.577964][    C1] Call Trace:
[  359.577976][    C1]  <TASK>
[  359.577990][    C1]  __schedule+0x17e8/0x4a20
[  359.578042][    C1]  ? __pfx_validate_chain+0x10/0x10
[  359.578084][    C1]  ? __pfx___schedule+0x10/0x10
[  359.578118][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  359.578158][    C1]  ? preempt_schedule_irq+0xf0/0x1c0
[  359.578192][    C1]  preempt_schedule_irq+0xfb/0x1c0
[  359.578221][    C1]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  359.578267][    C1]  irqentry_exit+0x5e/0x90
[  359.578301][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  359.578333][    C1] RIP: 0010:kasan_check_range+0x8c/0x290
[  359.578360][    C1] Code: 3c 31 4c 89 fd 4c 29 dd 48 83 fd 10 7f 29 48 85 ed 0f 84 3e 01 00 00 4c 89 cd 48 f7 d5 48 01 dd 41 80 3b 00 0f 85 c9 01 00 00 <49> ff c3 48 ff c5 75 ee e9 1e 01 00 00 45 89 dc 41 83 e4 07 0f 84
[  359.578382][    C1] RSP: 0018:ffffc9000f51f370 EFLAGS: 00000246
[  359.578402][    C1] RAX: 0000000000000001 RBX: 1ffffffff1f5c095 RCX: ffffffff816f63d0
[  359.578419][    C1] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8fae04a8
[  359.578434][    C1] RBP: ffffffffffffffff R08: ffffffff8fae04af R09: 1ffffffff1f5c095
[  359.578452][    C1] R10: dffffc0000000000 R11: fffffbfff1f5c095 R12: 1ffff92001ea3e80
[  359.578469][    C1] R13: ffffffff820220a9 R14: dffffc0000000001 R15: fffffbfff1f5c096
[  359.578488][    C1]  ? percpu_ref_put+0x19/0x180
[  359.578524][    C1]  ? lock_release+0xb0/0x9f0
[  359.578558][    C1]  ? percpu_ref_put+0x19/0x180
[  359.578587][    C1]  lock_release+0xb0/0x9f0
[  359.578618][    C1]  ? __pfx_lock_acquire+0x10/0x10
[  359.578650][    C1]  ? __pfx_lock_release+0x10/0x10
[  359.578685][    C1]  ? percpu_ref_get_many+0x19/0x140
[  359.578720][    C1]  ? percpu_ref_put+0x19/0x180
[  359.578748][    C1]  percpu_ref_put+0xfa/0x180
[  359.578779][    C1]  __mem_cgroup_uncharge+0xa1/0x100
[  359.578807][    C1]  ? __pfx___mem_cgroup_uncharge+0x10/0x10
[  359.578838][    C1]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  359.578880][    C1]  __folio_put+0x1ff/0x440
[  359.578922][    C1]  ? __pfx___folio_put+0x10/0x10
[  359.578956][    C1]  ? page_ext_get+0x20/0x2a0
[  359.578993][    C1]  migrate_pages_batch+0x2cd3/0x3930
[  359.579059][    C1]  ? __pfx_migrate_pages_batch+0x10/0x10
[  359.579089][    C1]  ? __pfx_remove_migration_pte+0x10/0x10
[  359.579117][    C1]  ? walk_pgd_range+0x1793/0x1810
[  359.579165][    C1]  migrate_pages+0x1f59/0x3460
[  359.579221][    C1]  ? __pfx_alloc_migration_target_by_mpol+0x10/0x10
[  359.579260][    C1]  ? __pfx_migrate_pages+0x10/0x10
[  359.579288][    C1]  ? __pfx_lock_release+0x10/0x10
[  359.579328][    C1]  ? mas_next_slot+0xeab/0xf90
[  359.579375][    C1]  ? __pfx_up_write+0x10/0x10
[  359.579420][    C1]  __se_sys_mbind+0x1490/0x19f0
[  359.579467][    C1]  ? __pfx___se_sys_mbind+0x10/0x10
[  359.579501][    C1]  ? __rseq_handle_notify_resume+0x353/0x14e0
[  359.579551][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  359.579583][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  359.579613][    C1]  ? do_syscall_64+0x100/0x230
[  359.579638][    C1]  ? __x64_sys_mbind+0x21/0xf0
[  359.579666][    C1]  do_syscall_64+0xf3/0x230
[  359.579689][    C1]  ? clear_bhb_loop+0x35/0x90
[  359.579718][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  359.579742][    C1] RIP: 0033:0x7f891567cea9
[  359.579761][    C1] RSP: 002b:00007f891639e0c8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ed
[  359.579784][    C1] RAX: ffffffffffffffda RBX: 00007f89157b3f80 RCX: 00007f891567cea9
[  359.579802][    C1] RDX: 0000000000000000 RSI: 0000000000800000 RDI: 0000000020001000
[  359.579817][    C1] RBP: 00007f89156ebff4 R08: 0000000000000000 R09: 0000000000000003
[  359.579831][    C1] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  359.579846][    C1] R13: 000000000000000b R14: 00007f89157b3f80 R15: 00007fffa07f6188
[  359.579882][    C1]  </TASK>
[  359.978704][    C1] task:kworker/u8:6    state:R  running task     stack:20472 pid:1104  tgid:1104  ppid:2      flags:0x00004000
[  359.978759][    C1] Workqueue: bat_events batadv_nc_worker
[  359.978797][    C1] Call Trace:
[  359.978806][    C1]  <TASK>
[  359.978823][    C1]  __schedule+0x17e8/0x4a20
[  359.978858][    C1]  ? mark_lock+0x9a/0x360
[  359.978896][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  359.978928][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  359.978962][    C1]  ? __pfx___schedule+0x10/0x10
[  359.978995][    C1]  ? lockdep_hardirqs_on_prepare+0x43d/0x780
[  359.979036][    C1]  ? preempt_schedule_irq+0xf0/0x1c0
[  359.979069][    C1]  preempt_schedule_irq+0xfb/0x1c0
[  359.979100][    C1]  ? __pfx_preempt_schedule_irq+0x10/0x10
[  359.979147][    C1]  irqentry_exit+0x5e/0x90
[  359.979181][    C1]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  359.979215][    C1] RIP: 0010:lock_acquire+0x264/0x550
[  359.979243][    C1] Code: 2b 00 74 08 4c 89 f7 e8 1a 18 8a 00 f6 44 24 61 02 0f 85 85 01 00 00 41 f7 c7 00 02 00 00 74 01 fb 48 c7 44 24 40 0e 36 e0 45 <4b> c7 44 25 00 00 00 00 00 43 c7 44 25 09 00 00 00 00 43 c7 44 25
[  359.979264][    C1] RSP: 0018:ffffc90004547980 EFLAGS: 00000206
[  359.979282][    C1] RAX: 0000000000000001 RBX: 1ffff920008a8f3c RCX: c392d642ac448200
[  359.979301][    C1] RDX: dffffc0000000000 RSI: ffffffff8bcad320 RDI: ffffffff8c200760
[  359.979318][    C1] RBP: ffffc90004547ad0 R08: ffffffff92fcb747 R09: 1ffffffff25f96e8
[  359.979335][    C1] R10: dffffc0000000000 R11: fffffbfff25f96e9 R12: 1ffff920008a8f38
[  359.979352][    C1] R13: dffffc0000000000 R14: ffffc900045479e0 R15: 0000000000000246
[  359.979398][    C1]  ? __pfx_lock_acquire+0x10/0x10
[  359.979427][    C1]  ? batadv_nc_process_nc_paths+0xb5/0x3a0
[  359.979461][    C1]  ? __local_bh_enable_ip+0x168/0x200
[  359.979487][    C1]  ? __pfx_lock_release+0x10/0x10
[  359.979513][    C1]  ? batadv_nc_purge_paths+0x30f/0x3b0
[  359.979553][    C1]  ? batadv_nc_purge_paths+0xe8/0x3b0
[  359.979589][    C1]  ? __pfx_batadv_nc_to_purge_nc_path_decoding+0x10/0x10
[  359.979635][    C1]  ? __pfx_batadv_nc_sniffed_purge+0x10/0x10
[  359.979670][    C1]  batadv_nc_process_nc_paths+0xd6/0x3a0
[  359.979703][    C1]  ? batadv_nc_process_nc_paths+0xb5/0x3a0
[  359.979741][    C1]  ? batadv_nc_process_nc_paths+0xb5/0x3a0
[  359.979779][    C1]  batadv_nc_worker+0x52c/0x610
[  359.979820][    C1]  ? process_scheduled_works+0x945/0x1830
[  359.979846][    C1]  process_scheduled_works+0xa2c/0x1830
[  359.979906][    C1]  ? __pfx_process_scheduled_works+0x10/0x10
[  359.979944][    C1]  ? assign_work+0x364/0x3d0
[  359.979977][    C1]  worker_thread+0x86d/0xd50
[  359.980016][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  359.980049][    C1]  ? __kthread_parkme+0x169/0x1d0
[  359.980081][    C1]  ? __pfx_worker_thread+0x10/0x10
[  359.980109][    C1]  kthread+0x2f0/0x390
[  359.980139][    C1]  ? __pfx_worker_thread+0x10/0x10
[  359.980166][    C1]  ? __pfx_kthread+0x10/0x10
[  359.980204][    C1]  ret_from_fork+0x4b/0x80
[  359.980235][    C1]  ? __pfx_kthread+0x10/0x10
[  359.980265][    C1]  ret_from_fork_asm+0x1a/0x30
[  359.980316][    C1]  </TASK>
[  360.274767][    C1] rcu: rcu_preempt kthread starved for 10569 jiffies! g29489 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1
[  360.274802][    C1] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  360.274813][    C1] rcu: RCU grace-period kthread stack dump:
[  360.274821][    C1] task:rcu_preempt     state:R  running task     stack:25136 pid:17    tgid:17    ppid:2      flags:0x00004000
[  360.274870][    C1] Call Trace:
[  360.274886][    C1]  <TASK>
[  360.274903][    C1]  __schedule+0x17e8/0x4a20
[  360.274954][    C1]  ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10
[  360.274992][    C1]  ? __pfx___schedule+0x10/0x10
[  360.275026][    C1]  ? schedule+0x144/0x320
[  360.275062][    C1]  ? schedule+0x144/0x320
[  360.275088][    C1]  ? in_lock_functions+0x4/0x30
[  360.275112][    C1]  ? schedule+0x90/0x320
[  360.275138][    C1]  schedule+0x14b/0x320
[  360.275169][    C1]  schedule_timeout+0x1be/0x310
[  360.275194][    C1]  ? __pfx_schedule_timeout+0x10/0x10
[  360.275221][    C1]  ? __pfx_process_timeout+0x10/0x10
[  360.275260][    C1]  ? prepare_to_swait_event+0x32e/0x350
[  360.275295][    C1]  rcu_gp_fqs_loop+0x2df/0x1330
[  360.275324][    C1]  ? lockdep_hardirqs_on+0x99/0x150
[  360.275372][    C1]  ? __pfx_dyntick_save_progress_counter+0x10/0x10
[  360.275403][    C1]  ? __pfx_rcu_gp_fqs_loop+0x10/0x10
[  360.275431][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  360.275466][    C1]  ? finish_swait+0xd4/0x1e0
[  360.275495][    C1]  rcu_gp_kthread+0xa7/0x3b0
[  360.275527][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  360.275555][    C1]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  360.275587][    C1]  ? __kthread_parkme+0x169/0x1d0
[  360.275619][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  360.275648][    C1]  kthread+0x2f0/0x390
[  360.275678][    C1]  ? __pfx_rcu_gp_kthread+0x10/0x10
[  360.275705][    C1]  ? __pfx_kthread+0x10/0x10
[  360.275737][    C1]  ret_from_fork+0x4b/0x80
[  360.275767][    C1]  ? __pfx_kthread+0x10/0x10
[  360.275797][    C1]  ret_from_fork_asm+0x1a/0x30
[  360.275847][    C1]  </TASK>
[  360.275855][    C1] rcu: Stack dump where RCU GP kthread last ran:
[  360.275883][    C1] CPU: 1 PID: 7897 Comm: syz-executor.4 Not tainted 6.10.0-rc3-next-20240611-syzkaller #0
[  360.275908][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  360.275921][    C1] RIP: 0010:_raw_spin_unlock_irq+0x29/0x50
[  360.275950][    C1] Code: 90 f3 0f 1e fa 53 48 89 fb 48 83 c7 18 48 8b 74 24 08 e8 0a dc d9 f5 48 89 df e8 42 1f db f5 e8 fd 2e 05 f6 fb bf 01 00 00 00 <e8> 22 eb cc f5 65 8b 05 d3 4e 6e 74 85 c0 74 06 5b c3 cc cc cc cc
[  360.275970][    C1] RSP: 0018:ffffc9001002fd50 EFLAGS: 00000282
[  360.275990][    C1] RAX: 1388d3e5c4b1a300 RBX: ffff88802aa91bc0 RCX: ffffffff947c3803
[  360.276007][    C1] RDX: dffffc0000000000 RSI: ffffffff8bcac1a0 RDI: 0000000000000001
[  360.276023][    C1] RBP: ffffc9001002fe30 R08: ffffffff8fae04af R09: 1ffffffff1f5c095
[  360.276041][    C1] R10: dffffc0000000000 R11: fffffbfff1f5c096 R12: 1ffff110054a2c64
[  360.276058][    C1] R13: ffff88802a516318 R14: 0000000000000000 R15: ffff88802a515a00
[  360.276074][    C1] FS:  00007f52f13656c0(0000) GS:ffff8880b9500000(0000) knlGS:0000000000000000
[  360.276094][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  360.276110][    C1] CR2: 00007f52f07b00c0 CR3: 000000005cbd2000 CR4: 00000000003506f0
[  360.276130][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  360.276144][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  360.276158][    C1] Call Trace:
[  360.276166][    C1]  <IRQ>
[  360.276175][    C1]  ? rcu_check_gp_kthread_starvation+0x278/0x310
[  360.276212][    C1]  ? print_other_cpu_stall+0x147a/0x15b0
[  360.276257][    C1]  ? __pfx_print_other_cpu_stall+0x10/0x10
[  360.276288][    C1]  ? seqcount_lockdep_reader_access+0x1c6/0x220
[  360.276326][    C1]  ? kvm_check_and_clear_guest_paused+0x6a/0xd0
[  360.276357][    C1]  ? rcu_sched_clock_irq+0xa2c/0x10d0
[  360.276400][    C1]  ? __pfx_rcu_sched_clock_irq+0x10/0x10
[  360.276434][    C1]  ? hrtimer_run_queues+0x16c/0x460
[  360.276459][    C1]  ? acct_account_cputime+0xdd/0x210
[  360.276494][    C1]  ? update_process_times+0x1ce/0x230
[  360.276527][    C1]  ? tick_nohz_handler+0x37c/0x500
[  360.276558][    C1]  ? __pfx_tick_nohz_handler+0x10/0x10
[  360.276586][    C1]  ? __hrtimer_run_queues+0x551/0xd50
[  360.276610][    C1]  ? ktime_get_update_offsets_now+0x3c/0x250
[  360.276659][    C1]  ? __pfx___hrtimer_run_queues+0x10/0x10
[  360.276685][    C1]  ? ktime_get_update_offsets_now+0x22d/0x250
[  360.276723][    C1]  ? hrtimer_interrupt+0x396/0x990
[  360.276773][    C1]  ? __sysvec_apic_timer_interrupt+0x110/0x3f0
[  360.276810][    C1]  ? sysvec_apic_timer_interrupt+0xa1/0xc0
[  360.276842][    C1]  </IRQ>
[  360.276849][    C1]  <TASK>
[  360.276858][    C1]  ? asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  360.276905][    C1]  ? _raw_spin_unlock_irq+0x29/0x50
[  360.276934][    C1]  __set_current_blocked+0x310/0x380
[  360.276968][    C1]  ? __pfx___set_current_blocked+0x10/0x10
[  360.276994][    C1]  ? __task_pid_nr_ns+0x28/0x450
[  360.277034][    C1]  __do_sys_rt_sigreturn+0x170/0x270
[  360.277068][    C1]  ? __pfx___do_sys_rt_sigreturn+0x10/0x10
[  360.277099][    C1]  ? do_syscall_64+0x100/0x230
[  360.277124][    C1]  ? do_syscall_64+0xb6/0x230
[  360.277149][    C1]  do_syscall_64+0xf3/0x230
[  360.277172][    C1]  ? clear_bhb_loop+0x35/0x90
[  360.277200][    C1]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  360.277224][    C1] RIP: 0033:0x7f52f0640309
[  360.277243][    C1] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25
[  360.277262][    C1] RSP: 002b:00007f52f1364bc0 EFLAGS: 00000202 ORIG_RAX: 000000000000000f
[  360.277284][    C1] RAX: ffffffffffffffda RBX: 00007f52f07b3f88 RCX: 00007f52f0640309
[  360.277300][    C1] RDX: 00007f52f1364bc0 RSI: 00007f52f1364cf0 RDI: 0000000000000021
[  360.277317][    C1] RBP: 00007f52f07b3f80 R08: 00007f52f13656c0 R09: 00007f52f13656c0
[  360.277333][    C1] R10: 0000000000000000 R11: 0000000000000202 R12: 00007f52f07b3f8c
[  360.277347][    C1] R13: 000000000000000b R14: 00007fffa239ed50 R15: 00007fffa239ee38
[  360.277381][    C1]  </TASK>