last executing test programs:

6.619344778s ago: executing program 4 (id=355):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000340)={[{0x122e, 0x3, 0x0, 0x0, 0x0, 0x4, 0xc, 0x0, 0x5, 0xff, 0x1f, 0x0, 0x10000}, {0x3, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfd, 0x0, 0x7, 0x4}, {0x0, 0x0, 0x3c, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}]})
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x1, 0x0, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x801, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x14, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}}, @NFT_MSG_NEWSETELEM={0x14, 0xc, 0xa, 0x101, 0x0, 0x0, {0x7, 0x0, 0xa}}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x70}}, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

5.300226469s ago: executing program 4 (id=362):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='sysfs\x00', 0x1214040, 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000240)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
mount$overlay(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000000300)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
chdir(&(0x7f00000004c0)='./file0\x00')
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000300)='.\x00', 0x20080, 0x199)
r1 = fanotify_init(0x200, 0x0)
fanotify_mark(r1, 0x405, 0x4000000c, r0, 0x0)

5.111362367s ago: executing program 4 (id=364):
prlimit64(0x0, 0xd, &(0x7f00000000c0)={0x200000000005, 0x8000000000200003}, 0x0)
setpriority(0x2, 0x0, 0xffffffffffffffcd)
r0 = syz_clone(0x1000000, 0x0, 0xfffffd11, 0x0, 0x0, 0x0)
r1 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r1)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
r2 = syz_open_procfs(r0, &(0x7f0000000040)='stat\x00')
pread64(r2, &(0x7f00000000c0)=""/22, 0x16, 0x6)

4.958414683s ago: executing program 2 (id=366):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
unshare(0x400)
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x703d2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0x2}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x0, 0x203}}}]}, 0x38}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x38, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, r3, {0xf2ff, 0x4}, {}, {0x8}}, [@filter_kind_options=@f_bpf={{0x8}, {0xc, 0x2, [@TCA_BPF_FD={0x8, 0x6, r0}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x10}, 0x0)

4.69756526s ago: executing program 4 (id=369):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="1400000015000103000000001c0000000a"], 0x14}, 0x1, 0x0, 0x0, 0x4}, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000100)={'team0\x00', <r2=>0x0})
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000001100010100"/20, @ANYRES32=r2], 0x20}, 0x1, 0x0, 0x0, 0x80d5}, 0x0)
readv(r0, &(0x7f0000000040)=[{&(0x7f00000038c0)=""/4118, 0x1016}], 0x1)
syz_usb_connect(0x3, 0x0, 0x0, 0x0)
ioctl$I2C_RDWR(0xffffffffffffffff, 0x707, 0x0)

4.255283465s ago: executing program 3 (id=373):
r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
connect$netrom(r0, &(0x7f0000000300)={{0x6, @rose, 0x1}, [@remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @null, @default, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @default]}, 0x48)
r1 = syz_init_net_socket$netrom(0x6, 0x5, 0x0)
bind$netrom(r1, &(0x7f00000004c0)={{0x6, @rose, 0x1}, [@netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null]}, 0x48)
listen(r1, 0x80)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000480)=[{0x6, 0x0, 0x0, 0x4}]})
openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
close_range(r2, 0xffffffffffffffff, 0x0)

4.245140232s ago: executing program 0 (id=374):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7)
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r1, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x88fd537e5e114b6f, 0x12, r1, 0x0)
ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x4, 0x89727a31546dcc40, 0x4})
sendmmsg$inet6(r0, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0)

4.10876584s ago: executing program 0 (id=376):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f00000000c0)=[{0x20, 0x0, 0x0, 0xfffff038}, {0xb1, 0x0, 0xfe, 0xfffff00c}, {0x6, 0x0, 0x1}]}, 0x10)
sendmmsg(r2, &(0x7f0000000180), 0x4000190, 0x0)

4.08264263s ago: executing program 2 (id=377):
syz_mount_image$btrfs(&(0x7f0000000040), &(0x7f0000000240)='./file1\x00', 0x0, &(0x7f00000002c0), 0x1, 0x50f3, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=")
r0 = open(&(0x7f00000000c0)='./bus\x00', 0x68042, 0x62)
r1 = open(&(0x7f0000000080)='./bus\x00', 0x185102, 0x0)
ftruncate(r1, 0x2007ffb)
sendfile(r0, r1, 0x0, 0x1000000201005)
r2 = open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
sendfile(r2, r1, 0x0, 0x80000000c)
open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)

3.180835734s ago: executing program 3 (id=381):
r0 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
r1 = socket$netlink(0x10, 0x3, 0x10)
bind$netlink(r1, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc)
setsockopt$sock_int(r1, 0x1, 0x21, &(0x7f0000000000)=0xfffffffe, 0x4)
setsockopt$netlink_NETLINK_BROADCAST_ERROR(r1, 0x10e, 0x4, &(0x7f0000000480)=0x17fe, 0x4)
syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r1)
ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f00000000c0)={'syz_tun\x00', &(0x7f0000000040)=@ethtool_link_settings={0x2, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x4c, 0xf3, 0x8, [0x0, 0x0, 0x0, 0xc, 0x5, 0x0, 0x0, 0x40000002]}})

3.116300346s ago: executing program 1 (id=382):
syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x0)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ffa000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ff1000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0xc89f, 0xc000, 0x7, 0x20002f7})
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000093c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000000)=@deltfilter={0x24, 0x2d, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x0, 0xffff}}}, 0x24}}, 0x0)
socket$inet(0x2, 0x80001, 0x84)
sendmsg(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000000)='8', 0x1}], 0x1, 0x0, 0x0, 0x2c}, 0x4000845)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)

2.26042304s ago: executing program 3 (id=383):
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000140)='./file1/file4\x00', 0x1c0)
mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file1/file4/file5\x00', 0x81c0, 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000600)='./file1/file4/file5\x00', 0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0)

2.199457404s ago: executing program 1 (id=384):
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0)
shutdown(0xffffffffffffffff, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000380)='clear_refs\x00')
writev(r0, &(0x7f0000000100)=[{&(0x7f0000000000)='4', 0x1}], 0x1)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
ptrace$poke(0x5, r1, &(0x7f0000000080), 0xffffffffffffffd)

1.850655999s ago: executing program 3 (id=385):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="100000002d000b02d25a806f8c6394f9101a04000a", 0x15}], 0x1}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d80000001c0081044e81f782db44b9040a1d08030e000000e8fea4a1180015000600142603600e1208000f1000810401a80016000a0001", 0x37}], 0x1, 0x0, 0x0, 0x7400}, 0x10)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@in6={0xa, 0x0, 0x0, @mcast1}, 0x80, 0x0, 0x0, 0x0, 0x5c8}, 0x0)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907009875f37538e486dd6317ce620300fe"], 0xfe1b)
r1 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[@ANYBLOB="563f00001800599c6d0eab070004000523"], 0xfe33)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0xfe33)

1.848400734s ago: executing program 0 (id=386):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x22100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f0000000000)={0x80, 0x40000105, 0x0, 0x0})
r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0)
r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0)
r5 = dup(r4)
ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000040)=ANY=[@ANYBLOB="0100000000080000054d564b"])

1.718430282s ago: executing program 1 (id=387):
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0200000004000000040000000c0000000010"], 0x48)
close(0x3)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000180)=r1, 0x4)
sendmsg$inet(r3, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x20000000)

1.416743037s ago: executing program 3 (id=388):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=@delqdisc={0x24, 0x25, 0x10, 0x70bd2c, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xb67c97c53973218e, 0xf}, {0x2, 0x3}, {0x7, 0xe}}}, 0x24}, 0x1, 0x0, 0x0, 0x4b011}, 0x3000c81c)
chdir(0x0)
r0 = creat(&(0x7f0000000400)='./bus\x00', 0x10)
r1 = open(&(0x7f0000000100)='./bus\x00', 0x0, 0x0)
write$binfmt_elf64(r0, &(0x7f00000002c0)=ANY=[], 0x76)
lsetxattr$security_ima(&(0x7f00000002c0)='./bus\x00', &(0x7f0000000000), &(0x7f0000000140)=ANY=[@ANYBLOB="04"], 0x2, 0x0)
dup3(r1, r0, 0x0)
finit_module(r1, 0x0, 0x100000000000000)

1.390993827s ago: executing program 1 (id=389):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x6)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000140)="66baf80cb8044fdc87efed660f388059e0b805000000b91e4200000f01c10f20c035000000200f22c0f20fa20f01cb36263e660f381efc660f7c150c000000b805000000b9210000000f01c1c4e17929d8", 0xfffffffffffffed0}], 0x1, 0x11, 0x0, 0x0)
ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f0000000300)=ANY=[@ANYBLOB="030000000000000000000080"])
bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x4e21, 0x3, @empty, 0x8}, 0x1c)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@textreal={0x8, 0x0}], 0x1, 0xd, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1.282315685s ago: executing program 2 (id=390):
r0 = fsopen(&(0x7f0000000240)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
mkdir(&(0x7f0000000300)='./file0\x00', 0x40)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108)
getdents64(r2, &(0x7f00000000c0)=""/55, 0x37)
lseek(r2, 0x3, 0x0)

1.249601769s ago: executing program 0 (id=391):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c4400000000000e0fe1709850000000e00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000023c0)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f00000003c0)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB='\a'], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000500)={r2, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r0}, 0x20)
writev(r0, &(0x7f0000000400)=[{&(0x7f0000000080)="ae", 0x1}], 0x1)
sendmmsg$inet6(r0, &(0x7f0000000300)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000400), 0x1}}], 0x2, 0x41)

1.248745647s ago: executing program 3 (id=392):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file3\x00', 0xcc0, &(0x7f00000001c0)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6865617274626561743d6e6f6e652c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c636f686572656e63793d62756666657265642c6572726f72733d636f6e74696e75652c757365725f78617474722c626172726965723d30303030303030303030303030303032363131352c6469725f726573765f6c6576656c3d30303030303030303030303030303030303030362c696e74722c6a6f75726e616c5f6173796e635f636f6d6d69742c00535d4e036013ec9e6e7ecdee3849b40884b95e94f35cec9600cd19beb0"], 0x1, 0x442a, &(0x7f0000004480)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3+5159pnD8MSJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAud/2MBAAAAAAAAAAAAAAAAAADgb2rz/f9cdKLJ+/9jyXGkRf31tzo/Rjpn4u2rYxcGh5L936Nt+a8nSb+c6wr9TfZ9z+7/fi5Tv/n+79v72a3G+Br99oUoHkidx/HAQAjfJBu/n4qOxKXyUuXVW+Xlhdk9G8YzKx3/+u79qegkG/q3G//RTPud3///v9uupur5zb27xJ5r6fh3tSz37adRW/E/n6m3H/Fn99Lx766l9W4tMFKfAKrx/7x75/iPZdrvVPyPhxByUXWsudQMUF3DVNNbrVdIS8f/UC0tNXUmH2Sr+//3TPwvZNo/qPl/JftFRFPp+P+rltaTKrF5//fHO9//FzPtH0T8q+Nf8f3flnT8D9cTu1NFap9ku/P/eKb9TsX/epyM83iUugJWo3p6q/9XR1o6/j3b8jef/+K21n+XMvX36/mv0W/j+a8x/b8c1Z//aC4d/96W5dq9/ycy9To9/4/U1n/sVjr+R2pp6bVzX+1nu/GfzLTfqfjXViU9jfhvzid/HK6nf23915Z0/P9dT4y3llip/ayt/6Kd1/+XM+0fxPqvOv6VuLO9Pi/S8T/aslw1/j+08f1/JVOv8/EPYdBaf9fS8T/Wslzt/u/ZOf5TmXqdjv9LnWwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Bkwmhz7QhQPpM7jeGAghPPJ+alwJJouzOanS+WZj5ZCGEvSc+FEdLtUni6U8nML5dlivlAqlWdCuJDknww90VKpXMnPF+5e3GirN7pTLCxWpouFSghhPEn/fzjWaGt6rjJfuBtCuLSR95+4vHj3TmEhPzu3+Obg4OBgmNgYQ39U/KRSXKjUe6/nhjC5Ubcv2jK4WvbljbEcjT4sLy8uFEq19Ctb6pTKM4XSljpTSd4XoT+qLC4vzBQqxXypfLvR30EaSY5jE9feu3ZlaFv+zah+HN3fYQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwFz0afuPLEEJ3/SwOIYw0fomalX/4uHg2/3Tq/trw6cnVB2tPWpUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JMdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7NIxSgNBFAbgN2Ohdh7DatntbFcU0cIVwRPoMTyMHsVLeIcUKdKmCIFkFsJmF7ZJqu9rHszPzHswDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHme3ruPt7qJSHG1uYz4+/pfHOYvpf7cj9+/OMOMnM7za/fwWDfl39NRfleOlm3epevV92eM1N7vYE+G+7TX97menGtq36bm6/veRMpVRLQlv005V9W8twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyw4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRR9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPArAAD///4CHxA=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x42, 0x0)
fallocate(r0, 0x0, 0xc220, 0x8ffff)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r0, 0x0)
fallocate(0xffffffffffffffff, 0x0, 0x0, 0xffff)
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x8, 0x11, r0, 0xffffc000)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x0)
pwritev2(r1, &(0x7f0000000100)=[{&(0x7f0000000080)="ff", 0xabfb}], 0x1, 0x5412, 0x0, 0x0)

1.086758345s ago: executing program 0 (id=393):
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1000, 0x10008)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
read$FUSE(r0, &(0x7f000000c3c0)={0x2020, 0x0, <r1=>0x0}, 0x2020)
setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0)
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], 0x0, 0x11)
write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x9, 0x1100, 0x40, 0x0, 0x6, 0x0, 0x0, 0x0, 0x40}}, 0x50)
syz_fuse_handle_req(r0, &(0x7f00000041c0)="0a44566bd8cd7422e078875d6a98d0a2dcc0a0c7881e44e46c6bf84253a3ba4cba8183c2236313cd49babfb721c547a5caed646bac2f2ea43e134e2a05d84cd813c9e2a96e68352f95c458f6ba48078f1d10fce44d869b4a00c68ca338ff3b877cb434f502cedfe83cbfb33d5233d081ec8ee2ac10e08194f6257183be922fc7203071a2aaf87478d1420237a1516e749623929f0d60f15e536376ba41fbbce034588b60680572f0d1d76ed122dc46252cc143f0e665e3f4e3f56bc454957265bd9a029cf8c7397ca01f95bc0e6601673bb31804c34307725385260df48c32527d74e51e5f26728aaedf9f379f5960f5e6e7146eff3254aaf54eb42834e1f57595a2b0333f5ca1474e07c2447c33dbe8f62f24cd788ac18475493edb813450e917837b125ad6f850e6af93e16828a6741c6ac00a4e25cfcd498f1b857e74a4eb8dce5ffcb3999031f1da13e9e6a973134ec04795a3fe91388fb6b349e668f49bd4c4ffa71a8662916219b4a2075bbfe4892cd1080f662005c1c2030d35999c9637f4836ae5745acae8ff0d745184e58241510d780f8a9aeeccb17b9213527a1b747dd23df6b4ac2ca4bd07fb7de6bb4bf8811e5c2f99f4bbcb3cba79fc483182bb981815a1b1ba5afad464631e6eb940a5da4e73787e9e0103bc7ea59cc8d63f740131a14c3cd034e91e885bd730521ba80c1071f25e0073a44bf8e36cc23a5f433378a13d2e2be7fbb8ca204976651924ae8637b339e883f4d388e239424031e20616341a5d51cd5d574382d518e4824dcdadba86143b4de3ff8126f0be226d1e6526a2af981d11092c428bc699ea208d4d38d63ef525b8da551207397fdb7d57a52c2062182072b017141de1b70bd15c758c88c65f6acffd5b5b0846c2a779660ceef46b22336abf817a24d27c3f66839b5f2f99131898dd372a124d9e5df84b24fa7be045b92fb225a735da1be1972c706120c391ffadf231603ffbb86d38ff2c76202a0f81317a7f790dadcdca1d109e4428f52246b17f6b5822f64d36da71167df86cedf76f4405f320f70a3d6d6307a13e023d9a23985fd9c95793118674346d7977654ed14a121c1bc0b3e8672087245e0721230edc667c1fb6bcdb22b3264b7fffedb589a2899096493ba97ce5fb0ad97821d0a4528465380e086b61f632eb0ce1f89eea2d8336217f51b4085433d426d404431360be55776cbb0f80c33e807732df3d73bf9d9a8e3b1468d2ac7c73a4aa239c96bbeef3965132a02254d887e65fbeaf517e913cc331ed36c3e326163d1a3aef7df9db06f8997668cc35e39813c82a440a73f12011bcc0b2abb993b99e79727d49e6656e8d9ecfb7b65c2c187ca6262361c6a7d3679aba9df764d13485874b1443f47d8caea64963011294082a9d50ed2fb08cdfaaa7dbcf782b7e8f8d8206dbc421bf9807727126b1ea364498f3ae693fe19f5b56af13df090892919c136c201a0d058c1863f136a3ff389cc510c17b1de341ca9a8d6ffd80fd019ac3fd9eeeb845202f2c5f207b1e7e169d57164855b9c3dbdf3c696124136d07a4de6be16b43352567a3e3bab0f73ccdd41255ffeb3ecb2bdf9eedd1d4332f4a7534b01b6331474880d4d07b464bd8c3b18d02fbf1faeeff70c8ae35b4eef002930dfa9a0c9350ffb72c82535a55280ac9c6d5384cf9aa3c66cc918497f51a6dbad608eee21f6085f85990983d0a51e5b41cb69ae52d60fa835045aaa0132be8b4dfdb10f521bc22b0192a4133040453c5a0a8bbb5d4c46ea25f2be5b0e79d71c4a13db6e9cb66db9f2c4804d41b9c26f96fd23c358ee9c8f57322540953224b56072af25b5c7041de560f1d4bde367eb3bbac949d9a9a86123ae62d0f4741446192e85772fb893b64c0e7c44a6e967af906b0f50e32be384027379c8dde251f549f94b16cee199da537d07ae89848da801b43bab3b65651402756cb22d17e602cdc33790ec8a5484a955bc8f487597ac9752166a405bbd7dfc9107af72b46e39d29afd2a0447e53377fd11997ab21db0f740699843a168720377e365caf88fd319dca184cadb8ffb4d288a0045b349be5ecb64561a2bdfa13336ef96aea86c48a5e405330a01c5390d482e6ccf4ebb2cf149d8b6274b2f9e6e1066004172a1a90e0db9838afafcb663bd693b2e5ca35858dcb82c05cbc87ec5cedfbb08daf55c472e250861bf357569342d90a667f3ac7fc2d4e54220444a97810ac14b0af6b043a07c1d791182635b983492f21db4a6ffee2d686238869e50b9bb73d75ec26087c0c8cb92ff25740b3995e4d771469b8474efef04d8d75f3544aaf84f02ad977948764d4c1bce36aa4198d6f22091b263d9eae96f1096fe3d8045949f189f33ec713101fea26ea043fe98b987542e33ab372058c64205e90a0e1f52d04b2c5ba7a5572ddb95f7d2b04f22e2e987c5d0f879db65718d8979da2a45cd333a5aacf96081977a9eb3dcee4afb44443ad37528c5a314d1ea08d1c3f0a36d4bdf77fc0caaeaa1eb2746a26683561b62d22f4e166192892e2ec1597f8bf6e89cd53840c8d7baea220e1b5e17df52a05017363727b0cc77ee61577a79b3de2ed364f3419a30d23701044b45ed3ba44b01804750bacf5bc959cffba86619f3331cc939fecadb5cba1edfe28952e0f70d2d99ce696dab9411aa2f7e7ca6207a3b16fc36a70e339aa5a618f6bcb0272968eba6edd95242825fe6e47cf1d50d229d4b1676aad0e9410aa1f2d6d2fcb9c4ec8e06c83faefbc2143de2367123bdb7669bd959782cf64def3a601c596611ac98d76df33e1fe340829340ba0a582d014ffacf9a9394300ab7efd60222cf96a99e42dae6e1ff1fcad1e3280ca07de5ea7e08b264a60015ffb76cc72d70ded58a1e2f59906f3c76433e4353a94a2a49f91103e2b5491ac7f66d54ae2a0e82099c4c9bd683971c2d3dd51601bf5e94f7660158bc6fdc1b2ce3d689a3aa64c29810ad7d9e91e49b72e6f97230a2a966434bf5cdb339556e6452e6b446766f55df45219fc02192cb73076285e74eb848229bffd812f6058782b3f5d0efa4d7b0d3c120931aa8b679e318ecc5ea539e3dcaf87473e2573189ce500b616957d88a09a014baffbd66990e41a3432891279cb82d9c4b50675ff067b76503535631aab9a29ee7e274eded1cd542c801bf519e1119fbab84f57c7686209c9e5177545bf0f403609c81fe6d8f2979d886c43fa3053b38b6e21ec3632011c97451d8409f169f71d226e61fdd206ec5f962b0277eee286a694ba5381493941ed44b3659994d3cd2a8c9c3bdb2f63d77eaee180428d7d6df86f6738cf7adb4b863c9ee9da9904bba4c2c3188a1ce31c5b082857e5566055c8cf58a9e9f7624d220b8d3093cbc6eaed7fcf15fc700ed711575aff5fb5cb7e206c810ea7a766d2960a1356687aad2ec171e4a1db6540a9257385a1e8b9f029485866c32e74c1a19e1113040c9d215f9f4bb4311f0d587b9cb6d11cdf28d4cbcdde4ee7831e5c8608335a1e41883b55b3609b9c4fb8489619481dffc6224e4c98b1e89831187b28b6bcebe7f78c779f5a2896e47bef8e607811b435c517e8e3f19d74752d7ae99cb7caf69c0f977f1b94f8f11bdbf35444fabaac2fc0e568d3b5b3b9f13162b1fa92615bc16492b870fc85c79c51b6516276f8e559e769a8d37a2335d67edbdbe2d4ded10e79ad26629ba6de862acb27fa7d0607a5c83840e446ca0d231ae9175ae9cddf35443ef8434a61d54b704d2b46835ca030d4325dd62918d361c27bd6e422f3f8431ff979953c88a5f3d07a84b733b2fffda5dedbc2ba876ea653aaa2a8446019d2cb69c4c7023177af7b5de358c4a93ba969415c7e3bd3e10a17653cc4c0031dc779d47bedc8d0f77b9fb39484e47d1edfa16a4839d7e3c1f4147bf7a5a41395980d0234577d433c4f3663a648865cf5cfc4a713bfde809cae8161f044770d8f3dd65f183392ed73dd0512951dce40dd6f68927144d09a6df1225769a47a2f1dc7da5a0e5651dc0198c2feb7de7aae5675a3753272294cdc8f05b4bf1b478d6e2a18f6a9dfdc42421bae7072786a4122cb3fcc61b2d0bc9314b92be8be3f9b8b109631305e06b52c0bf621d577f014d0572327c49fd705b45794aa8f198b37c139c4a8008763c654af912552549203733ad09c667104a3c1756dacc50af3d19bd996a99a7f857d9ff8c337c6feb16cb7fe282cbf8c975bdb60a7ddaa056352d9cf752f2b49fd0ae9dd7a263c4e1c1a027c7d45529b5a49de9f2306862b8ef8d386594f9909aabc849c5955241d192ab57d52fd2c7db0e4066bc3f70445599a60016de606b30a92b1bcbcd9dc8cfb492a6e66aa2be612e1d5f7fc61989d51285f1ef8a4e724a46c36bdaa6bed82ec972fe3e929a7a708397432b13e266d9a66954e011a158c9bc031587f9315382dfcc2334100d99b7d50b87096970d294261dd3263bee8f5aac2d86f070d70e278ecca4cf6ff05e511c0a65d6da81b68d94cd635e9dc98c1259fa2060de60d05117090a9a36d7b7aab999cd28a6c0727336312ede8f7fe0118e22aeb4094a64311fa766412d68ee04a93a1b9e2da91afcc91a1fc3c216f0aed6da74baed3242e620482ae01d3055562d16cab58500a5f41145d2275f6da8e24003cae19a7bdb9de8ef57965341253901962d846fcfd687e32fc81e716c42fae279382c8a750c9ef9543c942ca644287ec9cc921f99e9c901810a342e198f3b60a5c75aa91e67c1a6f08008841ddbe0766604b38a211929682303ce61e8024ea4589aa955886adc98f365af515daf30c376eb2b96fd78d46bc3999935a336c89f02ebe822bb5db6a1fd145c4d403b88f17b3fac670b2eb1296b3a5a7055556c21259695c248696162fc179aa1b4ec10e022ea7bacd0255937f9aa89f4d4c58bdedb54b43fde47268552f51b949a9cfbdabf6e3172853e6de9d0b0d9643349595769e98dab85282c49ce8c52301c04710a2c43cf63decaf65243d4756015b681bb680fdd1aba59d63b54e2ebedc68df32e575a95adfb2b18a79688b23ffb498d03012250f0dfaaed5353025aea7a35c8a89873b5f73adb41cc864b9f86e14624d70c917f05e47bab793958de9957cf23c94a9807b30bd7574edf66250224b887a8c02baa05cc02abd4c008339129b3109f1b04da29a9edf472991a440fcc8e586bef32b8c95fcd3d6702b9f43bf41454d5fe72a1f1ac80604c93dc9e9abf9a824c6d45e65b4f39f8341799dce4eac5e9036450ba7829221fdac7ec394c0a8e9813f5aad3ad0052f5156b3dca979e9c9a8755d4be2502727d346889210a13e5391951afef1880bcbd2a9ea020c9b2946563cd40c40f6202bce9bd1d2a1bbc3e5e6b2a9d2220343fd1ff5cde1b4d27c0601b8890b6ad8d3d80075a23725bddd81c15cd1b63e0123c4ac01de7b62b1e0fe2b72eaf400a1bcc63f76316d471eb191c931d5350e83a110b89e77668cfdc47734b91c2268fbbd89ce15b50b84c423a1f27943c32739e99b046a665c966275dba2dd6449b69ec53e5cb9cde89afe4149589c7378f5f3648d748bf3d46fa53f50d1228714252a328cebe7146d81dbb2f850aad492bc0697e2760dc9c60bc76a010e85110c0076478a21b47e5fbc4f7397a319e1db642e305bb1330674d96eb4b421f0f2131d125d4cec8aef4637dce572bad633e076972c9147a48b4c67135ace6a4490e16fa4731d62864e910762f1eb58afa63031c78c375a90147ceef07cd1e8155a649f2558d67dba9d6d2e012a3af4b603cd094e4a3b2e30c65c80cf8d9b2cb840e9df91e70162b80e74be96467574ca0ac5ad52238163283c556f0865c2338d6dcc73fa330634f6e5ce68e766df2db5b7edce0d98203e1d4374e7eda3558667229ea2daeb74156cf5895c4afb460cb4037456b14d9b748ddf7b8f3d5accd3e0d8d2eca2a78056d945eb4383078cc09a3a77736ce4e91f8174fe03fdceef8df92a50c2797b0cd06c6f1ae95650e48d103fb269c0a004d62237b77257807c8954678476030d788543d84770a1533a72141c7ea919e533bc182a3306782233d1a20153fa3e9e315a856e75f760bb7f943ea2f5956243f75fdb241ddfb4c081219ebb4eb3c3e989e3d953a93d96dafe1142c29434a554a92d319747e618cbd3af5202e51d30761e81b6c2d6febf221e3147b63171ea5dbaab4cba1b0fe7dc9cb249d74bbbcd7ef11c35fade1132ee4b74dc6090cfb6f852fb01d79aa0e5ee6897b7c021c6a1e69995e0546932c56e65b2581d619fc59f9775f3e8573b3c4926b8f6a9041512788d11a6fb279941ce24fea916e6568db25f1fcd3fd1e907fb3c45ddbca37230f5b3ffd48cf9c2269ec068d0bc528aac14807636c9067c5e32f2c2f259f6502ffffdbea40ad1b6b4a1d819fccc5c77da908204781747ecb0f2245dfa2941a9dba5d11ad186ab0eb87173dda634bd5a9221143e244c793d6262c904a64ba36cdced65abdd3be06d534b649b03791f7ce41e9abdea4d2c17f14bfbee0455dfa791f241341c78ce24cb8b86a9e332787d4ac1bdc20d022ae9588e8d63c22925d5e507bf41faddc17e01d3354c597908124705d88131b2e8ce8d04d660ce4100b5288d750d996e069bca1fe21f9b84c97011dd14c95c3cd538bf619b1df241fcf286c7014f8467a7ee81b2bef1c3bc56573894dbb54efb6a2fff0302b26c7589e08993e755059ba8b94fe728f1fdcb8ab10a5133d0434973e6667c25288b6e5e2d75202aec6bc0255177a53ea7c666afa79dca738a9d20990f118075b9f1cfb8ff1e5be75b49635bcbf43cb3bf97719dae8ec5c5528fcf89a9dda8fe6c08f7f737d69ef181ad3e35cf8e46efd94358b4640de1c387e295ae38edd0d5b80287f022895ca4dd9532bece6b2bbe100a83fef98dc5af595f4f7e4747ff5d28ab372db71b7c1c423183fa8ba4d823cc05b7be8819dd669b6517bd753e83f4d407a72dcbfcd0e9b2d5daef7fa88c1618236375a50ad2baa6a5e0551e679dce352181a1f9e72f5fca8c323b945bdd92e2d424b3e75041734d099f778fcb1e6407c80e7724d52ab110b02c0c9d1d4b78df12fc443fd8dc8fe82d9f3c8da7b87fdfb11e912c97a4e61425ac7b3954cb2e7e46ed0e24cc0c961dd5c2fc619a9e5e3550ca7bc21f2adc1a85c5b9dade357f1ecfd72646b27e7ab59b1b4d63c63082907b3be4cda341c49ade8992af489d11cf285b81a34c5614284ab4bb94018009e2333aa8e4630a9f6792b44b62d9c6e9d1855ffecab30c611cf5dc1e6ec09088b83a4c2cda9e5ee080df0b5e36b9badc035d6991bfd82fbb408faac15ced6ddcc917a9249b767f8844d6458411c1a31ff84e272311ea968ed3ff02f2e0caa47b1a6e030b07984c07d71e740420a9ed47b26799feecbba4f26dcdb61c9422e940550bfafa99ef0f826d2bcb1d7862016abe81d021be29adabe2c399fb9aa2f3ac472012b26ccd4eea2957343b06ac8ad71a637b8fa209ab6d4351fae53a9af0e920c043df94eccd5c1a847cb17d13589021f1a621b457fbe02a16f0f4b9dee0e7eb9358b8afd999d47f5143d49d4aef227f5b06ecef1ed71207e3526ff82b6ec69d3e8788f6c476437fe96f0533394027cf48e3e146aed7943d872bc35de34f7fdba13e5e1c259a68aa8050a813aa734f202ad7faba9f64b16f5068b43bdfb726e5fa54a1675dcab0697fc47a4fa3dd472022cc0d317d39076ad9847e72e1965b227f3e49ad6e8e742305bdd05d0c88b5859d6cfc98cc47a566269dbc4c200615f3e995511a69d8e724f0c842c06c46b5460dca83137656aae785e8415cfb57d57265af9c1d8f126081bcb218a427b80ccfaa95b8bd3f87f58f09ac52a2a47bbff99b057576d26876fa758c8e41172dd2bd45742a30d55f1b65bafc0c7c9c785f583069caf6de080c9057238e110456c0f9e8d898918b6981011f8dd17c55caced49eed32839305ec37b45e8cc4c35aec0c8a4cac54035a941842e5d19fd298757799c4a501718bf21a024106a292626d4eb3c784119b9f5003c6cdb36e442c04ca5b0ea59efb63fe90f9e218fdd9f0864f407cf8edbe71f3fb1d3a587ccfadbf7a5acbb0713b1ca1991e25e75738ca68e1817d08fdbacfab6900242b91ed9541efd2ca469bf7acc7857185d47506fd0a735d7b542949241976cfb1252f2e490fcdef3166f993ff9a812d0af902001a4f239989c087b41de65f83af93e349a2d37ad3b59c5009465e14030ecdfc8fec2d27939af2311bc5d544b19220b12a5782deb83f0e193f57cc4631d8746e7d0736e1295128f3a48aeacf2952be3005b09de00c9a4565e07692d8355a947d072de4324f2e8f3b2f01483d31999826b4ac7bad4f6ae099225f751995f463e5f762b9671ebb79fdfc51b5080af6fae4837a4e00a76b775eaa6f1fa1479b6afe5d66ac5fd148fdc4750d6ae1e268da446ba08dc4d7c872bd6401f1dd6b226e91bcf77c085e3c115f49d05a29c4e282caa7b8a60a1fe09a2e98227a2cbaa838d6053cb56bc7cc84e6ffa81c18ee26c1b32c2ce205c8fee3b2f4fa8d983b4901c80d766a3299fd62e3339a697305ab7cda995b3cce61e3372f152841ec1d540c9f6cfe2871e7cf4e6997afac85b1c05bed03a5e017bce4b45b0903e9c60cf3538df7df9d8fa93b53856fe93f522f723470c553799c90c56fb705040ba78141f7e5e9117f4876c45884edd5059c8588fc39f9c6268038c4a462a4a5fbbecac0daaf54876ac0217a9ab6f83ec52f15a170005e57baead0e8b1570508e10d2c9808ff3a437436d93ffd02c72c703e2e1917c0c82c3a4b4c03cb91c961451e3f6e2d9d9e58ac1810831d7618f81a34c23cc14029326f16cd043e82ea3bea5c6bcb84152d140659d1a4f135cee82640f96e177c030907117a6c6a8049fd3815fa06249ba4b37c2381c0eca124e7f5abd393c6d175ccf0c5fd4a6e9e00d5338899ed03b5a5023dbe4c6ae1f1ffc192411049e6fa34adeefa3b2e6b45165f341e0b853561ea0d183d93100efe80237ab878312281d607ac8dc10f34e6840a6b6d5c2975348a15761326504c24d5ec648f5714254087bd8c53fe131461ca4cea09ab52848b2526edb91a2bf6c0287aeaac51eb720507d66522ff2f94d90ec584f6088910ee079538e43cf8db55e2f0d70a60eac90eafd82480d11ea5dd795a05a698c2961eedad5f8a79dc3ffa92129f76b8d795e24a1905fc82f11c40d68d11af282621b9a2e39a8dd146013bd3a044f55366af078f7c15adc548029ba4ed896ddb646d74e3af69d8597831e08eb4df1b7ed54b8f3b327753ebf47d50a215c461cd422483c8f2d54f010fa9b76e5afef86b1bb8aa6d4b0c5c9ee798791379ed4dea481feb37ea18b5c7c0146aed32772245cc39628ecc13e03b76c302f80ebcb50279fa2ff74139468a23f36881ee7e7119d8040f90c7e3d8f75d80624d17d881e363b4913eb02e73224c7dac1077d19cc9063f8831053eaa9ecf87ffc31140f6a0a47869e5a5660e5d53b404c34e17b4693df9d5418131c8aaabb0e15aee98594c57cfb2202f209a4529a293b37ef68a2e95fb8fe5142e974f1d3fe3a08ed169379387e96ab5d927771ca7157e9bbd2650992680105dcd6a75829e0643b5ad708e5c65ea4b04b3eeedc24bcac8152cb887f32436a11efab6dc2509fa42d3d31e8aac73e9e8e84a88d7096b9549bc4a879d8f824eb63809a253409294f359b76ac3f031e6bf74a4de018f1c666239bae7bb01c523f53efc922232415d68264872296967dd150af095a12717e7eaeeb98f48c84a70fce8063790f9c2f43db477175e1c8da911ce853042d84e7f24df59e8caca5ee93e2daa6aa18e92930b4495dc22ff6729964942d1baaccd07233dcab828c2254f719132271e9239390e2ebb74ddde7284ebb8955719f7d086cdbe7eef6d7298576fac821eae5a8b6ddf9d88a1dcb32121b6d3ce49c245dd675e8a3b2254a9998ec0d0d7d9570bf6b6db0392c5b060872e154841096351d880f71bc00e5a576b14c26f85840c93a0c424cdbbc57b1d1212e300a874921c1f9c0de14a8cf61f8ebd03eee5cc79f34a41235b6c72aebf48243250c6dae8547b6634374e0bd073f7c162d4226a26032bc154eba7964b2975a8d35f17560a5312cf124741c74774f9a30f8d5ddc891e78bafdaf4f86d16d4c1363d23708463ab1314e3bade23316c7fbf51d2a2417da5162f9112c4331eab695d457e3712bb5f880c68367dba95b61f6f6a9297e477eaec615dff2cd3222f21d90abd8bd4b12fabb278c9fd44ce1ed024ccf908cb4995a1d9da53f62532203d7079e20a46b2b069be4b13a52a81c3b5227f57d6c184945a1799e80dbc7cd137e3427df352c0c0fba04f3b7fb02aa36c9af4611ebb51333326f8f750d662a0a8b43e30acaaeaf2653431b57e95a77adf8261298f791d200c02bdf4b821f7d09f972dd165ce92109c8dce081bd0bd53f598200bb3c5d875bbf1be2a7dc68355e42c515c20f2d72cef3d680a42e8a705f17c6ce15f47b144e55a3e566cb73ba5ee18c5a1535e5f4b4c1774736ed1654bc024b6c748b48d9cea48a06a571d264fc876f9afb2bb43441b39bb3f9e844f70dabd4d0ea06a46c1361a60ef5914411397600e63ecaa65f6598b4ce6f3a967c93ef0697e268b70d0637709ea3fef1da8afed0d2ffd36503197efcf68e0a2cb10b4104b209c133fdbe11e07a8d5c511045d19b69c63818e55168de4357a99eed1d8410664efdc866451de9bf6794d9742e2182449e2ae3869a01f1ed7ee37ffe817a38c502b8243a1c05f1ccbd349c7b9864cbf45b5a3c6f395e4a6602a02bb80ccac94ab66d67dfd8e5cc6fa6321e930354a2c40a1e8d360752dbdcf00134d34a21b24b9acfa2cd37f3c191461f4c9d8243176f42a8109bb05c37ee715ceb027861cf71268f283035d71ce4bae4ac5f79ee5211475ddfc33f02dcd91276e5ca265e5b9104222fdff5969f434a4412ba9fe00aec27f559b63c25a9e8d53c063db549035ec2c8e91e1a6247045541a7e28ff6c13e9f29a3683e55731d80d714b9d5801cfbf617aeb6651290293ac0f4e246df99e72434772b7d8494485537b7b2063c7bc5e80eb6c7ab6647d01189cc910aae2fe8249a0fc3226caa8994b476c6777bf113d153c43da337a6304fd10582d58919596a6de42ad500b62c1e6550d8cdc059496073a48110b2fccb42c96e3e3640f1a87fe379779adcd8836aa8dc545db39bb3afc032c16977e150e9572c3e5f8e04bc15497ec8217a0e187ba097fa95a855af66d47a105bdc3c837091daf5fbeb3ee5ce10b132f912b89ea1c6b9ecb8fbee0e4ea4e43b835ae583b67aab430dec741ea03195fed3cc164472d4b571d166ae20e0a309a80ce00b0fb349f7641f41a31993a8bd9ee092aa7ef16c9563e4db6236c9e702710dc95b198f533b1140441a1827aa4bef6a01c689127eb7028d1bb083edc8a08b8d239389d99948f1290623ba908e6e1c606035b70ba7065f8011451151dca715fb920b4d87858f01c5484df0e63656", 0x2000, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)={0x18}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

944.813429ms ago: executing program 1 (id=394):
r0 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x0)
fchdir(r1)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
r3 = inotify_init1(0x80000)
inotify_add_watch(r3, &(0x7f0000000080)='.\x00', 0x2000775)
openat(r2, &(0x7f00000000c0)='.\x00', 0x515401, 0x408)

776.776901ms ago: executing program 4 (id=395):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @local}, 0x47)
setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4)
connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10)
setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000340)=[@window, @mss={0x2, 0x8}, @sack_perm, @window={0x3, 0x8, 0x6}, @timestamp, @timestamp, @mss={0x2, 0x1}, @window={0x3, 0x7, 0xceca}], 0x20d0)
setsockopt$inet_tcp_int(r0, 0x6, 0x18, &(0x7f00000002c0)=0x3, 0x4)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4)
sendto$inet(r0, &(0x7f0000000940)="5cdd2d64882de34031c3bffe9154da701d874fa14d5477cec20dec641ee490682d42da21e4ed6b90594b054d2c236b7795067e00a08c711792ab628ba8e737f822212edb8955da2628bc5f414e589318bb0b8a007cad6c82", 0x58, 0x0, 0x0, 0x0)

737.714209ms ago: executing program 1 (id=396):
getrandom(&(0x7f0000000240)=""/286, 0xffffff9a, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
r0 = userfaultfd(0x80001)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x42, 0x0)
pwrite64(r1, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x748})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1})
ioctl$UFFDIO_COPY(r0, 0xc028aa05, &(0x7f0000000100)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000013000/0x4000)=nil, 0x3000, 0x3})

571.289108ms ago: executing program 2 (id=397):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000380)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10)
r1 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r1, 0xc04064a0, &(0x7f0000000040)={0x0, &(0x7f0000000140)=[<r2=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_SETCRTC(r1, 0xc06864a2, &(0x7f00000002c0)={0x0, 0x0, r2, 0x0, 0x80, 0x5, 0x9, 0x0, {0x9, 0x8000, 0x1c, 0xd, 0x8, 0x401, 0xa929, 0xa, 0x0, 0x52, 0x8000, 0x7e9, 0x401, 0x9aa1, "cb630dab3a0338057401a192419598961f50dc45c87d55a52a28b8f01c0e0e7a"}})
r3 = syz_open_dev$dri(&(0x7f0000000040), 0x1, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r3, 0xc04064a0, &(0x7f0000000180)={0x0, &(0x7f00000000c0)=[<r4=>0x0], 0x0, 0x0, 0x0, 0x1})
ioctl$DRM_IOCTL_MODE_GETCRTC(r3, 0xc06864a1, &(0x7f0000000280)={0x0, 0x0, r4})

455.018287ms ago: executing program 4 (id=398):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
setsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX_OLD(r0, 0x84, 0x6b, &(0x7f00000003c0)=[@in={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}], 0x10)
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f0000000080)=0x3, 0x4)
r1 = socket$netlink(0x10, 0x3, 0x0)
writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000180)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fd17e5ffff0800040000000000000000", 0x39}], 0x1)
setsockopt$inet_sctp_SCTP_AUTO_ASCONF(r0, 0x84, 0x1e, &(0x7f00000000c0), 0x4)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_inet_SIOCSIFDSTADDR(r2, 0x8918, &(0x7f0000000040)={'ipvlan0\x00', {0x2, 0x4e22, @loopback}})

280.775206ms ago: executing program 2 (id=399):
pipe(&(0x7f00000007c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)='w', 0x1}], 0x1, 0x1)
close(r1)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000400)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
setsockopt$sock_int(r3, 0x1, 0x200000010, &(0x7f0000000000)=0x9, 0x4)
sendto$unix(r2, &(0x7f00000004c0)="0434", 0x2, 0xd1, 0x0, 0x0)
recvfrom$unix(r3, 0x0, 0x0, 0x10102, 0x0, 0x0)
splice(r0, 0x0, r1, 0x0, 0xfffd, 0x0)

68.392425ms ago: executing program 0 (id=400):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000001840)={0x1, &(0x7f0000001880)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
sendmmsg$inet(r0, &(0x7f0000001340)=[{{0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000c80)="6321a1780e3fe8d9098f1f28f3c1f1895857b6b4afebba414b5998fa7c73702eb715d85b6a7709a53bf91325a9fbf7387371592c3533a8a34a28e9364405bb05cdeedb9ddfbe45a6933c33e5019991d691e8e8817a584f5392630d34c12a00aac5c546266df9fbb755447a0ff32acb32fc4b9c54b7fa15f82a9848478df5354f7158ece711c634aead9f427b8a3e580b3bd0920814473069f285753c945e0baa9072f76c542acf2986649075a243126f6d736b8bfa9a88672388eaa7902fc6c9a3c1b2781d", 0xc5}], 0x1}}], 0x1, 0x4085)
read$FUSE(r0, &(0x7f0000003000)={0x2020}, 0x2020)
recvfrom$inet(r0, &(0x7f0000000040)=""/62, 0x3e, 0x0, 0x0, 0x0)
sendmmsg$inet(r0, &(0x7f0000002940)=[{{0x0, 0x0, &(0x7f0000001380)=[{&(0x7f00000005c0)="9eba4b1774a8c6222a020a43319ec8c414c7d19ea3d37a0b2525d7c6f0f3c88e3e146629ddb48e65496b99d06dba9fbe2c8e4707aeff4a", 0x37}, {&(0x7f0000000e40)="019345281901feea2796672792078e26c4589969b4da64ee560f46b67297153d4bfde5593e4c4cb75ffba9367d64a1e699520cd41302b64405d178cb200510", 0x3f}, {&(0x7f0000001940)="780e278554b8565472791db423794390b562919e974bb04647802eacc1bbfacd78ae34c70f458612474aae079e6f6fea62b8e1c19e76e133783e5c378b360dba128373010f99befabbcea1753d5ad9", 0x4f}], 0x3}}, {{0x0, 0x0, &(0x7f0000001680)=[{&(0x7f0000001540)="9a", 0x1}], 0x1}}], 0x2, 0x0)

0s ago: executing program 2 (id=401):
rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300))
poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x7)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, &(0x7f0000000040)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x88fd537e5e114b6f, 0x12, r0, 0x0)
ioctl$KVM_X86_SETUP_MCE(r0, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0xa13ca8e5839881af, 0x4})
r1 = socket(0xa, 0x2400000001, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r1)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.122' (ED25519) to the list of known hosts.
[   68.752157][ T5816] cgroup: Unknown subsys name 'net'
[   68.871098][ T5816] cgroup: Unknown subsys name 'cpuset'
[   68.879778][ T5816] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   70.290910][ T5816] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   71.431272][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[   71.437708][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[   74.338991][ T5834] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   74.348310][ T5836] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   74.357035][ T5836] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   74.388474][ T5844] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   74.397019][ T5844] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   74.401551][ T5838] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   74.411956][ T5838] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   74.418355][ T5844] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   74.420289][ T5838] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   74.436646][ T5838] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   74.437621][ T5844] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   74.445738][ T5838] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   74.459520][ T5844] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   74.459926][ T5838] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   74.474694][ T5838] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   74.477061][ T5841] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   74.482142][ T5838] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   74.492266][ T5841] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   74.499676][ T5838] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   74.503734][ T5841] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   74.525054][ T5838] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   74.526861][ T5841] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   74.533765][ T5838] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   74.541455][ T5841] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   74.556851][ T5841] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   75.129550][ T5833] chnl_net:caif_netlink_parms(): no params data found
[   75.198088][ T5827] chnl_net:caif_netlink_parms(): no params data found
[   75.453790][ T5832] chnl_net:caif_netlink_parms(): no params data found
[   75.468989][ T5826] chnl_net:caif_netlink_parms(): no params data found
[   75.485439][ T5833] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.492991][ T5833] bridge0: port 1(bridge_slave_0) entered disabled state
[   75.500854][ T5833] bridge_slave_0: entered allmulticast mode
[   75.508290][ T5833] bridge_slave_0: entered promiscuous mode
[   75.521017][ T5842] chnl_net:caif_netlink_parms(): no params data found
[   75.564093][ T5833] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.571309][ T5833] bridge0: port 2(bridge_slave_1) entered disabled state
[   75.578613][ T5833] bridge_slave_1: entered allmulticast mode
[   75.585627][ T5833] bridge_slave_1: entered promiscuous mode
[   75.684428][ T5833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   75.710190][ T5827] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.717468][ T5827] bridge0: port 1(bridge_slave_0) entered disabled state
[   75.724975][ T5827] bridge_slave_0: entered allmulticast mode
[   75.732373][ T5827] bridge_slave_0: entered promiscuous mode
[   75.752908][ T5833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   75.781251][ T5827] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.788482][ T5827] bridge0: port 2(bridge_slave_1) entered disabled state
[   75.795620][ T5827] bridge_slave_1: entered allmulticast mode
[   75.803471][ T5827] bridge_slave_1: entered promiscuous mode
[   75.874757][ T5832] bridge0: port 1(bridge_slave_0) entered blocking state
[   75.882506][ T5832] bridge0: port 1(bridge_slave_0) entered disabled state
[   75.890215][ T5832] bridge_slave_0: entered allmulticast mode
[   75.897189][ T5832] bridge_slave_0: entered promiscuous mode
[   75.922913][ T5833] team0: Port device team_slave_0 added
[   75.941226][ T5832] bridge0: port 2(bridge_slave_1) entered blocking state
[   75.948777][ T5832] bridge0: port 2(bridge_slave_1) entered disabled state
[   75.955937][ T5832] bridge_slave_1: entered allmulticast mode
[   75.963433][ T5832] bridge_slave_1: entered promiscuous mode
[   75.973592][ T5827] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   75.996849][ T5833] team0: Port device team_slave_1 added
[   76.031404][ T5827] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   76.068903][ T5826] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.076105][ T5826] bridge0: port 1(bridge_slave_0) entered disabled state
[   76.083429][ T5826] bridge_slave_0: entered allmulticast mode
[   76.091096][ T5826] bridge_slave_0: entered promiscuous mode
[   76.123159][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state
[   76.130560][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state
[   76.137838][ T5842] bridge_slave_0: entered allmulticast mode
[   76.144886][ T5842] bridge_slave_0: entered promiscuous mode
[   76.165418][ T5826] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.172991][ T5826] bridge0: port 2(bridge_slave_1) entered disabled state
[   76.180748][ T5826] bridge_slave_1: entered allmulticast mode
[   76.188059][ T5826] bridge_slave_1: entered promiscuous mode
[   76.197652][ T5832] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   76.216943][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state
[   76.224326][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state
[   76.231643][ T5842] bridge_slave_1: entered allmulticast mode
[   76.238769][ T5842] bridge_slave_1: entered promiscuous mode
[   76.246616][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_0
[   76.254034][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   76.280299][ T5833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   76.293635][ T5833] batman_adv: batadv0: Adding interface: batadv_slave_1
[   76.300839][ T5833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   76.326842][ T5833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   76.352341][ T5832] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   76.378865][ T5827] team0: Port device team_slave_0 added
[   76.431894][ T5827] team0: Port device team_slave_1 added
[   76.454695][ T5826] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   76.465971][ T5832] team0: Port device team_slave_0 added
[   76.487206][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   76.514445][ T5826] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   76.525652][ T5832] team0: Port device team_slave_1 added
[   76.545784][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   76.548397][ T5841] Bluetooth: hci0: command tx timeout
[   76.556012][ T5836] Bluetooth: hci1: command tx timeout
[   76.600304][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_0
[   76.607271][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   76.633608][ T5836] Bluetooth: hci3: command tx timeout
[   76.633632][ T5834] Bluetooth: hci2: command tx timeout
[   76.633975][ T5841] Bluetooth: hci4: command tx timeout
[   76.640074][ T5827] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   76.678533][ T5833] hsr_slave_0: entered promiscuous mode
[   76.685022][ T5833] hsr_slave_1: entered promiscuous mode
[   76.715784][ T5827] batman_adv: batadv0: Adding interface: batadv_slave_1
[   76.722958][ T5827] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   76.748901][ T5827] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   76.775032][ T5842] team0: Port device team_slave_0 added
[   76.782856][ T5826] team0: Port device team_slave_0 added
[   76.789797][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_0
[   76.796753][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   76.822823][ T5832] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   76.858264][ T5842] team0: Port device team_slave_1 added
[   76.872449][ T5826] team0: Port device team_slave_1 added
[   76.879533][ T5832] batman_adv: batadv0: Adding interface: batadv_slave_1
[   76.886548][ T5832] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   76.912935][ T5832] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   77.004938][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_0
[   77.012408][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   77.038361][ T5826] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   77.061511][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0
[   77.068861][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   77.095559][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   77.121260][ T5826] batman_adv: batadv0: Adding interface: batadv_slave_1
[   77.128319][ T5826] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   77.154989][ T5826] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   77.170321][ T5827] hsr_slave_0: entered promiscuous mode
[   77.176769][ T5827] hsr_slave_1: entered promiscuous mode
[   77.183163][ T5827] debugfs: 'hsr0' already exists in 'hsr'
[   77.189135][ T5827] Cannot create hsr debugfs directory
[   77.196272][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1
[   77.203298][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[   77.229274][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   77.345187][ T5832] hsr_slave_0: entered promiscuous mode
[   77.352301][ T5832] hsr_slave_1: entered promiscuous mode
[   77.358807][ T5832] debugfs: 'hsr0' already exists in 'hsr'
[   77.364539][ T5832] Cannot create hsr debugfs directory
[   77.382530][ T5826] hsr_slave_0: entered promiscuous mode
[   77.389524][ T5826] hsr_slave_1: entered promiscuous mode
[   77.395623][ T5826] debugfs: 'hsr0' already exists in 'hsr'
[   77.402205][ T5826] Cannot create hsr debugfs directory
[   77.478665][ T5842] hsr_slave_0: entered promiscuous mode
[   77.485019][ T5842] hsr_slave_1: entered promiscuous mode
[   77.491402][ T5842] debugfs: 'hsr0' already exists in 'hsr'
[   77.497138][ T5842] Cannot create hsr debugfs directory
[   77.920837][ T5833] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   77.933581][ T5833] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   77.959143][ T5833] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   77.980059][ T5833] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   78.049761][ T5827] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   78.063483][ T5827] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   78.074556][ T5827] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   78.098773][ T5827] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   78.183424][ T5842] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   78.193914][ T5842] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   78.206288][ T5842] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   78.233869][ T5842] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   78.332944][ T5832] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   78.344687][ T5832] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   78.355204][ T5832] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   78.365194][ T5832] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   78.462654][ T5826] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   78.474890][ T5826] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   78.505516][ T5833] 8021q: adding VLAN 0 to HW filter on device bond0
[   78.513603][ T5826] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   78.524297][ T5826] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   78.569333][ T5827] 8021q: adding VLAN 0 to HW filter on device bond0
[   78.611210][ T5833] 8021q: adding VLAN 0 to HW filter on device team0
[   78.629567][ T5841] Bluetooth: hci1: command tx timeout
[   78.629578][ T5836] Bluetooth: hci0: command tx timeout
[   78.661626][   T36] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.668855][   T36] bridge0: port 1(bridge_slave_0) entered forwarding state
[   78.681673][   T36] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.688830][   T36] bridge0: port 2(bridge_slave_1) entered forwarding state
[   78.708199][ T5841] Bluetooth: hci4: command tx timeout
[   78.708218][ T5836] Bluetooth: hci3: command tx timeout
[   78.708583][ T5834] Bluetooth: hci2: command tx timeout
[   78.715810][ T5827] 8021q: adding VLAN 0 to HW filter on device team0
[   78.790758][   T13] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.797971][   T13] bridge0: port 1(bridge_slave_0) entered forwarding state
[   78.843651][   T13] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.850965][   T13] bridge0: port 2(bridge_slave_1) entered forwarding state
[   78.887208][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0
[   78.970321][ T5832] 8021q: adding VLAN 0 to HW filter on device bond0
[   78.996680][ T5842] 8021q: adding VLAN 0 to HW filter on device team0
[   79.063020][ T5826] 8021q: adding VLAN 0 to HW filter on device bond0
[   79.072985][ T5832] 8021q: adding VLAN 0 to HW filter on device team0
[   79.086147][ T4152] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.093322][ T4152] bridge0: port 1(bridge_slave_0) entered forwarding state
[   79.133618][ T4929] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.140839][ T4929] bridge0: port 2(bridge_slave_1) entered forwarding state
[   79.151938][ T4929] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.159079][ T4929] bridge0: port 1(bridge_slave_0) entered forwarding state
[   79.192955][ T4929] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.200201][ T4929] bridge0: port 2(bridge_slave_1) entered forwarding state
[   79.232373][ T5826] 8021q: adding VLAN 0 to HW filter on device team0
[   79.265621][ T4929] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.272856][ T4929] bridge0: port 1(bridge_slave_0) entered forwarding state
[   79.286645][ T5833] 8021q: adding VLAN 0 to HW filter on device batadv0
[   79.343110][ T4929] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.350350][ T4929] bridge0: port 2(bridge_slave_1) entered forwarding state
[   79.574336][ T5827] 8021q: adding VLAN 0 to HW filter on device batadv0
[   79.820037][ T5827] veth0_vlan: entered promiscuous mode
[   79.872822][ T5827] veth1_vlan: entered promiscuous mode
[   79.919471][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0
[   79.980999][ T5833] veth0_vlan: entered promiscuous mode
[   80.028664][ T5833] veth1_vlan: entered promiscuous mode
[   80.060243][ T5832] 8021q: adding VLAN 0 to HW filter on device batadv0
[   80.087207][ T5827] veth0_macvtap: entered promiscuous mode
[   80.110835][ T5827] veth1_macvtap: entered promiscuous mode
[   80.166007][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_0
[   80.188711][ T5833] veth0_macvtap: entered promiscuous mode
[   80.198781][ T5826] 8021q: adding VLAN 0 to HW filter on device batadv0
[   80.205881][ T5842] veth0_vlan: entered promiscuous mode
[   80.219429][ T5833] veth1_macvtap: entered promiscuous mode
[   80.242870][ T5827] batman_adv: batadv0: Interface activated: batadv_slave_1
[   80.266003][ T5842] veth1_vlan: entered promiscuous mode
[   80.285101][ T5832] veth0_vlan: entered promiscuous mode
[   80.315911][   T36] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   80.325854][   T36] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   80.356353][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0
[   80.369955][   T36] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   80.379979][   T36] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   80.400490][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1
[   80.417813][ T5832] veth1_vlan: entered promiscuous mode
[   80.441730][ T5842] veth0_macvtap: entered promiscuous mode
[   80.470613][ T4929] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   80.481636][ T4929] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   80.508391][ T4929] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   80.517225][ T4929] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   80.532890][ T5842] veth1_macvtap: entered promiscuous mode
[   80.584752][   T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   80.599018][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0
[   80.606300][   T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   80.642013][ T5826] veth0_vlan: entered promiscuous mode
[   80.655200][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1
[   80.682034][ T5832] veth0_macvtap: entered promiscuous mode
[   80.708164][ T5841] Bluetooth: hci0: command tx timeout
[   80.708252][ T5834] Bluetooth: hci1: command tx timeout
[   80.722865][   T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   80.726595][ T5832] veth1_macvtap: entered promiscuous mode
[   80.745764][   T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   80.747073][ T5826] veth1_vlan: entered promiscuous mode
[   80.762237][   T13] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   80.771712][   T13] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   80.788347][ T5834] Bluetooth: hci4: command tx timeout
[   80.788375][ T5836] Bluetooth: hci2: command tx timeout
[   80.800589][ T5841] Bluetooth: hci3: command tx timeout
[   80.804124][   T49] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   80.847014][   T49] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   80.901567][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0
[   80.916547][ T5827] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   80.997379][ T5826] veth0_macvtap: entered promiscuous mode
[   81.022571][ T3484] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   81.034539][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1
[   81.045593][ T3484] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   81.060719][ T5826] veth1_macvtap: entered promiscuous mode
[   81.142432][ T4929] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   81.180353][ T4929] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   81.195713][ T4929] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   81.210467][ T4929] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   81.210847][   T61] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   81.219603][ T4929] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   81.244416][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_0
[   81.335921][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   81.360626][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   81.395936][ T5826] batman_adv: batadv0: Interface activated: batadv_slave_1
[   81.456825][ T3484] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   81.473690][   T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   81.490934][ T3484] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   81.500148][   T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   81.524021][ T3484] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   81.562110][ T3484] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   81.707099][ T4929] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   81.735813][ T4929] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   81.755378][ T5955] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   81.906122][ T4929] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   81.921592][ T4929] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   82.006061][   T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   82.045514][   T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   82.159717][   T61] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   82.180644][   T61] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   82.603852][ T5973] netlink: 'syz.0.11': attribute type 13 has an invalid length.
[   82.790103][ T5841] Bluetooth: hci1: command tx timeout
[   82.795757][ T5836] Bluetooth: hci0: command tx timeout
[   82.867840][ T5841] Bluetooth: hci3: command tx timeout
[   82.873750][ T5836] Bluetooth: hci2: command tx timeout
[   82.880146][ T5836] Bluetooth: hci4: command tx timeout
[   82.996684][ T5973] bridge0: port 2(bridge_slave_1) entered disabled state
[   83.005058][ T5973] bridge0: port 1(bridge_slave_0) entered disabled state
[   83.148708][ T5974] loop2: detected capacity change from 0 to 32768
[   83.166360][ T5974] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.10 (5974)
[   83.259573][ T5974] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   83.287004][ T5974] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm
[   83.474704][ T5973] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   83.489707][ T5974] BTRFS info (device loop2): allowing degraded mounts
[   83.535652][ T5974] BTRFS info (device loop2): enabling ssd optimizations
[   83.569705][ T5974] BTRFS info (device loop2): turning on async discard
[   83.576525][ T5974] BTRFS info (device loop2): enabling free space tree
[   83.600933][ T5973] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   83.607695][ T5974] BTRFS info (device loop2): force zlib compression, level 3
[   84.255310][ T5827] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   84.430312][ T4152] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[   84.448078][ T4152] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[   84.509616][ T4152] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[   84.527215][ T4152] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[   84.570514][ T6015] capability: warning: `syz.0.18' uses deprecated v2 capabilities in a way that may be insecure
[   84.596428][ T6013] bridge_slave_0: left allmulticast mode
[   84.621647][ T6013] bridge_slave_0: left promiscuous mode
[   84.638609][ T6017] netlink: 'syz.2.16': attribute type 10 has an invalid length.
[   84.656330][ T6017] netlink: 2 bytes leftover after parsing attributes in process `syz.2.16'.
[   84.682807][ T6013] bridge0: port 1(bridge_slave_0) entered disabled state
[   84.776334][ T6013] bridge_slave_1: left allmulticast mode
[   84.807780][ T6013] bridge_slave_1: left promiscuous mode
[   84.824581][ T6013] bridge0: port 2(bridge_slave_1) entered disabled state
[   84.865533][ T6013] bond0: (slave bond_slave_0): Releasing backup interface
[   84.921208][ T6013] bond0: (slave bond_slave_1): Releasing backup interface
[   85.019573][ T6013] team0: Port device team_slave_0 removed
[   85.068215][ T6013] team0: Port device team_slave_1 removed
[   85.074972][ T6013] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   85.127693][ T6013] batman_adv: batadv0: Removing interface: batadv_slave_0
[   85.143580][ T6013] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   85.168777][ T6013] batman_adv: batadv0: Removing interface: batadv_slave_1
[   85.210415][ T6013] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check.
[   85.272887][ T6017] team0: entered promiscuous mode
[   85.288675][ T6017] bridge0: port 1(team0) entered blocking state
[   85.309365][ T6017] bridge0: port 1(team0) entered disabled state
[   85.337689][ T6017] team0: entered allmulticast mode
[   85.346462][ T6017] bridge0: port 1(team0) entered blocking state
[   85.352973][ T6017] bridge0: port 1(team0) entered forwarding state
[   85.425575][   T61] bridge0: port 1(team0) entered disabled state
[   85.593035][ T6043] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   85.942639][ T6043] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   86.160969][ T6043] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   86.378324][ T6043] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   86.548031][    T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!!
[   86.724887][ T6067] loop4: detected capacity change from 0 to 64
[   86.798242][   T36] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0
[   86.809775][   T36] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0
[   86.820786][    T9] cfg80211: failed to load regulatory.db
[   86.907700][   T36] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0
[   87.092919][ T4929] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0
[   87.284309][ T6062] loop1: detected capacity change from 0 to 40427
[   87.368530][ T6062] F2FS-fs (loop1): build fault injection rate: 19
[   87.375190][ T6062] F2FS-fs (loop1): build fault injection type: 0x3bfe8c
[   87.488436][ T6062] F2FS-fs (loop1): invalid crc value
[   87.589345][ T6062] F2FS-fs (loop1): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970
[   87.881544][ T6062] F2FS-fs (loop1): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x20a/0x3f0
[   87.941802][ T6062] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   88.061456][ T6062] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   88.156450][ T6062] F2FS-fs (loop1): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[   88.351086][ T5826] syz-executor: attempt to access beyond end of device
[   88.351086][ T5826] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   88.415243][ T5826] CPU: 0 UID: 0 PID: 5826 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[   88.415272][ T5826] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[   88.415291][ T5826] Call Trace:
[   88.415299][ T5826]  <TASK>
[   88.415308][ T5826]  dump_stack_lvl+0x189/0x250
[   88.415344][ T5826]  ? __pfx_dump_stack_lvl+0x10/0x10
[   88.415372][ T5826]  ? __pfx_queue_work_on+0x10/0x10
[   88.415394][ T5826]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[   88.415416][ T5826]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[   88.415449][ T5826]  f2fs_handle_critical_error+0x37c/0x540
[   88.415484][ T5826]  f2fs_write_end_io+0x886/0xb60
[   88.415521][ T5826]  __submit_merged_bio+0x27a/0x6a0
[   88.415554][ T5826]  __submit_merged_write_cond+0x255/0x530
[   88.415587][ T5826]  f2fs_write_data_pages+0x261d/0x3000
[   88.415651][ T5826]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   88.415752][ T5826]  ? __lock_acquire+0xab9/0xd20
[   88.415790][ T5826]  ? do_raw_spin_lock+0x121/0x290
[   88.415830][ T5826]  ? do_raw_spin_unlock+0x122/0x240
[   88.415858][ T5826]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[   88.415887][ T5826]  do_writepages+0x32e/0x550
[   88.415927][ T5826]  ? do_raw_spin_unlock+0x122/0x240
[   88.415960][ T5826]  filemap_fdatawrite+0x199/0x240
[   88.415989][ T5826]  ? __pfx_filemap_fdatawrite+0x10/0x10
[   88.416066][ T5826]  ? do_raw_spin_unlock+0x122/0x240
[   88.416099][ T5826]  f2fs_sync_dirty_inodes+0x31f/0x830
[   88.416134][ T5826]  f2fs_write_checkpoint+0x93e/0x2440
[   88.416156][ T5826]  ? __lock_acquire+0xab9/0xd20
[   88.416205][ T5826]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[   88.416282][ T5826]  kill_f2fs_super+0x2cc/0x6d0
[   88.416308][ T5826]  ? __pfx_kill_f2fs_super+0x10/0x10
[   88.416345][ T5826]  ? shrinker_free+0x2ce/0x3e0
[   88.416373][ T5826]  deactivate_locked_super+0xbc/0x130
[   88.416398][ T5826]  cleanup_mnt+0x425/0x4c0
[   88.416419][ T5826]  ? lockdep_hardirqs_on+0x9c/0x150
[   88.416444][ T5826]  task_work_run+0x1d4/0x260
[   88.416466][ T5826]  ? __pfx_task_work_run+0x10/0x10
[   88.416506][ T5826]  ? __x64_sys_umount+0x122/0x160
[   88.416534][ T5826]  ? exit_to_user_mode_loop+0x40/0x130
[   88.416560][ T5826]  exit_to_user_mode_loop+0xe9/0x130
[   88.416581][ T5826]  do_syscall_64+0x2bd/0xfa0
[   88.416603][ T5826]  ? lockdep_hardirqs_on+0x9c/0x150
[   88.416624][ T5826]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.416643][ T5826]  ? clear_bhb_loop+0x60/0xb0
[   88.416667][ T5826]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   88.416686][ T5826] RIP: 0033:0x7f517fd902f7
[   88.416708][ T5826] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[   88.416724][ T5826] RSP: 002b:00007ffdafd27218 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[   88.416745][ T5826] RAX: 0000000000000000 RBX: 00007f517fe11d7d RCX: 00007f517fd902f7
[   88.416758][ T5826] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffdafd272d0
[   88.416770][ T5826] RBP: 00007ffdafd272d0 R08: 0000000000000000 R09: 0000000000000000
[   88.416788][ T5826] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffdafd28360
[   88.416801][ T5826] R13: 00007f517fe11d7d R14: 0000000000015889 R15: 00007ffdafd283a0
[   88.416834][ T5826]  </TASK>
[   88.743124][ T5826] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[   88.753572][ T6082] loop0: detected capacity change from 0 to 131072
[   88.905220][ T6082] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[   88.923507][ T6082] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[   89.073563][ T6082] F2FS-fs (loop0): recover xattr in inode (7), error(0)
[   89.080976][ T6082] F2FS-fs (loop0): set inode (7) has corrupted xattr
[   89.599571][ T6100] netlink: 'syz.3.45': attribute type 13 has an invalid length.
[   89.883433][ T6100] bridge0: port 2(bridge_slave_1) entered disabled state
[   89.891247][ T6100] bridge0: port 1(bridge_slave_0) entered disabled state
[   89.900914][ T6105] loop1: detected capacity change from 0 to 2048
[   89.977211][ T5840] Alternate GPT is invalid, using primary GPT.
[   89.994531][ T5840]  loop1: p2 p3 p7
[   90.081969][ T6110] loop2: detected capacity change from 0 to 7
[   90.106092][ T6105] Alternate GPT is invalid, using primary GPT.
[   90.124968][ T5831]  loop2:
[   90.132335][ T5831] loop2: partition table partially beyond EOD, truncated
[   90.139846][ T6105]  loop1: p2 p3 p7
[   90.150295][ T6100] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[   90.161224][ T6110]  loop2:
[   90.164294][ T6110] loop2: partition table partially beyond EOD, truncated
[   90.167823][ T6100] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[   90.333227][ T5886] usb 3-1: new full-speed USB device number 2 using dummy_hcd
[   90.524572][ T5886] usb 3-1: New USB device found, idVendor=056e, idProduct=4010, bcdDevice=20.1c
[   90.562500][ T5831] udevd[5831]: inotify_add_watch(7, /dev/loop1p3, 10) failed: No such file or directory
[   90.586253][ T6115] udevd[6115]: inotify_add_watch(7, /dev/loop1p2, 10) failed: No such file or directory
[   90.596307][ T5886] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   90.613203][ T5886] usb 3-1: config 0 descriptor??
[   90.623123][ T5839] udevd[5839]: inotify_add_watch(7, /dev/loop1p7, 10) failed: No such file or directory
[   90.753176][   T49] netdevsim netdevsim3 eth0: unset [1, 0] type 2 family 0 port 6081 - 0
[   90.795105][   T49] netdevsim netdevsim3 eth1: unset [1, 0] type 2 family 0 port 6081 - 0
[   90.836659][   T49] netdevsim netdevsim3 eth2: unset [1, 0] type 2 family 0 port 6081 - 0
[   90.855765][   T49] netdevsim netdevsim3 eth3: unset [1, 0] type 2 family 0 port 6081 - 0
[   91.008744][   T30] audit: type=1326 audit(1761107161.666:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6125 comm="syz.3.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48b7b8efc9 code=0x7ffc0000
[   91.061815][   T30] audit: type=1326 audit(1761107161.666:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6125 comm="syz.3.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48b7b8efc9 code=0x7ffc0000
[   91.086142][   T30] audit: type=1326 audit(1761107161.706:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6125 comm="syz.3.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f48b7b8efc9 code=0x7ffc0000
[   91.147659][   T30] audit: type=1326 audit(1761107161.706:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6125 comm="syz.3.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48b7b8efc9 code=0x7ffc0000
[   91.222940][   T30] audit: type=1326 audit(1761107161.706:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6125 comm="syz.3.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f48b7b8efc9 code=0x7ffc0000
[   91.260179][   T30] audit: type=1326 audit(1761107161.706:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6125 comm="syz.3.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48b7b8efc9 code=0x7ffc0000
[   91.284442][   T30] audit: type=1326 audit(1761107161.706:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6125 comm="syz.3.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f48b7b8efc9 code=0x7ffc0000
[   91.307593][   T30] audit: type=1326 audit(1761107161.706:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6125 comm="syz.3.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48b7b8efc9 code=0x7ffc0000
[   91.332296][   T30] audit: type=1326 audit(1761107161.706:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6125 comm="syz.3.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f48b7b8efc9 code=0x7ffc0000
[   91.419805][   T30] audit: type=1326 audit(1761107161.706:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6125 comm="syz.3.56" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f48b7b8efc9 code=0x7ffc0000
[   91.895768][ T6150] overlayfs: failed to decode file handle (len=6, type=251, flags=0, err=-22)
[   92.061709][ T6152] loop3: detected capacity change from 0 to 4096
[   92.254014][ T6159] syz.1.67 uses obsolete (PF_INET,SOCK_PACKET)
[   92.344084][ T5886] pegasus 3-1:0.0: setup Pegasus II specific registers
[   92.476505][ T5886] pegasus 3-1:0.0: can't locate MII phy, using default
[   92.572702][ T5886] pegasus 3-1:0.0: eth1, ELECOM USB Ethernet LD-USB20, 9e:68:99:1f:9b:a7
[   92.627288][ T5886] usb 3-1: USB disconnect, device number 2
[   93.105845][ T6188] =======================================================
[   93.105845][ T6188] WARNING: The mand mount option has been deprecated and
[   93.105845][ T6188]          and is ignored by this kernel. Remove the mand
[   93.105845][ T6188]          option from the mount to silence this warning.
[   93.105845][ T6188] =======================================================
[   93.199452][ T6189] overlayfs: overlapping lowerdir path
[   93.345857][ T6194] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[   93.500020][ T5885] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   93.708347][ T5885] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   93.730984][ T5885] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   93.772299][ T5885] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[   93.806171][ T5885] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[   93.858156][ T5885] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   93.894774][ T5885] usb 1-1: config 0 descriptor??
[   94.431888][ T5885] plantronics 0003:047F:FFFF.0001: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[   95.263385][ T6261] loop3: detected capacity change from 0 to 512
[   95.360508][ T6261] EXT4-fs (loop3): couldn't mount as ext3 due to feature incompatibilities
[   95.640448][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   95.650611][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   95.667513][    T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!!
[   96.602265][ T5907] usb 1-1: USB disconnect, device number 2
[   96.900725][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   96.941230][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   96.972919][    T0] NOHZ tick-stop error: local softirq work is pending, handler #240!!!
[   96.982365][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   96.991215][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   97.007771][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[   97.269174][ T6298] loop2: detected capacity change from 0 to 128
[   97.626054][ T6287] loop0: detected capacity change from 0 to 32768
[   97.752805][ T6301] process 'syz.4.109' launched '/dev/fd/6' with NULL argv: empty string added
[   97.846544][ T6287] JBD2: Ignoring recovery information on journal
[   98.006693][ T6287] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[   98.142398][ T6296] loop1: detected capacity change from 0 to 32768
[   98.170544][ T6295] loop3: detected capacity change from 0 to 32768
[   98.181045][ T5199] udevd[5199]: worker [6115] terminated by signal 33 (Unknown signal 33)
[   98.214880][ T5199] udevd[5199]: worker [6115] failed while handling '/devices/virtual/block/loop0'
[   98.259190][ T6296] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   98.283060][ T6295] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.106 (6295)
[   98.303562][ T5199] udevd[5199]: worker [5839] terminated by signal 33 (Unknown signal 33)
[   98.334653][ T5199] udevd[5199]: worker [5839] failed while handling '/devices/virtual/block/loop3'
[   98.510690][ T5832] ocfs2: Unmounting device (7,0) on (node local)
[   98.558013][ T6295] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[   98.647500][ T6295] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[   98.677558][ T6296] XFS (loop1): Ending clean mount
[   98.749427][ T6296] XFS (loop1): Quotacheck needed: Please wait.
[   98.870693][ T6296] XFS (loop1): Quotacheck: Done.
[   99.158476][ T5826] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   99.196729][ T6343] loop4: detected capacity change from 0 to 256
[   99.225642][ T6295] BTRFS info (device loop3): enabling ssd optimizations
[   99.255810][ T6295] BTRFS info (device loop3): turning on async discard
[   99.310423][ T6295] BTRFS info (device loop3): enabling free space tree
[   99.383407][ T6343] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xbc8dc3cd, utbl_chksum : 0xe619d30d)
[   99.457448][   T58] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   99.617443][   T58] usb 1-1: Using ep0 maxpacket: 8
[   99.631371][   T58] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[   99.659989][   T58] usb 1-1: config 0 has no interface number 0
[   99.677503][   T58] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   99.697525][   T58] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[   99.719793][   T58] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   99.755910][ T6323] loop2: detected capacity change from 0 to 32768
[   99.766986][   T58] usb 1-1: config 0 descriptor??
[   99.817772][   T58] iowarrior 1-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[   99.878185][ T6323] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[   99.975945][ T5842] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  100.035208][    T9] usb 1-1: USB disconnect, device number 3
[  100.346568][ T5827] ocfs2: Unmounting device (7,2) on (node local)
[  100.714828][ T6363] netlink: 168 bytes leftover after parsing attributes in process `syz.0.124'.
[  100.763745][ T6369] Bluetooth: MGMT ver 1.23
[  101.148733][ T6379] netlink: 'syz.0.129': attribute type 27 has an invalid length.
[  101.402448][ T6382] netlink: 8 bytes leftover after parsing attributes in process `syz.0.130'.
[  101.620193][ T6374] loop2: detected capacity change from 0 to 32768
[  101.643945][ T6374] BTRFS warning: excessive commit interval 2147483648, use with care
[  101.666343][ T6374] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.126 (6374)
[  101.736344][ T6374] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  101.782093][ T6374] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm
[  101.785916][ T6388] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  101.923617][ T4152] BTRFS warning (device loop2): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  101.974758][ T6374] BTRFS error (device loop2): failed to load root extent
[  101.983233][ T6374] BTRFS warning (device loop2): try to load backup roots slot 1
[  101.995980][   T13] BTRFS warning (device loop2): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  102.074499][ T6374] BTRFS warning (device loop2): couldn't read tree root
[  102.097541][ T6374] BTRFS warning (device loop2): try to load backup roots slot 2
[  102.141499][   T49] BTRFS error (device loop2): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  102.164904][ T5841] Bluetooth: hci0: SCO packet for unknown connection handle 0
[  102.187615][ T6374] BTRFS warning (device loop2): couldn't read tree root
[  102.247534][ T6374] BTRFS warning (device loop2): try to load backup roots slot 3
[  102.351271][ T6374] BTRFS info (device loop2): checking UUID tree
[  102.371137][ T6374] BTRFS info (device loop2): setting nodatasum
[  102.390702][ T6374] BTRFS info (device loop2): setting nodatacow
[  102.410799][ T6374] BTRFS info (device loop2): enabling ssd optimizations
[  102.447582][ T6374] BTRFS info (device loop2): turning on flush-on-commit
[  102.480813][ T6384] loop4: detected capacity change from 0 to 32768
[  102.487644][ T6374] BTRFS info (device loop2): turning on async discard
[  102.498640][ T6374] BTRFS info (device loop2): enabling free space tree
[  102.541453][ T6374] BTRFS info (device loop2): enabling auto defrag
[  102.552335][ T6374] BTRFS info (device loop2): trying to use backup root at mount time
[  102.834102][ T5827] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  102.934173][ T6404] loop0: detected capacity change from 0 to 32768
[  103.043934][ T6423] netlink: 8 bytes leftover after parsing attributes in process `syz.1.138'.
[  103.090920][ T6404] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode.
[  103.151048][ T6423] netlink: 8 bytes leftover after parsing attributes in process `syz.1.138'.
[  103.531314][ T5832] ocfs2: Unmounting device (7,0) on (node local)
[  103.843415][   T13] Bluetooth: hci5: Frame reassembly failed (-84)
[  103.867934][ T6433] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  104.277732][    T9] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[  104.317889][ T5886] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  104.447563][    T9] usb 4-1: Using ep0 maxpacket: 32
[  104.460560][    T9] usb 4-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb
[  104.470170][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  104.479738][ T5886] usb 1-1: Using ep0 maxpacket: 32
[  104.487193][    T9] usb 4-1: Product: syz
[  104.492995][    T9] usb 4-1: Manufacturer: syz
[  104.498357][ T5886] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  104.519570][ T5886] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  104.530085][    T9] usb 4-1: SerialNumber: syz
[  104.539484][ T5886] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  104.552364][    T9] usb 4-1: config 0 descriptor??
[  104.562425][    T9] gspca_main: ov534_9-2.14.0 probing 05a9:1550
[  104.574491][ T5886] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  104.595676][ T5886] usb 1-1: config 0 descriptor??
[  104.606417][ T5886] hub 1-1:0.0: USB hub found
[  104.764623][    T9] gspca_ov534_9: reg_w failed -71
[  104.808605][ T5886] hub 1-1:0.0: 1 port detected
[  105.177558][    T9] gspca_ov534_9: Unknown sensor 0000
[  105.177681][    T9] ov534_9 4-1:0.0: probe with driver ov534_9 failed with error -22
[  105.207773][    T9] usb 4-1: USB disconnect, device number 2
[  105.417254][ T5886] hub 1-1:0.0: activate --> -90
[  105.932761][ T5841] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  105.940686][ T5836] Bluetooth: hci5: command 0x1003 tx timeout
[  106.443898][ T5886] usb 1-1-port1: cannot reset (err = -71)
[  106.445385][ T5907] usb 1-1: USB disconnect, device number 4
[  106.488339][ T5886] usb 1-1-port1: Cannot enable. Maybe the USB cable is bad?
[  106.544364][ T5886] usb 1-1-port1: attempt power cycle
[  107.216699][ T6491] loop3: detected capacity change from 0 to 128
[  107.396643][ T6491] syz.3.163: attempt to access beyond end of device
[  107.396643][ T6491] loop3: rw=2049, sector=153, nr_sectors = 8 limit=128
[  107.456431][ T6498] loop4: detected capacity change from 0 to 64
[  107.533580][ T6491] syz.3.163: attempt to access beyond end of device
[  107.533580][ T6491] loop3: rw=2049, sector=169, nr_sectors = 8 limit=128
[  107.776316][ T6502] netlink: 4 bytes leftover after parsing attributes in process `syz.4.167'.
[  107.794759][ T6502] netlink: 12 bytes leftover after parsing attributes in process `syz.4.167'.
[  107.814846][ T6491] syz.3.163: attempt to access beyond end of device
[  107.814846][ T6491] loop3: rw=2049, sector=185, nr_sectors = 8 limit=128
[  107.834373][ T6491] syz.3.163: attempt to access beyond end of device
[  107.834373][ T6491] loop3: rw=2049, sector=201, nr_sectors = 8 limit=128
[  107.849707][ T6491] syz.3.163: attempt to access beyond end of device
[  107.849707][ T6491] loop3: rw=2049, sector=217, nr_sectors = 8 limit=128
[  107.887669][ T6491] syz.3.163: attempt to access beyond end of device
[  107.887669][ T6491] loop3: rw=2049, sector=233, nr_sectors = 8 limit=128
[  107.928256][ T6491] syz.3.163: attempt to access beyond end of device
[  107.928256][ T6491] loop3: rw=2049, sector=249, nr_sectors = 8 limit=128
[  107.960150][ T6491] syz.3.163: attempt to access beyond end of device
[  107.960150][ T6491] loop3: rw=2049, sector=265, nr_sectors = 8 limit=128
[  108.004433][ T6491] syz.3.163: attempt to access beyond end of device
[  108.004433][ T6491] loop3: rw=2049, sector=281, nr_sectors = 8 limit=128
[  108.092075][ T6491] syz.3.163: attempt to access beyond end of device
[  108.092075][ T6491] loop3: rw=2049, sector=297, nr_sectors = 8 limit=128
[  108.413442][   T36] Buffer I/O error on dev loop3, logical block 321, lost async page write
[  108.440280][   T36] Buffer I/O error on dev loop3, logical block 322, lost async page write
[  108.468157][   T36] Buffer I/O error on dev loop3, logical block 323, lost async page write
[  108.501162][   T36] Buffer I/O error on dev loop3, logical block 324, lost async page write
[  108.517461][   T36] Buffer I/O error on dev loop3, logical block 325, lost async page write
[  108.531266][   T36] Buffer I/O error on dev loop3, logical block 326, lost async page write
[  108.557066][   T36] Buffer I/O error on dev loop3, logical block 327, lost async page write
[  109.417504][    T9] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  109.659256][    T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  109.700664][    T9] usb 1-1: config 0 has no interfaces?
[  109.735087][    T9] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  109.751394][    T9] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  109.787414][    T9] usb 1-1: Product: syz
[  109.791732][    T9] usb 1-1: Manufacturer: syz
[  109.797163][    T9] usb 1-1: SerialNumber: syz
[  109.813519][    T9] usb 1-1: config 0 descriptor??
[  110.056704][ T6536] input: syz0 as /devices/virtual/input/input6
[  110.614025][ T6555] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  110.624041][ T6555] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  110.634882][ T6555] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  110.644559][ T6555] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  110.654759][ T6555] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  110.664409][ T6555] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  110.674464][ T6555] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=256, location=256
[  110.684098][ T6555] UDF-fs: error (device nbd2): udf_read_tagged: read failed, block=512, location=512
[  110.694504][ T6555] UDF-fs: warning (device nbd2): udf_fill_super: No partition found (1)
[  110.726165][   T58] usb 1-1: USB disconnect, device number 9
[  110.956857][ T6557] netlink: 4 bytes leftover after parsing attributes in process `syz.1.185'.
[  112.206131][ T6570] TCP: tcp_parse_options: Illegal window scaling value 255 > 14 received
[  112.892168][ T6573] loop2: detected capacity change from 0 to 32768
[  112.920159][ T6573] BTRFS: device fsid e0cb6322-611b-4325-acdf-015f79de3787 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.189 (6573)
[  112.977934][ T6573] BTRFS info (device loop2): first mount of filesystem e0cb6322-611b-4325-acdf-015f79de3787
[  113.007709][ T6573] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[  113.178011][ T6573] BTRFS info (device loop2): turning off barriers
[  113.184517][ T6573] BTRFS info (device loop2): enabling free space tree
[  113.570697][ T5827] BTRFS info (device loop2): last unmount of filesystem e0cb6322-611b-4325-acdf-015f79de3787
[  113.879503][ T6609] loop2: detected capacity change from 32768 to 64
[  113.922004][ T6583] loop3: detected capacity change from 0 to 32768
[  114.001940][ T6583] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  114.121780][ T6583] XFS (loop3): Ending clean mount
[  114.152739][ T6583] XFS (loop3): Quotacheck needed: Please wait.
[  114.291135][ T6583] XFS (loop3): Quotacheck: Done.
[  114.452337][ T6605] loop0: detected capacity change from 0 to 40427
[  114.474083][ T6605] F2FS-fs (loop0): Invalid log_blocksize (268), supports only 12
[  114.493665][ T6605] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[  114.512476][ T6605] F2FS-fs (loop0): invalid crc value
[  114.639310][ T5842] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  114.745791][ T6605] F2FS-fs (loop0): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  114.818032][ T6605] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[  114.835144][ T6605] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  115.316472][ T6642] io-wq is not configured for unbound workers
[  116.068849][ T5841] Bluetooth: hci2: unexpected cc 0x0c5b length: 5 > 1
[  116.075495][ T6659] GUP no longer grows the stack in syz.0.206 (6659): 200000002000-200000005000 (200000001000)
[  116.133310][ T6659] CPU: 0 UID: 0 PID: 6659 Comm: syz.0.206 Not tainted syzkaller #0 PREEMPT(full) 
[  116.133339][ T6659] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  116.133352][ T6659] Call Trace:
[  116.133360][ T6659]  <TASK>
[  116.133369][ T6659]  dump_stack_lvl+0x189/0x250
[  116.133406][ T6659]  ? __pfx_dump_stack_lvl+0x10/0x10
[  116.133434][ T6659]  ? __pfx__printk+0x10/0x10
[  116.133454][ T6659]  ? find_vma+0xe7/0x160
[  116.133488][ T6659]  __get_user_pages+0x2463/0x29f0
[  116.133544][ T6659]  ? down_read_killable+0x1d1/0x350
[  116.133576][ T6659]  __gup_longterm_locked+0x3dc/0x1660
[  116.133612][ T6659]  ? try_grab_folio_fast+0x3e9/0x6a0
[  116.133649][ T6659]  gup_fast_fallback+0x1d6b/0x22d0
[  116.133714][ T6659]  ? __pfx_gup_fast_fallback+0x10/0x10
[  116.133751][ T6659]  ? frame_vector_create+0x67/0x110
[  116.133785][ T6659]  ? rcu_is_watching+0x15/0xb0
[  116.133811][ T6659]  ? trace_kmalloc+0x1f/0xd0
[  116.133828][ T6659]  ? is_valid_gup_args+0x11f/0x200
[  116.133859][ T6659]  ? pin_user_pages_fast+0x4d/0xb0
[  116.133890][ T6659]  get_vaddr_frames+0x86/0x210
[  116.133923][ T6659]  vb2_create_framevec+0x58/0xd0
[  116.133948][ T6659]  vb2_vmalloc_get_userptr+0x108/0x450
[  116.133982][ T6659]  ? __pfx_vb2_vmalloc_get_userptr+0x10/0x10
[  116.134009][ T6659]  __buf_prepare+0xf4f/0x4740
[  116.134056][ T6659]  ? __pfx___buf_prepare+0x10/0x10
[  116.134087][ T6659]  ? is_bpf_text_address+0x26/0x2b0
[  116.134118][ T6659]  ? is_bpf_text_address+0x292/0x2b0
[  116.134143][ T6659]  ? is_bpf_text_address+0x26/0x2b0
[  116.134175][ T6659]  ? kernel_text_address+0xa5/0xe0
[  116.134201][ T6659]  ? __kernel_text_address+0xd/0x40
[  116.134220][ T6659]  ? unwind_get_return_address+0x4d/0x90
[  116.134245][ T6659]  ? __pfx_stack_trace_consume_entry+0x10/0x10
[  116.134275][ T6659]  ? arch_stack_walk+0xfc/0x150
[  116.134318][ T6659]  ? __lock_acquire+0xab9/0xd20
[  116.134403][ T6659]  vb2_core_prepare_buf+0xad/0x2c0
[  116.134437][ T6659]  v4l2_m2m_ioctl_prepare_buf+0x15d/0x440
[  116.134458][ T6659]  ? v4l_prepare_buf+0x71/0xd0
[  116.134484][ T6659]  __video_do_ioctl+0xa59/0xc10
[  116.134523][ T6659]  ? __pfx___video_do_ioctl+0x10/0x10
[  116.134568][ T6659]  video_usercopy+0x82d/0x1450
[  116.134608][ T6659]  ? __pfx___video_do_ioctl+0x10/0x10
[  116.134640][ T6659]  ? __pfx_video_usercopy+0x10/0x10
[  116.134687][ T6659]  ? __fget_files+0x3a0/0x420
[  116.134721][ T6659]  v4l2_ioctl+0x18d/0x1e0
[  116.134757][ T6659]  ? __pfx_v4l2_ioctl+0x10/0x10
[  116.134784][ T6659]  __se_sys_ioctl+0xfc/0x170
[  116.134811][ T6659]  do_syscall_64+0xfa/0xfa0
[  116.134833][ T6659]  ? lockdep_hardirqs_on+0x9c/0x150
[  116.134856][ T6659]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.134876][ T6659]  ? clear_bhb_loop+0x60/0xb0
[  116.134900][ T6659]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  116.134920][ T6659] RIP: 0033:0x7f4968f8efc9
[  116.134942][ T6659] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  116.134959][ T6659] RSP: 002b:00007f4969e5d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  116.134981][ T6659] RAX: ffffffffffffffda RBX: 00007f49691e5fa0 RCX: 00007f4968f8efc9
[  116.134996][ T6659] RDX: 0000200000002dc0 RSI: 00000000c058565d RDI: 0000000000000003
[  116.135009][ T6659] RBP: 00007f4969011f91 R08: 0000000000000000 R09: 0000000000000000
[  116.135022][ T6659] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  116.135034][ T6659] R13: 00007f49691e6038 R14: 00007f49691e5fa0 R15: 00007fffd8bc5cc8
[  116.135069][ T6659]  </TASK>
[  116.898743][ T6652] loop1: detected capacity change from 0 to 32768
[  116.922785][ T6652] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.211 (6652)
[  116.971033][ T6652] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  117.013051][ T6652] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  117.167891][ T6652] BTRFS info (device loop1): enabling ssd optimizations
[  117.188139][ T6652] BTRFS info (device loop1): turning on async discard
[  117.196316][ T6652] BTRFS info (device loop1): enabling free space tree
[  117.327191][   T30] kauditd_printk_skb: 9 callbacks suppressed
[  117.327209][   T30] audit: type=1800 audit(1761107187.986:21): pid=6652 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.211" name="file1" dev="loop1" ino=264 res=0 errno=0
[  117.488400][ T5826] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  117.736400][ T6668] loop0: detected capacity change from 0 to 32768
[  117.833856][ T6668] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  117.967651][    T9] usb 2-1: new full-speed USB device number 2 using dummy_hcd
[  118.047971][ T6668] XFS (loop0): Ending clean mount
[  118.058333][ T6668] XFS (loop0): Quotacheck needed: Please wait.
[  118.151896][ T6668] XFS (loop0): Quotacheck: Done.
[  118.158124][    T9] usb 2-1: config index 0 descriptor too short (expected 14372, got 36)
[  118.177610][    T9] usb 2-1: config 46 has too many interfaces: 104, using maximum allowed: 32
[  118.187492][ T5907] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  118.194389][    T9] usb 2-1: config 46 has an invalid descriptor of length 0, skipping remainder of the config
[  118.214132][    T9] usb 2-1: config 46 has 0 interfaces, different from the descriptor's value: 104
[  118.240523][    T9] usb 2-1: New USB device found, idVendor=05ac, idProduct=a241, bcdDevice= 0.00
[  118.264586][    T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  118.327834][ T5832] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  118.362002][ T5907] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[  118.372431][ T5907] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  118.398650][ T5907] usb 4-1: config 0 descriptor??
[  118.883081][    T9] usb 2-1: string descriptor 0 read error: -71
[  118.898479][    T9] usb 2-1: USB disconnect, device number 2
[  118.971105][ T6724] netlink: 76 bytes leftover after parsing attributes in process `syz.2.228'.
[  119.333322][ T6731] loop2: detected capacity change from 0 to 1024
[  119.341944][ T6731] EXT4-fs: inline encryption not supported
[  119.371415][ T6731] EXT4-fs (loop2): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  119.386011][ T6731] EXT4-fs (loop2): group descriptors corrupted!
[  119.699801][    T9] libceph: connect (1)[c::]:6789 error -101
[  119.709678][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  119.776843][ T6738] ceph: No mds server is up or the cluster is laggy
[  119.957509][ T5907] usb 4-1: Cannot set autoneg
[  119.983817][ T5907] MOSCHIP usb-ethernet driver 4-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[  119.999675][    T9] libceph: connect (1)[c::]:6789 error -101
[  120.020092][    T9] libceph: mon0 (1)[c::]:6789 connect error
[  120.037139][ T5907] usb 4-1: USB disconnect, device number 3
[  120.075749][   T24] kernel read not supported for file /binder/stats (pid: 24 comm: kworker/1:0)
[  120.380758][ T6759] batman_adv: batadv0: Adding interface: dummy0
[  120.398073][ T6759] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  120.503596][ T6759] batman_adv: batadv0: Interface activated: dummy0
[  120.613806][ T6765] batadv0: mtu less than device minimum
[  120.640175][ T6765] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  120.652564][ T6765] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  120.664508][ T6765] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  120.676410][ T6765] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  120.688442][ T6765] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  120.700008][ T6761] loop4: detected capacity change from 0 to 40427
[  120.700290][ T6765] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  120.707794][ T6761] F2FS-fs: heap/no_heap options were deprecated
[  120.718350][ T6765] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  120.734941][ T6765] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  120.746860][ T6765] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  120.817777][ T6761] F2FS-fs (loop4): Image doesn't support compression
[  120.856896][ T6761] F2FS-fs (loop4): invalid crc value
[  120.955625][ T6761] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  120.966619][ T6761] F2FS-fs (loop4): Start checkpoint disabled!
[  120.985315][ T6761] F2FS-fs (loop4): f2fs_disable_checkpoint() finish, err:0
[  121.004066][ T6761] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  121.051773][ T6761] bio_check_eod: 19 callbacks suppressed
[  121.051795][ T6761] syz.4.242: attempt to access beyond end of device
[  121.051795][ T6761] loop4: rw=2049, sector=53248, nr_sectors = 8 limit=40427
[  121.071821][ T6761] syz.4.242: attempt to access beyond end of device
[  121.071821][ T6761] loop4: rw=2049, sector=53288, nr_sectors = 8 limit=40427
[  121.085897][ T6761] syz.4.242: attempt to access beyond end of device
[  121.085897][ T6761] loop4: rw=2049, sector=53304, nr_sectors = 8 limit=40427
[  121.099737][ T6761] syz.4.242: attempt to access beyond end of device
[  121.099737][ T6761] loop4: rw=2049, sector=53336, nr_sectors = 8 limit=40427
[  121.113784][ T6761] syz.4.242: attempt to access beyond end of device
[  121.113784][ T6761] loop4: rw=2049, sector=53360, nr_sectors = 32 limit=40427
[  121.127774][ T6761] syz.4.242: attempt to access beyond end of device
[  121.127774][ T6761] loop4: rw=2049, sector=53416, nr_sectors = 16 limit=40427
[  121.142724][ T6761] syz.4.242: attempt to access beyond end of device
[  121.142724][ T6761] loop4: rw=2049, sector=53464, nr_sectors = 16 limit=40427
[  121.156710][ T6761] syz.4.242: attempt to access beyond end of device
[  121.156710][ T6761] loop4: rw=2049, sector=53504, nr_sectors = 32 limit=40427
[  121.170639][ T6761] syz.4.242: attempt to access beyond end of device
[  121.170639][ T6761] loop4: rw=2049, sector=53568, nr_sectors = 8 limit=40427
[  121.214678][ T6761] syz.4.242: attempt to access beyond end of device
[  121.214678][ T6761] loop4: rw=0, sector=53568, nr_sectors = 8 limit=40427
[  121.322737][ T4152] CPU: 0 UID: 0 PID: 4152 Comm: kworker/u8:7 Not tainted syzkaller #0 PREEMPT(full) 
[  121.322766][ T4152] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  121.322777][ T4152] Workqueue: writeback wb_workfn (flush-7:4)
[  121.322795][ T4152] Call Trace:
[  121.322800][ T4152]  <TASK>
[  121.322806][ T4152]  dump_stack_lvl+0x189/0x250
[  121.322825][ T4152]  ? __pfx_dump_stack_lvl+0x10/0x10
[  121.322840][ T4152]  ? __pfx_queue_work_on+0x10/0x10
[  121.322853][ T4152]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  121.322868][ T4152]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  121.322884][ T4152]  f2fs_handle_critical_error+0x37c/0x540
[  121.322903][ T4152]  f2fs_write_end_io+0x886/0xb60
[  121.322922][ T4152]  __submit_merged_bio+0x27a/0x6a0
[  121.322940][ T4152]  __submit_merged_write_cond+0x255/0x530
[  121.322958][ T4152]  f2fs_write_data_pages+0x261d/0x3000
[  121.322991][ T4152]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  121.323005][ T4152]  ? __local_bh_enable_ip+0x12d/0x1c0
[  121.323025][ T4152]  ? cfg80211_inform_single_bss_data+0x13da/0x1ac0
[  121.323058][ T4152]  ? __lock_acquire+0xab9/0xd20
[  121.323086][ T4152]  ? unwind_next_frame+0xa5/0x2390
[  121.323109][ T4152]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  121.323125][ T4152]  do_writepages+0x32e/0x550
[  121.323144][ T4152]  ? reacquire_held_locks+0x127/0x1d0
[  121.323156][ T4152]  ? writeback_sb_inodes+0x384/0x1010
[  121.323174][ T4152]  __writeback_single_inode+0x145/0xff0
[  121.323188][ T4152]  ? do_raw_spin_unlock+0x122/0x240
[  121.323206][ T4152]  writeback_sb_inodes+0x6c7/0x1010
[  121.323219][ T4152]  ? __lock_acquire+0xab9/0xd20
[  121.323242][ T4152]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  121.323278][ T4152]  ? rcu_is_watching+0x15/0xb0
[  121.323297][ T4152]  wb_writeback+0x43b/0xaf0
[  121.323314][ T4152]  ? queue_io+0x3c1/0x590
[  121.323332][ T4152]  ? __pfx_wb_writeback+0x10/0x10
[  121.323349][ T4152]  ? _raw_spin_unlock_irq+0x23/0x50
[  121.323362][ T4152]  wb_workfn+0x409/0xef0
[  121.323381][ T4152]  ? __pfx_wb_workfn+0x10/0x10
[  121.323395][ T4152]  ? __lock_acquire+0xab9/0xd20
[  121.323412][ T4152]  ? process_scheduled_works+0x9ef/0x17b0
[  121.323427][ T4152]  ? _raw_spin_unlock_irq+0x23/0x50
[  121.323437][ T4152]  ? process_scheduled_works+0x9ef/0x17b0
[  121.323448][ T4152]  ? process_scheduled_works+0x9ef/0x17b0
[  121.323468][ T4152]  process_scheduled_works+0xae1/0x17b0
[  121.323496][ T4152]  ? __pfx_process_scheduled_works+0x10/0x10
[  121.323517][ T4152]  worker_thread+0x8a0/0xda0
[  121.323531][ T4152]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  121.323547][ T4152]  ? __kthread_parkme+0x7b/0x200
[  121.323566][ T4152]  kthread+0x711/0x8a0
[  121.323594][ T4152]  ? __pfx_worker_thread+0x10/0x10
[  121.323606][ T4152]  ? __pfx_kthread+0x10/0x10
[  121.323622][ T4152]  ? _raw_spin_unlock_irq+0x23/0x50
[  121.323632][ T4152]  ? lockdep_hardirqs_on+0x9c/0x150
[  121.323642][ T4152]  ? __pfx_kthread+0x10/0x10
[  121.323658][ T4152]  ret_from_fork+0x4bc/0x870
[  121.323671][ T4152]  ? __pfx_ret_from_fork+0x10/0x10
[  121.323687][ T4152]  ? __switch_to_asm+0x39/0x70
[  121.323695][ T4152]  ? __switch_to_asm+0x33/0x70
[  121.323707][ T4152]  ? __pfx_kthread+0x10/0x10
[  121.323722][ T4152]  ret_from_fork_asm+0x1a/0x30
[  121.323741][ T4152]  </TASK>
[  121.323773][ T4152] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  122.597435][ T5845] usb 3-1: new full-speed USB device number 3 using dummy_hcd
[  122.769273][ T5845] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  122.780330][ T5845] usb 3-1: config 0 has no interfaces?
[  122.792012][ T5845] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  122.813279][ T5845] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  122.827394][ T5845] usb 3-1: Product: syz
[  122.831600][ T5845] usb 3-1: Manufacturer: syz
[  122.846894][ T5845] usb 3-1: SerialNumber: syz
[  122.872972][ T5845] usb 3-1: config 0 descriptor??
[  122.962356][ T6796] netlink: 'syz.0.255': attribute type 10 has an invalid length.
[  122.988451][ T6796] netlink: 55 bytes leftover after parsing attributes in process `syz.0.255'.
[  123.021835][ T6791] loop4: detected capacity change from 0 to 32768
[  123.115640][   T30] audit: type=1800 audit(1761107193.776:22): pid=6791 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.252" name="file2" dev="loop4" ino=5 res=0 errno=0
[  123.434799][ T6802] netlink: 4 bytes leftover after parsing attributes in process `syz.3.257'.
[  123.538240][ T5845] usb 3-1: USB disconnect, device number 3
[  123.773977][ T6804] loop0: detected capacity change from 0 to 32768
[  123.819106][ T6804] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  123.827781][ T6804] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  123.856986][ T6804] gfs2: fsid=syz:syz.0: journal 0 mapped with 16 extents in 0ms
[  123.869525][   T24] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  123.877395][   T24] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  124.075429][   T24] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 198ms
[  124.118808][   T24] gfs2: fsid=syz:syz.0: jid=0: Done
[  124.125360][ T6804] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  124.843794][ T6819] netlink: 24 bytes leftover after parsing attributes in process `syz.2.263'.
[  125.583919][ T6845] netlink: 'syz.0.273': attribute type 10 has an invalid length.
[  125.694734][ T6845] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  125.714668][ T6846] ip6_vti0 speed is unknown, defaulting to 1000
[  125.761426][ T6846] ip6_vti0 speed is unknown, defaulting to 1000
[  125.826954][ T6846] ip6_vti0 speed is unknown, defaulting to 1000
[  126.079510][ T6828] loop4: detected capacity change from 0 to 32768
[  126.136081][ T6828] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  126.327970][ T6828] XFS (loop4): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  126.436220][ T6846] infiniband syz2: set down
[  126.444372][ T5885] ip6_vti0 speed is unknown, defaulting to 1000
[  126.477425][ T6828] XFS (loop4): Starting recovery (logdev: internal)
[  126.484716][ T6846] infiniband syz2: added ip6_vti0
[  126.515407][ T6828] XFS (loop4): Ending recovery (logdev: internal)
[  126.821647][ T6846] RDS/IB: syz2: added
[  126.845082][ T6846] smc: adding ib device syz2 with port count 1
[  126.861870][ T6846] smc:    ib device syz2 port 1 has no pnetid
[  126.874085][ T5845] ip6_vti0 speed is unknown, defaulting to 1000
[  126.889956][ T6846] ip6_vti0 speed is unknown, defaulting to 1000
[  126.975779][ T5833] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  127.600073][ T6846] ip6_vti0 speed is unknown, defaulting to 1000
[  128.077545][ T6886] netlink: 4 bytes leftover after parsing attributes in process `syz.3.287'.
[  128.090608][ T6846] ip6_vti0 speed is unknown, defaulting to 1000
[  128.403510][ T6898] loop0: detected capacity change from 0 to 1024
[  128.425089][ T6898] EXT4-fs: Ignoring removed nomblk_io_submit option
[  128.530409][ T6898] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  128.672063][ T5832] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  128.721855][ T6909] netlink: 'syz.4.295': attribute type 1 has an invalid length.
[  128.730865][ T6909] netlink: 'syz.4.295': attribute type 4 has an invalid length.
[  128.753368][ T6909] netlink: 9462 bytes leftover after parsing attributes in process `syz.4.295'.
[  128.775544][ T6910] evm: overlay not supported
[  128.779432][ T6909] netlink: 'syz.4.295': attribute type 1 has an invalid length.
[  128.798619][ T6909] netlink: 'syz.4.295': attribute type 4 has an invalid length.
[  128.810664][ T6846] ip6_vti0 speed is unknown, defaulting to 1000
[  128.811349][ T6909] netlink: 9462 bytes leftover after parsing attributes in process `syz.4.295'.
[  129.479476][ T6926] loop3: detected capacity change from 0 to 512
[  129.492386][ T6926] EXT4-fs: Ignoring removed i_version option
[  129.516920][ T6926] EXT4-fs: Ignoring removed bh option
[  129.619193][ T6926] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  129.659183][ T6926] ext4 filesystem being mounted at /55/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  129.854354][ T5842] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  131.000843][ T6958] netlink: 12 bytes leftover after parsing attributes in process `syz.0.312'.
[  131.820383][ T6846] ip6_vti0 speed is unknown, defaulting to 1000
[  132.904805][ T1299] ieee802154 phy0 wpan0: encryption failed: -22
[  132.914818][ T1299] ieee802154 phy1 wpan1: encryption failed: -22
[  133.479425][ T6992] sctp: [Deprecated]: syz.1.324 (pid 6992) Use of int in max_burst socket option deprecated.
[  133.479425][ T6992] Use struct sctp_assoc_value instead
[  134.402358][ T7003] netlink: 8 bytes leftover after parsing attributes in process `syz.1.327'.
[  135.611876][ T7019] faux_driver vgem: [drm] Unknown color mode 13; guessing buffer size.
[  136.024036][ T7031] loop3: detected capacity change from 0 to 1024
[  136.045643][ T7031] EXT4-fs: Ignoring removed nobh option
[  136.085600][ T7031] EXT4-fs: inline encryption not supported
[  136.175702][ T7031] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  136.614534][ T5842] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  136.976121][ T7070] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  137.142722][ T7074] ptrace attach of "./syz-executor exec"[5826] was attempted by "./syz-executor exec"[7074]
[  137.688307][ T7084] loop0: detected capacity change from 0 to 4096
[  137.805162][ T5199] udevd[5199]: worker [5831] terminated by signal 33 (Unknown signal 33)
[  137.838240][ T5199] udevd[5199]: worker [5831] failed while handling '/devices/virtual/block/loop0'
[  137.886790][ T7086] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  137.954708][ T5199] udevd[5199]: worker [6665] terminated by signal 33 (Unknown signal 33)
[  137.990441][ T5199] udevd[5199]: worker [6665] failed while handling '/devices/virtual/block/loop0'
[  138.029125][ T7084] NILFS (loop0): DAT doesn't have a block to manage vblocknr = 648518346341351424
[  138.055014][ T7084] NILFS error (device loop0): nilfs_bmap_truncate: broken bmap (inode number=12)
[  138.098011][ T7084] Remounting filesystem read-only
[  138.103111][ T7084] NILFS (loop0): error -5 truncating bmap (ino=12)
[  138.203841][ T5832] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer
[  138.224699][ T7089] loop2: detected capacity change from 0 to 2048
[  138.348319][ T7089] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=18576, location=18576
[  138.524647][ T7089] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  138.599188][ T7093] netlink: 96 bytes leftover after parsing attributes in process `syz.0.359'.
[  139.213238][ T7118] netlink: 'syz.0.370': attribute type 10 has an invalid length.
[  139.270457][ T7121] netlink: 'syz.0.370': attribute type 10 has an invalid length.
[  139.284692][ T7118] team0: Port device dummy0 added
[  139.312180][ T7121] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  139.395287][ T7121] team0: Failed to send options change via netlink (err -105)
[  139.403742][ T7121] team0: Failed to send port change of device dummy0 via netlink (err -105)
[  139.417289][ T7121] team0: Port device dummy0 removed
[  139.427295][ T7121] bond0: (slave dummy0): Enslaving as an active interface with an up link
[  139.693042][   T30] audit: type=1326 audit(1761107723.359:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7127 comm="syz.3.373" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f48b7b8efc9 code=0x0
[  141.066214][ T7135] loop2: detected capacity change from 0 to 32768
[  141.154719][ T7135] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.377 (7135)
[  141.518979][ T7135] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  141.546405][ T7135] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm
[  141.871910][ T7135] BTRFS info (device loop2): enabling ssd optimizations
[  141.923138][ T7135] BTRFS info (device loop2): turning on async discard
[  141.929003][ T7177] netlink: 'syz.3.385': attribute type 1 has an invalid length.
[  141.938190][ T7177] netlink: 'syz.3.385': attribute type 4 has an invalid length.
[  141.945846][ T7177] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.385'.
[  141.957222][ T7177] netlink: 'syz.3.385': attribute type 1 has an invalid length.
[  141.965061][ T7135] BTRFS info (device loop2): enabling free space tree
[  142.087481][ T7177] netlink: 'syz.3.385': attribute type 4 has an invalid length.
[  142.143714][ T7177] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.385'.
[  142.189248][   T30] audit: type=1800 audit(1761107725.859:24): pid=7183 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.377" name="file1" dev="loop2" ino=260 res=0 errno=0
[  142.425214][ T7188] Invalid ELF header magic: != ELF
[  142.563231][ T5827] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  143.419387][ T7192] loop3: detected capacity change from 0 to 32768
[  143.472555][ T7211] netlink: 'syz.4.398': attribute type 4 has an invalid length.
[  143.495668][ T7192] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  143.704518][ T7192] ==================================================================
[  143.712621][ T7192] BUG: KASAN: slab-use-after-free in ocfs2_fault+0xd3/0x3f0
[  143.719930][ T7192] Read of size 8 at addr ffff88804a15eb98 by task syz.3.392/7192
[  143.727650][ T7192] 
[  143.729978][ T7192] CPU: 1 UID: 0 PID: 7192 Comm: syz.3.392 Not tainted syzkaller #0 PREEMPT(full) 
[  143.730001][ T7192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  143.730012][ T7192] Call Trace:
[  143.730020][ T7192]  <TASK>
[  143.730027][ T7192]  dump_stack_lvl+0x189/0x250
[  143.730056][ T7192]  ? __kasan_check_byte+0x12/0x40
[  143.730079][ T7192]  ? __pfx_dump_stack_lvl+0x10/0x10
[  143.730103][ T7192]  ? lock_release+0x4b/0x3e0
[  143.730128][ T7192]  ? __virt_addr_valid+0x4a5/0x5c0
[  143.730158][ T7192]  print_report+0xca/0x240
[  143.730182][ T7192]  ? ocfs2_fault+0xd3/0x3f0
[  143.730207][ T7192]  kasan_report+0x118/0x150
[  143.730229][ T7192]  ? ocfs2_fault+0xd3/0x3f0
[  143.730256][ T7192]  ocfs2_fault+0xd3/0x3f0
[  143.730280][ T7192]  ? __pfx_ocfs2_fault+0x10/0x10
[  143.730306][ T7192]  __do_fault+0x138/0x390
[  143.730334][ T7192]  __handle_mm_fault+0x35dc/0x5440
[  143.730367][ T7192]  ? __pfx___handle_mm_fault+0x10/0x10
[  143.730400][ T7192]  ? follow_page_pte+0x7ef/0x13e0
[  143.730429][ T7192]  handle_mm_fault+0x40a/0x8e0
[  143.730459][ T7192]  __get_user_pages+0x1650/0x29f0
[  143.730499][ T7192]  populate_vma_page_range+0x29f/0x3a0
[  143.730527][ T7192]  ? __pfx_populate_vma_page_range+0x10/0x10
[  143.730551][ T7192]  ? userfaultfd_unmap_complete+0x278/0x2d0
[  143.730581][ T7192]  ? down_read+0x1ad/0x2e0
[  143.730606][ T7192]  __mm_populate+0x24c/0x380
[  143.730633][ T7192]  ? __pfx___mm_populate+0x10/0x10
[  143.730659][ T7192]  ? up_write+0x1c4/0x420
[  143.730684][ T7192]  vm_mmap_pgoff+0x387/0x4d0
[  143.730707][ T7192]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  143.730731][ T7192]  ? __fget_files+0x2a/0x420
[  143.730760][ T7192]  ? __fget_files+0x2a/0x420
[  143.730786][ T7192]  ? __fget_files+0x2a/0x420
[  143.730814][ T7192]  ksys_mmap_pgoff+0x51f/0x760
[  143.730850][ T7192]  do_syscall_64+0xfa/0xfa0
[  143.730872][ T7192]  ? lockdep_hardirqs_on+0x9c/0x150
[  143.730893][ T7192]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.730912][ T7192]  ? clear_bhb_loop+0x60/0xb0
[  143.730933][ T7192]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  143.730952][ T7192] RIP: 0033:0x7f48b7b8efc9
[  143.730969][ T7192] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  143.730986][ T7192] RSP: 002b:00007f48b8a0d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  143.731007][ T7192] RAX: ffffffffffffffda RBX: 00007f48b7de5fa0 RCX: 00007f48b7b8efc9
[  143.731023][ T7192] RDX: 00000000027ffff7 RSI: 0000000000600000 RDI: 0000200000000000
[  143.731037][ T7192] RBP: 00007f48b7c11f91 R08: 0000000000000004 R09: 0000000000000000
[  143.731049][ T7192] R10: 0000000004012011 R11: 0000000000000246 R12: 0000000000000000
[  143.731062][ T7192] R13: 00007f48b7de6038 R14: 00007f48b7de5fa0 R15: 00007ffca9c2b338
[  143.731083][ T7192]  </TASK>
[  143.731095][ T7192] 
[  144.004836][ T7192] Allocated by task 7192:
[  144.009168][ T7192]  kasan_save_track+0x3e/0x80
[  144.013842][ T7192]  __kasan_slab_alloc+0x6c/0x80
[  144.018684][ T7192]  kmem_cache_alloc_noprof+0x37d/0x700
[  144.024153][ T7192]  vm_area_alloc+0x24/0x140
[  144.028647][ T7192]  mmap_region+0xdcd/0x2110
[  144.033190][ T7192]  do_mmap+0xc45/0x10d0
[  144.037348][ T7192]  vm_mmap_pgoff+0x2a6/0x4d0
[  144.041933][ T7192]  ksys_mmap_pgoff+0x51f/0x760
[  144.046696][ T7192]  do_syscall_64+0xfa/0xfa0
[  144.051190][ T7192]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.057074][ T7192] 
[  144.059386][ T7192] Freed by task 15:
[  144.063181][ T7192]  kasan_save_track+0x3e/0x80
[  144.067847][ T7192]  kasan_save_free_info+0x46/0x50
[  144.072866][ T7192]  __kasan_slab_free+0x5c/0x80
[  144.077623][ T7192]  slab_free_after_rcu_debug+0x12c/0x2a0
[  144.083251][ T7192]  rcu_core+0xcab/0x1770
[  144.087491][ T7192]  handle_softirqs+0x286/0x870
[  144.092252][ T7192]  run_ksoftirqd+0x9b/0x100
[  144.096752][ T7192]  smpboot_thread_fn+0x542/0xa60
[  144.101689][ T7192]  kthread+0x711/0x8a0
[  144.105756][ T7192]  ret_from_fork+0x4bc/0x870
[  144.110335][ T7192]  ret_from_fork_asm+0x1a/0x30
[  144.115089][ T7192] 
[  144.117404][ T7192] Last potentially related work creation:
[  144.123104][ T7192]  kasan_save_stack+0x3e/0x60
[  144.127776][ T7192]  kasan_record_aux_stack+0xbd/0xd0
[  144.132978][ T7192]  kmem_cache_free+0x4a2/0x690
[  144.137736][ T7192]  vms_complete_munmap_vmas+0x626/0x8a0
[  144.143277][ T7192]  mmap_region+0x11e1/0x2110
[  144.147868][ T7192]  do_mmap+0xc45/0x10d0
[  144.152023][ T7192]  vm_mmap_pgoff+0x2a6/0x4d0
[  144.156604][ T7192]  ksys_mmap_pgoff+0x51f/0x760
[  144.161363][ T7192]  do_syscall_64+0xfa/0xfa0
[  144.165856][ T7192]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.171744][ T7192] 
[  144.174058][ T7192] The buggy address belongs to the object at ffff88804a15eb40
[  144.174058][ T7192]  which belongs to the cache vm_area_struct of size 256
[  144.188366][ T7192] The buggy address is located 88 bytes inside of
[  144.188366][ T7192]  freed 256-byte region [ffff88804a15eb40, ffff88804a15ec40)
[  144.202068][ T7192] 
[  144.204380][ T7192] The buggy address belongs to the physical page:
[  144.210788][ T7192] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4a15e
[  144.219544][ T7192] memcg:ffff888025ddf981
[  144.223767][ T7192] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff)
[  144.230871][ T7192] page_type: f5(slab)
[  144.234845][ T7192] raw: 00fff00000000000 ffff88801b6c1b40 ffffea0000ce7d80 dead000000000004
[  144.243426][ T7192] raw: 0000000000000000 00000000000c000c 00000000f5000000 ffff888025ddf981
[  144.252008][ T7192] page dumped because: kasan: bad access detected
[  144.258421][ T7192] page_owner tracks the page as allocated
[  144.264129][ T7192] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 5826, tgid 5826 (syz-executor), ts 93466146300, free_ts 93448912534
[  144.283410][ T7192]  post_alloc_hook+0x240/0x2a0
[  144.288180][ T7192]  get_page_from_freelist+0x2365/0x2440
[  144.293739][ T7192]  __alloc_frozen_pages_noprof+0x181/0x370
[  144.299540][ T7192]  alloc_pages_mpol+0x232/0x4a0
[  144.304387][ T7192]  allocate_slab+0x96/0x3a0
[  144.308887][ T7192]  ___slab_alloc+0xe94/0x18a0
[  144.313562][ T7192]  __kmem_cache_alloc_bulk+0x1e2/0x590
[  144.319019][ T7192]  __pcs_replace_empty_main+0x292/0x540
[  144.324577][ T7192]  kmem_cache_alloc_noprof+0x469/0x700
[  144.330038][ T7192]  vm_area_dup+0x2b/0x680
[  144.334360][ T7192]  dup_mmap+0x903/0x1b10
[  144.338595][ T7192]  copy_mm+0x13c/0x4b0
[  144.342661][ T7192]  copy_process+0x1706/0x3c00
[  144.347327][ T7192]  kernel_clone+0x21e/0x840
[  144.351827][ T7192]  __x64_sys_clone+0x18b/0x1e0
[  144.356586][ T7192]  do_syscall_64+0xfa/0xfa0
[  144.361086][ T7192] page last free pid 23 tgid 23 stack trace:
[  144.367050][ T7192]  __free_frozen_pages+0xbc8/0xd30
[  144.372151][ T7192]  tlb_remove_table_rcu+0x85/0x100
[  144.377256][ T7192]  rcu_core+0xcab/0x1770
[  144.381490][ T7192]  handle_softirqs+0x286/0x870
[  144.386246][ T7192]  run_ksoftirqd+0x9b/0x100
[  144.390748][ T7192]  smpboot_thread_fn+0x542/0xa60
[  144.395690][ T7192]  kthread+0x711/0x8a0
[  144.399757][ T7192]  ret_from_fork+0x4bc/0x870
[  144.404344][ T7192]  ret_from_fork_asm+0x1a/0x30
[  144.409100][ T7192] 
[  144.411410][ T7192] Memory state around the buggy address:
[  144.417026][ T7192]  ffff88804a15ea80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  144.425078][ T7192]  ffff88804a15eb00: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb
[  144.433130][ T7192] >ffff88804a15eb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  144.441176][ T7192]                             ^
[  144.446030][ T7192]  ffff88804a15ec00: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc
[  144.454096][ T7192]  ffff88804a15ec80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  144.462147][ T7192] ==================================================================
[  144.492075][ T7192] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  144.499323][ T7192] CPU: 0 UID: 0 PID: 7192 Comm: syz.3.392 Not tainted syzkaller #0 PREEMPT(full) 
[  144.508533][ T7192] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025
[  144.518597][ T7192] Call Trace:
[  144.521887][ T7192]  <TASK>
[  144.524833][ T7192]  dump_stack_lvl+0x99/0x250
[  144.529444][ T7192]  ? __asan_memcpy+0x40/0x70
[  144.534059][ T7192]  ? __pfx_dump_stack_lvl+0x10/0x10
[  144.539277][ T7192]  ? __pfx__printk+0x10/0x10
[  144.543882][ T7192]  vpanic+0x237/0x6d0
[  144.547868][ T7192]  ? __pfx_vpanic+0x10/0x10
[  144.552396][ T7192]  ? preempt_schedule+0xae/0xc0
[  144.557246][ T7192]  ? __pfx_preempt_schedule+0x10/0x10
[  144.562614][ T7192]  panic+0xb9/0xc0
[  144.566333][ T7192]  ? __pfx_panic+0x10/0x10
[  144.570750][ T7192]  ? _raw_spin_unlock_irqrestore+0xfd/0x110
[  144.576638][ T7192]  ? ocfs2_fault+0xd3/0x3f0
[  144.581143][ T7192]  check_panic_on_warn+0x89/0xb0
[  144.586083][ T7192]  ? ocfs2_fault+0xd3/0x3f0
[  144.590601][ T7192]  end_report+0x78/0x160
[  144.594854][ T7192]  kasan_report+0x129/0x150
[  144.599358][ T7192]  ? ocfs2_fault+0xd3/0x3f0
[  144.603866][ T7192]  ocfs2_fault+0xd3/0x3f0
[  144.608192][ T7192]  ? __pfx_ocfs2_fault+0x10/0x10
[  144.613132][ T7192]  __do_fault+0x138/0x390
[  144.617456][ T7192]  __handle_mm_fault+0x35dc/0x5440
[  144.622571][ T7192]  ? __pfx___handle_mm_fault+0x10/0x10
[  144.628034][ T7192]  ? follow_page_pte+0x7ef/0x13e0
[  144.633067][ T7192]  handle_mm_fault+0x40a/0x8e0
[  144.637834][ T7192]  __get_user_pages+0x1650/0x29f0
[  144.642869][ T7192]  populate_vma_page_range+0x29f/0x3a0
[  144.648336][ T7192]  ? __pfx_populate_vma_page_range+0x10/0x10
[  144.654327][ T7192]  ? userfaultfd_unmap_complete+0x278/0x2d0
[  144.660238][ T7192]  ? down_read+0x1ad/0x2e0
[  144.664654][ T7192]  __mm_populate+0x24c/0x380
[  144.669244][ T7192]  ? __pfx___mm_populate+0x10/0x10
[  144.674353][ T7192]  ? up_write+0x1c4/0x420
[  144.678679][ T7192]  vm_mmap_pgoff+0x387/0x4d0
[  144.683274][ T7192]  ? __pfx_vm_mmap_pgoff+0x10/0x10
[  144.688384][ T7192]  ? __fget_files+0x2a/0x420
[  144.692978][ T7192]  ? __fget_files+0x2a/0x420
[  144.697566][ T7192]  ? __fget_files+0x2a/0x420
[  144.702158][ T7192]  ksys_mmap_pgoff+0x51f/0x760
[  144.706932][ T7192]  do_syscall_64+0xfa/0xfa0
[  144.711432][ T7192]  ? lockdep_hardirqs_on+0x9c/0x150
[  144.716627][ T7192]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.722686][ T7192]  ? clear_bhb_loop+0x60/0xb0
[  144.727356][ T7192]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  144.733242][ T7192] RIP: 0033:0x7f48b7b8efc9
[  144.737650][ T7192] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  144.757250][ T7192] RSP: 002b:00007f48b8a0d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  144.765662][ T7192] RAX: ffffffffffffffda RBX: 00007f48b7de5fa0 RCX: 00007f48b7b8efc9
[  144.773628][ T7192] RDX: 00000000027ffff7 RSI: 0000000000600000 RDI: 0000200000000000
[  144.781590][ T7192] RBP: 00007f48b7c11f91 R08: 0000000000000004 R09: 0000000000000000
[  144.789554][ T7192] R10: 0000000004012011 R11: 0000000000000246 R12: 0000000000000000
[  144.797522][ T7192] R13: 00007f48b7de6038 R14: 00007f48b7de5fa0 R15: 00007ffca9c2b338
[  144.805502][ T7192]  </TASK>
[  144.808775][ T7192] Kernel Offset: disabled
[  144.813086][ T7192] Rebooting in 86400 seconds..