last executing test programs:

21.522701582s ago: executing program 3 (id=798):
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000240)='./file0\x00', 0x0, &(0x7f0000000140), 0x1, 0x784, &(0x7f00000007c0)="$eJzs3c1rHOUfAPDvbJKmSfv7JYKg9RQQNFC6MTW2Ch4qHkSwUNCz7bLZhppNtmQ3pQkBW0TwIqh4EPTSsy/15tWXq/4XHqSlalqseJDI7Eu7bXbTTZvdDeTzgck+z8xsnue7z8wzz+wMOwHsWRPpn0zEoYj4KIkYq89PImKomhqMOFFb7/b6Wj6dktjYePOPpLrOrfW1fDS9J3WgnnkyIn58P+JwZnO55ZXV+VyxWFiq56cqC+enyiurR84t5OYKc4XFY9MzM0ePv3D82M7F+tcvqwevf/zas9+c+Oe9J65++FMSJ+JgfVlzHDtlIibqn8lQ+hHe49WdLqzPkn5XgIeS7poDtb08DsVYDFRTbYz0smYAQLe8GxEbAMAekzj+A8Ae0/ge4Nb6Wr4x9fcbid668UpE7K/F37i+WVsyWL9mt796HXT0VnLPlZEkIsZ3oPyJiPjiu7e/Sqfo0nVIgFYuXY6IM+MTm/v/ZNM9C9v13FYLN4arLxP3zdb/Qe98n45/Xmw1/svcGf9Ei/HPcIt992E8eP/PXNuBYtpKx38vN93bdrsp/rrxgXruf9Ux31By9lyxkPZt/4+IyRgaTvPT1VVb3wU1efPfm+3Kbx7//fnJO1+m5aevd9fIXBscvvc9s7lK7lHjbrhxOeKpwVbxJ3faP2kz/j3VYRmvv/TB5+2WpfGn8TamzfF318aViGdatv/dtky2vD9xqro5TDU2iha+/fWz0XblN7d/OqXlN84FeiFt/9Gt4x9Pmu/XLG+/jJ+vjP3QbtmD42+9/e9L3qqm99XnXcxVKkvTEfuSNzbPP3r3vY18Y/00/smnW+//W23/6TnhmQ7jH7z++9cPH393pfHPbqv9t5+4ent+oF35nbX/TDU1WZ/TSf/XaQUf5bMDAAAAAAAAAAAAAAAAAAAAAAAAgE5lIuJgJJnsnXQmk83WnuH9eIxmiqVy5fDZ0vLibFSflT0eQ5nGT12ONf0e6nT99/Ab+aP35Z+PiMci4tPhkWo+my8VZ/sdPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADUHWjz/P/Ub8P9rh0A0DX7+10BAKDnHP8BYO/Z3vF/pGv1AAB6x/k/AOw9HR//z3S3HgBA7zj/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoMtOnTyZTht/r6/l0/zshZXl+dKFI7OF8nx2YTmfzZeWzmfnSqW5YiGbLy20/UeXai/FUun8TCwuX5yqFMqVqfLK6umF0vJi5fS5hdxc4XRhqGeRAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDnyiur87lisbAksWViZHdUY9ckBmNXVEOia4nmXmKkfx0UAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwC73XwAAAP//+Lkq2Q==")
open(&(0x7f0000000100)='./bus\x00', 0x143142, 0x0)
syz_genetlink_get_family_id$nfc(0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000740), 0x8202, 0x0)
r4 = dup(r3)
r5 = dup(r3)
sendfile(r5, r4, 0x0, 0x89ffc)
open(&(0x7f0000000200)='./bus\x00', 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000240)='ext3\x00', &(0x7f0000000280)='./file0\x00', 0xc0ed000e, &(0x7f0000000300)={[{@init_itable_val={'init_itable', 0x3d, 0xfaca}}, {@nolazytime}, {@debug}, {@noload}, {@mblk_io_submit}, {@commit={'commit', 0x3d, 0x5}}, {@lazytime}, {@acl}]}, 0xfe, 0x478, &(0x7f0000000940)="$eJzs3M9vFFUcAPDvbH9QftmK+AMEqaIRf7W0/JCDBzWacMDERA8YT3W7kMpCDa2JEKLVAx4NiXfj3T/AeNKLUU8mXvVuSIjhAnpaM7szZWl3S7fsdqH7+STTfW/mLe99Z+YxM+/tbgA9azT9k0Rsi4g/I2K4lr29wGjt5eb1S8V/r18qJlGpvPNPUi134/qlYl40f9/WWqZSyfKbGtR7+f2IqXK5dD7Lj8+f/Wh87sLFl2bOTp0unS6dmzx27PChvYNHJ4/Uv21orXGmcd3Y/ensnl3H37vyVvHklQ9+/S5t77Zse30c7TJa27sNPdPuyrpse1066e9iQ2hJX0Skh2ug2v+Hoy82L24bjje/6GrjgI6qVCqVRtfnzEIF2MCS6HYLgO7IL/Tp82++rNOtxz3h2mvVB6D8oad4czH+/ijUEvsGljzfttNoRJxc+O+bdIlWxyH2dahRAMCG9mN6//Nio/u/QjxSSwymfx7I5lBGIuLBiNgREQ9FxM6IeDiiWvbRiHisxfqXzpAsv/8pXF1zcKuQ3v+9ks1t5UtWb15kpC/Lba/GP5CcmimXDmb75EAMbDo1k5QmVqjjpzf++KrZtvr7v3RJ68/vBbN2XO1fMkA3PTU/dTcx17v2ecTu/kbxJ5FP4yQRsSsidq+xjpnnm08I3Tn+FbRhnqnybcSzteO/EEvizyVN5ycnXj46eWR8KMqlg+P5WbHcb79ffrtZ/bfHH0Mtxd8G6fHf0vD8X4x/JBmKmLtw8Ux1vnau9Tou//Vl02eaFs//49uz838webe6YjDb8MnU/Pz5iYjB5MTy9ZO3/rU8n5dP4z+wv3H/3xG39sTjEbEnIvZGxBPZo1fa9icj4qmI2L9C/L+8/vSHrce/wqh8G6XxT9/p+Ef98W890Xfm5x9ajz+XHv/D1dSBbM1q/v9bbQPvZt8BAADA/aJQ/Qx8UhhbTBcKY2O1z/DvjC2F8uzc/AunZj8+N137rPxIDBTyka7huvHQiWxsOM9PLskfysaNv+7bXM2PFWfL090OHnrc1ib9P/V3X7dbB3TcGubRXu1EO4D15/ua0Lv0f+hNif4PPU3/h97VqP9vblp67PuONgZYV67/0LtW0f8Xai+fdbwtwPpy/Yfepf9DT2r63fjCXX3lX6JtiRPPJXEPNGNZIgr3RDM2fqJ/1T9m0UKiMlzr/+maTQ3LLP9tJgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgPvR/wEAAP//lDvbhQ==")
r6 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r6, &(0x7f0000000000)=""/149, 0x95)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r7, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="14000000020600f2060000060000000000000000"], 0x14}}, 0x0)
r8 = socket$qrtr(0x2a, 0x2, 0x0)
bind$qrtr(r8, &(0x7f00000000c0)={0x2a, 0x1, 0xf0}, 0xc)
r9 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_NONCE(r9, 0x8010661b, &(0x7f0000000380))
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)

20.258799813s ago: executing program 3 (id=804):
r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00000006c0)=0xffffffffffffffff, 0x2)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r2 = mq_open(0x0, 0x6e93ebbbcc0884f2, 0x0, 0x0)
mq_timedsend(r2, 0x0, 0x0, 0x0, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_mount_image$ext4(&(0x7f0000000880)='ext3\x00', &(0x7f0000000500)='./file0\x00', 0x21404e, &(0x7f0000000280), 0x0, 0x511, &(0x7f0000000f80)="$eJzs3V9rLGcZAPBnJtljTk/apOpFLbQWW8kpenaTxrbBi7aieFdQ6v0xJJsQssmG7KY9CUVS/ACCiBa88sobwQ8gSD+CFAr2XlQU0VO98EIdmdlJmrOdPcmh++eQ/H7w7r7z7sw8z5uczL7z58wEcGU9ExGvRcRURDwfEXNle1qWOO6VfL6P7r69lpf8kzf+nkRStkUU1VM3ysVmem+VOodH26utVnO/nG50d/YancOjW1s7q5vNzebu8vLSSysvr7y4sjiUfub9euVbf/7pj3757Vd++9W3/nD7rzd/kCf9zfLzsh9D92HxWst/FqemI2J/FMEmYKrsT23SiQAAcCH5GP+zEfGlYvw/F1PFaK7QP6SbGX92AAAAwDBkr87Gf5KIDAAAALi0Xo2I2UjSenktwGykab3eu4b38/FI2mp3ul/ZaB/sruefRcxHLd3YajUXy2tq56OW5NNLRf3j6Rf6ppcj4vGI+Mnc9WK6vtZurU/64AcAAABcETf69v//Ndfb/wcAAAAumflJJwAAAACM3KD9/2TMeQAAAACj4/w/AAAAXGrfef31vGQnz79ef/PwYLv95q31Zme7vnOwVl9r7+/VN9vtzeKefTvnra/Vbu99LXYP7jS6zU630Tk8ur3TPtjt3t7y/EAAAACYlMe/+N6HSUQcf/16UXLX8pepAQu4VgAujfRBZv7T6PIAxm/Q1zxw+U1POgFgco6rGq+PPw9gYu651UfFoODsxTv3HDP43ehyAgAAhmvhC9Xn//NdgNqkkwNG6oHO/wOXivP/cHU94Pn/90eVBzB+NSMAuPLOe9THwJt3VJ3/v1Y1Y5aduy4AAGCkZouSpPXyXOBspGm9HvFo8V/9a8nGVqu5GBGPRcTv52qfyaeXiiUTjwcEAAAAAAAAAAAAAAAAAAAAAAAAgAvKsiQyAAAA4FKLSP+SlM//Wph7brb/+MC15N9zUT7S662fv/GzO6vd7v5S3v6P0/buu2X7C5M4ggEAAAD0O9lPP9mPBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBh+uju22snZZxx//aNiJivij8dM8X7TNQi4pF/JjF9ZrkkIqaGEP/4nYh4oip+kqcV82UW/fHTiLg+nvhPZVlWGf/GEOLDVfZevv15rervL41nivfqv//psnxag7d/6en2b2rA9u/RC8Z48oNfNwbGfyfiyenq7c9J/GRA/GerVljxQ/n+946OPtHYW3lkv4hYqPz+Se6J1eju7DU6h0e3tnZWN5ubzd3l5aWXVl5eeXFlsbGx1WqWr5V9/PFTv/lfX9N/s56i/zEg/vw5/X8ur9TONGb9YcpgH9y5+7letda3iiL+zWerf/9P3Cd+/m/iy+X3QP75wkn9uFc/6+lfvf90ZWJl/PUB/T/v939z0Er7PP/dH/7xgrMCAGPQOTzaXm21mvujqDxWBila3s2ybISxVD5l5WR0d7950gvMM7Ay87D0VOW8yjCObAEAAA+bjwf9k84EAAAAAAAAAAAAAAAAAAAArq7OYaSjvp1Yf8zjyXQVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOC+/h8AAP//3zjXUA==")
openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
fsopen(0x0, 0x1)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000080)={[{@delalloc}, {@jqfmt_vfsv0}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x7}}, {@debug}, {@nombcache}, {@noinit_itable}, {@nolazytime}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")

19.132977102s ago: executing program 2 (id=805):
r0 = open(&(0x7f0000000040)='./bus\x00', 0x64842, 0x0)
r1 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
write$binfmt_elf64(r1, &(0x7f00000002c0)=ANY=[], 0xfd14)
pwritev2(r0, &(0x7f0000000240)=[{&(0x7f00000001c0)="85", 0x1}], 0x1, 0x0, 0x0, 0x0)

18.761952733s ago: executing program 2 (id=806):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha384-generic\x00'}, 0x58)
bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x50)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x11, &(0x7f0000000180)=0x1400200bce)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000002700)=""/102392, 0x18ff8)
landlock_restrict_self(0xffffffffffffffff, 0x0)
ioctl$HIDIOCGPHYS(0xffffffffffffffff, 0x80404812, &(0x7f00000000c0))
r2 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r2, &(0x7f0000001ec0)=ANY=[@ANYBLOB="004000003a00913a74067388481f9c0e0a"], 0xfe33)
r3 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r3, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e020023000b02d25a806f8c6394f92124fc60040f030047000000053582c137153e370248018000f01700d1bd", 0x33fe0}], 0x1}, 0x0)
r4 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$unix(r4, &(0x7f0000005400)=[{{0x0, 0x8, &(0x7f0000000ac0)=[{&(0x7f0000000080)="3b464c3bcd2bd7d2b1a92eca79c286a06dffdfeb623ea9e40a2c95cd702350d944237596556c9479bf1521276d845eb45d2cd8e6380fc6ce9c3451c4c197909a89cc640607df2e7a07", 0x2ff80}, {&(0x7f0000000180)="fa302c5276f60e090ecdcd2ab8152552e0ec74a69db872f09ac999fb27496391dbf3d0bc94611c29a7ddbe0b2b272911544465bb22aa", 0x36}, {&(0x7f00000002c0)="87c3752dd3dafc", 0x1ed}], 0x3}}], 0x4000000000001ee, 0x0)
r5 = socket$nl_generic(0x10, 0x3, 0x10)
r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000440)={0x1c, r6, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'wlan1\x00', <r7=>0x0})
sendmsg$NL80211_CMD_LEAVE_OCB(r4, &(0x7f00000001c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r6, @ANYBLOB="00042dbd7000fbdbdfb30700000000000000", @ANYRES32=r7, @ANYBLOB], 0x1c}}, 0x4040)
r8 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000180), r8)
sendmsg$NLBL_MGMT_C_ADD(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000040)=ANY=[@ANYRESHEX=r8, @ANYRES16=r9, @ANYBLOB="cd3e0000000000000000020000000800020005000000ce0001"], 0x114}}, 0x0)

16.809824758s ago: executing program 2 (id=809):
r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0)
syz_usb_disconnect(r0)
r1 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[], 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r1, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io(r1, 0x0, 0x0)
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000740)={0x2c, &(0x7f0000000580)=ANY=[], 0x0, 0x0, 0x0, 0x0})

16.672715251s ago: executing program 3 (id=810):
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
fallocate(0xffffffffffffffff, 0x0, 0x55d7, 0x2)
syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
r0 = socket$inet6(0xa, 0x40000080806, 0x0)
bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback, 0xfffffffc}, 0x1c)
listen(r0, 0x20000005)
r1 = socket$inet6(0xa, 0x6, 0x0)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e20, 0x6, @empty}, 0x1c)
accept4(r0, 0x0, 0x0, 0x800)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
r3 = dup(r2)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)

15.307763587s ago: executing program 3 (id=813):
r0 = socket(0x840000000002, 0x3, 0x100)
r1 = socket(0x10, 0x803, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={0x0, 0xb8}}, 0x0)
getsockname$packet(r1, &(0x7f0000000000)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
recvfrom$inet6(r1, &(0x7f00000004c0)=""/115, 0x73, 0x20, &(0x7f00000002c0)={0xa, 0x4e22, 0xfffeffff, @remote, 0xa}, 0x1c)
sendmsg$nl_route(r2, 0x0, 0x0)
sendmsg$nl_route(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000004400)=ANY=[@ANYBLOB="2c0000001400b59500020000000000000a000000", @ANYBLOB], 0x2c}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000bc0)={&(0x7f0000000a40)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000b80)={&(0x7f0000004580)=@deltaction={0xd8, 0x31, 0x400, 0x70bd2b, 0x25dfdbfe, {}, [@TCA_ACT_TAB={0x7c, 0x1, [{0x14, 0x6, 0x0, 0x0, @TCA_ACT_KIND={0xd, 0x1, 'connmark\x00'}}, {0x10, 0xd, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'csum\x00'}}, {0xc, 0x13, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ife\x00'}}, {0xc, 0x4, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x2}}, {0xc, 0x0, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x101}}, {0x10, 0x1d, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}, {0x14, 0xe, 0x0, 0x0, @TCA_ACT_KIND={0xd, 0x1, 'connmark\x00'}}, {0xc, 0x6, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}]}, @TCA_ACT_TAB={0x14, 0x1, [{0x10, 0xc, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}]}, @TCA_ACT_TAB={0x34, 0x1, [{0x10, 0x201f, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}, {0x10, 0x4, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}, {0x10, 0x15, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}]}]}, 0xd8}, 0x1, 0x0, 0x0, 0x1000c804}, 0x4800)
ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000004240)={'erspan0\x00', &(0x7f00000003c0)={'erspan0\x00', r3, 0x10, 0x8000, 0x5, 0x4, {{0xe, 0x4, 0x0, 0x1, 0x38, 0x64, 0x0, 0x2, 0x29, 0x0, @empty, @rand_addr=0x64010100, {[@ra={0x94, 0x4, 0x1}, @end, @timestamp={0x44, 0x4, 0x6, 0x0, 0x3}, @timestamp={0x44, 0x8, 0xbb, 0x0, 0x1, [0xffff]}, @ssrr={0x89, 0xf, 0xb5, [@broadcast, @multicast2, @empty]}, @ra={0x94, 0x4}]}}}}})
r4 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000380)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000280)={&(0x7f0000000240)=@ipv4_getrule={0x1c, 0x22, 0x100, 0x70bd2c, 0x25dfdbfb, {0x2, 0x80, 0x10, 0x7, 0x2, 0x0, 0x0, 0x0, 0x14}, ["", "", "", "", "", ""]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x10)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_EXP_GET(r5, &(0x7f0000001280)={0x0, 0x0, &(0x7f0000001240)={&(0x7f0000001180)=ANY=[@ANYBLOB="38000000010201020000000000000000020000002400018014000180080001"], 0x38}}, 0x0)
sendmsg$IPSET_CMD_ADD(r0, &(0x7f0000004180)={&(0x7f00000018c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000003c80)={&(0x7f0000004100)=ANY=[@ANYBLOB="500000000906010800000000000000000000000205000100070000002c0008806f5a51644a1e8c72571c000780180000000000e3ff0000000c00078005000700020000"], 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x40)
r6 = socket$pppoe(0x18, 0x1, 0x0)
connect$pppoe(r6, &(0x7f0000000080)={0x18, 0x0, {0x4, @local, 'veth1_to_bond\x00'}}, 0x1e)
ioctl$PPPOEIOCSFWD(r6, 0x4008b100, &(0x7f0000000040)={0x18, 0x0, {0x4, @local, 'bridge_slave_1\x00'}})

15.12876206s ago: executing program 3 (id=814):
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./file1\x00', 0x121880a, &(0x7f0000000400)=ANY=[@ANYRES16], 0x1, 0x550b, &(0x7f000000cf00)="$eJzs3M1rI2UYAPAn/dhv1yIevO3AIrSwiU0/Fr1V3cUP7FJWPXjSNElDdpNMadK09uTBo3jwPxEFTx79Gzx49iYeFG+Ckpmpbv0AoWlj298PJs+8b94887xhWXhmSgK4sOaSX34qxc24GhHTEXEjIjsvFUdmLQ/PRcStiJh64igV839MXIqIaxFxc5Q8z1kq3vrszvD26o9v/vz1t5dnrn/+1XeT2zUwac9HRHc7P9/r5jFt5fFRMV8btrPYXRkWMX+j+7gYp3nca25mGfZqh+tqWVxu5evT7d3+KG51avVRbLW3svntXn7B/rB1mCf7wKPaTjZuNDez2O6nWWwd5HXtH+T/tx30B3meRpHvwyx9DAaHMZ9v7jfz/Ww/zmK9Nyjm87xpo7k/isMiFpeLetppZHVsHueb/n97q93b3U+GzZ1+O+0lq5Xqi5Xq3XJ1J200B82Vcq3buLuSzLc6o2XlQbPWXWulaavTrNTT7kIy36rXy9VqMn+vudmu9ZJqtbJcWSyvLhRnd5LXHrybdBrJ/Ci+0u7tDtqdfrKV7iT5JxaSpcrySwvJ7Wry9vpGsvHw/v31jXfev/feg5fX33i1WPS3spL5pcWlpXJ1sbxUXbhA+/+4KHqM+4djKU26AICzR/8PTMLJ9f87DyNOvv8P/f9YnKn+9/z1/3svREx0/3As+n8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAvr+9kvXs9O5vLx9WL+qWLqmWJcioipiPjtH0zHpSM5p4s8s/+yfvYvNXxTiizD6BqXi+NaRKwVx69Pn/S3AAAAAOfXlx/d+jTv1vOXuUkXxGnKb9pM3fhgTPlKETE798OYsk2NXp4dU7Ls3/dM7I8pW3YD68qYkuW33GbGle0/mT4SrjwRSnmYOtVyAACAU3G0EzjdLgQAAIDT9MmkC2AySnH4KPPwWXD2l/d/PhC8emQEAAAAnEGlSRcAAAAAnLis//f7fwAAAHC+5b//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv7NzP7eJA1EcgJ8NXth/WrTa+7ayNyhjS9jjHiMKSBMUkANpIQ1QA7mlhAgiPA6BiEMkj20l+j7JmYxlfrxBcJgZaQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAu3Vfrxe3V7+u2Obt9O3lGAwAAAFyyrdaL+p9Z6n9t7n9vbv1s+kVElBFxae4+ik9nmaMmp3p5/ub0+epVDXcRdcLhPSbN9SUi/jTX44+uPwUAAAD4uDbL1TzN1tOf2dAF0ae0aFN++5spr4iIavaQKa085P3KFFZ/v8fxP1NavYA1zRSWltzGudLepP65H1ftpidNkZry4suORWYbOwAA0KPRWdPvLAQAAIA+/Ru6AIZRxPNW5nErcJKaZnvv81kPAAAAeIeKoQsAAAAAOlfP/3s6/2/v/D8AAAAYRjr/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC5tq/Vis1zN2+bs9u3kGQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyxP+8oEAJhEAZ713cmc//DSoOmpiZVIHz8jcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMX+vKRACARBFMwZ/zvp+x9WEvQMIkRAw6OKWjQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMXO/bzGUcUBAP/OzM7WtooxSg4RUfCgF5tua2tv4kEJHvwThJBua+zWH20QW4qYizfJuRfRo4igxFv/h55b6KXeethDBc/KzM5kp23A9dfMNvl84M377jDM+75ZCPnOewkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtfFb0zgrDguTOK3O3bp/bb3obz/UF25s31kuWhEnbSb9eHih+SFZioij3SUDAADAwZDV9X1E3M13Vos+XSjr/7y+pqj5v31qElf1/Gd1yfpw/V/X/kX75ed7z+0OtDAZp7jpuY3R8PijqfT+rznOu6f/8ope+eTLdy9Z+YWk7249O87L55l8ffPm2/0yPNRGtgDAP3Gs7qug/n2o6AddJgbAgdFrFN51/Z8tdJsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQBvGW3G0jpOIWO5N48Lt+9fW9+pvbN9Zrtvp69e348vpPYtb5BFxbmM0PN7qbObb5StXL6yNRsNL7QcvRkRXo79ZTf/C+zNcHNHJ8xH8R0Fafdnzks/jEXT4QwkAgH0pr1pR19/Nd1aLc8lixB/fPVj/v9KIY8b6/94Hp281x2rW/4PWZjj/VjYvfrJy+crV1zYurp0fnh9+9PqJwRuDk2dOnTqzUr4rWfHGBAAAgH+nX7Vm/Z8uPrr+f6QRx4z1/6ffDL5ojpWp//c0XfTrOhMAAICD7ZmXfv8t2eN80u/H52ubm5cGk+Pu5xOTYwep/m2Hqtas/7PFrrMCAAAA2jDeSh5Y/z/biGPG9f8nv3/+x+Y9s4g4XK3/H1v/eHS2venMtTb+nLjrOQIAANCtw1Vrrv/n5f7/dHfLQxoRr748iat/AzhT/Z+989UPzbGa+/9PtjfFuZQuTZ5H2S9F9Ja6zggAAID97ImqFcX+r/nO6oc/HXmvb/8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQNv+DAAA///fxzxy")
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setaffinity(0x0, 0x0, 0x0)
creat(&(0x7f0000000000)='./bus\x00', 0x0)
io_setup(0xb22, &(0x7f0000000040))
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='memory.numa_stat\x00', 0x275a, 0x0)
ioctl$EXT4_IOC_MOVE_EXT(r0, 0x8004587d, &(0x7f0000000080)={0x0, 0xffffffffffffffff, 0x0, 0x3, 0x0, 0x6})
r1 = socket$inet_mptcp(0x2, 0x1, 0x106)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0xa, 0x3, &(0x7f0000000240)=ANY=[@ANYRES64=0x0], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
sched_setscheduler(0x0, 0x0, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0)
bind$inet(r1, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10)
connect$inet(r1, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10)
writev(r1, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1)
shutdown(r1, 0x1)

10.860299637s ago: executing program 2 (id=819):
openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0)
syz_io_uring_setup(0x1, 0x0, &(0x7f0000000080), &(0x7f0000000500))
openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
write$cgroup_devices(0xffffffffffffffff, 0x0, 0x8)
socket$inet_udplite(0x2, 0x2, 0x88)
prlimit64(0x0, 0xe, &(0x7f0000000540)={0x8, 0x20000008b}, 0x0)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r1, 0x0, 0x0, 0x40010022, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000380)={[{@acl}, {@heartbeat_none}, {@err_ro}, {@coherency_full}, {@coherency_full}, {@localflocks}, {@intr}, {@noacl}]}, 0x1, 0x442a, &(0x7f0000008940)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3+5159pnD8MSJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAud/2MBAAAAAAAAAAAAAAAAAADgb2rz/f9cdKLJ+/9jyXGkRf31tzo/Rjpn4u2rYxcGh5L936Nt+a8nSb+c6wr9TfZ9z+7/fi5Tv/n+79v72a3G+Br99oUoHkidx/HAQAjfJBu/n4qOxKXyUuXVW+Xlhdk9G8YzKx3/+u79qegkG/q3G//RTPud3///v9uupur5zb27xJ5r6fh3tSz37adRW/E/n6m3H/Fn99Lx766l9W4tMFKfAKrx/7x75/iPZdrvVPyPhxByUXWsudQMUF3DVNNbrVdIS8f/UC0tNXUmH2Sr+//3TPwvZNo/qPl/JftFRFPp+P+rltaTKrF5//fHO9//FzPtH0T8q+Nf8f3flnT8D9cTu1NFap9ku/P/eKb9TsX/epyM83iUugJWo3p6q/9XR1o6/j3b8jef/+K21n+XMvX36/mv0W/j+a8x/b8c1Z//aC4d/96W5dq9/ycy9To9/4/U1n/sVjr+R2pp6bVzX+1nu/GfzLTfqfjXViU9jfhvzid/HK6nf23915Z0/P9dT4y3llip/ayt/6Kd1/+XM+0fxPqvOv6VuLO9Pi/S8T/aslw1/j+08f1/JVOv8/EPYdBaf9fS8T/Wslzt/u/ZOf5TmXqdjv9LnWwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Bkwmhz7QhQPpM7jeGAghPPJ+alwJJouzOanS+WZj5ZCGEvSc+FEdLtUni6U8nML5dlivlAqlWdCuJDknww90VKpXMnPF+5e3GirN7pTLCxWpouFSghhPEn/fzjWaGt6rjJfuBtCuLSR95+4vHj3TmEhPzu3+Obg4OBgmNgYQ39U/KRSXKjUe6/nhjC5Ubcv2jK4WvbljbEcjT4sLy8uFEq19Ctb6pTKM4XSljpTSd4XoT+qLC4vzBQqxXypfLvR30EaSY5jE9feu3ZlaFv+zah+HN3fYQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwFz0afuPLEEJ3/SwOIYw0fomalX/4uHg2/3Tq/trw6cnVB2tPWpUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JMdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7NIxSgNBFAbgN2Ohdh7DatntbFcU0cIVwRPoMTyMHsVLeIcUKdKmCIFkFsJmF7ZJqu9rHszPzHswDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHme3ruPt7qJSHG1uYz4+/pfHOYvpf7cj9+/OMOMnM7za/fwWDfl39NRfleOlm3epevV92eM1N7vYE+G+7TX97menGtq36bm6/veRMpVRLQlv005V9W8twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyw4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRR9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPArAAD///4CHxA=")
open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1000, 0x0)
r3 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x18)
ioctl$LOOP_SET_STATUS64(r3, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef9cc097fce47d85272036dc78388e3dc177e9b496", "b732676c181c2082669dd06388bd49bd03e6bbc2ebce21aa45a7fea6180766b9"})
r4 = syz_open_procfs(0x0, &(0x7f0000001080)='mounts\x00')
r5 = open(&(0x7f0000000080)='./file1\x00', 0x10b942, 0x0)
sendfile(r5, r4, 0x0, 0x80000000)

9.313775721s ago: executing program 2 (id=822):
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000340)={0x4, 0x0, {0x7, @usage=0x5, 0x0, 0x91, 0x9, 0xc0c7, 0x8000000000000000, 0x9, 0x1a, @usage=0x7, 0x5, 0x0, [0x6, 0x5, 0x1, 0x0, 0x7fff, 0xffffffffffffffff]}, {0x1, @struct={0xe0007fd, 0x3d}, 0x0, 0x6, 0x6, 0x6, 0x1, 0x8000, 0x4, @struct={0x6, 0x3}, 0x2, 0x7d, [0x5, 0xdf23, 0xa, 0x80000000, 0x7, 0x57]}, {0x7, @usage, 0x0, 0xcf, 0x6, 0x8, 0x100000000, 0xfffffffffffffff8, 0x4, @struct={0x2, 0x6}, 0x80000000, 0x0, [0x3, 0x9, 0x8, 0x9, 0x5, 0xb]}, {0x8000000000006, 0xb6, 0xe}})
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000000140)=""/92})
pwritev2(0xffffffffffffffff, &(0x7f00000012c0)=[{&(0x7f0000000100)="7270aa3f0c63ef31716980d71af481e691d156e5c690c37493c965008b713ed133a85027d43b49d05b8ec0e538f674752205f76fb42632a5233a7d64e1cea692029b6a", 0x43}], 0x1, 0x0, 0x0, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000ac0)={0x1, 0x0, [{0x0, 0xd3, &(0x7f0000000780)=""/211}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000400)=""/253, 0x0, &(0x7f0000000600)=""/91})
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my=0x1})
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f00000001c0)={0x28, 0x0, 0x2710, @my=0x1}, 0x10)

7.420944181s ago: executing program 1 (id=827):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='sched_switch\x00'}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0)='rpc_pipefs\x00', 0x0, 0x0)
mount_setattr(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000280)={0x0, 0x2, 0x80000}, 0x20)
syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r4 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000000)='source', &(0x7f00000005c0)='#mS\xb2j\xcb\xa18:.)\xc7\xcb\xc5\xd8\x91\xa1\"\xd5\r\x89M;\x99\xd6\x8e?K\x82\xd5\xd7\xab\x10\xea\x14\n\xea\xe9\xcc\xdc\xf3\xc0\xf8\x89\xd0\x0ep\xb1I\x04T[\r&\xf0z\xde\xc0\xf3\xcd\x9a\xae\xa8*v_(\x94]\xdf\xf1\x95!\xb3+\x1aD\xda\xa1G\x06M\xdaz2\xe9\xe6\xda\x92U\xaaN\xff\xca\xb37-<3\xb28\xb8:UQ\x95|\xe5\xaa\x0e\xe7{\xd4T\x84\x83\x86\x9d', 0x0)
r5 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000000)='source', &(0x7f0000000840)='%\\,:\x85X\\\x03\xa6\xd7}\xcd\xeb*\xb1\xa8\xb7\x81\xc8\xcbR\xa8?\x97 \xcbz&\x17\xa4\xfd^\xe1I\x11X\x90\x03\xb7W\x05\xb0\x99\x10F0\xb5YP9\xc3\xe2M\xaa\x81\xfev:\xe40\x9e\xdb\x98\xb4\xd0\xdcE\x14\x910\x1b.G\xab\x86\xdfy\xe6\xde11_H]\xe2\xc3\xb2fa\x7f\x8c\xf3\xc6\x85\xc9\xd6j\xff\xaa\xdbWD\x87\xe3\\mUSy\x0f\x82qW\fE\xd15ec>:D+', 0x0)
mount$afs(&(0x7f0000000040)=ANY=[@ANYBLOB='#ayz1:'], &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xdc)
write$dsp(0xffffffffffffffff, &(0x7f0000000280)="4b1f558d5c", 0x5)
syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="043e0612"], 0x9)
creat(&(0x7f0000000280)='./file0\x00', 0x0)

7.351858816s ago: executing program 4 (id=828):
syz_mount_image$hfsplus(&(0x7f0000000140), &(0x7f0000000040)='./file2\x00', 0x14018, &(0x7f00000000c0)=ANY=[@ANYBLOB='barrier,umask=00000000000000000000005,nls=cp862,uid=', @ANYRESHEX=0x0, @ANYBLOB='\x00\x00'], 0x1, 0x6ac, &(0x7f0000000b40)="$eJzs3c1vHGcdB/DvrNdvQUqdNmkLqkRopIKISPyiFMIlASGUA0IVHDhbidNY2aSV40JaIWLerz30DyiH3DghcQ8qZ7jBMeJUCdELp4jLonlZe5P1Ortx4o3VzyeafZ6ZZ563387M7qwVTYDPrUun076XokwX6i0rnft3V2ab4k6SMt9K2nWS4mZSfJJcTL3ki+XGZv9iWD8frZ//0T/+e//Teq3dLNX+rcF6d7pjTaKqvVW+nEwy1aSDpgc3ze2641Z/e5eHtlebfXQku46vLikDdqoXOJi07oCtcaoPPd+Bw6OoPzcHLCRHmo/J6nOuuTq0DnZ0T99YVzkAAACYsEv/ObE8zv7zTfrCgzzI7UN/Gw8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHqnn+f9EsrV7+ZIre8/9nmm1p8ofavUkPAAAAAAAAAABGMNvLXNi9/MsP8iC3c7S33i2qv/m/Xq0cr16/kPdyK2vZyJnczmo2s5mNLCVZ6Gto5vbq5ubG0gg1l3etufx05w0AAAAAAAAAnzO/yqWdv/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDzoEim6qRajvfyC2m1k8wlmSn320r+3ssfEsVuG+8d/DgAAABgX+aeoM5M8iC3c7S33i2qe/6Xq/vlubyXm9nMejbTyVquNPfQ5V1/6/7dlc79uys3ymXfQ69aTP3bw+49v1rtMZ+rWa+2nMnlajBX0qpqlv6V5EZvTIPj+uVnZdsXaj8bcWRXmrTs7MPerwiz+57wU7CQtFuZ3o7IYjW2+iA41h+FwUh857NhjV6sk/ajPaW/p6W0tn/5OV73UGYfG/MLI87sSJOW8/ndsF9unra5nU63hu60HYlWqkgs9x19L+8d8+Srf/7jh9c6N69fu3rr9IFM6Vl69JhY6YvEKyNE4ifPbSTaY+6/WEXixPb6pXw/P87pnMxb2ch6fprVbGYtRTPT1eZ4Ll8X9o7UxYfW3nrcSGaa96W+io4yppP5XpVbzetV3aNZT5F3ciVrebP6t5ylfDPnci7n+97hE0PHXc2tOutb4531p77WZOaT/L5JJ+R/3W63ytQXhTKux/ri2n/NXajK+rfsROnFvd/dwWvjY6fczpeaXNnHr5v0+fBoJJb6IvHS3pH4QxXtW52b1zeurb6766frdJN2e29N3mi2lEfcbx//9ecv+5nbCPquY+Xx8mLmmivJsUzXQ5vqlb20fZV5OF4zzV9c6rLWQNmJ+u0uemfqD4eeqTPNd7jBlparsld2LVupyl7tK+v/vpW8k8729yEAnmNHvn5kZv7f83+b/3j+N/PX5n8w993Zb82+NpPpv05/u7049UbrteJP+Ti/2Ln/BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAntyt9z+4vtrprG3snmkNL9or03uSz+i1iuZJOuP3NalM905y8L13a3f6ir6S5Bn0VTzDWfQeIjhercXBI+riJI+Ef45bK3NjTbn7Qh2lsbpYqOuMsPNsHcypIedp8xY9ycNFgUPh7OaNd8/eev+Db6zfWH177e21m9Pnzp1fPH/uzZWzV9c7a4v166RHCTwLOx/6kx4JAAAAAAAAAAAAMKqD+P8Sk54jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcLhdOp32vRRZWjyzWK7fv7vSKZdefmfPdpJWKyl+nhSfJBdTL1noa64Y1s9H6+enkny601a7t39rj3rd2ZFmsdUsOZlkqkn34aH2Lu+7vWJ7hmXATvUCB5P2/wAAAP//7EH3ig==")
r0 = open(0x0, 0x64842, 0x0)
r1 = creat(&(0x7f0000000100)='./bus\x00', 0x0)
write$binfmt_elf64(r1, &(0x7f00000002c0)=ANY=[], 0xfd14)
pwritev2(r0, &(0x7f0000000240)=[{&(0x7f00000001c0)="85", 0x1}], 0x1, 0x0, 0x0, 0x0)

7.177808921s ago: executing program 3 (id=829):
syz_mount_image$bcachefs(&(0x7f00000000c0), &(0x7f0000000000)='./file1\x00', 0x800000, &(0x7f0000000480)=ANY=[@ANYBLOB='acl,direct_io,norecovery,fsck,journal_flush_disabled,noreTovery,btree_node_mem_ptr_optimization,reconstruct_alloc,no_data_io,hash,\x00'], 0x1, 0x5924, &(0x7f00000063c0)="$eJzs3X+QHFWdAPDXM7PZyW5+bAJIBNksgSiCmg2/Cn+URs9fBUjFwlLCRWEhG4wmIZUEgYASPPCgAAstLUX9Ay2kDo0WVXBKpER+mHCKUpwedYXU6R36h1fIkRLIUZbnXu1Ov8ls7/T27OxsSODzqWR7+k3P971+/aanv29mdwIAAACvCLuv3bL3rCPe8/PPDr9w1ft/tOHq0FseK6/GDfrS5WUvVQvZn7ori8aW2XHxuiu+84eBC9/1szt7vv3irjVHr/3Nuw+58N5PnL7zlq8/8Pzcu//2VFHcOJ6O37eePJOEUP3xni9/btcjh4+WJSGEctK3PYQFycIHFiSZEIN/CSGsSVcWZe6864WT1o4ur76he1z5/Mx2xvsrWzUdZ9v2XnpC+O07V13zy8Xf/17Xjqe379skqTaMpxDmnd/4+K4Qwuz0/6g42uJ4jIN2ZQihp+FxpxW065gW278sZ/3IdDkrXfYWxIn3L8mslzLbZdejrsyyp6C+6cprR7vbFZmTWc+ejKYrr52xfEG6/GG6PH6K8cvxfxJKSajUm78+2TdGQsNxS0Iydiyr9fVS/diGdP8z60lmvZRZL3dl9mus3nSglZNkfHncLlMeT8eVtPzoxnN1E2fnlL86XVbTJ+qLcT1kb9T0TrhR368xsV17JmnL/lBqOAc1K68f+PRg9KZlvcnCCY8ZaSLet2vVjUvLqx/c3ZfTjuTOJI2ftBV/2y8WzPnYd6+/JPu6Xo9/fimNX2or/u/OePTZc6//1tdy498c45fbin/ifT3PnPHQtUty+2dP7J9KW/GHnnr4psWHXrAjt/23xvjVtuKv2Plo99y9992f2/7B2D+z24r/5Fvf+/s7Hr/n6dz4IcbvaSv+6p2bPt/dv/e43Pj3x/7pbW/8PLfj1Cf6+/84kBf/sRh/blvxb99+y1tum3/D6bnHd2Xsn7624p957L3XzNl7z1F5587k1k69cgK8Mh2SXmNdl663m2dOV0O+8NWBSu2ab3aa18ztZEWZi8/ReuZ1Mj4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhBAOO+Ff3vdfH+57ppKud6c3nizVlrF8VgjJ7BDClq1Dm7eu23jRwCcuvmTzxqH1A0NbB4Y3bt18+cDJbxjYPLxp/dDlo/cOvvGk2uMWhqS2TI6aUHf3yMhIqW98Wazv747d8dulp/33n0IYPOzX/ZXc9i+7ZcNthzb5mZGsGHnHhkvO+vUp30z3qy9tV1+Tdo2MjIyEnHb9zzl/ve2Le/5wXAiDr5qsXQ8/+fafjGvQWMG+OKlSd6g1qDvpadqOeqvT9sT+qqxdt354cPL+HX18OWc//v6Kp/+y9rIv/LXWv9Xc/Wixf2evGFlf+sqqM//vK1eO9nYI29M78tr1Uh33ov6OexHbF/uvmvb3vLS/5+XsVyVnv6795f2P//iI65/fHgYrzy2eWHfRfnWlA6AreXVL9cYaepIF48qr6fbxiMfHLdu6YdOyLZdve+O6DUMXDV80vPHNy09efurgKaeesmxsz5d1eP9j/a9tcf+LxnlnxtP8T23/YfzZ2ngqaldRf4y2q7g/GluU9/zrOftzX3rzLQ+dVSsoGudx6/r5JF32jB7n5aFhvE3sq2b7VdQPIYSBZv3w7POnh8P/fd01ReehxiPT+DMjWTHyyJI/f/O0byx6W61gv5znGxvU5nm+3up97Rnrr2p6PEYO0P7tDuV0v3qbtmv5Iw913bj7T5+ut2/WrHDZ0Natm5fXfs5JWzonObJpu7Klcb8Wj/0sh7RbQn2YNhmvo7pCrX3Z82fcPNurvel9vcnCpvuVFe/bterGpeXVD+7O6+nkzq6x5ewwt7ZMXpOz5frMA8v1Bjer/0B9/hWNj/73fePuD9/9g5MnjI8Taz+L9ivJ2a/vP377l779hX/8Qef2631vf7Tvz//x8aW1goPlvFJvddqepPG8cmIIRc+/xaH5fuQ+/0rN96fo+ZetZ9/2zeMNZNZ7Q7mt5+uJ9/U8c8ZD1y7Jfb7uqTWg+Pl65bi1csHz9UAZP9nnV1IZ346Ze36NGyjJipGfXXfI9geuWnlEraBoXNe3bjauTyq+Hinl7NdPzn2i/+KBf/i3zp03vvOGu877zdCKz9QK2j/usS2dOe7VtH+rOf1bb3XMOxv7900XXrx+Ta38wL3+TZcF+U88lWy5fNsnh9avH968pbX9avX1NNaT7eV2X0/j2W1hwX6VJuzXzN1opb9afb7F9q9pu7/GP996Q9LW68K2XyyY87HvXn9J34RHpRWdX0rjl9qK/7szHn323Ou/9bXc+DfH+JW24g899fBNiw+9YEdu/FuTNH61rfgrdj7aPXfvfffnxh+M7Z/dVvwn3/re39/x+D1P58YPMX5ve/3/3I5Tn+jv/2Nu/MeStJ7Ra6QQ7nrhpLW19SR0pc+32I6uce0K2fUks17KrJcb10u1udZ6BeUkGV8et0vLj25oSzMfySmPV2HVRbXli3E9ZG9MXn6gKTWc+5uVF12nAgC83MX3/+M1aHz/fzi9UMqfaYB9ppuHLcqJG/OwffM5s8bdvyiNHx8f5wH73xQGR5dXD9Qu9Kf6PkJ8PmTnOWM9xx0zPka785z58++zmvZHbFdtvrzSkIemJuY1ldDC/PuSCfVMPv+e2f3i+fGB6yY0a6Bh3ip7/LrSGbNmn3fItLcyGiFvfGTnxeLnOfrnhZVj9bU4PrKfo4nHIfs5mljPEZkTZ1ufo5l0fEzoh3HtiuMjNnuS8THW5OL3NyYevzBJ/+47fs2jZY/fFI53dXT7mXt/Ns6LTXvesOkpbf/NG87s+2HmJXPip0+wA33eMJbH/ai0OJ/44ZzyTs0nxtNFbNeeSdqyP5hPBF6uYv4fXyNG8//RC/D/zWxXdB2avWqM8XI/J1Ru3p6ivGPi5/R62nodX71z0+e7+/cel3udc3+rn/vZNG6tp+BzP0X9uDSzXtiPORM0Rfletp6ifs9+LqM3zG2r32/ffstbbpt/w+m5/b6y9kJa3O9fGrc2t6DfD4J8oXl8+cIrIl+Y6fmzlywfST/4NFP5yIdyyqeaj/RMuFHfrzEHXT7StX/bBQAcPGL+X3//LM3//zNukF5HFOWtx2fWY7zcvDXn+iQvb/1Aurwss31v+hsVU71uPvPYe6+Zs/eeo3LzlltbzUP/adxaX2EeOr28OTePWNmZz4vn5hH1PGt6eWJu++t54vTy9Nz49Tx9enl0bv/U8+jpzQPkxq/PAxzseW7BfF2msrja6nzdyzaPTn99dqby6LNzyqeaR/dOuFHfrzHyaACAl1bM/+NlXMz/H8psN9332XPzgg5dt2f/Hkg9/mP7K6+c6bxvpvPWmc7rZ3pe4mDPi2d6Xmhm58le8XlxWqm8GACAA1nM/2en6/n5//Tyk2b5W9e4/ER+3jS+/PwAyc8P9vkv+b/3xYvJ/wEAXt5i/h9/7TH+/b+fpuvZv1v/iszTR5IQ5Ony9P2Sp3d+ni34HMBLOw8we9/25gEAAHgpdI1lShN/z/6j6TL7e/Z5v5d/bs72raqkl8cXbN08PHzeJZvWDG0dPm/jxWuGt5x36eZ1W7cOb6xtN928MTdvSfPGrlBJ+6P5dtm8bX769xDm5/w9hOz2MeyRYzcm/j2EbLWzC/6OwL7j11p7845faZLtm42PvOOdF/8jOdtH9eN/4cdPPG/tlvPWbVy3dd3Q+nXbhsdvN5q19kzhezNjt7T2fak/rX1NZubHBKWpf3/n1NoRctpRmtCOrrQ/8r6fPcm0Y0HakgV533+Q0+6f/+sXP3XsyF/vCGHwsPJrptru8SFXjPzzOcMf2Lr715tG21+atP31LdN2FX1faXb7uD+V9Rdv2XrC2osv2Zj9Rsn2xPmMUn19huYz0qd/ucX5idU55VP9nEJ5wo0DU8vzEwAAjBPf/4/Xs/H9wy+kF1CxvPU8fXrvH+fm6YOt5enZ7yUrytOz28f9bTVPr04zT8/WX5SnN9u+WZ6el3fnxf9QzvZT1fo4md7nPHLHyfmtjZPs9xkUjZPs9lMdJ8k0x0m2/qJx0mz7ZuMk77jnxf9gzvZ5Wh8P0/v9mdzxcHNr4+H1mfWi8ZDdfqrjoTTN8ZCtv2g8NNu+2XjIO7558c/K2b5V48fH6MAYGxfD51168eZPNmw3099/Mf32zez3f7Sr9fbP7Oe+Zr79M/u5splv//Q+V5bb/semNxPWevtn9vtd2rXf5mvTD5sVff6saB53VU75VOdxZ024cWAyjwsvnZj/x7d7Yv5/Q7rs9NtAB//3pPkes6bxO/Q9ZkXXMV7PJ6nsAOD1HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA13ZVFY8vd127Ze9YR7/n5Z4dfuOr9P9pw9euu+M4fBi5818/u7Pn2i7vWHL32N+8+5MJ7P3H6zlu+/sDzc+/+21OFgfvGflaOT1erISTPJCFUf7zny5/b9cjho2VJCKGc9G0PYUGy8IEFSSbC4F9CCGvq7Rx/510vnLR2dHn1Dd3jyudngmT3K/SWY3sa2xnCZYV7xEGomo6zbXsvPSH89p2rrvnl4u9/r2vH09v3bZJUG8ZTCPPOb3x8Vwhhdvp/VBxti+KDQyiNLleGEHoaHndaQbuOabH9y3LWj0yXs9Jlb0GceP+SzHops112PerKLHsK6puuvHa0u12ROZn17MlouvLaGcsXpMsfpsvjpxi/HP8noZSESr3565N9YyQ0HLckJGPHslpfL9WPbUj3P7OeZNZLmfVyV2a/xupNB1o5ScaXx+0y5fF0XEnLj248Vzdxdk75q9NlNX2ivhjXQ/ZGTe+EG/X9GhPbtWeStuwPpYZzULPy+oFPD0ZvWtabLJzwmJEm4n27Vt24tLz6wd19Oe1I7kzS+Elb8bf9YsGcj333+ksW5cU/v5TGL7UV/3dnPPrsudd/62u58W+O8cttxT/xvp5nznjo2iW5/bMn9k+lrfhDTz180+JDL9iR2/5bY/xqW/FX7Hy0e+7e++7Pbf9g7J/ZbcV/8q3v/f0dj9/zdG78EOP3tBV/9c5Nn+/u33tcbvz7Y//0tjd+nttx6hP9/X8cyIv/WIw/t634t2+/5S23zb/h9NzjuzL2T19b8c889t5r5uy956i8c2dya6deOQFemQ5Jr7GuS9fbzTOnqyFf+OpApXbNNyf9P7eTFWWM1jNvBuMDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDy9KsrT/7oOe/44KpKEkKSs81IE/G+8qwVKwbaqHfoqYdvWnzoBTsayxa1EQcAAAAoFvPwUr2kGhaFS5PZ4cim28c5giPjWjK+PDuHEONk5wjajVPqUJxyh+JUOhSnq0NxZnUoTneH4lQL4lRDa3FmTxKnMjoqWmxPz6TtaT1Ob4fizOlQnLkdijOvQ3HmdyhO36RxWh+HCzoUZ2GH4hzSoTiHdijOYR2K86oOxTm8Q3Gyc8pTHYdz0y2PyIszdqNcGKeSlOt3NJtPPzyt56hp1tNbUM/cotfjFuuZ3WI9x2QeV5piPdUW63ntNOtJWqzn9dOsp1RQTxy3l2XbF+uJay2O/8s7FGdbh+Jc0aE4V3Yozqc7FOczHYpz1TTjALQq5v/78r2+0F15W+hJzzjZWYCYhy0e+znx9S7vhBTjvSZTPqsoXjZRz8RbnCmvFMXLTiBk4i3JlHeNi1ep5yOTxKs2xluaubNwf7MTCpn2HZ8p7y6Kl51YAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAZ9KsrT/7oOe/44KqQhNF/TY00Ee8rz1qxYqCNenetunFpefWDuxvLuittBAIAAAAKxTy8q15SDd2V5aE7mTVuu2o6D1BN18t9tWX/vLBydJkMlMbWe5IFkz6ukj5u2dYNm5ZtuXzbG9dtGLpo+KLhjW9efvLyUwdPOfWUZWvXrR8erP0MobsgXghhbPphy+XbPjm0fv3w5i21wmz7F6WPW5SuJ+nj+t8UBkeXV6ftX1hQX2lCfTN3o/joAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/8+u3YXIedV/AD/PzOzMdNv8s3/6Ng3NZshLiVo0iVtJtXQfECy0SchSkNnqWoJNsLhpQpuUWMc2YFsTFKElECK5MBKLrcWbvtgi9oVApEYDbgzSFu2FXiitVtKSC0kZye6c2ZnZmcw6lqaNn8/FPDPn/M75PWcuFr7PDgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8MGaqo5MVEbHxgeTEJIuNbUO4lw2n6blPvp++fnt3y8Mn17ZPFbI9bERAAAA0FPM4QONkWIo5LIhG66a/rQ0NE2E2dwPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD875mqjkxURsfGL05CSLrU1DqIc9l8mpb76PvGO09+5tXh4b82j5X62AcAAADoLebwTGOkGEphWRhIrmqpi88GFrWtb6+L+yyeZ137s4NudcvmWXfNPOs+1qNuQ/26KwAAAMBHX8z/ucbIUCjkFnTN/71yfaxb0laXrV/7+a0AAAAA8N+J+b/QGCmFQq7UyOvzzftL2+ri+l7/t4/rV3RZ3+v/+evrV/+nBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICPjqnqyERldGw8m4SQdKmpdRDnsvk0LffRd80Lg3+/5chDS5vHCrk+NgIAAAB6ijl8NnoXQyE3GAbCxdO5f/img09/8elnR0IIMzE/nw+7Nu3YcfeamddYt/rYkYHvHX3rW3PqVs+8nrcDAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA75up6shEZXRs/KIkhKRLTa2DOJfNp2m5j76vf+4Lf3785HNvNo+V+tgHAAAA6C3m8NnsXwylkA/5cMX0p+asf1ambX23ZwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAheOeb9z39U2Tk5vv9sYbb7xpvDnff5kAAID325KQhNp/6MqN5/uuAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAD4Op6shEZXRsvJiEkHSpqXUQ57L5NC330Td9/nhhwekXXmoeK/WxDwAAANBbzOGz2b8YSmEgDITLpz91eiYwnf+HPsCbBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD5UpqojE5XRsfEFSQhJl5paB3Eum0/Tch99H9t94LOHF3735uaxQq6PjQAAAICeYg7PN0aKoZD7eCiEq+ufJ1sXJNn6tfNzgdl121uWDc57XbVlXXbe6/a0nSxXP83MumLcb2jm2lhXnruu3LSuFBrtyy3rwr6WVQt63GcAAACA8yjm/0JjZCgUcoWmnPuTlvohORcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6GKqOjJRGR0bT5IQki41tQ7iXDafpuU++t73m/+/5Cs/3buzeazUxz4AAABAbzGHz2b/YiiFxeH/wuLp3B+GWutj3T8qZw4/+s+/rAxh1RUnhnPt2/4wvvnV6ze+2P4SQqa1OhPCwnq/pEu/X//u0XuX1848HsKqy7NXz+kXzt2vdcu09kxl8/odR09s7/HlAAAAwAUi5v+BxshQKOTu6pr/Y/Lukf8bpgP4wnt3//yy+ms9kbetyAzV+2W69Pv88if/tGLt3946m//P1e9TB7Yevqyl4cxImyStjW7dueHEdYcy8dQz/bNt/eP38qVvvvmvLbseOTPTvxiK9fFFuU795762uSitTWb2j697b3+1tX+uy/kf+u1LJ3+5aO+7Z/u/s2Sw0f+ac5z/3P0Hb3143/UHjmxo7R9CKHfq//a7N4cr/3Dng+3nH2zbuPmbb35tk6S1Y0tPHVp7sHRDa/+krX/8/n928rF9P37kO8/G/vG3IiuXzbd/pq3/K3su3f3yAxsXtfbPdDn/i7e9Oryt/O3ft5//jpZdc13vYu75n7j2qdtf25Te3z4FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwYZmqjkxURsfGM0kISZeaWgdxLptP03Iffd+45fjbt+390Q+ax0p97AMAAAD0FnP4bPYvhlLIh3wYnM79z1Q2r99x9MT2MDQzm9Svuclt9+z4xJZtO++64zzdOQAAADBfMf/nGiNDoZBbHgbq+X90684NJ647lIn5PxPz/5Y7JzevCo26V/ZcuvvlBzYuajwnCGH6ZwHFs3Wfnq276cbjQ6f++LUVHevWzNYdW3rq0NqDpRtiXWiuWx0azyeeuPap21/blN7fuL/muk9+ddtk/fFE3Hfw1of3XX/gyIbGOerXwfq+sW4ys3983Xv7q7EuW78W6+cGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOaaqo5MVEbHxkM2hKRLTa2DOJfNp2m5j77rlv/iwUtOP7e4eayQ62MjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB/swMHAgAAAABA/q+NUFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYX9+gmNo4rjAP7ebmK2u0mbWMGomKZVUerBoiCiFxUVaUUKnipFqq09iIIgotSDqbRiqYoXweqliApqlIKCjcXSKqn4r3jxoIJC9SCUYkAbigeV7L7ZbqY7rk6qoH4+MLy8NzPf+c28t7NZAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/lUG+kab7aHtD8zeeu6NHz929/FHb373vq0XP/La9+Mbr/9oT/3lE9Oblm/+6oalG/fds3pq1wsHfx56+9cjPYMfbjUrU7cWQjwWQ6i9N/Ps49OfnD03FkMI1Tg8EcJIrB8cibmEVb+EEDa165y/863jV2yea7fuHJg3viQXkr+v0Khm9bQMz6+X/5ZaWmdbZh+6NHxz3bptny17843+yaMTJw+JtY71FMLiDZ3n94cQFqVtTrbaRrOTU7s2hFDvOO+qHnVd8Cfrv6ygf15qz0hto0dOtn9Frl/JHZfvZ/pzbb3H9RaqqI6yx/UymOvnX0YLVVRnNj6S2ndSu/Iv5lezLYZKDH3t8u+NJ9dI6Ji3GGJzLmvtfqU9tyHdf64fc/1Krl/tz91X87ppoVVjnD+eHZcbz17HfWl8eee7uovbCsbPSW0tfVBPZP2Q/6Olccof7ftqyuqa+YNa/gmVjndQt/H2xKfJaKSxRjzzlHN+6yLbN73uyYuq698/NFxQR9wTU34slb/l05HBO17f8eBoUf6GSsqvlMr/ds3hH2/f8eLzhfnPZPnVUvmX768fW/PB9hWFz2cmez59pfLvPPLhU8vOumuy21w383dn+bVS+ddOHR4Ymt1/oLD+VdnzWVQq/+trbvru1S/2Hi3MD1l+vVT++qn7nx4Ym72kMP9A66PQaK7QEuvnp8krvxwb+2G8KP/z7PkPdcmPPfNfmdh19UtLdq4uXJ9rs+czXKr+Wy7ct21wdu/5Re/OuPt0fXMC/D8tTf9jPZH6ZX9nLlTH74Xnxvta30CDaRs6nRfKmbvO4r8xHwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Hd24IAEAAAAQND/1+0IFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgKcCAAD//wmAKXw=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000200)='.\x00', 0x400)
dup(0xffffffffffffffff)
ioctl$VIDIOC_QUERY_EXT_CTRL(0xffffffffffffffff, 0xc0e85667, &(0x7f00000003c0)={0xc0f0f000, 0x0, "69bbed9682b06e3f361ed4e57a83c956b1b194884ea943826213b3c865a4371e"})
truncate(&(0x7f0000000080)='./file1\x00', 0x2)

6.986307979s ago: executing program 2 (id=830):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='sched_switch\x00'}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0)='rpc_pipefs\x00', 0x0, 0x0)
mount_setattr(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000280)={0x0, 0x2, 0x80000}, 0x20)
sendmsg$MPTCP_PM_CMD_GET_ADDR(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYRES32, @ANYRES16, @ANYBLOB="040027bd7000fedbdf250300000008000400200000006400018014000400fc010000000000000000000000000000060005004e24000014000400fe8000000000000000000000000000aa14000400ff010000000000000000000000000001060001000000000014000400ff020000000000000000000000000001050005000300000014000180080003007f00000105000200090000001c00068008000300e0000002050002000600000008000300ac1414361800018014000400000000000000000000000000000000000800020004000000"], 0xd8}, 0x1, 0x0, 0x0, 0x14}, 0x8000)
r4 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000000)='source', &(0x7f00000005c0)='#mS\xb2j\xcb\xa18:.)\xc7\xcb\xc5\xd8\x91\xa1\"\xd5\r\x89M;\x99\xd6\x8e?K\x82\xd5\xd7\xab\x10\xea\x14\n\xea\xe9\xcc\xdc\xf3\xc0\xf8\x89\xd0\x0ep\xb1I\x04T[\r&\xf0z\xde\xc0\xf3\xcd\x9a\xae\xa8*v_(\x94]\xdf\xf1\x95!\xb3+\x1aD\xda\xa1G\x06M\xdaz2\xe9\xe6\xda\x92U\xaaN\xff\xca\xb37-<3\xb28\xb8:UQ\x95|\xe5\xaa\x0e\xe7{\xd4T\x84\x83\x86\x9d', 0x0)
r5 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000000)='source', &(0x7f0000000840)='%\\,:\x85X\\\x03\xa6\xd7}\xcd\xeb*\xb1\xa8\xb7\x81\xc8\xcbR\xa8?\x97 \xcbz&\x17\xa4\xfd^\xe1I\x11X\x90\x03\xb7W\x05\xb0\x99\x10F0\xb5YP9\xc3\xe2M\xaa\x81\xfev:\xe40\x9e\xdb\x98\xb4\xd0\xdcE\x14\x910\x1b.G\xab\x86\xdfy\xe6\xde11_H]\xe2\xc3\xb2fa\x7f\x8c\xf3\xc6\x85\xc9\xd6j\xff\xaa\xdbWD\x87\xe3\\mUSy\x0f\x82qW\fE\xd15ec>:D+', 0x0)
mount$afs(&(0x7f0000000040)=ANY=[@ANYBLOB='#ayz1:'], &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xdc)
write$dsp(0xffffffffffffffff, &(0x7f0000000280)="4b1f558d5c", 0x5)
syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="043e0612"], 0x9)
creat(&(0x7f0000000280)='./file0\x00', 0x0)

6.067627393s ago: executing program 32 (id=830):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='sched_switch\x00'}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0)='rpc_pipefs\x00', 0x0, 0x0)
mount_setattr(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000280)={0x0, 0x2, 0x80000}, 0x20)
sendmsg$MPTCP_PM_CMD_GET_ADDR(0xffffffffffffffff, &(0x7f0000000280)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x40}, 0xc, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYRES32, @ANYRES16, @ANYBLOB="040027bd7000fedbdf250300000008000400200000006400018014000400fc010000000000000000000000000000060005004e24000014000400fe8000000000000000000000000000aa14000400ff010000000000000000000000000001060001000000000014000400ff020000000000000000000000000001050005000300000014000180080003007f00000105000200090000001c00068008000300e0000002050002000600000008000300ac1414361800018014000400000000000000000000000000000000000800020004000000"], 0xd8}, 0x1, 0x0, 0x0, 0x14}, 0x8000)
r4 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000000)='source', &(0x7f00000005c0)='#mS\xb2j\xcb\xa18:.)\xc7\xcb\xc5\xd8\x91\xa1\"\xd5\r\x89M;\x99\xd6\x8e?K\x82\xd5\xd7\xab\x10\xea\x14\n\xea\xe9\xcc\xdc\xf3\xc0\xf8\x89\xd0\x0ep\xb1I\x04T[\r&\xf0z\xde\xc0\xf3\xcd\x9a\xae\xa8*v_(\x94]\xdf\xf1\x95!\xb3+\x1aD\xda\xa1G\x06M\xdaz2\xe9\xe6\xda\x92U\xaaN\xff\xca\xb37-<3\xb28\xb8:UQ\x95|\xe5\xaa\x0e\xe7{\xd4T\x84\x83\x86\x9d', 0x0)
r5 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000000)='source', &(0x7f0000000840)='%\\,:\x85X\\\x03\xa6\xd7}\xcd\xeb*\xb1\xa8\xb7\x81\xc8\xcbR\xa8?\x97 \xcbz&\x17\xa4\xfd^\xe1I\x11X\x90\x03\xb7W\x05\xb0\x99\x10F0\xb5YP9\xc3\xe2M\xaa\x81\xfev:\xe40\x9e\xdb\x98\xb4\xd0\xdcE\x14\x910\x1b.G\xab\x86\xdfy\xe6\xde11_H]\xe2\xc3\xb2fa\x7f\x8c\xf3\xc6\x85\xc9\xd6j\xff\xaa\xdbWD\x87\xe3\\mUSy\x0f\x82qW\fE\xd15ec>:D+', 0x0)
mount$afs(&(0x7f0000000040)=ANY=[@ANYBLOB='#ayz1:'], &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xdc)
write$dsp(0xffffffffffffffff, &(0x7f0000000280)="4b1f558d5c", 0x5)
syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="043e0612"], 0x9)
creat(&(0x7f0000000280)='./file0\x00', 0x0)

6.04374561s ago: executing program 0 (id=832):
syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x804810, &(0x7f0000005440), 0x26, 0x75c, &(0x7f0000005480)="$eJzs3M1rHGUYAPBnptmkH9GNIPhxEKGFFko3SXNpT40Xb4VCwWsNm0kImWRDdlO7sWDrWajNRUEQ9ezRq1DqH+BNCgreBdEaD+JlZTablMZsum3Sbkl/P5jO+87H+zxPd3izAzsTwAvr7eKfJGI4Ii5FRLmzPY2IwXbrcMSNjePW71+PgYhqEq3W5T+S4rRYb5W3xko662PRPiVej4i7pYjTH/8/br25Oj+V59lypz/aWFgarTdXz8wtTM1ms9ni+MT5sXMTE+fGJh5Zw2s91nrivfNHbv/47traT981br01cCaJyXbdsVFbtcdhHsvG/0kpJrdtX3wawfoo6XcCAAD0pPiefyii+F4fpSjHoXYLAAAAOEhaQy0AAADgwEui3xkAAAAAT9fm7wDW71+vbi7P8vcHv78TESM7xR9oP0MccThKEXF0PXnoyYRk4zTYkxs3I+LO5Pbr75viCruxx7HHtvUffkZ6cI+jsx/uFPPP5E7zT7o1/8QO88/A5rsT9qj7/Pcg/qEu89+lHmN8/+Ubpa7xb0a8ObBT/GQrftIl/vs9xr+19sntbvtaX0ec3PHvT/JQrF3eDzE5M5fv+vqBu/+eurdb/Ue7xU92r3+px/o/XP9rvttcUsQ/dXz3z3+n+MU18WknjzQibnfWRX9tW4zjCz//sFv90xGtJ/n8v+qx/l+/HbrW46EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQlkbEcCRpZaudppVKxLGIeDWOpnmt3jg9U1tZnC72RYxEKZ2Zy7OxiChv9JOiP95uP+if3dafiIhXfjmyEXQuzyrVWj7d7+IBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYciwihiNJKxGRRsTf5TStVCIGejh36BnkBwAAAOyTkX4nAAAAADx17v8BAADg4HvS+/9kn/MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADrRLFy8WS2v9/vVq0Z++2lyZr109M53V5ysLK9VKtba8VJmt1WbzrFKtLTxqvLxWWxo/HyvXRhtZvTFab65eWaitLDauzC1MzWZXstIzqQoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDHNdxekrQSEWm7naaVSsRLETESpWRmLs/GIuLliLhXLg0V/fF+Jw0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMC+qzdX56fyPFt+bhqDncyel3w0NPa/8dFzf4X3eWICAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAv6s3V+ak8z5br/c4EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/kp/SyKiWE6WTwxv3zuY/FNuryPigy8uf3ZtqtFYHi+2/7m1vfF5Z/vZfuQPAAAAL4QLj3Pw5n365n08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAr+rN1fmpPM+W99a4EM3VVtLlmH7XCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPJn/AgAA///3Y8EX")
chdir(&(0x7f00000000c0)='./file0\x00')
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000040)={0x6, 0x0, {<r0=>0x0}, {0xffffffffffffffff}, 0x0, 0xe})
sched_setscheduler(r0, 0x0, &(0x7f0000000100)=0x4)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/locks\x00', 0x0, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x0, 0x34324152}})
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f0000000480)={[{@grpquota}, {@resuid}, {@resuid}, {@noload}, {@lazytime}, {@data_err_ignore}, {@discard}, {@data_err_abort}]}, 0x1, 0x5df, &(0x7f0000001980)="$eJzs3c1vVFUbAPDnTj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUcPSxDF3em/ptHf6ZTu3cn+/ZOi558zlnOn0mXPmzDl3AqiswfSfWsT+iJhOIvqT+cWyzsgKBxfu9+DPj86mtyTq9dd+TyLJ8vL7J9nPvuzknoj48Yck9nWsrHdm7trF8ampyavZ8fDspenhmblrhy9cGj8/eX7y8ugLoyeOHzt+YuTIph7X9YK80zfffb//k7E3v/nqr2Tk21/GkjgZL2d3XPo4tspgDDZ+J8nKor4TW11ZSTqyv5OlT3HSWXzf3nY1inXLn7+uiHgi+qMjHj55/fHxK6U2DthW9SSiDlRUIv6hovJxQP7efvn74FopoxKgHe6fWpgAWBn/nQtzg9HTmBvY/SCJpdM6SURsbmau2Z6IuHtn7Oa5O2M3Y5vm4YBi8zci4smi+E8a8T8QPTHQiP9aU/yn44Iz2c80/9VN1r98qlj8Q/ssxH/PqvEfLeL/rSXx//Ym6x98mHyntyn+fVoEAAAAAAAAG3X7VEQ8X/T5f21x/U8UrP/pi4iTW1D/4LLjlZ//1+5tQTVAgfunIl4qXP9by1f/DnRkqf811gN0JecuTE0eiYj/R8Sh6NqVHo+0qmBXxOFP933ZqngwW/+X39L672ZrAbN23Ovc1XzOxPjs+BY8dKi8+zcinipc/5ss9v9JQf+fvh5Mr7OOfc/eOtOqbO34B7ZL/euIg4X9/8OrViSrX59juDEeGM5HBSs9/eFn37Wqf7Px3+ISE8AGpP3/7tXjfyBZer2emY3XcXSus96qbLPj/+7k9cYlZ7qzvA/GZ2evjkR0J6c70tym/NGNtxkeRXk85PGSxv+hZ1af/ysa//dGxPyy/zv5o3lPce7xv/t+bdUe438oTxr/Exvq/zeeGL018H2r+tfX/x9r9PWHshzzf7DgizxMu5vzC8Kxs6io3e0FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEdBLSL2RFIbWkzXakNDEX0R8Vjsrk1dmZl97tyV9y5PpGWN7/+v5d/0279wnOTf/z+w5Hh02fHRiNgbEZ939DaOh85emZoo+8EDAAAAAAAAAAAAAAAAAADADtHXYv9/6reOslsHbLvOshsAlKYg/n8qox1A++n/obrEP1SX+IfqEv9QXeIfqkv8Q3WJf6gu8Q8AAAAAAI+UvQdu/5xExPyLvY1bqjsr6yq1ZcB2q5XdAKA0LvED1WXpD1SX9/hAskZ5T8uT1jpzNdNn/8XJAAAAAAAAAAAAAFA5B/fb/w9VZf8/VJf9/1Bd+f7/AyW3A2g/7/GBWGMnf+H+/zXPAgAAAAAAAAAAAAC20szctYvjU1OTVyXe2BnNaGeiXq9fT/8Kdkp7/uOJfCn8TmnPskS+1299Z5X3mgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADT7JwAA//8hASTV")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x22041, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(0xffffffffffffffff, 0x800c5012, &(0x7f0000000280))
ioctl$SNDCTL_DSP_STEREO(r2, 0xc0045003, &(0x7f0000000240)=0x140001)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$pid(0x3, 0x0, 0x2004)
ioctl$FS_IOC_ENABLE_VERITY(r1, 0x40806685, &(0x7f0000000a80)={0x1, 0x2, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(r3, 0x40806685, 0x0)

6.001754931s ago: executing program 1 (id=833):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000600)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6469725f726573765f6c6576656c3d30303030303030303030303030303030303030332c726573765f6c6576656c3d30303030303030303030303030303030303030362c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c636f686572656e63793d66756c6c2c6e6f61636c2c004c98065b85e5b137d63b2211c62c402045083da9bddc3b0d88d44ecd24ba5288d428197284f332858b83349af2c7646f1e07e91120d7f23ce20389bbc031d81d654f1ca08f61c92d90e6ea478843c1ad942c7c257f9ff5348dd038e947775991ad90f8861dada21d5fa2de7042b5e2cbbcd1ada2b568e375812eb0bc448e68eda4c70cf1d5adf566142ed45924fe72a1eb1a914faf754b9d94bf0fdc1f98c708bd89940b5ef96e328240c39559b35bc83c15c15104f3b3fe1945f0278c34e2399dadcd9776ac659afcbb239569140ab408ad87f15b353941"], 0x1, 0x4421, &(0x7f0000008940)="$eJzs3c9PHGUfAPBnBt63UNsKtYeamLiJTTRqCPSk0kRKaSm0WFNtY7xsF9i26MI2sBgPPeCtiScTD8ZDo4k3Tg0Hr/VP8OKxnpvowYuJSSNmd2eBGXbDSliwzeeTlNl5fu9+d5595jB94kTl9txSbm4pV1jIlWduLp3OfVYuLc8XQ7xPDrp/2tOJOIn9wbly7sIH10+H8NPsL4/X19fXQ1V3aGpoy+s//7g7s/XYEGfqVNtt3tpe+TiEcGLbuKq6Qggf/RhCFEI4m6SNJsfeEMKxUM+7fvfLG7k9Gs2DR8Uz+SdT99aGT02u3l9r/d6jEL4tvfjmrfnfXuka/vX1PeoeAAAAAAAAAAAAAAAAAICn3PjVK9feHxwKD6PQvRptf153PDm2ej52fc+83Pk3CwAAAAAAAAAAAAAAAAAAAP9Rm8//56LjTZ7/H0uOIy3qr7/b+THSORPvXRk7PziU7P8ebct/K0n6/WxX6G+y73t2//ezmfrN93/f3s9uNcbX6LcvRPFA6jyOBwZC+D7Z+P1kdDgulZcqb9wsLy/M7tkwnlrp+Nd3709FJ9nQv934j2ba7/z+/y9s+zZVz2/s3VfsmZaOf1fLcj98EbUV/3OZevsRf3YvHf/uWlrv1gIj9QmgGv+vuneO/1im/U7F/1gIIRdVx5pLzQDVNUw1vdV6hbR0/P9XS0tNnckH2er6/ysT//OZ9g9q/l/J/hDRVDr+/6+l9aRKbF7//fHO1/+FTPsHEf/q+Ff8/rclHf9D9cTuVJHaJ9nu/D+eab9T8b8WJ+M8FqW+AatRPb3V/1dHWjr+PdvyN+//4rbWfxcz9ffr/q/Rb+P+rzH9vxbV7/9oLh3/3pbl2r3+JzL1Oj3/j9TWf+xWOv6Ha2nptXNf7W+78Z/MtN+p+NdWJT2N+G/OJ38fqqd/Z/3XlnT8n6snxltLrNT+1tZ/0c7r/0uZ9g9i/Vcd/0rc2V6fFen4H2lZrhr/n9v4/b+cqdf5+IcwaK2/a+n4H21Zrnb99+wc/6lMvU7H/9VONg4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwFBhNjn0higdS53E8MBDCueT8ZDgcTRdm89Ol8synSyGMJem5cDy6VSpPF0r5uYXybDFfKJXKMyGcT/JPhJ5oqVSu5OcLdy5stNUb3S4WFivTxUIlhDCepL8Ujjbamp6rzBfuhBAubuQ9H5cX79wuLORn5xbfGRwcHAwTG2Poj4qfV4oLlXrv9dwQJjfq9kVbBlfLvrQxliPRJ+XlxYVCqZZ+eUudUnmmUNpSZyrJ+zr0R5XF5YWZQqWYL5VvNfo7SCPJcWzi6odXLw9ty78R1Y+j+zssAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP6lh8NvfxNC6K6fxSGEXJS8iJJ/KQ8eFc/kn0zdWxs+Nbl6f+1xszIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/7ADBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFXfpHaSCI4gD8Ziy09BhWy25nu6KIFq4InkCP4WH0KF7CO1ikSJsiBJJZCPsHtkmq72sezI+Z92AeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyz2+de+vdROR4mp7GfH7+fd/nD+X+n03ff/iDDNyOk8v3f1D3ZR/T6P8thyt2rxPN+uvj5iovZ/Bngz36WDcZ2hu3+bm6/teR8pVRLQlv0k5V9WytwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAHTtwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgWMBAAAAAGH+1lH0bQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPArAAD//z8QH1I=")
timer_settime(0x0, 0x1, 0x0, 0x0)
r0 = open(&(0x7f0000000100)='./bus\x00', 0x143142, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0)
write$FUSE_OPEN(r1, &(0x7f0000000080)={0x20}, 0x20)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$FBIOPUT_VSCREENINFO(r2, 0x4601, 0x0)
r3 = getpid()
sched_setaffinity(0x0, 0xfffffffffffffddf, &(0x7f0000000040)=0x2)
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6)
openat$misdntimer(0xffffffffffffff9c, &(0x7f0000000040), 0x400, 0x0)
ioctl$BTRFS_IOC_GET_SUBVOL_ROOTREF(r2, 0xd000943d, &(0x7f0000002000)={0x0, [], 0x8, "5bbd82c248d4d6"})
r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r4, &(0x7f0000019680)=""/102392, 0x18ff8)
sched_setaffinity(0x0, 0xfffffef7, &(0x7f0000000740)=0x410000002)
sendfile(r1, r0, 0x0, 0x2c62)

5.905712874s ago: executing program 4 (id=834):
r0 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r1, 0x0)
openat$drirender128(0xffffffffffffff9c, 0x0, 0x100, 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0)
r2 = mq_open(0x0, 0x6e93ebbbcc0884f2, 0x0, 0x0)
mq_timedsend(r2, 0x0, 0x0, 0x0, 0x0)
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_mount_image$ext4(&(0x7f0000000880)='ext3\x00', &(0x7f0000000500)='./file0\x00', 0x21404e, &(0x7f0000000280), 0x0, 0x511, &(0x7f0000000f80)="$eJzs3V9rLGcZAPBnJtljTk/apOpFLbQWW8kpenaTxrbBi7aieFdQ6v0xJJsQssmG7KY9CUVS/ACCiBa88sobwQ8gSD+CFAr2XlQU0VO98EIdmdlJmrOdPcmh++eQ/H7w7r7z7sw8z5uczL7z58wEcGU9ExGvRcRURDwfEXNle1qWOO6VfL6P7r69lpf8kzf+nkRStkUU1VM3ysVmem+VOodH26utVnO/nG50d/YancOjW1s7q5vNzebu8vLSSysvr7y4sjiUfub9euVbf/7pj3757Vd++9W3/nD7rzd/kCf9zfLzsh9D92HxWst/FqemI2J/FMEmYKrsT23SiQAAcCH5GP+zEfGlYvw/F1PFaK7QP6SbGX92AAAAwDBkr87Gf5KIDAAAALi0Xo2I2UjSenktwGykab3eu4b38/FI2mp3ul/ZaB/sruefRcxHLd3YajUXy2tq56OW5NNLRf3j6Rf6ppcj4vGI+Mnc9WK6vtZurU/64AcAAABcETf69v//Ndfb/wcAAAAumflJJwAAAACM3KD9/2TMeQAAAACj4/w/AAAAXGrfef31vGQnz79ef/PwYLv95q31Zme7vnOwVl9r7+/VN9vtzeKefTvnra/Vbu99LXYP7jS6zU630Tk8ur3TPtjt3t7y/EAAAACYlMe/+N6HSUQcf/16UXLX8pepAQu4VgAujfRBZv7T6PIAxm/Q1zxw+U1POgFgco6rGq+PPw9gYu651UfFoODsxTv3HDP43ehyAgAAhmvhC9Xn//NdgNqkkwNG6oHO/wOXivP/cHU94Pn/90eVBzB+NSMAuPLOe9THwJt3VJ3/v1Y1Y5aduy4AAGCkZouSpPXyXOBspGm9HvFo8V/9a8nGVqu5GBGPRcTv52qfyaeXiiUTjwcEAAAAAAAAAAAAAAAAAAAAAAAAgAvKsiQyAAAA4FKLSP+SlM//Wph7brb/+MC15N9zUT7S662fv/GzO6vd7v5S3v6P0/buu2X7C5M4ggEAAAD0O9lPP9mPBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBh+uju22snZZxx//aNiJivij8dM8X7TNQi4pF/JjF9ZrkkIqaGEP/4nYh4oip+kqcV82UW/fHTiLg+nvhPZVlWGf/GEOLDVfZevv15rervL41nivfqv//psnxag7d/6en2b2rA9u/RC8Z48oNfNwbGfyfiyenq7c9J/GRA/GerVljxQ/n+946OPtHYW3lkv4hYqPz+Se6J1eju7DU6h0e3tnZWN5ubzd3l5aWXVl5eeXFlsbGx1WqWr5V9/PFTv/lfX9N/s56i/zEg/vw5/X8ur9TONGb9YcpgH9y5+7letda3iiL+zWerf/9P3Cd+/m/iy+X3QP75wkn9uFc/6+lfvf90ZWJl/PUB/T/v939z0Er7PP/dH/7xgrMCAGPQOTzaXm21mvujqDxWBila3s2ybISxVD5l5WR0d7950gvMM7Ay87D0VOW8yjCObAEAAA+bjwf9k84EAAAAAAAAAAAAAAAAAAAArq7OYaSjvp1Yf8zjyXQVAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOC+/h8AAP//3zjXUA==")
socket$nl_netfilter(0x10, 0x3, 0xc)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8)
fsopen(0x0, 0x1)
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file2\x00', 0x404, &(0x7f0000000080)={[{@delalloc}, {@jqfmt_vfsv0}, {@journal_ioprio={'journal_ioprio', 0x3d, 0x7}}, {@debug}, {@nombcache}, {@noinit_itable}, {@nolazytime}]}, 0x3, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")

4.64409208s ago: executing program 0 (id=835):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={0x0}}, 0x0)

3.641805029s ago: executing program 0 (id=836):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbeea, 0x8031, 0xffffffffffffffff, 0x0)
prctl$PR_SET_MM(0x23, 0xa, &(0x7f00002d5000/0x2000)=nil)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='environ\x00')
fsopen(0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x800000001, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
preadv(r0, &(0x7f0000001400)=[{&(0x7f0000000040)=""/113, 0x200000b1}], 0x1, 0xc002a0, 0x0)

3.639672372s ago: executing program 4 (id=837):
creat(&(0x7f00000002c0)='./file0\x00', 0x0)
bpf$BPF_TASK_FD_QUERY(0x14, 0x0, 0x0)
openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
fallocate(0xffffffffffffffff, 0x0, 0x55d7, 0x2)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
r0 = socket$inet6(0xa, 0x40000080806, 0x0)
bind$inet6(r0, &(0x7f000047b000)={0xa, 0x4e20, 0x0, @loopback, 0xfffffffc}, 0x1c)
listen(r0, 0x20000005)
r1 = socket$inet6(0xa, 0x6, 0x0)
connect$inet6(r1, &(0x7f0000000040)={0xa, 0x4e20, 0x6, @empty}, 0x1c)
accept4(r0, 0x0, 0x0, 0x800)
r2 = syz_init_net_socket$nfc_llcp(0x27, 0x2, 0x1)
r3 = dup(r2)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)

2.914571001s ago: executing program 1 (id=838):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_STAT_SET(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}, 0x1, 0x0, 0x0, 0x30004011}, 0x0)

2.640465452s ago: executing program 4 (id=839):
ioctl$HIDIOCGRDESC(0xffffffffffffffff, 0x40305829, &(0x7f00000002c0)={0xa, "3a820000001300000000"})
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x0, &(0x7f0000000000/0x400000)=nil)
syz_open_procfs(0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6)
r0 = getpid()
sched_setscheduler(r0, 0x1, &(0x7f0000000240)=0x1)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0)
r3 = socket$rds(0x15, 0x5, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
sendmsg$rds(r3, &(0x7f0000000080)={&(0x7f0000000280)={0x2, 0x1, @multicast2}, 0x10, 0x0}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a310000000008210000060a010400000000000000000100000008000b4000000000e0200480300001800e000100636f6e6e6c696d69740000001c000280080002400000000008000240000000000800014000000000a020018008000100636d7000942002800800024000000000802003800400010008000140000000000800024000000000080001400000000008000240000000006020038005100200a90d8186dd9efb77945d4572e9250044624d970b50fc66cb702a177c037d5d33cb708459b4744c8034a5d40a7310a0a4211dcd872045d96e492938e6325e35ca81dc004b0ba0ce549037fd2d70d1b2d12539b1cbb5ba3555cc28f28bb45ea49f8003251eb87398fdfe0c6bccf2853eccd5a7499f529613d563fdf706ea593b8e45e0587b61da49b5b3e1321596ba311c7c3cb99e2cb62bbb73739476bc102dbfe9efd0ffbe4feb9d2cc5be7b8ae7750d134a2b00ad95f3951a49ffa0e9e6d3caad09ed25ecc1f8cbbe60f798c3b5ce1230b1958743ef0ab13af7c693a14963680a9d090687f4505a5bb48682ba21f2ca6007497708d986be5997e9bd01e2ee56f78cfec2bbd5647aae29d4376259d7ec98ec2b47e755820ee06307ae70545713a85ba88dcb197314328ea61cb1be2590e500c8189569f252bc6177a1189d786979223e91f2a488018930a21e267b23d1c91600500a4ce1aaa2786cd4bcf986befc62d9d7ae427e9e65a82b4148e4f3470d765fd8a14a30d8fbb5701ff24d8d87a95035d25c1a60a92521c56dcedb99ed9eb31898d4967fd13c016ebe4cf77ebc29d8d3a473ade50796d17a7062d05284d5f55e6078d923778fb489e4177fa63ce5c623776aa3a4dfdb9dd9566e44d6785fe73d6c26eea4fc3346637a38565ed935ad7003c22aa290abe1469aaf4352b8868613dd2d364b142480db13590ad4818c472a8f24574f00c1dcceb38a7827f84f34d04d3fc0f0bcc4629484445952323a431bc78dc8282cd12977aedfd75d16ddd7f38f0d64957d7aafb96bf75ad28e44eeade61488b065d2787632cb921811adc87f4a540ec6ac33075770a09ac8cddf4b9dddef06c47507e8eb55f9bc3ee90c946d29d4140eeec87d252ebea618beb892d0134deeca647dd0bfe33092f2aea477d755183589aad25d08f7cb03a51aca9ffe2439a2eb10093a2fdf90fec9a4f6daa4885ea803b12f895c2ecf0670d288fa1317d410d62283fb817c6a564c7be32e66750e7e7808dcd3a3c3b0a9d31c59b7639e476fa458de655cf9346a73db16ee4b9db9ede516033f5702abdd033ca75685d12d19d378dae3fc66fbce17e7ccb847d82518ec694ac07cb7995e43d4013d59bd0e388baf1dbbfb5839136b82e4d0cb5fb79879632498bd18f8434068b3e6de7a835ebff0320031738ce92433968d66b5c09b470afcbb367715b9e9109dac8b3b1fb98875d6083eb9c9788661b90b9385327215a4d90e965baa51d0e644b42239434829407d6f9ad7ede336febe80aa657d3f4187c6f572d880a9fb6bd0e308c9f9a13713da757b2e73eed56e31caef09701a4d8d88760eebd917bdc606cfb252cbdc46695a5bcaa513c24d7d49e7d3b56204e9d2d7f31b73c9f7ddf5cc1801c3906e279d2aa240719e499771d071503834c641e15a4d24a9f0b3279cb3e992bf4a9ef47ce77eb0b9d3fe62d83106b7fdaa5191632d63c713e5a10afcaeef2fb27bc9f7c8062317eafc70d7a2bc3ea97facb334bef6803534af98eca03055d48d89592825456b336d5c4afbc6eec7c40cb1cf72e4710d148b7d606bb17ac01d8b0d0f9b08e6ca6fc0f03cb139446ef9cbfb10764dd76a8c83131cabc1a5d5d2204d5b9ee7ce50bc75320867adbe37432f9ed9c6a3f037db9231c0717aec6c67bfee2da413ff3c273d6a99baa934502e5dd8c04e6a1a32e51cc93cbbb4b9cea7de0f3590547574cc08a81700c95a73f98667d9cb0fe7808a884b2c8105101afb21a32c6966a297d74b05bba6816ca36d1af91919fafb329a0c7543646110ce9589db1fd64b1b892cb4a7ba571d775771f1674e50240544ad7fc043d0ebd3451e8b0e8173155eaedf3169311dee2b14653e31f4d1d49caae6c794cf8d305a1fdcf0ef500b132452796a9e2273028f7cf28e7b6f6f2c659c6dde4b5f87a31c7399f12684474cc76e730f5994483769c29942a3f978e5c96381091f3310b3769e2c080386c09308d3c2c6967f9f8f9270348ab8c7bfc3808b69b5b972701b949db2c68d5dcaf8a322aa677c56f308085321275a3538a1cf36b43cf754aa5755c08b4e166135247259ecaf944f9d75bf4c53da5025d969620ccf765978fe447d7dad3ccf901a497e8157776b822a4086bb7f7861e4b42f5b146f58f401277665756d67bb302cf36f77600dfb4ab2952bffd706a428ad5fc12a7405cb65805eed29aa3dceaeb7ab7fcfe9c0420ec11ad2a7fa8190f7534b097a21a9294627e9062cd8f5ad5992fb76dd1c85112b405da1ab5811b73031656048fb6a1ec5be27eb223b3d2c70ec56aa155641ddad38b9aad4714442b7e875b08e8159b06391f6269975150c9ac27f09e04e7d7af6d6ccf2201ed8bc3845b6143e07725e831fcfe566febee3e1ec042eb3f9c600b4395ee258aa639600423c06b8ad28c8e7076ec826de2e36f63e1f6b3ff6a578a98eefc64f8b865e8cae0c8fffdcffcb4011424b926da136ef0ca8ba1f82027fc026bc7cc0ac4b1695330a8159138937ddfd17aced7b6da605f8b46c8352daf2aeaa5cc693d245270a9b462554932a49b7fe6b64d3dee73b347c23d38e321d1ccc2edbd1e7b011169abd9e2c0a5835edc314d234cec89eadf95ef5e2e0c52765cfc8938d7446d10ec6538d2d10e991c9758c502c373433308e7c4def8dfda32576e3357f5d14a28b7d95f19a57951685ad990bfec96080c5b6cc472390c0eb8ace51bc0b8cd7a609dd6f5f2af0a8e24c072630ecce110d29c74b69098ea9a594d285af4bd8f47a2e530d51a09c924425875856d27c4ad0e8de4d09aa79c706bd101e703162698228afdc0882ec4816d9885c058df2588f0d1f1fb6e052c5737e6ad0a3b37f1c2668f5b38c3423d43b75efdbba5a2f873aa9e08dd72d2bc18fdf2be6066acd14d6a3dfa6c8ea21bf492f9c06001c52e1e8a65d2e0d9f1104287ae72cbeb8b7ad2e0c159edf2fa3048b951b11ab587f247fa130e43c208381c4b717039a8eb44729826228ba0a5238ba288d462e09fadc02023bbac3058e1ee5dc7b0ab750043dd95bdeed3e776493c908a6d4d15f2a9be350432914c18418d72546c86bb2f84af0781901d5c1453aea32b2b758e9e38184ff9cd9e53c4675ba0d8d65c8db44e0c83e5a2dacb205f9c76b52fa71d1861621ea1aaab767f7de6ff25d40032a44c08c87d153fd982bd3786a4e074509a677751dea2ee5e9d06ac20daf554e25acca14c752d534f4e7c424f69e39b50ab13eff0854fae1402dead4f0ae4ebe1304931e3beb1c938fda548a77e799ae2c49fb4bcce2fe1207e1c638f3bd8bcc50a8d840755469bd0d7c11cf688b2a77502659e41e19bd59ffb1a5844cbbd78e6c05ca3a14d53b6596340db9a2b52faf880922ee2f7b16953d5c2c2a69d3ea0dc1dc3f040c9d82df1899b9679cdbe76f8a2eeb790ed801c1cca981b0953781a6b80f3bb17d0ee1551e19b9059a3919fc3a7b96f8ead60fe4b6866c9fb9fa4644cd2fb4904b532a07f626d83e2f9ade92ff10771156bba81d39afa91e3d4f8879cfe629a19f7f0c450ffc0e631d8b693ecc8bc485435418778e58175e46bc0b12d1e14c81538c4959d591b3b7ca34df421d36baf4dc13bcdec29d8d58f77c4e848eff2c6c5215a69b7ed2710f5c4805203a5dd47cfc88f4c60d57e1119b9557ca1195cb24faa9ea80ff4ff79fc14fc219bfa837e55f950b4a10d3f09039382fddf76c4dc1dad1a6f17dd4ec1b74287632bdf440731aa2ac699157c4ece488bb997d9cdfc5cdd64300b6fda65cc770d3065fa3c5e6613bab21f11cc1334fc9999f27385df88eacb83064d13516cba7e3da25dc8fdde2624a02d9a0de711d9ed3a7b181a4195a13901936ef41942dff284f3ea932b6cb05162f96140bb4ba3a522e963dead3ef44f91f81cc79b1c41220e8a36ac979e4c994cdc927d433aae5f71b37177b3c9e452ad9bcc8424910fe15f4f552654b1e2c71869f4b4bc14530fcbb86fefff94f0abf6ee4bb65f9abf1ed1f0ba4211686fccd0d925c41636d9c4b3065faea5c4d50858cf2e1cf4c60a2da6170890be80e298fd3516912054e169ee8c58abdff3835c9ff31d4f8e62e73ee3a8f356c5516d4b3e61f67a9dccac2e6893650127b5f36363c44e5e13bd37e37e7e378e7aca7cbe84ae17c359919523c24af37e33a3bcbf9b89e02eb2abe7940e9c6801d7b114c06b7e20a5581d2a2354fe0ef17a3b21ec7e036e65a80264c4d5cb0d36fd49470a8cd76631aaa68170cea2c7ead3f544de52fc84f7ca78fa1a9dd5d82b7f8abf005c5c8027c0fe946b8d8f8df1b4687c61eb3e7832c6f6cc3e23197ce0f6612ad29e0602868fc445643e224aae3b19e483368ac778a7b5b23c2fcccfe0f56b4f727f81e8dd9a348346bbc053445c0969241dc09a1bf5fefd6db18bb29802db165c713e5093f16096bb5ab42bd0b5e74588265650521dc392e58bc1f7f7e9912f4148b9dbe2def637cf87c39bba1be6abc6f31b890760525cfe321e60acd0f0353fd439326f67cd02b49487dae9de255924ce89ad91cf6e9dc6bfccde71d43cf4615098b8e922563ee5638551341f74db73e838bce25c9aa49d4f244206331465f875937fad33f08e1e5caf890993dabd8715eca1cbfe11a3c1e6c8df1650f7aff6fd64b8a82cb712941d015ba7a46a463216a96fe1947b6cc20deb587bdfea9d2c8f854c5f5490d406a93b33ce86a79a3c760cfa1bd95fb6ca6818c5661aeb6b577ca7cb82c44b6ae51593ab6d2fe9bae16a8c4973f9eb5681c0f26ceae2a892b600b04ded46a44e6f2123036661f72db3f83dc28524f151f5fabfea809298ae6df21b0b0c6660d35eadfba1f79cda3d163f84702b8d8e1509c03205ad228bb38c9028efaf4e4a271ff481cd0671a6089e0ef256372561fab8cb9d18897ac0be5659e52adde6a0c88c531868ae65678984546dd8375c1985228e66dc16858cb009e5dea35abf08b91d20b43579cc3687c9bcb3e1936a7bd3fc9c943e03c4108942253dbffb6d9335760cea4712ba0da73b70ed937b54145b212075033368c92ab1b0374ec80ebeaeb1c01cecc2b701d70b2ffdfaf451c955b9c1b6723107cdb21713dc4ea4c25ad0857d2003995b5fc9be44019f860bce55f8baedbf1ae7eefa073dfaa41a728e46e4015ef421536f1a8df488f314d412d271889e13f9c79cd9cbb9fac442496a658018455e159a871be4f8c993b2c2289cf32b6dec9752dc4cbc9818521a5000c4d0da238661b68bbfd15d3a34e59e3bb7d8aba729cfe1880279dc6f9647a7cc2d457cf77dce60c048d4acaa3738917996545e4b10423f94a8c24e2050a73d83e91cf62a10f80d3143b3256ee613ad1bf6fb2b9161066a01765c02ef1359607d207874678e0c292d3557cbd2cf7f69fb59f532db5c1b4fbe6ef7d439d6c5d19309cea681a922a8344d12ea7d29ab52a35bede602232fd71cfa4caeaf9b2ee4dfe7b2595ab0160bb544c7f3b5a84cb6761cc74e4c3654810b56c7230ca9cc4d1e52630a169563753e2100b0addc3885df4054cf69cac41be08b9a1330d847b5a8198bbcbc5c9aa161c94fd8b4169da20034cda8ddbb790105de988cb44c57fe2d1db296d6cb1c810dbdb738e19c4bf5b68295d3471e691a5941c0919b178b89ecaad90baf1d8bc71f3bfab79ee4cb48f9b227f5578800571f3e4aefb7b6ada974d8345ff032ad1c7caad846be5bde35529da94efbd73383c0bde3ec151e345dc42bfb8ce8a7d2bc72af755e592648cb5b25fc1593c000100f3ce6a0b6103287ad0d9b79c182d942c365ac7122df66b5882582a83eaf684e22f18dc7d8a41bb07c922b7bef566ed6b7008033059ac8dc7041001004f77a05b3b105dffbec29a1956ef0523846c7b4c6880dd0983f82e81d49fe3cafefd137ff65daf724911071bc2c81c5e2fbbb980e253a011b51eb322eed64586378dd2c1758e8f88295a1edac7716d8dac4229a2c4a58265425c8a045e1b2fb7b14fba1ecfc0eca4c9a93e4c76861c824e7364984afeb9e6c5e23771fa8e52890daf5f57be13e25ae79da6d537d128773042704836a78d6366803924c979579693942f098c8bbef0a3367ccc56d8dcf43a21b1e10fabc70059cc7a2a6b8896abeec7be4e490ce14e8a0a2f3836b61b915bc2039641f422fb696d5f81dedb9563b9b80f3b653beb6c873abb2368ab56ff32b6391d7a174f4ab06ec1e0331e5f0cccad99623d9a372cb3150ebd4a397b15becc35cc5232b0139f12ef50db0beaec1201b018b8c5990da56e604914fe22289b2ca4e51aac88e4312771294dc039ec02f9a5b333d1a19e8cdbb45f234e929ad2b7c92d4541f5f0549e3fe240108122f91e73f43e8876678b72fdf35b966e11c8bc5a98e2581de1aa169fdbf8b745253cefa6711cc5583b7e81adfd3aa4a46e1e0a3ba0c09934e6a7c22a818dc7e28660b90db40eb5895e3f8feda6d5928a3371072348ce4ce62619006aeeb3e77e7010443a6359c84a91aeea866c0327f98a6a9a41ac9afe9b7c70095fa7b83c270f750abd7e011b8b707eae6d63abafa360113e24f4f9489015461c2a7897a0e862dd70788b01c0f3910a683d4b5d5ee5890421932bc6c94fea8c746eddccd707f34eb19a9fd7b435d88e6feca7ecf3387e18485c772be6bc056628c68bccfff5a70acb458163a5ed43ecfb4a29e8422627577302a9e38d7d2e65d2442a4766b7e1127312053ea340b4b2efb795d14633058f746adb741b92fa5fbaf4d2923e616d0edc3c51f692ca67f2b13161a3151575e0f57089c5bdd60e5a31a39cd3802adcfcf1ccb12e4f215d41c69df2f3fa548ec98a5bd25a901acbbbc9944cc2044a3b822c25f309bbf1b0d0584ce174cf6acce374dc856113ae1074e65b80fa55b1073ac9f100c07d59831a17df9779e1b35851e652f4258f7ff2f0b8d336dc034636f54048b17fb739334bc3e98051739523838f528736c8c14d5e8493a8d4f30ad451c26fdc38a718d9f4bbaca594e86862b65148dc94faaf9e45eef1ca838256f2372784c1b316524340224b2e3723fe275e44e8bf98b2ef9eb1addb7d47474ff3d5f1d540431ab93043748f8f64c37c76ae473f6437efb6dfc7a24092a0bc324507408d23a10e293868c00308d1b566fc9ab3c157fd7e76fb8e64da7f22dd01186f86a8a45a665b63e90e90c7eb651bfd93c61e11f3244076fc80a8dd02741d4ead3d7e995ad0f7a63eb9bcf0e3301512f8dcc5084b269c9bc66f334599baf5a6bc89e6f94aba4e2c9121e396259fc4cf12756ab299f463004545996c5e5b6814115e9b60a9afedbe82de5fa8c96636b83e188916fd65de5234b6b19c68d0e3a567bef3ac4f815a6f37e5f096d0ce7e746e926f0adad32489e3546265e1bcf7de6d74d04af71f6a2e4db2519d7a27e267305b1b7e0a442b995f6a9ae3cf1f86dc98d6cfe97f8c44fa06eef839dc2dd15314681c9b09930445a5b2525c666bb7ca2748e717196dc7454fb34a2d86d83b4b8e63b8b8095d138f602f4ccf07c65c71c7df3525fcebc163f7d98dc3c14805588b722f8b31d794c1352e39d82ea2472d70a6cc5db534d9f366b3167a24367aadc31819f3b5edca5760328b4f2f449e24ee352dbb9a168e8f4cf8d1d75baf30d59c2d13acb621c9a85e35beb617507cc0c0de279902ba52a5c6e2378c67b3e9329e6d30f5f0c47ba987172a21ad13a2b9e4630c92d1ee15aeaa8197266cd29dc61a444354bffe91ce559365ebeb81d5b83e60932f8733573ea0c2ebdb47951448c5bf68f5d977125be620e92ea0c15dd8a8780c9b364377775d48ebec5664420a6cea5e06b241d9a27e9a97cd2de601221684455443216df9015157e644cfce6d1c70247b11c80b0d33417ecdafdccb727213246bcf5ca153b2ab5e83f306eebbb5b09fcdd7ec897310d256d50a113bda4960b273a6eb08d835c5bd9d9caa18f574b00b034c6b14a096a646b636577c81ed503bba01df253318633a5c04954138d8b08c2b3a11111cf42777f3b45cc7a05c44d16d121285b3b7effda91b324d0f87dff01abe43314e256fc03a018502976f1d068bc6e86bb96244070d52c3269b95aa6c57b96e8adc1edec631e161795950013d8e0f0e2a23f038298b8baf50e72ea9132c24eb349c843a2f4a37b0aa25a7602011a5c736943946c8b395d7799cf1318f0a011596ac2e0fe553bc3a0aa9c85f96ad870cb011876f30679bab5b70b5858e202868aa504d63b739a23cad3be2edba1c9b7cf758c085def9f49243fbcd8e922faffaf601be4c8e2ea279e38691859a1f591ce69062090b3303dc65504366fcbc06ab31ad8a882124095475403d5cc7247114b16354e0d3cc8f71a20ae4a5094518156f856265334222610709170dd58916fc7409f582ea393bb9b553128bd00245a7d3bae1f0c82b4c6360beb6533da54f973797023ce9e5707b32c5af8811bc789040cbebed933652f0e814d1c365066d47fed6d4efb522e01237158763adf4b0d9b78858aeef41db077011c6554216e77790fb7fbbc696fe21e24992d85511d62070bdab646876c638905efffdc361f917c3412dc5355126590025ee0cb456ac19da06a4ed5a1ce870639ad148b515537fa74b13393fffcfb78573fb4ae39393add8de79aab37fba526aec74da2ac8732772534aa939e593e5845071ef8c4c6033be652af9d6391904fe7bd488bb40dd74a432ffe16e66f3d7c192b062d7d9ed7c22e5a5d3ad83a95ae3151e0910d8a2b9682131c0e82749111cbdb9b7dbad769f6f85dc4c58f54a7794feb4c5ff77ed4d7f09809f8e64d66558d56ec25789116337cd3d49f31f3cecfd2016ea42129b9ec4582f264998cc9328c0c55eee9f177f64f2fd4be26a7ea8b2935a59d1c006358c6e7755580a732917f7f1b670005a18c6b66a40f6c81b00b8516699641cf941d9d202b372ba39edd326086b557dcf83f3e11ff4f717b39fb351272b9bc464d63cca3fce79e5cb39589143e474da00881c2b85428376af79dd2dd31c5c885aca421224415d485734ee5c1d03e42bdd0ad3a0622ffdf61f9d8f4db0089d1358114446d45b6071e47575b30162a8e4a988c5f296b71a11a2a113a47f6a7e7256e4d5e26a84cca215ed56b1a4b039c0d398bb276ebfef8ba02d97ae4254d735c95d30d18ee87f5bd1afc8d765b18105221efb0992a1c397b84ba5963136e6c89ec2c78cad11158291dff7e2c61f305b280a2327bd63696cf9d39c40ce9be7059b8b895a74e8851e2333fcc51f2a5b1667daf06e5f3f81a46ed4e7cd4a2e5bbf9791b0c8f2542566444ec567d97756ddac390dc5bf95e9c4aa2102a4ea6d72c3c5cd5ac8d0d516d729eab53bb5d5204b9d1b5f94792e0f54ec3b4a1ee786fb5b5191839ce74cd9829791c26f05292d32a8cb88ee768cb82481e792ee59e165dd43a14b00669880245020c37d5a645e492d3318e9332f7749e2470f46fbb777fc6350d4d82bd5b6e9c828140eee62fe12202ec24e8c1e0387f480d9ca8bce78ade745ec05d0a7a58270257d099dcfa0386888c25acb6521995fcf2b9c6020f25f7ac751faea0007b76f7ade56f8080fd445c0a76c5f5b94bfdd74f515ebd7f7d215912b54e8a68ab37d169156f8a9485ea50b1065a6ccddcf95b832b08a1ea24963e6e4700eeda45709c6a9568fa1b86c23cf5fed12e5746253416edb521c8af17b71923dec092db558d3e2c702d90d8a4229c05714b33f957fdc7e0f9487952780298ad6ead139837e03333bd5578655741747eedcdd15f5824fe229096a452774829d8aa1e947f111540e9a5aae5e346137836bf45daf33c30472eaa9f528c22069fd57b7ac1442823bd9532b70917885807c5a1baf4c6663a655e82a4aeb58dc6340e790ea675abbe2dcf6ce6ffa56b7bae64e35ce9ec41f00722d113be2f949adce97b52cd7050ed5832cfe08049be73fb9e7b20512aa58821e5dc1767b66b91aa212f02cfdaaac342699c62597ca6bd0b89a14d7312be015c4d4aacfde12bbd5dd9f4d2628ae7f5e8f98620c24c4685ef07611d2855ca3af5cda8d7669562fea5b0dff286805414b2335fb8277b2fc9e9850a056752789f414b062eadea915cb83354099d163c87ba29d3af09dfd017198e9166c75a75865d17d6a30171ee724e03a420244594347b7bca15f47f26081485d1f8aaef21313f9f808cc712402bbff54410a34d91e793f27bfc940c6de7ffe7786c701017ecd5ac0d926cce309091c63a6f431e4f726155b11577d94236451b773480ee8424dd135d8334d3df802ba4ce7b6f2eee4e37dcc926f84102c619602c62c75ba4d1e1b7fe3760568ebbc17e5bd68efdbd26d900dc0bf889c947c692f30f4b3f22a85ffb1673fd27e0f57d68841b959a2505e1e62a34b07479a7e30a8046ebf877eaafaf0b8546b9e8bba59db771989f4d7810654e39d4bae17d657bb6894e7467a36600f0cf2558d4428f380f62b09f33d1a4b0c5aab4883b526312a021d69671cfb2c2dbbdc3901e3e6e1a6d7bac37f6e01bc611f229d3bee4712f220b764989bb2230ad82c51c364f3be35674c4006c5f6dbfcd21656b44dc2131407809fb4b69c88d3af54f0c1f06856e948c04b7f05b1092f18607c40fb51f7f941bceab434da4f1fc5577ef117c1eef2a0ba3a203c50e82be43768ae747b6eafa997eab6f257cd26c1bb32a4792ab94eafdb6ff8f5267146ef75ef8ae86816339509ce52812755ba58ab186507d563f919974e6fd5067ccd2161958938f6a60b57df7d79a3c38b2f9d864551f46916e5d4dc74ce5d02d6f9f8bdef53dd44a10be08ac3e276f6dfc7cb5f0304c9bae947e7663e937aa0d02634a3bcc05efcc207572856e90801eef6dc39bd045992c67e502acce8c5ac938e39dfa0a260d45cf3785d17672fcbdc49d78979cc254a54121a88bca6e3bee71e8c50df4e61fc435f8bdc74c9fbdaa63de6b0c06c80d1f853aed8e468305839c2c34c51f23288526c55bd68a3e5d62f735f307e6465dc8b3afb86152dfceb96f17f0d4adf735f1f0e7d4eac4e333649f0f7565b6b6a74cfafbade70082f317f8cf00281112478a14016b0ddeec54fe74b6dbb59f99305ccbd27c7eec67897836712d53f3cc9508bd742287f91bda63c54016f9e8d8cf3428dc149ce625c208f1d9e229672b38b6bdc124a96c1ed7881ba70fe26db0ff52a5f74d065964f0703a08654fb978032e9193c9b586819795137660621cc18348504c0b0caa74726649242e4805883893bcbec10b24b92bf9c4ce3a47e2c5cbaafd30c0151efe93520bfe6233890a37c05bda602cf36dd43cef411e2dd2376547d398a94cfb1e446e600e82f347593b1fbfa70173f00645c86f59ffd4e35d8142e2a27193dd6a5a1374f96fd6b6dab77cfabf1601eb0e01ff56f1dd1d0aed33295865bbd5572440f321b074e0ba82d7d88d6305a9327a5b8052ee1e1c471797a61ea00622fe2a0ce7effabeafc544a8bff0d79127b22a1c8b748bf91c756feb8432c927c48bce2a5d1218b6a1e1309faa3ec24ab00c0ba294751d9d1c7109d6dd91ab882428be85fbf70305f880f432528bf684323e7bea4c25b4b9fb9fa6ce42c03b08b0a2d6f95477399fb905ac2be3fdce43e296d6ad35501180002800900020073797a310000000008000180000000000c000180080001006f7366000900010073797a30"], 0x217c}}, 0x0)

2.445574472s ago: executing program 1 (id=840):
ioctl$BTRFS_IOC_BALANCE_V2(0xffffffffffffffff, 0xc4009420, &(0x7f0000000340)={0x4, 0x0, {0x7, @usage=0x5, 0x0, 0x91, 0x9, 0xc0c7, 0x8000000000000000, 0x9, 0x1a, @usage=0x7, 0x5, 0x0, [0x6, 0x5, 0x1, 0x0, 0x7fff, 0xffffffffffffffff]}, {0x1, @struct={0xe0007fd, 0x3d}, 0x0, 0x6, 0x6, 0x6, 0x1, 0x8000, 0x4, @struct={0x6, 0x3}, 0x2, 0x7d, [0x5, 0xdf23, 0xa, 0x80000000, 0x7, 0x57]}, {0x7, @usage, 0x0, 0xcf, 0x6, 0x8, 0x100000000, 0xfffffffffffffff8, 0x4, @struct={0x2, 0x6}, 0x80000000, 0x0, [0x3, 0x9, 0x8, 0x9, 0x5, 0xb]}, {0x8000000000006, 0xb6, 0xe}})
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0)
ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, 0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000000340)=""/185, &(0x7f0000000140)=""/92})
pwritev2(0xffffffffffffffff, &(0x7f00000012c0)=[{&(0x7f0000000100)="7270aa3f0c63ef31716980d71af481e691d156e5c690c37493c965008b713ed133a85027d43b49d05b8ec0e538f674752205f76fb42632a5233a7d64e1cea692029b6a", 0x43}], 0x1, 0x0, 0x0, 0x0)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000ac0)={0x1, 0x0, [{0x0, 0xd3, &(0x7f0000000780)=""/211}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000400)=""/253, 0x0, &(0x7f0000000600)=""/91})
ioctl$VHOST_VSOCK_SET_GUEST_CID(r0, 0x4008af60, &(0x7f0000000040)={@my=0x1})
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f00000001c0)={0x28, 0x0, 0x2710, @my=0x1}, 0x10)

1.802983533s ago: executing program 0 (id=841):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
syz_clone(0x800c000, &(0x7f0000001480)="627807434619734911420e123cb6f44fb54d82f86f3720b1d5ecd9651a9fcb2a1c358b9cd99a9da0b00953486764e0c7d13faa0d43ad3164e14aa9d4eafc2ae39ce2be18d63433b7dfc78608200e69639ab1530087488555d6d92591d5", 0x5d, 0x0, 0x0, &(0x7f00000015c0)="89ef1284c86555bfe69b541fc18b8f329814f57bd0")
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r1 = syz_open_dev$radio(&(0x7f00000000c0), 0xffffffffffffffff, 0x2)
ioctl$VIDIOC_S_EXT_CTRLS(r1, 0xc0205647, &(0x7f00000001c0)={0xf000000, 0x1, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x98f90e, 0xfffffffe, '\x00', @p_u32=&(0x7f0000000180)}})

1.677051618s ago: executing program 4 (id=842):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = socket$kcm(0x10, 0x2, 0x10)
sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0)
r1 = getpid()
sched_setscheduler(r1, 0x1, &(0x7f0000000100)=0x5)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000200)='sched_switch\x00'}, 0x10)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000001480)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
mkdir(&(0x7f00000020c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000002c0)='rpc_pipefs\x00', 0x0, 0x0)
mount_setattr(0xffffffffffffffff, &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000280)={0x0, 0x2, 0x80000}, 0x20)
syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff)
mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0)
r4 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000000)='source', &(0x7f00000005c0)='#mS\xb2j\xcb\xa18:.)\xc7\xcb\xc5\xd8\x91\xa1\"\xd5\r\x89M;\x99\xd6\x8e?K\x82\xd5\xd7\xab\x10\xea\x14\n\xea\xe9\xcc\xdc\xf3\xc0\xf8\x89\xd0\x0ep\xb1I\x04T[\r&\xf0z\xde\xc0\xf3\xcd\x9a\xae\xa8*v_(\x94]\xdf\xf1\x95!\xb3+\x1aD\xda\xa1G\x06M\xdaz2\xe9\xe6\xda\x92U\xaaN\xff\xca\xb37-<3\xb28\xb8:UQ\x95|\xe5\xaa\x0e\xe7{\xd4T\x84\x83\x86\x9d', 0x0)
r5 = fsopen(&(0x7f0000000040)='afs\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000000)='source', &(0x7f0000000840)='%\\,:\x85X\\\x03\xa6\xd7}\xcd\xeb*\xb1\xa8\xb7\x81\xc8\xcbR\xa8?\x97 \xcbz&\x17\xa4\xfd^\xe1I\x11X\x90\x03\xb7W\x05\xb0\x99\x10F0\xb5YP9\xc3\xe2M\xaa\x81\xfev:\xe40\x9e\xdb\x98\xb4\xd0\xdcE\x14\x910\x1b.G\xab\x86\xdfy\xe6\xde11_H]\xe2\xc3\xb2fa\x7f\x8c\xf3\xc6\x85\xc9\xd6j\xff\xaa\xdbWD\x87\xe3\\mUSy\x0f\x82qW\fE\xd15ec>:D+', 0x0)
mount$afs(&(0x7f0000000040)=ANY=[@ANYBLOB='#ayz1:'], &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x0, 0x0)
sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0xdc)
write$dsp(0xffffffffffffffff, &(0x7f0000000280)="4b1f558d5c", 0x5)
syz_emit_vhci(&(0x7f0000000280)=ANY=[@ANYBLOB="043e0612"], 0x9)
creat(&(0x7f0000000280)='./file0\x00', 0x0)

1.329868061s ago: executing program 1 (id=843):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000008500"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10)
r1 = syz_open_dev$dri(0x0, 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_PAGE_FLIP(r1, 0xc01864b0, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2)
socket$nl_generic(0x10, 0x3, 0x10)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040), 0xffffffffffffffff)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r5 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r6=>0xffffffffffffffff, <r7=>0xffffffffffffffff})
connect$unix(r6, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r7, &(0x7f0000000000), 0x651, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_device, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94)
clock_adjtime(0x5, 0x0)
syz_open_dev$tty1(0xc, 0x4, 0x1)
sendmsg$IPVS_CMD_DEL_DAEMON(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000640)={0x20, r4, 0x73976972ba3f4b55, 0x0, 0x0, {0x8}, [@IPVS_CMD_ATTR_SERVICE={0xc, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_FWMARK={0x8}]}]}, 0x20}}, 0x0)
ioctl$vim2m_VIDIOC_ENUM_FMT(r2, 0xc0405602, &(0x7f0000000140)={0x40, 0x1, 0x0, "1c13ebdaf2f20d55806b26b1d750185fd75a606da058e85b2197edb1439b1cc2"})

279.155047ms ago: executing program 4 (id=844):
syz_mount_image$ext4(&(0x7f0000000280)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x804810, &(0x7f0000005440), 0x26, 0x75c, &(0x7f0000005480)="$eJzs3M1rHGUYAPBnptmkH9GNIPhxEKGFFko3SXNpT40Xb4VCwWsNm0kImWRDdlO7sWDrWajNRUEQ9ezRq1DqH+BNCgreBdEaD+JlZTablMZsum3Sbkl/P5jO+87H+zxPd3izAzsTwAvr7eKfJGI4Ii5FRLmzPY2IwXbrcMSNjePW71+PgYhqEq3W5T+S4rRYb5W3xko662PRPiVej4i7pYjTH/8/br25Oj+V59lypz/aWFgarTdXz8wtTM1ms9ni+MT5sXMTE+fGJh5Zw2s91nrivfNHbv/47traT981br01cCaJyXbdsVFbtcdhHsvG/0kpJrdtX3wawfoo6XcCAAD0pPiefyii+F4fpSjHoXYLAAAAOEhaQy0AAADgwEui3xkAAAAAT9fm7wDW71+vbi7P8vcHv78TESM7xR9oP0MccThKEXF0PXnoyYRk4zTYkxs3I+LO5Pbr75viCruxx7HHtvUffkZ6cI+jsx/uFPPP5E7zT7o1/8QO88/A5rsT9qj7/Pcg/qEu89+lHmN8/+Ubpa7xb0a8ObBT/GQrftIl/vs9xr+19sntbvtaX0ec3PHvT/JQrF3eDzE5M5fv+vqBu/+eurdb/Ue7xU92r3+px/o/XP9rvttcUsQ/dXz3z3+n+MU18WknjzQibnfWRX9tW4zjCz//sFv90xGtJ/n8v+qx/l+/HbrW46EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQlkbEcCRpZaudppVKxLGIeDWOpnmt3jg9U1tZnC72RYxEKZ2Zy7OxiChv9JOiP95uP+if3dafiIhXfjmyEXQuzyrVWj7d7+IBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYciwihiNJKxGRRsTf5TStVCIGejh36BnkBwAAAOyTkX4nAAAAADx17v8BAADg4HvS+/9kn/MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADrRLFy8WS2v9/vVq0Z++2lyZr109M53V5ysLK9VKtba8VJmt1WbzrFKtLTxqvLxWWxo/HyvXRhtZvTFab65eWaitLDauzC1MzWZXstIzqQoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDHNdxekrQSEWm7naaVSsRLETESpWRmLs/GIuLliLhXLg0V/fF+Jw0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMC+qzdX56fyPFt+bhqDncyel3w0NPa/8dFzf4X3eWICAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAv6s3V+ak8z5br/c4EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/kp/SyKiWE6WTwxv3zuY/FNuryPigy8uf3ZtqtFYHi+2/7m1vfF5Z/vZfuQPAAAAL4QLj3Pw5n365n08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAr+rN1fmpPM+W99a4EM3VVtLlmH7XCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPJn/AgAA///3Y8EX")
chdir(&(0x7f00000000c0)='./file0\x00')
ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000040)={0x6, 0x0, {<r0=>0x0}, {0xffffffffffffffff}, 0x0, 0xe})
sched_setscheduler(r0, 0x0, &(0x7f0000000100)=0x4)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/locks\x00', 0x0, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x1, @pix_mp={0x0, 0x0, 0x34324152}})
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0)
syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x1008002, &(0x7f0000000480)={[{@grpquota}, {@resuid}, {@resuid}, {@noload}, {@lazytime}, {@data_err_ignore}, {@discard}, {@data_err_abort}]}, 0x1, 0x5df, &(0x7f0000001980)="$eJzs3c1vVFUbAPDnTj9oKe/bQoyKC2liDCRKSwsYYlzA1pAGP+LGjZUWRAo0tEaLJpQENybGjTEmrlyI/4US2bLSlQs3rgwJUcPSxDF3em/ptHf6ZTu3cn+/ZOi558zlnOn0mXPmzDl3AqiswfSfWsT+iJhOIvqT+cWyzsgKBxfu9+DPj86mtyTq9dd+TyLJ8vL7J9nPvuzknoj48Yck9nWsrHdm7trF8ampyavZ8fDspenhmblrhy9cGj8/eX7y8ugLoyeOHzt+YuTIph7X9YK80zfffb//k7E3v/nqr2Tk21/GkjgZL2d3XPo4tspgDDZ+J8nKor4TW11ZSTqyv5OlT3HSWXzf3nY1inXLn7+uiHgi+qMjHj55/fHxK6U2DthW9SSiDlRUIv6hovJxQP7efvn74FopoxKgHe6fWpgAWBn/nQtzg9HTmBvY/SCJpdM6SURsbmau2Z6IuHtn7Oa5O2M3Y5vm4YBi8zci4smi+E8a8T8QPTHQiP9aU/yn44Iz2c80/9VN1r98qlj8Q/ssxH/PqvEfLeL/rSXx//Ym6x98mHyntyn+fVoEAAAAAAAAG3X7VEQ8X/T5f21x/U8UrP/pi4iTW1D/4LLjlZ//1+5tQTVAgfunIl4qXP9by1f/DnRkqf811gN0JecuTE0eiYj/R8Sh6NqVHo+0qmBXxOFP933ZqngwW/+X39L672ZrAbN23Ovc1XzOxPjs+BY8dKi8+zcinipc/5ss9v9JQf+fvh5Mr7OOfc/eOtOqbO34B7ZL/euIg4X9/8OrViSrX59juDEeGM5HBSs9/eFn37Wqf7Px3+ISE8AGpP3/7tXjfyBZer2emY3XcXSus96qbLPj/+7k9cYlZ7qzvA/GZ2evjkR0J6c70tym/NGNtxkeRXk85PGSxv+hZ1af/ysa//dGxPyy/zv5o3lPce7xv/t+bdUe438oTxr/Exvq/zeeGL018H2r+tfX/x9r9PWHshzzf7DgizxMu5vzC8Kxs6io3e0FAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEdBLSL2RFIbWkzXakNDEX0R8Vjsrk1dmZl97tyV9y5PpGWN7/+v5d/0279wnOTf/z+w5Hh02fHRiNgbEZ939DaOh85emZoo+8EDAAAAAAAAAAAAAAAAAADADtHXYv9/6reOslsHbLvOshsAlKYg/n8qox1A++n/obrEP1SX+IfqEv9QXeIfqkv8Q3WJf6gu8Q8AAAAAAI+UvQdu/5xExPyLvY1bqjsr6yq1ZcB2q5XdAKA0LvED1WXpD1SX9/hAskZ5T8uT1jpzNdNn/8XJAAAAAAAAAAAAAFA5B/fb/w9VZf8/VJf9/1Bd+f7/AyW3A2g/7/GBWGMnf+H+/zXPAgAAAAAAAAAAAAC20szctYvjU1OTVyXe2BnNaGeiXq9fT/8Kdkp7/uOJfCn8TmnPskS+1299Z5X3mgQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADT7JwAA//8hASTV")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r2 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x22041, 0x0)
ioctl$SNDCTL_DSP_GETOPTR(0xffffffffffffffff, 0x800c5012, &(0x7f0000000280))
ioctl$SNDCTL_DSP_STEREO(r2, 0xc0045003, &(0x7f0000000240)=0x140001)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
read$msr(0xffffffffffffffff, &(0x7f0000019680)=""/102392, 0x18ff8)
ioprio_set$pid(0x3, 0x0, 0x2004)
ioctl$FS_IOC_ENABLE_VERITY(r1, 0x40806685, &(0x7f0000000a80)={0x1, 0x2, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0})
r3 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(r3, 0x40806685, 0x0)

49.084211ms ago: executing program 0 (id=845):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000140)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(des3_ede)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)
r1 = accept4(r0, 0x0, 0x0, 0x0)
sendmmsg$alg(r1, &(0x7f0000000540)=[{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f00000000c0)="e4e32dd2b6967335", 0x8}], 0x1, &(0x7f0000000740)=ANY=[@ANYBLOB="300000000000000017e2ffff010000001800000045f43a7ce45002bdb85e47ab3e39597e422ffab456dd963a00000000180000000000000017010000040000000602000000400000180000000000"], 0x60}], 0x1, 0x8001)
recvmmsg(r1, &(0x7f0000002640)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000300)=""/4, 0x4}], 0x1}}], 0x1, 0x0, 0x0)

48.77267ms ago: executing program 1 (id=846):
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
ioctl$TFD_IOC_SET_TICKS(0xffffffffffffffff, 0x40085400, 0x0)
syz_mount_image$nilfs2(&(0x7f0000000a40), &(0x7f0000000200)='./bus\x00', 0x10, &(0x7f0000000480)=ANY=[], 0x5, 0xa80, &(0x7f0000000c40)="$eJzs3UuMFMcBANDq2Z2FxWAGZ4k3mNgQJ8b5eNcsG/JBSbDMJchYuVmyckEYOyhAomApwfIBOPkWWxa55nvyxfnIUrhEyKdcLMVIufjk5JBDEJEs5ZCYwEbMVs2ndmZ7Ztlldnbek3pqqqt6qrqnu6enP1UBGFmV+uv8/HQRwuUrbx7552P/mAzhylQzR63+Ot4Sq4YQihgfzz7vw7HF8NZHr57oFBZhrv6a4uHZG41p7wshXAh7wtVQC7suX3vjvblnjl08emnv+28dur42cw8AAKPlO1cPze/8218e2vHx2w8fDpsa49PxeS3Gt8bj/sPxwD8d/1dCe7xoGVpNZPnG41DJ8o11yNdaTjXLN96l/Insc6td8m0qKX+sZVyn+YZhltbjWigqM23xSmVmZvE/eaj/r58oZs6eOv3iuQFVFFh1/34khLDH0M8wmRbeOqiLYdWGi6P4nS5sH+TeB6Apv164xIX8zMLdaXzaeG/l33iq0nl6WAX3ev1X/nCV/5uL9jisno26NqX5StvR1hhvuY5wJnS4fynf/hbyD862//R5+fWIao/17HYdYViuL3Sr51j3SfbtWKvKrEC3+ufrxUb1jRim5fDNLL11+8m/02W+Y2AI/GdjnP9/bVsYeB0MhqEblhzfLiO/VwbY2PL75hailJ7f15enbypJ31ySPlmSvqUt19L0+0qmh1H2h5d/Gl4vmv/z8//0/Z4PT+fZtsXw/j7rk5+P7Lf8iWVi96J8x0gMkz8ef+7kV194/tri/f9FY/2/Hdf3PTFei1vT1ZghnS/Mz6s37v2vtZdT6ZLvgaw+2zrkr7+fas9XTDU/J7TsZ5bUY7p9uu3d8u1uz1fL8k3GYXNW3/z4ZEs2XTr+SPvVtLzGs/mtZvMxkdUj7VfSufO8HrASaX3sdv9/Wj+nQ7V48dTpk0/GeFpP/zxW3XRn/P7yon672nUH7k6vz/9Mh/bnf7Y2xlcrrfuF7c3xRet+oZaNn+sy/kCMp9+5741N1sfPnPjB6RdWe+ZhxJ07/8r3j58+ffJH3njjjTeNN4PeMwFrbfblMz+cPXf+lSdOnTn+0smXTp49cPDggbm5g187MD9bP66fbT26BzaS5o/+oGsCAAAAAAAAAAAA9OrHR49c++u7X/lg8fn/5vN/6fn/dOdvev7/tWLxWfdKy/jQoR/A9Bzgjg7p9TxZA6sTWb5qHD6R1XeqLVcIO7PpPhnDRj9+8fn/VFzermuqz4PZ+Lz93pQva05gSXspE1mrI3l/gZ+J4aUY/irAABWTnUfHsKx967Sup/Yp+miXonPBDMJk/ia1Y5Ke/+7WrlPa/6+nNr3p3b14nHDQ8wh09q+N0f73iob6scsafv6v7x/8PG7unrZp0HUzDH5YWNCLB7A+DLr/z3TeM4Vn//TtzXeGlO3GU+37y7z9Urgb673/SeVvrP4/G1dSetr/3Vzae0JtZeX+9+fXP2gpNuzqdf+bz39qB3oqL2H5M9Ef3yn/ZnNW9oXeyl/4ZVZ+fkGoRzfj/Kflv6XH8pfM/+6yks6/02ns/2L5abE9/uhy5Tevmt24uFjjotJej/y8cbr+l583Tm5l85/a9ux7/lfYUePtWD6MsmHpZ7ZfPfT/W1fW/+8Sq9z/bzf5fRhfjvG0I0z3OeQ9nPRZ/0Yk/Q7szD6/KPl9W0H/v+vKqPf/+/UYlm0Pqf/ftD7WOsQrLfFqh2W7Ufc1MKw+XL/X/5o/VIOvi6HX72vw9TD0MSwsLKztCa0SAy2cgS//Qf9PWFn5Kzzp2cGgl3+ZvP/f/Bg+7/83T8/7/83T8/5/8/S8f708fUuWni/PvP/fPP3B7HPz/oGnsz/YefqnSqbfVZL+UEn67pL0T5ek7y1Jf7gk/ZGS9AdK0h8tSf9saP9S8vTPlUz/WEn64yXpny9J3+jS8yijOv8wyvLn82z/MDrS87Xdtv+pknRgeP3s7f1PP//779YWn/+faJwPSdfxDsd4Nf5N+0mM59e9Q0v8Ttq7Mf73LH29n++AUZK3n5H/vu8rSQeGV7rPy/YNI6jo/JxEr+1WdTvOZ7h8IYZfjOGXYvhEDGdiOBvD/TGcu0f1Y208/bt3Dr1eNP/vb8/Se72fPH8eKG8n6kCP9cnPD/R7P37ejl+/7rb8FT4OBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDCV+uv8/HQRwuUrbx557tip2TtjvtXIUau/jrfEqo3pQngyhmMx/EV8c+ujV0+0hrdjWIS5UISiMT48e6NR0n0hhAthT7gaamHX5WtvvDf3zLGLRy/tff+tQ9fXbgkAAADAxvf/AAAA//8Vph0L")
r0 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x10, 0x0)
landlock_restrict_self(r0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000780)='./file3\x00', 0xffffffffffffff9c, &(0x7f00000007c0)='./file0\x00', 0x2)

0s ago: executing program 0 (id=847):
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_BTF_LOAD(0xc, &(0x7f0000000400)={0x0, 0x0, 0x20, 0x0, 0x1, 0x2, 0x0, @void, @value}, 0x20)
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48)
bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000580)={{0x12, 0x1, 0x110, 0xe, 0x1e, 0xe0, 0x8, 0x1d50, 0x60c6, 0x26d9, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x9, 0x80, 0x3, [{{0x9, 0x4, 0xc2, 0x84, 0x1, 0x74, 0x2e, 0xb9, 0x1, [], [{{0x9, 0x5, 0x2708500b526140c7, 0x2, 0x40, 0x0, 0x0, 0x9}}]}}]}}]}}, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
syz_open_procfs(0x0, &(0x7f0000000400)='fd/4\x00')
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0xfffffffffffffffe}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = openat$6lowpan_enable(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
write$6lowpan_enable(r1, &(0x7f0000000140)='0', 0x1)

kernel console output (not intermixed with test programs):

.876637][ T6706] loop4: detected capacity change from 0 to 512
[  129.894624][ T6706] ext4: Unknown parameter 'uid'
[  129.958728][ T6718] loop0: detected capacity change from 0 to 4096
[  130.930859][ T6728] loop1: detected capacity change from 0 to 1024
[  130.956504][ T6728] journal_path: Non-blockdev passed as './file1'
[  130.962894][ T6728] EXT4-fs: error: could not find journal device path
[  131.038444][  T975] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 3 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8
[  131.092260][  T975] usb 3-1: USB disconnect, device number 3
[  131.113226][ T5877] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  131.130515][  T975] usblp0: removed
[  131.312753][ T5877] usb 5-1: Using ep0 maxpacket: 8
[  131.382339][ T5877] usb 5-1: config 0 has an invalid interface number: 29 but max is 0
[  131.390724][ T5877] usb 5-1: config 0 has no interface number 0
[  131.411832][ T5877] usb 5-1: config 0 interface 29 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  131.429001][ T5877] usb 5-1: config 0 interface 29 altsetting 0 has an endpoint descriptor with address 0xE3, changing to 0x83
[  131.441966][ T5877] usb 5-1: config 0 interface 29 altsetting 0 endpoint 0x83 has invalid maxpacket 33307, setting to 1024
[  131.459478][ T5877] usb 5-1: config 0 interface 29 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024
[  131.470151][ T5877] usb 5-1: config 0 interface 29 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0
[  131.492685][ T5877] usb 5-1: config 0 interface 29 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0
[  131.503023][ T5877] usb 5-1: config 0 interface 29 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  131.529833][ T5877] usb 5-1: New USB device found, idVendor=03f0, idProduct=0207, bcdDevice= 0.01
[  131.539215][ T5877] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  131.550832][ T5877] usb 5-1: Product: syz
[  131.556381][ T5877] usb 5-1: Manufacturer: syz
[  131.561279][ T6737] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  131.572100][ T6737] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  131.591346][ T5877] usb 5-1: SerialNumber: syz
[  131.627285][ T5877] usb 5-1: config 0 descriptor??
[  131.648146][ T6724] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22
[  131.664334][ T5877] ums-usbat 5-1:0.29: USB Mass Storage device detected
[  131.715391][ T6744] netlink: 48 bytes leftover after parsing attributes in process `syz.0.260'.
[  131.941884][ T6728] loop1: detected capacity change from 0 to 32768
[  131.951809][ T6728] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.252 (6728)
[  131.994862][ T6728] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  132.009537][ T6728] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  132.034310][ T6728] BTRFS info (device loop1): using free-space-tree
[  132.224881][ T6728] BTRFS info (device loop1): rebuilding free space tree
[  132.897714][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  132.909054][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  132.946941][ T6774] netlink: 20 bytes leftover after parsing attributes in process `syz.2.264'.
[  133.003467][ T6774] netlink: 12 bytes leftover after parsing attributes in process `syz.2.264'.
[  133.083437][ T6774] netlink: 8 bytes leftover after parsing attributes in process `syz.2.264'.
[  133.100677][ T6772] BTRFS info (device loop1): balance: start -s
[  133.138502][ T6772] BTRFS info (device loop1): left=0, need=98304, flags=2
[  133.154965][ T6772] BTRFS info (device loop1): space_info SYSTEM has 0 free, is not full
[  133.163611][ T6772] BTRFS info (device loop1): space_info total=4194304, used=4096, pinned=0, reserved=0, may_use=0, readonly=4190208 zone_unusable=0
[  133.177262][ T6772] BTRFS info (device loop1): global_block_rsv: size 1441792 reserved 1441792
[  133.186405][ T6772] BTRFS info (device loop1): trans_block_rsv: size 0 reserved 0
[  133.194109][ T6772] BTRFS info (device loop1): chunk_block_rsv: size 0 reserved 0
[  133.201735][ T6772] BTRFS info (device loop1): delayed_block_rsv: size 0 reserved 0
[  133.209585][ T6772] BTRFS info (device loop1): delayed_refs_rsv: size 0 reserved 0
[  133.250170][ T6772] BTRFS info (device loop1): relocating block group 1048576 flags system
[  133.337106][ T6772] BTRFS info (device loop1): balance: ended with status: 0
[  133.485449][ T5823] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  133.608191][ T6776] loop0: detected capacity change from 0 to 40427
[  133.649290][ T6776] F2FS-fs (loop0): Small segment_count (9 < 1 * 24)
[  133.662643][ T6776] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  133.688838][ T6776] F2FS-fs (loop0): Found nat_bits in checkpoint
[  133.809807][ T6776] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  133.838895][ T6776] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  133.991953][ T5877] ums-usbat 5-1:0.29: probe with driver ums-usbat failed with error -5
[  134.293359][ T5878] usb 2-1: new full-speed USB device number 2 using dummy_hcd
[  134.469979][ T5878] usb 2-1: too many endpoints for config 1 interface 0 altsetting 253: 132, using maximum allowed: 30
[  134.481323][ T5878] usb 2-1: config 1 interface 0 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 132
[  134.499340][ T5878] usb 2-1: config 1 interface 0 has no altsetting 0
[  134.534883][ T5878] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  134.552257][ T5878] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  134.572862][ T6792] loop2: detected capacity change from 0 to 4096
[  134.583143][ T5878] usb 2-1: Product: syz
[  134.587333][ T5878] usb 2-1: Manufacturer: syz
[  134.601049][ T6792] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512).
[  134.610909][ T5878] usb 2-1: SerialNumber: syz
[  134.657777][ T6794] netlink: 'syz.0.270': attribute type 8 has an invalid length.
[  134.665942][ T6794] netlink: 20 bytes leftover after parsing attributes in process `syz.0.270'.
[  134.700504][ T6792] ntfs3(loop2): ino=1b, "file0" failed to parse mft record
[  134.713303][ T6792] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  134.740407][ T6792] ntfs3(loop2): ino=1b, "file0" attr_set_size
[  134.827731][ T6797] netlink: 48 bytes leftover after parsing attributes in process `syz.0.271'.
[  135.125213][ T6804] loop2: detected capacity change from 0 to 1024
[  135.176235][ T6804] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  135.322080][ T6808] EXT4-fs (loop2): shut down requested (0)
[  135.385140][ T5877] usb 5-1: USB disconnect, device number 6
[  135.449260][   T67] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters
[  135.464487][ T6815] loop4: detected capacity change from 0 to 1024
[  135.474835][ T6815] EXT4-fs: inline encryption not supported
[  135.489187][   T67] EXT4-fs (loop2): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 468 with error 28
[  135.516504][   T67] EXT4-fs (loop2): This should not happen!! Data will be lost
[  135.516504][   T67] 
[  135.529102][ T6815] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  135.536728][   T67] EXT4-fs (loop2): Total free blocks count 0
[  135.562613][   T67] EXT4-fs (loop2): Free/Dirty block details
[  135.580879][ T6812] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  135.601893][ T6812] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  135.637679][   T67] EXT4-fs (loop2): free_blocks=68451041280
[  135.662964][   T67] EXT4-fs (loop2): dirty_blocks=480
[  135.677387][   T67] EXT4-fs (loop2): Block reservation details
[  135.695404][   T67] EXT4-fs (loop2): i_reserved_data_blocks=30
[  135.738572][ T5838] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  135.746329][ T6801] loop0: detected capacity change from 0 to 32768
[  135.819405][ T6801] bcachefs (/dev/loop0): error validating superblock: Invalid superblock section clean: entry type (unknown jset_entry_type 255) overruns end of section
[  135.819405][ T6801] clean (size 2912):
[  135.819405][ T6801] flags:          0
[  135.819405][ T6801] journal_seq:    8
[  135.819405][ T6801] usage: type=inodes v=8
[  135.819405][ T6801] usage: type=key_version v=0
[  135.819405][ T6801] usage: type=reserved v=0
[  135.819405][ T6801] usage: type=reserved v=0
[  135.819405][ T6801] usage: type=reserved v=0
[  135.819405][ T6801] usage: type=reserved v=0
[  135.819405][ T6801] data_usage: btree: 1/1 [0]=2816
[  135.819405][ T6801] data_usage: journal: 1/1 [0]=0
[  135.819405][ T6801] data_usage: user: 1/1 [0]=32
[  135.819405][ T6801] dev_usage: dev=0  
[  135.819405][ T6801]   free: buckets=83 sectors=0 fragmented=0
[  135.819405][ T6801]   sb: buckets=25 sectors=6152 fragmented=248
[  135.819405][ T6801]   journal: buckets=8 sectors=2048 fragmented=0
[  135.819405][ T6801]   btree: buckets=11 sectors=2816 fragmented=0
[  135.819405][ T6801]   user: buckets=1 sectors=32 fragmented=224
[  135.819405][ T6801]   cached: buckets=0 sectors=0 fragmented=0
[  135.819405][ T6801]   parity: buckets=0 sectors=0 fragmented=0
[  135.819405][ T6801]   stripe: buckets=0 sectors=0 fragmented=0
[  135.819405][ T6801]   need_gc_gens: buckets=0 sectors=0 fragmented=0
[  135.819405][ T6801]   need_discard: buckets=0 sectors=0 fragmented=0
[  135.819405][ T6801] clock: read=0
[  135.819405][ T6801] clock: write=1288
[  135.819405][ T6801] btree_root: btree=extents level=0 u64s 11 type btree_ptr_v2 SPOS_MAX l
[  135.819684][ T6801] bcachefs: bch2_fs_get_tree() error: invalid_sb_clean
[  136.597628][ T6825] cgroup: noprefix used incorrectly
[  137.027301][ T6824] loop2: detected capacity change from 0 to 32768
[  137.042972][ T6824] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.278 (6824)
[  137.071335][ T6824] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  137.126734][ T5878] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8
[  137.157810][ T6824] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  137.166645][ T6824] BTRFS info (device loop2): using free-space-tree
[  137.171233][ T5878] usb 2-1: USB disconnect, device number 2
[  137.289043][ T5878] usblp0: removed
[  137.330004][ T6837] netlink: 'syz.1.281': attribute type 8 has an invalid length.
[  137.365319][ T6837] netlink: 20 bytes leftover after parsing attributes in process `syz.1.281'.
[  137.676830][ T6854] netlink: 48 bytes leftover after parsing attributes in process `syz.4.283'.
[  137.813542][   T29] audit: type=1800 audit(1731336450.093:3): pid=6855 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.278" name="file0" dev="loop2" ino=258 res=0 errno=0
[  137.869031][ T6855] BTRFS info (device loop2): setting compat-ro feature flag for VERITY (0x4)
[  138.386054][ T5826] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  139.441161][ T6865] process 'syz.2.285' launched './file0' with NULL argv: empty string added
[  139.834668][ T6862] Falling back ldisc for ptm0.
[  142.830386][   T25] usb 1-1: new full-speed USB device number 2 using dummy_hcd
[  142.867656][ T5880] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  143.044538][   T25] usb 1-1: too many endpoints for config 1 interface 0 altsetting 253: 132, using maximum allowed: 30
[  143.100017][   T25] usb 1-1: config 1 interface 0 altsetting 253 has 1 endpoint descriptor, different from the interface descriptor's value: 132
[  143.167386][   T25] usb 1-1: config 1 interface 0 has no altsetting 0
[  143.209320][ T5880] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  143.211751][   T25] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  143.224937][ T5880] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  143.275578][   T25] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  143.329671][   T25] usb 1-1: Product: syz
[  143.419692][   T25] usb 1-1: Manufacturer: syz
[  143.424368][ T5880] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  143.455158][   T25] usb 1-1: SerialNumber: syz
[  143.548749][ T5880] usb 3-1: config 0 descriptor??
[  143.576483][ T5880] pwc: Askey VC010 type 2 USB webcam detected.
[  143.801365][ T5880] pwc: send_video_command error -71
[  143.835228][ T5880] pwc: Failed to set video mode CIF@30 fps; return code = -71
[  143.856745][ T5880] Philips webcam 3-1:0.0: probe with driver Philips webcam failed with error -71
[  143.875774][ T6894] loop3: detected capacity change from 0 to 8192
[  143.887298][ T5880] usb 3-1: USB disconnect, device number 4
[  144.098101][ T6900] mmap: syz.4.299 (6900) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  144.497343][ T5880] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  144.641695][ T6901] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  144.691737][ T6901] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  144.967590][ T5880] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  144.978215][ T5880] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  144.987720][ T5880] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  145.028456][ T5880] usb 3-1: config 0 descriptor??
[  145.667602][ T5880] pwc: Askey VC010 type 2 USB webcam detected.
[  145.894364][ T5880] pwc: send_video_command error -71
[  145.939813][ T5880] pwc: Failed to set video mode CIF@30 fps; return code = -71
[  145.985895][ T5880] Philips webcam 3-1:0.0: probe with driver Philips webcam failed with error -71
[  146.018778][ T5880] usb 3-1: USB disconnect, device number 5
[  146.906996][   T25] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 2 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8
[  146.934684][   T25] usb 1-1: USB disconnect, device number 2
[  146.949626][ T6918] netlink: 'syz.0.305': attribute type 8 has an invalid length.
[  146.967703][ T6918] netlink: 20 bytes leftover after parsing attributes in process `syz.0.305'.
[  146.980287][   T25] usblp0: removed
[  147.275309][ T6926] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input14
[  147.577248][ T6927] sch_tbf: peakrate 8 is lower than or equals to rate 12 !
[  147.971542][ T6940] loop0: detected capacity change from 0 to 2048
[  148.019231][ T6940] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  148.094910][ T6940] ext4 filesystem being mounted at /77/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  149.731631][ T6968] netlink: 87 bytes leftover after parsing attributes in process `syz.4.326'.
[  149.753437][ T6961] netlink: 20 bytes leftover after parsing attributes in process `syz.1.323'.
[  149.841492][ T5827] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  150.622686][ T6984] loop0: detected capacity change from 0 to 4096
[  150.641991][ T5908] libceph: connect (1)[c::]:6789 error -101
[  150.656034][ T5908] libceph: mon0 (1)[c::]:6789 connect error
[  150.789543][ T6998] overlayfs: failed to decode file handle (len=5, type=251, flags=0, err=-22)
[  151.555249][ T5908] libceph: connect (1)[c::]:6789 error -101
[  151.588882][ T6990] loop2: detected capacity change from 0 to 512
[  151.607566][ T5908] libceph: mon0 (1)[c::]:6789 connect error
[  151.676355][ T6990] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  151.697117][ T6990] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities
[  151.876309][ T7006] loop0: detected capacity change from 0 to 2048
[  151.947720][ T6991] loop2: detected capacity change from 0 to 512
[  151.965926][ T6991] EXT4-fs (loop2): can't mount with both data=journal and delalloc
[  152.016573][ T7006] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  152.134867][ T6985] ceph: No mds server is up or the cluster is laggy
[  152.142364][ T7006] ext4 filesystem being mounted at /79/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  152.169707][ T5908] libceph: connect (1)[c::]:6789 error -101
[  152.177979][ T5908] libceph: mon0 (1)[c::]:6789 connect error
[  152.313397][ T7016] netlink: 87 bytes leftover after parsing attributes in process `syz.3.341'.
[  152.468912][ T5827] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  152.540768][ T7023] netlink: 48 bytes leftover after parsing attributes in process `syz.3.344'.
[  152.810993][ T7033] loop3: detected capacity change from 0 to 512
[  152.841172][ T7033] EXT4-fs: Ignoring removed bh option
[  152.848406][ T7033] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[  152.879230][ T7033] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  152.889807][ T7033] EXT4-fs (loop3): orphan cleanup on readonly fs
[  152.947704][ T7033] Quota error (device loop3): do_check_range: Getting dqdh_next_free 196613 out of range 0-5
[  152.976733][ T7033] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  152.990424][ T7033] EXT4-fs error (device loop3): ext4_acquire_dquot:6925: comm syz.3.347: Failed to acquire dquot type 1
[  153.194023][ T7033] EXT4-fs (loop3): Remounting filesystem read-only
[  153.217147][ T7042] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  153.227386][ T7042] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  153.229012][ T7033] EXT4-fs (loop3): 1 orphan inode deleted
[  153.499351][ T7031] loop4: detected capacity change from 0 to 4096
[  153.507051][ T7033] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  153.821046][ T7048] netlink: 4 bytes leftover after parsing attributes in process `syz.3.347'.
[  154.283710][ T5824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  154.381664][ T7052] loop0: detected capacity change from 0 to 2048
[  154.518248][ T7052] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  154.546409][ T7059] loop4: detected capacity change from 0 to 2048
[  154.558306][ T7052] ext4 filesystem being mounted at /82/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  154.610595][ T7059] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  154.696080][ T7059] ext4 filesystem being mounted at /58/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  154.851066][ T5827] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  154.943713][ T5838] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  155.122966][ T7069] netlink: 48 bytes leftover after parsing attributes in process `syz.4.357'.
[  156.422614][ T7086] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  156.433794][ T7086] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  156.473057][ T7051] loop2: detected capacity change from 0 to 40427
[  156.499089][ T7051] F2FS-fs (loop2): invalid crc value
[  156.712891][ T7051] F2FS-fs (loop2): Found nat_bits in checkpoint
[  157.241313][ T7051] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  157.247491][ T7098] loop3: detected capacity change from 0 to 2048
[  157.459857][ T7098] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  157.509010][ T7098] ext4 filesystem being mounted at /81/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  157.882875][ T5829] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  158.075282][ T5829] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  158.120502][ T5829] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  158.201920][ T5829] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  158.324739][ T5829] usb 5-1: config 0 descriptor??
[  158.338136][ T5824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  158.362895][ T5829] pwc: Askey VC010 type 2 USB webcam detected.
[  158.417746][ T7118] sch_tbf: peakrate 8 is lower than or equals to rate 12 !
[  158.607488][ T5829] pwc: send_video_command error -71
[  158.620790][ T5829] pwc: Failed to set video mode CIF@30 fps; return code = -71
[  158.641895][ T5829] Philips webcam 5-1:0.0: probe with driver Philips webcam failed with error -71
[  158.690665][ T5829] usb 5-1: USB disconnect, device number 7
[  158.794085][ T7123] loop0: detected capacity change from 0 to 4096
[  159.165719][ T5829] usb 5-1: new high-speed USB device number 8 using dummy_hcd
[  159.354274][ T5829] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  159.396114][ T5829] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  159.423860][ T5829] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  159.529385][   T25] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  159.625619][ T7137] netlink: 28 bytes leftover after parsing attributes in process `syz.0.379'.
[  159.641641][ T7129] loop2: detected capacity change from 0 to 32768
[  159.649170][ T7129] (syz.2.372,7129,0):ocfs2_parse_options:1448 ERROR: Unrecognized mount option "hartbeat=none" or missing value
[  159.661349][ T7129] (syz.2.372,7129,0):ocfs2_fill_super:1178 ERROR: status = -22
[  159.680877][ T5829] usb 5-1: config 0 descriptor??
[  159.702363][   T25] usb 4-1: Using ep0 maxpacket: 8
[  159.715535][   T25] usb 4-1: config 0 has an invalid interface number: 194 but max is 0
[  159.750483][ T5829] pwc: Askey VC010 type 2 USB webcam detected.
[  159.750504][   T25] usb 4-1: config 0 has no interface number 0
[  159.809680][   T25] usb 4-1: config 0 interface 194 altsetting 132 has an endpoint descriptor with address 0xC7, changing to 0x87
[  159.849900][   T25] usb 4-1: config 0 interface 194 altsetting 132 bulk endpoint 0x87 has invalid maxpacket 64
[  159.870533][   T25] usb 4-1: config 0 interface 194 has no altsetting 0
[  159.899756][   T25] usb 4-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=26.d9
[  159.922391][   T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  159.937761][   T25] usb 4-1: Product: syz
[  159.942120][   T25] usb 4-1: Manufacturer: syz
[  159.951624][   T25] usb 4-1: SerialNumber: syz
[  159.959740][   T25] usb 4-1: config 0 descriptor??
[  159.967730][ T7127] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22
[  160.181398][ T5829] pwc: recv_control_msg error -32 req 02 val 2b00
[  160.188826][ T5829] pwc: recv_control_msg error -32 req 02 val 2700
[  160.196442][ T5829] pwc: recv_control_msg error -32 req 02 val 2c00
[  160.221253][ T5829] pwc: recv_control_msg error -32 req 04 val 1000
[  160.254018][ T5829] pwc: recv_control_msg error -32 req 04 val 1300
[  160.334322][ T5829] pwc: recv_control_msg error -32 req 04 val 1400
[  160.412137][ T5829] pwc: recv_control_msg error -32 req 02 val 2000
[  160.538791][ T5829] pwc: recv_control_msg error -32 req 02 val 2100
[  160.918927][ T5829] pwc: recv_control_msg error -32 req 04 val 1500
[  160.977344][ T5829] pwc: recv_control_msg error -71 req 02 val 2500
[  161.019742][ T5829] pwc: recv_control_msg error -71 req 02 val 2400
[  161.051791][ T5829] pwc: recv_control_msg error -71 req 02 val 2600
[  161.058153][   T25] usb 4-1: USB disconnect, device number 2
[  161.068598][ T5829] pwc: recv_control_msg error -71 req 02 val 2900
[  161.082825][ T5829] pwc: recv_control_msg error -71 req 02 val 2800
[  161.093530][ T5829] pwc: recv_control_msg error -71 req 04 val 1100
[  161.134779][ T5829] pwc: recv_control_msg error -71 req 04 val 1200
[  161.142392][ T7149] sch_tbf: peakrate 8 is lower than or equals to rate 12 !
[  161.193288][ T5829] pwc: Registered as video103.
[  161.229177][ T5829] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input15
[  161.297850][ T5829] usb 5-1: USB disconnect, device number 8
[  161.486666][ T7144] loop0: detected capacity change from 0 to 40427
[  162.158962][ T7144] F2FS-fs (loop0): invalid crc value
[  162.246234][ T7144] F2FS-fs (loop0): Found nat_bits in checkpoint
[  162.298414][ T7163] loop4: detected capacity change from 0 to 4096
[  162.410783][ T7152] loop1: detected capacity change from 0 to 32768
[  162.414482][ T7144] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  162.467369][ T7174] netlink: 28 bytes leftover after parsing attributes in process `syz.2.391'.
[  162.978287][ T7152] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  163.249705][ T5836] Bluetooth: hci0: command tx timeout
[  163.288001][ T7152] XFS (loop1): Ending clean mount
[  163.411415][   T29] audit: type=1800 audit(1731336730.185:4): pid=7152 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.385" name="bus" dev="loop1" ino=6153 res=0 errno=0
[  163.414144][ T7166] loop3: detected capacity change from 0 to 32768
[  163.439855][ T7166] (syz.3.390,7166,0):ocfs2_parse_options:1448 ERROR: Unrecognized mount option "hartbeat=none" or missing value
[  163.453107][ T7166] (syz.3.390,7166,0):ocfs2_fill_super:1178 ERROR: status = -22
[  163.461823][   T29] audit: type=1800 audit(1731336730.203:5): pid=7187 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.385" name="file1" dev="loop1" ino=6150 res=0 errno=0
[  163.564541][ T5823] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  163.793573][ T7166] loop3: detected capacity change from 0 to 512
[  163.834976][ T7166] ext4: Unknown parameter 'uid'
[  165.574431][ T5829] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  165.763145][ T7213] netlink: 28 bytes leftover after parsing attributes in process `syz.1.402'.
[  166.354892][ T5829] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  166.452592][ T5829] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  166.553315][ T5829] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  166.620089][ T5829] usb 5-1: config 0 descriptor??
[  166.647964][ T5829] pwc: Askey VC010 type 2 USB webcam detected.
[  166.852772][ T5829] pwc: send_video_command error -71
[  166.858033][ T5829] pwc: Failed to set video mode CIF@30 fps; return code = -71
[  166.897255][ T5829] Philips webcam 5-1:0.0: probe with driver Philips webcam failed with error -71
[  166.975240][ T5829] usb 5-1: USB disconnect, device number 9
[  166.983794][ T7222] loop2: detected capacity change from 0 to 32768
[  167.003416][ T7222] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.406 (7222)
[  167.020484][ T7222] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  167.039498][ T7222] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  167.054820][ T7222] BTRFS info (device loop2): using free-space-tree
[  167.305904][    T8] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  167.430061][ T5829] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  167.551132][ T5826] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  167.562201][    T8] usb 4-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice= 0.00
[  167.565008][ T4757] BTRFS info (device loop2): qgroup scan completed (inconsistency flag cleared)
[  167.590205][    T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  167.604402][ T5829] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  167.615010][ T5829] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  167.626138][ T5829] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  167.635879][    T8] usb 4-1: config 0 descriptor??
[  167.671212][ T5829] usb 5-1: config 0 descriptor??
[  167.694079][ T5829] pwc: Askey VC010 type 2 USB webcam detected.
[  168.090698][    T8] playstation 0003:054C:0DF2.0002: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.3-1/input0
[  168.209472][ T5829] pwc: recv_control_msg error -32 req 02 val 2b00
[  168.231321][ T5829] pwc: recv_control_msg error -32 req 02 val 2700
[  168.300732][ T5829] pwc: recv_control_msg error -32 req 02 val 2c00
[  168.325256][ T5829] pwc: recv_control_msg error -32 req 04 val 1000
[  168.335228][    T8] playstation 0003:054C:0DF2.0002: Failed to retrieve feature with reportID 9: -32
[  168.344856][    T8] playstation 0003:054C:0DF2.0002: Failed to retrieve DualSense pairing info: -32
[  168.354409][    T8] playstation 0003:054C:0DF2.0002: Failed to get MAC address from DualSense
[  168.363271][    T8] playstation 0003:054C:0DF2.0002: Failed to create dualsense.
[  168.429983][ T5829] pwc: recv_control_msg error -32 req 04 val 1300
[  168.463162][ T5829] pwc: recv_control_msg error -32 req 04 val 1400
[  168.476010][    T8] playstation 0003:054C:0DF2.0002: probe with driver playstation failed with error -32
[  168.509330][ T5829] pwc: recv_control_msg error -32 req 02 val 2000
[  168.520833][ T5829] pwc: recv_control_msg error -32 req 02 val 2100
[  168.879671][ T5829] pwc: recv_control_msg error -71 req 02 val 2500
[  168.923606][ T5829] pwc: recv_control_msg error -71 req 02 val 2400
[  168.930446][ T5829] pwc: recv_control_msg error -71 req 02 val 2600
[  168.938832][ T5829] pwc: recv_control_msg error -71 req 02 val 2900
[  168.963206][ T5829] pwc: recv_control_msg error -71 req 02 val 2800
[  168.971058][ T7251] loop2: detected capacity change from 0 to 32768
[  168.981022][ T5829] pwc: recv_control_msg error -71 req 04 val 1100
[  169.001446][ T5829] pwc: recv_control_msg error -71 req 04 val 1200
[  169.026732][ T5829] pwc: Registered as video103.
[  169.042549][ T5829] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input16
[  169.079386][ T7251] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  169.081799][ T5829] usb 5-1: USB disconnect, device number 10
[  169.237873][ T7251] XFS (loop2): Ending clean mount
[  169.271879][ T7251] XFS (loop2): Quotacheck needed: Please wait.
[  169.363025][ T7251] XFS (loop2): Quotacheck: Done.
[  170.503962][ T5826] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  170.525368][ T5842] Bluetooth: hci1: command tx timeout
[  170.696418][   T55] Bluetooth: hci4: command 0x0405 tx timeout
[  171.350995][ T7285] loop2: detected capacity change from 0 to 32768
[  171.374482][ T5842] Bluetooth: hci2: command tx timeout
[  171.407495][ T7279] netlink: 28 bytes leftover after parsing attributes in process `syz.0.415'.
[  171.462283][ T7285] XFS (loop2): DAX unsupported by block device. Turning off DAX.
[  171.520008][ T7285] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  171.826702][ T7285] XFS (loop2): Ending clean mount
[  171.873115][ T7285] XFS (loop2): Quotacheck needed: Please wait.
[  171.909222][ T5877] usb 4-1: USB disconnect, device number 3
[  172.253474][ T7285] XFS (loop2): Quotacheck: Done.
[  172.535825][ T7294] loop1: detected capacity change from 0 to 32768
[  173.448015][ T7294] XFS (loop1): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  173.480684][ T5826] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  173.533625][ T5836] Bluetooth: hci1: Ignoring HCI_Sync_Conn_Complete event for existing connection
[  173.561781][ T7294] XFS (loop1): Ending clean mount
[  174.720134][ T7333] netlink: 28 bytes leftover after parsing attributes in process `syz.0.428'.
[  174.891209][ T7340] loop3: detected capacity change from 0 to 1024
[  174.996030][ T5823] XFS (loop1): Unmounting Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  175.789734][ T5836] Bluetooth: hci1: command tx timeout
[  176.345422][ T5908] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  176.527931][ T5908] usb 2-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice= 0.00
[  176.634856][ T5908] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  176.780195][ T5908] usb 2-1: config 0 descriptor??
[  177.307070][ T5908] playstation 0003:054C:0DF2.0003: hidraw0: USB HID v1.01 Device [HID 054c:0df2] on usb-dummy_hcd.1-1/input0
[  177.522796][ T5908] playstation 0003:054C:0DF2.0003: Failed to retrieve feature with reportID 9: -32
[  177.537629][ T5908] playstation 0003:054C:0DF2.0003: Failed to retrieve DualSense pairing info: -32
[  177.547551][ T5908] playstation 0003:054C:0DF2.0003: Failed to get MAC address from DualSense
[  177.568723][ T5908] playstation 0003:054C:0DF2.0003: Failed to create dualsense.
[  177.592005][ T5908] playstation 0003:054C:0DF2.0003: probe with driver playstation failed with error -32
[  177.661542][ T5836] Bluetooth: hci0: Ignoring HCI_Sync_Conn_Complete event for existing connection
[  178.136631][   T11] hfsplus: b-tree write err: -5, ino 8
[  178.533822][ T7362] netlink: 8 bytes leftover after parsing attributes in process `syz.4.437'.
[  178.666643][ T5880] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  178.997575][ T5880] usb 3-1: Using ep0 maxpacket: 32
[  179.019098][ T5880] usb 3-1: config index 0 descriptor too short (expected 29220, got 36)
[  179.052565][ T5880] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32
[  179.063956][ T5880] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  179.074595][ T5880] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 81
[  179.092193][ T5880] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40
[  179.103318][ T5880] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  179.114065][ T5880] usb 3-1: config 0 descriptor??
[  179.174083][ T7372] netlink: 28 bytes leftover after parsing attributes in process `syz.3.440'.
[  179.223610][ T5880] usb 2-1: USB disconnect, device number 3
[  179.645201][ T7380] netlink: 4 bytes leftover after parsing attributes in process `syz.3.442'.
[  179.658806][ T7380] netlink: 12 bytes leftover after parsing attributes in process `syz.3.442'.
[  179.810501][ T5836] Bluetooth: hci0: command tx timeout
[  179.841297][ T5836] Bluetooth: hci4: command 0x0405 tx timeout
[  181.706762][ T5877] usb 3-1: USB disconnect, device number 6
[  181.984496][ T7403] netlink: 8 bytes leftover after parsing attributes in process `syz.3.450'.
[  182.179029][ T5836] Bluetooth: hci4: command 0x0405 tx timeout
[  182.660073][ T7388] loop1: detected capacity change from 0 to 32768
[  182.694215][ T7388] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.446 (7388)
[  182.835046][ T7388] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  182.856244][ T7388] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  182.864927][ T7388] BTRFS info (device loop1): using free-space-tree
[  184.060458][ T7436] netlink: 4 bytes leftover after parsing attributes in process `syz.2.456'.
[  184.073861][ T7436] netlink: 12 bytes leftover after parsing attributes in process `syz.2.456'.
[  184.662871][ T5842] Bluetooth: hci4: command 0x0405 tx timeout
[  184.938440][ T5823] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  185.463734][ T7451] binder: 7449:7451 ioctl c0306201 200001c0 returned -22
[  185.545309][ T7455] netlink: 4 bytes leftover after parsing attributes in process `syz.1.458'.
[  186.323284][ T7461] loop4: detected capacity change from 0 to 2048
[  186.486419][ T7461] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  186.564852][ T7461] EXT4-fs error (device loop4): ext4_lookup:1813: inode #15: comm syz.4.464: iget: bad extra_isize 512 (inode size 256)
[  186.654076][ T5838] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  186.967151][ T7481] loop4: detected capacity change from 0 to 4096
[  187.533476][ T7478] loop2: detected capacity change from 0 to 32768
[  187.574768][ T7478] XFS: attr2 mount option is deprecated.
[  187.944516][ T7478] XFS: ikeep mount option is deprecated.
[  188.243116][ T7478] XFS: noikeep mount option is deprecated.
[  188.342718][ T7478] XFS (loop2): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  188.471154][ T7478] XFS (loop2): Ending clean mount
[  188.515003][ T7478] XFS (loop2): Quotacheck needed: Please wait.
[  188.635898][ T7478] XFS (loop2): Quotacheck: Done.
[  188.751342][   T29] audit: type=1804 audit(1731336753.860:6): pid=7478 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.471" name="/newroot/100/file1/file1" dev="loop2" ino=1062 res=1 errno=0
[  188.832636][ T7490] loop0: detected capacity change from 0 to 32768
[  188.918387][ T7488] loop4: detected capacity change from 0 to 40427
[  188.975124][ T7488] F2FS-fs (loop4): build fault injection attr: rate: 771, type: 0x1fffff
[  188.984065][ T5826] XFS (loop2): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  189.053794][ T7488] F2FS-fs (loop4): invalid crc value
[  189.092794][ T7488] F2FS-fs (loop4): Found nat_bits in checkpoint
[  189.302968][ T7488] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  189.392060][ T7514] f2fs_ckpt-7:4: attempt to access beyond end of device
[  189.392060][ T7514] loop4: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  189.432475][ T7514] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  189.449387][ T7514] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  189.480984][ T7519] loop1: detected capacity change from 0 to 4096
[  189.677105][ T7508] loop3: detected capacity change from 0 to 32768
[  189.753056][ T5880] usb 3-1: new full-speed USB device number 7 using dummy_hcd
[  189.792918][ T7529] loop0: detected capacity change from 0 to 2048
[  189.798672][ T7508] XFS (loop3): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  189.823683][ T7534] loop1: detected capacity change from 0 to 1024
[  189.831297][ T7534] EXT4-fs: inline encryption not supported
[  189.847926][ T7534] EXT4-fs (loop1): Test dummy encryption mode enabled
[  189.920725][ T7508] XFS (loop3): Ending clean mount
[  189.929626][ T7534] EXT4-fs (loop1): stripe (6) is not aligned with cluster size (16), stripe is disabled
[  189.984165][   T29] audit: type=1800 audit(1731336755.019:7): pid=7508 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.479" name="file1" dev="loop3" ino=1062 res=0 errno=0
[  189.984955][ T7529] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  190.019067][ T7529] ext4 filesystem being mounted at /115/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  190.059997][ T7534] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  190.095654][ T5880] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  190.109436][ T5880] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2
[  190.119293][ T5880] usb 3-1: New USB device found, idVendor=05d8, idProduct=810a, bcdDevice=92.b8
[  190.129441][ T5824] XFS (loop3): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  190.149545][ T5880] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  190.363666][ T5823] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  190.393396][    T8] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  190.421024][ T5880] usb 3-1: config 0 descriptor??
[  190.432146][ T5880] dvb-usb: found a 'Artec T1 USB2.0' in warm state.
[  190.561117][ T5880] dvb-usb: bulk message failed: -22 (3/0)
[  190.574872][    T8] usb 5-1: Using ep0 maxpacket: 8
[  190.682143][    T8] usb 5-1: config 0 has an invalid interface number: 194 but max is 0
[  190.739049][    T8] usb 5-1: config 0 has no interface number 0
[  190.775534][    T8] usb 5-1: config 0 interface 194 altsetting 132 has an endpoint descriptor with address 0xC7, changing to 0x87
[  190.821514][    T8] usb 5-1: config 0 interface 194 altsetting 132 bulk endpoint 0x87 has invalid maxpacket 64
[  190.837006][ T5880] dvb-usb: will use the device's hardware PID filter (table count: 16).
[  191.008657][    T8] usb 5-1: config 0 interface 194 has no altsetting 0
[  191.018101][ T5880] dvbdev: DVB: registering new adapter (Artec T1 USB2.0)
[  191.026646][ T5880] usb 3-1: media controller created
[  191.033951][    T8] usb 5-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=26.d9
[  191.048811][ T5880] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  191.057253][    T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  191.071551][    T8] usb 5-1: Product: syz
[  191.080270][    T8] usb 5-1: Manufacturer: syz
[  191.084891][    T8] usb 5-1: SerialNumber: syz
[  191.095311][ T5880] dvb-usb: bulk message failed: -22 (6/0)
[  191.818617][ T5880] dvb-usb: no frontend was attached by 'Artec T1 USB2.0'
[  191.832722][    T8] usb 5-1: config 0 descriptor??
[  191.839938][ T7543] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  191.868490][ T5880] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input17
[  191.882594][ T5880] dvb-usb: schedule remote query interval to 150 msecs.
[  191.918975][ T7554] loop1: detected capacity change from 0 to 1024
[  191.930523][ T7554] EXT4-fs: inline encryption not supported
[  191.987191][ T5827] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  191.987744][ T7554] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  192.007104][ T5880] dvb-usb: Artec T1 USB2.0 successfully initialized and connected.
[  192.045207][ T7554] Process accounting resumed
[  192.088958][ T5880] usb 3-1: USB disconnect, device number 7
[  192.214825][ T7564] loop3: detected capacity change from 0 to 512
[  192.300945][ T7564] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.495: corrupted in-inode xattr: invalid ea_ino
[  192.500909][ T7564] EXT4-fs error (device loop3): ext4_orphan_get:1394: comm syz.3.495: couldn't read orphan inode 15 (err -117)
[  192.720932][ T5823] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  192.728766][ T7564] EXT4-fs (loop3): mounted filesystem 00000007-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  192.838167][ T5824] EXT4-fs (loop3): unmounting filesystem 00000007-0000-0000-0000-000000000000.
[  192.874689][    T8] usb 5-1: USB disconnect, device number 11
[  192.908812][ T5880] dvb-usb: Artec T1 USB2.0 successfully deinitialized and disconnected.
[  192.984434][ T7571] loop0: detected capacity change from 0 to 512
[  193.033152][ T7571] EXT4-fs error (device loop0): ext4_orphan_get:1389: inode #15: comm syz.0.498: casefold flag without casefold feature
[  193.049408][ T7571] EXT4-fs error (device loop0): ext4_orphan_get:1394: comm syz.0.498: couldn't read orphan inode 15 (err -117)
[  193.074399][ T7571] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  193.175379][ T5827] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  193.237200][ T5829] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  193.250895][ T7581] loop0: detected capacity change from 0 to 1024
[  193.263293][ T7581] EXT4-fs: inline encryption not supported
[  193.270690][ T7581] EXT4-fs (loop0): Test dummy encryption mode enabled
[  193.286187][ T7581] EXT4-fs (loop0): stripe (6) is not aligned with cluster size (16), stripe is disabled
[  193.311021][ T7581] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  193.366542][ T5827] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  193.397381][    T8] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  193.419860][ T5829] usb 2-1: too many configurations: 9, using maximum allowed: 8
[  193.460373][ T5829] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  193.514693][ T5829] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  193.552079][ T5829] usb 2-1: config 0 interface 0 has no altsetting 0
[  193.618414][ T5829] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  193.635086][    T8] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  193.645728][ T5829] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  193.665041][    T8] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  193.861418][ T5829] usb 2-1: config 0 interface 0 has no altsetting 0
[  194.599047][    T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  194.609422][ T5829] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  194.629467][    T8] usb 4-1: config 0 descriptor??
[  194.651059][    T8] pwc: Askey VC010 type 2 USB webcam detected.
[  194.670292][ T5829] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  195.032741][ T5829] usb 2-1: config 0 interface 0 has no altsetting 0
[  195.040867][    T8] pwc: send_video_command error -71
[  195.056787][    T8] pwc: Failed to set video mode CIF@30 fps; return code = -71
[  195.065496][    T8] Philips webcam 4-1:0.0: probe with driver Philips webcam failed with error -71
[  195.093575][    T8] usb 4-1: USB disconnect, device number 4
[  195.099844][ T5829] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  195.109185][ T5829] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  195.120173][ T5829] usb 2-1: config 0 interface 0 has no altsetting 0
[  195.130361][ T7595] loop4: detected capacity change from 0 to 512
[  195.148216][ T7595] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  195.166518][ T5829] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  195.175691][ T5829] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  195.187711][ T5829] usb 2-1: config 0 interface 0 has no altsetting 0
[  195.197214][ T5829] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  195.207796][ T5829] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  195.216323][ T7595] EXT4-fs (loop4): 1 truncate cleaned up
[  195.218796][ T5829] usb 2-1: config 0 interface 0 has no altsetting 0
[  195.225811][ T7595] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  195.233755][ T5829] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  195.260382][ T5829] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  195.282190][ T5829] usb 2-1: config 0 interface 0 has no altsetting 0
[  195.303016][ T5829] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9
[  195.317305][ T5829] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  195.667650][ T7603] netlink: 16 bytes leftover after parsing attributes in process `syz.2.506'.
[  196.161936][ T5829] usb 2-1: config 0 interface 0 has no altsetting 0
[  196.177779][ T5829] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  196.186860][ T5829] usb 2-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  196.195308][ T5829] usb 2-1: Product: syz
[  196.199550][ T5829] usb 2-1: Manufacturer: syz
[  196.204163][ T5829] usb 2-1: SerialNumber: syz
[  196.211276][ T5829] usb 2-1: config 0 descriptor??
[  196.222887][ T5829] yurex 2-1:0.0: USB YUREX device now attached to Yurex #0
[  196.323217][ T5838] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  196.517730][ T5829] usb 2-1: USB disconnect, device number 4
[  196.561148][    T8] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  196.621242][ T5829] yurex 2-1:0.0: USB YUREX #0 now disconnected
[  197.531661][ T7618] loop4: detected capacity change from 0 to 2048
[  198.022587][ T7618] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a002e018, mo2=0002]
[  198.063687][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  198.070435][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  198.293404][ T7618] System zones: 0-4
[  198.362118][ T7618] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  198.422054][ T7618] ext4 filesystem being mounted at /85/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  198.536057][ T5838] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  198.747774][ T7647] BFS-fs: bfs_fill_super(): No BFS filesystem on nullb0 (magic=00000000)
[  198.887303][ T7650] block device autoloading is deprecated and will be removed.
[  198.976194][ T7636] loop3: detected capacity change from 0 to 32768
[  199.011279][ T7636] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.518 (7636)
[  199.035457][ T7636] BTRFS info (device loop3): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  199.067761][ T7636] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  199.095353][ T7636] BTRFS info (device loop3): using free-space-tree
[  200.001770][ T7689] loop0: detected capacity change from 0 to 4096
[  200.211528][ T5824] BTRFS info (device loop3): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  200.265740][ T7649] loop4: detected capacity change from 0 to 32768
[  200.292790][ T5836] Bluetooth: hci2: command 0x0406 tx timeout
[  200.298957][ T5836] Bluetooth: hci3: command 0x0406 tx timeout
[  200.332580][ T5836] Bluetooth: hci0: command 0x0406 tx timeout
[  200.339827][ T5836] Bluetooth: hci1: command 0x0406 tx timeout
[  200.352260][ T7689] loop0: detected capacity change from 0 to 40427
[  200.368242][ T7689] F2FS-fs (loop0): Wrong SIT boundary, start(1536) end(50334208) blocks(1024)
[  200.377516][ T7689] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  200.414923][ T7649] bcachefs (/dev/loop4): error reading default superblock: checksum error, type crc32c_nonzero: got 8c1ca219 should be 29d2fb78
[  200.423449][ T7689] F2FS-fs (loop0): invalid crc value
[  200.481108][ T7689] F2FS-fs (loop0): Found nat_bits in checkpoint
[  201.463541][ T7649] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=errors=continue,compression=lz4,nojournal_transaction_names
[  201.479168][ T7689] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  201.486224][ T7689] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  201.511106][ T5907] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  201.553935][ T7649] bcachefs (loop4): recovering from clean shutdown, journal seq 7
[  201.567875][ T7649] bcachefs (loop4): Doing compatible version upgrade from 1.7: mi_btree_bitmap to 1.13: inode_has_child_snapshots
[  201.567875][ T7649]   running recovery passes: check_allocations,check_inodes
[  201.690377][ T7649] invalid bkey u64s 10 type extent 536870914:8:U32_MAX len 8 ver 0: durability: 0 ptr: 121:7915474179906 gen 122 cached ptr: 103:6968418162322 gen 101 crc: c_size 92 size 26 offset 51 nonce 0 csum crc32c 0:31333139  compress lz4 crc: c_size 77 size 29 offset 51 nonce 0 csum (unknown csum_type 15) 0:656c6966  compress gzip ec: idx 103930016947 block 121
[  201.690429][ T7649]   checksum offset + key size > uncompressed size: delete?, fixing
[  201.725967][ T5907] usb 2-1: Using ep0 maxpacket: 32
[  201.737580][ T5907] usb 2-1: config 0 has an invalid interface number: 219 but max is 0
[  201.737612][ T5907] usb 2-1: config 0 has no interface number 0
[  201.737639][ T5907] usb 2-1: config 0 interface 219 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  201.737660][ T5907] usb 2-1: config 0 interface 219 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B
[  201.737686][ T5907] usb 2-1: config 0 interface 219 altsetting 0 endpoint 0x8B has invalid maxpacket 28739, setting to 1024
[  201.737711][ T5907] usb 2-1: config 0 interface 219 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024
[  201.737734][ T5907] usb 2-1: config 0 interface 219 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  201.743823][ T5907] usb 2-1: New USB device found, idVendor=108c, idProduct=0169, bcdDevice=75.b9
[  201.843505][ T7649] invalid bkey u64s 11 type alloc_v4 0:14:0 len 0 ver 0: 
[  201.843525][ T7649]   gen 0 oldest_gen 0 data_type journal
[  201.843536][ T7649]   journal_seq       1
[  201.843546][ T7649]   need_discard      1
[  201.843555][ T7649]   need_inc_gen      1
[  201.843565][ T7649]   dirty_sectors     256
[  201.843575][ T7649]   stripe_sectors    0
[  201.843585][ T7649]   cached_sectors    0
[  201.843594][ T7649]   stripe            67108864
[  201.843605][ T7649]   stripe_redundancy 0
[  201.843614][ T7649]   io_time[READ]     1
[  201.843624][ T7649]   io_time[WRITE]    1
[  201.843633][ T7649]   fragmentation     0
[  201.843643][ T7649]   bp_start          8
[  201.843653][ T7649] 
[  201.843662][ T7649]   invalid data type (got 2 should be 7): delete?, fixing
[  201.865847][ T5907] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  201.926401][ T5907] usb 2-1: Product: syz
[  201.936339][ T5907] usb 2-1: Manufacturer: syz
[  201.941288][ T5907] usb 2-1: SerialNumber: syz
[  201.991847][ T5907] usb 2-1: config 0 descriptor??
[  202.036392][ T7649] bcachefs (loop4): accounting_read...
[  202.046891][ T7703] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  202.088815][ T7649]  done
[  202.091945][ T7649] bcachefs (loop4): alloc_read... done
[  202.108829][ T7649] bcachefs (loop4): stripes_read... done
[  202.114848][ T7649] bcachefs (loop4): snapshots_read... done
[  202.131182][ T7649] bcachefs (loop4): check_allocations...
[  202.156566][ T7649] btree ptr not marked in member info btree allocated bitmap
[  202.156608][ T7649]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 75277f57b0c8c24 written 32 min_key POS_MIN durability: 1 ptr: 0:26:0 gen 0, fixing
[  202.254739][ T7719] netlink: 8280 bytes leftover after parsing attributes in process `syz.2.539'.
[  202.270855][ T7719] netlink: 8280 bytes leftover after parsing attributes in process `syz.2.539'.
[  202.658988][ T7720] loop2: detected capacity change from 0 to 40427
[  203.162263][ T7720] F2FS-fs (loop2): Wrong secs_per_zone / total_sections (0, 24)
[  203.170007][ T7720] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  203.181563][ T7720] F2FS-fs (loop2): Unrecognized mount option "ÿÿÿÿÿÿÿÿÿÿ" or missing value
[  203.195596][ T7649] btree ptr not marked in member info btree allocated bitmap
[  203.195617][ T7649]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 19bc58a6c09b6540 written 24 min_key POS_MIN durability: 1 ptr: 0:38:0 gen 0, fixing
[  203.348757][ T7649] btree ptr not marked in member info btree allocated bitmap
[  203.348778][ T7649]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c18f4a4face03c6 written 24 min_key POS_MIN durability: 1 ptr: 0:41:0 gen 0, fixing
[  203.355771][ T5907] etas_es58x 2-1:0.219: Starting syz syz (Serial Number syz)
[  203.415612][ T7649] btree ptr not marked in member info btree allocated bitmap
[  203.415629][ T7649]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 7675f41d391e5d36 written 16 min_key POS_MIN durability: 1 ptr: 0:35:0 gen 0, fixing
[  203.460947][ T7649] btree ptr not marked in member info btree allocated bitmap
[  203.460964][ T7649]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq bcb9905dfb2993d5 written 16 min_key POS_MIN durability: 1 ptr: 0:32:0 gen 0, fixing
[  203.575328][ T7649] btree ptr not marked in member info btree allocated bitmap
[  203.575348][ T7649]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq 9a831b4a3f983356 written 32 min_key POS_MIN durability: 1 ptr: 0:29:0 gen 0, fixing
[  203.621762][ T7649] bucket 0:14 gen 0 has wrong data_type: got free, should be journal, fixing
[  203.641545][ T7649] bucket 0:14 gen 0 data type journal has wrong dirty_sectors: got 0, should be 256, fixing
[  203.780918][ T7649]  done
[  203.815122][ T7649] bcachefs (loop4): going read-write
[  203.827776][ T7649] bcachefs (loop4): journal_replay...
[  203.852868][ T7732] loop3: detected capacity change from 0 to 1024
[  203.906111][ T7732] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  203.986241][ T7731] loop2: detected capacity change from 0 to 4096
[  204.013948][ T7731] NILFS (loop2): invalid segment: Checksum error in segment payload
[  204.022264][ T7731] NILFS (loop2): trying rollback from an earlier position
[  204.052912][ T7649]  done
[  204.060798][ T7649] bcachefs (loop4): check_inodes... done
[  204.068583][ T7731] NILFS (loop2): recovery complete
[  204.093036][ T7649] bcachefs (loop4): resume_logged_ops... done
[  204.108584][ T7739] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  204.119434][ T7649] bcachefs (loop4): delete_dead_inodes... done
[  204.137743][ T7649] bcachefs (loop4): Fixed errors, running fsck a second time to verify fs is clean
[  204.175414][ T7649] bcachefs (loop4): check_inodes... done
[  204.201288][ T7649] bcachefs (loop4): resume_logged_ops... done
[  204.232624][ T7649] bcachefs (loop4): delete_dead_inodes... done
[  204.271201][ T7649] bcachefs (loop4): bch2_copygc_start(): error creating copygc thread EINTR
[  204.309912][ T7649] bcachefs (loop4): error starting copygc thread
[  204.327651][ T7649] bcachefs (loop4): bch2_fs_start(): error starting filesystem EINTR
[  204.345282][ T7649] bcachefs (loop4): shutting down
[  204.358865][ T7649] bcachefs (loop4): going read-only
[  204.374098][ T7649] bcachefs (loop4): finished waiting for writes to stop
[  204.400152][ T7649] bcachefs (loop4): flushing journal and stopping allocators, journal seq 16
[  204.411872][ T7745] netlink: 4 bytes leftover after parsing attributes in process `syz.0.545'.
[  204.429329][ T7649] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 16
[  204.459641][ T7649] bcachefs (loop4): shutdown complete, journal seq 17
[  204.485583][ T7649] bcachefs (loop4): marking filesystem clean
[  204.564420][ T7649] bcachefs (loop4): shutdown complete
[  204.985628][ T5878] usb 2-1: USB disconnect, device number 5
[  206.044025][ T7735] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters
[  206.777523][ T7758] loop0: detected capacity change from 0 to 512
[  206.791081][ T7758] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  206.834831][ T7758] EXT4-fs (loop0): 1 truncate cleaned up
[  206.881637][ T7758] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  207.075056][ T5880] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  208.708470][ T5880] usb 3-1: config index 0 descriptor too short (expected 45, got 36)
[  208.716876][ T5880] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  208.736885][ T5880] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  208.785826][ T5880] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024
[  208.896651][ T5880] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  208.914055][ T5880] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  208.923589][ T5880] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  208.946101][ T5880] usb 3-1: config 0 descriptor??
[  208.951910][ T7759] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  209.017522][ T5827] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  210.055885][   T53] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 616 with error 28
[  210.069666][   T53] EXT4-fs (loop3): This should not happen!! Data will be lost
[  210.069666][   T53] 
[  210.081037][   T53] EXT4-fs (loop3): Total free blocks count 0
[  210.087515][   T53] EXT4-fs (loop3): Free/Dirty block details
[  210.093804][   T53] EXT4-fs (loop3): free_blocks=68451041280
[  210.101676][   T53] EXT4-fs (loop3): dirty_blocks=624
[  210.107490][   T53] EXT4-fs (loop3): Block reservation details
[  210.113600][   T53] EXT4-fs (loop3): i_reserved_data_blocks=39
[  210.136446][   T53] EXT4-fs (loop3): Delayed block allocation failed for inode 18 at logical offset 160 with max blocks 4 with error 28
[  210.151626][   T53] EXT4-fs (loop3): This should not happen!! Data will be lost
[  210.151626][   T53] 
[  210.248051][ T7778] loop0: detected capacity change from 0 to 512
[  210.256615][ T5880] plantronics 0003:047F:FFFF.0004: unknown main item tag 0xd
[  210.265409][ T5880] plantronics 0003:047F:FFFF.0004: No inputs registered, leaving
[  210.283951][ T5880] plantronics 0003:047F:FFFF.0004: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  210.295229][ T7778] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  210.315166][ T7778] EXT4-fs (loop0): 1 truncate cleaned up
[  210.329646][ T7778] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  210.520279][ T7784] netlink: 4 bytes leftover after parsing attributes in process `syz.1.556'.
[  210.559033][ T5907] usb 3-1: USB disconnect, device number 8
[  210.577265][ T7649] bcachefs: bch2_fs_get_tree() error: EINTR
[  210.629240][ T7649] syz.4.521 (7649) used greatest stack depth: 11616 bytes left
[  211.263859][ T7792] loop1: detected capacity change from 0 to 128
[  211.309110][ T7792] qnx6: superblock #1 checksum error
[  211.894923][ T7794] loop4: detected capacity change from 0 to 1024
[  211.945984][ T7794] EXT4-fs: inline encryption not supported
[  211.960001][ T7794] EXT4-fs (loop4): Test dummy encryption mode enabled
[  212.138092][ T7794] EXT4-fs (loop4): stripe (6) is not aligned with cluster size (16), stripe is disabled
[  212.324109][ T7794] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  213.036825][ T7803] loop1: detected capacity change from 0 to 512
[  213.058504][ T5838] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  213.086359][ T7803] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  213.180580][ T7803] EXT4-fs (loop1): 1 truncate cleaned up
[  213.187539][ T7803] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  215.628532][ T7821] loop2: detected capacity change from 0 to 8
[  215.882188][ T7821] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  216.305283][ T5827] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  216.320390][ T5823] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  216.417341][ T7824] netlink: 16 bytes leftover after parsing attributes in process `syz.4.570'.
[  216.427226][ T7824] netlink: 4 bytes leftover after parsing attributes in process `syz.4.570'.
[  216.445324][ T7820] cramfs: Error -3 while decompressing!
[  216.452386][ T7820] cramfs: ffffffff9a4f2382(26)->ffff88805582b000(4096)
[  216.460038][ T7820] cramfs: Error -3 while decompressing!
[  216.465729][ T7820] cramfs: ffffffff9a4f239c(16)->ffff888076fb0000(4096)
[  216.473265][ T7820] cramfs: Error -3 while decompressing!
[  216.479181][ T7820] cramfs: ffffffff9a4f2382(26)->ffff88805582b000(4096)
[  216.486301][   T29] audit: type=1800 audit(1731336779.826:8): pid=7820 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.567" name="file2" dev="loop2" ino=348 res=0 errno=0
[  216.554302][ T7819] loop3: detected capacity change from 0 to 32768
[  216.624406][ T7832] netlink: 4 bytes leftover after parsing attributes in process `syz.0.568'.
[  216.687070][ T7819] XFS (loop3): Mounting V5 Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415
[  216.833613][ T7819] XFS (loop3): Ending clean mount
[  216.895025][ T7819] XFS (loop3): Quotacheck needed: Please wait.
[  217.849787][ T7819] XFS (loop3): Quotacheck: Done.
[  217.872180][ T7852] loop1: detected capacity change from 0 to 1024
[  217.886108][ T7852] EXT4-fs: inline encryption not supported
[  217.996122][ T7859] loop2: detected capacity change from 0 to 512
[  218.015263][ T5824] XFS (loop3): Unmounting Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415
[  218.025515][ T7852] EXT4-fs (loop1): Test dummy encryption mode enabled
[  218.042514][ T7859] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  218.090463][ T7852] EXT4-fs (loop1): stripe (6) is not aligned with cluster size (16), stripe is disabled
[  218.134743][ T7852] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  218.158291][ T7859] EXT4-fs (loop2): 1 truncate cleaned up
[  218.164813][ T7859] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  218.252801][ T5880] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  218.676040][ T5823] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  218.808541][ T5880] usb 1-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice= 0.00
[  218.817639][ T5880] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  219.009432][ T7870] sch_tbf: peakrate 8 is lower than or equals to rate 12 !
[  219.029121][ T5880] usb 1-1: config 0 descriptor??
[  219.550714][ T5880] playstation 0003:054C:0DF2.0005: item fetching failed at offset 2/5
[  219.559475][ T5880] playstation 0003:054C:0DF2.0005: Parse failed
[  219.565790][ T5880] playstation 0003:054C:0DF2.0005: probe with driver playstation failed with error -22
[  219.633966][ T7868] loop1: detected capacity change from 0 to 32768
[  219.770746][ T7868] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.581 (7868)
[  219.837497][ T7873] loop4: detected capacity change from 0 to 32768
[  219.855029][ T7868] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  219.865321][ T7868] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  219.874305][ T7868] BTRFS info (device loop1): using free-space-tree
[  220.119020][ T7873] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,promote_target=invalid device 15,journal_flush_disabled,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,no_data_io
[  220.144473][ T7873] bcachefs (loop4): recovering from clean shutdown, journal seq 10
[  220.156764][ T7873] bcachefs (loop4): Version upgrade required:
[  220.156764][ T7873] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  220.156764][ T7873] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots
[  220.156764][ T7873]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance
[  220.357317][ T7873] bcachefs (loop4): dropping and reconstructing all alloc info
[  220.399079][ T7873] bcachefs (loop4): check_topology... done
[  220.409445][ T7877] loop3: detected capacity change from 0 to 32768
[  220.427700][ T7873] bcachefs (loop4): accounting_read... done
[  220.439787][ T7873] bcachefs (loop4): alloc_read... done
[  220.604137][ T7873] bcachefs (loop4): stripes_read... done
[  220.757144][ T7873] bcachefs (loop4): snapshots_read... done
[  220.807147][ T7873] bcachefs (loop4): bch2_fs_start(): error starting filesystem erofs_norecovery
[  220.866232][ T7873] bcachefs (loop4): shutting down
[  221.002502][ T7873] bcachefs (loop4): shutdown complete
[  221.068641][ T5826] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  221.146796][   T12] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared)
[  221.273336][ T7910] netlink: 4 bytes leftover after parsing attributes in process `syz.3.586'.
[  221.323310][ T5823] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  221.344305][ T7910] bond_slave_0: entered promiscuous mode
[  221.350002][ T7910] bond_slave_1: entered promiscuous mode
[  221.365869][ T7910] macvtap1: entered promiscuous mode
[  221.371316][ T7910] bond0: entered promiscuous mode
[  221.376951][ T7910] macvtap1: entered allmulticast mode
[  221.384783][ T7910] bond0: entered allmulticast mode
[  221.724306][ T7910] bond_slave_0: entered allmulticast mode
[  221.731616][ T7910] bond_slave_1: entered allmulticast mode
[  221.743338][ T7910] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  221.746674][ T7913] loop0: detected capacity change from 0 to 32768
[  221.758712][ T5908] usb 1-1: USB disconnect, device number 3
[  222.077684][ T7913] XFS (loop0): Mounting V5 Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415
[  222.503854][ T7913] XFS (loop0): Ending clean mount
[  222.583054][ T7913] XFS (loop0): Quotacheck needed: Please wait.
[  222.830404][ T7913] XFS (loop0): Quotacheck: Done.
[  223.720715][ T7939] loop3: detected capacity change from 0 to 2048
[  223.759914][ T5827] XFS (loop0): Unmounting Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415
[  223.778434][ T7939] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  224.055723][ T7948] loop1: detected capacity change from 0 to 512
[  224.341524][ T7948] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2240: inode #15: comm syz.1.595: corrupted in-inode xattr: invalid ea_ino
[  224.479348][ T7948] EXT4-fs error (device loop1): ext4_orphan_get:1394: comm syz.1.595: couldn't read orphan inode 15 (err -117)
[  224.711881][ T7948] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  224.799583][ T5824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  224.929494][ T7952] loop2: detected capacity change from 0 to 512
[  224.984772][ T5823] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  225.002862][ T7952] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  225.070247][ T7952] EXT4-fs (loop2): 1 truncate cleaned up
[  225.107036][ T7952] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  225.234498][ T7960] sch_tbf: peakrate 8 is lower than or equals to rate 12 !
[  225.695226][ T7964] netlink: 'syz.0.600': attribute type 13 has an invalid length.
[  225.710709][ T7964] netlink: 4 bytes leftover after parsing attributes in process `syz.0.600'.
[  226.165360][ T7873] bcachefs: bch2_fs_get_tree() error: erofs_norecovery
[  227.535479][ T7982] loop3: detected capacity change from 0 to 2048
[  227.627474][ T7982] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  227.902996][ T7977] loop0: detected capacity change from 0 to 32768
[  228.242827][ T7977] XFS (loop0): Mounting V5 Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415
[  228.369203][ T7977] XFS (loop0): Ending clean mount
[  228.433009][ T7977] XFS (loop0): Quotacheck needed: Please wait.
[  228.471850][ T5824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  228.529903][ T5826] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  228.555867][ T7980] loop1: detected capacity change from 0 to 32768
[  228.565273][ T7980] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.605 (7980)
[  228.598408][ T7977] XFS (loop0): Quotacheck: Done.
[  228.653953][ T7980] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  228.670968][ T8002] sch_tbf: peakrate 8 is lower than or equals to rate 12 !
[  228.678863][ T7980] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  228.746911][ T7980] BTRFS info (device loop1): using free-space-tree
[  228.954273][ T5827] XFS (loop0): Unmounting Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415
[  229.024829][ T8017] netlink: 'syz.2.612': attribute type 13 has an invalid length.
[  229.049361][ T8017] netlink: 4 bytes leftover after parsing attributes in process `syz.2.612'.
[  229.635403][ T7980] BTRFS info (device loop1): rebuilding free space tree
[  229.875620][ T7990] loop4: detected capacity change from 0 to 32768
[  230.048440][ T7990] ERROR: (device loop4): xtTruncate_pmap: XT_GETPAGE: xtree page corrupt
[  230.048440][ T7990] 
[  230.100568][   T29] audit: type=1800 audit(1731336792.538:9): pid=7980 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.605" name="bus" dev="loop1" ino=263 res=0 errno=0
[  230.131638][ T7990] ERROR: (device loop4): remounting filesystem as read-only
[  230.167132][ T7990] ERROR: (device loop4): jfs_rename: 
[  230.167132][ T7990] 
[  230.203801][ T5838] ERROR: (device loop4): xtTruncate: XT_GETPAGE: xtree page corrupt
[  230.203801][ T5838] 
[  230.816689][   T53] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared)
[  232.199259][ T8047] loop0: detected capacity change from 0 to 2048
[  232.283892][ T8047] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  232.308657][ T8055] loop4: detected capacity change from 0 to 128
[  232.368264][ T8055] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  232.403987][ T5823] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  232.447474][ T8055] ext4 filesystem being mounted at /97/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  232.733126][ T5838] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  232.826839][ T8056] loop2: detected capacity change from 0 to 32768
[  232.860998][ T8060] netlink: 'syz.4.624': attribute type 13 has an invalid length.
[  232.880494][ T8060] netlink: 4 bytes leftover after parsing attributes in process `syz.4.624'.
[  232.900046][ T8056] XFS (loop2): Mounting V5 Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415
[  233.063015][ T8056] XFS (loop2): Ending clean mount
[  233.074656][ T5827] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  233.083945][ T8056] XFS (loop2): Quotacheck needed: Please wait.
[  233.132723][ T8049] loop3: detected capacity change from 0 to 32768
[  233.168470][ T8049] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.621 (8049)
[  233.271108][ T8056] XFS (loop2): Quotacheck: Done.
[  234.164374][ T8049] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  234.186285][ T5826] XFS (loop2): Unmounting Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415
[  234.203163][ T8049] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  234.211914][ T8049] BTRFS info (device loop3): using free-space-tree
[  235.255301][ T5824] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  235.611619][ T8075] loop0: detected capacity change from 0 to 32768
[  235.701731][ T8075] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  235.817307][ T8075] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  237.001362][ T8075] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 5ms
[  237.297847][ T5877] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  237.305364][ T5877] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  237.604020][ T8126] loop1: detected capacity change from 0 to 2048
[  237.716721][ T8126] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  237.770616][ T5877] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 435ms
[  237.784122][ T5877] gfs2: fsid=syz:syz.0: jid=0: Done
[  237.806670][ T8075] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  237.992874][ T8075] gfs2: fsid=syz:syz.0: can't create logd thread: -4
[  238.627365][   T29] audit: type=1804 audit(1731336800.050:10): pid=8139 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.636" name="/newroot/113/file0/bus" dev="loop1" ino=18 res=1 errno=0
[  238.656688][ T5823] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  238.690179][ T8118] loop3: detected capacity change from 0 to 32768
[  238.719875][ T8141] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  238.742818][ T8141] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  239.807131][ T8118] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  239.822171][ T8118] workqueue: Failed to create a rescuer kthread for wq "xfs-log/loop3": -EINTR
[  239.822832][ T8118] XFS (loop3): log mount failed
[  242.739087][ T8161] loop0: detected capacity change from 0 to 32768
[  242.795039][ T8161] XFS (loop0): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  242.856616][ T8161] XFS (loop0): Ending clean mount
[  243.065765][   T29] audit: type=1800 audit(1731336804.670:11): pid=8161 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.641" name="file1" dev="loop0" ino=1062 res=0 errno=0
[  243.181143][ T8188] netlink: 8280 bytes leftover after parsing attributes in process `syz.2.646'.
[  243.192567][ T8188] netlink: 8280 bytes leftover after parsing attributes in process `syz.2.646'.
[  243.987214][ T5827] XFS (loop0): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  244.187640][ T8190] loop2: detected capacity change from 0 to 2048
[  244.317106][ T8190] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  245.109878][   T29] audit: type=1804 audit(1731336806.289:12): pid=8197 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.649" name="/newroot/143/file0/bus" dev="loop2" ino=18 res=1 errno=0
[  245.280229][ T8184] loop3: detected capacity change from 0 to 32768
[  245.330290][ T5826] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  245.416285][ T8184] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.647 (8184)
[  245.720009][ T8184] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  245.737186][ T8184] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  245.764832][ T8184] BTRFS info (device loop3): using free-space-tree
[  246.700773][ T8225] loop0: detected capacity change from 0 to 2048
[  246.965178][ T8225] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  247.517113][ T8225] ext4 filesystem being mounted at /148/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  248.352280][ T8184] BTRFS error (device loop3): open_ctree failed
[  248.801307][ T8240] sch_tbf: peakrate 8 is lower than or equals to rate 12 !
[  249.022492][ T5827] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  249.071801][ T8247] loop4: detected capacity change from 0 to 2048
[  249.132817][ T8247] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  249.911082][   T29] audit: type=1804 audit(1731336810.872:13): pid=8261 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.661" name="/newroot/104/file0/bus" dev="loop4" ino=18 res=1 errno=0
[  251.284622][ T5838] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  251.356309][ T8245] loop2: detected capacity change from 0 to 32768
[  251.870099][ T8245] XFS (loop2): Mounting V5 Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415
[  252.434470][ T8280] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  252.446798][ T8280] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  252.868065][ T8245] XFS (loop2): Ending clean mount
[  253.825445][ T8245] XFS (loop2): Quotacheck needed: Please wait.
[  253.894115][ T8245] XFS (loop2): Quotacheck: Done.
[  253.945914][ T5826] XFS (loop2): Unmounting Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415
[  254.064917][ T8296] input: syz1 as /devices/virtual/input/input20
[  254.268798][ T8299] loop1: detected capacity change from 0 to 512
[  254.449900][ T8299] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  255.351070][ T8299] EXT4-fs (loop1): 1 truncate cleaned up
[  255.357583][ T8299] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  255.367306][ T8306] sch_tbf: peakrate 8 is lower than or equals to rate 12 !
[  256.962992][ T8291] loop4: detected capacity change from 0 to 32768
[  258.027574][ T8329] loop2: detected capacity change from 0 to 256
[  259.981308][ T8336] loop4: detected capacity change from 0 to 32768
[  260.024569][ T8329] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  260.070171][ T5823] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  260.110761][ T8336] XFS (loop4): Mounting V5 Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415
[  260.299243][ T8338] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  260.308817][ T8338] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  260.532681][ T8336] XFS (loop4): Ending clean mount
[  260.794510][ T8336] XFS (loop4): Quotacheck needed: Please wait.
[  261.820869][ T8336] XFS (loop4): Quotacheck: Done.
[  261.940327][   T29] audit: type=1800 audit(1731336822.340:14): pid=8336 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.682" name="bus" dev="loop4" ino=1066 res=0 errno=0
[  261.979406][ T8359] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci4/hci4:200/input21
[  261.999497][ T8356] loop1: detected capacity change from 0 to 32768
[  262.011765][ T8356] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.683 (8356)
[  262.034198][ T5838] XFS (loop4): Unmounting Filesystem bc2378ed-6193-40d5-9d59-7ebcb787b415
[  262.047117][ T8359] sch_tbf: peakrate 8 is lower than or equals to rate 12 !
[  262.204532][ T8356] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  262.214909][ T8356] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  262.225726][ T8356] BTRFS info (device loop1): using free-space-tree
[  263.437233][ T4757] BTRFS info (device loop1): qgroup scan completed (inconsistency flag cleared)
[  263.743496][ T1294] ieee802154 phy0 wpan0: encryption failed: -22
[  263.749954][ T1294] ieee802154 phy1 wpan1: encryption failed: -22
[  263.837810][ T5823] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  264.917140][ T5829] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  265.160829][ T5829] usb 5-1: config index 0 descriptor too short (expected 5292, got 77)
[  265.190943][ T5829] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  265.304504][ T5829] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 20
[  265.758855][ T5829] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b
[  265.772636][ T5829] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  265.791610][ T5829] usb 5-1: Product: syz
[  266.000283][ T5829] usb 5-1: Manufacturer: syz
[  267.149235][ T5829] usb 5-1: SerialNumber: syz
[  267.200789][ T5829] usb 5-1: config 0 descriptor??
[  267.288954][ T8421] loop3: detected capacity change from 0 to 512
[  267.296387][ T8421] EXT4-fs: Ignoring removed bh option
[  267.312478][ T8421] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[  267.324020][ T5829] usb 5-1: can't set config #0, error -71
[  267.338508][ T5829] usb 5-1: USB disconnect, device number 12
[  267.346346][ T8421] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  267.388797][ T8421] EXT4-fs (loop3): orphan cleanup on readonly fs
[  267.416481][ T8421] Quota error (device loop3): do_check_range: Getting dqdh_next_free 196613 out of range 0-5
[  267.488960][ T8421] Quota error (device loop3): qtree_write_dquot: Error -117 occurred while creating quota
[  267.509870][ T8421] EXT4-fs error (device loop3): ext4_acquire_dquot:6925: comm syz.3.700: Failed to acquire dquot type 1
[  267.542698][ T8421] EXT4-fs (loop3): Remounting filesystem read-only
[  267.563084][ T8421] EXT4-fs (loop3): 1 orphan inode deleted
[  267.718381][ T8421] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  268.166712][ T8431] netlink: 4 bytes leftover after parsing attributes in process `syz.3.700'.
[  269.110961][ T5824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  271.919432][ T8454] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  271.930385][ T8454] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  273.186721][ T8470] loop4: detected capacity change from 0 to 512
[  273.283347][ T8470] EXT4-fs: Ignoring removed bh option
[  273.330620][ T8470] EXT4-fs (loop4): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[  273.395432][ T8470] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  273.416176][ T8470] EXT4-fs (loop4): orphan cleanup on readonly fs
[  273.423879][ T8470] Quota error (device loop4): do_check_range: Getting dqdh_next_free 196613 out of range 0-5
[  273.441636][ T8470] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  273.454137][ T8470] EXT4-fs error (device loop4): ext4_acquire_dquot:6925: comm syz.4.714: Failed to acquire dquot type 1
[  273.473180][ T8470] EXT4-fs (loop4): Remounting filesystem read-only
[  273.479999][ T8470] EXT4-fs (loop4): 1 orphan inode deleted
[  273.566892][ T8470] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  274.057213][ T8481] netlink: 4 bytes leftover after parsing attributes in process `syz.4.714'.
[  274.969777][ T5838] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  275.670222][ T8465] loop2: detected capacity change from 0 to 32768
[  275.757652][ T8465] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.713 (8465)
[  275.845752][ T8465] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  276.891489][ T8465] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  277.254239][ T8465] BTRFS info (device loop2): using free-space-tree
[  277.262935][ T8465] workqueue: Failed to create a rescuer kthread for wq "btrfs-worker": -EINTR
[  277.266515][ T8465] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR
[  277.283062][ T8465] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR
[  277.312601][ T8465] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR
[  277.324694][ T8465] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR
[  277.335852][ T8465] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR
[  277.347183][ T8465] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[  277.359551][ T8465] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[  277.371699][ T8465] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-write": -EINTR
[  277.392841][ T8465] workqueue: Failed to create a rescuer kthread for wq "btrfs-compressed-write": -EINTR
[  277.395190][ T8509] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  277.403227][ T8465] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[  277.423038][ T8509] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  277.423476][ T8465] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[  277.443658][ T8465] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  277.645464][ T8465] BTRFS error (device loop2): open_ctree failed
[  277.868178][ T8530] loop1: detected capacity change from 0 to 512
[  277.899001][ T8530] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  278.139780][ T8530] EXT4-fs (loop1): 1 truncate cleaned up
[  278.162484][ T8530] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  278.246966][ T8530] fscrypt (loop1, inode 18): Direct key flag not allowed with different contents and filenames modes
[  278.371553][ T5823] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  278.508509][ T8487] loop3: detected capacity change from 0 to 32768
[  278.535845][ T8487] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.721 (8487)
[  278.824078][ T8487] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  278.873800][ T8487] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  279.745090][ T8487] BTRFS info (device loop3): using free-space-tree
[  279.761942][ T8487] workqueue: Failed to create a rescuer kthread for wq "btrfs-worker": -EINTR
[  279.762238][ T8487] workqueue: Failed to create a rescuer kthread for wq "btrfs-delalloc": -EINTR
[  279.782296][ T8487] workqueue: Failed to create a rescuer kthread for wq "btrfs-flush_delalloc": -EINTR
[  279.801000][ T8487] workqueue: Failed to create a rescuer kthread for wq "btrfs-cache": -EINTR
[  279.829061][ T8487] workqueue: Failed to create a rescuer kthread for wq "btrfs-fixup": -EINTR
[  279.847998][ T8544] loop1: detected capacity change from 0 to 32768
[  279.875722][ T8487] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio": -EINTR
[  279.875998][ T8487] workqueue: Failed to create a rescuer kthread for wq "btrfs-endio-meta": -EINTR
[  279.951616][ T8487] workqueue: Failed to create a rescuer kthread for wq "btrfs-rmw": -EINTR
[  279.973645][ T8487] workqueue: Failed to create a rescuer kthread for wq "btrfs-freespace-write": -EINTR
[  280.027347][ T8487] workqueue: Failed to create a rescuer kthread for wq "btrfs-delayed-meta": -EINTR
[  280.072334][ T8544] XFS (loop1): DAX unsupported by block device. Turning off DAX.
[  280.103386][ T8487] workqueue: Failed to create a rescuer kthread for wq "btrfs-qgroup-rescan": -EINTR
[  280.171493][ T8544] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  280.190041][ T8487] BTRFS error (device loop3): open_ctree failed
[  280.204463][ T8574] loop0: detected capacity change from 0 to 1024
[  280.237561][ T8574] journal_path: Non-blockdev passed as './file1'
[  280.247976][ T8574] EXT4-fs: error: could not find journal device path
[  280.387654][ T8544] XFS (loop1): Ending clean mount
[  280.426126][ T8544] XFS (loop1): Quotacheck needed: Please wait.
[  280.535501][ T8544] XFS (loop1): Quotacheck: Done.
[  281.568779][ T8592] loop3: detected capacity change from 0 to 2048
[  281.596763][ T8577] loop2: detected capacity change from 0 to 32768
[  281.619080][ T5823] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  281.673276][ T8574] loop0: detected capacity change from 0 to 32768
[  281.683062][ T8577] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.741 (8577)
[  281.711493][ T8574] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.740 (8574)
[  281.735581][ T8577] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  281.750195][ T8574] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  281.772254][ T8592] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  281.804580][ T8577] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  281.814433][ T8574] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  281.823817][ T8577] BTRFS info (device loop2): using free-space-tree
[  281.852684][ T8574] BTRFS info (device loop0): using free-space-tree
[  282.622313][   T29] audit: type=1804 audit(1731336841.338:15): pid=8613 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.746" name="/newroot/153/file0/bus" dev="loop3" ino=18 res=1 errno=0
[  282.965925][ T8574] BTRFS info (device loop0): rebuilding free space tree
[  283.054234][ T5824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  283.720688][ T5827] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  283.852278][ T8577] BTRFS error (device loop2): open_ctree failed
[  284.756411][ T8655] loop0: detected capacity change from 0 to 2048
[  284.902728][ T8655] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  285.043634][ T8655] EXT4-fs error (device loop0): ext4_lookup:1813: inode #15: comm syz.0.756: iget: bad extra_isize 512 (inode size 256)
[  285.276927][ T5827] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  285.419678][ T8645] loop1: detected capacity change from 0 to 32768
[  285.427119][ T8645] XFS: ikeep mount option is deprecated.
[  285.552802][ T8671] loop3: detected capacity change from 0 to 256
[  285.685740][ T8671] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  285.926305][ T8645] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  286.429324][ T8662] loop2: detected capacity change from 0 to 32768
[  286.435290][ T8645] XFS (loop1): Ending clean mount
[  286.567075][ T8645] XFS (loop1): Quotacheck needed: Please wait.
[  286.687511][ T8645] XFS (loop1): Quotacheck: Done.
[  286.740275][ T8673] loop0: detected capacity change from 0 to 32768
[  286.748581][ T8678] netlink: 20 bytes leftover after parsing attributes in process `syz.3.761'.
[  286.782630][ T8678] netlink: 12 bytes leftover after parsing attributes in process `syz.3.761'.
[  286.819664][ T8678] netlink: 8 bytes leftover after parsing attributes in process `syz.3.761'.
[  286.829591][   T29] audit: type=1804 audit(1731336845.613:16): pid=8645 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.752" name="/newroot/136/file0/bus" dev="loop1" ino=9290 res=1 errno=0
[  286.835917][ T8673] 
[  286.835917][ T8673]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  286.835917][ T8673] 
[  286.914857][   T29] audit: type=1804 audit(1731336845.678:17): pid=8645 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.752" name="/newroot/136/file0/bus" dev="loop1" ino=9290 res=1 errno=0
[  287.017661][ T8673] 
[  287.017661][ T8673]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  287.017661][ T8673] 
[  287.042902][ T8662] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  287.075350][ T8673] 
[  287.075350][ T8673]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  287.075350][ T8673] 
[  287.103578][   T29] audit: type=1804 audit(1731336845.884:18): pid=8680 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.752" name="/newroot/136/file0/bus" dev="loop1" ino=9290 res=1 errno=0
[  287.124536][ T8673] 
[  287.124536][ T8673]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  287.124536][ T8673] 
[  287.124629][ T8673] 
[  287.124629][ T8673]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  287.124629][ T8673] 
[  287.124684][ T8673] 
[  287.124684][ T8673]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  287.124684][ T8673] 
[  287.220817][  T112] 
[  287.220817][  T112]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  287.220817][  T112] 
[  287.259283][ T8673] 
[  287.259283][ T8673]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  287.259283][ T8673] 
[  287.404965][ T8673] 
[  287.404965][ T8673]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  287.404965][ T8673] 
[  287.416024][ T5907] libceph: connect (1)[c::]:6789 error -101
[  287.422208][ T5907] libceph: mon0 (1)[c::]:6789 connect error
[  288.085997][ T8685] loop3: detected capacity change from 0 to 512
[  288.095673][ T8673] 
[  288.095673][ T8673]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  288.095673][ T8673] 
[  288.132080][ T8673] 
[  288.132080][ T8673]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  288.132080][ T8673] 
[  288.144176][ T8673] 
[  288.144176][ T8673]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  288.144176][ T8673] 
[  288.218389][  T112] 
[  288.218389][  T112]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  288.218389][  T112] 
[  288.244642][ T8690] 
[  288.244642][ T8690]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  288.244642][ T8690] 
[  288.261374][ T8685] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  288.282625][ T8694] loop4: detected capacity change from 0 to 512
[  288.295057][ T8690] 
[  288.295057][ T8690]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  288.295057][ T8690] 
[  288.310451][ T8694] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  288.331408][ T8685] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities
[  288.340622][ T5907] libceph: connect (1)[c::]:6789 error -101
[  288.347563][ T5907] libceph: mon0 (1)[c::]:6789 connect error
[  288.367547][ T8690] 
[  288.367547][ T8690]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  288.367547][ T8690] 
[  288.413283][ T8694] EXT4-fs (loop4): 1 truncate cleaned up
[  288.438364][  T113] 
[  288.438364][  T113]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  288.438364][  T113] 
[  288.466387][ T5827] 
[  288.466387][ T5827]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  288.466387][ T5827] 
[  288.466526][ T8694] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  288.484281][ T5827] 
[  288.484281][ T5827]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  288.484281][ T5827] 
[  288.502241][ T5823] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  288.514673][ T8685] loop3: detected capacity change from 0 to 512
[  288.533804][ T5826] ocfs2: Unmounting device (7,2) on (node local)
[  288.758126][ T8685] EXT4-fs (loop3): can't mount with both data=journal and delalloc
[  289.794707][ T5907] libceph: connect (1)[c::]:6789 error -101
[  289.800779][ T5907] libceph: mon0 (1)[c::]:6789 connect error
[  290.259801][ T8686] ceph: No mds server is up or the cluster is laggy
[  290.880980][ T8704] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  290.891263][ T8704] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  291.294421][ T5838] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  291.479168][ T8716] loop3: detected capacity change from 0 to 512
[  291.528270][ T5843] Bluetooth: Wrong link type (-57)
[  291.584467][ T8716] EXT4-fs error (device loop3): ext4_xattr_ibody_find:2240: inode #15: comm syz.3.770: corrupted in-inode xattr: invalid ea_ino
[  291.593441][ T8718] loop2: detected capacity change from 0 to 2048
[  291.780810][ T8716] EXT4-fs error (device loop3): ext4_orphan_get:1394: comm syz.3.770: couldn't read orphan inode 15 (err -117)
[  291.924488][ T8724] netlink: 20 bytes leftover after parsing attributes in process `syz.0.772'.
[  292.019287][ T8716] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  292.122226][ T8718] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found
[  292.189568][ T8724] netlink: 12 bytes leftover after parsing attributes in process `syz.0.772'.
[  292.334791][ T8724] netlink: 8 bytes leftover after parsing attributes in process `syz.0.772'.
[  292.353219][ T8718] UDF-fs: Scanning with blocksize 512 failed
[  292.459843][ T8718] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  292.589404][   T29] audit: type=1800 audit(1731336851.010:19): pid=8718 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.771" name="bus" dev="loop2" ino=830 res=0 errno=0
[  292.692555][ T5824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  292.692980][ T8732] loop4: detected capacity change from 0 to 4096
[  292.737017][ T8732] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512).
[  292.866936][   T29] audit: type=1800 audit(1731336851.272:20): pid=8732 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.774" name="file1" dev="loop4" ino=30 res=0 errno=0
[  292.887992][ T5908] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  293.076254][ T5908] usb 1-1: Using ep0 maxpacket: 32
[  293.088517][ T5908] usb 1-1: config 0 has an invalid interface number: 219 but max is 0
[  293.107938][ T5908] usb 1-1: config 0 has no interface number 0
[  293.348471][ T5908] usb 1-1: config 0 interface 219 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  293.359976][ T5908] usb 1-1: config 0 interface 219 altsetting 0 has an invalid endpoint descriptor of length 5, skipping
[  293.371315][ T5908] usb 1-1: config 0 interface 219 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1023
[  293.382953][ T5908] usb 1-1: config 0 interface 219 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  293.400441][ T5908] usb 1-1: New USB device found, idVendor=108c, idProduct=0169, bcdDevice=75.b9
[  293.409682][ T5908] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  293.416143][ T8746] loop4: detected capacity change from 0 to 2048
[  293.452613][ T5908] usb 1-1: Product: syz
[  293.469728][ T5908] usb 1-1: Manufacturer: syz
[  293.522262][ T5908] usb 1-1: SerialNumber: syz
[  294.284975][ T5908] usb 1-1: config 0 descriptor??
[  294.291550][ T8736] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  294.299231][ T8736] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[  294.385756][ T8746] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  294.401810][ T8746] ext4 filesystem being mounted at /124/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  294.554440][ T8750] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  294.564280][ T8750] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  294.564371][ T5907] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  294.711999][ T5908] etas_es58x 1-1:0.219: Starting syz syz (Serial Number syz)
[  294.785268][ T5907] usb 4-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[  294.797421][ T5907] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  294.899429][ T5907] usb 4-1: Product: syz
[  294.945974][ T5907] usb 4-1: Manufacturer: syz
[  294.988127][ T5907] usb 4-1: SerialNumber: syz
[  295.101569][ T5907] usb 4-1: config 0 descriptor??
[  295.132616][ T5907] gspca_main: sunplus-2.14.0 probing 04fc:504a
[  295.540661][ T8759] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  295.550551][ T8759] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  296.142421][ T5907] usb 1-1: USB disconnect, device number 4
[  296.310124][ T5843] Bluetooth: Wrong link type (-57)
[  296.464175][ T8766] netlink: 20 bytes leftover after parsing attributes in process `syz.1.785'.
[  296.551467][ T8766] netlink: 12 bytes leftover after parsing attributes in process `syz.1.785'.
[  296.564023][ T8768] loop2: detected capacity change from 0 to 512
[  296.569288][ T8770] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  296.597301][ T8766] netlink: 8 bytes leftover after parsing attributes in process `syz.1.785'.
[  296.635790][ T8768] EXT4-fs error (device loop2): ext4_xattr_ibody_find:2240: inode #15: comm syz.2.786: corrupted in-inode xattr: invalid ea_ino
[  296.716041][ T8768] EXT4-fs error (device loop2): ext4_orphan_get:1394: comm syz.2.786: couldn't read orphan inode 15 (err -117)
[  296.746700][ T5908] usb 4-1: USB disconnect, device number 6
[  296.819585][ T8768] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  297.162393][ T5826] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  297.681062][ T8786] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  297.690978][ T8786] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  298.205647][ T8779] loop1: detected capacity change from 0 to 32768
[  298.222112][ T8779] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.790 (8779)
[  298.258204][ T8779] BTRFS info (device loop1): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  298.310403][ T8779] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  298.342133][ T8779] BTRFS info (device loop1): using free-space-tree
[  300.161722][ T5823] BTRFS info (device loop1): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  300.319690][ T8812] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  300.329536][ T8812] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  300.991299][ T5843] Bluetooth: Wrong link type (-57)
[  300.994634][ T5838] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  301.015935][ T8820] loop3: detected capacity change from 0 to 2048
[  301.098133][ T8820] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  301.398133][ T8833] netlink: 20 bytes leftover after parsing attributes in process `syz.4.799'.
[  301.409453][ T8833] netlink: 12 bytes leftover after parsing attributes in process `syz.4.799'.
[  301.436325][ T8833] netlink: 8 bytes leftover after parsing attributes in process `syz.4.799'.
[  301.614802][   T29] audit: type=1804 audit(1731336859.382:21): pid=8835 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.798" name="/newroot/164/file0/bus" dev="loop3" ino=18 res=1 errno=0
[  301.760651][ T8826] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  302.199275][ T5824] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  303.307116][ T5907] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  303.553116][ T5907] usb 2-1: Using ep0 maxpacket: 32
[  303.580242][ T5907] usb 2-1: config 0 has an invalid interface number: 219 but max is 0
[  303.642964][ T5907] usb 2-1: config 0 has no interface number 0
[  303.667940][ T5907] usb 2-1: config 0 interface 219 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  303.681298][ T8856] loop3: detected capacity change from 0 to 512
[  303.686509][ T5908] libceph: connect (1)[c::]:6789 error -101
[  303.694529][ T5908] libceph: mon0 (1)[c::]:6789 connect error
[  303.701515][ T5907] usb 2-1: config 0 interface 219 altsetting 0 has an invalid endpoint descriptor of length 6, skipping
[  303.712956][ T5907] usb 2-1: config 0 interface 219 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1023
[  303.725608][ T5907] usb 2-1: config 0 interface 219 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  304.128164][ T5908] libceph: connect (1)[c::]:6789 error -101
[  304.147780][ T5908] libceph: mon0 (1)[c::]:6789 connect error
[  304.186647][ T8831] loop0: detected capacity change from 0 to 40427
[  304.201516][ T8831] F2FS-fs (loop0): build fault injection attr: rate: 771, type: 0x1fffff
[  304.220769][ T8856] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  304.222923][ T8831] F2FS-fs (loop0): invalid crc value
[  304.248379][ T8856] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities
[  304.272881][ T8831] F2FS-fs (loop0): Found nat_bits in checkpoint
[  304.319181][ T8831] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  304.327593][ T5907] usb 2-1: New USB device found, idVendor=108c, idProduct=0169, bcdDevice=75.b9
[  304.337320][ T5907] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  304.345768][ T5907] usb 2-1: Product: syz
[  304.350224][ T5907] usb 2-1: Manufacturer: syz
[  304.355052][ T5907] usb 2-1: SerialNumber: syz
[  304.638381][ T8862] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[  304.648174][ T8862] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[  304.723245][ T5907] usb 2-1: config 0 descriptor??
[  304.742542][ T5908] libceph: connect (1)[c::]:6789 error -101
[  304.752779][ T5908] libceph: mon0 (1)[c::]:6789 connect error
[  304.754702][ T8842] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  304.812063][ T8842] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  305.356569][ T8864] loop3: detected capacity change from 0 to 512
[  305.375888][ T8864] EXT4-fs (loop3): can't mount with both data=journal and delalloc
[  305.675518][ T5907] etas_es58x 2-1:0.219: Starting syz syz (Serial Number syz)
[  305.699784][ T8853] ceph: No mds server is up or the cluster is laggy
[  305.793812][ T5907] usb 2-1: USB disconnect, device number 6
[  305.937022][ T5829] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  306.124712][ T5829] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  306.135516][ T5829] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  306.906535][ T5829] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  306.933207][ T5829] usb 3-1: config 0 descriptor??
[  306.943908][ T5829] pwc: Askey VC010 type 2 USB webcam detected.
[  307.172562][ T5829] pwc: send_video_command error -71
[  307.183012][ T5829] pwc: Failed to set video mode CIF@30 fps; return code = -71
[  307.204841][ T5829] Philips webcam 3-1:0.0: probe with driver Philips webcam failed with error -71
[  307.260265][ T8883] netlink: 20 bytes leftover after parsing attributes in process `syz.3.813'.
[  307.262962][ T8882] loop1: detected capacity change from 0 to 512
[  307.271448][ T8883] netlink: 12 bytes leftover after parsing attributes in process `syz.3.813'.
[  307.284877][ T8883] netlink: 8 bytes leftover after parsing attributes in process `syz.3.813'.
[  307.343366][ T5829] usb 3-1: USB disconnect, device number 9
[  307.359092][ T8882] EXT4-fs: Ignoring removed bh option
[  307.409726][ T8882] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[  307.441765][ T8882] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  307.495968][ T8882] EXT4-fs (loop1): orphan cleanup on readonly fs
[  307.537884][ T8882] Quota error (device loop1): do_check_range: Getting dqdh_next_free 196613 out of range 0-5
[  307.549020][ T8882] Quota error (device loop1): qtree_write_dquot: Error -117 occurred while creating quota
[  307.560607][ T8882] EXT4-fs error (device loop1): ext4_acquire_dquot:6925: comm syz.1.812: Failed to acquire dquot type 1
[  307.583207][ T8882] EXT4-fs (loop1): Remounting filesystem read-only
[  307.592409][ T8882] EXT4-fs (loop1): 1 orphan inode deleted
[  307.627372][ T8882] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  307.733051][ T5829] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  307.949196][ T5829] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  308.025994][ T8888] netlink: 4 bytes leftover after parsing attributes in process `syz.1.812'.
[  308.066243][ T5829] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  308.171432][ T5829] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  308.270321][ T5829] usb 3-1: config 0 descriptor??
[  308.303354][ T5829] pwc: Askey VC010 type 2 USB webcam detected.
[  308.519203][ T5823] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  308.730690][ T5829] pwc: recv_control_msg error -32 req 02 val 2b00
[  308.749165][ T5829] pwc: recv_control_msg error -32 req 02 val 2700
[  308.769842][ T5829] pwc: recv_control_msg error -32 req 02 val 2c00
[  308.810131][ T5829] pwc: recv_control_msg error -32 req 04 val 1000
[  308.844826][ T5829] pwc: recv_control_msg error -32 req 04 val 1300
[  308.881621][ T5829] pwc: recv_control_msg error -32 req 04 val 1400
[  308.901658][ T5829] pwc: recv_control_msg error -32 req 02 val 2000
[  308.928880][ T5829] pwc: recv_control_msg error -32 req 02 val 2100
[  309.763340][ T8885] loop3: detected capacity change from 0 to 40427
[  309.812207][ T8885] F2FS-fs (loop3): Unrecognized mount option "ÿÿ" or missing value
[  310.270562][ T8903] loop1: detected capacity change from 0 to 256
[  311.098584][ T5829] pwc: recv_control_msg error -71 req 02 val 2500
[  311.105596][ T5829] pwc: recv_control_msg error -71 req 02 val 2400
[  311.383834][ T8906] loop0: detected capacity change from 0 to 512
[  311.486748][ T5829] pwc: recv_control_msg error -71 req 02 val 2600
[  311.496938][ T5829] pwc: recv_control_msg error -71 req 02 val 2900
[  311.518871][ T5829] pwc: recv_control_msg error -71 req 02 val 2800
[  311.526180][ T5829] pwc: recv_control_msg error -71 req 04 val 1100
[  311.533123][ T5829] pwc: recv_control_msg error -71 req 04 val 1200
[  311.540885][ T5829] pwc: Registered as video103.
[  311.546455][ T5829] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input22
[  311.561226][ T5829] usb 3-1: USB disconnect, device number 10
[  311.569989][ T5880] libceph: connect (1)[c::]:6789 error -101
[  311.576220][ T5880] libceph: mon0 (1)[c::]:6789 connect error
[  311.646763][ T8906] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
[  311.682051][ T8903] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  311.880743][ T5829] libceph: connect (1)[c::]:6789 error -101
[  311.900978][ T8906] EXT4-fs (loop0): couldn't mount as ext3 due to feature incompatibilities
[  311.913946][ T5829] libceph: mon0 (1)[c::]:6789 connect error
[  312.175370][ T8915] loop2: detected capacity change from 0 to 32768
[  312.334182][ T8906] loop0: detected capacity change from 0 to 512
[  312.644502][ T5829] libceph: connect (1)[c::]:6789 error -101
[  312.657035][ T5829] libceph: mon0 (1)[c::]:6789 connect error
[  312.748042][ T8906] EXT4-fs (loop0): can't mount with both data=journal and delalloc
[  312.821484][ T8915] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  312.907659][ T8915] loop2: detected capacity change from 32768 to 0
[  312.920745][ T8919] syz.2.819: attempt to access beyond end of device
[  312.920745][ T8919] loop2: rw=0, sector=71, nr_sectors = 1 limit=0
[  312.934626][ T8919] (syz.2.819,8919,0):ocfs2_assign_bh:2416 ERROR: status = -5
[  312.942361][ T8919] (syz.2.819,8919,0):ocfs2_inode_lock_full_nested:2511 ERROR: status = -5
[  312.950941][ T8919] (syz.2.819,8919,0):ocfs2_reserve_suballoc_bits:793 ERROR: status = -5
[  312.959670][ T8919] (syz.2.819,8919,0):ocfs2_reserve_cluster_bitmap_bits:1137 ERROR: status = -5
[  312.968698][ T8919] (syz.2.819,8919,0):ocfs2_local_alloc_reserve_for_window:1136 ERROR: status = -5
[  312.978590][ T8919] (syz.2.819,8919,0):ocfs2_local_alloc_reserve_for_window:1152 ERROR: status = -5
[  312.987890][ T8919] (syz.2.819,8919,0):ocfs2_local_alloc_slide_window:1267 ERROR: status = -5
[  312.996628][ T8919] (syz.2.819,8919,0):ocfs2_local_alloc_slide_window:1334 ERROR: status = -5
[  313.006858][ T8919] (syz.2.819,8919,0):ocfs2_reserve_local_alloc_bits:672 ERROR: status = -5
[  313.015590][ T8919] (syz.2.819,8919,0):ocfs2_reserve_local_alloc_bits:710 ERROR: status = -5
[  313.025036][ T8919] (syz.2.819,8919,0):ocfs2_reserve_clusters_with_limit:1170 ERROR: status = -5
[  313.034139][ T8919] (syz.2.819,8919,0):ocfs2_reserve_clusters_with_limit:1219 ERROR: status = -5
[  313.043219][ T8919] (syz.2.819,8919,0):ocfs2_lock_allocators:2749 ERROR: status = -5
[  313.051310][ T8919] (syz.2.819,8919,0):ocfs2_write_begin_nolock:1742 ERROR: status = -5
[  313.059599][ T8919] (syz.2.819,8919,0):ocfs2_write_begin:1905 ERROR: status = -5
[  313.147628][ T5826] syz-executor: attempt to access beyond end of device
[  313.147628][ T5826] loop2: rw=0, sector=17057, nr_sectors = 1 limit=0
[  313.190071][ T5826] (syz-executor,5826,0):ocfs2_read_locked_inode:521 ERROR: status = -5
[  313.211960][ T5826] syz-executor: attempt to access beyond end of device
[  313.211960][ T5826] loop2: rw=0, sector=17057, nr_sectors = 1 limit=0
[  313.231670][ T5826] (syz-executor,5826,0):ocfs2_read_locked_inode:521 ERROR: status = -5
[  313.242253][ T8904] ceph: No mds server is up or the cluster is laggy
[  313.606634][ T8926] netlink: 20 bytes leftover after parsing attributes in process `syz.0.824'.
[  313.632305][ T8926] netlink: 12 bytes leftover after parsing attributes in process `syz.0.824'.
[  313.643337][ T8926] netlink: 8 bytes leftover after parsing attributes in process `syz.0.824'.
[  313.752123][ T8918] jbd2/loop2-75: attempt to access beyond end of device
[  313.752123][ T8918] loop2: rw=38913, sector=640, nr_sectors = 1 limit=0
[  313.776396][ T8918] Buffer I/O error on dev loop2, logical block 640, lost sync page write
[  313.820735][ T8918] JBD2: I/O error when updating journal superblock for loop2-75.
[  313.863920][ T8918] Aborting journal on device loop2-75.
[  313.887442][ T8918] jbd2/loop2-75: attempt to access beyond end of device
[  313.887442][ T8918] loop2: rw=38913, sector=640, nr_sectors = 1 limit=0
[  313.909515][ T8918] Buffer I/O error on dev loop2, logical block 640, lost sync page write
[  313.930634][ T8918] JBD2: I/O error when updating journal superblock for loop2-75.
[  313.948990][ T5826] syz-executor: attempt to access beyond end of device
[  313.948990][ T5826] loop2: rw=0, sector=71, nr_sectors = 1 limit=0
[  313.973613][   T11] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  313.987517][ T5826] (syz-executor,5826,1):ocfs2_assign_bh:2416 ERROR: status = -5
[  313.997953][ T5826] (syz-executor,5826,1):ocfs2_inode_lock_full_nested:2511 ERROR: status = -5
[  314.006778][ T5826] (syz-executor,5826,1):ocfs2_shutdown_local_alloc:412 ERROR: status = -5
[  314.085680][ T8934] netlink: 8280 bytes leftover after parsing attributes in process `syz.4.825'.
[  314.096920][ T8934] netlink: 8280 bytes leftover after parsing attributes in process `syz.4.825'.
[  314.899239][ T5826] syz-executor: attempt to access beyond end of device
[  314.899239][ T5826] loop2: rw=1, sector=17024, nr_sectors = 1 limit=0
[  315.045869][ T5826] Buffer I/O error on dev loop2, logical block 17024, lost sync page write
[  315.054739][ T5826] (syz-executor,5826,0):ocfs2_write_block:78 ERROR: status = -5
[  315.063100][ T5826] (syz-executor,5826,0):ocfs2_update_disk_slot:199 ERROR: status = -5
[  315.071411][ T5826] (syz-executor,5826,0):ocfs2_put_slot:517 ERROR: status = -5
[  315.079832][ T5826] (syz-executor,5826,0):ocfs2_journal_shutdown:1085 ERROR: status = -5
[  315.110033][ T5826] ocfs2: Unmounting device (7,2) on (node local)
[  316.112546][ T8943] loop4: detected capacity change from 0 to 1024
[  316.180272][   T11] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  316.425782][   T11] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  316.481678][ T8941] loop3: detected capacity change from 0 to 32768
[  316.518677][ T8949] loop0: detected capacity change from 0 to 2048
[  316.653242][ T8941] bcachefs (loop3): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,journal_flush_disabled,fsck,norecovery,nojournal_transaction_names,reconstruct_alloc,no_data_io
[  316.879885][ T8941] bcachefs (loop3): recovering from clean shutdown, journal seq 10
[  316.908618][ T5140] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  316.920088][ T5140] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  316.928872][ T8941] bcachefs (loop3): Version upgrade required:
[  316.928872][ T8941] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  316.928872][ T8941] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.13: inode_has_child_snapshots
[  316.928872][ T8941]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,set_fs_needs_rebalance
[  316.929457][ T8949] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  317.012475][ T8949] ext4 filesystem being mounted at /191/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  317.051295][   T11] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  317.064475][ T8941] bcachefs (loop3): dropping and reconstructing all alloc info
[  317.076666][ T5140] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  317.262036][ T5140] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  317.273647][ T5140] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  317.282373][ T5140] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  317.294342][ T8941] bcachefs (loop3): check_topology... done
[  317.348319][ T8941] bcachefs (loop3): accounting_read...
[  317.485261][ T5829] libceph: connect (1)[c::]:6789 error -101
[  317.583771][ T8968] loop4: detected capacity change from 0 to 512
[  317.661341][ T5829] libceph: mon0 (1)[c::]:6789 connect error
[  317.674260][ T8968] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  317.683733][ T8968] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities
[  317.772227][ T8941]  done
[  317.803511][ T8941] bcachefs (loop3): alloc_read... done
[  317.809121][ T8941] bcachefs (loop3): stripes_read... done
[  317.947075][ T8941] bcachefs (loop3): snapshots_read... done
[  317.987943][ T8968] loop4: detected capacity change from 0 to 512
[  318.009198][ T8968] EXT4-fs (loop4): can't mount with both data=journal and delalloc
[  318.011163][ T8941] bcachefs (loop3): bch2_fs_start(): error starting filesystem erofs_norecovery
[  318.079151][ T5827] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  318.082853][ T8941] bcachefs (loop3): shutting down
[  318.193846][ T5880] libceph: connect (1)[c::]:6789 error -101
[  318.203387][ T5880] libceph: mon0 (1)[c::]:6789 connect error
[  318.402499][ T8964] ceph: No mds server is up or the cluster is laggy
[  318.535022][   T11] bridge_slave_1: left allmulticast mode
[  318.541827][   T11] bridge_slave_1: left promiscuous mode
[  318.545840][ T8948] loop1: detected capacity change from 0 to 32768
[  318.558842][   T11] bridge0: port 2(bridge_slave_1) entered disabled state
[  318.612417][ T8948] JBD2: Ignoring recovery information on journal
[  318.728236][ T8948] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  318.737190][ T8941] bcachefs (loop3): shutdown complete
[  318.833726][   T11] bridge_slave_0: left allmulticast mode
[  318.872757][   T11] bridge_slave_0: left promiscuous mode
[  318.880618][   T11] bridge0: port 1(bridge_slave_0) entered disabled state
[  319.605994][ T5823] ocfs2: Unmounting device (7,1) on (node local)
[  319.762269][ T5140] Bluetooth: hci3: command tx timeout
[  319.926696][ T8983] netlink: 8280 bytes leftover after parsing attributes in process `syz.4.839'.
[  319.936483][ T8983] netlink: 8280 bytes leftover after parsing attributes in process `syz.4.839'.
[  322.065581][ T5140] Bluetooth: hci3: command tx timeout
[  322.285193][ T9001] loop4: detected capacity change from 0 to 2048
[  322.508530][ T9005] loop1: detected capacity change from 0 to 2048
[  322.520307][ T9001] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  322.534079][ T9001] ext4 filesystem being mounted at /133/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  322.554416][ T9005] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[  322.638989][ T5839] udevd[5839]: incorrect nilfs2 checksum on /dev/loop1
[  322.716033][ T7308] udevd[7308]: incorrect nilfs2 checksum on /dev/loop1
[  322.731059][ T9011] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  322.743375][    T8] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  322.776853][ T8941] bcachefs: bch2_fs_get_tree() error: erofs_norecovery
[  322.786091][   T11] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  322.807842][ T9005] ------------[ cut here ]------------
[  322.813916][ T9005] WARNING: CPU: 1 PID: 9005 at security/landlock/fs.c:954 current_check_refer_path+0xc35/0xee0
[  322.824431][ T9005] Modules linked in:
[  322.828456][ T9005] CPU: 1 UID: 0 PID: 9005 Comm: syz.1.846 Not tainted 6.12.0-rc6-next-20241108-syzkaller #0
[  322.839262][ T9005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  322.849878][ T9005] RIP: 0010:current_check_refer_path+0xc35/0xee0
[  322.856271][ T9005] Code: e8 a0 90 21 fd 66 b8 40 00 89 44 24 18 e9 58 fa ff ff e8 8e 90 21 fd 66 b8 00 10 89 44 24 18 e9 46 fa ff ff e8 7c 90 21 fd 90 <0f> 0b 90 c7 44 24 18 00 00 00 00 e9 30 fa ff ff e8 66 90 21 fd eb
[  322.876050][ T9005] RSP: 0018:ffffc9001a4afa40 EFLAGS: 00010283
[  322.882266][ T9005] RAX: ffffffff847deb94 RBX: 000000000000000f RCX: 0000000000040000
[  322.890287][ T9005] RDX: ffffc9000468a000 RSI: 00000000000009f7 RDI: 00000000000009f8
[  322.898372][ T9005] RBP: ffffc9001a4afbb8 R08: 0000000000000005 R09: ffffffff847de582
[  322.906518][ T9005] R10: 0000000000000008 R11: ffff888034d71e00 R12: ffff888079e1b028
[  322.914597][ T9005] R13: ffff88807faa3800 R14: 1ffff1100f39f34e R15: ffff888079cf9a70
[  322.914745][    T8] usb 1-1: Using ep0 maxpacket: 8
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  322.922616][ T9005] FS:  00007f4bacd3c6c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000
[  322.937184][ T9005] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  322.944952][ T9005] CR2: 00007fe2b807f000 CR3: 0000000063286000 CR4: 00000000003526f0
[  322.953718][ T9005] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  322.961833][ T9005] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  322.969946][ T9005] Call Trace:
[  322.973266][ T9005]  <TASK>
[  322.976234][ T9005]  ? __warn+0x168/0x4e0
[  322.980546][ T9005]  ? current_check_refer_path+0xc35/0xee0
[  322.986323][ T9005]  ? report_bug+0x2b3/0x500
[  322.990938][ T9005]  ? current_check_refer_path+0xc35/0xee0
[  322.996717][ T9005]  ? handle_bug+0x60/0x90
[  323.001152][ T9005]  ? exc_invalid_op+0x1a/0x50
[  323.006293][ T9005]  ? asm_exc_invalid_op+0x1a/0x20
[  323.011438][ T9005]  ? current_check_refer_path+0x622/0xee0
[  323.017215][ T9005]  ? current_check_refer_path+0xc34/0xee0
[  323.023050][ T9005]  ? current_check_refer_path+0xc35/0xee0
[  323.028856][ T9005]  ? __pfx_current_check_refer_path+0x10/0x10
[  323.035027][ T9005]  ? _raw_spin_unlock+0x28/0x50
[  323.039947][ T9005]  ? nilfs_lookup+0x1a3/0x210
[  323.044693][    T8] usb 1-1: config 0 has an invalid interface number: 194 but max is 0
[  323.044724][    T8] usb 1-1: config 0 has no interface number 0
[  323.044760][    T8] usb 1-1: config 0 interface 194 altsetting 132 has an endpoint descriptor with address 0xC7, changing to 0x87
[  323.053578][ T9005]  ? __pfx_nilfs_lookup+0x10/0x10
[  323.059577][    T8] usb 1-1: config 0 interface 194 altsetting 132 bulk endpoint 0x87 has invalid maxpacket 64
[  323.071802][ T9005]  ? _raw_spin_unlock+0x28/0x50
[  323.076949][    T8] usb 1-1: config 0 interface 194 has no altsetting 0
[  323.086921][ T9005]  security_path_rename+0x22a/0x4e0
[  323.086979][ T9005]  do_renameat2+0x94a/0x13f0
[  323.102466][    T8] usb 1-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=26.d9
[  323.103973][ T9005]  ? __pfx_do_renameat2+0x10/0x10
[  323.109175][    T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  323.117762][ T9005]  ? __virt_addr_valid+0x183/0x530
[  323.117810][ T9005]  ? __check_object_size+0x48e/0x900
[  323.117860][ T9005]  ? getname_flags+0x1e3/0x540
[  323.117893][ T9005]  ? do_syscall_64+0x100/0x230
[  323.117926][ T9005]  __x64_sys_renameat2+0xce/0xe0
[  323.124115][    T8] usb 1-1: Product: syz
[  323.131049][ T9005]  do_syscall_64+0xf3/0x230
[  323.137309][    T8] usb 1-1: Manufacturer: syz
[  323.141508][ T9005]  ? clear_bhb_loop+0x35/0x90
[  323.141549][ T9005]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  323.141577][ T9005] RIP: 0033:0x7f4babf7e719
[  323.141608][ T9005] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  323.141628][ T9005] RSP: 002b:00007f4bacd3c038 EFLAGS: 00000246 ORIG_RAX: 000000000000013c
[  323.141658][ T9005] RAX: ffffffffffffffda RBX: 00007f4bac135f80 RCX: 00007f4babf7e719
[  323.141677][ T9005] RDX: ffffffffffffff9c RSI: 0000000020000780 RDI: ffffffffffffff9c
[  323.141696][ T9005] RBP: 00007f4babff139e R08: 0000000000000002 R09: 0000000000000000
[  323.147913][    T8] usb 1-1: SerialNumber: syz
[  323.151291][ T9005] R10: 00000000200007c0 R11: 0000000000000246 R12: 0000000000000000
[  323.151314][ T9005] R13: 0000000000000000 R14: 00007f4bac135f80 R15: 00007fff8e00d9b8
[  323.151349][ T9005]  </TASK>
[  323.151376][ T9005] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  323.151394][ T9005] CPU: 1 UID: 0 PID: 9005 Comm: syz.1.846 Not tainted 6.12.0-rc6-next-20241108-syzkaller #0
[  323.151421][ T9005] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/30/2024
[  323.151436][ T9005] Call Trace:
[  323.151444][ T9005]  <TASK>
[  323.151454][ T9005]  dump_stack_lvl+0x241/0x360
[  323.151497][ T9005]  ? __pfx_dump_stack_lvl+0x10/0x10
[  323.151533][ T9005]  ? __pfx__printk+0x10/0x10
[  323.151571][ T9005]  ? vscnprintf+0x5d/0x90
[  323.151611][ T9005]  panic+0x349/0x880
[  323.151643][ T9005]  ? __warn+0x177/0x4e0
[  323.151673][ T9005]  ? __pfx_panic+0x10/0x10
[  323.151723][ T9005]  __warn+0x34b/0x4e0
[  323.151751][ T9005]  ? current_check_refer_path+0xc35/0xee0
[  323.151786][ T9005]  report_bug+0x2b3/0x500
[  323.151810][ T9005]  ? current_check_refer_path+0xc35/0xee0
[  323.151854][ T9005]  handle_bug+0x60/0x90
[  323.151885][ T9005]  exc_invalid_op+0x1a/0x50
[  323.151916][ T9005]  asm_exc_invalid_op+0x1a/0x20
[  323.151943][ T9005] RIP: 0010:current_check_refer_path+0xc35/0xee0
[  323.151975][ T9005] Code: e8 a0 90 21 fd 66 b8 40 00 89 44 24 18 e9 58 fa ff ff e8 8e 90 21 fd 66 b8 00 10 89 44 24 18 e9 46 fa ff ff e8 7c 90 21 fd 90 <0f> 0b 90 c7 44 24 18 00 00 00 00 e9 30 fa ff ff e8 66 90 21 fd eb
[  323.151996][ T9005] RSP: 0018:ffffc9001a4afa40 EFLAGS: 00010283
[  323.152020][ T9005] RAX: ffffffff847deb94 RBX: 000000000000000f RCX: 0000000000040000
[  323.152037][ T9005] RDX: ffffc9000468a000 RSI: 00000000000009f7 RDI: 00000000000009f8
[  323.152055][ T9005] RBP: ffffc9001a4afbb8 R08: 0000000000000005 R09: ffffffff847de582
[  323.152073][ T9005] R10: 0000000000000008 R11: ffff888034d71e00 R12: ffff888079e1b028
[  323.152091][ T9005] R13: ffff88807faa3800 R14: 1ffff1100f39f34e R15: ffff888079cf9a70
[  323.152114][ T9005]  ? current_check_refer_path+0x622/0xee0
[  323.152143][ T9005]  ? current_check_refer_path+0xc34/0xee0
[  323.152192][ T9005]  ? __pfx_current_check_refer_path+0x10/0x10
[  323.152223][ T9005]  ? _raw_spin_unlock+0x28/0x50
[  323.152265][ T9005]  ? nilfs_lookup+0x1a3/0x210
[  323.152295][ T9005]  ? __pfx_nilfs_lookup+0x10/0x10
[  323.152324][ T9005]  ? _raw_spin_unlock+0x28/0x50
[  323.152365][ T9005]  security_path_rename+0x22a/0x4e0
[  323.152409][ T9005]  do_renameat2+0x94a/0x13f0
[  323.152471][ T9005]  ? __pfx_do_renameat2+0x10/0x10
[  323.152509][ T9005]  ? __virt_addr_valid+0x183/0x530
[  323.152542][ T9005]  ? __check_object_size+0x48e/0x900
[  323.152587][ T9005]  ? getname_flags+0x1e3/0x540
[  323.152620][ T9005]  ? do_syscall_64+0x100/0x230
[  323.152652][ T9005]  __x64_sys_renameat2+0xce/0xe0
[  323.152687][ T9005]  do_syscall_64+0xf3/0x230
[  323.152715][ T9005]  ? clear_bhb_loop+0x35/0x90
[  323.152748][ T9005]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  323.152775][ T9005] RIP: 0033:0x7f4babf7e719
[  323.152796][ T9005] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  323.152817][ T9005] RSP: 002b:00007f4bacd3c038 EFLAGS: 00000246 ORIG_RAX: 000000000000013c
[  323.152851][ T9005] RAX: ffffffffffffffda RBX: 00007f4bac135f80 RCX: 00007f4babf7e719
[  323.152871][ T9005] RDX: ffffffffffffff9c RSI: 0000000020000780 RDI: ffffffffffffff9c
[  323.152890][ T9005] RBP: 00007f4babff139e R08: 0000000000000002 R09: 0000000000000000
[  323.152907][ T9005] R10: 00000000200007c0 R11: 0000000000000246 R12: 0000000000000000
[  323.152924][ T9005] R13: 0000000000000000 R14: 00007f4bac135f80 R15: 00007fff8e00d9b8
[  323.152968][ T9005]  </TASK>
[  323.156684][ T9005] Kernel Offset: disabled