last executing test programs:

6m2.001955945s ago: executing program 32 (id=168):
r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x6, 0x2)
ioctl$vim2m_VIDIOC_TRY_FMT(r0, 0xc0d05640, &(0x7f0000000040)={0x1, @pix_mp={0x4, 0x1, 0x38415262, 0x9, 0x5, [{0x5, 0xaddf}, {}, {0x5, 0x7fff}, {0x6, 0x9}, {0x2, 0x8}, {0x9, 0x6}, {0x5, 0x80}, {0x4, 0x8000}], 0x8, 0x87, 0x0, 0x0, 0x3}})

5m52.688790597s ago: executing program 33 (id=257):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0)
r1 = dup(r0)
mount$9p_fd(0x0, &(0x7f0000000140)='.\x00', &(0x7f0000000180), 0x0, &(0x7f00000003c0)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}})

5m45.722882236s ago: executing program 34 (id=299):
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'macvtap0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="640000001000ffff27bd7000fedbdf25eeff0000", @ANYRES32=0x0, @ANYBLOB="15010000000000002800128009000100766c616e000000001800028006000100040000000c000200110000001300000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r1, @ANYBLOB="0a000100aa"], 0x64}, 0x1, 0x0, 0x0, 0x28001}, 0x8000002)

4m35.908349793s ago: executing program 5 (id=993):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10)
recvmmsg(r0, &(0x7f0000002100)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000300)=""/185, 0xb9}, 0x80000000}], 0x1, 0x142, 0x0)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)
setsockopt$inet_int(r0, 0x0, 0xd, &(0x7f0000000040)=0xfffffffc, 0x4)
setsockopt$inet_int(r0, 0x0, 0x6, &(0x7f0000000000)=0x6, 0x4)
recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0)

4m35.905955793s ago: executing program 5 (id=994):
syz_mount_image$jfs(&(0x7f0000000000), &(0x7f0000000180)='./file1\x00', 0x20108c0, &(0x7f0000006980)=ANY=[@ANYBLOB="646973636172642c696f636861727365743d63703837342c6572726f72733d72656d6f756e742d726f2c75737271756f74612c696f636861727365743d63703836312c696f636861727365743d6370313235302c696e7465677269747900696f636861727365743d69736f383835392d342c646973636172643d30783030303030303030303030303030396943b95b49aca56faf1cc22189cc312c796f636861727365743d6d6163677265656b2c71756f74612c726573697a653d3078303030303030303030303030376666662c646973636172643d3078303030303030303066666666666666662c756d61736b3d3078303030303030303030303032303034352c6673636f6e746578743d046e636f6e66696e65645f752c66736d616769633d3078303030303030303030303230303030392c324216873b95edfe8ceab2bb0b11835a5cf531ac6273c29a4d4f9d056f1bcb8cd0a969ed12cf99802b5b3201518ecfc59a4fd94dd5349dc55633bd2bde1128ad071807ef13a9f10c0fbf3ad861c2009067c5c6c84cdba2806fa74eddff8373799d0b8c1e6f7e2b205235161b610ae5c66d1d9cfc2bc0cb617ae49331ade71595c2a5438139933aada47236dafdffffff088a552445f95768ccecb0c35797e832beced2077fa197623cd3de51d69d7a4f77a80eb5f783f091e5ec6047a0f67676819f4bf66744c1cb0975b96baf730000000000000001004e257bbabf33e3fa8d0cca2fbb4dabe1c5634b06881b049910b34a55f5a213438b2cdf889b764ce26ae4e539fdffa2ea82c34b16308e26ce945d101d5f2e2577d8e2a21d9401194a97a6c281b603da7c66934f0c"], 0xfe, 0x61f6, &(0x7f000000cdc0)="$eJzs3c1vHGcdB/DfvvolNLV6qEqEkJuWl1KaxEkJgQJtD3Dg0gPKFSVy3SoiBZQElFYWceULB078BSAkjghxRBz4A3rgyo0TJyLZSKCeGDTe54lnN7tdp7Z31p7PR3JmfvPMep/Jd189L08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPH97/1grRURN36eFqxEfCY6Ee2IpbJejYil1ZW8fjcinou95ng2InoLEeXt9/55OuLViPjobMTO7uZ6ufjyAfvx3T/+/Xc/PPPW3/7Qu/jfP93rvDZpvfv3f/WfPz843DYDAABA0xRFUbTS1/xz6ft9u+5OAQAzkd//iyQvP/X1r//51l/mqT/qRtcRl/YWzkt/1Gr16a2rivEeVIuI2KrepvzMYHc8AJwwW/Fx3V2gRvJvtG5EnKm7E8Bca9XdAY7Fzu7meivl26q+H6wO2vOxIEP5b7Uend8xaTrN6DEms3p8bUcnnpnQn6UZ9WGe5Pzbo/nfGLT303rHnf+sTMq/Pzj1qXFy/p3R/Eccaf4LdebfHpt/U+X8u0+Uf+cEP//lDwAAAADA6Zf//r9S8/7fhcNvyoF80v7f1Rn1AQAAAAAAAACO2mHH/3vE+H8AAAAwt8rv6qXfnN1fNulabOXy662Ip0bWBxomnSyzXHc/AAAAAAAAAAAAAKBJuoNjeK+3InoR8dTyclEU5U/VaP2kDnv7k67p2w9NVveLPAAADHx0duRc/lbEYkRcT9f66y0vLxfF4tJysVwsLeTPs/2FxWKp8r02T8tlC/0DfCDu9ovyly1Wblc17fvytPbR31feV7/oHKBjR6SX/jcnNNcUNgAkg3ejHe9Ip0xRPD3pwwcM8fw/hVZipe7HFfOv7ocpAAAAcPyKoiha6XLe59I+/3bdnQIAZiK//4/uFzhU3Z7QHnE0v1+tVqvVavWnqquK8R5Ui4jYqt6m/MxgOH4AOGG24uO6u0CN5N9o3Yh4ru5OAHOtVXcHOBY7u5vrrZRvq/p+kMZ3z8eCDOW/1dq7Xb79uOk0o8eYzOrxtR2deGZCf56dUR/mSc6/PZr/jUF7P6133PnPyqT8+3unzDVPzr8zmv+I05N/e2z+TZXz7z5R/h35AwAAAADAHMt//1+x/zdvMgAAAAAAAACcODu7m+v5vNe8//9zY9Zz/ufplPNvPWn+S2le/idazr89kv+XR9brVOYfvrn//P/37ub67+/967N5etD8F/JMKz2yWukR0Ur31Oqm6WG27nHbvU6/vKdeq93ppmN+it47cStux0ZcGlq3nf4/9tvXhtrLnvaG2i8PtXcfa78y1N5L1x0olnL7hViPn8TteHuvvWxbmLL9i1PaiyntOf+O1/9Gyvl3Kz9l/supvTUyLT38sP3Y8746HXc/b9z6/C8vHf/mTDHpyseD7Ts/6+5EDF5xzvTjZ3c37ly4f/PevTtrkSZDSy9HmhyxnH9v72dh//X/hUF7ft2vPl8ffth/4vznxXZ0Hz22q8r8X6jMl9v70oz7Voecfz/95PzfTu3jn/8nOf/OxPxfrqE/AAAAAAAAAAAAAAAA8EmKotg7RfSNiLiazv+p69xMAGC28vt/keTlarVarVarT19dVYz3erWIiL9Wb1N+ZvjFuF8GAMyz/0XEP+ruBLWRf4Pl6/2V0xfr7gwwU3ff/+BHN2/f3rhzt+6eAAAAAAAAAACfVh7/c7Uy/vOLEbEyst7Q+K9vxuphx//s5plHA4we8UDfE2y3+512Zbjx52NvfO4Lk8b/Ph+Pj/+dx8TtVLdjgt6U9v6U9oUp7Ytjl+6nNfZEj4qc//OV8c7L/M+NDL/ehPFfR8e8b4Kc//nK47nM/0sj61XzL347d/lvHXTF7WgP5X/x3ns/vXj3/Q9eufXezXc33t348ZW1tUtXrl69du3axXdu3d64NPj3eHo9B3L+eexrx4E2S84/Zy7/Zsn5fyHV8m+WnP8XUy3/Zsn558978m+WnH/+7iP/Zsn5v5Rq+TdLzv8rqZZ/s+zsbi6U+b+cavk3S37+fzXV8m+WnP8rqZZ/s+T8L6Ra/s2S87+Y6gPk7/Lwp0jOP+/h8vxvlpz/Wqrl3yw5/8upln+z5PyvpFr+zZLzfzXV8m+WnP/XUi3/Zsn5X021/Jsl5//1VMu/WXL+11It/2bJ+X8j1fJvlpz/N1Mt/2bJ+b+Wavk3S87/W6mWf7Pk/L+davk3S87/O6mWf7Pk/F9PtfybZf/6/2bMmDGTZ+p+ZQIAAAAAAAAAAAAARs3icOK6txEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD+zw4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsHdvMXLd9R3Az+zF3nUIMRCCkxrYJCaEZMmu7cQX2jQmXBugFEgo9ILtetdmwTe8dgkUyaaBEgmjooqq6UNbQKiNVFVYFQ+0ojQPVS9PpX2gLxVVJaRGVUABFamtKFvNnP//vzOzszOz3vF69vw/Hyn57c6cmXPmzJnZ/e76uwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJrd/ob5z9SKoqj/1/jf9qJ4Qf3jyantjcted723EAAAAFiv/2v8//mb0gWH+rhR0zJ/94p//NrS0tJS8b7R3x3/wtJSumKqKMa3FkXjuujKv7+/1rxM8EQxURtp+nykx+pHe1w/1uP68R7Xb+lx/dYe10/0uH7FDlhhsvx5TOPOdjU+3F7u0uLmYrxx3a4Ot3qitnVkJP4sp6HWuM3S+PFioThZzBezLcuXy9Yay3/j9vq63lrEdY00rWtn/Qj5wSeOxW2ohX28q2Vdy/cZfe/1xdQPf/CJY398/rlbO82eu6Hl/srtvPuO+nZ+KlxSbmut2Jr2SdzOkabt3NnhORlt2c5a43b1j9u38/k+t3N0eTM3VPtzPlGMND7+VmM/jTX/WC/tp53hsv++syiKS8ub3b7MinUVI8W2lktGlp+fifKIrN9H/VB6cTG2puP09j6O0/qc29V6nLa/JuLzf3u43dgq29D8NH3vk1tWPO9rPU6j+qNe7bXSfgwO+rUyLMdgPC6+1XjQT3Y8BneFx/+Ju1Y/BjseOx2OwfS4m47BO3odgyNbRhvbnJ6EWuM2y8fg7pblRxtrqjXms3d1PwZnzp86O7P4sY+/duHU0RPzJ+ZP7929e3bvvn0HDhyYOb5wcn62/P9V7u3ht60YSa+BO8K+i6+BV7ct23yoLn1pcK/DiS6vw+1tyw76dTjW/uBqG/OCXHlMl6+NR+s7feLySLHKa6zx/Nyz/tdhetxNr8Oxptdhx68pHV6HY328DuvLnL2nv+9Zxpr+67QN1+prwfamY7D9+5H2Y3DQ348MyzE4EY6Lf71n9a8FO8P2Pjm91u9HRlccg+nhhvee+iXp+/2JA43R6bi8rX7FDVuKC4vz5+57/Oj58+d2F2FsiJc0HSvtx+u2psdUrDheR9Z8vB5aeMWTt3W4fHvYVxOvrf9vYtXnqr7M/fd1f64aX90678+WS/cUYQzYRu/PTl/N6/szZcku+7O+zKdm1v+9eMqlTe+/46u8/8bc/5NyfemunhgdHytfv6Np74y3vB+3PlVjjfeuWmPdz8/09348Hv7b6Pfjm7u8H+9oW3bQ78fj7Q8uvh/Xev20Y33an8+JcJycnO3+flxfZseetR6TY13fj+8Msxb2/2tCUki5qOnYWe24TesaGxsPj2ssrqH1ON3bsvx4yGb1dT295+qO07vvLO9rND26ZRt1nE61LTvo4zS9X612nNZ6/fTt6rQ/nxPhuLh5b/fjtL7MM/ev/71zMn7Y9N65pdcxOD66pb7N4+kgLN/vlybjMXhfcaw4U5ws5hrXbmkcT7XGuqYf6O8Y3BL+2+j3yh1djsG725Yd9DGYvo6tduzVxpbfSAao/fmcCMfFUw90Pwbry7xx/2C/d707XJKWafretf3na6v9zOu2seX7K67xz7zq2/k3+7v/bLa+zMkDa82Z3ffTveGSGzrsp/bX72qvqbliY/bTjrCdzx1YfT/Vt6e+zBcO9nk8HSqK4uJHHm78vDf8fuXPL3z7ay2/d+n0O52LH3n4+zce/9u1bD8Am99PyrGt/FrX9Jupfn7/DwAAAGwKMfePhJnI/wAAAFAZMffHfxWeyP8AAABQGTH3j4WZZJL/d7zxuYWfXCxSM38piNen3fBIuVzsuM6Gz6eWltUvf/gr8z/6y4v9rXukKIofP/IbHZff8UjcrtJU2M4rb2q9fOUNL/a1/iOPLS/X3F//Yrj/+Hj6PQw6VXBni6L4xk2fa6xn6v2XG/OZR4405rsvPflEfZnnD5afx9s/+5Jy+T8I5d9Dx4+23P7ZsB++G+bs2zrvj3i7r15+zc79711eX7xd7Y4XNh72Ux8o7zf+nZzPP1EuH/fzatv/V599+qv15R9/VeftvzjSefufDvf7lTD/5+Xl8s3PQf3zeLtPh+2P64u3u+/L3+y4/Vc+Uy5/9s3lckfCjOu/O3y+683PLTTvr8drR1seV/GWcrm4/tlv/3bj+nh/8f7bt3/i8OWW/dF+fDzzz+X9zLQtHy+P64n+om399ftpPj7j+p/+rSMt+7nX+q+8+9mX1++3ff33ti032nb79r/Y9Ief/lzH9cXtOfRnZ1sez6F3hddxWP9THwjHY7j+f698rmW90ZF3tb7/xOW/uP1iy+OJ3vrDcv1XHjrRmP8x9aPfv+EFN77w0ivr+64ovvWe8v56rf/EH51p2f4v3XJP4/mI18eOfvv6VxPXf+6j06fPLF5YmGvaq42/nfP2cnu2Tkxuq2/vTeG9tf3zw2fOf3D+3NTs1GxRTFX3T+hdtS+H+f1yXFrr7e95LDyft/3eN7bd9U+fjZf/y6Pl5ZffVn7denVY7vPh8u3l87dUW+f6n7r9lsbru/ZM+XlLj30Adu76zwN9LRgef/v3BfF4P/vSDzb2Q/26xteN+Lpe5/Z/Z668n6+H/boU/jLzHbcsr695+fi3ES6/p3y9r3v/hbe5+Lz+SXi+3/Hd8v7jdsXH+53wfcw3d7S+38Xj4+sXR9rvv/FXPC6F95PiUnl9XCru78vP39Jx8+LfISku3dr4/HfS/dy6poe5msWPLc6cXDh94fGZ8/OL52cWP/bxw6fOXDh9/nDjb3ke/lCv2y+/P21rvD/Nze+7v5idLIriTDG7AW9Y12b76x/1t/1nHzs2t3/2rrn540cvHD//2Nn5cyeOLS4em59bvOvo8ePzH+11+4W5B3fvObh3/57pEwtzDx44eHDvwemF02fqm1FuVA/7Zj88ffrc4cZNFh+8/+DuBx64f3b61Jm5+Qf3z85OX+h1+8bXpun6rX99+tz8yaPnF07NTy8ufHz+wd0H9+3b0/OvAZ46e3xxaubchdMzFxbnz82Uj2XqfOPi+te+Xrenmhb/rfx+tl2t/EN8xTvv3Zf+PmvdVz656l2Vi7T9AdHnwt+i+YcXnT3Qz+cx94+HmWSS/wEAACAHMfdvCTOR/wEAAKAyYu7fGmYi/wMAAEBlxNw/EWaSSf7X/9f/76//X16v/59X///sR8pe6Wbv/8f+vP5/Hq5z/3/d69f/1/+vXv+///78Zt9+/X/9f1Yatv5/zP2TRZFl/gcAAIAcxNy/LcxE/gcAAIDKiLn/hjAT+R8AAAAqI+b+F4SZZJL/9f/76v/v6VW4qn7/3/n/9f+Lzdn/j0+O/n821ty/f++jLZ/q/wf6//r/+v/6//r/rNv4qtdcr/5/zP03hplkkv8BAAAgBzH3vzDMRP4HAACAyoi5/6YwE/kfAAAAKiPm/u1hJpnkf/1/5//X/9f/r3T/f73n/2/aGP3/zcH5/7vT/+/hqvv/E/r/m7H/Pz7Y7R/u/n/Pzdf/55oYtvP/x9z/ojCTTPI/AAAA5CDm/heHmcj/AAAAUBkx978kzET+BwAAgMqIuf/mMJNM8r/+v/6//r/+v/5/5/X3Pv9/+ZH+/3DR/+9O/78H5//Pq/8/4O0f7v7/oM//P/6m9tvr/9PJsPX/Y+5/aZhJJvkfAAAAchBz/y1hJvI/AAAAVEbM/S8LM5H/AQAAoDJi7t8RZpJJ/tf/1//X/9f/1//vvP7e/f+S/v9w0f/vTv+/B/1//X/9//76/x2++dX/p5Nh6//H3H9rmEkm+R8AAAByEHP/bWEm8j8AAABURsz9PxVmIv8DAABAZcTcvzPMJJP8r/+v/6//n1f//94t+v/6/9Wm/9+d/n8P+v/6//r/fZ7/f6W19P+39rozKmPY+v8x9788zCST/A8AAAA5iLn/FWEm8j8AAABURsz9rwwzkf8BAACgMmLunwozyST/6/9Xq///p3/91CsL/X/9/x7rH0T/vxYuHaL+fzwMhr7//5D+/zWl/9+d/n8P+v/6//r/G9L/Jx/D1v+Puf/2MJNM8j8AAADkIOb+O8JM5H8AAACojJj77wwzkf8BAACgMmLu3xVmkkn+1/+vVv8/0v/X/++2/o06//9YeD7Tcen8/87/vwH0/ztoepHq//eg/6//n33/P373q//PYAxb/z/m/leFmWSS/wEAACAHMfffVbT9Elf+BwAAgMpo5P5ionh1mIn8DwAAAJURc//dYSaZ5H/9/6vv/483faz/37r9+v+tcu3/b/D5/xP9/7zp/3e31v7/Fv1//X/9/8z6/+s7//9k+Fj/n2jY+v8x978mzCST/A8AAAA5iLn/njAT+R8AAAAqI/77zfLfvcr/AAAAUEUx90+HmWSS//X/nf8/p/5/Tf9/QP3/+Ij1/wv9/6Gj/9+d8//3oP+v/6//v67+v/P/027Y+v8x9782zCST/A8AAAA5iLn/vjAT+R8AAAAqI+b+mTAT+R8AAAAqI+b+2TCTTPK//r/+f079f+f/d/5//f/q0//vTv+/B/1//f+q9f+LQv+f62rY+v8x9+8OM8kk/wMAAEAOYu7fE2Yi/wMAAEBlxNy/N8xE/gcAAIDKiLn//jCTTPK//r/+v/6//r/+f+f16/9vTvr/3en/96D/r/9ftf6/8/9znQ1b/z/m/gfCTDLJ/wAAAJCDmPv3hZnI/wAAAFAZMffvDzMJ+b/Tv+sGAAAANpeY+w+EmWTy+3/9/4r0/3/z71vWrf+v/99t/YPp/0/q/4ep/z9cKtr/b39ZXDX9/x70//X/9f/1/xmoYev/x9x/MMwkk/wPAAAAOYi5/3VhJvI/AAAAVEbM/T8dZiL/AwAAQGXE3P8zYSaZ5P/B9v8n9f+bZHX+/8nW7df/73x8VKv/7/z/+v/DqaL9/4GpVP9/RP9f/3+4tl//X/+fla59/z9+1F//P+b+B8NMMsn/AAAAkIOY+382zET+BwAAgMqIuf+hMBP5HwAAACoj5v5DYSaZ5H/n/9f/d/5//f9r0/9/qGg3jP3/+sGj/18t+v/dVar/7/z/+v9Dtv36//r/rDRs5/+Puf/1YSaZ5H8AAADIQcz9D4eZyP8AAABQGTH3vyHMRP4HAACAyoi5/41hJpnkf/1//X/9f/1/5//vvH79/81J/787/f8e9P/1//X/9f8ZqGHr/8fc/6Ywk0zyPwAAAOQg5v43h5nI/wAAAFAZMfe/JcxE/gcAAIDKiLn/rWEmmeR//X/9f/1//X/9/87r1//fnPT/u9P/70H/X/9f/1//n4Eatv5/zP0/F2aSSf4HAACAHMTc/0iYifwPAAAAlRFz/9vCTOR/AAAAqIyY+98eZpJJ/tf/38T9/zH9f/1//X/9/97rzY3+f3f6/z3o/+v/6//r/zNQw9b/j7n/HWEmmeR/AAAAyEHM/T8fZiL/AwAAQGXE3P/OMBP5HwAAACoj5v5fCDPJJP/r/2/i/n8lz/+/dLH5dhXr/9cX0/+/Xv3/+o30/7Og/9+d/n8PHfr/W/X/8+r/L4V3ef1//X8GYtj6/zH3vyvMJJP8DwAAADmIuf/dYSbyPwAAAFRGzP3vCTOR/wEAAKAyYu5/NMwkk/yv/59l/z895OHr/692/v/JxnWbvP/v/P/O/6//vwGq2/9f8111pP/fg/P/6/87/7/+PwM1bP3/mPsfCzPJJP8DAABADmLuf2+YifwPAAAAlRFz/y+Gmcj/AAAAUBkx978vzCST/K//n2X/f4jP/79a/3+znv9/rCgml9eTU/9/oun5TMel/r/+/waobv9/MPT/e9D/1/8f5v5/OJonV7m9/j/DaNj6/zH3vz/MJJP8DwAAADmIuf+XwkzkfwAAAKiMmPt/OcxE/gcAAIDKiLn/V8JMMsn/+v/6//r/zv/v/P+d16//vznp/3en/9+D/r/+/zD3/3vQ/2cYDVv/P+b+Xw0zWTX4ff+/+niYAAAAwBCJuf8DYSaZ/P4fAAAAchBz/+EwE/kfAAAAKiPm/iNhJpnkf/3/9v5/PKOq/r/+v/6//r/+/2Y0uP7/y24sCv3/yvT/J/rcAP1//X/9f/1/BmrY+v8x9x8NM8kk/wMAAEAOYu7/tTAT+R8AAAAqI+b+Y2Em8j8AAABURsz9c2EmmeT/69j/Hx/O/r/z/19t///H+v/6/4H+f2f6/xvD+f+7y7b/3y/9f/1//X/9fwZq2Pr/MffPh5lkkv8BAACgwtKPg2PuPx5mIv8DAABAZcTcfyLMRP4HAACAyoi5/4NhJpnkf+f/1/93/v/r0f8fa1le/7+k/6//Pwj6/93p//eg/6//r/+v/89ADVv/P+b+hTCTTPI/AAAA5CDm/g+Fmcj/AAAAUBkx9384zET+BwAAgMqIuf9kmEkm+V//X/8/9/5/rSguOf+//n+n9ev/b076/93p//eg/6//r/+v/89ADVv/P+b+U//P3n002XVWexw+9pUVbtWty0fwmBFDGJmPwJQZVYzJJgdZ5Awm52CyyTmDyTnnbHKOJhqqRLm11pK6z+m9JfXuPnu/7/NM1m2V+p7TVlvwp+tXO27pZP8DAABAD3L33zNusf8BAACgGbn77xW32P8AAADQjNz9945bOtn/+n/9f+/9/2orz//f/fv1/+fo//X/U1jr749t/n37ReH79v93uOO1d9P/6//1/4P0//p//T97za3/z91/n7ilk/0PAAAAPcjdf9+4xf4HAACAZuTuv1/cYv8DAABAM3L3Xxu3dLL/9f/6f/2//n9X/3+T/l//v2ye/z9M/z9C/6//1//r/5nU3Pr/3P33j1s62f8AAADQg9z9D4hb7H8AAABoRu7+B8Yt9j8AAAA0I3f/g+KWTva//l//r/9fSv9/3PP/93w9+n/9/yb6/2H6/xH6f/2//l//z6Tm1v/n7n9w3NLJ/gcAAIAe5O5/SNxi/wMAAEAzcvc/NG6x/wEAAKAZufsfFrd0sv/1//p//f9S+v8jev6//l//v3A3rM7/naD/X6f/HzHS/69W+v8hF93Pb/7ylvP+96H/1/+zbm79f+7+h8ctd16tjl/uFwkAAADMSu7+R8Qtnfz8HwAAAHqQu/903GL/AwAAQDNy918Xt3Sy//X/+n/9v/5f/7/59fX/y+T5/8MO3v/f/nb3uHu//X8zz/8/u+m/uWy/nz+obb//6fv/274z9P8s29z6/9z9Z+KWTvY/AAAA9CB3/yPjFvsfAAAAmpG7/1Fxi/0PAAAAzcjd/+i4pZP9r/9vrf//n12fd0H/v1O76P/1//p//X/r9P/DPP9/xM5fc6fqw2b7/31su59f+vv3/H/9P+vm1v/n7n9M3NLJ/gcAAIAe5O5/bNxi/wMAAEAzcvc/Lm6x/wEAAKAZufsfH7d0sv/1/631/7s/z/P/9f+bXl//r/9vmf5/mP5/RCvP/7/M75pt9/MHte33r//X/7Nubv1/7v4nxC2d7H8AAADoQe7+J8Yt9j8AAAA0I3f/k+IW+x8AAACakbv/yXFLJ/tf/6//X0b/n6+g/9f/H37/n/T/y/O/+v9R+v8RrfT/l2nb/fzS37/+X//Purn1/7n7nxK3dLL/AQAAoAe5+58at9j/AAAA0Izc/U+LW+x/AAAAaEbu/qfHLZ3sf/2//n8Z/b/n/+v/Pf9f/39x9P/D9P8j9P/6f/2//p9Jza3/z91/fdzSyf4HAACAHuTuf0bcYv8DAABAM3L3PzNusf8BAACgGbn7nxW3dLL/9f/6f/2//l//v/n19f/LpP8fpv8fof/X/+v/9f9Makb9/wWfdXL17Lilk/0PAAAAPcjd/5y4xf4HAACAZuTuf27cYv8DAABAM3L3Py9u6WT/6/9n0//v5Hxt9f+nVquV/n/Vaf9/6oI/z/q+1P/r/4+A/n+Y/n+E/l//r//X/zOpGfX/Ox/n7n9+3NLJ/gcAAIAe5O5/Qdxi/wMAAEAzcve/MG6x/wEAAKAZuftfFLd0sv/1/7Pp/3e01f97/v/e74+e+n/P/1+n/z8a+v9h+v8R+n/9v/5f/8+k5tb/5+5/cdx0/KrL/hIBAACAmcnd/5K4pZOf/wMAAEAPcve/NG6x/wEAAGChrl/7ldz9L4tbOtn/+v9p+//jF/ya/l//v/f7Q/+v/9f/Hz79/zD9/wj9v/5f/6//Z1Jz6/9z9788bulk/wMAAEAPcvffELfY/wAAANCM3P2viFvsfwAAAGhG7v5Xxi2d7H/9v+f/6//1//r/za+v/18m/f8w/f8I/b/+f7v9/4nz/6f+nzZcQv9/9uzZ04fe/+fuf1Xc0sn+BwAAgCbt+Vlp7v5Xxy32PwAAADQjd/9r4hb7HwAAAJqRu/+1cUsn+1//32n/n9/qy+r/r1ut9P/6f/2//n+Y/n+Y/n+E/l//7/n/+n8mNbfn/+fuf13c0sn+BwAAgB7k7r8xbrH/AQAAoBm5+18ft9j/AAAA0Izc/W+IWzrZ//r/Tvt/z//X/+v/j7r/v3Wl/z8Si+j/T+3/+nPv/8/o//X/A7rr/+9yp10f6v/1/6ybW/+fu/+NcUsn+x8AAAB6kLv/TXGL/Q8AAADNyN3/5rjF/gcAAIBm5O5/S9x0rJP9r//X/+v/9f/6/82vf8TP/z++Wq30/xNYRP8/YO79/zTP/9/7b/l5+n/9/5Lfv/5f/8+6ufX/ufvfGrd0sv8BAACgB7n73xa32P8AAADQjNz9b49b7H8AAABoRu7+d8Qtnex//b/+X/+v/59V/3/FIfT/ZxbR/3v+/0T0/8Pm0f/vT/+v/1/y+9f/6/+5eNvq/3P3vzNu6WT/AwAAQA9y978rbrH/AQAAoBm5+98dt9j/AAAA0Izc/e+JWzrZ//p//f+l9P/5Pnvr/0/F72u1/z8xp/5/5++Zk7v+/3Xy/H/9/0T0/8P0/yP0//p//f/1+n+mNLfn/+fuf2/c0sn+BwAAgB7k7n9f3Pqfbu1/AAAAaEbu/vfHLfY/AAAANCN3/wfilk72v/5f/+/5/57/P6vn/58+hOf/6/+7ov8fpv8fof/X/+v/Pf+fSc2t/8/d/8G4pZP9DwAAAD3I3f+huMX+BwAAgGbk7v9w3GL/AwAAQDNy998Ut3Sy//X/+n/9v/5f/3/uz1D/3wb9/7Cj6f9P6f/1/9XPXxH/Fuj/9f9jn0+b5tb/5+7/SNzSyf4HAACAHuTu/2jcYv8DAABAM3L3fyxusf8BAABgkY5t+LXc/R+PWzrZ//p//b/+f8L+/8qV/n+h/f+m19f/L9NW+v/8ptD/e/5/6Kf/v3rXR9t+/v+xS3z/e//zaxv9/wXrQ/9Pk+bW/+fu/0Tc0sn+BwAAgB7k7v9k3GL/AwAAQDNy938qbrH/AQAAoBm5+z8dt/Sw//9P/7/S/x+k/z+j//f8f/2//n9uPP9/mP5/hP5/q8/PX/r79/x//T/r5tb/5+7/TNzSw/4HAACATuTu/2zcYv8DAABAM3L3fy5usf8BAACgGTu7P+OyDve//l//7/n/+n/9/+bX1/8vk/5/mP5/hP5f/6//1/8zqbn1/5/f+ayTqy/ELZ3sfwAAAOhB7v4vxi32PwAAADQjd/+X4hb7HwAAAJqRu//LcUsn+1//r/9fRv9/9uzZ0/p//f/ur+d8/3+z/p+i/x+m/x+h/9f/6//1/0xqbv1/7v6vxC2d7H8AAADoQe7+r8Yt9j8AAAA0I3f/1+IW+x8AAACakbv/63FLJ/tf/z+D/v+k/t/z//X/K8//1/9PRP8/TP8/osX+/+TFf/nb7ucPatvvX/+v/2fd3Pr/3P3fiFs62f8AAADQg9z934xb7H8AAABoRu7+b8Ut9j8AAAA0I3f/t+OWTva//v/o+v/b/tn18vz/U6vN71//r//X/+v/D5v+f5j+f0SL/f8l2HY/v/T3r//X/7Nubv1/7v7vxC27h99Vl/ZVAgAAAHOSu/+7cUsnP/8HAACAHuTu/17cYv8DAABAM3L3fz9u6WT/6/9n8Pz/Bvt/z//f/P2h/591/3+l/r8N+v9h+v8R+n/9v/5/ov4/v5v1/72bW/+fu/8HcUsn+x8AAAB6kLv/h3GL/Q8AAADNyN3/o7jF/gcAAIBm5O6/OW65YP9vartbof/X/+v/9f/6/82vr/9fJv3/sIvt/0+sDtb/J/2//l//32v/7/n/nDO3/j93/4/jFj//BwAAgMW5ap9fz93/k7jF/gcAAIBm5O7/adxi/wMAAEAzcvf/LG655cptvaUjpf/X/+v/9f/6/82vr/9fJv3/MM//H6H/n6Kfv0b/30b/v1rp/zm4ufX/uft/Hrf4+T8AAAA0I3f/L+IW+x8AAACakbv/l3GL/Q8AAADNyN3/q7ilk/2v/9f/H7D/30kz9f/n6P/P0f9vpv8/Gvr/Yfr/Efp/z//X/3v+P5OaW/+fu//XcUsn+x8AAAB6kLv/N3GL/Q8AAADNyN3/27jF/gcAAIBm5O7/XdzSyf6ftP+/MSrsi+n/4x+1/n/x/b/n/+v/9f/6/1nR/w/T/4/Q/+v/9f/6fyY1t/4/d//v45ZO9j8AAAD0IHf/H+IW+x8AAACakbv/j3GL/Q8AAADNyN3/p7ilk/3v+f/6f/2//l//v/n19f/LpP8fpv/frP6g9P/6f/2//p9Jza3/z93/57ilk/0PAAAAPcjd/5e4xf4HAACAZuTuvyVusf8BAACgGbn7/xq3dLL/9f/6f/2//l//v/n19f/LNKv+/5j+/8LPvev/j7+s5/9vvf/Pt6D/1//r/5nE3Pr/3P1/i1s62f8AAADQg9z9f49b7H8AAABoRu7+f8Qt9j8AAAA0I3f/P+OWTvb/SP9/on6j/n+Q/n/3+9f/b/7+0P/r//X/h29W/b/n/y/m+f9F/+/5//p//T+Tmlv/n7v/X3FLJ/sfAAAAepC7/9a4xf4HAACAZuTu/3fcYv8DAABAM3L3/ydu6WT/e/7/kvr/a/T/+n/9v/5f/z9C/z9M/z9C/6//v4T3f/Wej/X/+n/Wza3/z93/3wAAAP//tmNCRw==")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000240)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f})
r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_FSGETXATTR(r0, 0x801c581f, 0x0)

4m35.655714764s ago: executing program 5 (id=995):
syz_mount_image$ocfs2(&(0x7f0000004840), &(0x7f00000001c0)='./bus\x00', 0x8c0, &(0x7f0000004680)=ANY=[@ANYBLOB="61636c2c6e6f696e74722c6174696d655f7175616e74756d3d30303030303030303030303030303030303030372c6c6f63616c666c6f636b732c6c6f63616c616c6c6f633d30303030303030303030303030303030303030332c6c6f63616c666c6f636b732c696e74722c6865617274626561743d6e6f6e652c0024855616ead4c7dc9e9da093713b0e6a6e67e1af8e4f5d7cbff1185218b41bcefa2f4f41b8212051258a0a6168526c8eef9d759bbb36a4b49ff8042320899ca9b6e9fa68a0abe364e0e2d46408f18da37d557aa1ebb8aa29451a584f1980dc477bd97f6a0446b8957872e51c2adf98e1acff806babdc9d58bc06d6d0b19476862cebe64cafa5a069852602786f40bf6a1bf7594e171d16ced9409b168ef591c2f5b676a2eb18e8a3b91275fd4467aea2037bd9790e240137bc7c80cc99e9dd662a5f"], 0x7, 0x4430, &(0x7f0000000240)="$eJzs3c9PHNcdAPA3A67BtV1wfXClSl2pllq1FQKf2mKpGGNjsKkrt7aqXNYLrG2ShbVgiXLwgdws5RQphygHK5Fy42RxyNX5E3LJ0TlbSg65RIpkhWh3Z2FndldsEAux8/kcGOb9Zr8zb98chhcnKg+W1nJLa7nCSq68cG/tQu7tcml9uRjiQ9K2/2OH1z/d6cV1ctTX3i/ZzctX/3vnQgifL375Ynt7eztU9Ye2xpp+/+7bRwvNx4Y4U6fabvvWDsobIYSzLeOq6gsh/P+zEKIQwqUkbTI5DoYQToV63p1H793NHdBonj4vXsy/nHu8NX5+dvPJVue/PQrho9Lv/nZ/+es/9o1/9ZcD6h4AAAAAAAAAAAAAAAAAgFfc9K2bt/8zOhaeRaF/M2p9X3c6OXZ6P3b7wPyh938sAAAAAAAAAAAAAAAAAAAA/Eztvv+fi860ef9/KjlOdKi//a/ej5Hemfn3zakro2PJ/u9RS/7fk6RvLvWF4Tb7vmf3f7+Uqd9+//fWfvarMb5Gv0MhikdS53E8MhLCJ8nG7+eiE3GpvFb5673y+srigQ3jlZWOf333/lR0kg39u43/ZKb93u///9uWq6l6fvfgLrHXWjr+fR3Lffpu1FX8L2fqHUb82b90/PtraYPNBSbqE0A1/u/37x3/qUz7vYr/6RBCLqqONZeaAaprmGp6p/UKaen4H6ulpabO5IPsdP9/n4n/lUz7RzX/b2S/iGgrHf9f1dIGUiV27//heO/7/2qm/aOIf3X8G77/u5KO//F6Yn+qSO2T7Hb+n86036v4346TcZ6OUlfAZlRP7/T/6khLx3+gJX/3+S/uav13LVP/sJ7/Gv02nv8a0/+fo/rzH+2l4z/YsVy39/9Mpl6v5/+J2vqP/UrH/0QtLb12Hqr97Db+s5n2exX/2qpkoBH/3fnkh+P19I+t/7qSjv+v64lxc4mN2s/a+i/ae/1/PdP+Uaz/quPfiHvb6+siHf+THctV4/9FF9//NzL1muLfurg4IKPW+vuWjv+pjuVq9//A3vGfy9Tr9f3/p142DgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAKmEyOQyEaSp/H8chICJeT83PhRDRfWMzPl8oLb62FMJWk58KZ6H6pPF8o5ZdWyovFfKFUKi+EcCXJPxsGorVSuZJfLjy8utPWYPSgWFitzBcLlRDCdJL++3Cq0db8UmW58DCEcG0n7zdxefXhg8JKfnFp9Z+jo6OjYWZnDMNR8Z1KcaVS772eG8LsTt2hqGlwtezrO2M5Gb1ZXl9dKZRq6Tea6pTKC4VSU525JO+DMBxVVtdXFgqVYr5Uvt/o7yhNJMepmVv/u3VjrCX/blQ/Th7usAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4iZ6N/+PDEEJ//SwOIUw0fonalX/6vHgx/3Lu8db4+dnNJ1svOpUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Ed24EAAAAAAAMj/tRGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsEvHKA0EURiA34yF2nkMq2W3s11RRAtXBE+gx/AwehQv4R1SpEibIgSSWQibXdgmqb6veTA/M+/BPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHme3ruPt7qJSHG1uYz4+/pfHOYvpf7cj9+/OMOMnM7za/fwWDfl39NRfleOlm3epevV92eM1N7vYE+G+7TX97menGtq36bm6/veRMpVRLQlv005V9W8twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACALTtwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgWMBAAAAAGH+1lH0bQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPArAAD//9kGHvg=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000300)='./file1\x00', 0xc4242, 0x5c)
r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x2000, 0x0)
sendfile(r0, r1, 0x0, 0x20fffe82)

4m35.282472001s ago: executing program 5 (id=999):
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000200)={'ip6tnl0\x00', &(0x7f0000000000)={'syztnl0\x00', 0x0, 0x4, 0x0, 0x4, 0xfffffffa, 0x2c, @local, @loopback={0xfec0ffff00000000, 0xffff8881114a4aa8}, 0x80, 0x10, 0x801, 0x8}})
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="24000000760009eeffffffffffffff0400000081", @ANYRES32=0x0, @ANYBLOB="04000d80080001"], 0x24}, 0x1, 0x5502000000000000}, 0x0)

4m35.234695964s ago: executing program 35 (id=999):
ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000200)={'ip6tnl0\x00', &(0x7f0000000000)={'syztnl0\x00', 0x0, 0x4, 0x0, 0x4, 0xfffffffa, 0x2c, @local, @loopback={0xfec0ffff00000000, 0xffff8881114a4aa8}, 0x80, 0x10, 0x801, 0x8}})
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="24000000760009eeffffffffffffff0400000081", @ANYRES32=0x0, @ANYBLOB="04000d80080001"], 0x24}, 0x1, 0x5502000000000000}, 0x0)

4m32.680626001s ago: executing program 6 (id=1022):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000240)={'wlan0\x00', <r1=>0x0})
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
sendmsg$NL80211_CMD_SET_CQM(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x28, r2, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_CQM={0xc, 0x5e, 0x0, 0x1, [@NL80211_ATTR_CQM_TXE_RATE={0x8, 0x5, 0x41}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4c009}, 0x0)

4m32.680187946s ago: executing program 6 (id=1023):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x25, 0x0, &(0x7f0000000180))

4m32.629330276s ago: executing program 6 (id=1024):
openat$ptmx(0xffffffffffffff9c, &(0x7f00000001c0), 0x240, 0x0)
unshare(0x26020480)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x3, &(0x7f0000000040)=@framed={{0x18, 0x0, 0x3, 0x0, 0x1001, 0x0, 0x0, 0x0, 0x3}}, &(0x7f0000000080)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41000}, 0x94)

4m32.628931264s ago: executing program 6 (id=1025):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f00000001c0)='./file1\x00', 0x404, &(0x7f0000000380)={[{@nogrpid}, {@resuid={'resuid', 0x3d, 0xee01}}, {@resgid}, {@nomblk_io_submit}, {@nombcache}, {@resgid={'resgid', 0x3d, 0xee00}}]}, 0x1, 0x42f, &(0x7f0000000940)="$eJzs289rHFUcAPDvzCat/WViqT+aVo1WMfgjadJae/CiKHhQEPRQjzFJS+y2kSaCLUGjSD1Kwbt4FPwLPOlF1JPgVe9SKJJLq6eV2Z1Jdje7aZJustX9fGCS92be8t53Z97ue/N2AuhZw9mfJGJ/RPweEQO1bGOB4dq/W8uLU38vL04lUam89VdSLXdzeXGqKFq8bl+R6YtIP0viSIt65y9fOT9ZLs9cyvNjCxfeH5u/fOW52QuT52bOzVycOH365InxF05NPN+ROLO4bg59NHf08GvvXHtj6sy1d3/+Ninib4qjQ4bXO/hkpdLh6rrrQF066etiQ9iUUq2bRn+1/w9EKVZP3kC8+mlXGwdsq0qlUnmg/eGlCvA/lkS3WwB0R/FFn81/i22Hhh53hRsv1SZAWdy38q12pC/SvEx/0/y2k4Yj4szSP19lW2zPfQgAgAbfZ+OfZ1uN/9Kovy90b76GMhgR90XEwYg4FRGHIuL+iGrZByPioU3W37xIsnb8k17fUmAblI3/XszXthrHf8XoLwZLee5ANf7+5OxseeZ4/p6MRP/uLD++Th0/vPLbF+2O1Y//si2rvxgL5u243re78TXTkwuTdxJzvRufRAz1tYo/WVkJSCLicEQMbbGO2ae/Odru2O3jX0cH1pkqX0c8VTv/S9EUfyFZf31y7J4ozxwfK66KtX759eqb7eq/o/g7IDv/e1te/yvxDyb167Xzm6/j6h+ft53TbPX635W83bDvw8mFhUvjEbuS12uNrt8/0VRuYrV8Fv/Isdb9/2CsvhNHIiK7iB+OiEci4tG87Y9FxOMRcWyd+H96+Yn3th7/9srin97U+V9N7IrmPa0TpfM/ftdQ6eBm4s/O/8lqaiTfs5HPv420a2tXMwAAAPz3pBGxP5J0dCWdpqOjtd/wH4q9aXlufuGZs3MfXJyuPSMwGP1pcadroO5+6Hg+rS/yE035E/l94y9Le6r50am58nS3g4cet69N/8/8Wep264Bt53kt6F36P/Qu/R96l/4PvatF/9/TjXYAO6/V9//HXWgHsPOa+r9lP+gh5v/Qu/R/6F36P/Sk+T1x+4fkJSTWJCK9K5ohsU2Jbn8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAdMa/AQAA//9QOObV")
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3813009, 0x0, 0x1, 0x0, 0x0)
setxattr$trusted_overlay_origin(&(0x7f0000000180)='./file0\x00', &(0x7f0000000000), &(0x7f0000000b40), 0xfe1c, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000080)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}]})

4m32.537343025s ago: executing program 6 (id=1026):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="5000000020000103feffffff0000000002000000000000000400010008000a000008000005001e"], 0x50}}, 0x4000850)

4m30.352262495s ago: executing program 6 (id=1040):
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f00000000c0)={0x0, 0x0, 0x3}, 0x65)

4m30.22296957s ago: executing program 36 (id=1040):
openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', &(0x7f00000000c0)={0x0, 0x0, 0x3}, 0x65)

4m13.321770376s ago: executing program 7 (id=1195):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000022c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797ad00000000014000000110001"], 0x7c}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01010000000000000000010000000900010073797a30000000002c000000030a01020000000000000000010000000900010073797a30000000000900030073797a310000000038000000030a01040000000000000000010000010900ea0073797a32000000000c00024000000000000000010900010073797a300000000014000000110001"], 0xac}, 0x1, 0x0, 0x0, 0x8040}, 0x0)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]})
close_range(r2, 0xffffffffffffffff, 0x0)

4m13.262091776s ago: executing program 7 (id=1196):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x28, r1, 0x1, 0x70bd29, 0x25dfdbfb, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_TX_RATES={0xc, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0x4}, @NL80211_BAND_60GHZ={0x4}]}]}, 0x28}}, 0x20040848)

4m13.148766603s ago: executing program 7 (id=1197):
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x7fffffff}, 0x10)
sendmsg$kcm(r0, &(0x7f00000016c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)="2e0000004a008102e00f80ecdb4cb9020a", 0x4a}, {&(0x7f0000001700)="0c74c75350f4a590e15c61c7942348092734fe1863473bbce6798a60e9", 0x1d}], 0x2, 0x0, 0x0, 0x10}, 0x0)

4m13.148413703s ago: executing program 7 (id=1198):
syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', 0x4080, &(0x7f00000001c0)=ANY=[@ANYBLOB='lastblock=00000000000000000000,umask=00000000000000000000002,dmode=00000000000000000077777,novrs,shortad,shortad,undelete,iocharset=cp437,shortad,umask=00000000000000000000006,dmode=00000000000000000000002,nostrict,uid=', @ANYRESOCT=0x0, @ANYRES16], 0x2, 0xc36, &(0x7f0000002540)="$eJzs3U9sHNd9B/DfGy3FldxWTOwoThoXm7ZIZcVy9S+mYhXuqqbZBpBlIRRzC8AVSakLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBcgoYzOxbcUmRNi2SEmV9Pjb13Z19b/a9eeMZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxB+8cun0mfSwWwEAPEhXRr56+qz7PwA8Vq75/38AAAAAAAAAAAAAADjoUhTxZKSYvbKaxqr3HfXL7b7bd0aHhreudiRVNQ9V5cuf+pmz585/6YXBC9283J7+gPp77bPx2si1S42XZ27Nzk3Oz09ONEan2+MzE5M73sNu6292sjoAjVuv3564cWO+cfb5cxs+vjPwfv8TxwcuDj576plu2dGh4eGR9SL13vK1+25Ix3YzPA5HEacixXPf+2lqRUQRuz8W9Qc79psdqTpxsurE6NBw1ZGpdmt6ofzwavdAFBGNnkrN7jHaeiyi1vdA+7C9ZsRi2fyywSfL7o3MtuZa16cmG1dbcwvthfbM9NXUaW3Zn0YUcSFFLEXESv+9u+uLImqR4jvHVtP1iDjUPQ5frCYGb9+OYh/7uANlOxt9EUvFIzBmB1h/FPFqpPjZOydiPF9nqmvNFyJeLfMHEW+V+VJEKk+M8xHvbXEe8WiqRRF/WY7/xdU0UV0PuteVy19rfGX6xkxP2e515SPeH+65Ujyk+8ORTflgHPBrUz2KaFVX/NV0/7/ZAQAAAAAAAAAAAAAAAGCvHYkiPhMpXvmPP6nmFUc1L/3YxcE/HPjV3jnjT3/Ifsqyz0fEYrGzObmH88TAq+lqSg95LvHjrB5F/Gme//eth90YAAAAAAAAAAAAAAAAAACAx1oRP4kUL757Ii1F75ri7embjWut61OdVWG7a/9210xfW1tba6RONnOO5VzMuZRzOedKzihy/ZzNnGM5F3Mu5VzOuZIzDuX6OZs5x3Iu5lzKuZxzJWfUcv2czZxjORfLrK93dDlvX8kZB2TtXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAj5MiivhFpPj2N1ZTpIhoRoxFJ5f7H3brAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBSfyri+5Gi8UfNu9tqEZGqfztOlL+cj+bhMj8ZzcEyX4rmpZytKmvNbz2E9rM7famIH0eK/vrbdwc8j39f593d0yDe+ub6u8/WOnmo++HA+/1PHD92cXD4N57e7nXaqgEnL7enb99pjA4ND4/0bK7lb/9kz7aB/L3F3nSdiJh/483XW1NTk3P3/6I8BXZR/RF6kWqPS08f1ovFvTgh9+5F1A5EMx5O33kMlPf/9yLF7777n90bfuf+X49f6by7e4ePn//Z+v3/xc072uH9v7a5Xr7/l/f0re7/T/ZsezH/bqSvFlFfuDXbdzyiPv/Gm6fat1o3J29OTp8/ffrLg4NfPne673BE/UZ7arLn1Z4cLgAAAAAAAAAAAAAAAIAHJxXx+5Gi9ePV1IiIO9V8rYGLg8+eeuZQHKrmW22Yt/3ayLVLjZdnbs3OTc7PT040Rqfb4zMTkzv9uno13Wt0aHhfOvOhjuxz+4/UX56ZfWOuffOPF7b8/Gj90vX5hbnW+NYfx5EoIpq9W05WDR4dGq4aPdVuTVdVr245mf6j60tF/FekGD/fSJ/P2/L8/80z/DfM/1/cvKN9mv//iZ5t5XemVMTPI8Xv/NXT8fmqnUfjnmOWy/1dpDh54XO5XBwuy3Xb0HmuQGdmYFn2/yLFP/1iY9nufMgn18ue2fGBfUSU438sUnz/L74bv5m3bXz+w9bjf3TzjvZp/J/q2XZ0w/MKdt118vifihQvPfl2/Fbe9kHP/+g+e+NELnz3+Rz7NP6f6tk2kL/3t/em6wAAAAAAAAAAAI+0vlTE30eKHw7X0gt5207+/t/E5h3t09//+nTPtom9Wa/oQ1/s+qACAAAAwAHRl4r4SaS4ufD23TnUG+d/98z//L31+Z9DadOn1Z/z/Vr13IC9/PO/XgP5e8d2320AAAAAAAAAAAAAAAAAAAA4UFIq4oW8nvpYNZ9/Ytv11JcjxSv/81wul46X5brrwA9Uv9avzEyfujQ1NTPeWmhdn5psjMy2xifLuk9FitW//VyuW1Trq3fXm++s8b6+FvtcpBj+h27Zzlrs3bXJn1ove6Ys+4lI8d//uLFsdx3rT62XPVuW/ZtI8fV/2brs8fWy58qy340UP/p6o1v2aFm2+3zUT6+XfX58ptiHUQEAAAAAAAAAAAAAAAAAAOBx05eK+PNI8b+3lu7O5c/r//f1vK289c2e9f43uVOt8z9Qrf+/3ev7Wf+/eq7A4nbfCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH08pingzUsxeWU3L/eX7jvrl9vTtO6NDw1tXO5Kqmoeq8uVP/czZc+e/9MLghW5+cP299pl4beTapcbLM7dm5ybn5ycnGqPT7fGZickd72G39Tc7WR2Axq3Xb0/cuDHfOPv8uQ0f3xl4v/+J4wMXB5899Uy37OjQ8PBIT5la331/+z3SNtsPRxF/HSme+95P0w/7I4rY/bH4kHNnvx2pOnGy6sTo0HDVkal2a3qh/PBq90AUEY2eSs3uMXoAY7ErzYjFsvllg0+W3RuZbc21rk9NNq625hbaC+2Z6aup09qyP40o4kKKWIqIlf57d9cXRbweKb5zbDX9a3/Eoe5x+OKVka+ePrt9O4p97OMOlO1s9EUsFY/AmB1g/VHEP0eKn71zIv6tP6IWnZ/4QsSrZf4g4q3ojHcqT4zzEe9tcR7xaKpFEf9fjv/F1fROf3k96F5XLn+t8ZXpGzM9ZbvXlUf+/vAgHfBrUz2K+FF1xV9N/+6/awAAAAAAAAAAAAAAAIADpIhfjxQvvnsiVfOD784pbk/fbFxrXZ/qTOvrzv3rzpleW1tba6RONnOO5VzMuZRzOedKzihy/ZzNMutra2P5/WLOpZzLOVdyxqFcP2cz51jOxZxLOZdzruSMWq6fs5lzLOdizqWcyzlXcsYBmbsHAAAAAAAAAAAAAAAAAAB8vBTVPym+/Y3VtNbfWV96LDq5bD3Qj71fBgAA//8dq/O8")
mount$bind(&(0x7f00000002c0)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x109041, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000040)='./file0/file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x81105a, 0x0)
mount$bind(&(0x7f0000000880)='./file0/../file0\x00', &(0x7f0000000440)='./file0/file0\x00', 0x0, 0x1adc11, 0x0)
mount$bind(&(0x7f0000000100)='./file0/../file0\x00', &(0x7f0000000080)='./file0/file0/file0\x00', 0x0, 0x887008, 0x0)
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00')
read$FUSE(r0, &(0x7f0000006b40)={0x2020}, 0x206e)

4m13.078079951s ago: executing program 7 (id=1201):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000003c0), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000540)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_NEW_KEY(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000680)={&(0x7f0000000000)={0x50, r0, 0x801, 0x70bd2d, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_KEY={0x28, 0x50, 0x0, 0x1, [@NL80211_KEY_DATA_WEP104={0x11, 0x1, "4abee33908f8eef16f162471f4"}, @NL80211_KEY_IDX={0x5, 0x2, 0x3}, @NL80211_KEY_CIPHER={0x8, 0x3, 0xfac04}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x24048040}, 0x40010c0)

4m12.804608645s ago: executing program 7 (id=1205):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0x400000000000000d}, 0x18)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
syz_usb_connect$cdc_ecm(0x2, 0x5e, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000202505a1a44000000001010902"], 0x0)
getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000000000)=""/108, &(0x7f0000000080)=0x18)

4m12.632388692s ago: executing program 37 (id=1205):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000002c0)='contention_begin\x00', r0, 0x0, 0x400000000000000d}, 0x18)
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
syz_usb_connect$cdc_ecm(0x2, 0x5e, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000020000202505a1a44000000001010902"], 0x0)
getsockopt$IP_VS_SO_GET_DESTS(r1, 0x0, 0x484, &(0x7f0000000000)=""/108, &(0x7f0000000080)=0x18)

3m35.525995839s ago: executing program 8 (id=1568):
timer_create(0x3, &(0x7f0000000000)={0x0, 0x38, 0x1, @thr={0x0, 0x0}}, &(0x7f0000000040)=<r0=>0x0)
timer_settime(r0, 0x1, &(0x7f00000000c0)={{}, {0x0, 0x989680}}, 0x0)
mlock(&(0x7f0000000000/0x800000)=nil, 0x800000)
timer_gettime(r0, &(0x7f00000023c0))

3m35.339771775s ago: executing program 8 (id=1572):
syz_mount_image$udf(&(0x7f0000000f00), &(0x7f0000000f40)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xa00010, &(0x7f0000001040)=ANY=[@ANYBLOB='iocharset=koi8-r,noadinicb,lastblock=00000000000000000034,uid=forget,gid=', @ANYRESOCT=0x0, @ANYBLOB="2c73686f727461642c756e64656c6574652c756d61736b3d30303030303030303030303030303030303030303031312c756e686964652c00440c75c891c097786cb179aaf2bf042c54664b24e89e417b353c3e629ff7f5ae9f04e3333fbe6fb128047138060364a8e168332a941e5159ebad4544f81b91efadcd590ae07f01346c3249361dc9a7caa2d0cb9a50119639a16045c0fb4c59067ab0dfa5b5eb31f5663bc936e0d20d98022eca16bf9032a65281ecd3b2aa00"/196], 0x1, 0xc43, &(0x7f00000001c0)="$eJzs3U9sHNd9B/DfGy3FldxWTOwqThoHm7ZIZcZy9S+mYhXuqqbZBpBlIhRzC8CVSKkLUyRBUo1spAXTSw89BCiKHnIi0BoFUjQwmiLokWldILn4UOTUE9HCRlD0wBYBAhQIWMzsW3FJkbYskhIlfz429Z2deW/mvZn1jCzozQsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIOL3Xrl46nTaZsOhh9AYAOCBuDz21VNntnv+AwCPrSs7/f8/AAAAAAAAAAAAAABwUKQo4slIMXd5LU1Unzvql9p9t26PD49sX+1IqmoeqsqXP/XTZ86e+9ILQ+e7eak98wH199pn4rWxKxcbL8/enJufWliYmmyMz7SvzU5O3fMedlt/q8HqBDRuvn5r8vr1hcaZ589u2nx74P3+J44PXBh69uQz3bLjwyMjYxtF6r3la/fdkI6dRngcjiJORornvvfT1IqIInZ/LuoP9tpvdaTqxGDVifHhkaoj0+3WzGK5cbR7IoqIRk+lZvccbX8totb3QPuws2bEUtn8ssGDZffG5lrzravTU43R1vxie7E9OzOaOq0t+9OIIs6niOWIWO2/e3d9UUQtUnzn2Fq6mt/6UZ2HL1YDg3duR7GPfbwHZTsbfRHLxSNwzQ6w/iji1Ujxs3dOxLV8n6nuNV+IeLXMH0S8VeZLEan8YpyLeG+b7xGPploU8efl9b+wliar+0H3vnLpa42vzFyf7Snbva98xOfDXXeKh/R8OLIlH4wDfm+qRxGt6o6/lu7/NzsAAAAAAAAAAAAAAAAA7LUjUcSnI8Ur//ZH1bjiqMalH7sw9PsDv9w7ZvzpD9lPWfb5iFgq7m1M7uE8MHA0jab0kMcSf5zVo4g/zuP/vvWwGwMAAAAAAAAAAAAAAAAAAPCxVsRPIsWL755Iy9E7p3h75kbjSuvqdGdW2O7cv90509fX19cbqZPNnBM5l3Iu51zJuZozilw/ZzPnRM6lnMs5V3Ku5oxDuX7OZs6JnEs5l3Ou5FzNGbVcP2cz50TOpZzLOVdyruaMAzJ3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46SIIn4RKb79jbUUKSKaERPRyZX+h906AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKDUn4r4fqRo/EHzzrpaRKTq344T5S/nonm4zE9Gc6jMl6J5MWerylrzWw+h/exOXyrix5Giv/72nQuer39f59Odr0G89c2NT5+pdfJQd+PA+/1PHD92YWjkc0/vtJy2a8DgpfbMrduN8eGRkbGe1bV89E/2rBvIxy32putExMIbb77emp6emr//hfIrsIvqj9BCqn1cemqhWojagWjGw+n7JvWHdYNiX5XP//cixW+/++/dB37n+V+PX+p8uvOEj5//ycbz/8WtO7rH539ta738/C+f6ds9/5/sWfdi/t1IXy2ivnhzru94RH3hjTdPtm+2bkzdmJo5d+rUl4eGvnz2VN/hiPr19vRUz9KenC4AAAAAAAAAAAAAAACABycV8buRovXjtdSIiNvVeK2BC0PPnnzmUByqxlttGrf92tiVi42XZ2/OzU8tLExNNsZn2tdmJ6fu9XD1arjX+PDIvnTmQx3Z5/Yfqb88O/fGfPvGHy5uu/1o/eLVhcX51rXtN8eRKCKavWsGqwaPD49UjZ5ut2aqqqPbDqb/6PpSEf8RKa6da6TP53V5/P/WEf6bxv8vbd3RHo7//9zRjfF/n+gpWh4zpSJ+Hil+6y+ejs9X7Twad52zXO5vIsXg+c/mcnG4LNdtQ+e9Ap2RgWXZ/4kU//CLzWW74yGf3Ch7+iOd3EdAef2PRYrv/9l349fzus3vf9j++h/duqN9ev/DUz3rjm56X8Guu06+/icjxUtPvh2/Ua35vw98/0f33RsnOoU33s+xT9f/V3vWDeTj/uZedR4AAAAAAAAAAOAR1peK+NtI8cORWnohr7uXv/83uXVH+/T3vz7Vs25yb+Yr+tCFXZ9UAAAAADgg+lIRP4kUNxbfvjOGevP4757xn7+zMf5zOG3ZWv05369U7w3Yyz//6zWQjzux+24DAAAAAAAAAAAAAAAAAADAgZJSES/k+dQnqvH8kzvOp74SKV75r+dyuXS8LNedB36g+rV+eXbm5MXp6dl6LLauTk81xuZa16bKuk9FirW//myuW1Tzq3fnm+/M8b4xF/t8pBj5u27Zzlzs3bnJn9ooe7os+4lI8Z9/v7lsnpo6zx1dlT1Tlv2rSPH1f9q+7PGNsmfLst+NFD/6eqNb9mhZtvt+1E9tlH3+2myxD1cFAAAAAAAAAAAAAAAAAACAj5u+VMSfRor/vrl8Zyx/nv+/r+dj5a1v9sz3v8Xtap7/gWr+/52W72f+/+q9Aks7HRUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5PKYp4M1LMXV5LK/3l5476pfbMrdvjwyPbVzuSqpqHqvLlT/30mbPnvvTC0PlufnD9vfbpeG3sysXGy7M35+anFhamJhvjM+1rs5NT97yH3dbfarA6AY2br9+avH59oXHm+bObNt8eeL//ieMDF4aePflMt+z48MjIWE+ZWt99H/0uaYf1h6OIv4wUz33vp+mH/RFF7P5cfMh3Z78dqToxWHVifHik6sh0uzWzWG4c7Z6IIqLRU6nZPUcP4FrsSjNiqWx+2eDBsntjc6351tXpqcZoa36xvdienRlNndaW/WlEEedTxHJErPbfvbu+KOL1SPGdY2vpn/sjDnXPwxcvj3311Jmd21HsYx/vQdnORl/EcvEIXLMDrD+K+MdI8bN3TsS/9EfUovMTX4h4tcwfRLwVneudyi/GuYj3tvke8WiqRRH/W17/C2vpnf7yftC9r1z6WuMrM9dne8p27yuP/PPhQTrg96Z6FPGj6o6/lv7Vf9cAAAAAAAAAAAAAAAAAB0gRvxYpXnz3RKrGB98ZU9yeudG40ro63RnW1x371x0zvb6+vt5InWzmnMi5lHM550rO1ZxR5Po5m2XW19cn8uelnMs5V3Ku5oxDuX7OZs6JnEs5l3Ou5FzNGbVcP2cz50TOpZzLOVdyruaMAzJ2DwAAAAAAAAAAAAAAAAAAeLwU1T8pvv2NtbTe35lfeiI6uWI+0Mfe/wcAAP//dsP5HA==")
mkdirat$binderfs(0xffffffffffffff9c, &(0x7f00000019c0)='./binderfs2\x00', 0x1ff)

3m35.259271801s ago: executing program 8 (id=1573):
socket(0x10, 0x3, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket$vsock_stream(0x28, 0x1, 0x0)
listen(r0, 0x0)
r1 = socket$vsock_stream(0x28, 0x1, 0x0)
connect$vsock_stream(r1, &(0x7f0000000000)={0x28, 0x0, 0x0, @local}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
syz_open_dev$sndctrl(&(0x7f0000000040), 0x2, 0x0)
pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f00000002c0)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0)

3m34.07126048s ago: executing program 8 (id=1582):
mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0)
mount$nfs4(&(0x7f0000000040)='/', &(0x7f0000000080)='./file0\x00', 0x0, 0x197841, 0x0)
umount2(&(0x7f0000000100)='./file0\x00', 0x8)

3m34.070719015s ago: executing program 8 (id=1584):
r0 = socket$inet6_sctp(0xa, 0x801, 0x84)
sendmmsg$inet6(r0, &(0x7f0000000b40)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000100)={0xa, 0x4e24, 0x1, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x1}, 0x1c, &(0x7f0000000300), 0x0, &(0x7f0000000a00)=ANY=[@ANYBLOB="180000000000000029000000360000003b000000000000001400000000000000290000000b000000000000020000000028"], 0x58}}], 0x2, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x4)
writev(r1, &(0x7f0000000080)=[{0x0}], 0x1)
socket$inet6_sctp(0xa, 0x5, 0x84)
r2 = socket$inet6_sctp(0xa, 0x1, 0x84)
getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x4e22, @rand_addr=0x64010102}]}, &(0x7f00000002c0)=0x10)
syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), r1)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0xb, &(0x7f0000000380)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r3}, 0x18)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x3000003, 0x204031, 0xffffffffffffffff, 0xffffd000)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x3, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x37, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100}, 0x94)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x19)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = syz_io_uring_setup(0x151, &(0x7f0000000140)={0x0, 0xa206, 0x400, 0x43, 0x26}, &(0x7f0000000340)=<r5=>0x0, &(0x7f0000000000)=<r6=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000040)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r5, r6, &(0x7f0000000300)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000480)='./file0\x00', 0x0, 0x80})
io_uring_enter(r4, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf)
mremap(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x3000, 0x7, &(0x7f0000ffd000/0x3000)=nil)
mlock(&(0x7f0000ffe000/0x2000)=nil, 0x2000)
munlockall()
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={<r7=>0xffffffffffffffff})
recvmmsg(r7, 0x0, 0x0, 0x0, 0x0)
shutdown(r7, 0x0)

3m33.8404236s ago: executing program 8 (id=1590):
syz_open_procfs$userns(0xffffffffffffffff, &(0x7f00000000c0))
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
write$UHID_CREATE2(r0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x8031, r0, 0x1000)
r1 = syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042)
close(0x3)
dup(r1)
r2 = syz_io_uring_setup(0x4aa, &(0x7f0000000380)={0x0, 0xfffffffc, 0x10100, 0x10000000, 0x13a}, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000200)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x8126}})
io_uring_enter(r2, 0x38c5, 0x2000000, 0x0, 0x0, 0x0)

3m33.672079254s ago: executing program 38 (id=1590):
syz_open_procfs$userns(0xffffffffffffffff, &(0x7f00000000c0))
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
write$UHID_CREATE2(r0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x8031, r0, 0x1000)
r1 = syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042)
close(0x3)
dup(r1)
r2 = syz_io_uring_setup(0x4aa, &(0x7f0000000380)={0x0, 0xfffffffc, 0x10100, 0x10000000, 0x13a}, &(0x7f0000000000)=<r3=>0x0, &(0x7f0000000200)=<r4=>0x0)
syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x8126}})
io_uring_enter(r2, 0x38c5, 0x2000000, 0x0, 0x0, 0x0)

1m46.479916015s ago: executing program 4 (id=2712):
syz_mount_image$squashfs(&(0x7f0000000100), &(0x7f0000000240)='./file0\x00', 0x1000010, &(0x7f00000004c0)=ANY=[@ANYBLOB="005901e3fd18fb9c322293c67dcde48bfeffd1843c336e09b34af65ad26aafded7da5cfeeda2b8d8d900c2195f00f646f699eeb47813177405a6a6baf786c0d14f2079a9efa9db8973bcca25eb2973856c6760a483c41d0980c78a4cb096a5affa6b980600000000000000a1eacd2c820176737d4eb55dca564820dd769d8742f6d9ab243775a67afcdf845f978e95365cdf6f30aa43423b381881433e00ccbe6353b21300d8f0ca972589398eef9487db78486fcf174990c488031f8b39cc01bb509f3ea4bcde33d4c9e305ecb4dd88204c5d7bb5e469cabfda0feca3ce70c0acbc34d13e5a5c796eab23abfe3b717834f8e9d7120e1e925c4e210b4152c75210b3e979fbe8ddf23eef2d53733209b22206e0a4afc354c33d7ca2a00116a14d686e4aa86b6ec6a4130178c3ad8c723c0d8506bd7bff780000000000000000004b2ec61cfde813cc124715aaaf5508b93d8cf0860042108b660b74f94b1e4851eeec09fdb7a617eabeeeff8ce8bb99f4b1f9c2896cf31e19c3c24155b0ea7dc3cae1b56acb1946830cad94af3f1caf43ea03b38fc08a7e19480e283a4c0d", @ANYRESDEC, @ANYRESHEX, @ANYRES32, @ANYRESDEC, @ANYRES32, @ANYRES32], 0x1, 0x1fb, &(0x7f0000000280)="$eJzskr9rFEEUx7+zO7e3kYQcciKKIGrQWCS3t9H4o1CwMaggSIQYEDz2LvHw4o/sgd6R4qxS2AgGIUEsBEkKC/EfcAsrsVEIdiGSOkWKNJJz5c2+Xeb+gxTzKe67M/Ped957Nw/DZ2EeQHdnIQAKICSK+PlHQAI4LtQWqnaiLustVofPr1uJRqx/WbsX2lPTgKif3Bi3osPVE6KA/uLu900EGLyPS+9vfvp1J7e0fnD741eKv3G39QXiTHXww7vPr68tDyh7cW+afHbjxMeOjq24ZATgzd7UxqY8gmLqVV9aP+T+C3JIeTsD4a24AEa/jSxf8QZeWewZttqPKo1GbT68+tLCtrrq985CQB8PAMRxHNMezWcCgB5D7a9pMUcl8pMAbMRZjJRZESg1556WwlZ7pD5Xma3N1h77/ti4d87zzvulmXqj5tEvwNNU6TxBkJ7lMvqoBJGcU4t7HHMAvQitND4XfVr5jvbXDZ/qzbW03FQFoiw3z3E0gkmcBo32eUdou0PKRUI1NgEBmxdlqdWX3OWqg9HgSaO6COqN01YhM4/yFnLZwtcXYxc7admLrEOJZL2vsm6xpi86falSOVj8noc7gIMXlWZzvuwAa/24/SM5UXu+k30VOvrA6NaC3dvcZRsGg8FgMBgMBoPBsG/4HwAA//8zaZvI")
mount(0x0, 0x0, 0x0, 0x0, 0x0)
mount$overlay(0x0, 0x0, 0x0, 0x0, 0x0)
r0 = open(&(0x7f0000000140)='./file0\x00', 0x0, 0x0)
mknodat$loop(r0, &(0x7f0000001600)='./file1\x00', 0x0, 0x0)

1m46.340503782s ago: executing program 4 (id=2715):
r0 = fsopen(&(0x7f0000000040)='9p\x00', 0x0)
fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000540)='\xd0\x9e^\xa0\xee\xc8\x17T\xb1GI\x90\xe2Q1\xb0\x8f\xe1\xa8\x95\xa0\xcd\fL\xf1<e\a\xa5\x8f\xab\x1a\xdaY\xfb\x03dhS\x97nZ\xf8\xc6\x1f\xd3K\xfa\xc8\x8d#\xce)\x9bg-D#g\x16\xf4\xd9\x00\x00\x00\x00\x00eA\x9f\xc3\x11\x18\xe6\xc5\x95\x9e!^\x97\b\x14\xc5\xad\t\f\xdeg\x8d\x16wW\xf6\xacE\xa3\xc8\xe7\xec\xd6\xbd\x1c+\n\xc7Q( \xba\xff\x17N\x1fB\x91\x15\x83\xec(B4/#W\xc5\x05\x9d\xd6\x02\x8cU!a\xdc|6\xdc\xee$\xb5\x1deC\xfb\xa2\xaa\xe0#\xcb\xde;sA\xad\xa6\xb6P\xa3\xf7\xc3\x93\xd4\xb6\x95\x02\xd8*\xa8\xd2\x94\xa3\x89\xa9\xa0\xc5\xc9=\xa5^', &(0x7f0000000240)='sockfs\x00', 0x0)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000140)='silent\x00', 0x0, 0x0)

1m46.155432972s ago: executing program 4 (id=2717):
syz_emit_ethernet(0x2a, &(0x7f0000000100)=ANY=[@ANYBLOB="ffffffffffff0180c200000308060001080006"], 0x0)
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r1=>0x0})
sendto$packet(r0, &(0x7f0000000100)="f257a8ea7bc273dfaeab96850806", 0x2a, 0x0, &(0x7f0000000200)={0x11, 0x0, r1, 0x1, 0x0, 0x6, @link_local}, 0x14)

1m46.030407134s ago: executing program 4 (id=2719):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f0000000040)={[{@grpquota}, {@lazytime}, {@minixdf}]}, 0x1, 0x4fa, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
r0 = open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f00000003c0)={0x0, 0x0, 0x0, 0x1, 0x6b2, 0x0, 0x0, 0x19, 0xd, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x8, 0x10000000000]})
write$binfmt_script(r0, &(0x7f00000004c0)={'#! ', './bus'}, 0x9)

1m45.688609341s ago: executing program 4 (id=2725):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r0 = syz_open_procfs(0x0, &(0x7f00000042c0)='mounts\x00')
pread64(r0, &(0x7f0000002240)=""/237, 0xfecf, 0x4eb)

1m45.293855898s ago: executing program 4 (id=2729):
mkdir(&(0x7f0000000540)='./file0\x00', 0x108)
setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0)
lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f0000000180)=@v3={0x3000000, [{0x0, 0x8}, {0x2, 0x70000000}]}, 0x18, 0x0)
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], &(0x7f00000002c0)=""/203, 0xfffffffffffffe5f)

1m44.986275756s ago: executing program 39 (id=2729):
mkdir(&(0x7f0000000540)='./file0\x00', 0x108)
setxattr$security_capability(0x0, &(0x7f0000000280), 0x0, 0x0, 0x0)
lsetxattr$security_capability(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), &(0x7f0000000180)=@v3={0x3000000, [{0x0, 0x8}, {0x2, 0x70000000}]}, 0x18, 0x0)
lgetxattr(&(0x7f0000000000)='./file0\x00', &(0x7f0000000280)=ANY=[], &(0x7f00000002c0)=""/203, 0xfffffffffffffe5f)

1m35.778340736s ago: executing program 0 (id=2819):
socket$nl_route(0x10, 0x3, 0x0)
gettid()
syz_mount_image$erofs(&(0x7f0000000180), &(0x7f0000000400)='./file3\x00', 0x210048, &(0x7f00000003c0)=ANY=[], 0xfd, 0x1d1, &(0x7f0000000440)="$eJzslj2v0lAYx//nlBQwGhNHFwdJ1MHSFjUuJLI4OZj4QhxMJFIJUsRAByEx6Cdwd3Nw9wuY6OqHMOiiC04615yXliOhCNwL3OQ+v4Sn/1POy9PnNP9TEARxbPn+7c8k/l39UQBwEiXk9f2f1qwPN/p/Lfx6+fnWzfqbh++/5CdOcdGccbz6+jkAn2oWonTsv6NL+noXPNX3wHFJ6zoYHK0fgeO+1gEYHmj91NA90d9xnrTDwHncC5tCuCJ4IvgiVObzm75maBr5MeP/wXDUaYRh0N+i+F/9pjWOqpGfuV8OVLauUT8PHJ7WFTDc0fo68kltVEmM5z+bm81vLX1+G9uuiEhljVFnTmVulQ1gszQAdlh7j1f6ld3mO5QhLEiR7OiOV9+BQO5IpLGG2GQvPt5QY5I78Vi1ZZ/TGRPG4xWXsLFR5VN/it8xXDD8SVnJW3nUlKPu8/JgOLrc7jZaQSt45vuVa+4V173ql6URqbjE/4rSn07M5l94JglsZuNFI4r6nopp21dxkeNy6X8cF8+rtnBTe27egqGZ/nF5ld7b+ZCZPUEQxP44ByY9WfpyIvRpAuNb9/YecyQIgiAIgiAIgiAI4mD8DQAA//80kEvd")
chdir(&(0x7f0000000000)='./file0\x00')
rename(0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_CREATE(0x0, 0x0, 0x50)
prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
setsockopt$sock_timeval(r1, 0x1, 0x15, 0x0, 0x0)
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000380)='sched_switch\x00', r3}, 0x18)
io_setup(0xaa, &(0x7f0000000000)=<r4=>0x0)
io_pgetevents(r4, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)={0x0})
capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x81, 0xfffffffb, 0x3})
openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x48940, 0x10c)
openat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x601c2, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000280)={0x6, 0xd, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x1f}, [@initr0={0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x10000}, @printk={@llu, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x6}}]}, &(0x7f0000000100)='GPL\x00', 0x8, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xf}, 0x94)
syz_mount_image$cramfs(&(0x7f0000000000), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000280)=ANY=[], 0xfd, 0x147, &(0x7f0000000600)="$eJzsj79LclEAhp/zXX9835emgYEFRdDQxTBLaWzQSBKyC4VLU6A3CjRFIRyzuaE/wKEImsQhGhvKJksh7O9wCxqL470Zju3nWe49z/ve93I21ro6ftCwWC8WSmWzUjFzcztGOrl7e3c/Lr0b+DtoFEplTYOc1X+Iw6F8OqBfs/ST9w+QN5eyxbw89+OgA4kxODhysozV/S9dQLq8uWI7fV7QmqQmXXTokG7Qi9lu2gEJn+Xk3ucVLMi9iZ+9d6Bad9o3C4duZrS4faBaX2w2nrc77VQ4NGueR5NT156gRsZ0AULmb5F2+DXSbPS6nfSWkTa6sahuf9wzXjqp1dMLHJueE9gTo3suuZGBMwF1AY1B3n8UXqB1+WEUfO7AP+DYD2I0EfYvrCS7H3R+G4YvCoVCoVAoFAqFQqFQ/JavAAAA//9r2l0H")
execve(0x0, 0x0, 0x0)
capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080))

1m34.81385593s ago: executing program 0 (id=2824):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000dc0)='./file1\x00', 0x4016, &(0x7f0000000180)={[{@dioread_nolock}, {@user_xattr}, {@noauto_da_alloc}, {@lazytime}, {@grpjquota}, {@acl}]}, 0x1, 0x43c, &(0x7f0000000280)="$eJzs28tvG0UYAPBv7SR9k1CVR9MCgYKIeCRNWkoPXEAgcQAJCQ7lGJK0CnUb1ASJVhEEhMoRVeKOOCLxF3CCCwJOSFzhjipVKJcWTkZr7ya2Y7tJ6tSh/v2kbWd2x5n5vDv2zI43gJ41kv6TROyPiD8iYrCarS8wUv3v1srS9D8rS9NJlMtv/51Uyt1cWZrOi+av25dn+iIKnydxpEm9C5evnJ8qlWYvZfnxxQsfjC9cvvL83IWpc7PnZi9Onj598sTEi6cmX+hInGlcN4c/nj96+PV3r705febae798l+TxN8TRISPtDj5VLne4uu46UJNO+rrYEDalWO2m0V/p/4NRjLWTNxivfdbVxgHbqlwulx9sfXi5DNzDkuh2C4DuyL/o0/lvvt2loceOcOPl6gQojftWtlWP9EUhK9PfML/tpJGIOLP879fpFttzHwIAoM4P6fjnuWbjv0LU3he6L1tDGYqI+yPiYESciohDEfFARKXsQxHx8Cbrb1wkWT/+KVzfUmAblI7/XsrWturHf/noL4aKWe5AJf7+5OxcafZ49p6MRv+uND/Rpo4fX/39y1bHasd/6ZbWn48Fs3Zc79tV/5qZqcWpO4m51o1PI4b7msWfrK4EJBFxOCKGt1jH3DPfHm117Pbxt9GBdabyNxFPV8//cjTEn0var0+O747S7PHx/KpY79ffrr7Vqv47ir8D0vO/t+n1vxr/UFK7Xruw+Tqu/vlFyznNVq//geSdun0fTS0uXpqIGEjeqDa6dv9kQ7nJtfJp/KPHsvgH6vv/wVh7J45ERHoRPxIRj0bEY1nbH4+IJyLiWJv4f37lyfe3Fv/uNn+1M9L4ZzZ1/tcSA9G4p3mieP6n7+sqHdpo/JGd/5OV1Gi2ZyOffxtp19auZgAAAPj/KUTE/kgKY6vpQmFsrPob/kOxt1CaX1h89uz8hxdnqs8IDEV/Ib/TNVhzP3Qim9bn+cmG/InsvvFXxT2V/Nj0fGmm28FDj9vXov+n/ip2u3XAtvO8FvQu/R96l/4PvUv/h55U+ZVfk/6/pwttAbqg2ff/J11oB3D3NfR/y37QQ8z/oXfp/9C79H/oSQt74vYPyUtIrEtEYUc04x5MxI5oRrc/mQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADrjvwAAAP//qSDljg==")
statx(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x1000, 0x56159817211d7953, &(0x7f0000002500))

1m34.524758771s ago: executing program 0 (id=2825):
r0 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000003400), 0x42300, 0x0)
ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000003b40)=0x8000000)

1m34.311300403s ago: executing program 0 (id=2826):
syz_mount_image$vfat(&(0x7f0000000280), &(0x7f00000002c0)='./file0\x00', 0x2bc3c1f, 0xffffffffffffffff, 0x7, 0x0, 0x0)
mount$bind(&(0x7f0000000000)='.\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000440)='./file0/../file0\x00', &(0x7f00000000c0)='./file0/file0\x00', 0x0, 0x8b101a, 0x0)
mount$bind(0x0, &(0x7f00000003c0)='./file0/file0\x00', 0x0, 0x80000, 0x0)
open_tree(0xffffffffffffff9c, &(0x7f0000000500)='./file0/../file0\x00', 0x89901)
mount$bind(&(0x7f0000000080)='./file0/file0\x00', &(0x7f00000001c0)='./file0\x00', 0x0, 0x1000, 0x0)

1m34.198444566s ago: executing program 0 (id=2828):
r0 = syz_mount_image$exfat(&(0x7f0000000280), &(0x7f00000000c0)='./file2\x00', 0x0, &(0x7f0000000040)=ANY=[], 0xfd, 0x1500, &(0x7f00000002c0)="$eJzs3Au0TlX3MPA511qb4+TyJLnvuebmSS6LJAklySVJkpA7CUmSJEnikFsSkpDrSXIPuaeTjvv9knvSyStJkpCQZH3jdPn8ey//3vf99//0vWf+xtjjrPnsPdee68zxnGfvPcZ5vuo2vHqjGlXqMzP8O/SvA/z5RxIAJADAIADIAQABAJTNWTZn+v4sGpP+rZOI/yUNZl7pCsSVJP3P2KT/GZv0P2OT/mds0v+MTfqfsUn/MzbpvxAZ2ux8V8uWcTd5/v//OfU/SZbP/wwB/9EO6f9/Gv0vHS39z9ik/xmb9D9jk/5nZMGVLkBcYfL+z9ik/0JkaH/4M+WN56/0M23Z/oVNCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYT4f+C8v8wAwK/jK12XEEIIIYQQQggh/jj+nStdgRBCCCGEEEIIIf73ISjQYCCATJAZEiALJMJVkBWyQXbIATG4GnLCNZALroXckAfyQj7IDwWgIIRAYIEhgkJQGOJwHRSB66EoFIPiUAIclIRScAOUhhuhDNwEZeFmKAe3QHmo8NM5090OleEOqAJ3QlWoBtWhBtwFNeFuqAX3QG24F+rAfVAX7od68ADUhwbQEB6ERtAYmkBTaAbNoQW0hFa/k5+c4+/lPwc94XnoBb0hCfpAX3gB+kF/GAADYRC8CIPhJRgCL8NQGAbD4RUYAa/CSHgNRsFoGAOvw1gYB+NhAkyESZAMb8BkeBOmwFuNs8E0mA4zYCbMgtnwNsyBuTAP3oH5sAAWQnKWxbAElsK7sAzegxR4H5bDB5AKK2AlrILVsAbWwjpYDxtgI2yCzbAFtsI22A4fwg7YCbtgN+yBvbAPPoL98DEcgE8gDT/9F/PP/TYfuiMgoEKFBg1mwkyYgAmYiImYFbNidsyOMYxhTsyJuTAX5sbcmBfzYhLmx4JYEAkJGRkLYSGMYxyLYBEsikWxOBZHhw5LYSksjTdiGSyDZbEslsNyWB4rYAW8FW/FSlgJK2NlrIJVsCpWxepYHe/Cu/BurIW1sDbWxjpYB+tiXayH9bA+1seG2BAbYSNsgk2wGTbDFtgCW2ErbI2tsQ22wXbYDttje+yAHbAjdsRO2Ak7Y2fsgl2wK3bFbtgNu+Oz+Cw+h8/h8/g89saqqg/2xb7YD/vhAByIA/FFHIwv4Uv4Mg7FYTgcX8FX8FUciWdxFI7GMTgGK6lxOB4nIKtJmIzJmBkm4xScglNxGk7DGTgTZ+FsnI1zcC7OxXdwPi7ABbgIF+ESXIpLcRm+hymYgsvxHKbiClyJq3A1rsHVuA7X4zrciJtwI27BLbgNt+GH+CHuxJ24G3fjXtyLH+FH+DF+jEMxDdPwIB7EQ3gID+NhPIJH8CgexWN4DI/jcTyBJ/AknsLTeArP4Bk8i+fwPABcwAt4ES/iJbyU/uZX6YwyKpPKpBJUgkpUiSqryqqyq+wqpmIqp8qpcqlcKrfKrfKqvCq/yq8KqoKKFClWkSqkCqm4iqsiqogqqoqq4qq4csqpUqqUKq1KqzKqjCqrblbl1C2qvKqg2rpb1a2qkmrnKqs7VBVVRVVV1VR1VUPVUDVVTVVL1VK1VW1VR9VRddX9qp7qgwOwgUrvTCM1DJuo4dhMNVctVEv1Kj6kWquR2Ea1Ve3UI2o0jsIOqrXrqB5XndR47KyeVBPwKdVVTcJu6hnVXT2reqjnVE/VxvVSvdVU7KP6qhnYT/VXA9RANQerqfSOVVcvq+cyD1PD1StqCb6qRqrX1Cg1Wo1Rr6uxapwaryaoiWqSSlZvqMnqTTVFvaWmqmlqupqhZqpZarZ6W81Rc9U89Y6arxaohWqRWqyWqKXqXbVMvadS1PtqufpApaoVaqVapVarNWqtWqfWqw1qo9qkNqstaqvaprarD9UOtVPtUrvVHrVX7VMfqf3qY3VAfaLS1KfqoPqLOqQ+U4fV5+qI+kIdVV+qY+ordVx9rU6ob9RJdUqdVt+qM+o7dVadU+fV9+qC+kFdVD+qS8or0KiV1troQGfSmXWCzqIT9VU6q86ms+scOqav1jn1NTqXvlbn1nl0XpNP59cFdEEdatJWs450IV1Yx/V1uoi+XhfVxXRxXUI7XVKX0jfo0vpGXUbfpMvqm3U5fYsuryvoih70bbqSvl1X1nfoKvpOXVVX09V1DX2Xrqnv1rX0Pbq2vlfX0ffpuvp+XU8/oOvrBrqhflA30o11E91UN9PNdQvdUrfSD+nW+mHdRrfV7fQjur1+VHfQj+mO+nHdST+hO+sndRf9lO6qn9bd9DO6u35W99A/6kva6166t07SfXRf/YLup/vrAXqgHqRf1IP1S3qIflkP1cP0cP2KHqFf1SP1a3qUHq3H6Nf1WD1Oj9cT9EQ9SSfrN/Rk/aaeot/SU/U0PV3P0DP1LD3gl5nm/RP5b/6d/CE/nX2b3q4/1Dv0Tr1L79Z79F69T+/T+/V+fUAf0Gk6TR/UB/UhfUgf1of1EX1EH9VH9TF9TB/Xx/UJfUKf1Kf09/pbfUZ/p8/qc/qc/l5f0Bf0xV9+B2DQKKONMYHJZDKbBJPFJJqrTFaTzWQ3OUzMXG1ymmtMLnOtyW3ymLwmn8lvCpiCJjRkrGETmUKmsImb60wRc70paoqZ4qaEcaakKWVu+B/n/159rUwr09q0Nm1MG9POtDPtTXvTwXQwHU1H08l0Mp1NZ9PFdDFdTVfTzXQz3U1308P0MD1NT9PL9DJJJsn0NS+Yfqa/GWAGmkHmRTPYDDZDzBAz1Aw1w81wM8KMMCPNSDPKjDJjzBgz1ow14814M9FMNMk+h5lsJpspZoqZaqaa6YNymJlmppltZps5Zo6ZZ+aZ+Wa+WWgWmsVmsVlqlpplZplJMSlmuVluUs0Ks8KsMqvMGrPGrDPrzAazwWwym8wWs8Wkmu1mu9lhdphdZpfZY/aYfWaf2W/2mwPmgEkzaeagOWgOmUPmsDlsjpgj5qg5ao6ZY+a4OW5OmBPmpDlpTpvT5ow5Y86as+a8OW8umAvmorloLplL6Zd9gQpUYAITZAoyBQlBQpAYJAZZg6xB9iB7EAtiQc4gZ5AruDbIHeQJ8gb5gvxBgaBgEAYU2ICDKCgUFA7iwXVBkeD6oGhQLCgelAhcUDIoFdwQlA5uDMoENwVlg5uDcsEtQfmgQlAxuDW4LagU3B5UDu4IqgR3BlWDakH1oEZwV1AzuDuoFdwT1A7uDeoE9wV1g/uDesEDQf2gQdAweDBoFDQOmgRNg2ZB86BF0DJo9YfO7/3ZPA+7XmHvMCnsE/YNXwj7hf3DAeHAcFD4Yjg4fCkcEr4cDg2HhcPDV8IR4avhyPC1cFQ4OhwTvh6ODceF48MJ4cRwUpgcvhFODt8Mp4RvhVPDaeH0YEY4M5wVzg7fDueEc8N54Tvh/HBBuDBcFC4Ol4T48yUxpITvh8vDD8LUcEW4MlwVrg7XhGvDdeH6cEO4MdwUbg63lB3886HhjnBnuCvcHe4J94b7wo/C/eHH4YHwkzAt/DQ8GP4lPBR+Fh4OPw+PhF+ER8Mvw2PhV+Hx8OvwRPhNeDI8FZ4Ovw3PhN+FZ8Nz4fnw+/BC+EN4MfwxvBT69Iv79I93MmQoE2WiBEqgREqkrJSVslN2ilGMclJOykW5KDflpryUl/JTfipIBSkdE1MhKkRxilMRKkJFqSgVp+LkyFEpKkWlqTSVoTJUlspSOSpH5ak8VaSKdBvdRrfT7XQH3UF30p1UjapRDapBNakm1aJaVJtqUx2qQ3WpLtWjelSf6lNDakiNqBE1oSbUjJpRC2pBragVtabW1IbaUDtqR+2pPXWgDtSROlIn6kSdqTN1oS7UlbpSN+pG3ak79aAe1JN6Ui/qRUmURH2pL/WjfjSABtAgGkSDaTANoSE0lIbScBpOI2gEjaSRNIpG0xh6ncbSOBpPE2giTaJkSqbJNJmm0BSaSlNpOk2nmTSTZtNsmkNzaB7No/k0nxbSQlpMi2kpLaVltIxSKIWW03JKpVRaSStpNa2mtbSW1tN62kgbaTNtpq20lbbTdtpBO2gX7aI9tIf20T7aT/vpAB2gNEqjg3SQDtEhOkyH6QgdoaN0lI7RMTpOx+kEnaCTdJJO02k6Q2foLJ2l83SeLtAPdJF+pEvkKcFmsYn2KpvVZrPZbQ7713Fem8/mtwVsQRva3DbPb2Ky1ha1xWxxW8I6W9KWsjf8TVzeVrAV7a32NlvJ3m4r2/I2C/zXuKa929ay99ja9l5bw971m7iOvc/WtY1tPdvU1rfNbUPb0jayjW0T29Q2s81tC9vStreP2g72MdvRPm472Sf+Jl5m37Pr7Qa70W6y++3H9rz93h6zX9kL9gfby/a2g+yLdrB9yQ6xL9uhdthvYwA7xr5ux9pxdrydYCfaSX8TT7cz7Ew7y862b9s5du7fxEvtu3a+TbEL7SK72C75KU6vKcW+b5fbD2yqXWFX2lV2tV1j19p1/7fWVXaL3Wq32X32I7vD7rS77G67x+79KU5fxwH7iU2zn9qj9kt7yH5mD9vj9oj94qc4fX3H7df2hP3GnrSn7Gn7rT1jv7Nn7bmf1p++9m/tj/aS9RYYWbFmwwFn4sycwFk4ka/irJyNs3MOjvHVnJOv4Vx8LefmPJyX83F+LsAFOWRiy8wRF+LCHOfruAhfz0W5GBfnEuy4JJfiG7g038hl+CYuyzdzOb6Fy3MFrsi38m1ciW/nynwHV+E7uSpX4+pcg+/imnw31+J7uDbfy3X4Pq7L93M9foDrcwNuyA9yI27MTbgpN+Pm3IJbcit+iFvzw9yG23I7foTb86PcgR/jjvw4d+InuDM/yV34Ke7KT3M3foa787Pcg5/jnvw89+LenMR9uC+/wP24Pw/ggTyIX+TB/BIP4Zd5KA/j4fwKj+BXeSS/xqN4NI/h13ksj+PxPIEn8iRO5jd4Mr/JU/gtnsrTeDrP4Jk8i2fz2zyH5/I8fofn8wJeyIt4MS/hpfwuL+P3OIXf5+X8AafyCl7Jq3g1r+G1vI7X8wbeyJt4M2/hrbyNt/OHvIN38i7ezXt4L+/jj3g/f8wH+BNO40/5IP+FD/FnfJg/5yP8BR/lL/kYf8XH+Ws+wd/wST7Fp/lbPsPf8Vk+x+f5e77AP/BF/pEvsWeIMFKRjkwURJmizFFClCVKjK6KskbZouxRjigWXR3ljK6JckXXRrmjPFHeKF+UPyoQFYzCiCIbcRRFhaLCUTy6LioSXR8VjYpFxaMSkYtKRqWiG6LS0Y1RmeimqGx0c1QuuiUqH1WIKka3RrdFlaLbo8rRHVGV6M6oalQtqh7ViO6KakZ3R7Wie6La0b1Rmei+qG50f1QveiCqHzWIGkYPRo2ixlGTqGnULGoetYhaRq2ih6LW0cNRm6ht1C56JGofPRp1iB6LOkaPR52iJy7vLxb8/Gn6V/uToj6R/uUJ2T16cXxJfGn83fiy+Hvxxt1+fjU1viK+Mr4qvjq+Jr42vi6+Pr4hvjG+Kb45viW+Nb4t7n2NzOAw/UYYjAtcJpfZJbgsLtFd5bK6bC67y+Fi7mqX013jcrlrXW6Xx+V1+Vx+V8AVdKEjZx27yBVyhV3cXeeKuOtdUVfMFXclnHMlXSnX0rVyrVxr97Br49q6du4R94h71D3qHkv4pXDX2T3purinXFf3tHvaPeO6u2ddD/ec6+med71cb5fkklxf19f1c/3cADfADXKD3GA32A1xQ9xQN9QNd8PdCDfCjXQj3Sg3yo1xY9xYN9aNd+PdRDfRJbtkN9lNdlPcFDfVTXXT3XQ30810s91sN8fNcfPcPDffzXcL3UK32C12S91St8wtcykuxS13y12qS3Ur3Uq32q12a91at96tdxvdRrfZbXZb3Va33W13O9wOt8vtcnvcHrfP7XP73X53wB1waS7NHXQH3SF3yB12n7sj7gt31H3pjrmv3HH3tTvhvnEn3Sl32nl9xn3nzrpz7rz73l1wP7iL7kd3yXmXHHsjNjn2ZmxK7K3Y1Ni02PTYjNjM2KzY7NjbsTmxubF5sXdi82MLYgtji2KLY0tiS2PvxpbF3oulxN6PLY99EEuNrYitjK2KrY6tiXlfYEfkC/nCPu6v80X89b6oL+aL+xLe+ZK+lL/Bl/Y3+jL+Jl/W3+zL+Vt8eV/BV/RNfTPf3LfwLX0r/5Bv7R/2bXxb384/4tv7R30H/5jv6B/3nfwTvrN/0nfxT/mu/mnfzT+z4Jcu+57+ed/L9/ZJvo/v61/w/Xx/P8AP9IP8i36wf8kP8S/7oX6YH+5f8SP8q36kf82P8qP9GP+6H+vH+fF+gp/oJ/lk/4af7N/0U/xbfqqf5qf7GX6mn+Vn+7f9HD/Xz/Pv+Pl+gV/oF/nFfolf6t/1y/x7PsW/75f7D3yqX+FX+lV+tV/j1/p1fr3f4Df6TX6z3+K3+m1+u//Q7/A7/S6/2+/xe/0+/5Hf7z/2B/wnPs1/6g/6v/hD/jN/2H/uj/gv/FH/pT/mv/LH/df+hP/Gn/Sn/Gn/rT/jv/Nn/Tl/3n/vL/gf/EX/o78k/7MmhBBCCPFP0b+zv8/feU39sqXrCwDZduY78tdzbs7987i/2t8pBgCP9+7W4NetQYOkpKRfjk3VEBReBACxy/k/ff/AL/EKaAePQkdoC6X/bn39VcWfrvv+u/njNwMkAmT5NSf99igR/nr+G//B/E3f5d+bfxFA0cKXc9JP9Gt8ef4y/2D+ve1/Z/4snyUDtPkvOVnhcnx5/lLwMDwBHX9zpBBCCCGEEEII8bP+6kL337u/Tb8/z28u52SGy/Hv3Z//jsp/xBqEEEIIIYQQQgjx33vq2R6PPdSxY9su/8mDzH+OMv4EAwSAP0EZMvjzD670XyYhhBBCCCHEH+3yRf+VrkQIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhMi4/v1vCFP/9MFXeo1CCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCHElfZ/AgAA///M7VMc")
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file2\x00', 0x105042, 0x189)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x7ffff7, 0x4012011, r1, 0x1000)
ioctl$BTRFS_IOC_SCRUB_PROGRESS(r0, 0xc400941d, &(0x7f00000017c0)={0x0, 0x5, 0x100000000, 0x1})
write$binfmt_format(r1, &(0x7f0000000000)='1\x00', 0x2400)

1m33.875395446s ago: executing program 0 (id=2829):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000011c0)={&(0x7f0000000540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x6, [@restrict={0x0, 0x0, 0x0, 0xb, 0x3}, @func_proto, @func={0x4, 0x0, 0x0, 0xc, 0x2}]}, {0x0, [0x0, 0x0, 0x0, 0x61]}}, 0x0, 0x42, 0x0, 0x1}, 0x28)

1m33.287585891s ago: executing program 40 (id=2829):
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000011c0)={&(0x7f0000000540)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x24, 0x24, 0x6, [@restrict={0x0, 0x0, 0x0, 0xb, 0x3}, @func_proto, @func={0x4, 0x0, 0x0, 0xc, 0x2}]}, {0x0, [0x0, 0x0, 0x0, 0x61]}}, 0x0, 0x42, 0x0, 0x1}, 0x28)

22.31279227s ago: executing program 2 (id=3520):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000004b64ffec850000007d000000850000000e00000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='io_uring_link\x00', r0, 0x0, 0x4}, 0x18)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000000)='io_uring_link\x00', r1, 0x0, 0x4}, 0x18)
r2 = syz_io_uring_setup(0x110, &(0x7f0000000380)={0x0, 0xfffffff8}, &(0x7f00000007c0)=<r3=>0x0, &(0x7f0000000800)=<r4=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4)
syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_RECVMSG={0xa, 0x44, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x40000022})
io_uring_enter(r2, 0x47f6, 0x0, 0x0, 0x0, 0x0)

22.173121741s ago: executing program 2 (id=3522):
prlimit64(0x0, 0x7, &(0x7f0000000ec0), 0x0)
fsopen(&(0x7f0000000000)='ceph\x00', 0x0)

22.172902519s ago: executing program 2 (id=3523):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=@updpolicy={0xfc, 0x19, 0x1, 0x4, 0x0, {{@in=@multicast2, @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0xa9, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0xa00, 0x40800000000000, 0x800000000000002}}, [@tmpl={0x44, 0x5, [{{@in6=@dev={0xfe, 0x80, '\x00', 0x28}, 0x0, 0x3c}, 0x0, @in=@loopback, 0x2, 0x4, 0x3, 0x0, 0x0, 0x10000}]}]}, 0xfc}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000980)=ANY=[@ANYBLOB="ec000000210001000000000000000000fc0200000000000000000000000000006401010200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000009c001100fe8000000000000000000000000000007f000001000000000000000000000000fe880000000000000000000000000101fe8000000000000000000000000000aa3c04"], 0xec}, 0x1, 0x0, 0x0, 0x40000}, 0x40000)

22.136743536s ago: executing program 2 (id=3524):
syz_usb_connect(0x0, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="120100004b41460860163209ea80010203010902120001000000000904"], 0x0)
r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402)
ioctl$I2C_RDWR(r0, 0x707, &(0x7f0000000100)={&(0x7f0000000080)=[{0x63, 0x4000, 0x0, 0x0}, {0x8, 0x4051, 0x0, 0x0}], 0x2})

20.836695022s ago: executing program 2 (id=3529):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f00000000c0)={[{@noinit_itable}, {@dax_inode}, {@nolazytime}, {@abort}, {@dax_inode}, {@lazytime}, {@noload}, {}, {@noauto_da_alloc}]}, 0xfe, 0x558, &(0x7f0000000c00)="$eJzs3U1rG0cfAPD/ynbenOeJAyG0PRRDDk1JI8d2X1LoIT2WNjTQ3lNhb0ywHAVLDrEbaHJoLr2UUCilgdIP0HuPoV+gnyLQBkIJpj30orLyylFsyZZtpVaq3w82mdldaXY0+x/PaCQUwMAaz/4pRLwcEV8nEcdajg1HfnB87bzVJ7dmsi2Jev2TP5JI8n3N85P8/9E881JE/PJlxJnC5nKryyvzpXI5XczzE7WF6xPV5ZWzVxdKc+lcem1qevr8W9NT777zds/q+vqlv777+MEH5786tfrtT4+O30viQhzNj7XWYw9ut2bGYzx/TUbiwoYTJ3tQWD9J9vsC2JWhPM5HIusDjsVQHvXAf98XEVEHBlQi/mFANccBzbl9j+bBL4zH769NgDbXf3jtvZE41JgbHVlNnpkZZfPdsR6Un5Xx8+/372Vb9O59CIBt3b4TEeeGhzf3f0ne/+3euS7O2VjGDvu/+g4vCWjxIBv/vNFu/FNYH/9Em/HPaJvY3Y3t47/wqAfFdJSN/95rO/5dX7QaG8pz/2uM+UaSK1fLada3/T8iTsfIwSy/1XrO+dWHHfup1vFftmXlN8eC+XU8Gj747GNmS7XSXurc6vGdiFfajn+T9fZP2rR/9npc6rKMk+n9Vzsd277+z1f9x4jX2rb/0xWtZOv1yYnG/TDRvCs2+/PuyV87lb/f9c/a/8jW9R9LWtdrqzsv44dDf6edju32/j+QfNpIH8j33SzVaouTEQeSjzbvn3r62Ga+eX5W/9Ontu7/2t3/hyPisy7rf/fE3Y6n9kP7z+6o/XeeePjh5993Kr+79n+zkTqd7+mm/+v2Avfy2gEAAAAAAEC/KUTE0UgKxfV0oVAsrn2+40QcKZQr1dqZK5Wla7PR+K7sWIwUmivdoy2fh5jMPw/bzE9tyE9HxPGI+GbocCNfnKmUZ/e78gAAAAAAAAAAAAAAAAAAANAnRjt8/z/z29B+Xx3w3PnJbxhc28Z/L37pCehL/v7D4BL/MLjEPwwu8Q+DS/zD4BL/MLjEPwwu8Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAA9denixWyrrz65NZPlZ28sL81XbpydTavzxYWlmeJMZfF6ca5SmSunxZnKwnbPV65Urk9OxdLNiVparU1Ul1cuL1SWrtUuX10ozaWX05F/pVYAAAAAAAAAAAAAAAAAAADwYqkur8yXyuV0UUJiV4nh/rgMibVEM7D3/IT72y8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQKt/AgAA//+jgjYy")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x0, 0x0)
r1 = fanotify_init(0x200, 0x0)
fanotify_mark(r1, 0x1, 0x4800003e, r0, 0x0)
mount$overlay(0x0, &(0x7f00000003c0)='./file0\x00', &(0x7f0000000380), 0x0, &(0x7f00000002c0)={[{@workdir={'workdir', 0x3d, './file1'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}], [], 0x2c})

20.719011109s ago: executing program 2 (id=3531):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="400000001814010029bd7000fcdbdf250800030001000000080001"], 0x40}, 0x1, 0x0, 0x0, 0x400c4}, 0x24008000)

14.938006895s ago: executing program 1 (id=3561):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000004c0)='/proc/sysvipc/msg\x00', 0x0, 0x0)
msgget$private(0x0, 0x214)
read$FUSE(r0, &(0x7f0000002bc0)={0x2020}, 0x2020)

14.937002948s ago: executing program 1 (id=3563):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000c00)=ANY=[@ANYBLOB="300100003e000100fcff07000400000001000000040000000c0101800801108004010f8012ccbd379ce6cd69fa01dadbec8db85ad0a147eabb22fc6896d6d3e706b0bc8e88325fe6d76e894a422b9116227af2d29f89510f70541336b3d4683107c0bbb678ae476a0c409c15fda7d5cdbaf1265605a73a4247258124c3a6cf28e1df891b8edaac28b82794422d4b2b0d13870eff54990ecde487d74267d83a5c16592feb0211e9b9b13e420c299b2d21de289c4109553ec0949748802a31d68b2280ab9de82ba7019d6798bc961633741dae6a5b0314266fadeb001584395af710b031342e6f3ae4e24b8a777a1848ca788d2a28d5dac39c5860e64b3f515b4e2e3de25114d4302f5f36993c6250ac50688494c207e07c71442fadba75909e81940f6fed0c0002"], 0x130}, 0x1, 0x0, 0x0, 0x400c801}, 0x4008094)

14.863463197s ago: executing program 1 (id=3566):
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000380), 0x43, 0x718, &(0x7f00000011c0)="$eJzs3U9sW3cdAPDvsx0n7kTqbe02EFKjVVSwQpvEjBYJiTIhlMOEKu3AOJo2WaM4WZVkKK0QzYDBEU6ohx2GUDjshHZAGuKAGGckpN17r8S92gGj9/zs2E7i2M2/rnw+0sv7vfd+f77vm/d+sZ9bOYD/W3NvxthmJDF38fWNdPvBVq3xYKu23C5HxHhEFCJKrVUkKxHJJxHXorXEF9OdeXfJXuO8+vDj9y/c/7DW2irlS1a/MKjdtuaAETbzJaYiopivR1Taq78b8dqO/u6N1HXSiTtN2Pl24uCkNZvNpLVq2xyl+RD3LfCkuxdRHNtlfzXiVERM5K8DIp8dCscc3qEbaZYDAACAJ1NxvwqnH8Wj2IjJ4wkHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAng5J6zsDk3wptMtTkbS//7+c70uVyycc72Bf3+f4ewvHFAgAAAAAAAAAHJZmsWvjo/yD+3OP4lFsxGSnUpJ95v9ytnEm+/lMvBNrMR+rcSk2oh7rsR6rMRMxNtnVYXmjvr6+OrOz5e8jbdlsNu/lLWcjorqj5ewRnjkAAAAAAAAAPP1+EXMxedJBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAtySi2Fply5l2uRqFUkRMREQ5rbcZ8bd2+fPs7ycdAAAAABy9Sr6eTP7bKjST7D3/C9n7/ol4J1ZiPRZjPRoxHzezZwGtd/2Ff2/WGg+2asvpsrPj7/1npDiyHiOiGO/uMfJ0VuNsp8Vc/CDeiIsxFddjNRbjp1GP9ZiPqaikJxH1SKJaaT29qLbj3D3eaz1b1/tjO9e3/VIWSSUWYjGL7VLcKEfrsUl2DumYL3WN9pdyRN+I76bZSb6bGzJHN7t+X7/Ln8vkmqeH7ONoVLMzH+tkZDrNfZ6NZwfnfsTrpH+kmSh0nkGd2R4l3cxH+qyZH27n/Cej5PxUvk5z/evenB+2ER+l9WdiNgr51RfxQm/Ob3/l/nO9jb/26T+u3yqsLN1aWLt4hKd0EFP7VRhrF/ozUevKxIuDr748E400E5vDZ2Ksf8fEsC2PVjnPRjYVDTlbfj8r1ePlrkvw7bgZ83ElpmMmrsZ0fDtmo9a5wtLlbE9eS7Xl3pxk91ph5/xWGRD8+a92VfrNPpWP0o927Enz8mxXXrtnump2LN9z7bcx3XX1PTf46hv5r0A6/pfycjrGLzt/cZ4EPZnI5+Z2dM8PzsQfskl6rbGytHqrfnvI8S7k6/S2fa93bv7j8FH3/3U/DOn1ks64pWwry0mlfb2kx57vRNubr3L+iUurXWHHsbOdY9WYjMX44Z53ajl/Dbezp9axF7uOfSGPOp05y/nrm/axnlc58XY0slchffadqgE4ZqdeOVWuPKz8q/JB5VeVW5XXJ14bvzr+5XKM/bP01+KfC38qfCd5JT6In8fkSUcKAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABPg7U7d5fqjcb8aqcQE/17Dloo7znW4EIU9q2z9cxwHUY1YvBYSV4oH+65H15hPM9ivueN7UOfHvJYlejb0/6GpYP2/FFEDKhTPnDwydDX2OnHHaLrV3CwbLS/OC3b0yyO0LzUbrV7nVKsTcRSPSntcseNb98FUV2qNz5r9jSvRNctAzzlLq8v3768dufuNxaX62/NvzW/Mnv1ytUrtW/NfPPywmJjfrr186SjBI7C2p27xSGrLvz4iGMBAAAAAAAAAAAAhpP/6//1x/7PDKV96pRX13Yf+dxxnyoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwOTX3ZoxtRhIz05em0+0HW7VGurTL2zVLEVGIiORnEcknEdeitUS1q7tkr3Feffjx+xfuf1jb7qvUrl8Y1G44m/kSUxFRzNf7G9+lm5393ejqb/Oxwks6Z5gm7Hw7cXDS/hcAAP//OonviA==")
syz_mount_image$squashfs(&(0x7f00000001c0), &(0x7f0000000200)='./file0/file0\x00', 0x1030480, &(0x7f0000000640)=ANY=[], 0x1, 0x19a, &(0x7f0000000000)="$eJzskL9qFFEUxn/n3snubJHoRrFYwV0wuM4Syc5GLawWqwgzYGFp0CEZs8GJkEwKE2IpAVn1FbQQLVXQSkRfQCwEG9cmnbhFsBALGZmZGx8i3F9xP87H+XfPIF1PW8Df/Z0l+hRopviM4ABNKT2lSn1r4h9Gp0vhsomHRl8YbaRb27ejJInd1qUWdfhzYGzkY38V3n8rfcUJRU3oI1/3d5YiuRmS9VlTyyH1gM5D9CLr3iMaziTHb6DJ2kOuKLS0Azgyt+lOzaVb2+dW16KVeCW+0+vNX+ye7+oL+f5J3H2DeA9E8YQKXkg1pObdY2KR+y4wK4g3UCMtnTEjePxJnz09Oy5+nyF8aI+pftODlrrGGdzr+fILHBOeokNmAmoKh1urie4uIFfVa/GdL87vCVUrr3GU5d2sCpXnffnpir8HbZ9ex2e+Dg2m+cjuiBlzbPa+05R3+ZShsZzifWmue5JTPKtwN5LNDb+CNmUhvTpMFu1USDPIO7zPa1yTQVbkHsyxWCwWi8VisVgsFsth518AAAD//zORVwM=")
sendmsg$TIPC_NL_BEARER_ENABLE(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x14, 0x0, 0x1}, 0x14}}, 0x0)
setxattr(&(0x7f0000000040)='./file0\x00', &(0x7f0000000140)=ANY=[@ANYBLOB='osx.'], 0x0, 0x0, 0x0)

14.80732748s ago: executing program 1 (id=3567):
syz_mount_image$hfsplus(&(0x7f0000000000), &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x800002, &(0x7f0000000600)={[{@force}, {@nodecompose}, {@gid}, {@nls={'nls', 0x3d, 'macinuit'}}, {@gid}, {@type={'type', 0x3d, "1e4310ee"}}, {@nobarrier}, {@nobarrier}]}, 0x3, 0x6b3, &(0x7f0000000780)="$eJzs3U9sHFcdB/DvbDbrbJBSt03TgJBiNVIFjUjsrEqChNSAEMohQhFcerUSp7HipJXjorRCZAMUJE6cUA8cilA49IQQQionRDkjIXHhlHskbhxyAIzmz9pre+PYieN1289Hmp03+96895tf5s/ubKwJ8Jl1/vXs76fI+RMXbpXL9+72Fu7d7V0flJNMJGkl7XqWopsUHyfnUk/5fPlm013xsHFevf9R0X7/w1691G6mqn1rs/U2GNmynxxYWdiXZKou/mcLHbZG91dNVT+XVvt7TMVK3GXCjg8SB+O2vEF/tXLUobHW1o9bYM+6XV83N5hMDqa+upafA9KcHR59Zhi/Tc9N/d2LAwAAAJ6Wkd/lhz3zIA9yK4d2JxwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4dCjqZwYWzdQalKdSDJ7/3xl6pn5nzOE+ofeuVLPvPjPuQAAAAAAAAADgiRx7kAe5lUOD5eWi+s3/pWrhcPX6ubydm5nLYk7mVmazlKUsZibJ5FBHnVuzS0uLMxvX/GXKNZeXl283a54euebptXH11wc66n8abGgEAAAAAAAAAJ9ZP8r51d//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgLyiSffWsmg4PypNptZMcSNIpplaad8Ya7A7487gDAAAAgKev28wPFf+rC8tF9Z3/SPW9/0Dezo0sZT5LWchcLlf3Aupv/a2/93sL9+72rpfTxo6/8a9txVH1mPrew+iRp6sWL6yscT7fzvdyIlO5mMXM5/uZzVLmMpVvVaXZFJls7l5M3rvbzSDWjfGeW7N0cX1sx4bKZXxHq0i6uZL5KraTudQZhN5q2h0dGu2PnWTdiHfK7BSvNbaYo8vNvNyiXzTzvWGy2vL9KxmZbnJfZuPZ4bxvzP0295P1I82ktXIP6vDqKOXi+pEeK+cHm3mZ658+3Zxv81ba2kz0f14uDfa+I5vnPPnyP/5y8WrrxrWrV26e2Du70WNav0/0hjLx4pYysVBmov8EmTjwJPHvnE6Tjfosur2z5UvVuocyn+/kzVzOXM5kOjM5m+l8LafTy+mhvL6weV6rY621vWPt+JeaQnlN+tnQtWnXTDysoszrs0N5HT7TTVZ1w++sZum5LWSp6GR0lv45MpT2F5pCOcaPh64447c+EzNDmXh+80z8+r/LSW4u3Li2eHX2rS2O93IzLw/b99aem3+zIxu0fc3mlvvLc+U/VurLxvDeUdY9P6hbl69O84tLu+lsTV0n1fFc1z3qSC17OnJnVE913YsjR+lVdUeH6tZ8ysmbWVj5FNLY9YMUgC04+MrBTvd+92/dD7o/6V7tXjjwzYmzE1/sZP9f23/a97vWb1tfL17JB/lhDo07UgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+DS4+c6712YXFuYW92AhrR3u8M7IqkEq6nc6I9ocyx7IxiejMLHZHvX71I9resjqnXHE3M1D49ndQtq7MNZERlRdWHmnm7RW4klybY884A54Gk4tXX/r1M133v3K/PXZN+bemLtx+uyZ1870vjpz+9SV+YW56fq1adwec7DAjlr9GDDuSAAAAAAAAAAAAICt2o0/bxgxbNEfw7YCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAn0znX8/+forMTJ+cLpfv3e0tlNOgvNqynaSVpPhBUnycnEs9ZXKou+Jh47x6/6Nfvfz+h73VvtqD9q116/3h38vL29yKfjNlKsm+Zv5oE1vq79JQf/1tBlYrVrawTNjxQeJg3P4fAAD//+/HBYc=")
mount$bind(&(0x7f0000000500)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1333404, 0x0)

14.747429059s ago: executing program 1 (id=3568):
socket$inet6_tcp(0xa, 0x1, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000a00)=@updpolicy={0xb8, 0x19, 0x1, 0x70bd29, 0x25dfdbfe, {{@in6=@mcast1, @in6=@mcast1, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x4, 0x0, 0x3, 0x0, 0x2, 0xfffffffffffffffd}, {0x0, 0x5, 0x6}, 0x0, 0x0, 0x1, 0x0, 0x2}}, 0xb8}, 0x1, 0x0, 0x0, 0x24008040}, 0x8000)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
syz_emit_ethernet(0x46, &(0x7f0000000400)={@local, @random="df00004000", @void, {@ipv4={0x800, @tcp={{0x9, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x0, 0x6, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @dev={0xac, 0x14, 0x14, 0x11}, {[@ssrr={0x89, 0x7, 0xa2, [@broadcast]}, @cipso={0x86, 0x6, 0x1}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0)

14.516738989s ago: executing program 1 (id=3570):
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x1)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$qrtrtun(r0, &(0x7f0000000380)="ca091cc2e088", 0xffe3)
process_vm_readv(0x0, 0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=[0x7, 0x5], &(0x7f0000000240), 0x0, 0x2}}, 0x40)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x275a, 0x0)
mmap(&(0x7f000048a000/0x1000)=nil, 0x1000, 0x6, 0x12, r3, 0x1b83c000)

14.387471908s ago: executing program 41 (id=3570):
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x1)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x8)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$qrtrtun(r0, &(0x7f0000000380)="ca091cc2e088", 0xffe3)
process_vm_readv(0x0, 0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000001600)=""/4096, 0x1000}], 0x1, 0x0)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000005c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=[0x7, 0x5], &(0x7f0000000240), 0x0, 0x2}}, 0x40)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x275a, 0x0)
mmap(&(0x7f000048a000/0x1000)=nil, 0x1000, 0x6, 0x12, r3, 0x1b83c000)

4.550527961s ago: executing program 42 (id=3531):
r0 = socket$nl_rdma(0x10, 0x3, 0x14)
sendmsg$RDMA_NLDEV_CMD_RES_PD_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="400000001814010029bd7000fcdbdf250800030001000000080001"], 0x40}, 0x1, 0x0, 0x0, 0x400c4}, 0x24008000)

3.837476591s ago: executing program 3 (id=3647):
r0 = socket(0x10, 0x80002, 0x2)
bind$netlink(r0, &(0x7f0000177ff4)={0x10, 0x0, 0x1}, 0xc)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
sendmsg$SOCK_DIAG_BY_FAMILY(r0, &(0x7f00000065c0)={0x0, 0x0, &(0x7f0000006580)={&(0x7f0000000000)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x4890}, 0x0)

3.836888129s ago: executing program 3 (id=3649):
r0 = socket$inet(0x10, 0x3, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x5, 0x1000086}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4)
sched_setaffinity(0x0, 0x43, &(0x7f0000000040)=0x2)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet(0xffffffffffffffff, 0x0, 0x0)
write(0xffffffffffffffff, &(0x7f0000000000), 0x0)
r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0xf)
shmat(0xffffffffffffffff, &(0x7f0000708000/0x1000)=nil, 0x6000)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x20)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f00000002c0)=0x31)
syz_usb_connect(0x0, 0x24, &(0x7f0000000700)=ANY=[@ANYBLOB="120100004b"], 0x0)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$netlink(0x10, 0x3, 0x0)
r3 = openat$uinput(0xffffffffffffff9c, 0x0, 0x802, 0x0)
write$uinput_user_dev(r3, 0x0, 0x0)
ioctl$UI_DEV_CREATE(r3, 0x5501)
write$uinput_user_dev(r3, &(0x7f0000000a40)={'syz1\x00', {}, 0x4d, [0x0, 0x2fa4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x8, 0x0, 0x80, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000000, 0x7ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x2, 0x0, 0x0, 0x0, 0xfffffffe, 0xffff, 0x0, 0x81, 0x0, 0x419], [0xffffffff, 0x3, 0x3, 0x0, 0x0, 0x40000, 0x0, 0xfffffffc, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x400000, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfd5], [0x0, 0x80000000, 0x42af19d6, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x800000, 0x3, 0x0, 0x0, 0x0, 0x0, 0x3, 0x8000000, 0x0, 0x0, 0x6, 0x0, 0x3, 0x1, 0x84, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x6], [0x81, 0x0, 0x5d30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x507, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x10000, 0x0, 0x0, 0xe58b, 0x0, 0x0, 0x0, 0x0, 0x4, 0x1ff]}, 0x45c)
r4 = socket$inet6(0xa, 0x2, 0x0)
ioctl$sock_SIOCETHTOOL(r4, 0x89f0, 0x0)

1.048126769s ago: executing program 9 (id=3663):
r0 = io_uring_setup(0x3c92, &(0x7f0000000240)={0x0, 0x3, 0x0, 0xffffffff})
r1 = socket$inet_smc(0x2b, 0x1, 0x0)
setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r1, 0x6, 0x21, &(0x7f0000000040)="5766b1b827f600333b09d3748ee7d700", 0x10)
shutdown(r1, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

972.416319ms ago: executing program 9 (id=3664):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xe, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000001d711867000000000095"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

972.229862ms ago: executing program 9 (id=3665):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88)
setsockopt$inet_MCAST_JOIN_GROUP(r0, 0x0, 0x2a, &(0x7f0000000000)={0x6, {{0x2, 0x4e21, @multicast2}}}, 0x88)
setsockopt$inet_group_source_req(r0, 0x0, 0x2b, &(0x7f00000004c0)={0x1, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x28}}}}, 0x108)

971.883624ms ago: executing program 9 (id=3666):
r0 = memfd_create(&(0x7f0000000380)='\x103q}2\x9a\xce\xaf\x03\xdfyR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7R\x94\xaf\xbb\xdcM\x90k\xd6\x05\r\x84\x87\x1e?\x10\x95SWFO{\x1f\x1b!\xd5\x991D\x1c\b\x8c`\xeaSA\x90m\xb6&\xd0\xf1\xb3\xed:\x82\xbd\xe3i|BL\x1f\x9d\x00\x00\xc5\xb8$\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\r\xd6h\x80\x8fQ|\xf5d\x10\x10\xd7\t\x00\x00\x00\x00\x00\x00\x00<\xfeeS\xb2l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfaa\xd3\xf1\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7~x\xb8vo\xe6\x15@\xc9\"CY\x11\xb9u\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D4E^7%8\x94y\x90\xf0l\xa0\'L%\xd4\xda\xee\x81\x98\xcc\xfd\xa2\x89$\x9by\xf1\xbb\x01\xb7\xcd\xbf\x99\x1f\x90@b\x03\xb3\xe0CfU\x16{\xbey\xa1cs\x96U\x11\xdb*\xdf\xcdG\xc7z\x85\x8aE\xf7\xd5\x9dAj\xe3\xfb\xc4\xa0\x14\x87\x19\x17\xed\xd1\x185%Q%\x81\xfaK\x82\xec=\xa3\xb8~\xb6O\xbd\x19*\xdb\x1c\x10\xa4\x8dIl\xc1\xceG\xd0h\xa1\xab:dP\xb6\xa0BR\xbe\x03\xac\xd9\x87\x00@\x80\x94\xd88\xc9\x03\x97\x17r\x85#\x7f\x8cu\x8f\xcc\x7fF\xb5\xea\xa6\xc1\x9d\xac\x89\xc9\xa1tuJw\xee\x1a\xe73\xa8\xadS\xd1\x11#d\xc2\xcfdj\x9ec\x93\xd5K\x90*_3\x89\v\xab\x04ih\x12\x93\xc5m\x8f~{\xe5\x85\xa5g\x00\x00\x00\xe45Q\xab%\xa8[\xf3\x17\x94\xf8\xdfq\xff\xd2?\xafW\xde\x1bW]\x1f\aaV\xc5\xc82*\xc7\xc5\"C}L\x10e\xc6\x90\xc0\xf9z\xb6+/d\x86\xf2\xbe\xc9:u\t\\e\x05)\xe4\xd2\xc4\x1a\xc9\xac\xdb\x925\x02\x94@\xa2\xe1\xee\x16\xb4\x98\xff\x0f\xbb\xb2\x81\xcf\x13g6l\xcc\xc8\x02\v\xa2\xb2\xf6\xbf@d\xcecC\x9fVz\xf4\x14\xa5\x8b|\xe1\xc0\xfa3X\xf4\xd9L\xe6\x8f\x9dy\x0fX.\xc5EQ\xd1/\xa1\xd0\x03>\xf0\x90\x13B\xe2\x97\x8b!\xf7\"\xecX\x92\xab\xbc^\xb2\x80@\xcc+\xbbp\xdc|N\xd3[=G\xb2\xe1\x9c\xc5\x81y\x84\xef\xacQ\x01\xdd\xe7<\xb8\xf1Hn\x86\xa6\xe3\x18N\x19\"[-\xdb\xef\xc3\xe0\xa8}', 0x0)
ftruncate(r0, 0x80079a0)
r1 = socket$inet6_udplite(0xa, 0x2, 0x88)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c)
sendfile(r1, r0, 0x0, 0x401)

895.291835ms ago: executing program 9 (id=3667):
syz_mount_image$udf(&(0x7f0000000f00), &(0x7f0000000180)='./file1\x00', 0x2008002, &(0x7f0000000400)=ANY=[@ANYBLOB='utf8,adinicb,lastblock=00000000000000000001,unhide,gid=', @ANYRESDEC=0x0, @ANYBLOB=',session=00000000000000001023,uid=ignore,gid=', @ANYRESDEC=0x0, @ANYBLOB="2c756e64656c6574652c00ba95e3856be72911d5feaaf3d0c0acaa9fa197ed0d116bf1ee4896b3095d2e09e0adff0fc14eed77abeac19eb91e86e97479566b5c81a25240f81d8f905ccf57cf782134b2bc32c843aa113d8c1d28cf893b9981af20804a8a1f472a604e491dc5e21a7f02443d89680cf06e74f108d437cc8297245cec5480719902ab"], 0x0, 0xc57, &(0x7f0000000f40)="$eJzs3U9sHNd9B/DfGy3Fld1WTOwoThoXm7ZIZcZy9S+mYhXOqqbZBpBlIhRzC8AVSakLUSRBUo1spC3TS1H0kKKHosiJQGsUSNHAaIqgR6Z1geTiQ5FTT0QLG0HRA1sEyClgMLNvxRVN2qQlUpL1+djSd2fmvZn3ZtYzssA3LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAiN99+cLJU2kPFf5kHxsDAByIS2NfOXl6L89/AOChd3mv//8PAAAAAAAAAAAAAAActBRFPBEp5i+tp4lquaN+sd1389b48EjEX25T7Uiqah6qype/6qdOnzn7heeHznXzYns21z8In45Xxy5faLw0d2N+YXpxcXqqMT7bnpybmt71HnZTv28PLRqsTkDjxvWbU1evLjZOP3fmjs23Bt7tf/zYwPmhZ0483S07PjwyMrZZpN5bvraHQ29npxEeh6OIE5Hi2e/+JLUioohdnov3UT/Ya7/VkaoTg1UnxodHqo7MtFuzS+XG0e6JKCIaPZWa3XO0/bWI2l6u/X5qRiyXzS8bPFh2b2y+tdC6MjPdGG0tLLWX2nOzo6nT2rI/jSjiXIpYiYi1/vfuri+KqEWKbx9dT1ci4lD3PHy+Ghi8czuKfezjLpTtbPRFrBQPwTV7gPVHEa9Eip++dTwm832mutd8LuKVMr8f8UaZL0ak8otxNuKdbb5HPJxqUcRflNf//Hqa6j7iqvvKxa82vjx7da6nbPe+ssfnw3vuFPfp+XBkSx6MB/zeVI8iWtUdfz3t/g9LAAAAAAAAAAAAAAAAAOy3I1HEpyLFy//xh9W44qjGpR89P/R7A7/cO2b8qQ/YT1n2uYhYLnY3JvdwHhg4mkZTus9jiR9l9Sjij/L4v2/e78YAAAAAAAAAAAAAAAAAAAA80or4caR44e3jaSV65xRvz15rXG5dmenMCtud+7c7Z/rGxsZGI3WymXMi53LOlZyrOddyRpHr52zmnMi5nHMl52rOtZxxKNfP+c7f5Pp5eTnnSs7VnGs5o5br52zmnMi5nHMl52rOtZzxgMzdCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwUVJEET+PFN/6+nqKFBHNiIno5Gr//W4dAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFDqT0V8L1I0fr95e10tIlL1b8fx8rez0Txc5sejOVTmi9G8kLNVZa35zfvQfu5OXyriR5Giv/7m7Quer39fZ+n21yDe+Mbm0qdrnTzU3Tjwbv/jx46eHxr5tad2+py2a8DgxfbszVuN8eGRkbGe1bV89I/3rBvIxy3uTdeJiMXXXr/empmZXvhwH67G69fLr8CHrP6QfUi1R6WnPlQfovaBZc7nO+D9buq97zuPgPL5/06k+O23/7P7wO88/+vxS52l20/4+Nkfbz7/X9i6o10+/2tb6+Xnf/lM3+75/0TPuhfyn0b6ahH1pRvzfcci6ouvvX6ifaN1bfra9OzZkye/ODT0xTMn+w5H1K+2Z6Z7Pt2T0wUAAAAAAAAAAAAAAABwcFIRX4oUrR+tp0ZE3KrGaw2cH3rmxNOH4lA13uqOcduvjl2+0Hhp7sb8wvTi4vRUY3y2PTk3Nb3bw9Wr4V7jwyP70pkPdGSf23+k/tLc/GsL7Wt/sLTt9sfqF64sLi20Jrfb/Oc5m70rB6sGjw+PVI2eabdmq6qj2w6m37u+VMR/RYrJs4302bwuj//fOsL/jvH/y1t3tE/j/z/Ws648ZkpF/CxS/NZfPRWfrdr5WPVCgOaW3Zbl/i5SDJ77TC4Xh8ty3TZ03ivQGRlYlv2/SPFPP7+zbHc85BObZU/t+sQ+JMrrfzRSfO/PvhO/ntfd+f6H7a//Y1t3tE/X/8medY/d8b6Cu+46+fqfiBQvPvFm/EZe937v/+i+e+N4Lnz7/Rz7dP0/0bNuIB/3N+9N1wEAAAAAAAAAAB5qfamIv48UPxippefzut38/N9UJzZ/pGuffv7rkz3rpu5+vqJdfbgnJxYAAAAAHgB9qYgfR4prS2/eHkN95/jvnvGfv7M5/nM4bdla/T3fr1TvDbiXf//XayAfd+Luuw0AAAAAAAAAAAAAAAAAAAAPlJSKeD7Ppz5Rjeef2nE+9dVI8fL/PJvLpWNlue488APV7/VLc7MnLszMzE22llpXZqYbY/Otyemy7pORYv1vP5PrFtX86t355jtzvG/Oxb4QKUb+oVu2Mxd7d27yJzfLnirLfixS/Pc/3lm2O4/1JzbLni7L/nWk+Nq/bF/22GbZM2XZ70SKH36t0S37WFm2+37UT26WfW5yrtiHqwIAAAAAAAAAAAAAAAAAAMCjpi8V8aeR4n9vrNwey5/n/+/rWay88Y2e+f63uFXN8z9Qzf+/0+cPM/9/9V6B5Z2OCgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH00ping9UsxfWk+r/eVyR/1ie/bmrfHhke2rHUlVzUNV+fJX/dTpM2e/8PzQuW6+f/177VPx6tjlC42X5m7ML0wvLk5PNcZn25NzU9O73sPd1t9qsDoBjRvXb05dvbrYOP3cmWr14bz51sC7/Y8fGzg/9MyJp7tlx4dHRsZ6dlHr+9BHf4/udT28Zf3hKOJwpHj2uz9JP+iPKOLuz8UHfHf225GqE4NVJ8aHR6qOzLRbs0vlxtHuiSgiGj2Vmt1zdADX4q40I5bL5pcNHiy7NzbfWmhdmZlujLYWltpL7bnZ0dRpbdmfRhRxLkWsRMRa/3t31xdFXI8U3z66nv61P+JQ9zx8/tLYV06e3rkdxT72cRfKdjb6IlaKvV6z+9zwB0x/FPHPkeKnbx2Pf+uPqEXnV3wu4pUyvx/xRnROWyq/GGcj3tnme8TDqRZF/H95/c+vp7f6y/tB975y8auNL89enesp272vPPTPh4O0873pSwfajh3Uo4gfVnf89fTv/rsGAAAAAAAAAAAAAAAAeIAU8auR4oW3j6dqfHAeU/xk3nplpjOsrzv2rztmemNjY6OROtnMOZFzOedKqle5mpfXckaR6+dsllnf2JjIy8s5V3Ku5lzLGYdy/ZzNnBM5l3Ou5FzNuZYzarl+zmbOiZzLOVdyruZcyxkPylhwAAAAAAAAAAAAAAAAAADgI6Wo/knxra+vp43+zvzSE9HJVfOBfuT9IgAA//+LUPSl")

823.434308ms ago: executing program 9 (id=3668):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4)
connect$inet6(0xffffffffffffffff, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(0xffffffffffffffff, 0x6, 0x1f, &(0x7f0000000540), 0x3c)
setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, &(0x7f0000000000)=@gcm_256={{0x303}, "41328a01004ad2ba", "e8582491a0c4050000000000f6542a9b6800000000000000003967d2daa45b4e", "61241765", "89b06aff05000050"}, 0x38)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x80)
bind$alg(0xffffffffffffffff, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000100)={'netdevsim0\x00', <r4=>0x0})
r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1, 0x7, 0x2261, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', r4}, 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000d80)={{r5}, &(0x7f0000000d00), &(0x7f0000000d40)='%+9llu \x00'}, 0x20)
bpf$MAP_UPDATE_CONST_STR(0x2, 0x0, 0x0)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000a40)={0xffffffffffffffff, &(0x7f0000000000), 0x0}, 0x20)
mount$fuse(0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[])
write$FUSE_INIT(0xffffffffffffffff, 0x0, 0x0)

210.534865ms ago: executing program 3 (id=3669):
r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/kernel/notes', 0x900, 0x1a4)
preadv(r0, &(0x7f0000000bc0)=[{&(0x7f0000000400)=""/127, 0x7f}, {0x0}], 0x2, 0x0, 0x5)

157.605671ms ago: executing program 3 (id=3670):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)=ANY=[@ANYBLOB="2000000069000305000000000000000000000c0000000000080001"], 0x20}}, 0x0)

157.406884ms ago: executing program 5 (id=3638):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x3a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="1500000000"], 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0e000000040000000800000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af0ff00000000bfa20000000000000702000000feffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)

127.346115ms ago: executing program 3 (id=3671):
openat(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/cgroup.procs\x00', 0x48102, 0xa1)
r0 = syz_io_uring_setup(0x234, &(0x7f0000000580)={0x0, 0x95f5, 0x10100, 0x0, 0x89}, &(0x7f0000000280)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31})
io_uring_enter(r0, 0x207a98, 0x363, 0xc, 0x0, 0x0)

523.321µs ago: executing program 3 (id=3672):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x8)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x8, &(0x7f0000005880)=ANY=[@ANYBLOB="6e6f646973636172642c6e6f636865636b706f696e745f6d657267652c616c6c6f635f6d6f64653d64656661756c742c6163746976655f6c6f67733d362c757365725f78617474722c6661756c745f696e6a656374696f6e3d30303030303030303030303030303030303031362c646973636172642c6e6f61636c2c6673796e635f6d6f64653d706f7369782c616c6c6f635f6d6f64653d64656661756c742c6e6f657874656e745f63616368652c6163746976655f6c6f67733d322c6661756c745f747970653d30303030303030303030303031363737373231342c0084538367d8b9c04bebbf0f4ea4d5617c063f0a30b5325e5d939d497829d8452e38794f1563bf34cdaaf9b70591db2f2a066e339d0c0b7c189bac05d8e91e9d1f4670d79a57f83b67f1f98b905d3b06be7de7829439d0b21d1744d7fad3fe3f3f9b3361f4bfa2c2e375c048af0d6ecac62d07c6a85e2558b9e8639b050137830520aea2c9243f9f9eca12969def7d15c8bac687164c38cf349d738c"], 0x1, 0x5505, &(0x7f0000000340)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
syz_mount_image$exfat(0x0, &(0x7f0000000100)='./bus\x00', 0x4800, 0x0, 0x0, 0x0, &(0x7f0000000240))
mkdir(&(0x7f0000001c00)='./file0\x00', 0x0)
renameat2(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x4)

0s ago: executing program 5 (id=3673):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file3\x00', 0xcc0, &(0x7f00000001c0)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6865617274626561743d6e6f6e652c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c636f686572656e63793d62756666657265642c6572726f72733d636f6e74696e75652c757365725f78617474722c626172726965723d30303030303030303030303030303032363131352c6469725f726573765f6c6576656c3d30303030303030303030303030303030303030362c696e74722c6a6f75726e616c5f6173796e635f636f6d6d69742c00535d4e036013ec9e6e7ecdee3849b40884b95e94f35cec9600cd19beb0"], 0x1, 0x442a, &(0x7f0000004480)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3+5159pnD8MSJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAud/2MBAAAAAAAAAAAAAAAAAADgb2rz/f9cdKLJ+/9jyXGkRf31tzo/Rjpn4u2rYxcGh5L936Nt+a8nSb+c6wr9TfZ9z+7/fi5Tv/n+79v72a3G+Br99oUoHkidx/HAQAjfJBu/n4qOxKXyUuXVW+Xlhdk9G8YzKx3/+u79qegkG/q3G//RTPud3///v9uupur5zb27xJ5r6fh3tSz37adRW/E/n6m3H/Fn99Lx766l9W4tMFKfAKrx/7x75/iPZdrvVPyPhxByUXWsudQMUF3DVNNbrVdIS8f/UC0tNXUmH2Sr+//3TPwvZNo/qPl/JftFRFPp+P+rltaTKrF5//fHO9//FzPtH0T8q+Nf8f3flnT8D9cTu1NFap9ku/P/eKb9TsX/epyM83iUugJWo3p6q/9XR1o6/j3b8jef/+K21n+XMvX36/mv0W/j+a8x/b8c1Z//aC4d/96W5dq9/ycy9To9/4/U1n/sVjr+R2pp6bVzX+1nu/GfzLTfqfjXViU9jfhvzid/HK6nf23915Z0/P9dT4y3llip/ayt/6Kd1/+XM+0fxPqvOv6VuLO9Pi/S8T/aslw1/j+08f1/JVOv8/EPYdBaf9fS8T/Wslzt/u/ZOf5TmXqdjv9LnWwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Bkwmhz7QhQPpM7jeGAghPPJ+alwJJouzOanS+WZj5ZCGEvSc+FEdLtUni6U8nML5dlivlAqlWdCuJDknww90VKpXMnPF+5e3GirN7pTLCxWpouFSghhPEn/fzjWaGt6rjJfuBtCuLSR95+4vHj3TmEhPzu3+Obg4OBgmNgYQ39U/KRSXKjUe6/nhjC5Ubcv2jK4WvbljbEcjT4sLy8uFEq19Ctb6pTKM4XSljpTSd4XoT+qLC4vzBQqxXypfLvR30EaSY5jE9feu3ZlaFv+zah+HN3fYQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwFz0afuPLEEJ3/SwOIYw0fomalX/4uHg2/3Tq/trw6cnVB2tPWpUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JMdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7NIxSgNBFAbgN2Ohdh7DatntbFcU0cIVwRPoMTyMHsVLeIcUKdKmCIFkFsJmF7ZJqu9rHszPzHswDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHme3ruPt7qJSHG1uYz4+/pfHOYvpf7cj9+/OMOMnM7za/fwWDfl39NRfleOlm3epevV92eM1N7vYE+G+7TX97menGtq36bm6/veRMpVRLQlv005V9W8twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyw4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRR9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPArAAD///4CHxA=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
write(r0, &(0x7f0000000540)="95", 0x1)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x28042, 0x119)
ioctl$FICLONERANGE(r1, 0x4020940d, &(0x7f00000000c0)={{r1}, 0x0, 0xffd, 0x108000})

kernel console output (not intermixed with test programs):

0] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  363.839422][   T33] audit: type=1800 audit(2000000289.427:116): pid=14011 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2967" name="file1" dev="loop1" ino=5 res=0 errno=0
[  363.891063][T14011] minix: Unknown parameter '18446744073709551615@LqE: 艞t}0$'
[  363.923800][   T33] audit: type=1800 audit(2000000289.436:117): pid=14011 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2967" name="file2" dev="loop1" ino=6 res=0 errno=0
[  364.081300][T14006] loop9: detected capacity change from 0 to 32768
[  364.087332][T14006] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop9 (7:9) scanned by syz.9.2968 (14006)
[  364.094723][T14006] BTRFS info (device loop9): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  364.097932][T14006] BTRFS info (device loop9): using sha256 (sha256-lib) checksum algorithm
[  364.100607][T14006] BTRFS info (device loop9): using free-space-tree
[  364.222551][ T5713] BTRFS info (device loop9): qgroup scan completed (inconsistency flag cleared)
[  364.245525][T10402] BTRFS info (device loop9): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  365.172245][T14045] loop1: detected capacity change from 0 to 32768
[  365.175484][T14045] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.2978 (14045)
[  365.184282][T14045] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  365.188832][T14045] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm
[  365.191772][T14045] BTRFS info (device loop1): disk space caching is enabled
[  365.194322][T14045] BTRFS warning (device loop1): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  365.240165][T14045] BTRFS info (device loop1): rebuilding free space tree
[  365.273463][T14045] BTRFS info (device loop1): disabling free space tree
[  365.276323][T14045] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  365.280564][T14045] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  365.699954][T13246] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  366.161269][T14092] ptrace attach of "/syz-executor exec"[13246] was attempted by "/syz-executor exec"[14092]
[  366.686952][T14108] input: syz0 as /devices/virtual/input/input17
[  367.148135][T14118] netlink: 'syz.9.2999': attribute type 2 has an invalid length.
[  367.155590][T14118] netlink: 199816 bytes leftover after parsing attributes in process `syz.9.2999'.
[  367.206689][T14122] loop9: detected capacity change from 0 to 512
[  367.212654][T14122] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode
[  367.224936][T14122] EXT4-fs warning (device loop9): ext4_expand_extra_isize_ea:2848: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  367.231871][T14122] EXT4-fs (loop9): 1 truncate cleaned up
[  367.234502][T14122] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  367.269829][T10402] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  367.286293][T14129] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3003'.
[  367.548661][ T5903] usb 10-1: new full-speed USB device number 27 using dummy_hcd
[  367.658149][T14149] loop1: detected capacity change from 0 to 128
[  367.709528][ T5903] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  367.714585][ T5903] usb 10-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A
[  367.723757][ T5903] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64
[  367.733789][ T5903] usb 10-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10
[  367.737992][ T5903] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  367.745111][ T5903] usb 10-1: Product: syz
[  367.749872][ T5903] usb 10-1: Manufacturer: syz
[  367.752090][ T5903] usb 10-1: SerialNumber: syz
[  367.763422][ T5903] usb 10-1: config 0 descriptor??
[  367.846771][T14131] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[  367.850213][T14131] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[  367.855381][ T5903] usb 10-1: ucan: probing device on interface #0
[  368.249842][T14171] loop1: detected capacity change from 0 to 4096
[  368.267139][T14171] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512).
[  368.302234][T14167] loop2: detected capacity change from 0 to 40427
[  368.307349][T14167] F2FS-fs (loop2): invalid crc value
[  368.324726][T14171] ntfs3(loop1): Failed to load $Extend (-22).
[  368.329115][T14171] ntfs3(loop1): Failed to initialize $Extend.
[  368.337897][T14167] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  368.341150][T14167] F2FS-fs (loop2): Start checkpoint disabled!
[  368.346054][T14167] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  368.386570][T14171] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3023'.
[  368.538861][ T5903] ucan 10-1:0.0 can0: registered device
[  368.729163][ T5903] ucan 10-1:0.0 can0: firmware string: S hM6.`PO˦t<րv1E]d
[  368.974009][ T5903] usb 10-1: USB disconnect, device number 27
[  369.132540][T11287] kworker/u9:7: attempt to access beyond end of device
[  369.132540][T11287] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  369.138433][T11287] CPU: 0 UID: 0 PID: 11287 Comm: kworker/u9:7 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  369.138450][T11287] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  369.138458][T11287] Workqueue: writeback wb_workfn (flush-7:2)
[  369.138477][T11287] Call Trace:
[  369.138481][T11287]  <TASK>
[  369.138485][T11287]  dump_stack_lvl+0x189/0x250
[  369.138502][T11287]  ? __pfx_dump_stack_lvl+0x10/0x10
[  369.138514][T11287]  ? __pfx_queue_work_on+0x10/0x10
[  369.138525][T11287]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  369.138539][T11287]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  369.138563][T11287]  f2fs_handle_critical_error+0x37c/0x540
[  369.138580][T11287]  f2fs_write_end_io+0x886/0xb60
[  369.138603][T11287]  __submit_merged_bio+0x27a/0x6a0
[  369.138624][T11287]  __submit_merged_write_cond+0x255/0x530
[  369.138644][T11287]  f2fs_write_data_pages+0x261d/0x3000
[  369.138680][T11287]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  369.138706][T11287]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  369.138746][T11287]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  369.138761][T11287]  ? look_up_lock_class+0x74/0x170
[  369.138778][T11287]  ? trace_f2fs_writepages+0x7f/0x200
[  369.138793][T11287]  ? f2fs_write_node_pages+0x478/0x6e0
[  369.138811][T11287]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  369.138837][T11287]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  369.138854][T11287]  do_writepages+0x32e/0x550
[  369.138874][T11287]  ? reacquire_held_locks+0x127/0x1d0
[  369.138882][T11287]  ? writeback_sb_inodes+0x384/0x1010
[  369.138900][T11287]  __writeback_single_inode+0x145/0xff0
[  369.138914][T11287]  ? do_raw_spin_unlock+0x4d/0x240
[  369.138931][T11287]  writeback_sb_inodes+0x6c7/0x1010
[  369.138966][T11287]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  369.139054][T11287]  ? rcu_is_watching+0x15/0xb0
[  369.139069][T11287]  wb_writeback+0x43b/0xaf0
[  369.139082][T11287]  ? queue_io+0x3c1/0x590
[  369.139091][T11287]  ? __pfx_wb_writeback+0x10/0x10
[  369.139107][T11287]  ? _raw_spin_unlock_irq+0x23/0x50
[  369.139123][T11287]  wb_workfn+0x409/0xef0
[  369.139145][T11287]  ? __pfx_wb_workfn+0x10/0x10
[  369.139161][T11287]  ? __lock_acquire+0xab9/0xd20
[  369.139185][T11287]  ? process_scheduled_works+0x9ef/0x17b0
[  369.139207][T11287]  ? _raw_spin_unlock_irq+0x23/0x50
[  369.139219][T11287]  ? process_scheduled_works+0x9ef/0x17b0
[  369.139229][T11287]  ? process_scheduled_works+0x9ef/0x17b0
[  369.139241][T11287]  process_scheduled_works+0xae1/0x17b0
[  369.139276][T11287]  ? __pfx_process_scheduled_works+0x10/0x10
[  369.139303][T11287]  worker_thread+0x8a0/0xda0
[  369.139317][T11287]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  369.139337][T11287]  ? __kthread_parkme+0x7b/0x200
[  369.139357][T11287]  kthread+0x711/0x8a0
[  369.139373][T11287]  ? __pfx_worker_thread+0x10/0x10
[  369.139384][T11287]  ? __pfx_kthread+0x10/0x10
[  369.139399][T11287]  ? _raw_spin_unlock_irq+0x23/0x50
[  369.139411][T11287]  ? lockdep_hardirqs_on+0x9c/0x150
[  369.139424][T11287]  ? __pfx_kthread+0x10/0x10
[  369.139437][T11287]  ret_from_fork+0x3fc/0x770
[  369.139452][T11287]  ? __pfx_ret_from_fork+0x10/0x10
[  369.139468][T11287]  ? __switch_to_asm+0x39/0x70
[  369.139481][T11287]  ? __switch_to_asm+0x33/0x70
[  369.139492][T11287]  ? __pfx_kthread+0x10/0x10
[  369.139506][T11287]  ret_from_fork_asm+0x1a/0x30
[  369.139533][T11287]  </TASK>
[  369.261745][    C0] vkms_vblank_simulate: vblank timer overrun
[  369.274517][T11287] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  369.452357][T14188] loop2: detected capacity change from 0 to 64
[  369.665941][T14195] loop9: detected capacity change from 0 to 128
[  369.670385][T14195] EXT4-fs (loop9): Test dummy encryption mode enabled
[  369.748662][T14196] faux_driver regulatory: Direct firmware load for regulatory.db failed with error -2
[  369.752901][T14196] faux_driver regulatory: Falling back to sysfs fallback for: regulatory.db
[  369.924409][T14198] minix: Unknown parameter '18446744073709551615@LqE: 艞t}0$'
[  369.963244][   T33] audit: type=1800 audit(2000000295.077:118): pid=14198 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3029" name="file1" dev="loop2" ino=5 res=0 errno=0
[  369.986306][   T33] audit: type=1800 audit(2000000295.086:119): pid=14198 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3029" name="file2" dev="loop2" ino=6 res=0 errno=0
[  369.995817][T14195] EXT4-fs (loop9): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  370.001153][T14195] ext4 filesystem being mounted at /488/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  370.688173][T14211] loop1: detected capacity change from 0 to 4096
[  370.720158][T14211] NILFS (loop1): invalid segment: Checksum error in segment payload
[  370.724338][T14211] NILFS (loop1): trying rollback from an earlier position
[  370.760491][T14211] NILFS (loop1): recovery complete
[  370.765921][T14214] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  371.929892][T14225] (unnamed net_device) (uninitialized): option lacp_active: mode dependency failed, not supported in mode balance-rr(0)
[  371.943948][T10402] EXT4-fs (loop9): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  372.151045][T14240] loop9: detected capacity change from 0 to 512
[  372.155416][T14240] EXT4-fs (loop9): couldn't mount as ext3 due to feature incompatibilities
[  372.256942][T14252] loop2: detected capacity change from 0 to 256
[  372.264317][T14252] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x205ad3fc, utbl_chksum : 0xe619d30d)
[  372.302205][T14254] loop1: detected capacity change from 0 to 256
[  372.314853][T14254] FAT-fs (loop1): Directory bread(block 64) failed
[  372.317298][T14254] FAT-fs (loop1): Directory bread(block 65) failed
[  372.320082][T14254] FAT-fs (loop1): Directory bread(block 66) failed
[  372.322665][T14254] FAT-fs (loop1): Directory bread(block 67) failed
[  372.325081][T14254] FAT-fs (loop1): Directory bread(block 68) failed
[  372.327287][T14254] FAT-fs (loop1): Directory bread(block 69) failed
[  372.336714][T14254] FAT-fs (loop1): Directory bread(block 70) failed
[  372.341127][T14254] FAT-fs (loop1): Directory bread(block 71) failed
[  372.346139][T14254] FAT-fs (loop1): Directory bread(block 72) failed
[  372.348663][T14254] FAT-fs (loop1): Directory bread(block 73) failed
[  372.387115][T14258] svc: failed to register nfsdv3 RPC service (errno 111).
[  372.392038][T14258] svc: failed to register nfsaclv3 RPC service (errno 111).
[  372.442489][ T5917] usb 10-1: new full-speed USB device number 28 using dummy_hcd
[  372.460092][T14263] loop1: detected capacity change from 0 to 4096
[  372.466241][T14263] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  372.608281][ T5917] usb 10-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  372.613830][ T5917] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  372.624638][ T5917] usb 10-1: config 0 descriptor??
[  372.629397][ T5917] cp210x 10-1:0.0: cp210x converter detected
[  372.702407][T14267] C speed is unknown, defaulting to 1000
[  373.133738][ T5917] usb 10-1: cp210x converter now attached to ttyUSB0
[  373.408142][  T795] usb 10-1: USB disconnect, device number 28
[  373.421708][T13246] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  373.423303][  T795] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  373.452101][  T795] cp210x 10-1:0.0: device disconnected
[  373.511839][T14276] loop1: detected capacity change from 0 to 4096
[  373.515179][T14276] ntfs3(loop1): ino=3, Correct links count -> 2.
[  373.722543][   T55] Bluetooth: hci0: unexpected event for opcode 0x0c7d
[  374.677059][  T795] usb 10-1: new high-speed USB device number 29 using dummy_hcd
[  374.848000][  T795] usb 10-1: Using ep0 maxpacket: 16
[  374.853793][  T795] usb 10-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  374.858372][  T795] usb 10-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 22
[  374.866136][  T795] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  374.870296][  T795] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  374.873782][  T795] usb 10-1: SerialNumber: syz
[  374.887939][  T795] cdc_acm 10-1:1.0: skipping garbage
[  375.137094][  T795] usb 10-1: USB disconnect, device number 29
[  375.185707][    C0] vcan0: j1939_tp_rxtimer: 0xffff8880298a4400: rx timeout, send abort
[  375.292962][T14316] loop2: detected capacity change from 0 to 512
[  375.315516][T14316] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  375.324371][T14316] ext4 filesystem being mounted at /60/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  375.360223][T13618] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  375.488066][T14327] loop2: detected capacity change from 0 to 256
[  375.493549][T14327] FAT-fs (loop2): Directory bread(block 1285) failed
[  375.497875][T14327] FAT-fs (loop2): Directory bread(block 1285) failed
[  375.502808][T14327] FAT-fs (loop2): FAT read failed (blocknr 1281)
[  375.726341][    C0] vcan0: j1939_tp_rxtimer: 0xffff8880298a4400: abort rx timeout. Force session deactivation
[  376.036829][T14338] loop9: detected capacity change from 0 to 764
[  376.051125][T14338] rock: corrupted directory entry. extent=32, offset=2044, size=237
[  376.099437][ T5889] usb 2-1: new full-speed USB device number 8 using dummy_hcd
[  376.175216][T14340] loop9: detected capacity change from 0 to 256
[  376.228216][T14340] FAT-fs (loop9): Directory bread(block 64) failed
[  376.231609][T14340] FAT-fs (loop9): Directory bread(block 65) failed
[  376.241420][T14340] FAT-fs (loop9): Directory bread(block 66) failed
[  376.246098][T14340] FAT-fs (loop9): Directory bread(block 67) failed
[  376.250064][T14340] FAT-fs (loop9): Directory bread(block 68) failed
[  376.253063][T14340] FAT-fs (loop9): Directory bread(block 69) failed
[  376.256170][T14340] FAT-fs (loop9): Directory bread(block 70) failed
[  376.259162][T14340] FAT-fs (loop9): Directory bread(block 71) failed
[  376.262183][T14340] FAT-fs (loop9): Directory bread(block 72) failed
[  376.265191][T14340] FAT-fs (loop9): Directory bread(block 73) failed
[  376.276289][ T5889] usb 2-1: config 0 has an invalid interface number: 93 but max is 0
[  376.279613][ T5889] usb 2-1: config 0 has no interface number 0
[  376.285305][ T5889] usb 2-1: New USB device found, idVendor=10b8, idProduct=1bb4, bcdDevice=34.65
[  376.289713][ T5889] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  376.294115][ T5889] usb 2-1: Product: syz
[  376.296119][ T5889] usb 2-1: Manufacturer: syz
[  376.298426][ T5889] usb 2-1: SerialNumber: syz
[  376.307974][ T5889] usb 2-1: config 0 descriptor??
[  376.479372][T14342] loop9: detected capacity change from 0 to 512
[  376.516489][T14342] EXT4-fs error (device loop9): ext4_get_branch:178: inode #11: block 4294967295: comm syz.9.3093: invalid block
[  376.526797][T14342] EXT4-fs error (device loop9): ext4_free_branches:1023: inode #11: comm syz.9.3093: invalid indirect mapped block 4294967295 (level 1)
[  376.534193][ T5889] dvb-usb: found a 'DiBcom TFE7090PVR reference design' in warm state.
[  376.540696][ T5889] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  376.543706][T14342] EXT4-fs error (device loop9): ext4_free_branches:1023: inode #11: comm syz.9.3093: invalid indirect mapped block 4294967295 (level 1)
[  376.544674][ T5889] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[  376.551568][T14342] EXT4-fs (loop9): 2 truncates cleaned up
[  376.554655][ T5889] usb 2-1: media controller created
[  376.558529][T14342] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  376.563294][ T5889] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  376.584703][T14342] EXT4-fs error (device loop9): ext4_get_parent:1834: inode #11: comm syz.9.3093: bad parent inode number: 3
[  376.611452][ T5889] DVB: Unable to find symbol dib7000p_attach()
[  376.617190][ T5889] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[  376.622083][ T5889] dvb-usb: will use the device's hardware PID filter (table count: 32).
[  376.626696][ T5889] dvbdev: DVB: registering new adapter (DiBcom TFE7090PVR reference design)
[  376.627850][T10402] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  376.630138][ T5889] usb 2-1: media controller created
[  376.642521][ T5889] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  376.649762][ T5889] dib0700: the master dib7090 has to be initialized first
[  376.652722][ T5889] dvb-usb: no frontend was attached by 'DiBcom TFE7090PVR reference design'
[  376.726576][T14347] netlink: 8 bytes leftover after parsing attributes in process `syz.9.3094'.
[  376.740405][ T5889] rc_core: IR keymap rc-dib0700-rc5 not found
[  376.743140][ T5889] Registered IR keymap rc-empty
[  376.745947][ T5889] dvb-usb: could not initialize remote control.
[  376.757350][ T5889] dvb-usb: DiBcom TFE7090PVR reference design successfully initialized and connected.
[  376.790616][ T5889] usb 2-1: USB disconnect, device number 8
[  376.819407][ T5889] dvb-usb: DiBcom TFE7090PVR reference design successfully deinitialized and disconnected.
[  377.521337][T14355] loop9: detected capacity change from 0 to 40427
[  377.525040][T14355] F2FS-fs (loop9): build fault injection rate: 14
[  377.527573][T14355] F2FS-fs (loop9): build fault injection type: 0x3bfe8c
[  377.532886][T14355] F2FS-fs (loop9): invalid crc value
[  377.536093][    C0] F2FS-fs (loop9): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  377.546648][    C0] F2FS-fs (loop9): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  377.592502][T14355] F2FS-fs (loop9): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  377.596140][T14355] F2FS-fs (loop9): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  377.605311][T14355] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5
[  377.611406][T14355] F2FS-fs (loop9): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  377.619277][T14355] F2FS-fs (loop9): inject dquot initialize in f2fs_dquot_initialize of f2fs_new_inode+0x509/0x1050
[  377.641810][T10402] syz-executor: attempt to access beyond end of device
[  377.641810][T10402] loop9: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  377.647155][T10402] F2FS-fs (loop9): inject write IO error in f2fs_write_end_io of __submit_merged_bio+0x27a/0x6a0
[  377.651595][T10402] CPU: 1 UID: 0 PID: 10402 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  377.651606][T10402] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  377.651610][T10402] Call Trace:
[  377.651613][T10402]  <TASK>
[  377.651616][T10402]  dump_stack_lvl+0x189/0x250
[  377.651629][T10402]  ? __pfx_dump_stack_lvl+0x10/0x10
[  377.651637][T10402]  ? __pfx_queue_work_on+0x10/0x10
[  377.651645][T10402]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  377.651654][T10402]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  377.651668][T10402]  f2fs_handle_critical_error+0x37c/0x540
[  377.651680][T10402]  f2fs_write_end_io+0x886/0xb60
[  377.651695][T10402]  __submit_merged_bio+0x27a/0x6a0
[  377.651707][T10402]  __submit_merged_write_cond+0x255/0x530
[  377.651719][T10402]  f2fs_write_data_pages+0x261d/0x3000
[  377.651744][T10402]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  377.651774][T10402]  ? __mod_zone_page_state+0xd7/0x140
[  377.651787][T10402]  ? folios_put_refs+0x560/0x640
[  377.651800][T10402]  ? __pfx_folios_put_refs+0x10/0x10
[  377.651806][T10402]  ? rcu_is_watching+0x15/0xb0
[  377.651817][T10402]  ? __lock_acquire+0xab9/0xd20
[  377.651834][T10402]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  377.651844][T10402]  do_writepages+0x32e/0x550
[  377.651858][T10402]  ? do_raw_spin_unlock+0x4d/0x240
[  377.651869][T10402]  filemap_fdatawrite+0x199/0x240
[  377.651878][T10402]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  377.651929][T10402]  ? do_raw_spin_unlock+0x4d/0x240
[  377.651941][T10402]  f2fs_sync_dirty_inodes+0x31f/0x830
[  377.651956][T10402]  f2fs_write_checkpoint+0x95a/0x1df0
[  377.651974][T10402]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  377.652002][T10402]  ? kill_f2fs_super+0x298/0x6c0
[  377.652012][T10402]  kill_f2fs_super+0x2c3/0x6c0
[  377.652021][T10402]  ? __pfx_kill_f2fs_super+0x10/0x10
[  377.652029][T10402]  ? radix_tree_delete_item+0x2b6/0x400
[  377.652042][T10402]  ? shrinker_free+0x2ce/0x3e0
[  377.652051][T10402]  deactivate_locked_super+0xbc/0x130
[  377.652061][T10402]  cleanup_mnt+0x425/0x4c0
[  377.652069][T10402]  ? lockdep_hardirqs_on+0x9c/0x150
[  377.652079][T10402]  task_work_run+0x1d4/0x260
[  377.652090][T10402]  ? __pfx_task_work_run+0x10/0x10
[  377.652098][T10402]  ? __x64_sys_umount+0x122/0x160
[  377.652109][T10402]  ? exit_to_user_mode_loop+0x40/0x110
[  377.652120][T10402]  exit_to_user_mode_loop+0xec/0x110
[  377.652129][T10402]  do_syscall_64+0x2bd/0x3b0
[  377.652137][T10402]  ? lockdep_hardirqs_on+0x9c/0x150
[  377.652146][T10402]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  377.652152][T10402]  ? exc_page_fault+0x9f/0xf0
[  377.652162][T10402]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  377.652168][T10402] RIP: 0033:0x7ff9bdd8ff17
[  377.652177][T10402] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  377.652183][T10402] RSP: 002b:00007ffeb5d6e6d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  377.652191][T10402] RAX: 0000000000000000 RBX: 00007ff9bde11c05 RCX: 00007ff9bdd8ff17
[  377.652196][T10402] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffeb5d6e790
[  377.652200][T10402] RBP: 00007ffeb5d6e790 R08: 0000000000000000 R09: 0000000000000000
[  377.652204][T10402] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffeb5d6f820
[  377.652208][T10402] R13: 00007ff9bde11c05 R14: 000000000005a727 R15: 00007ffeb5d6f860
[  377.652221][T10402]  </TASK>
[  377.652224][T10402] F2FS-fs (loop9): Stopped filesystem due to reason: 3
[  377.658290][T14358] loop1: detected capacity change from 0 to 32768
[  377.792789][T14358] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.3098 (14358)
[  377.799619][T14358] BTRFS info (device loop1): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  377.803619][T14358] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  377.807251][T14358] BTRFS info (device loop1): using free-space-tree
[  377.906755][T13246] BTRFS info (device loop1): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  378.044138][T14389] loop1: detected capacity change from 0 to 512
[  378.046816][T14389] EXT4-fs: Ignoring removed bh option
[  378.056883][   T55] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  378.061168][   T55] Bluetooth: hci0: Injecting HCI hardware error event
[  378.062405][T14389] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  378.067085][   T55] Bluetooth: hci0: hardware error 0x00
[  378.086350][T14389] EXT4-fs (loop1): invalid journal inode
[  378.088844][T14389] EXT4-fs (loop1): can't get journal size
[  378.107549][T14389] EXT4-fs (loop1): 1 truncate cleaned up
[  378.113154][T14389] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  378.179440][T13246] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  378.544214][T14417] netlink: 8 bytes leftover after parsing attributes in process `syz.9.3116'.
[  378.573136][T14419] loop9: detected capacity change from 0 to 512
[  378.578071][T14419] EXT4-fs (loop9): 1 truncate cleaned up
[  378.582161][T14419] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  378.615667][T10402] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  378.747288][T14426] cgroup: fork rejected by pids controller in /syz9
[  379.467004][T17223] netlink: 136 bytes leftover after parsing attributes in process `syz.1.3124'.
[  379.470586][T17223] A link change request failed with some changes committed already. Interface ip6gretap0 may have been left with an inconsistent configuration, please check.
[  379.883223][  T795] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  379.958068][ T5904] usb 10-1: new high-speed USB device number 30 using dummy_hcd
[  380.064989][  T795] usb 2-1: Using ep0 maxpacket: 8
[  380.069486][  T795] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  380.073908][  T795] usb 2-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[  380.079630][  T795] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  380.085938][  T795] usb 2-1: config 0 descriptor??
[  380.090735][  T795] gspca_main: vc032x-2.14.0 probing 046d:0892
[  380.123024][ T5904] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  380.127289][ T5904] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  380.131134][ T5904] usb 10-1: New USB device found, idVendor=18b1, idProduct=0037, bcdDevice= 0.00
[  380.134519][ T5904] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  380.139339][ T5904] usb 10-1: config 0 descriptor??
[  380.268291][   T55] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  380.581565][ T5904] petalynx 0003:18B1:0037.0016: hidraw0: USB HID v0.00 Device [HID 18b1:0037] on usb-dummy_hcd.9-1/input0
[  380.802623][ T5904] usb 10-1: USB disconnect, device number 30
[  380.824546][T18015] loop2: detected capacity change from 0 to 512
[  380.827319][T18015] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  380.832566][T18015] EXT4-fs (loop2): 1 truncate cleaned up
[  380.835373][T18015] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  380.844000][T18015] EXT4-fs error (device loop2): ext4_get_parent:1838: comm syz.2.3133: inode #2: comm syz.2.3133: iget: illegal inode #
[  380.865713][T13618] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  381.115507][T18032] tipc: Started in network mode
[  381.117542][T18032] tipc: Node identity 4, cluster identity 4711
[  381.119661][T18032] tipc: Node number set to 4
[  381.177807][T18034] netlink: 'syz.2.3141': attribute type 1 has an invalid length.
[  381.419498][T18040] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3142'.
[  381.609157][  T795] gspca_vc032x: reg_w err -71
[  381.611158][  T795] vc032x 2-1:0.0: probe with driver vc032x failed with error -71
[  381.614551][  T795] usb 2-1: USB disconnect, device number 9
[  381.652779][T18046] loop9: detected capacity change from 0 to 512
[  381.655657][T18046] EXT4-fs (loop9): ext4_check_descriptors: Checksum for group 0 failed (57259!=33349)
[  381.672374][T18046] EXT4-fs (loop9): orphan cleanup on readonly fs
[  381.675257][T18046] EXT4-fs error (device loop9): ext4_read_block_bitmap_nowait:517: comm syz.9.3146: Block bitmap for bg 0 marked uninitialized
[  381.684572][T18046] EXT4-fs error (device loop9) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  381.688438][T18046] EXT4-fs (loop9): 1 orphan inode deleted
[  381.691992][T18046] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  381.804307][T18046] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3146'.
[  382.617007][T10402] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  382.657499][T18078] binder: Binderfs stats mode cannot be changed during a remount
[  382.765014][T18087] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3163'.
[  383.040532][T18093] loop2: detected capacity change from 0 to 512
[  383.048987][T18093] EXT4-fs (loop2): Test dummy encryption mode enabled
[  383.051875][T18093] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  383.068331][T18093] EXT4-fs error (device loop2): ext4_orphan_get:1418: comm syz.2.3165: bad orphan inode 131083
[  383.073606][T18093] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  383.090606][T13618] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  383.394546][T18107] netlink: 248 bytes leftover after parsing attributes in process `syz.1.3171'.
[  383.464542][ T5903] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  383.625168][ T5903] usb 3-1: Using ep0 maxpacket: 32
[  383.629096][ T5903] usb 3-1: config 9 interface 0 altsetting 0 endpoint 0x8 has an invalid bInterval 0, changing to 7
[  383.633472][ T5903] usb 3-1: config 9 interface 0 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0
[  383.639616][ T5903] usb 3-1: config 9 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  383.646516][ T5903] usb 3-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  383.650066][ T5903] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  383.652675][ T5903] usb 3-1: Product: syz
[  383.654068][ T5903] usb 3-1: Manufacturer: syz
[  383.655555][ T5903] usb 3-1: SerialNumber: syz
[  383.794847][T18121] loop9: detected capacity change from 0 to 32768
[  383.801176][T18121] XFS (loop9): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  383.810312][T18121] XFS (loop9): Ending clean mount
[  383.828356][T10402] XFS (loop9): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  383.893397][ T5917] usb 3-1: USB disconnect, device number 8
[  384.085004][T18133] random: crng reseeded on system resumption
[  384.146064][ T5903] IPVS: starting estimator thread 0...
[  384.234308][T18134] IPVS: using max 84 ests per chain, 201600 per kthread
[  384.590231][T18145] loop1: detected capacity change from 0 to 1024
[  384.594560][T18143] loop2: detected capacity change from 0 to 4096
[  384.614477][T18145] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  384.622038][T18145] EXT4-fs error (device loop1): ext4_xattr_set_entry:1660: inode #16: comm syz.1.3184: corrupted xattr entries
[  384.627279][T18145] EXT4-fs (loop1): Remounting filesystem read-only
[  384.635947][T18143] ntfs3(loop2): ino=21, "file1" fallocate(0x40) is not supported
[  384.644081][T13246] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  384.797990][T18156] netlink: 16 bytes leftover after parsing attributes in process `syz.1.3187'.
[  385.014877][ T5903] usb 3-1: new high-speed USB device number 9 using dummy_hcd
[  385.196413][ T5903] usb 3-1: Using ep0 maxpacket: 32
[  385.203968][ T5903] usb 3-1: config 0 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  385.209276][ T5903] usb 3-1: config 0 interface 0 has no altsetting 0
[  385.211802][ T5903] usb 3-1: New USB device found, idVendor=5543, idProduct=0781, bcdDevice= 0.00
[  385.215705][ T5903] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  385.226698][ T5903] usb 3-1: config 0 descriptor??
[  385.230858][ T5904] usb 10-1: new high-speed USB device number 31 using dummy_hcd
[  385.392939][ T5904] usb 10-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  385.396766][ T5904] usb 10-1: config 0 interface 0 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0
[  385.400894][ T5904] usb 10-1: config 0 interface 0 has no altsetting 0
[  385.403931][ T5904] usb 10-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  385.407594][ T5904] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  385.415947][ T5904] usb 10-1: config 0 descriptor??
[  385.705476][ T5903] uclogic 0003:5543:0781.0017: ignoring exceeding usage max
[  385.709161][ T5903] uclogic 0003:5543:0781.0017: unbalanced collection at end of report description
[  385.713428][ T5903] uclogic 0003:5543:0781.0017: parse failed
[  385.715573][ T5903] uclogic 0003:5543:0781.0017: probe with driver uclogic failed with error -22
[  385.935767][ T5917] usb 3-1: USB disconnect, device number 9
[  386.000876][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[  386.003061][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[  386.117339][ T5904] usb 10-1: string descriptor 0 read error: -22
[  386.350052][ T5904] input: HID 256c:006d as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.0/0003:256C:006D.0018/input/input19
[  386.421379][ T5904] input: HID 256c:006d as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.0/0003:256C:006D.0018/input/input20
[  386.450736][ T5904] input: HID 256c:006d Touch Strip as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.0/0003:256C:006D.0018/input/input21
[  386.467086][ T5904] input: HID 256c:006d Dial as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.0/0003:256C:006D.0018/input/input22
[  386.492923][ T5904] uclogic 0003:256C:006D.0018: input,hidraw0: USB HID v0.00 Keypad [HID 256c:006d] on usb-dummy_hcd.9-1/input0
[  386.570380][ T5903] usb 10-1: USB disconnect, device number 31
[  386.950227][T18164] block nbd1: shutting down sockets
[  387.134139][T18180] (unnamed net_device) (uninitialized): option ad_actor_sys_prio: mode dependency failed, not supported in mode active-backup(1)
[  387.144454][ T5904] usb 3-1: new low-speed USB device number 10 using dummy_hcd
[  387.169129][T18184] loop1: detected capacity change from 0 to 512
[  387.174541][T18184] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  387.188338][T18184] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  387.193025][T18184] ext4 filesystem being mounted at /146/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  387.215563][T13246] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  387.249383][T18193] loop1: detected capacity change from 0 to 128
[  387.254516][T18193] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  387.308875][ T5904] usb 3-1: unable to get BOS descriptor or descriptor too short
[  387.312383][ T5904] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  387.316722][ T5904] usb 3-1: config 1 interface 0 altsetting 195 has 0 endpoint descriptors, different from the interface descriptor's value: 3
[  387.319276][T18200] tipc: Started in network mode
[  387.321323][ T5904] usb 3-1: config 1 interface 0 has no altsetting 0
[  387.322748][T18200] tipc: Node identity de9194688b78, cluster identity 4711
[  387.322845][T18200] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  387.327745][ T5904] usb 3-1: string descriptor 0 read error: -22
[  387.331663][T18200] syzkaller0: entered promiscuous mode
[  387.332446][ T5904] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  387.334068][T18200] syzkaller0: entered allmulticast mode
[  387.339979][ T5904] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  387.346255][ T5904] cdc_ether 3-1:1.0: skipping garbage
[  387.348060][ T5904] usb 3-1: bad CDC descriptors
[  387.358608][T18200] tipc: Resetting bearer <eth:syzkaller0>
[  387.361820][T18198] tipc: Resetting bearer <eth:syzkaller0>
[  387.373929][T18198] tipc: Disabling bearer <eth:syzkaller0>
[  387.470662][T18205] netlink: 'syz.1.3209': attribute type 2 has an invalid length.
[  387.542879][T18212] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3211'.
[  387.561640][ T5904] usb 3-1: USB disconnect, device number 10
[  388.283050][T18228] loop9: detected capacity change from 0 to 2048
[  388.300909][T18230] NILFS (loop9): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  388.328467][   T33] audit: type=1804 audit(2000000312.344:120): pid=18228 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.9.3218" name="/newroot/543/file2/bus" dev="loop9" ino=2097152 res=1 errno=0
[  388.684124][T18236] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  388.688179][T18236] iommufd_mock iommufd_mock1: Adding to iommu group 1
[  388.845289][T18246] loop1: detected capacity change from 0 to 1024
[  389.365963][ T5889] usb 10-1: new high-speed USB device number 32 using dummy_hcd
[  389.530576][ T5889] usb 10-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  389.544807][ T5889] usb 10-1: config 220 has 1 interface, different from the descriptor's value: 3
[  389.552662][ T5889] usb 10-1: config 220 interface 0 has no altsetting 0
[  389.559152][ T5889] usb 10-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  389.563239][ T5889] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  389.567068][ T5889] usb 10-1: Product: syz
[  389.570586][ T5889] usb 10-1: Manufacturer: syz
[  389.572670][ T5889] usb 10-1: SerialNumber: syz
[  389.815656][   T33] audit: type=1326 audit(2000000313.738:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18248 comm="syz.9.3226" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9bdd8ebe9 code=0x7ffc0000
[  389.827514][   T33] audit: type=1326 audit(2000000313.738:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18248 comm="syz.9.3226" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9bdd8ebe9 code=0x7ffc0000
[  389.835317][   T33] audit: type=1326 audit(2000000313.738:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18248 comm="syz.9.3226" exe="/syz-executor" sig=0 arch=c000003e syscall=277 compat=0 ip=0x7ff9bdd8ebe9 code=0x7ffc0000
[  389.847584][   T33] audit: type=1326 audit(2000000313.738:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18248 comm="syz.9.3226" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9bdd8ebe9 code=0x7ffc0000
[  389.854984][ T5889] uvcvideo 10-1:220.0: probe with driver uvcvideo failed with error -22
[  389.858123][   T33] audit: type=1326 audit(2000000313.738:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18248 comm="syz.9.3226" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9bdd8ebe9 code=0x7ffc0000
[  389.867531][ T5889] usb 10-1: USB disconnect, device number 32
[  390.567145][T18274] loop2: detected capacity change from 0 to 512
[  390.570126][T18274] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  390.579798][T18274] EXT4-fs (loop2): 1 truncate cleaned up
[  390.585599][T18274] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  390.604662][   T33] audit: type=1800 audit(2000000314.477:126): pid=18274 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3237" name="file1" dev="loop2" ino=15 res=0 errno=0
[  390.632563][T13618] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  390.694313][T18281] loop2: detected capacity change from 0 to 512
[  390.727369][T18281] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e842c11c, mo2=0002]
[  390.730186][T18281] System zones: 0-2, 18-18, 34-34
[  390.739300][T18281] EXT4-fs error (device loop2): ext4_validate_block_bitmap:441: comm syz.2.3240: bg 0: block 248: padding at end of block bitmap is not set
[  390.746499][T18281] Quota error (device loop2): write_blk: dquota write failed
[  390.749148][T18281] Quota error (device loop2): qtree_write_dquot: Error -117 occurred while creating quota
[  390.752512][T18281] EXT4-fs error (device loop2): ext4_acquire_dquot:6933: comm syz.2.3240: Failed to acquire dquot type 1
[  390.758702][T18281] EXT4-fs (loop2): 1 truncate cleaned up
[  390.761465][T18281] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  390.765868][T18281] ext4 filesystem being mounted at /122/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  390.772433][T18277] loop9: detected capacity change from 0 to 32768
[  390.785664][T13618] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  390.812064][T18277] XFS (loop9): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  390.822900][T18277] XFS (loop9): Ending clean mount
[  390.926389][ T9500] nci: nci_rx_work: unknown MT 0x1
[  390.935171][T10402] XFS (loop9): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  391.212269][T18313] netlink: 'syz.9.3243': attribute type 10 has an invalid length.
[  391.222465][T18313] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  391.916845][T18324] loop9: detected capacity change from 0 to 8
[  391.925667][T18324] SQUASHFS error: xz decompression failed, data probably corrupt
[  391.928297][T18324] SQUASHFS error: Failed to read block 0x108: -5
[  391.930504][T18324] SQUASHFS error: Unable to read metadata cache entry [106]
[  391.935231][T18324] SQUASHFS error: Unable to read inode 0x11f
[  391.978900][T18327] loop1: detected capacity change from 0 to 1024
[  391.982200][T18327] EXT4-fs: Ignoring removed nobh option
[  391.984713][T18327] EXT4-fs: Ignoring removed bh option
[  392.016669][T18327] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  392.201593][T18337] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3250'.
[  392.327419][ T5889] usb 10-1: new high-speed USB device number 33 using dummy_hcd
[  392.491389][ T5889] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  392.502034][T18340] overlayfs: conflicting lowerdir path
[  392.512625][ T5889] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  392.516951][ T5889] usb 10-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84
[  392.523997][ T5889] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  392.531803][ T5889] usb 10-1: New USB device found, idVendor=0bfd, idProduct=010c, bcdDevice=2d.16
[  392.535746][ T5889] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  392.539126][ T5889] usb 10-1: Product: syz
[  392.542263][ T5889] usb 10-1: Manufacturer: syz
[  392.544211][ T5889] usb 10-1: SerialNumber: syz
[  392.551182][ T5889] usb 10-1: config 0 descriptor??
[  392.557062][ T5889] kvaser_usb 10-1:0.0: error -ENODEV: Cannot get usb endpoint(s)
[  392.779645][  T795] usb 10-1: USB disconnect, device number 33
[  392.954493][T13246] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  393.048675][T18359] loop1: detected capacity change from 0 to 64
[  393.059227][T18359] BFS-fs: bfs_fill_super(): loop1 is unclean, continuing
[  393.512293][   T33] audit: type=1804 audit(2000000317.199:127): pid=18368 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.9.3267" name="/newroot/555/file1" dev="fuse" ino=1 res=1 errno=0
[  393.601246][T18375] loop9: detected capacity change from 0 to 1024
[  393.621896][T18375] hfsplus: bad catalog entry type
[  393.644019][T18377] loop2: detected capacity change from 0 to 512
[  393.649204][T18377] FAT-fs (loop2): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  393.710427][T18381] dlm: no locking on control device
[  393.769619][T18389] loop9: detected capacity change from 0 to 512
[  393.778763][T18389] EXT4-fs error (device loop9): ext4_orphan_get:1418: comm syz.9.3277: bad orphan inode 15
[  393.783385][T18389] ext4_test_bit(bit=14, block=5) = 0
[  393.785994][T18389] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  393.794703][T18389] EXT4-fs warning (device loop9): ext4_resize_begin:72: won't resize using backup superblock at 1
[  393.809103][T10402] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  393.935513][T18401] loop2: detected capacity change from 0 to 4096
[  393.939874][T18401] ntfs3(loop2): ino=3, Correct links count -> 2.
[  393.981126][T18397] loop9: detected capacity change from 0 to 32768
[  393.984223][T18397] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop9 (7:9) scanned by syz.9.3280 (18397)
[  393.989808][T18397] BTRFS info (device loop9): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  393.993505][T18397] BTRFS info (device loop9): using sha256 (sha256-lib) checksum algorithm
[  393.995103][ T5889] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  394.002812][T18397] BTRFS info (device loop9): using free-space-tree
[  394.097596][T10402] BTRFS info (device loop9): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  394.155820][ T5889] usb 2-1: Using ep0 maxpacket: 16
[  394.158924][ T5889] usb 2-1: config 0 has an invalid interface number: 214 but max is 0
[  394.161525][ T5889] usb 2-1: config 0 has no interface number 0
[  394.166891][ T5889] usb 2-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64
[  394.180092][ T5889] usb 2-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5
[  394.183281][ T5889] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  394.186448][ T5889] usb 2-1: Product: syz
[  394.194105][ T5889] usb 2-1: Manufacturer: syz
[  394.195995][ T5889] usb 2-1: SerialNumber: syz
[  394.220392][ T5889] usb 2-1: config 0 descriptor??
[  394.420526][T18429] vivid-000: disconnect
[  394.424837][T18429] vivid-000: reconnect
[  394.460350][T18432] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3289'.
[  394.585243][T18437] loop2: detected capacity change from 0 to 4096
[  394.589074][T18437] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512).
[  394.601092][T18437] ntfs3(loop2): $Secure::$SDH is corrupted.
[  394.603663][T18437] ntfs3(loop2): Failed to initialize $Secure (-22).
[  394.668508][ T5917] usb 10-1: new high-speed USB device number 34 using dummy_hcd
[  394.715109][   T33] audit: type=1326 audit(2000000318.321:128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18442 comm="syz.2.3294" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fdf21d8ebe9 code=0x0
[  394.828851][ T5917] usb 10-1: Using ep0 maxpacket: 16
[  394.834174][ T5917] usb 10-1: config 0 has an invalid interface number: 255 but max is 0
[  394.837854][ T5917] usb 10-1: config 0 has no interface number 0
[  394.844539][ T5917] usb 10-1: New USB device found, idVendor=1a0a, idProduct=0108, bcdDevice=da.32
[  394.848503][ T5917] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  394.853108][ T5917] usb 10-1: Product: syz
[  394.856498][ T5917] usb 10-1: Manufacturer: syz
[  394.858453][ T5917] usb 10-1: SerialNumber: syz
[  394.863583][ T5917] usb 10-1: config 0 descriptor??
[  394.873898][ T5917] usb_ehset_test 10-1:0.255: probe with driver usb_ehset_test failed with error -32
[  394.875420][ T5889] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.214/input/input23
[  395.084173][ T5889] usb 10-1: USB disconnect, device number 34
[  395.091313][ T5904] usb 2-1: USB disconnect, device number 10
[  395.674779][T18450] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3297'.
[  395.740845][T18456] loop1: detected capacity change from 0 to 512
[  395.754815][T18459] loop2: detected capacity change from 0 to 256
[  395.761101][T18459] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x421408f7, utbl_chksum : 0xe619d30d)
[  395.765785][T18459] exFAT-fs (loop2): bogus allocation bitmap size(need : 2, cur : 17179869186)
[  395.798958][T18456] EXT4-fs error (device loop1): ext4_orphan_get:1392: inode #15: comm syz.1.3300: casefold flag without casefold feature
[  395.805888][T18456] EXT4-fs error (device loop1): ext4_orphan_get:1397: comm syz.1.3300: couldn't read orphan inode 15 (err -117)
[  395.815982][T18456] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  395.820731][   T33] audit: type=1800 audit(2000000319.350:129): pid=18459 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3301" name="file2" dev="loop2" ino=1048662 res=0 errno=0
[  396.112371][T13246] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  396.276530][T18473] loop1: detected capacity change from 0 to 4096
[  396.287435][T18473] ntfs3(loop1): Different NTFS sector size (1024) and media sector size (512).
[  396.657923][T18483] loop1: detected capacity change from 0 to 40427
[  396.686174][T18483] F2FS-fs (loop1): invalid crc value
[  396.929358][T18483] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  396.937160][T18483] F2FS-fs (loop1): Start checkpoint disabled!
[  396.961976][T18483] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  398.362626][T18517] input: syz0 as /devices/virtual/input/input24
[  398.699393][T18522] loop9: detected capacity change from 0 to 128
[  398.704009][T18522] UDF-fs: error (device loop9): udf_read_tagged: read failed, block=256, location=256
[  398.712188][T18522] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  398.726116][   T33] audit: type=1800 audit(2000000322.072:130): pid=18522 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.3327" name="file1" dev="loop9" ino=104 res=0 errno=0
[  398.793904][T18526] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  398.878947][T18533] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3331'.
[  398.883890][T18533] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3331'.
[  398.944856][T18536] loop2: detected capacity change from 0 to 256
[  398.947965][T18536] vfat: Unknown parameter 'nnonumtail'
[  399.009755][   T33] audit: type=1804 audit(2000000322.334:131): pid=18536 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.3333" name="/newroot/164/file0/file1" dev="overlay" ino=885 res=1 errno=0
[  400.548268][ T5917] usb 10-1: new high-speed USB device number 35 using dummy_hcd
[  400.995640][T18578] loop2: detected capacity change from 0 to 512
[  401.000494][T18578] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  401.007677][T18578] EXT4-fs (loop2): 1 truncate cleaned up
[  401.012086][ T5917] usb 10-1: config 0 has an invalid interface number: 105 but max is 0
[  401.016540][T18578] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  401.021650][ T5917] usb 10-1: config 0 has no interface number 0
[  401.024290][ T5917] usb 10-1: New USB device found, idVendor=05ac, idProduct=0259, bcdDevice=f0.b2
[  401.028075][ T5917] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  401.046960][ T5917] usb 10-1: config 0 descriptor??
[  401.056421][T13618] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  401.057460][ T5917] input: bcm5974 as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.105/input/input25
[  401.130014][T18584] loop2: detected capacity change from 0 to 128
[  401.132693][T18584] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  401.138101][T18584] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  401.299086][ T5917] usb 10-1: USB disconnect, device number 35
[  401.299651][ T5279] bcm5974 10-1:0.105: could not read from device
[  401.315490][ T5279] bcm5974 10-1:0.105: could not read from device
[  401.338155][T18592] loop2: detected capacity change from 0 to 4096
[  401.344480][T18592] ntfs3(loop2): Different NTFS sector size (4096) and media sector size (512).
[  401.358316][   T33] audit: type=1800 audit(2000000324.532:132): pid=18592 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3356" name="file1" dev="loop2" ino=30 res=0 errno=0
[  401.428421][T18598] ip6_tunnel: non-ECT from fc00:0000:0000:0000:0000:0000:0000:0000 with DS=0xf
[  401.756269][ T5903] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  401.920787][ T5903] usb 3-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad
[  401.929269][ T5903] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  401.935916][ T5903] usb 3-1: config 0 descriptor??
[  401.941678][T18608] loop9: detected capacity change from 0 to 128
[  401.947294][ T5903] gspca_main: spca508-2.14.0 probing 8086:0110
[  401.953750][T18608] UDF-fs: error (device loop9): udf_read_tagged: read failed, block=256, location=256
[  401.963335][T18608] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  402.065873][T18612] loop9: detected capacity change from 0 to 128
[  402.246498][T18618] netlink: 'syz.9.3368': attribute type 1 has an invalid length.
[  402.253801][T18618] netlink: 224 bytes leftover after parsing attributes in process `syz.9.3368'.
[  402.384428][ T5903] gspca_spca508: reg_read err -71
[  402.403377][ T5903] gspca_spca508: reg_read err -71
[  402.405376][ T5903] gspca_spca508: reg_read err -71
[  402.409646][ T5903] gspca_spca508: reg_read err -71
[  402.411952][ T5903] gspca_spca508: reg write: error -71
[  402.414380][ T5903] spca508 3-1:0.0: probe with driver spca508 failed with error -71
[  402.423962][ T5903] usb 3-1: USB disconnect, device number 11
[  403.315838][T18639] loop2: detected capacity change from 0 to 32768
[  403.320040][T18639] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.3378 (18639)
[  403.326254][T18639] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  403.330452][T18639] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[  403.333851][T18639] BTRFS info (device loop2): using free-space-tree
[  403.396018][T13618] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  403.926394][ T5904] usb 3-1: new full-speed USB device number 12 using dummy_hcd
[  404.102995][ T5904] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  404.108338][ T5904] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  404.111720][ T5904] usb 3-1: Product: syz
[  404.113688][ T5904] usb 3-1: Manufacturer: syz
[  404.115759][ T5904] usb 3-1: SerialNumber: syz
[  404.120938][ T5904] usb 3-1: config 0 descriptor??
[  404.349119][ T5904] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  406.501850][ T5904] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  406.508268][T18723] loop9: detected capacity change from 0 to 32768
[  406.512206][ T5904] usb 3-1: USB disconnect, device number 12
[  406.514051][T18723] jfs_mount: Failed to read FILESYSTEM_I
[  406.517274][T18723] Mount JFS Failure: -5
[  406.518748][T18723] jfs_mount failed w/return code = -5
[  406.647001][T18729] loop9: detected capacity change from 0 to 256
[  406.662596][T18729] exFAT-fs (loop9): failed to load upcase table (idx : 0x0001e4a3, chksum : 0x00949fb8, utbl_chksum : 0x7319d30d)
[  406.721621][T18733] netlink: 16 bytes leftover after parsing attributes in process `syz.9.3413'.
[  406.801911][T18737] netlink: 8 bytes leftover after parsing attributes in process `syz.9.3415'.
[  406.996628][T18740] loop9: detected capacity change from 0 to 40427
[  407.008630][T18740] F2FS-fs (loop9): invalid crc value
[  407.073429][T18740] F2FS-fs (loop9): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  407.085836][T18740] F2FS-fs (loop9): Start checkpoint disabled!
[  407.096957][T18740] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e6
[  407.137372][   T33] audit: type=1800 audit(2000000329.948:133): pid=18740 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.3416" name="file1" dev="loop9" ino=10 res=0 errno=0
[  407.162109][T18740] syz.9.3416: attempt to access beyond end of device
[  407.162109][T18740] loop9: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  407.177492][T18740] syz.9.3416: attempt to access beyond end of device
[  407.177492][T18740] loop9: rw=2049, sector=45104, nr_sectors = 16 limit=40427
[  407.192775][T18740] syz.9.3416: attempt to access beyond end of device
[  407.192775][T18740] loop9: rw=2049, sector=45120, nr_sectors = 16 limit=40427
[  407.210288][T18740] syz.9.3416: attempt to access beyond end of device
[  407.210288][T18740] loop9: rw=2049, sector=45136, nr_sectors = 16 limit=40427
[  407.221680][T18740] syz.9.3416: attempt to access beyond end of device
[  407.221680][T18740] loop9: rw=2049, sector=45152, nr_sectors = 16 limit=40427
[  407.241515][T18740] syz.9.3416: attempt to access beyond end of device
[  407.241515][T18740] loop9: rw=2049, sector=45168, nr_sectors = 16 limit=40427
[  407.257681][T18740] syz.9.3416: attempt to access beyond end of device
[  407.257681][T18740] loop9: rw=2049, sector=45184, nr_sectors = 16 limit=40427
[  407.276520][T18740] syz.9.3416: attempt to access beyond end of device
[  407.276520][T18740] loop9: rw=2049, sector=45200, nr_sectors = 16 limit=40427
[  407.288375][T18740] syz.9.3416: attempt to access beyond end of device
[  407.288375][T18740] loop9: rw=2049, sector=45216, nr_sectors = 8 limit=40427
[  407.320435][   T40] kworker/u10:2: attempt to access beyond end of device
[  407.320435][   T40] loop9: rw=2049, sector=45224, nr_sectors = 8 limit=40427
[  407.327073][   T40] CPU: 1 UID: 0 PID: 40 Comm: kworker/u10:2 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  407.327093][   T40] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  407.327100][   T40] Workqueue: writeback wb_workfn (flush-7:9)
[  407.327121][   T40] Call Trace:
[  407.327127][   T40]  <TASK>
[  407.327133][   T40]  dump_stack_lvl+0x189/0x250
[  407.327153][   T40]  ? __pfx_dump_stack_lvl+0x10/0x10
[  407.327168][   T40]  ? __pfx_queue_work_on+0x10/0x10
[  407.327179][   T40]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  407.327195][   T40]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  407.327220][   T40]  f2fs_handle_critical_error+0x37c/0x540
[  407.327244][   T40]  f2fs_write_end_io+0x886/0xb60
[  407.327272][   T40]  __submit_merged_bio+0x27a/0x6a0
[  407.327295][   T40]  __submit_merged_write_cond+0x255/0x530
[  407.327319][   T40]  f2fs_write_data_pages+0x261d/0x3000
[  407.327367][   T40]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  407.327398][   T40]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  407.327440][   T40]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  407.327469][   T40]  ? trace_f2fs_writepages+0x7f/0x200
[  407.327486][   T40]  ? f2fs_write_node_pages+0x478/0x6e0
[  407.327507][   T40]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  407.327563][   T40]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  407.327584][   T40]  do_writepages+0x32e/0x550
[  407.327605][   T40]  ? reacquire_held_locks+0x127/0x1d0
[  407.327617][   T40]  ? writeback_sb_inodes+0x384/0x1010
[  407.327641][   T40]  __writeback_single_inode+0x145/0xff0
[  407.327657][   T40]  ? do_raw_spin_unlock+0x4d/0x240
[  407.327676][   T40]  writeback_sb_inodes+0x6c7/0x1010
[  407.327717][   T40]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  407.327770][   T40]  ? rcu_is_watching+0x15/0xb0
[  407.327792][   T40]  wb_writeback+0x43b/0xaf0
[  407.327835][   T40]  ? queue_io+0x3c1/0x590
[  407.327856][   T40]  ? __pfx_wb_writeback+0x10/0x10
[  407.327880][   T40]  ? _raw_spin_unlock_irq+0x23/0x50
[  407.327899][   T40]  wb_workfn+0x409/0xef0
[  407.327928][   T40]  ? __pfx_wb_workfn+0x10/0x10
[  407.327946][   T40]  ? __lock_acquire+0xab9/0xd20
[  407.327973][   T40]  ? process_scheduled_works+0x9ef/0x17b0
[  407.327992][   T40]  ? _raw_spin_unlock_irq+0x23/0x50
[  407.328011][   T40]  ? process_scheduled_works+0x9ef/0x17b0
[  407.328023][   T40]  ? process_scheduled_works+0x9ef/0x17b0
[  407.328037][   T40]  process_scheduled_works+0xae1/0x17b0
[  407.328077][   T40]  ? __pfx_process_scheduled_works+0x10/0x10
[  407.328107][   T40]  worker_thread+0x8a0/0xda0
[  407.328122][   T40]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  407.328144][   T40]  ? __kthread_parkme+0x7b/0x200
[  407.328167][   T40]  kthread+0x711/0x8a0
[  407.328186][   T40]  ? __pfx_worker_thread+0x10/0x10
[  407.328198][   T40]  ? __pfx_kthread+0x10/0x10
[  407.328215][   T40]  ? _raw_spin_unlock_irq+0x23/0x50
[  407.328229][   T40]  ? lockdep_hardirqs_on+0x9c/0x150
[  407.328244][   T40]  ? __pfx_kthread+0x10/0x10
[  407.328261][   T40]  ret_from_fork+0x3fc/0x770
[  407.328278][   T40]  ? __pfx_ret_from_fork+0x10/0x10
[  407.328297][   T40]  ? __switch_to_asm+0x39/0x70
[  407.328311][   T40]  ? __switch_to_asm+0x33/0x70
[  407.328325][   T40]  ? __pfx_kthread+0x10/0x10
[  407.328342][   T40]  ret_from_fork_asm+0x1a/0x30
[  407.328372][   T40]  </TASK>
[  407.335366][   T40] F2FS-fs (loop9): Stopped filesystem due to reason: 3
[  407.395600][T18745] loop2: detected capacity change from 0 to 32768
[  407.470570][T18745] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.3417 (18745)
[  407.480799][T18745] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  407.484590][T18745] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[  407.488058][T18745] BTRFS info (device loop2): using free-space-tree
[  407.531377][T13618] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  407.727006][T18762] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3418'.
[  407.729046][T18766] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3420'.
[  407.803263][T18771] loop1: detected capacity change from 0 to 16
[  407.887262][T18771] erofs (device loop1): mounted with root inode @ nid 36.
[  408.639925][T18785] netlink: 676 bytes leftover after parsing attributes in process `syz.2.3427'.
[  408.644326][T18785] netlink: 676 bytes leftover after parsing attributes in process `syz.2.3427'.
[  408.786830][T18791] bridge1: entered promiscuous mode
[  409.208908][ T7281] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  409.392083][ T7281] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  409.396208][ T7281] usb 3-1: New USB device found, idVendor=0458, idProduct=5012, bcdDevice= 0.00
[  409.400196][ T7281] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  409.412011][ T7281] usb 3-1: config 0 descriptor??
[  409.689341][T18810] loop1: detected capacity change from 0 to 1024
[  409.692754][T18810] EXT4-fs: Ignoring removed orlov option
[  409.748448][T18810] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  409.771263][   T33] audit: type=1800 audit(2000000332.408:134): pid=18810 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.3438" name="file1" dev="loop1" ino=15 res=0 errno=0
[  409.885275][T13246] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  409.897420][ T7281] kye 0003:0458:5012.0019: tablet report size too small, or kye_tablet_rdesc unexpectedly large
[  409.948917][ T7281] kye 0003:0458:5012.0019: hidraw0: USB HID v0.00 Device [HID 0458:5012] on usb-dummy_hcd.2-1/input0
[  409.954489][ T7281] kye 0003:0458:5012.0019: tablet-enabling feature report not found
[  409.959099][ T7281] kye 0003:0458:5012.0019: tablet enabling failed
[  410.005037][T18815] netlink: 'syz.1.3439': attribute type 2 has an invalid length.
[  410.008305][T18815] netlink: 'syz.1.3439': attribute type 8 has an invalid length.
[  410.011747][T18815] netlink: 132 bytes leftover after parsing attributes in process `syz.1.3439'.
[  410.115809][ T5904] usb 3-1: USB disconnect, device number 13
[  410.344526][T18825] loop9: detected capacity change from 0 to 256
[  410.358940][T18825] FAT-fs (loop9): Directory bread(block 1285) failed
[  410.367368][T18825] FAT-fs (loop9): FAT read failed (blocknr 1281)
[  410.414191][T18827] netlink: 8 bytes leftover after parsing attributes in process `syz.9.3445'.
[  410.420206][T18827] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3445'.
[  410.552224][T18821] loop1: detected capacity change from 0 to 40427
[  410.588888][T18821] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  410.593124][T18821] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  410.654710][T13246] CPU: 0 UID: 0 PID: 13246 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  410.654732][T13246] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  410.654739][T13246] Call Trace:
[  410.654744][T13246]  <TASK>
[  410.654750][T13246]  dump_stack_lvl+0x189/0x250
[  410.654771][T13246]  ? __pfx_dump_stack_lvl+0x10/0x10
[  410.654784][T13246]  ? __pfx_queue_work_on+0x10/0x10
[  410.654795][T13246]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  410.654809][T13246]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  410.654830][T13246]  f2fs_handle_critical_error+0x37c/0x540
[  410.654851][T13246]  f2fs_write_end_io+0x886/0xb60
[  410.654874][T13246]  __submit_merged_bio+0x27a/0x6a0
[  410.654892][T13246]  __submit_merged_write_cond+0x255/0x530
[  410.654911][T13246]  f2fs_write_data_pages+0x261d/0x3000
[  410.654950][T13246]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  410.655010][T13246]  ? folios_put_refs+0x559/0x640
[  410.655031][T13246]  ? __pfx_folios_put_refs+0x10/0x10
[  410.655043][T13246]  ? rcu_is_watching+0x15/0xb0
[  410.655061][T13246]  ? __lock_acquire+0xab9/0xd20
[  410.655087][T13246]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  410.655104][T13246]  do_writepages+0x32e/0x550
[  410.655125][T13246]  ? do_raw_spin_unlock+0x4d/0x240
[  410.655143][T13246]  filemap_fdatawrite+0x199/0x240
[  410.655159][T13246]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  410.655204][T13246]  ? do_raw_spin_unlock+0x4d/0x240
[  410.655219][T13246]  f2fs_sync_dirty_inodes+0x31f/0x830
[  410.655239][T13246]  f2fs_write_checkpoint+0x95a/0x1df0
[  410.655266][T13246]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  410.655309][T13246]  ? kill_f2fs_super+0x298/0x6c0
[  410.655324][T13246]  kill_f2fs_super+0x2c3/0x6c0
[  410.655339][T13246]  ? __pfx_kill_f2fs_super+0x10/0x10
[  410.655348][T13246]  ? radix_tree_delete_item+0x2b6/0x400
[  410.655368][T13246]  ? shrinker_free+0x2ce/0x3e0
[  410.655382][T13246]  deactivate_locked_super+0xbc/0x130
[  410.655398][T13246]  cleanup_mnt+0x425/0x4c0
[  410.655411][T13246]  ? lockdep_hardirqs_on+0x9c/0x150
[  410.655428][T13246]  task_work_run+0x1d4/0x260
[  410.655446][T13246]  ? __pfx_task_work_run+0x10/0x10
[  410.655459][T13246]  ? __x64_sys_umount+0x122/0x160
[  410.655478][T13246]  ? exit_to_user_mode_loop+0x40/0x110
[  410.655527][T13246]  exit_to_user_mode_loop+0xec/0x110
[  410.655545][T13246]  do_syscall_64+0x2bd/0x3b0
[  410.655560][T13246]  ? lockdep_hardirqs_on+0x9c/0x150
[  410.655572][T13246]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  410.655583][T13246]  ? exc_page_fault+0x9f/0xf0
[  410.655598][T13246]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  410.655607][T13246] RIP: 0033:0x7f3adeb8ff17
[  410.655619][T13246] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  410.655628][T13246] RSP: 002b:00007fffb9b16558 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  410.655640][T13246] RAX: 0000000000000000 RBX: 00007f3adec11c05 RCX: 00007f3adeb8ff17
[  410.655648][T13246] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffb9b16610
[  410.655655][T13246] RBP: 00007fffb9b16610 R08: 0000000000000000 R09: 0000000000000000
[  410.655662][T13246] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffb9b176a0
[  410.655669][T13246] R13: 00007f3adec11c05 R14: 0000000000061fbf R15: 00007fffb9b176e0
[  410.655689][T13246]  </TASK>
[  410.655695][T13246] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  410.797404][T14390] Bluetooth: hci1: failed to read key size for handle 201
[  410.806454][T14390] Bluetooth: hci1: unexpected event for opcode 0x1408
[  411.016321][T18856] loop9: detected capacity change from 0 to 32768
[  411.019379][T18856] bcachefs (/dev/loop9): error reading default superblock: checksum error, type none: got  should be 
[  411.023519][T18856] bcachefs (/dev/loop9): error validating superblock: Invalid superblock section replicas_v0: invalid device 254 in entry user: 1/1 [254]
[  411.023519][T18856] replicas_v0 (size 24):
[  411.023519][T18856] btree: 1 [0] journal: 1 [0] user: 1 [254] (unknown data_type 255): 255 [255 255 255 255 255 108 1 0 0 6 0 0 0 0 0 0 0 0 0 0 0 10 0 0 0 0 0 0 0 1 0 1 249 0 0 0 0 8 0 0 0 0 0 0 0 1 0 2 0 5 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 5 0 0 0 0 0 0 0 179 0 0 0 1 0 0 1 5 0 0 0 0 0 0 0 0 0 0 0 1 0 0 2 5 0 0 0 0 0 0 0 0 0 0 0 1 0 0 3 5 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 6 0 0 0 0 11 0 0 0 0 0 0 3 1 1 0 0 0 0 0 2 0 0 0 6 0 0 0 0 0 0 0 0 0 0 0 2 1 1 0 0 0 0 0 2 0 0 0 6 0 0 0 16 0 0 0 0 0 0 0 4 1 1 0 0 0 0 0 33 0 0 0 8 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 83 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 25 0]
[  411.023519][T18856] 
[  411.051311][T18856] bcachefs: bch2_fs_get_tree() error: invalid_replicas_entry
[  411.352589][T18878] loop9: detected capacity change from 0 to 2048
[  411.361361][T18878] NILFS (loop9): broken superblock, retrying with spare superblock (blocksize = 1024)
[  411.378363][T18879] NILFS (loop9): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  411.955008][ T5889] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  412.115465][ T5889] usb 3-1: Using ep0 maxpacket: 32
[  412.122389][ T5889] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 512, setting to 64
[  412.132058][ T5889] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid maxpacket 1024, setting to 64
[  412.144812][ T5889] usb 3-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=58.16
[  412.151689][ T5889] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  412.158172][ T5889] usb 3-1: Product: syz
[  412.159996][ T5889] usb 3-1: Manufacturer: syz
[  412.161983][ T5889] usb 3-1: SerialNumber: syz
[  412.177858][ T5889] usb 3-1: config 0 descriptor??
[  412.189979][ T5889] usb 3-1: Warning: ath10k USB support is incomplete, don't expect anything to work!
[  412.422401][ T7281] usb 3-1: USB disconnect, device number 14
[  412.425413][   T12] usb 3-1: Failed to submit usb control message: -71
[  412.431726][   T12] usb 3-1: unable to send the bmi data to the device: -71
[  412.434619][   T12] usb 3-1: unable to get target info from device
[  412.440064][   T12] usb 3-1: could not get target info (-71)
[  412.442460][   T12] usb 3-1: could not probe fw (-71)
[  412.515076][T18894] loop9: detected capacity change from 0 to 256
[  412.518776][T18894] exfat: Deprecated parameter 'utf8'
[  412.528614][T18894] exFAT-fs (loop9): failed to load upcase table (idx : 0x00010000, chksum : 0xd9b3646f, utbl_chksum : 0xe619d30d)
[  412.547094][T18896] loop1: detected capacity change from 0 to 1024
[  412.549839][T18896] EXT4-fs: inline encryption not supported
[  412.573878][T18896] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  412.606044][T13246] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  412.762865][T18909] team0: Device gtp0 is of different type
[  412.868524][   T33] audit: type=1326 audit(2000000335.308:135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18910 comm="syz.9.3477" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff9bdd8ebe9 code=0x0
[  413.313786][T18919] loop2: detected capacity change from 0 to 32768
[  413.316775][T18919] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.3480 (18919)
[  413.322425][T18919] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  413.326263][T18919] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm
[  413.329007][T18919] BTRFS info (device loop2): disk space caching is enabled
[  413.331375][T18919] BTRFS warning (device loop2): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  413.353844][T18919] BTRFS info (device loop2): rebuilding free space tree
[  413.363804][T18919] BTRFS info (device loop2): disabling free space tree
[  413.367446][T18919] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  413.370928][T18919] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  413.390643][   T33] audit: type=1800 audit(2000000335.795:136): pid=18919 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3480" name="file1" dev="loop2" ino=260 res=0 errno=0
[  413.434929][T13618] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  413.666108][T18944] loop1: detected capacity change from 0 to 256
[  414.464267][ T7281] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  414.672209][ T7281] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  414.676156][ T7281] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  414.679646][ T7281] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  414.684157][ T7281] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  414.687704][ T7281] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  414.693138][ T7281] usb 3-1: config 0 descriptor??
[  415.098261][  T795] usb 10-1: new high-speed USB device number 36 using dummy_hcd
[  415.133901][ T7281] plantronics 0003:047F:FFFF.001A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  415.162489][T14390] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[  415.168982][T14390] Bluetooth: hci1: Injecting HCI hardware error event
[  415.259943][  T795] usb 10-1: config 0 has an invalid interface number: 1 but max is 0
[  415.263208][  T795] usb 10-1: config 0 has no interface number 0
[  415.265657][  T795] usb 10-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  415.270043][  T795] usb 10-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  415.274040][  T795] usb 10-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.18
[  415.277561][  T795] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  415.282588][  T795] usb 10-1: config 0 descriptor??
[  415.732606][  T795] input: HID 04d9:a055 as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.1/0003:04D9:A055.001B/input/input26
[  415.809132][  T795] holtek_kbd 0003:04D9:A055.001B: input,hidraw1: USB HID v0.00 Keyboard [HID 04d9:a055] on usb-dummy_hcd.9-1/input1
[  415.956356][  T795] usb 10-1: USB disconnect, device number 36
[  416.579362][T18960] netlink: 16 bytes leftover after parsing attributes in process `syz.9.3491'.
[  416.621942][T18962] netlink: 'syz.9.3492': attribute type 10 has an invalid length.
[  416.643568][T18962] veth0_vlan: left promiscuous mode
[  416.651208][T18962] veth0_vlan: entered promiscuous mode
[  416.657250][T18962] team0: Device veth0_vlan failed to register rx_handler
[  416.744238][T18966] netlink: 168 bytes leftover after parsing attributes in process `syz.9.3494'.
[  417.012354][T18977] nvme_fabrics: missing parameter 'transport=%s'
[  417.015027][T18977] nvme_fabrics: missing parameter 'nqn=%s'
[  417.359479][T18992] vimc link validate: Scaler:src:660x2160 (0x33424752, 0, 0, 0, 0) RGB/YUV Capture:snk:4096x16 (0x38414261, 2, 0, 0, 0)
[  417.584031][ T5889] usb 3-1: USB disconnect, device number 15
[  417.743170][T18991] loop2: detected capacity change from 0 to 32768
[  417.905587][T19000] loop2: detected capacity change from 0 to 1024
[  417.915974][T19000] hfsplus: Filesystem is marked locked, mounting read-only.
[  417.927780][T19000] hfsplus: filesystem is marked locked, leaving read-only.
[  418.034154][T19005] loop2: detected capacity change from 0 to 256
[  418.048511][T19005] exFAT-fs (loop2): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  418.067205][T19005] exFAT-fs (loop2): error, data size is invalid(10)
[  418.258479][T19018] loop2: detected capacity change from 0 to 1024
[  418.668879][ T5889] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  418.818506][  T795] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  418.829598][ T5889] usb 2-1: Using ep0 maxpacket: 8
[  418.838200][ T5889] usb 2-1: config 179 has an invalid interface number: 65 but max is 0
[  418.842621][ T5889] usb 2-1: config 179 has no interface number 0
[  418.845327][ T5889] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[  418.850219][ T5889] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  418.856097][ T5889] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9
[  418.861264][ T5889] usb 2-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024
[  418.866844][ T5889] usb 2-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  418.874167][ T5889] usb 2-1: config 179 interface 65 has no altsetting 0
[  418.877038][ T5889] usb 2-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  418.880779][ T5889] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  418.901810][ T5889] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:179.65/input/input27
[  418.947544][ T5279] input input27: unable to receive magic message: -110
[  418.955525][ T5279] input input27: unable to receive magic message: -32
[  418.962816][ T5279] input input27: unable to receive magic message: -32
[  418.976963][ T5279] input input27: unable to receive magic message: -32
[  419.000183][  T795] usb 3-1: Using ep0 maxpacket: 8
[  419.007352][  T795] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea
[  419.010453][  T795] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  419.014695][  T795] usb 3-1: Product: syz
[  419.016568][  T795] usb 3-1: Manufacturer: syz
[  419.018140][  T795] usb 3-1: SerialNumber: syz
[  419.023017][  T795] usb 3-1: config 0 descriptor??
[  419.027006][  T795] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state.
[  419.029976][  T795] usb 3-1: setting power ON
[  419.031925][  T795] dvb-usb: bulk message failed: -22 (2/0)
[  419.039279][  T795] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  419.045587][  T795] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID))
[  419.049128][  T795] usb 3-1: media controller created
[  419.060116][  T795] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  419.071316][  T795] usb 3-1: selecting invalid altsetting 6
[  419.073192][  T795] usb 3-1: digital interface selection failed (-22)
[  419.076169][  T795] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)'
[  419.079669][  T795] usb 3-1: setting power OFF
[  419.081259][  T795] dvb-usb: bulk message failed: -22 (2/0)
[  419.084309][  T795] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected.
[  419.087860][  T795] (NULL device *): no alternate interface
[  419.101490][  T795] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected.
[  419.248856][  T795] usb 3-1: USB disconnect, device number 16
[  419.256842][   T47] usb 10-1: new high-speed USB device number 37 using dummy_hcd
[  419.329758][ T5903] usb 2-1: USB disconnect, device number 11
[  419.329850][    C0] xpad 2-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  419.438619][   T47] usb 10-1: Using ep0 maxpacket: 32
[  419.443131][   T47] usb 10-1: config 0 has an invalid interface number: 132 but max is 0
[  419.446680][   T47] usb 10-1: config 0 has no interface number 0
[  419.449629][   T47] usb 10-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  419.456486][   T47] usb 10-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  419.460503][   T47] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  419.463853][   T47] usb 10-1: Product: syz
[  419.465649][   T47] usb 10-1: Manufacturer: syz
[  419.467574][   T47] usb 10-1: SerialNumber: syz
[  419.473605][   T47] usb 10-1: config 0 descriptor??
[  419.479375][   T47] em28xx 10-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  419.484673][   T47] em28xx 10-1:0.132: Video interface 132 found:
[  419.830839][T19043] loop2: detected capacity change from 0 to 1024
[  419.851124][T19043] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  419.910765][   T47] em28xx 10-1:0.132: unknown em28xx chip ID (0)
[  419.937017][T13618] EXT4-fs error (device loop2): ext4_lookup:1791: inode #2: comm syz-executor: deleted inode referenced: 11
[  419.944189][T13618] EXT4-fs error (device loop2): ext4_lookup:1791: inode #2: comm syz-executor: deleted inode referenced: 11
[  419.988447][T18083] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  420.139187][   T47] em28xx 10-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[  420.147190][   T47] em28xx 10-1:0.132: board has no eeprom
[  420.209049][   T47] em28xx 10-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  420.219013][   T47] em28xx 10-1:0.132: analog set to bulk mode.
[  420.221969][  T795] em28xx 10-1:0.132: Registering V4L2 extension
[  420.239591][   T47] usb 10-1: USB disconnect, device number 37
[  420.243896][   T47] em28xx 10-1:0.132: Disconnecting em28xx
[  420.309269][  T795] em28xx 10-1:0.132: Config register raw data: 0xffffffed
[  420.313135][  T795] em28xx 10-1:0.132: AC97 chip type couldn't be determined
[  420.317862][  T795] em28xx 10-1:0.132: No AC97 audio processor
[  420.328989][  T795] usb 10-1: Decoder not found
[  420.330959][  T795] em28xx 10-1:0.132: failed to create media graph
[  420.333682][  T795] em28xx 10-1:0.132: V4L2 device video103 deregistered
[  420.342724][  T795] em28xx 10-1:0.132: Remote control support is not available for this card.
[  420.346781][   T47] em28xx 10-1:0.132: Closing input extension
[  420.359765][T19053] loop1: detected capacity change from 0 to 32768
[  420.363489][T19053] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.3533 (19053)
[  420.367758][   T47] em28xx 10-1:0.132: Freeing device
[  420.372725][T19053] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  420.376237][T19053] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm
[  420.379712][T19053] BTRFS info (device loop1): using free-space-tree
[  420.419511][T13246] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  420.589675][T19073] loop1: detected capacity change from 0 to 128
[  420.597402][T19073] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  420.602660][T19073] ext4 filesystem being mounted at /244/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  420.613601][T19073] EXT4-fs error (device loop1): ext4_validate_inode_bitmap:105: comm syz.1.3534: Corrupt inode bitmap - block_group = 0, inode_bitmap = 19
[  420.638188][T13246] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  420.858188][T19076] loop1: detected capacity change from 0 to 40427
[  420.862509][T19076] F2FS-fs (loop1): build fault injection rate: 771
[  420.866282][T19076] F2FS-fs (loop1): invalid crc value
[  420.900757][T19076] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  420.911481][T19076] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  422.426489][T19094] loop1: detected capacity change from 0 to 4096
[  422.435902][T19094] ntfs3(loop1): Different NTFS sector size (4096) and media sector size (512).
[  422.457644][T19094] ntfs3(loop1): ino=19, mi_enum_attr
[  422.460008][T19094] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  422.465439][T19094] ntfs3(loop1): Failed to initialize $Extend/$Reparse.
[  422.775592][T19098] loop1: detected capacity change from 0 to 32768
[  422.787001][T19098] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  422.801447][T19098] XFS (loop1): Ending clean mount
[  422.808573][T19098] XFS (loop1): Quotacheck needed: Please wait.
[  422.853934][T19098] XFS (loop1): Quotacheck: Done.
[  422.906539][T13246] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  422.928932][T19108] netlink: 4 bytes leftover after parsing attributes in process `syz.9.3544'.
[  423.122865][T19115] loop1: detected capacity change from 0 to 8
[  423.123151][T19113] loop9: detected capacity change from 0 to 2048
[  423.132903][T19113] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  423.447483][ T5917] usb 10-1: new high-speed USB device number 38 using dummy_hcd
[  423.610288][ T5917] usb 10-1: unable to get BOS descriptor or descriptor too short
[  423.614418][ T5917] usb 10-1: config 4 has an invalid interface number: 4 but max is 0
[  423.617727][ T5917] usb 10-1: config 4 has no interface number 0
[  423.620421][ T5917] usb 10-1: config 4 interface 4 has no altsetting 0
[  423.624913][ T5917] usb 10-1: New USB device found, idVendor=0f3d, idProduct=68a3, bcdDevice=53.4f
[  423.628306][ T5917] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  423.631879][ T5917] usb 10-1: Product: syz
[  423.633295][ T5917] usb 10-1: Manufacturer: syz
[  423.635106][ T5917] usb 10-1: SerialNumber: syz
[  423.661468][ T5311] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  423.821685][ T5311] usb 2-1: Using ep0 maxpacket: 8
[  423.825537][ T5311] usb 2-1: config 0 interface 0 altsetting 3 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  423.829869][ T5311] usb 2-1: config 0 interface 0 has no altsetting 0
[  423.832397][ T5311] usb 2-1: New USB device found, idVendor=05ac, idProduct=0230, bcdDevice= 0.00
[  423.835558][ T5311] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  423.842833][ T5311] usb 2-1: config 0 descriptor??
[  423.849459][ T5311] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input28
[  423.860634][ T5917] sierra 10-1:4.4: Sierra USB modem converter detected
[  423.867616][ T5917] usb 10-1: Sierra USB modem converter now attached to ttyUSB0
[  423.872573][ T5917] usb 10-1: USB disconnect, device number 38
[  423.878046][ T5917] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0
[  423.881862][ T5917] sierra 10-1:4.4: device disconnected
[  424.070063][ T5279] bcm5974 2-1:0.0: could not read from device
[  424.074567][ T5279] bcm5974 2-1:0.0: could not read from device
[  424.080105][ T5311] usb 2-1: USB disconnect, device number 12
[  424.088520][ T5279] bcm5974 2-1:0.0: could not read from device
[  424.938566][ T5235] Bluetooth: hci3: sending frame failed (-49)
[  424.944187][T14390] Bluetooth: hci3: Opcode 0x1003 failed: -49
[  425.707669][T19150] netlink: 'syz.9.3562': attribute type 64 has an invalid length.
[  425.710547][T19150] netlink: 'syz.9.3562': attribute type 4 has an invalid length.
[  425.713464][T19150] netlink: 152 bytes leftover after parsing attributes in process `syz.9.3562'.
[  425.735083][T19152] openvswitch: netlink: ERSPAN option length err (len 256, max 255).
[  425.797684][T19158] loop1: detected capacity change from 0 to 1024
[  425.826398][  T154] hfsplus: b-tree write err: -5, ino 4
[  425.851849][T19160] loop1: detected capacity change from 0 to 1024
[  425.878283][T13246] hfsplus: bad catalog entry type
[  425.973035][T19156] loop9: detected capacity change from 0 to 40427
[  425.976484][T19156] F2FS-fs (loop9): build fault injection rate: 690
[  425.979617][T19156] F2FS-fs (loop9): invalid crc value
[  426.008199][T19156] F2FS-fs (loop9): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  426.012176][T19156] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5
[  426.093634][  T154] hfsplus: b-tree write err: -5, ino 4
[  426.206017][ T9500] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  426.332078][ T9500] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  426.449931][ T9500] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  426.512516][T14390] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  426.519796][T19174] netlink: 8 bytes leftover after parsing attributes in process `syz.9.3575'.
[  426.523367][T14390] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  426.538530][T14390] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  426.541216][ T9500] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  426.551667][T14390] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  426.555404][T14390] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  426.575627][T19175] C speed is unknown, defaulting to 1000
[  426.582090][T19178] netlink: 'syz.9.3576': attribute type 2 has an invalid length.
[  426.740393][ T9500] bridge_slave_1: left allmulticast mode
[  426.743093][ T9500] bridge_slave_1: left promiscuous mode
[  426.745065][ T9500] bridge0: port 2(bridge_slave_1) entered disabled state
[  426.754510][ T9500] bridge_slave_0: left allmulticast mode
[  426.756676][ T9500] bridge_slave_0: left promiscuous mode
[  426.758977][ T9500] bridge0: port 1(bridge_slave_0) entered disabled state
[  426.760016][T19181] loop9: detected capacity change from 0 to 32768
[  426.765472][T19181] XFS: ikeep mount option is deprecated.
[  426.771079][T19181] XFS (loop9): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  426.793183][T19181] XFS (loop9): Ending clean mount
[  426.799884][T19181] XFS (loop9): Quotacheck needed: Please wait.
[  426.865377][T19181] XFS (loop9): Quotacheck: Done.
[  426.883798][   T33] audit: type=1800 audit(2000000348.404:137): pid=19181 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.3577" name="file1" dev="loop9" ino=9286 res=0 errno=0
[  426.935546][T10402] XFS (loop9): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  427.420413][ T9500] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  427.426561][ T9500] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  427.431569][ T9500] bond0 (unregistering): Released all slaves
[  427.461050][T19175] chnl_net:caif_netlink_parms(): no params data found
[  427.634213][ T9500] tipc: Left network mode
[  427.750841][T19175] bridge0: port 1(bridge_slave_0) entered blocking state
[  427.753687][T19175] bridge0: port 1(bridge_slave_0) entered disabled state
[  427.758408][T19175] bridge_slave_0: entered allmulticast mode
[  427.761115][T19175] bridge_slave_0: entered promiscuous mode
[  427.764325][T19175] bridge0: port 2(bridge_slave_1) entered blocking state
[  427.769651][T19175] bridge0: port 2(bridge_slave_1) entered disabled state
[  427.772224][T19175] bridge_slave_1: entered allmulticast mode
[  427.774948][T19175] bridge_slave_1: entered promiscuous mode
[  427.830354][T19175] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  427.838240][T19175] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  427.856918][T19175] team0: Port device team_slave_0 added
[  427.860257][T19175] team0: Port device team_slave_1 added
[  427.889914][ T9500] hsr_slave_0: left promiscuous mode
[  427.892148][ T9500] hsr_slave_1: left promiscuous mode
[  427.894269][ T9500] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  427.898870][ T9500] batman_adv: batadv0: Removing interface: batadv_slave_0
[  427.901753][ T9500] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  427.904297][ T9500] batman_adv: batadv0: Removing interface: batadv_slave_1
[  427.921834][ T9500] veth1_macvtap: left promiscuous mode
[  427.923820][ T9500] veth0_macvtap: left promiscuous mode
[  427.925673][ T9500] veth1_vlan: left promiscuous mode
[  427.929598][ T9500] veth0_vlan: left promiscuous mode
[  428.380016][ T9500] team0 (unregistering): Port device team_slave_1 removed
[  428.392729][T19205] loop9: detected capacity change from 0 to 262144
[  428.395845][T19205] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop9 (7:9) scanned by syz.9.3584 (19205)
[  428.406246][T19205] BTRFS info (device loop9): first mount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  428.410192][T19205] BTRFS info (device loop9): using xxhash64 (xxhash64-generic) checksum algorithm
[  428.413707][T19205] BTRFS info (device loop9): using free-space-tree
[  428.430730][ T9500] team0 (unregistering): Port device team_slave_0 removed
[  428.698990][T19205] BTRFS info (device loop9): balance: start -d -m -s
[  428.737881][T19205] BTRFS info (device loop9): relocating block group 30408704 flags metadata|dup
[  428.762482][T14390] Bluetooth: hci0: command tx timeout
[  428.849139][T19205] BTRFS info (device loop9): found 3 extents, stage: move data extents
[  428.890479][T19205] BTRFS info (device loop9): relocating block group 22020096 flags system|dup
[  428.927053][T19205] BTRFS info (device loop9): balance: canceled
[  428.974838][T10402] BTRFS info (device loop9): last unmount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  429.058926][T19175] batman_adv: batadv0: Adding interface: batadv_slave_0
[  429.061892][T19175] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  429.091815][T19175] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  429.110655][T19175] batman_adv: batadv0: Adding interface: batadv_slave_1
[  429.119589][T19175] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  429.145646][T19175] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  429.213696][T19175] hsr_slave_0: entered promiscuous mode
[  429.216521][T19175] hsr_slave_1: entered promiscuous mode
[  429.219067][T19175] debugfs: 'hsr0' already exists in 'hsr'
[  429.224206][T19175] Cannot create hsr debugfs directory
[  429.692126][T19175] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  429.698358][T19175] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  429.705779][T19175] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  429.711729][T19175] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  429.760734][T19175] 8021q: adding VLAN 0 to HW filter on device bond0
[  429.773880][T19175] 8021q: adding VLAN 0 to HW filter on device team0
[  429.780892][  T154] bridge0: port 1(bridge_slave_0) entered blocking state
[  429.783318][  T154] bridge0: port 1(bridge_slave_0) entered forwarding state
[  429.793983][  T154] bridge0: port 2(bridge_slave_1) entered blocking state
[  429.796744][  T154] bridge0: port 2(bridge_slave_1) entered forwarding state
[  429.851834][ T5889] usb 10-1: new high-speed USB device number 39 using dummy_hcd
[  429.906456][T19175] 8021q: adding VLAN 0 to HW filter on device batadv0
[  429.933494][T19175] veth0_vlan: entered promiscuous mode
[  429.939688][T19175] veth1_vlan: entered promiscuous mode
[  429.956130][T19175] veth0_macvtap: entered promiscuous mode
[  429.962882][T19175] veth1_macvtap: entered promiscuous mode
[  429.974473][T19175] batman_adv: batadv0: Interface activated: batadv_slave_0
[  429.984153][T19175] batman_adv: batadv0: Interface activated: batadv_slave_1
[  429.991246][ T9500] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  429.996100][ T9500] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  429.999627][ T9500] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  430.005757][ T5866] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  430.011545][ T5889] usb 10-1: Using ep0 maxpacket: 32
[  430.021586][ T5889] usb 10-1: config 186 has an invalid interface number: 85 but max is 0
[  430.027155][ T5889] usb 10-1: config 186 has no interface number 0
[  430.029332][ T5889] usb 10-1: config 186 interface 85 has no altsetting 0
[  430.060031][ T5889] usb 10-1: New USB device found, idVendor=04b4, idProduct=931d, bcdDevice=bb.43
[  430.063605][ T5889] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  430.075812][ T5889] usb 10-1: Product: syz
[  430.077548][ T5889] usb 10-1: Manufacturer: syz
[  430.079405][ T5889] usb 10-1: SerialNumber: syz
[  430.096595][   T32] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  430.099816][   T32] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  430.128158][  T154] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  430.132767][  T154] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  430.315573][ T5889] usb 10-1: can't set first interface for hiFace device.
[  430.318594][ T5889] snd-usb-hiface 10-1:186.85: probe with driver snd-usb-hiface failed with error -5
[  430.326305][ T5889] usb 10-1: USB disconnect, device number 39
[  430.479854][T19247] loop3: detected capacity change from 0 to 32768
[  430.485721][T19247] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.3589 (19247)
[  430.491465][T19247] BTRFS info (device loop3): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  430.495716][T19247] BTRFS info (device loop3): using sha256 (sha256-lib) checksum algorithm
[  430.519965][T19247] BTRFS info (device loop3): rebuilding free space tree
[  430.539944][T19247] BTRFS info (device loop3): disabling free space tree
[  430.543808][T19247] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  430.548735][T19247] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  430.590939][T19247] BTRFS info (device loop3): balance: start -d -m
[  430.598542][T19247] BTRFS info (device loop3): relocating block group 6881280 flags data|metadata
[  430.622008][T19247] BTRFS info (device loop3): relocating block group 5242880 flags data|metadata
[  430.720389][T19247] BTRFS info (device loop3): found 10 extents, stage: move data extents
[  430.749645][T19247] BTRFS info (device loop3): found 2 extents, stage: update data pointers
[  430.776331][T19247] BTRFS info (device loop3): balance: ended with status: 0
[  430.833462][T19175] BTRFS info (device loop3): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  430.985838][T14390] Bluetooth: hci0: command tx timeout
[  431.273202][ T7281] usb 10-1: new high-speed USB device number 40 using dummy_hcd
[  431.358567][  T795] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  431.456809][ T7281] usb 10-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  431.461514][ T7281] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  431.466320][ T7281] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  431.470412][ T7281] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  431.477170][ T7281] usb 10-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  431.480999][ T7281] usb 10-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  431.484362][ T7281] usb 10-1: Manufacturer: syz
[  431.488409][ T7281] usb 10-1: config 0 descriptor??
[  431.519423][  T795] usb 4-1: Using ep0 maxpacket: 32
[  431.526266][  T795] usb 4-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  431.531659][  T795] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  431.535171][  T795] usb 4-1: Product: syz
[  431.537070][  T795] usb 4-1: Manufacturer: syz
[  431.539158][  T795] usb 4-1: SerialNumber: syz
[  431.545173][  T795] usb 4-1: config 0 descriptor??
[  431.555938][  T795] gspca_main: stk1135-2.14.0 probing 174f:6a31
[  431.935602][ T7281] appleir 0003:05AC:8243.001C: unknown main item tag 0x0
[  431.941816][ T7281] appleir 0003:05AC:8243.001C: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.9-1/input0
[  432.215536][ T5889] usb 10-1: USB disconnect, device number 40
[  432.408760][  T795] gspca_stk1135: reg_w 0x5 err -71
[  432.412042][  T795] gspca_stk1135: serial bus timeout: status=0x00
[  432.414581][  T795] gspca_stk1135: Sensor write failed
[  432.416942][  T795] gspca_stk1135: serial bus timeout: status=0x00
[  432.419437][  T795] gspca_stk1135: Sensor write failed
[  432.421583][  T795] gspca_stk1135: serial bus timeout: status=0x00
[  432.423859][  T795] gspca_stk1135: Sensor read failed
[  432.425912][  T795] gspca_stk1135: serial bus timeout: status=0x00
[  432.428551][  T795] gspca_stk1135: Sensor read failed
[  432.430364][  T795] gspca_stk1135: Detected sensor type unknown (0x0)
[  432.432526][  T795] gspca_stk1135: serial bus timeout: status=0x00
[  432.434585][  T795] gspca_stk1135: Sensor read failed
[  432.436557][  T795] gspca_stk1135: serial bus timeout: status=0x00
[  432.439370][  T795] gspca_stk1135: Sensor read failed
[  432.441083][  T795] gspca_stk1135: serial bus timeout: status=0x00
[  432.443282][  T795] gspca_stk1135: Sensor write failed
[  432.445062][  T795] gspca_stk1135: serial bus timeout: status=0x00
[  432.447100][  T795] gspca_stk1135: Sensor write failed
[  432.448957][  T795] stk1135 4-1:0.0: probe with driver stk1135 failed with error -71
[  432.452664][  T795] usb 4-1: USB disconnect, device number 5
[  432.807783][T19272] loop9: detected capacity change from 0 to 24
[  432.811182][T19272] MTD: Attempt to mount non-MTD device "/dev/loop9"
[  432.821560][T19272] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  432.836863][T19272] romfs: read error for inode 0x70040
[  433.087126][T19274] loop9: detected capacity change from 0 to 32768
[  433.095443][T19274] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop9 (7:9) scanned by syz.9.3595 (19274)
[  433.104569][T19274] BTRFS info (device loop9): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  433.108940][T19274] BTRFS info (device loop9): using crc32c (crc32c-lib) checksum algorithm
[  433.116294][T19274] BTRFS info (device loop9): using free-space-tree
[  433.222820][T14390] Bluetooth: hci0: command tx timeout
[  433.244894][T19301] loop3: detected capacity change from 0 to 1024
[  433.248044][T19301] EXT4-fs: Ignoring removed bh option
[  433.251673][T19301] EXT4-fs (loop3): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  433.255451][T19301] EXT4-fs (loop3): ext4_check_descriptors: Checksum for group 0 failed (31873!=20869)
[  433.259443][T19301] EXT4-fs (loop3): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  433.272487][T19301] EXT4-fs (loop3): filesystem has both journal inode and journal device!
[  433.307736][T19304] netlink: 'syz.3.3602': attribute type 1 has an invalid length.
[  433.361658][T19307] bond_slave_0: entered promiscuous mode
[  433.364323][T19307] bond_slave_1: entered promiscuous mode
[  433.366413][T19307] macvtap1: entered allmulticast mode
[  433.369163][T19307] bond0: entered allmulticast mode
[  433.371158][T19307] bond_slave_0: entered allmulticast mode
[  433.377124][T19307] bond_slave_1: entered allmulticast mode
[  433.381837][T19307] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  433.385520][T19307] bond0: left allmulticast mode
[  433.387134][T19307] bond_slave_0: left allmulticast mode
[  433.393086][T19307] bond_slave_1: left allmulticast mode
[  433.395356][T19307] bond_slave_0: left promiscuous mode
[  433.397732][T19307] bond_slave_1: left promiscuous mode
[  433.453248][T10402] BTRFS info (device loop9): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  433.710238][T19315] dlm: plock device version mismatch: kernel (1.2.0), user (0.0.0)
[  433.790760][T19321] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3610'.
[  433.856563][T19325] ata1.00: invalid cdb length 6
[  433.864839][T19327] loop3: detected capacity change from 0 to 1024
[  433.886299][T19327] EXT4-fs (loop3): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  433.890653][T19327] ext4 filesystem being mounted at /19/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  433.922555][T19175] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  434.059975][T19344] tmpfs: Bad value for 'mpol'
[  434.172568][T19352] overlayfs: metacopy with no lower data found - abort lookup (/file1)
[  434.291427][T19348] loop3: detected capacity change from 0 to 40427
[  434.293989][T19348] F2FS-fs: heap/no_heap options were deprecated
[  434.301342][T19348] F2FS-fs (loop3): build fault injection rate: 19
[  434.303524][T19348] F2FS-fs (loop3): build fault injection type: 0x3bfe8c
[  434.306832][T19348] F2FS-fs (loop3): invalid crc value
[  434.316294][T19348] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of f2fs_ra_meta_pages+0x615/0x970
[  434.345044][T19348] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of read_node_folio+0x20a/0x3f0
[  434.351072][T19348] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  434.354999][T19348] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  434.369664][T19348] F2FS-fs (loop3): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  434.374525][T19348] bio_check_eod: 2 callbacks suppressed
[  434.374535][T19348] syz.3.3622: attempt to access beyond end of device
[  434.374535][T19348] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  434.393180][T19175] syz-executor: attempt to access beyond end of device
[  434.393180][T19175] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  434.403307][T19175] CPU: 0 UID: 0 PID: 19175 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  434.403326][T19175] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  434.403333][T19175] Call Trace:
[  434.403339][T19175]  <TASK>
[  434.403345][T19175]  dump_stack_lvl+0x189/0x250
[  434.403367][T19175]  ? __pfx_dump_stack_lvl+0x10/0x10
[  434.403381][T19175]  ? __pfx_queue_work_on+0x10/0x10
[  434.403392][T19175]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  434.403408][T19175]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  434.403432][T19175]  f2fs_handle_critical_error+0x37c/0x540
[  434.403454][T19175]  f2fs_write_end_io+0x886/0xb60
[  434.403482][T19175]  __submit_merged_bio+0x27a/0x6a0
[  434.403504][T19175]  __submit_merged_write_cond+0x255/0x530
[  434.403525][T19175]  f2fs_write_data_pages+0x261d/0x3000
[  434.403576][T19175]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  434.403591][T19175]  ? is_bpf_text_address+0x26/0x2b0
[  434.403645][T19175]  ? ktime_get+0x3e/0x1f0
[  434.403658][T19175]  ? ktime_get+0x3e/0x1f0
[  434.403672][T19175]  ? seqcount_lockdep_reader_access+0x15f/0x1c0
[  434.403686][T19175]  ? __pfx_seqcount_lockdep_reader_access+0x10/0x10
[  434.403709][T19175]  ? rcu_is_watching+0x15/0xb0
[  434.403729][T19175]  ? __lock_acquire+0xab9/0xd20
[  434.403760][T19175]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  434.403777][T19175]  do_writepages+0x32e/0x550
[  434.403802][T19175]  ? do_raw_spin_unlock+0x4d/0x240
[  434.403820][T19175]  filemap_fdatawrite+0x199/0x240
[  434.403836][T19175]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  434.403892][T19175]  ? do_raw_spin_unlock+0x4d/0x240
[  434.403910][T19175]  f2fs_sync_dirty_inodes+0x31f/0x830
[  434.403934][T19175]  f2fs_write_checkpoint+0x95a/0x1df0
[  434.403967][T19175]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  434.404020][T19175]  ? kill_f2fs_super+0x298/0x6c0
[  434.404036][T19175]  kill_f2fs_super+0x2c3/0x6c0
[  434.404053][T19175]  ? __pfx_kill_f2fs_super+0x10/0x10
[  434.404063][T19175]  ? radix_tree_delete_item+0x2b6/0x400
[  434.404085][T19175]  ? shrinker_free+0x2ce/0x3e0
[  434.404100][T19175]  deactivate_locked_super+0xbc/0x130
[  434.404117][T19175]  cleanup_mnt+0x425/0x4c0
[  434.404130][T19175]  ? lockdep_hardirqs_on+0x9c/0x150
[  434.404147][T19175]  task_work_run+0x1d4/0x260
[  434.404166][T19175]  ? __pfx_task_work_run+0x10/0x10
[  434.404178][T19175]  ? __x64_sys_umount+0x122/0x160
[  434.404221][T19175]  ? exit_to_user_mode_loop+0x40/0x110
[  434.404241][T19175]  exit_to_user_mode_loop+0xec/0x110
[  434.404257][T19175]  do_syscall_64+0x2bd/0x3b0
[  434.404272][T19175]  ? lockdep_hardirqs_on+0x9c/0x150
[  434.404286][T19175]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  434.404297][T19175]  ? exc_page_fault+0x9f/0xf0
[  434.404313][T19175]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  434.404336][T19175] RIP: 0033:0x7fb28958ff17
[  434.404348][T19175] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  434.404357][T19175] RSP: 002b:00007ffeec06cf98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  434.404371][T19175] RAX: 0000000000000000 RBX: 00007fb289611c05 RCX: 00007fb28958ff17
[  434.404379][T19175] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffeec06d050
[  434.404386][T19175] RBP: 00007ffeec06d050 R08: 0000000000000000 R09: 0000000000000000
[  434.404393][T19175] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffeec06e0e0
[  434.404400][T19175] R13: 00007fb289611c05 R14: 0000000000067687 R15: 00007ffeec06e120
[  434.404424][T19175]  </TASK>
[  434.404429][T19175] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  434.453405][T19354] loop9: detected capacity change from 0 to 40427
[  434.559156][T19354] F2FS-fs (loop9): Insane cp_payload (553648128 >= 504)
[  434.562286][T19354] F2FS-fs (loop9): Can't find valid F2FS filesystem in 1th superblock
[  434.567924][T19354] F2FS-fs (loop9): invalid crc value
[  434.628718][T19354] F2FS-fs (loop9): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  434.635895][T19354] F2FS-fs (loop9): Try to recover 1th superblock, ret: 0
[  434.638938][T19354] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5
[  434.664610][T10402] syz-executor: attempt to access beyond end of device
[  434.664610][T10402] loop9: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  434.670587][T10402] CPU: 1 UID: 0 PID: 10402 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  434.670605][T10402] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  434.670613][T10402] Call Trace:
[  434.670618][T10402]  <TASK>
[  434.670631][T10402]  dump_stack_lvl+0x189/0x250
[  434.670654][T10402]  ? __pfx_dump_stack_lvl+0x10/0x10
[  434.670670][T10402]  ? __pfx_queue_work_on+0x10/0x10
[  434.670681][T10402]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  434.670697][T10402]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  434.670723][T10402]  f2fs_handle_critical_error+0x37c/0x540
[  434.670748][T10402]  f2fs_write_end_io+0x886/0xb60
[  434.670776][T10402]  __submit_merged_bio+0x27a/0x6a0
[  434.670800][T10402]  __submit_merged_write_cond+0x255/0x530
[  434.670823][T10402]  f2fs_write_data_pages+0x261d/0x3000
[  434.670872][T10402]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  434.670940][T10402]  ? folios_put_refs+0x559/0x640
[  434.670968][T10402]  ? __lock_acquire+0xab9/0xd20
[  434.670993][T10402]  ? do_raw_spin_lock+0x121/0x290
[  434.671019][T10402]  ? do_raw_spin_unlock+0x4d/0x240
[  434.671034][T10402]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  434.671053][T10402]  do_writepages+0x32e/0x550
[  434.671079][T10402]  ? do_raw_spin_unlock+0x4d/0x240
[  434.671098][T10402]  filemap_fdatawrite+0x199/0x240
[  434.671116][T10402]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  434.671175][T10402]  ? do_raw_spin_unlock+0x4d/0x240
[  434.671218][T10402]  f2fs_sync_dirty_inodes+0x31f/0x830
[  434.671246][T10402]  f2fs_write_checkpoint+0x95a/0x1df0
[  434.671280][T10402]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  434.671335][T10402]  ? kill_f2fs_super+0x298/0x6c0
[  434.671353][T10402]  kill_f2fs_super+0x2c3/0x6c0
[  434.671371][T10402]  ? __pfx_kill_f2fs_super+0x10/0x10
[  434.671381][T10402]  ? radix_tree_delete_item+0x2b6/0x400
[  434.671404][T10402]  ? shrinker_free+0x2ce/0x3e0
[  434.671420][T10402]  deactivate_locked_super+0xbc/0x130
[  434.671438][T10402]  cleanup_mnt+0x425/0x4c0
[  434.671452][T10402]  ? lockdep_hardirqs_on+0x9c/0x150
[  434.671471][T10402]  task_work_run+0x1d4/0x260
[  434.671491][T10402]  ? __pfx_task_work_run+0x10/0x10
[  434.671505][T10402]  ? __x64_sys_umount+0x122/0x160
[  434.671526][T10402]  ? exit_to_user_mode_loop+0x40/0x110
[  434.671547][T10402]  exit_to_user_mode_loop+0xec/0x110
[  434.671565][T10402]  do_syscall_64+0x2bd/0x3b0
[  434.671581][T10402]  ? lockdep_hardirqs_on+0x9c/0x150
[  434.671596][T10402]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  434.671608][T10402]  ? exc_page_fault+0x9f/0xf0
[  434.671631][T10402]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  434.671643][T10402] RIP: 0033:0x7ff9bdd8ff17
[  434.671655][T10402] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  434.671665][T10402] RSP: 002b:00007ffeb5d6e6d8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  434.671680][T10402] RAX: 0000000000000000 RBX: 00007ff9bde11c05 RCX: 00007ff9bdd8ff17
[  434.671689][T10402] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffeb5d6e790
[  434.671696][T10402] RBP: 00007ffeb5d6e790 R08: 0000000000000000 R09: 0000000000000000
[  434.671704][T10402] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffeb5d6f820
[  434.671712][T10402] R13: 00007ff9bde11c05 R14: 0000000000067788 R15: 00007ffeb5d6f860
[  434.671737][T10402]  </TASK>
[  434.671743][T10402] F2FS-fs (loop9): Stopped filesystem due to reason: 3
[  434.846710][T19366] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes.
[  435.248933][T19376] futex_wake_op: syz.3.3630 tries to shift op by 32; fix this program
[  435.443973][T14390] Bluetooth: hci0: command tx timeout
[  435.610058][T19378] loop9: detected capacity change from 0 to 32768
[  435.628808][T19378] ocfs2: Mounting device (7,9) on (node local, slot 0) with ordered data mode.
[  435.698653][T10402] ocfs2: Unmounting device (7,9) on (node local)
[  435.954510][T19390] overlay: filesystem on ./bus is read-only
[  436.319350][ T5235] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  436.328317][ T5235] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  436.336972][ T5235] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  436.340980][ T5235] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  436.351003][ T5235] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  436.395622][T19402] C speed is unknown, defaulting to 1000
[  436.635333][T19405] loop9: detected capacity change from 0 to 32768
[  436.642309][T19402] chnl_net:caif_netlink_parms(): no params data found
[  436.649812][T19405] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop9 (7:9) scanned by syz.9.3643 (19405)
[  436.669780][T19405] BTRFS info (device loop9): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  436.674067][T19405] BTRFS info (device loop9): using sha256 (sha256-lib) checksum algorithm
[  436.677207][T19405] BTRFS info (device loop9): using free-space-tree
[  436.780227][T19402] bridge0: port 1(bridge_slave_0) entered blocking state
[  436.784327][T19402] bridge0: port 1(bridge_slave_0) entered disabled state
[  436.787369][T19402] bridge_slave_0: entered allmulticast mode
[  436.798062][T19402] bridge_slave_0: entered promiscuous mode
[  436.804806][T19402] bridge0: port 2(bridge_slave_1) entered blocking state
[  436.807865][T19402] bridge0: port 2(bridge_slave_1) entered disabled state
[  436.816039][T10402] BTRFS info (device loop9): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  436.820738][T19402] bridge_slave_1: entered allmulticast mode
[  436.831765][T19402] bridge_slave_1: entered promiscuous mode
[  436.952767][T19402] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  436.992259][T19402] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  437.186207][T19402] team0: Port device team_slave_0 added
[  437.203075][T19402] team0: Port device team_slave_1 added
[  437.231494][ T5311] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  437.377726][ T5311] usb 4-1: device descriptor read/64, error -71
[  437.382105][T19402] batman_adv: batadv0: Adding interface: batadv_slave_0
[  437.388431][T19402] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  437.413440][T19402] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  437.427253][T19402] batman_adv: batadv0: Adding interface: batadv_slave_1
[  437.443654][T19402] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  437.490056][T19402] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  437.644622][ T5311] usb 4-1: new high-speed USB device number 7 using dummy_hcd
[  437.671952][T19402] hsr_slave_0: entered promiscuous mode
[  437.675339][T19402] hsr_slave_1: entered promiscuous mode
[  437.687719][T19402] debugfs: 'hsr0' already exists in 'hsr'
[  437.689762][T19402] Cannot create hsr debugfs directory
[  437.724796][T19450] loop9: detected capacity change from 0 to 4096
[  437.731803][T19450] nilfs2: Unknown parameter 'oSder'
[  437.797742][ T5311] usb 4-1: device descriptor read/64, error -71
[  437.857848][T19450] loop9: detected capacity change from 0 to 164
[  437.869825][T19450] iso9660: Unknown parameter 'barrier'
[  437.915148][ T5311] usb usb4-port1: attempt power cycle
[  438.166375][T19402] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  438.276730][ T5311] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  438.311830][ T5311] usb 4-1: device descriptor read/8, error -71
[  438.514691][T14390] Bluetooth: hci3: command tx timeout
[  438.718183][ T5311] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  438.741897][ T5311] usb 4-1: device descriptor read/8, error -71
[  438.807487][T19402] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  438.826272][T19454] netlink: 25 bytes leftover after parsing attributes in process `syz.9.3654'.
[  438.853563][ T5311] usb usb4-port1: unable to enumerate USB device
[  438.943247][T19402] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  439.072064][T19402] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  439.104086][T19458] syzkaller1: entered promiscuous mode
[  439.106458][T19458] syzkaller1: entered allmulticast mode
[  439.230912][   T33] audit: type=1326 audit(2000000359.965:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19459 comm="syz.9.3657" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9bdd8ebe9 code=0x7ffc0000
[  439.253411][   T33] audit: type=1326 audit(2000000359.984:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19459 comm="syz.9.3657" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9bdd8ebe9 code=0x7ffc0000
[  439.274217][   T33] audit: type=1326 audit(2000000359.984:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19459 comm="syz.9.3657" exe="/syz-executor" sig=0 arch=c000003e syscall=179 compat=0 ip=0x7ff9bdd8ebe9 code=0x7ffc0000
[  439.296112][   T33] audit: type=1326 audit(2000000360.003:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19459 comm="syz.9.3657" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9bdd8ebe9 code=0x7ffc0000
[  439.310993][T19402] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  439.318949][   T33] audit: type=1326 audit(2000000360.003:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19459 comm="syz.9.3657" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9bdd8ebe9 code=0x7ffc0000
[  439.337308][T19402] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  439.349415][T19402] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  439.357902][T19402] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  439.513910][T19472] netlink: 'syz.9.3660': attribute type 3 has an invalid length.
[  439.521253][T19472] netlink: 'syz.9.3660': attribute type 27 has an invalid length.
[  439.530594][T19402] 8021q: adding VLAN 0 to HW filter on device bond0
[  439.555217][T19402] 8021q: adding VLAN 0 to HW filter on device team0
[  439.570543][ T1091] bridge0: port 1(bridge_slave_0) entered blocking state
[  439.572934][ T1091] bridge0: port 1(bridge_slave_0) entered forwarding state
[  439.592443][ T1091] bridge0: port 2(bridge_slave_1) entered blocking state
[  439.594772][ T1091] bridge0: port 2(bridge_slave_1) entered forwarding state
[  439.620871][T19402] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  439.753993][T19402] 8021q: adding VLAN 0 to HW filter on device batadv0
[  439.759575][T19490] loop9: detected capacity change from 0 to 2048
[  439.763633][T19490] UDF-fs: error (device loop9): udf_read_tagged: read failed, block=787, location=787
[  439.767015][T19490] UDF-fs: error (device loop9): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  439.770614][T19490] UDF-fs: error (device loop9): udf_read_tagged: read failed, block=1043, location=1043
[  439.775045][T19490] UDF-fs: error (device loop9): udf_read_tagged: read failed, block=787, location=787
[  439.779103][T19490] UDF-fs: error (device loop9): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  439.788399][T19490] UDF-fs: error (device loop9): udf_read_tagged: read failed, block=1043, location=1043
[  439.791766][T19490] UDF-fs: warning (device loop9): udf_fill_super: No partition found (1)
[  439.920211][T19402] veth0_vlan: entered promiscuous mode
[  439.926296][T19402] veth1_vlan: entered promiscuous mode
[  439.946756][T19402] veth0_macvtap: entered promiscuous mode
[  439.951112][T19402] veth1_macvtap: entered promiscuous mode
[  439.974178][T19402] batman_adv: batadv0: Interface activated: batadv_slave_0
[  439.988382][T19402] batman_adv: batadv0: Interface activated: batadv_slave_1
[  439.994700][   T13] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  440.008672][   T13] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  440.017017][   T13] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  440.022624][   T13] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  440.455337][T11287] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  440.460699][T11287] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  440.490938][T13990] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  440.494061][T13990] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  440.762176][T14390] Bluetooth: hci3: command tx timeout
[  440.773767][T19512] loop5: detected capacity change from 0 to 32768
[  440.773815][T19513] loop3: detected capacity change from 0 to 40427
[  440.779298][T19513] F2FS-fs (loop3): build fault injection rate: 14
[  440.781696][T19513] F2FS-fs (loop3): build fault injection type: 0x3bfe8c
[  440.785446][T19513] F2FS-fs (loop3): invalid crc value
[  440.788797][    C1] F2FS-fs (loop3): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  440.793350][T19512] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  440.795864][    C1] F2FS-fs (loop3): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  440.814264][T19512] 
[  440.815282][T19512] ======================================================
[  440.817755][T19512] WARNING: possible circular locking dependency detected
[  440.820063][T19512] 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 Not tainted
[  440.823747][T19512] ------------------------------------------------------
[  440.825814][T19513] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  440.826611][T19512] syz.5.3673/19512 is trying to acquire lock:
[  440.829848][T19513] F2FS-fs (loop3): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  440.831913][T19512] ffff8880114c23f8 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_init_acl+0x2f9/0x720
[  440.831940][T19512] 
[  440.831940][T19512] but task is already holding lock:
[  440.831943][T19512] ffff88803bf44950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x1f87/0x21c0
[  440.831962][T19512] 
[  440.831962][T19512] which lock already depends on the new lock.
[  440.831962][T19512] 
[  440.831965][T19512] 
[  440.831965][T19512] the existing dependency chain (in reverse order) is:
[  440.831969][T19512] 
[  440.831969][T19512] -> #4 (jbd2_handle){++++}-{0:0}:
[  440.831980][T19512]        lock_acquire+0x120/0x360
[  440.831991][T19512]        start_this_handle+0x1fa7/0x21c0
[  440.858598][T19512]        jbd2__journal_start+0x2c1/0x5b0
[  440.860360][T19512]        jbd2_journal_start+0x2a/0x40
[  440.862213][T19512]        ocfs2_start_trans+0x376/0x6d0
[  440.864456][T19512]        ocfs2_mknod+0xe93/0x2050
[  440.866432][T19512]        ocfs2_mkdir+0x191/0x440
[  440.868293][T19512]        vfs_mkdir+0x306/0x510
[  440.870177][T19512]        do_mkdirat+0x247/0x590
[  440.872150][T19512]        __x64_sys_mkdirat+0x87/0xa0
[  440.874353][T19512]        do_syscall_64+0xfa/0x3b0
[  440.876416][T19512]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  440.879021][T19512] 
[  440.879021][T19512] -> #3 (&journal->j_trans_barrier){.+.+}-{4:4}:
[  440.882453][T19512]        lock_acquire+0x120/0x360
[  440.884550][T19512]        down_read+0x46/0x2e0
[  440.886401][T19512]        ocfs2_start_trans+0x36a/0x6d0
[  440.888628][T19512]        ocfs2_mknod+0xe93/0x2050
[  440.890477][T19512]        ocfs2_mkdir+0x191/0x440
[  440.892187][T19512]        vfs_mkdir+0x306/0x510
[  440.893790][T19512]        do_mkdirat+0x247/0x590
[  440.895670][T19512]        __x64_sys_mkdirat+0x87/0xa0
[  440.897807][T19512]        do_syscall_64+0xfa/0x3b0
[  440.899870][T19512]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  440.902494][T19512] 
[  440.902494][T19512] -> #2 (sb_internal#7){.+.+}-{0:0}:
[  440.905420][T19512]        lock_acquire+0x120/0x360
[  440.907226][T19512]        ocfs2_start_trans+0x26b/0x6d0
[  440.909190][T19512]        ocfs2_xattr_set+0xd69/0x11f0
[  440.911296][T19512]        __vfs_setxattr+0x43c/0x480
[  440.913415][T19512]        __vfs_setxattr_noperm+0x12d/0x660
[  440.915465][T19512]        vfs_setxattr+0x16b/0x2f0
[  440.917185][T19512]        filename_setxattr+0x274/0x600
[  440.919229][T19512]        path_setxattrat+0x364/0x3a0
[  440.921142][T19512]        __x64_sys_setxattr+0xbc/0xe0
[  440.923035][T19512]        do_syscall_64+0xfa/0x3b0
[  440.924811][T19512]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  440.926935][T19512] 
[  440.926935][T19512] -> #1 (&ocfs2_sysfile_lock_key[EXTENT_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}:
[  440.930608][T19512]        lock_acquire+0x120/0x360
[  440.932633][T19512]        down_write+0x96/0x1f0
[  440.934259][T19512]        ocfs2_reserve_suballoc_bits+0x15e/0x4640
[  440.936496][T19512]        ocfs2_reserve_new_metadata_blocks+0x403/0x940
[  440.938744][T19512]        ocfs2_init_xattr_set_ctxt+0x307/0x700
[  440.940711][T19512]        ocfs2_xattr_set+0xb70/0x11f0
[  440.942416][T19512]        __vfs_setxattr+0x43c/0x480
[  440.944104][T19512]        __vfs_setxattr_noperm+0x12d/0x660
[  440.946047][T19512]        vfs_setxattr+0x16b/0x2f0
[  440.947748][T19512]        filename_setxattr+0x274/0x600
[  440.949595][T19512]        path_setxattrat+0x364/0x3a0
[  440.951332][T19512]        __x64_sys_setxattr+0xbc/0xe0
[  440.953031][T19512]        do_syscall_64+0xfa/0x3b0
[  440.954767][T19512]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  440.957433][T19512] 
[  440.957433][T19512] -> #0 (&oi->ip_xattr_sem){++++}-{4:4}:
[  440.960312][T19512]        validate_chain+0xb9b/0x2140
[  440.962133][T19512]        __lock_acquire+0xab9/0xd20
[  440.964190][T19512]        lock_acquire+0x120/0x360
[  440.966231][T19512]        down_read+0x46/0x2e0
[  440.968035][T19512]        ocfs2_init_acl+0x2f9/0x720
[  440.970111][T19512]        ocfs2_mknod+0x1321/0x2050
[  440.972356][T19512]        ocfs2_create+0x1a5/0x440
[  440.974535][T19512]        path_openat+0x14f4/0x3830
[  440.976745][T19512]        do_filp_open+0x1fa/0x410
[  440.978771][T19512]        do_sys_openat2+0x121/0x1c0
[  440.980987][T19512]        __x64_sys_openat+0x138/0x170
[  440.983270][T19512]        do_syscall_64+0xfa/0x3b0
[  440.985432][T19512]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  440.988059][T19512] 
[  440.988059][T19512] other info that might help us debug this:
[  440.988059][T19512] 
[  440.992213][T19512] Chain exists of:
[  440.992213][T19512]   &oi->ip_xattr_sem --> &journal->j_trans_barrier --> jbd2_handle
[  440.992213][T19512] 
[  440.997324][T19512]  Possible unsafe locking scenario:
[  440.997324][T19512] 
[  440.999810][T19512]        CPU0                    CPU1
[  441.001960][T19512]        ----                    ----
[  441.003990][T19512]   rlock(jbd2_handle);
[  441.005367][T19512]                                lock(&journal->j_trans_barrier);
[  441.008062][T19512]                                lock(jbd2_handle);
[  441.010786][T19512]   rlock(&oi->ip_xattr_sem);
[  441.012720][T19512] 
[  441.012720][T19512]  *** DEADLOCK ***
[  441.012720][T19512] 
[  441.016173][T19512] 8 locks held by syz.5.3673/19512:
[  441.018353][T19512]  #0: ffff88801faf6428 (sb_writers#26){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[  441.022045][T19512]  #1: ffff8880114c26c0 (&type->i_mutex_dir_key#30){++++}-{4:4}, at: path_openat+0x8da/0x3830
[  441.025794][T19512]  #2: ffff8881135926c0 (&ocfs2_sysfile_lock_key[INODE_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_suballoc_bits+0x15e/0x4640
[  441.030432][T19512]  #3: ffff8880114c43c0 (&ocfs2_sysfile_lock_key[EXTENT_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_suballoc_bits+0x15e/0x4640
[  441.035240][T19512]  #4: ffff8881135943c0 (&ocfs2_sysfile_lock_key[LOCAL_ALLOC_SYSTEM_INODE]){+.+.}-{4:4}, at: ocfs2_reserve_local_alloc_bits+0x125/0x24e0
[  441.040058][T19512]  #5: ffff88801faf6618 (sb_internal#7){.+.+}-{0:0}, at: ocfs2_mknod+0xe93/0x2050
[  441.043364][T19512]  #6: ffff88802f0e44e8 (&journal->j_trans_barrier){.+.+}-{4:4}, at: ocfs2_start_trans+0x36a/0x6d0
[  441.047462][T19512]  #7: ffff88803bf44950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x1f87/0x21c0
[  441.051146][T19512] 
[  441.051146][T19512] stack backtrace:
[  441.053396][T19512] CPU: 0 UID: 0 PID: 19512 Comm: syz.5.3673 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  441.053412][T19512] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  441.053420][T19512] Call Trace:
[  441.053425][T19512]  <TASK>
[  441.053431][T19512]  dump_stack_lvl+0x189/0x250
[  441.053448][T19512]  ? __pfx_dump_stack_lvl+0x10/0x10
[  441.053461][T19512]  ? __pfx__printk+0x10/0x10
[  441.053476][T19512]  ? stack_trace_save+0x9c/0xe0
[  441.053493][T19512]  print_circular_bug+0x2ee/0x310
[  441.053503][T19512]  check_noncircular+0x134/0x160
[  441.053516][T19512]  validate_chain+0xb9b/0x2140
[  441.053539][T19512]  __lock_acquire+0xab9/0xd20
[  441.053556][T19512]  ? ocfs2_init_acl+0x2f9/0x720
[  441.053568][T19512]  lock_acquire+0x120/0x360
[  441.053582][T19512]  ? ocfs2_init_acl+0x2f9/0x720
[  441.053591][T19512]  ? __pfx__raw_spin_lock_irq+0x10/0x10
[  441.053604][T19512]  down_read+0x46/0x2e0
[  441.053618][T19512]  ? ocfs2_init_acl+0x2f9/0x720
[  441.053630][T19512]  ocfs2_init_acl+0x2f9/0x720
[  441.053641][T19512]  ? ocfs2_mknod_locked+0x148/0x250
[  441.053654][T19512]  ? __pfx_ocfs2_init_acl+0x10/0x10
[  441.053666][T19512]  ? dquot_alloc_inode+0x216/0xa50
[  441.053678][T19512]  ? ocfs2_block_signals+0x94/0xe0
[  441.053689][T19512]  ? __pfx_ocfs2_block_signals+0x10/0x10
[  441.053704][T19512]  ? ocfs2_init_security_get+0x139/0x1a0
[  441.053718][T19512]  ocfs2_mknod+0x1321/0x2050
[  441.053732][T19512]  ? __pfx_ocfs2_mknod+0x10/0x10
[  441.053742][T19512]  ? __pfx_ocfs2_find_entry+0x10/0x10
SYZFAIL: failed to recv rpc
fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor)
[  441.053756][T19512]  ? __lock_acquire+0xab9/0xd20
[  441.053777][T19512]  ? look_up_lock_class+0x74/0x170
[  441.053788][T19512]  ? register_lock_class+0x51/0x320
[  441.053800][T19512]  ? __lock_acquire+0xab9/0xd20
[  441.053816][T19512]  ? __lock_acquire+0xab9/0xd20
[  441.053833][T19512]  ? do_raw_spin_lock+0x121/0x290
[  441.053847][T19512]  ? do_raw_spin_unlock+0x4d/0x240
[  441.053863][T19512]  ? rcu_is_watching+0x15/0xb0
[  441.053874][T19512]  ? ocfs2_lookup+0x5b9/0x9b0
[  441.053885][T19512]  ocfs2_create+0x1a5/0x440
[  441.053896][T19512]  ? __pfx_ocfs2_lookup+0x10/0x10
[  441.053903][T19512]  ? from_kgid+0x1b0/0x650
[  441.053913][T19512]  ? __pfx_ocfs2_create+0x10/0x10
[  441.053922][T19512]  ? HAS_UNMAPPED_ID+0x11a/0x180
[  441.053933][T19512]  ? inode_permission+0x149/0x470
[  441.053943][T19512]  ? __pfx_ocfs2_permission+0x10/0x10
[  441.053956][T19512]  ? bpf_lsm_inode_create+0x9/0x20
[  441.053968][T19512]  ? __pfx_ocfs2_create+0x10/0x10
[  441.053978][T19512]  path_openat+0x14f4/0x3830
[  441.053990][T19512]  ? arch_stack_walk+0xfc/0x150
[  441.054011][T19512]  ? __pfx_path_openat+0x10/0x10
[  441.054020][T19512]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  441.054032][T19512]  do_filp_open+0x1fa/0x410
[  441.054043][T19512]  ? __lock_acquire+0xab9/0xd20
[  441.054058][T19512]  ? __pfx_do_filp_open+0x10/0x10
[  441.054076][T19512]  ? _raw_spin_unlock+0x28/0x50
[  441.054088][T19512]  ? alloc_fd+0x64c/0x6c0
[  441.054105][T19512]  do_sys_openat2+0x121/0x1c0
[  441.054143][T19512]  ? __se_sys_futex+0x36f/0x400
[  441.054158][T19512]  ? __pfx_do_sys_openat2+0x10/0x10
[  441.054171][T19512]  ? rcu_is_watching+0x15/0xb0
[  441.054177][T19512]  __x64_sys_openat+0x138/0x170
[  441.054189][T19512]  do_syscall_64+0xfa/0x3b0
[  441.054203][T19512]  ? lockdep_hardirqs_on+0x9c/0x150
[  441.054216][T19512]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  441.054227][T19512]  ? exc_page_fault+0x9f/0xf0
[  441.054241][T19512]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  441.054251][T19512] RIP: 0033:0x7f42f3f8ebe9
[  441.054263][T19512] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  441.054272][T19512] RSP: 002b:00007f42f4da7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  441.054283][T19512] RAX: ffffffffffffffda RBX: 00007f42f41b5fa0 RCX: 00007f42f3f8ebe9
[  441.054289][T19512] RDX: 0000000000000042 RSI: 0000200000000040 RDI: ffffffffffffff9c
[  441.054296][T19512] RBP: 00007f42f4011e19 R08: 0000000000000000 R09: 0000000000000000
[  441.054303][T19512] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  441.054310][T19512] R13: 00007f42f41b6038 R14: 00007f42f41b5fa0 R15: 00007fff27cb4828
[  441.054321][T19512]  </TASK>
[  441.054988][T19513] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  441.059226][    C0] vkms_vblank_simulate: vblank timer overrun
[  441.065621][T19520] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_to_hsr, syncid = 0, id = 0
[  441.256548][T19402] ocfs2: Unmounting device (7,5) on (node local)
[  441.670463][   T13] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  441.731915][   T13] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  441.840508][   T13] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  441.945521][   T13] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  442.026230][   T13] bridge_slave_1: left allmulticast mode
[  442.029010][   T13] bridge_slave_1: left promiscuous mode
[  442.031416][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  442.035485][   T13] bridge_slave_0: left allmulticast mode
[  442.038941][   T13] bridge_slave_0: left promiscuous mode
[  442.041253][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  442.154629][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  442.160062][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  442.164496][   T13] bond0 (unregistering): Released all slaves
[  442.428218][   T13] hsr_slave_0: left promiscuous mode
[  442.430754][   T13] hsr_slave_1: left promiscuous mode
[  442.433298][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  442.437761][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  442.440994][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  442.444023][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  442.449509][   T13] veth1_macvtap: left promiscuous mode
[  442.451754][   T13] veth0_macvtap: left promiscuous mode
[  442.454069][   T13] veth1_vlan: left promiscuous mode
[  442.456535][   T13] veth0_vlan: left promiscuous mode
[  442.596670][   T13] team0 (unregistering): Port device team_slave_1 removed
[  442.622405][   T13] team0 (unregistering): Port device team_slave_0 removed
[  443.133678][ T5713] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  444.330296][ T5713] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  444.373797][ T5713] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  444.416270][ T5713] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  444.484106][ T5713] bridge_slave_1: left allmulticast mode
[  444.486610][ T5713] bridge_slave_1: left promiscuous mode
[  444.489026][ T5713] bridge0: port 2(bridge_slave_1) entered disabled state
[  444.493322][ T5713] bridge_slave_0: left allmulticast mode
[  444.495610][ T5713] bridge_slave_0: left promiscuous mode
[  444.498328][ T5713] bridge0: port 1(bridge_slave_0) entered disabled state
[  444.579637][ T5713] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  444.585459][ T5713] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  444.589715][ T5713] bond0 (unregistering): Released all slaves
[  444.826162][ T5713] hsr_slave_0: left promiscuous mode
[  444.829007][ T5713] hsr_slave_1: left promiscuous mode
[  444.831649][ T5713] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  444.834609][ T5713] batman_adv: batadv0: Removing interface: batadv_slave_0
[  444.837974][ T5713] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  444.842214][ T5713] batman_adv: batadv0: Removing interface: batadv_slave_1
[  444.848614][ T5713] veth1_macvtap: left promiscuous mode
[  444.852439][ T5713] veth0_macvtap: left promiscuous mode
[  444.854766][ T5713] veth1_vlan: left promiscuous mode
[  444.856937][ T5713] veth0_vlan: left promiscuous mode
[  444.993875][ T5713] team0 (unregistering): Port device team_slave_1 removed
[  445.017006][ T5713] team0 (unregistering): Port device team_slave_0 removed
[  446.214699][   T13] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  446.286930][   T13] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  446.330612][   T13] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  446.404154][   T13] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  446.472855][   T13] bridge0: port 4(dummy0) entered disabled state
[  446.476777][   T13] macsec1: left allmulticast mode
[  446.478775][   T13] geneve1: left allmulticast mode
[  446.480960][   T13] macsec1: left promiscuous mode
[  446.483145][   T13] bridge0: port 3(macsec1) entered disabled state
[  446.486906][   T13] bridge_slave_1: left allmulticast mode
[  446.489322][   T13] bridge_slave_1: left promiscuous mode
[  446.491771][   T13] bridge0: port 2(bridge_slave_1) entered disabled state
[  446.495657][   T13] bridge_slave_0: left allmulticast mode
[  446.498008][   T13] bridge_slave_0: left promiscuous mode
[  446.500330][   T13] bridge0: port 1(bridge_slave_0) entered disabled state
[  446.596464][   T13] team0: Port device geneve0 removed
[  446.705260][   T13] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  446.709763][   T13] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  446.716812][   T13] bond0 (unregistering): Released all slaves
[  448.252057][   T13] tipc: Disabling bearer <udp:s>
[  448.265274][   T13] tipc: Disabling bearer <udp:syz2>
[  448.268608][   T13] tipc: Left network mode
[  448.404905][   T13] hsr_slave_0: left promiscuous mode
[  448.407201][   T13] hsr_slave_1: left promiscuous mode
[  448.409417][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  448.412958][   T13] batman_adv: batadv0: Removing interface: batadv_slave_0
[  448.415808][   T13] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  448.418240][   T13] batman_adv: batadv0: Removing interface: batadv_slave_1
[  448.420897][   T13] batman_adv: batadv0: Removing interface: team0
[  448.424559][   T13] veth0_macvtap: left promiscuous mode
[  448.426426][   T13] veth1_vlan: left promiscuous mode
[  448.428149][   T13] veth0_vlan: left promiscuous mode
[  448.588689][   T13] team0 (unregistering): Port device team_slave_1 removed
[  448.617320][   T13] team0 (unregistering): Port device team_slave_0 removed
[  449.228140][   T13] IPVS: stop unused estimator thread 0...

VM DIAGNOSIS:
03:11:42  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000039 RBX=0000000000000039 RCX=0000000000000000 RDX=00000000000003f8
RSI=00000000000023f2 RDI=00000000000023f3 RBP=00000000000003f8 RSP=ffffc900031fe8f0
R8 =ffff888021398237 R9 =1ffff11004273046 R10=dffffc0000000000 R11=ffffffff854efeb0
R12=dffffc0000000000 R13=ffffffff99af98fe R14=ffffffff99dee3a0 R15=0000000000000000
RIP=ffffffff854eff2c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f42f4da76c0 ffffffff 00c00000
GS =0000 ffff8880b861c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b3131dff8 CR3=0000000023642000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=3939666233623834 3433626164323035
XMM06=6630393963663162 3561383435663961 XMM07=6338613338663136 3130303031326266
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007ff9bde12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000200000000000 RBX=ffffc900032bf3be RCX=dffffc0000000000 RDX=ffffffff902a7c06
RSI=0000000000000000 RDI=ffffc900032bff78 RBP=dffffc0000000000 RSP=ffffc900032bf2b8
R8 =0000000000000022 R9 =0000000000000000 R10=ffffc900032bf3d8 R11=ffffffff81ac3870
R12=ffffc900032bff58 R13=ffffc900032bf3d8 R14=ffffc900032bf388 R15=1ffffffff2054f80
RIP=ffffffff8172d31a RFL=00000286 [--S--P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fb2877f66c0 ffffffff 00c00000
GS =0000 ffff8881a3c1c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007fb2895733e0 CR3=000000011fff2000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 0000000000000000 XMM05=923ed87affff0000 0cfedd4000000000
XMM06=0000000000000000 0000000000000000 XMM07=0000000000000000 0000000000000000
XMM08=0000000000000000 0000000000000000 XMM09=0000000000000000 00007fb289612fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
