last executing test programs:

1m53.628903751s ago: executing program 1 (id=357):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$afs(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='dyn'])
chdir(&(0x7f00000000c0)='./file0\x00')
mount$nfs(&(0x7f0000000100)='...', &(0x7f0000000140)='./file0\x00', 0x0, 0x2000, 0x0)

1m53.508298259s ago: executing program 1 (id=360):
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0xd, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffffffff}, [@call={0x85, 0x0, 0x0, 0x6b}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sock_ops=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1m53.448545956s ago: executing program 1 (id=362):
r0 = fsopen(&(0x7f0000001340)='pstore\x00', 0x0)
fsmount(r0, 0x0, 0x0)

1m53.421606109s ago: executing program 1 (id=363):
syz_mount_image$fuse(0x0, &(0x7f0000000080)='./file0\x00', 0x22000b0, 0x0, 0x3, 0x0, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x84000, 0x0)

1m53.34079829s ago: executing program 1 (id=364):
mkdir(0x0, 0x1)
r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000380)=ANY=[@ANYBLOB="1201000000000040bd2842000000000000010902240001000000000904010002030000000921000000012207000905", @ANYRES16], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000340)={0x0, 0x22, 0x7, {[@main=@item_012={0x2, 0x0, 0x8, '`\r'}, @main=@item_012={0x0, 0x0, 0x3}, @global=@item_012={0x2, 0x1, 0x8, "4c8b"}]}}, 0x0}, 0x0)
syz_usb_control_io(r0, &(0x7f0000000440)={0x2c, 0x0, &(0x7f0000000380)={0x0, 0x3, 0x29, @string={0x29, 0x3, "a362348f4212fa5e67e4b036ec85c22a635a125ffa52ac2c974991acb5e829ed83bfb40c53d962"}}, 0x0, 0x0, 0x0}, 0x0)

1m53.065869982s ago: executing program 1 (id=367):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x15, 0x3, &(0x7f0000000540)=@framed, &(0x7f00000005c0)='GPL\x00'}, 0x90)
setsockopt$sock_attach_bpf(r0, 0x1, 0x34, &(0x7f0000000200)=r1, 0x4)

1m52.951455434s ago: executing program 32 (id=367):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000780)={0x15, 0x3, &(0x7f0000000540)=@framed, &(0x7f00000005c0)='GPL\x00'}, 0x90)
setsockopt$sock_attach_bpf(r0, 0x1, 0x34, &(0x7f0000000200)=r1, 0x4)

1m16.991556803s ago: executing program 0 (id=681):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x10, 0x4, &(0x7f0000000380)=ANY=[@ANYBLOB="1802000000c400000000000000000000850000003e00000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="1200000004000000080000000b"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000300)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB='\a'], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000000)={r2, &(0x7f0000000240), &(0x7f00000004c0)=@tcp6=r0}, 0x20)
sendmmsg$inet6(r0, &(0x7f0000002180)=[{{0x0, 0x0, &(0x7f0000000980)=[{&(0x7f0000000740)="03", 0x1}], 0x1}}], 0x1, 0x0)
sendmmsg$inet6(r0, &(0x7f0000002000)=[{{0x0, 0x0, &(0x7f0000000180), 0x1}}, {{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f00000009c0)='.', 0xc400}], 0x7}}], 0x44, 0x0)

1m16.883328115s ago: executing program 0 (id=682):
r0 = syz_open_dev$sndpcmc(&(0x7f0000000180), 0x0, 0x0)
ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r0, 0xc2604110, &(0x7f00000001c0)={0x0, [[0x1], [0x0, 0x100003], [0x91]], '\x00', [{0x0, 0xfffffffe}], '\x00', 0x300})

1m16.706657577s ago: executing program 0 (id=683):
syz_mount_image$f2fs(&(0x7f0000000180), &(0x7f0000000040)='./bus\x00', 0x0, &(0x7f0000000500)=ANY=[@ANYRES64=0x0, @ANYBLOB="c3649be801cfa9d37b32e5a81bd8ef65d2d6ae7c55dce6f28d147bd4743ac27b", @ANYRES16, @ANYBLOB="91f895dd7ebcc2b83a83fb121e4e844e5d7a09e7d4a4979f3fdfe200b83e593144c1cf15b5624e3448b3b40065bc381005ed653b2e5aeafdfb38eeddb8c08b04fb2e46eba33d22f32db6a9608832f35ee976140648653030c5dd9306f90fc9f46534c6d9f2b37f945ba052c7197494046b00916b8f07b5b9f05f77f79225aa0700a01e414c5352def7a6078229384108c95320a4abf33afd65548efaf0b3dc54c4c10995d3e08a9017ae0c8828c59983d23cf29ff4ff4a16908f199ba7"], 0x1, 0x556c, &(0x7f000000b980)="$eJzs3MtvG0UYAPBZp2npkwhxgFNXqpASqbbqtKngFqAVD5Eq4nHgVBzbsdza3ih2nJATEhxRD/wnCCROHPkbOHDmhjiAuCGBvLMmhPIosvNqfz9p/e3Mjr+dWa1afbuRA/DEmkt/+SkJl8LZEMJMCOFCEvL9pNhyyzE8F0K4HEIo/WlLiv4/Ok6HEM6FEC6NksecSX7o7vMxy5s/f/3tmVPnP//quyNaMnAMvBBC6G7E/e1ujFkrxntFf23YzmP3xrCI8UD3ftHOYtxuruUZtmvjcbU8Xm/F8dnGVn8U1zu1+ii22ut5/0YvnrA/bI3z5F+4V9vM243mWh7b/SyPrd04r53d+G/bbn8Q8zSKfB/m6cNgMI6xv7nTjOvZuJ/Hem9Q9Me8WaO5M4rDIhanC/Ws08jnsTbJlT7e3mr3tnbSYXOz38566VKl+mKlerNc3cwazUHzRrnWbdy8kc63OqNh5UGz1l1uZVmr06zUs+5COt+q18vVajp/q7nWrvXSarVyvXKtvLRQ7F1NX7vzXtpppPOj+Eq7t3W63emn69lmGr+xkC5Wrr+0kF6ppu+srKarb9++vbL67t1b7995eeWNV4tBD00rnV+8trhYrl4rL1YXjsH6R//vPuL6B5Os/5Ni0v9j/clklwf+3d4N9uBI5wFwgjxU/4eDqv9D+Ozq8MrSj+p/YGtf6yTW/2Ga9f+opFL//3f9W5q8/p+o/j2u9f8JXj9MxAMmAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAn1vezX7ye78zF9vmi/2LR9UzRTkIIpRDCb39jJpzel3OmyDP7D+Nn/zKHb5KQZxid40yxnQshLBfbr08f9FUAAACAx9eXH11+EKv1+DF31BPiMMWHNqULH0wpXxJCmJ37YUrZSqOPZ6eULL+/T4WdKWXLH2A9NaVk8ZHbqWlleyQz4/Dxxb3OfEFJDKVDnQ4AAHAoZvaFw61CAAAAOEyf7m9O7bUWx1wSxq8yx++C87+837sHzu47BgAAAJxAyVFPAAAAADhwef3v9/8AAADg8RZ//w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+J2du7lRG4gCAPxscID8KCjKPV3knBuUkRJyzDFQQJqgBNJCGkApgdy2hBWssEdoba0ldrGXXfR9kgeeMW9mgMubQQYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAPv0v1vM/v778br9iclKe3f483c0IAAAAaNoW63n5ZFrF79L5D+nUpxRnEZFHxEO1+yDe1HIOUp6i5fqiMYa/EWWGQx+jdLyNiG/puP3Y96cAAAAA12uzXM2qar1qppceEM+pWrTJ33/vKF8WEcX0pqNs+aH53FGy8vc9jJ/HeD96ZILaCle5gDXuaGjVktvwhG67M6g9pJmMF+WXWEZ5P/0CAACXVK8EWqoQAAAArsCPp7+1+UduXpZ/X+9HzT297Ngc9xnTrmjaEJzUIgAAAOAVyi49AAAAAKB3Zf3v/n8AAABw3ar7/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANCnbbGeb5arWdvrixPz7Pbn6W5GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcMf+vKNACIRBGOxd35nM/Q8rDRoam1SB8PE3BgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAG9+95f/E1PjTDL32lh6HknWTo2tU2Pv3Dj6w/j6NQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF/vzkgIhEARRMGf876Tvf1hJ0DOIEAENjypq0QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAF/3ul/8TU+NMMnfaWDoeSdauGltXjb0HjaMH4+3fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFzv3zxtHEQUA/O3e7eUPoBiDXBhQkCigIfYlJKSEAmRR8BGQLOccDA6BxAWJLJAbqJDrNAhKhJBApst3SB1LaUKXwoWRqIN2b9deJ4acEmv34vx+0uy8Pa9m3uydLD/P2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFS23o9X0zLu5IeJYVy9dnt7dSHvNx/oczfX70znLY+TR030/XsHn/wYS7rxWv385FTt5Nvm8wEAAOAQ2qcY71T1fUTczTbm8j6dKOr/rLomr/l/emHvEA/W/Zvbq0fLL01X9f+ff9x7eWeiieE8+aCLS8uD2YdT6R7UMp82Jx55Rbe488XvXjrFG5J+tPbSVlbcz+SHW7c+6BXhkSayBQAex6mqL4Pq56G877eZGADPjG6t8K7q/85EuzkBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANGFrLZ6r4iQipru7cW5ze3Vhv/7m+p3pqp27cWO9PmY+RBYRi0vLg6zBtYy7q9eufz6/vDy40nxwMiLam70MPhnhmoj/v6b8eEZ7q/jvIBmPNFoN0vL9GZd8doP7JyKebJzqs3fwGbb0DQkAgEMrK1te19/NNuby15LJiPs/763/36zFMWL9f+/Tc7frc9Xr/35jKxx/MyuXvpy5eu3620uX5i8OLg6+eOd0/93+mfNnz56fye/V7MxipIPZttMEAADgKdYrW73+Tycf3v8/XotjxPr/qx/739Tn6qj/97W76dd2JgAAAM+i3k704uv//J3sc0XS68XX8ysrV/rD48756eGx0XQf05Gy1ev/zmTbWQEAAABN2FpL9uz/X6jFMeL+//O/vPJbfcxORByLuBwRg1MLl5cvNLecsdbE3zkXE/XaXikAAABtOVa2+v5/Vjz/n+488pBGxFtvDOPqf12NUv93Pvzu1/pc9ef/zzS3xLGUTg3vR9FPRXSn2s4IAACAw+xo2fJi/69sY+6z349/3PP8PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDT/g0AAP//SAE1oA==")
r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)=0x20000008)
mknod$loop(&(0x7f0000000340)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xc000, 0x1)

1m15.997099783s ago: executing program 0 (id=689):
syz_mount_image$f2fs(&(0x7f0000000080), &(0x7f00000000c0)='./file0\x00', 0x8, &(0x7f0000000600)=ANY=[@ANYBLOB="6661756c745f696e6a656374696f6e3d30303030303030303030303030303030313236322c6d6f64653d61646170746976652c616c6c6f635f6d6f64653d64656661756c742c636865636b706f696e743d656e61626c652c6163746976655f6c6f67733d362c6e6f646973636172642c6261636b67726f756e645f67633d73796e632c6e6f61636c2c6d6f64653d61646170746976652c6e6f696e6c696e655f78617474722c6e6f657874656e745f63616368652c6e6f757365725f78617474722c6a71666d743d7666736f6c642c66617374626f6f742c67727071756f74613d2f6465762f75686964002c61636c2c0032f4ee2f6560cdca2b9483944e9645733866c506b49c56b50344a658491dfe1afc3bb0de511c48132c86a775315723c53de2957513b9e639dfab8b7e4f4097c16f12b630a63e3ee7aa89cfa87acb9e9436e3d4feae3c1c3fedb8759e622019ece82c31d9fe60c2e3300afffbbda9aa8515e815ffc77756449aee7d4dc8354a136775201fe90e0663c422eb5a7e10e72601606e640c6714946801fccf68f802ff1c466e968c229e988c70dbe2c74169c0e96f9117a800ef78cef7bea512401010266195fc419fabbb4304582cd727de0f01694c0e22f6bca0650e3f3e4c4aefef27a417b89a0ce12bce1898cc08bbacc339f2655241746a085213fe4d6edc276928e230d4663583ccad22e450718285ed6a84bad0c7d117de297a02d83173a5a3d62192e8b6882f1a34b2200fdb7de25a9c0657778fdf670dfbd28483194c7b288bd257fa84f4a9564651ee61761f4a364803b5aea822e4c5b52b5676bdba4d9bdcbf1b7ddda716f223a1bc6d1c5a150fa64e72f580f7bf672ce6c6d30f8bcf091186a89ff219d2272ff5f2c0b4f63cb92f4708d6d81bc1935a791bd1c3670ba93b4a4db772e29f150122528cbe24284f0d1064ba237debaa65d481756e427ad570171d1e9445fe5c06dd6335167686a2cf8f226eb57ebe530d4e72"], 0x1, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
mkdirat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
lsetxattr$trusted_overlay_origin(&(0x7f0000000180)='./file1\x00', &(0x7f0000000040), 0x0, 0x0, 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000900)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})

1m15.306307636s ago: executing program 0 (id=692):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
getsockopt$IP_VS_SO_GET_SERVICES(r0, 0x0, 0x1a, 0x0, &(0x7f0000000100))

1m14.544367689s ago: executing program 0 (id=693):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x101a02, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(r0, 0xc0045009, &(0x7f0000000100)=0x100)

1m14.384375689s ago: executing program 33 (id=693):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f00000003c0), 0x101a02, 0x0)
ioctl$SNDCTL_DSP_SUBDIVIDE(r0, 0xc0045009, &(0x7f0000000100)=0x100)

1.896100963s ago: executing program 3 (id=1370):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000004c0)={'bond0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000006c0)=@newlink={0x3c, 0x10, 0x1, 0x70bd2b, 0x25dfdbfa, {0x0, 0x0, 0x0, r2, 0x8013, 0x190a5}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bond={{0x9}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BOND_AD_ACTOR_SYSTEM={0x8, 0x1a, @multicast1}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x4000)

1.078868098s ago: executing program 4 (id=1381):
mount(&(0x7f0000000080)=@nullb, &(0x7f0000000000)='./cgroup\x00', &(0x7f0000000180)='qnx4\x00', 0x208000, 0x0)

1.000442271s ago: executing program 3 (id=1383):
mknodat$null(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0xb0a54e68b1cd2fdb, 0x103)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065fffff530000008003950323030302e75"], 0x15)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x70, 0x0, 0x0, 0xfff, 0x0, 0x0, 0x40f00, 0x4, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xcb3a}, 0x94)
pipe2$9p(&(0x7f0000000000)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[], 0x15)
r2 = dup(r1)
write$P9_RLERRORu(r2, &(0x7f0000000540)=ANY=[@ANYBLOB="8b"], 0x53)
write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000100)={0xe, 0x18, 0xfa00, @id_afonly={0x0}}, 0x20)
write$binfmt_elf64(r2, &(0x7f0000000340)=ANY=[@ANYBLOB="7f454c4600073f034b0b00000000000003003e00ffffffe93501"], 0x7c8)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
lstat(&(0x7f0000000440)='./file0\x00', 0x0)

1.00010185s ago: executing program 4 (id=1384):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vcan0\x00', <r1=>0x0})
connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1, 0x0, {0x1}}, 0x18)

908.883948ms ago: executing program 2 (id=1385):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f00000004c0)={0x26, 'aead\x00', 0x0, 0x0, 'rfc4106(gcm(aes))\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f00000009c0)="ad56b6c5820fae9d6dcd3292ea54c7be8bbdadbb1632ea5704cae881ef915d374c90c200", 0x24)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg$qrtr(r1, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f0000000700)=""/192, 0xc0}], 0x1, 0x0, 0x0, 0x10000}, 0x38, 0x2)

908.506773ms ago: executing program 4 (id=1386):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000240)=0x100000001, 0x59)
connect$inet6(r0, &(0x7f0000000200)={0xa, 0xffff, 0x0, @loopback}, 0x1c)
setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000040), 0x4)
setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_256={{0x304}, "0002002000", "07f217bd74511e465bbbd5de01000000f9044677d4d588363d63af84db44be59", "00f8ff00", "8ce63ecbc640735f"}, 0x38)
r1 = socket$inet6(0x10, 0x2, 0x4)
sendto$inet6(r1, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784002000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x40, 0x0, 0x0)

838.375424ms ago: executing program 3 (id=1387):
syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x20, 0x0, 0x0, 0x0, 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x8, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESDEC=0x0])
mount(0x0, &(0x7f0000000440)='./file0\x00', &(0x7f0000000280)='autofs\x00', 0x201000c, &(0x7f0000000040))
chdir(&(0x7f0000000080)='./file0\x00')
unlinkat(0xffffffffffffff9c, 0x0, 0x200)
symlinkat(&(0x7f0000000400)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00')
openat(0xffffffffffffff9c, &(0x7f0000002480)='./file1/file0\x00', 0x42, 0x40)

837.943576ms ago: executing program 4 (id=1388):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000040)={'vcan0\x00', <r1=>0x0})
connect$can_bcm(r0, &(0x7f0000000080)={0x1d, r1}, 0x10)
sendmsg$can_bcm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000100)=ANY=[@ANYBLOB="05"], 0x48}}, 0x0)
sendmsg$can_bcm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB="050000000808"], 0x80}}, 0x0)
close(0x3)

761.916065ms ago: executing program 4 (id=1389):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000240)=@framed, &(0x7f0000000140)='syzkaller\x00'}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10)
syz_emit_vhci(&(0x7f0000000180)=@HCI_VENDOR_PKT={0xff, 0x40}, 0x2)

761.407085ms ago: executing program 2 (id=1390):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=@updpolicy={0x1fc, 0x19, 0x1, 0x0, 0x25dfdbff, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x0, 0x0, 0xfffffffffffffffe}, {0x7d}}, [@tmpl={0x144, 0x5, [{{@in=@local, 0x4d6, 0x33}, 0x0, @in=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44}, {{@in6=@remote, 0x0, 0x3c}, 0x2, @in6=@dev}, {{@in6=@mcast2, 0x0, 0x6c}, 0x0, @in=@multicast1}, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x0, 0x6c}, 0x0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}, {{@in=@remote, 0x0, 0x33}, 0x0, @in6=@private1={0xfc, 0x1, '\x00', 0x10}, 0x0, 0x5}]}]}, 0x1fc}, 0x1, 0x0, 0x0, 0x1}, 0x0)

671.560778ms ago: executing program 4 (id=1391):
connect$unix(0xffffffffffffffff, 0x0, 0x0)
ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205649, 0x0)
syz_open_dev$usbfs(&(0x7f0000000180), 0x205, 0x2581)
prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0)
r3 = socket$isdn(0x22, 0x2, 0x26)
bind$isdn(r3, &(0x7f0000000040)={0x22, 0x8c, 0x0, 0x1}, 0x6)
r4 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x42002)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r4, 0xc08c5332, 0x0)
ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r4, 0x4040534e, &(0x7f00000002c0)={0x10f, @time={0xf2ee}})
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0)
unshare(0x28000600)

591.794324ms ago: executing program 2 (id=1392):
r0 = syz_open_dev$media(&(0x7f0000000080), 0x0, 0x0)
ioctl$MEDIA_IOC_G_TOPOLOGY(r0, 0xc0487c04, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffdf6, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0})

429.443126ms ago: executing program 2 (id=1393):
r0 = socket$igmp6(0xa, 0x3, 0x2)
setsockopt$sock_int(r0, 0x1, 0x29, &(0x7f0000000100)=0x3ff, 0x4)
setsockopt$sock_int(r0, 0x1, 0x28, &(0x7f0000000080)=0x29cb, 0x4)
sendmmsg$inet6(r0, &(0x7f00000000c0)=[{{&(0x7f00000001c0)={0xa, 0x0, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0)
recvfrom$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

248.179197ms ago: executing program 3 (id=1394):
r0 = socket$kcm(0x2, 0x3, 0x2)
ioctl$SIOCSIFHWADDR(r0, 0x8b04, &(0x7f0000000000)={'virt_wifi0\x00', @random="d2c17c103c85"})

101.664989ms ago: executing program 2 (id=1395):
socket$xdp(0x2c, 0x3, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$nl_route(r1, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0, 0x18}}, 0x0)
getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0xffffffffffffff6e, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="5000000010008105e9c51c000000000000000000", @ANYRES32=r2, @ANYBLOB="01000000000000002800128009000100766c616e000000001800028006000100000000000c0002000c0000000d00000008000500", @ANYRES64=r0], 0x50}, 0x1, 0x0, 0x0, 0x80}, 0x0)
r3 = socket$packet(0x11, 0x2, 0x300)
sendto$packet(r3, 0x0, 0x0, 0x44014, &(0x7f0000000180)={0x11, 0xd, r2, 0x1, 0x7, 0x6, @broadcast}, 0x14)

101.44395ms ago: executing program 3 (id=1396):
r0 = userfaultfd(0x80801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000080)={0x10000008})

641.66µs ago: executing program 3 (id=1397):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_TYPE={0x5, 0x2, 0x17}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x1}, @NFTA_EXTHDR_FLAGS={0x8, 0x6, 0x1, 0x0, 0x2}, @NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0x13}, @NFTA_EXTHDR_OFFSET={0x8, 0x3, 0x1, 0x0, 0x18}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x94}}, 0x0)

0s ago: executing program 2 (id=1398):
mknod$loop(&(0x7f0000000140)='./file0\x00', 0x8fff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000000)={0x6, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0xfffffffffffffffe)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
read$nci(0xffffffffffffffff, 0x0, 0x0)
r1 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$TCFLSH(r1, 0x80045438, 0x0)
r2 = socket$packet(0x11, 0x2, 0x300)
r3 = openat$comedi(0xffffff9c, &(0x7f0000000040)='/dev/comedi3\x00', 0x2000, 0x0)
ioctl$COMEDI_DEVCONFIG(r3, 0x40946400, 0x0)
setsockopt$packet_int(r2, 0x107, 0x7, 0x0, 0x0)
bind$bt_hci(0xffffffffffffffff, &(0x7f0000000100)={0x1f, 0xffff, 0x3}, 0x6)
write$binfmt_misc(0xffffffffffffffff, &(0x7f0000000000), 0xd)
ioctl$UI_ABS_SETUP(0xffffffffffffffff, 0x401c5504, &(0x7f0000000340)={0x4, {0x965, 0x1, 0x3, 0x9, 0x0, 0x4}})
write$nci(0xffffffffffffffff, &(0x7f0000001740)=ANY=[@ANYBLOB="500105010c000000030300040905030072bad45e265e96dc1ce36dac131b1126baa0c7c8a90c3a824b51746b3992a9ef887b6a3f4ae94bac3b6ad3a447290631"], 0x83)
keyctl$read(0x2, 0x0, &(0x7f00000000c0)=""/4096, 0x1000)
execve(&(0x7f0000000040)='./file0\x00', &(0x7f0000001900), &(0x7f0000000a80)={[&(0x7f00000011c0)='.^*%$\'-\\:\x00\xfb\x12#\x19\t\x99n\x1e\xef,NA\xf3)\xc8\xcd\x9bM\x83\x9d\v\x80\xcbU\xdcV\xe4\xff\xa8\xf19\xf0\x10|A\xef\x06\xe0\xee\xa6\x9fd\xeb\x88\xbb\x8d\x1cJ\xe9\xf2\xb5\n\xd8\x86\xdd\xcc\xee\xd9\xd4.\x12\x0e\x03\'a\xb2H\xf0\x06\xd7\xa2Obry\x05\xa44\x85\xefB\xcf\xcbhL%5\xe6C\xb5\x8c|\x1ax*K\x93\xca\\\xdfCSs\x10\x91G\x8b&\xc3P\xe5H\x91\xbc\xea\xbc[\xcb\xdb\xfd8{\xa4\xa1\x1c\xf8\xa4wWT\xa7#\xc5\v\x94~\x88]g\\x\x8b\x89\xf2\xca\xfc\xbf\xc3C\xb2\xeb\xf5\x88\x83\xaa`%\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00]fx\r\x9fRd\x13\xf4\xba;\xf2\xb6\x81\xcf\xcd\xff\x1bO\xca\xfdA\xd0\'t=\x02\xc6\xa2R\xac\xd2\xb2\x9f\xa8R\xe7@\xf7\xf6\x8a<$s\x90d\x826[A\xcdtU\xb0\xa6']})
openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0)
ioctl$VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000180)={0xfb, 0x8, 0x0, "062383a78614d321eb086bebba55db0dfca05613826fffd4ee640ffed6cd68cb", 0x32314d54})
socket$inet_icmp_raw(0x2, 0x3, 0x1)

kernel console output (not intermixed with test programs):

ace 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0
[  141.451805][ T5909] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  141.459174][ T5909] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0
[  141.463572][    T9] usb 4-1: Using ep0 maxpacket: 16
[  141.468267][ T5909] usb 3-1: New USB device found, idVendor=0451, idProduct=3410, bcdDevice=ef.1e
[  141.472573][ T5909] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  141.476180][ T5909] usb 3-1: Product: syz
[  141.477681][ T5909] usb 3-1: Manufacturer: syz
[  141.479464][ T5909] usb 3-1: SerialNumber: syz
[  141.483442][    T9] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  141.486839][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  141.491578][    T9] usb 4-1: Product: syz
[  141.493168][    T9] usb 4-1: Manufacturer: syz
[  141.495027][    T9] usb 4-1: SerialNumber: syz
[  141.503292][ T5909] usb 3-1: config 0 descriptor??
[  141.508674][    T9] r8152-cfgselector 4-1: Unknown version 0x0000
[  141.513679][    T9] r8152-cfgselector 4-1: config 0 descriptor??
[  141.519105][ T5909] ti_usb_3410_5052 3-1:0.0: TI USB 3410 1 port adapter converter detected
[  141.530454][ T5909] usb 3-1: TI USB 3410 1 port adapter converter now attached to ttyUSB0
[  141.997692][ T5882] usb 3-1: USB disconnect, device number 12
[  142.041173][ T5851] Bluetooth: hci1: command tx timeout
[  142.061183][    T9] r8152-cfgselector 4-1: USB disconnect, device number 7
[  142.090322][ T5882] ti_usb_3410_5052_1 ttyUSB0: TI USB 3410 1 port adapter converter now disconnected from ttyUSB0
[  142.095025][ T5882] ti_usb_3410_5052 3-1:0.0: device disconnected
[  142.661336][    T9] usb 5-1: new full-speed USB device number 2 using dummy_hcd
[  142.775661][ T7999] loop2: detected capacity change from 0 to 128
[  142.805369][ T7999] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  142.821742][ T7999] ext4 filesystem being mounted at /254/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  142.835644][ T7999] EXT4-fs error (device loop2): ext4_check_dx_root:2203: inode #2: comm syz.2.718: Corrupt dir, invalid name for '.', running e2fsck is recommended
[  142.856540][    T9] usb 5-1: unable to get BOS descriptor or descriptor too short
[  142.868399][    T9] usb 5-1: not running at top speed; connect to a high speed hub
[  142.869998][ T5852] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  142.877509][    T9] usb 5-1: config 4 has an invalid interface number: 156 but max is 0
[  142.889968][    T9] usb 5-1: config 4 has no interface number 0
[  142.892429][    T9] usb 5-1: config 4 interface 156 has no altsetting 0
[  142.902985][    T9] usb 5-1: New USB device found, idVendor=0545, idProduct=800c, bcdDevice= 3.0a
[  142.906242][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  142.909493][    T9] usb 5-1: Product: syz
[  142.923413][    T9] usb 5-1: Manufacturer: syz
[  142.924957][    T9] usb 5-1: SerialNumber: syz
[  143.007234][ T7995] loop3: detected capacity change from 0 to 40427
[  143.018477][ T7995] F2FS-fs (loop3): invalid crc value
[  143.209975][ T7995] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  143.224290][ T7995] F2FS-fs (loop3): Start checkpoint disabled!
[  143.280467][ T7995] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  143.419013][    T9] usb 5-1: USB disconnect, device number 2
[  143.451096][ T7995] F2FS-fs (loop3): f2fs_check_nid_range: out-of-range nid=30303030, run fsck to fix.
[  143.688060][ T8010] loop3: detected capacity change from 0 to 1024
[  143.749861][ T8010] hfsplus: catalog searching failed
[  143.800092][ T7299] hfsplus: b-tree write err: -5, ino 3
[  143.814115][ T6882] hfsplus: node 4:3 still has 1 user(s)!
[  144.101561][ T5851] Bluetooth: hci1: command tx timeout
[  144.191848][ T8017] loop4: detected capacity change from 0 to 40427
[  144.199960][ T8017] F2FS-fs (loop4): build fault injection rate: 14
[  144.202159][ T8017] F2FS-fs (loop4): build fault injection type: 0x3bfe8c
[  144.207933][ T8017] F2FS-fs (loop4): invalid crc value
[  144.211424][    C1] F2FS-fs (loop4): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  144.218090][    C1] F2FS-fs (loop4): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  144.280428][ T8017] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  144.285364][ T8041] loop3: detected capacity change from 0 to 512
[  144.288558][ T8017] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_folio of __get_meta_folio+0x157/0x4f0
[  144.293102][ T8041] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  144.297883][ T8017] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  144.305147][ T8041] EXT4-fs (loop3): 1 truncate cleaned up
[  144.308104][ T8041] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  144.320135][ T8017] F2FS-fs (loop4): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x1d9/0xa40
[  144.355071][ T6882] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  144.355568][ T7922] F2FS-fs (loop4): inject inconsistent footer in sanity_check_node_footer of f2fs_get_dnode_of_data+0xab1/0x1cf0
[  144.364995][ T7922] F2FS-fs (loop4): inconsistent node block, node_type:0, nid:13, node_footer[nid:13,ino:3,ofs:191623,cpver:0,blkaddr:0]
[  144.404750][    C0] F2FS-fs (loop4): inject write IO error in f2fs_write_end_io of blk_update_request+0x57e/0xe60
[  144.409035][    C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  144.409050][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  144.409056][    C0] Call Trace:
[  144.409059][    C0]  <TASK>
[  144.409064][    C0]  dump_stack_lvl+0x189/0x250
[  144.409079][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  144.409089][    C0]  ? __pfx_queue_work_on+0x10/0x10
[  144.409097][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  144.409108][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  144.409121][    C0]  f2fs_handle_critical_error+0x37c/0x540
[  144.409135][    C0]  f2fs_write_end_io+0x886/0xb60
[  144.409149][    C0]  blk_update_request+0x57e/0xe60
[  144.409165][    C0]  blk_mq_end_request+0x3e/0x70
[  144.409174][    C0]  blk_done_softirq+0x10a/0x160
[  144.409183][    C0]  handle_softirqs+0x286/0x870
[  144.409193][    C0]  ? run_ksoftirqd+0x9b/0x100
[  144.409204][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  144.409213][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  144.409222][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  144.409228][    C0]  run_ksoftirqd+0x9b/0x100
[  144.409237][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[  144.409248][    C0]  smpboot_thread_fn+0x542/0xa60
[  144.409256][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  144.409267][    C0]  kthread+0x711/0x8a0
[  144.409278][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  144.409285][    C0]  ? __pfx_kthread+0x10/0x10
[  144.409295][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  144.409304][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  144.409313][    C0]  ? __pfx_kthread+0x10/0x10
[  144.409323][    C0]  ret_from_fork+0x3fc/0x770
[  144.409333][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  144.409350][    C0]  ? __switch_to_asm+0x39/0x70
[  144.409360][    C0]  ? __switch_to_asm+0x33/0x70
[  144.409369][    C0]  ? __pfx_kthread+0x10/0x10
[  144.409378][    C0]  ret_from_fork_asm+0x1a/0x30
[  144.409394][    C0]  </TASK>
[  144.409397][    C0] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  144.469882][ T8049] loop3: detected capacity change from 0 to 2048
[  144.470382][    C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  144.470395][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  144.470400][    C0] Call Trace:
[  144.470405][    C0]  <TASK>
[  144.470409][    C0]  dump_stack_lvl+0x189/0x250
[  144.470424][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  144.470434][    C0]  ? __pfx_queue_work_on+0x10/0x10
[  144.470442][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  144.470453][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  144.470466][    C0]  f2fs_handle_critical_error+0x37c/0x540
[  144.470481][    C0]  f2fs_write_end_io+0x886/0xb60
[  144.470495][    C0]  blk_update_request+0x57e/0xe60
[  144.470511][    C0]  blk_mq_end_request+0x3e/0x70
[  144.470520][    C0]  blk_done_softirq+0x10a/0x160
[  144.470530][    C0]  handle_softirqs+0x286/0x870
[  144.470540][    C0]  ? run_ksoftirqd+0x9b/0x100
[  144.470551][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  144.470560][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  144.470569][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  144.470576][    C0]  run_ksoftirqd+0x9b/0x100
[  144.470584][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[  144.470596][    C0]  smpboot_thread_fn+0x542/0xa60
[  144.470604][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  144.470615][    C0]  kthread+0x711/0x8a0
[  144.470626][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  144.470634][    C0]  ? __pfx_kthread+0x10/0x10
[  144.470643][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  144.470673][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  144.470683][    C0]  ? __pfx_kthread+0x10/0x10
[  144.470692][    C0]  ret_from_fork+0x3fc/0x770
[  144.470703][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  144.470713][    C0]  ? __switch_to_asm+0x39/0x70
[  144.470723][    C0]  ? __switch_to_asm+0x33/0x70
[  144.470731][    C0]  ? __pfx_kthread+0x10/0x10
[  144.470741][    C0]  ret_from_fork_asm+0x1a/0x30
[  144.470757][    C0]  </TASK>
[  144.470760][    C0] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  144.495327][ T8049] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  144.495465][    C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  144.495480][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  144.495486][    C0] Call Trace:
[  144.495490][    C0]  <TASK>
[  144.495495][    C0]  dump_stack_lvl+0x189/0x250
[  144.495512][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  144.495532][    C0]  ? __pfx_queue_work_on+0x10/0x10
[  144.495545][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  144.495564][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  144.495589][    C0]  f2fs_handle_critical_error+0x37c/0x540
[  144.495605][    C0]  f2fs_write_end_io+0x886/0xb60
[  144.495620][    C0]  blk_update_request+0x57e/0xe60
[  144.495636][    C0]  blk_mq_end_request+0x3e/0x70
[  144.495665][    C0]  blk_done_softirq+0x10a/0x160
[  144.495678][    C0]  handle_softirqs+0x286/0x870
[  144.495688][    C0]  ? run_ksoftirqd+0x9b/0x100
[  144.495703][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  144.495718][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  144.495734][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  144.495747][    C0]  run_ksoftirqd+0x9b/0x100
[  144.495763][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[  144.495783][    C0]  smpboot_thread_fn+0x542/0xa60
[  144.495792][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  144.495803][    C0]  kthread+0x711/0x8a0
[  144.495817][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  144.495838][    C0]  ? __pfx_kthread+0x10/0x10
[  144.495847][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  144.495857][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  144.495867][    C0]  ? __pfx_kthread+0x10/0x10
[  144.495877][    C0]  ret_from_fork+0x3fc/0x770
[  144.495886][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  144.495896][    C0]  ? __switch_to_asm+0x39/0x70
[  144.495906][    C0]  ? __switch_to_asm+0x33/0x70
[  144.495915][    C0]  ? __pfx_kthread+0x10/0x10
[  144.495924][    C0]  ret_from_fork_asm+0x1a/0x30
[  144.495940][    C0]  </TASK>
[  144.495944][    C0] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  144.506859][ T8049] UDF-fs: error (device loop3): udf_fiiter_advance_blk: extent after position 232 not allocated in directory (ino 1376)
[  144.508816][    C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  144.508839][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  144.508848][    C0] Call Trace:
[  144.508855][    C0]  <TASK>
[  144.508862][    C0]  dump_stack_lvl+0x189/0x250
[  144.508887][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  144.508903][    C0]  ? __pfx_queue_work_on+0x10/0x10
[  144.508918][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  144.508937][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  144.508961][    C0]  f2fs_handle_critical_error+0x37c/0x540
[  144.508986][    C0]  f2fs_write_end_io+0x886/0xb60
[  144.509011][    C0]  blk_update_request+0x57e/0xe60
[  144.509037][    C0]  blk_mq_end_request+0x3e/0x70
[  144.509055][    C0]  blk_done_softirq+0x10a/0x160
[  144.509072][    C0]  handle_softirqs+0x286/0x870
[  144.509089][    C0]  ? run_ksoftirqd+0x9b/0x100
[  144.509108][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  144.509124][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  144.509140][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  144.509152][    C0]  run_ksoftirqd+0x9b/0x100
[  144.509167][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[  144.509188][    C0]  smpboot_thread_fn+0x542/0xa60
[  144.509202][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  144.509221][    C0]  kthread+0x711/0x8a0
[  144.509240][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  144.509252][    C0]  ? __pfx_kthread+0x10/0x10
[  144.509268][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  144.509283][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  144.509299][    C0]  ? __pfx_kthread+0x10/0x10
[  144.509317][    C0]  ret_from_fork+0x3fc/0x770
[  144.509335][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  144.509353][    C0]  ? __switch_to_asm+0x39/0x70
[  144.509368][    C0]  ? __switch_to_asm+0x33/0x70
[  144.509384][    C0]  ? __pfx_kthread+0x10/0x10
[  144.509402][    C0]  ret_from_fork_asm+0x1a/0x30
[  144.509430][    C0]  </TASK>
[  144.509436][    C0] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  144.719486][    C0] CPU: 0 UID: 0 PID: 15 Comm: ksoftirqd/0 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  144.719508][    C0] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  144.719518][    C0] Call Trace:
[  144.719526][    C0]  <TASK>
[  144.719534][    C0]  dump_stack_lvl+0x189/0x250
[  144.719561][    C0]  ? __pfx_dump_stack_lvl+0x10/0x10
[  144.719578][    C0]  ? __pfx_queue_work_on+0x10/0x10
[  144.719593][    C0]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  144.719611][    C0]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  144.719659][    C0]  f2fs_handle_critical_error+0x37c/0x540
[  144.719685][    C0]  f2fs_write_end_io+0x886/0xb60
[  144.719712][    C0]  blk_update_request+0x57e/0xe60
[  144.719739][    C0]  blk_mq_end_request+0x3e/0x70
[  144.719756][    C0]  blk_done_softirq+0x10a/0x160
[  144.719774][    C0]  handle_softirqs+0x286/0x870
[  144.719792][    C0]  ? run_ksoftirqd+0x9b/0x100
[  144.719811][    C0]  ? __pfx_handle_softirqs+0x10/0x10
[  144.719827][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  144.719843][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  144.719856][    C0]  run_ksoftirqd+0x9b/0x100
[  144.719871][    C0]  ? __pfx_run_ksoftirqd+0x10/0x10
[  144.719893][    C0]  smpboot_thread_fn+0x542/0xa60
[  144.719914][    C0]  ? smpboot_thread_fn+0x4d/0xa60
[  144.719935][    C0]  kthread+0x711/0x8a0
[  144.719956][    C0]  ? __pfx_smpboot_thread_fn+0x10/0x10
[  144.719970][    C0]  ? __pfx_kthread+0x10/0x10
[  144.719988][    C0]  ? _raw_spin_unlock_irq+0x23/0x50
[  144.720005][    C0]  ? lockdep_hardirqs_on+0x9c/0x150
[  144.720022][    C0]  ? __pfx_kthread+0x10/0x10
[  144.720040][    C0]  ret_from_fork+0x3fc/0x770
[  144.720056][    C0]  ? __pfx_ret_from_fork+0x10/0x10
[  144.720075][    C0]  ? __switch_to_asm+0x39/0x70
[  144.720093][    C0]  ? __switch_to_asm+0x33/0x70
[  144.720108][    C0]  ? __pfx_kthread+0x10/0x10
[  144.720125][    C0]  ret_from_fork_asm+0x1a/0x30
[  144.720153][    C0]  </TASK>
[  144.720159][    C0] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  144.804783][ T7922] F2FS-fs (loop4): do_checkpoint failed err:-5, stop checkpoint
[  145.012037][ T8059] loop2: detected capacity change from 0 to 1024
[  145.023488][ T8059] EXT4-fs: Ignoring removed orlov option
[  145.034807][ T8059] EXT4-fs (loop2): ext4_check_descriptors: Checksum for group 0 failed (52289!=20869)
[  145.038729][ T8059] EXT4-fs (loop2): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  145.049765][ T8059] EXT4-fs (loop2): invalid journal inode
[  145.538025][ T8066] loop4: detected capacity change from 0 to 512
[  145.602808][ T8066] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  145.608330][ T8066] ext4 filesystem being mounted at /7/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  145.650341][ T8066] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #12: comm syz.4.735: corrupted xattr block 6: invalid header
[  145.659465][ T8066] overlayfs: failed to get uuid (/file0, err=-117); falling back to uuid=null.
[  145.664071][ T8066] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #12: comm syz.4.735: corrupted xattr block 6: invalid header
[  145.674033][ T8066] overlayfs: failed to get origin (-117)
[  145.676763][ T8066] EXT4-fs error (device loop4): ext4_xattr_block_find:1869: inode #12: comm syz.4.735: corrupted xattr block 6: invalid header
[  145.686127][ T8066] overlayfs: failed to verify upper root origin
[  145.718172][ T7922] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  146.042249][ T8071] loop2: detected capacity change from 0 to 40427
[  146.045968][ T8071] F2FS-fs (loop2): build fault injection rate: 1
[  146.047933][ T8071] F2FS-fs (loop2): build fault injection type: 0x3bfe8c
[  146.050692][ T8071] F2FS-fs (loop2): inject slab alloc in f2fs_alloc_inode of alloc_inode+0x6a/0x1b0
[  146.054281][ T8071] F2FS-fs (loop2): Failed to read F2FS meta data inode
[  146.184477][ T5851] Bluetooth: hci1: command tx timeout
[  146.417914][ T5914] IPVS: starting estimator thread 0...
[  146.425320][ T8087] loop3: detected capacity change from 0 to 32768
[  146.428811][ T8087] btrfs: Deprecated parameter 'usebackuproot'
[  146.431746][ T8087] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  146.436114][ T8087] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.754 (8087)
[  146.456890][ T8087] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  146.461238][ T8087] BTRFS info (device loop3): using crc32c (crc32c-lib) checksum algorithm
[  146.465120][ T8087] BTRFS info (device loop3): using free-space-tree
[  146.515618][ T8098] IPVS: using max 43 ests per chain, 103200 per kthread
[  146.568918][ T8113] loop4: detected capacity change from 0 to 2048
[  146.571950][ T5882] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  146.582488][   T26] BTRFS warning (device loop3): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  146.592065][ T8087] BTRFS error (device loop3): failed to load root extent
[  146.594836][ T8087] BTRFS warning (device loop3): try to load backup roots slot 1
[  146.598328][   T26] BTRFS warning (device loop3): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  146.605993][ T8087] BTRFS warning (device loop3): couldn't read tree root
[  146.607349][ T8113] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  146.608810][ T8087] BTRFS warning (device loop3): try to load backup roots slot 2
[  146.618329][  T737] BTRFS error (device loop3): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  146.623753][ T8087] BTRFS warning (device loop3): couldn't read tree root
[  146.626626][ T8087] BTRFS warning (device loop3): try to load backup roots slot 3
[  146.638155][ T8087] BTRFS info (device loop3): rebuilding free space tree
[  146.647840][ T8087] BTRFS info (device loop3): checking UUID tree
[  146.657042][ T8113] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters
[  146.674154][ T8113] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 10 with max blocks 23 with error 28
[  146.678391][ T8113] EXT4-fs (loop4): This should not happen!! Data will be lost
[  146.678391][ T8113] 
[  146.690676][ T8113] EXT4-fs (loop4): Total free blocks count 0
[  146.697189][ T8113] EXT4-fs (loop4): Free/Dirty block details
[  146.707275][ T8113] EXT4-fs (loop4): free_blocks=66060288
[  146.709120][ T8113] EXT4-fs (loop4): dirty_blocks=48
[  146.718999][ T8113] EXT4-fs (loop4): Block reservation details
[  146.722255][ T5882] usb 3-1: Using ep0 maxpacket: 8
[  146.725117][ T8113] EXT4-fs (loop4): i_reserved_data_blocks=3
[  146.730238][ T5882] usb 3-1: unable to get BOS descriptor or descriptor too short
[  146.737320][ T5882] usb 3-1: config 7 has an invalid interface number: 84 but max is 0
[  146.741538][ T5882] usb 3-1: config 7 has no interface number 0
[  146.746857][ T8122] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 34 with error 28
[  146.751806][ T6882] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  146.772897][ T5882] usb 3-1: New USB device found, idVendor=04b4, idProduct=5500, bcdDevice=9e.50
[  146.776414][ T5882] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  146.779531][ T5882] usb 3-1: Product: syz
[  146.796240][ T5882] usb 3-1: Manufacturer: syz
[  146.797979][ T5882] usb 3-1: SerialNumber: syz
[  147.028578][ T5882] cypress_m8 3-1:7.84: HID->COM RS232 Adapter converter detected
[  147.056686][ T5882] cyphidcom ttyUSB0: required endpoint is missing
[  147.072154][ T5882] usb 3-1: USB disconnect, device number 13
[  147.086937][ T5882] cypress_m8 3-1:7.84: device disconnected
[  147.799527][ T8136] netlink: 88 bytes leftover after parsing attributes in process `syz.3.765'.
[  147.888077][ T8140] loop3: detected capacity change from 0 to 512
[  147.904148][ T8140] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=e042c118, mo2=0002]
[  147.907442][ T8140] System zones: 1-12
[  147.911537][ T8140] EXT4-fs error (device loop3): ext4_iget_extra_inode:5104: inode #15: comm syz.3.767: corrupted in-inode xattr: e_value size too large
[  147.922259][ T8140] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.767: couldn't read orphan inode 15 (err -117)
[  147.929973][ T8140] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  147.946891][ T8140] EXT4-fs error (device loop3): ext4_iget_extra_inode:5104: inode #15: comm syz.3.767: corrupted in-inode xattr: e_value size too large
[  148.195923][ T8150] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  148.400973][ T5882] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  148.501327][ T6882] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  148.562437][ T5882] usb 5-1: Using ep0 maxpacket: 16
[  148.565684][ T5882] usb 5-1: too many configurations: 112, using maximum allowed: 8
[  148.591640][ T5882] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  148.595344][ T5882] usb 5-1: New USB device strings: Mfr=144, Product=246, SerialNumber=0
[  148.598719][ T5882] usb 5-1: Product: syz
[  148.600509][ T5882] usb 5-1: Manufacturer: syz
[  148.605273][ T8161] binder: 8160:8161 ioctl c018620c 0 returned -14
[  148.618864][ T5882] r8152-cfgselector 5-1: Unknown version 0x0000
[  148.621141][ T5882] r8152-cfgselector 5-1: config 0 descriptor??
[  148.836007][ T5882] r8152-cfgselector 5-1: bad CDC descriptors
[  148.844278][ T5882] r8152-cfgselector 5-1: USB disconnect, device number 3
[  148.931225][ T5312] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  149.091316][ T5312] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE8, changing to 0x88
[  149.096103][ T5312] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x88 has an invalid bInterval 0, changing to 7
[  149.104265][ T5312] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xA has an invalid bInterval 0, changing to 7
[  149.107622][ T5312] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0
[  149.112452][ T8181] program syz.2.786 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  149.122017][ T5312] usb 4-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49
[  149.125667][ T5312] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  149.129801][ T5312] usb 4-1: Product: syz
[  149.134666][ T5312] usb 4-1: Manufacturer: syz
[  149.136510][ T5312] usb 4-1: SerialNumber: syz
[  149.142387][ T5312] usb 4-1: config 0 descriptor??
[  149.148446][ T5312] iguanair 4-1:0.0: failed to get version
[  149.168902][ T5312] iguanair 4-1:0.0: probe with driver iguanair failed with error -90
[  149.353711][ T5312] usb 4-1: USB disconnect, device number 8
[  149.393289][ T8192] loop4: detected capacity change from 0 to 512
[  149.396714][ T8192] EXT4-fs: Ignoring removed i_version option
[  149.403297][ T8192] EXT4-fs: Ignoring removed mblk_io_submit option
[  149.419789][ T8192] EXT4-fs error (device loop4): ext4_orphan_get:1392: comm syz.4.791: inode #13: comm syz.4.791: iget: illegal inode #
[  149.428473][ T8192] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.791: couldn't read orphan inode 13 (err -117)
[  149.435188][ T8192] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  149.446725][ T8192] EXT4-fs error (device loop4): ext4_resize_begin:60: comm syz.4.791: resize_inode disabled but reserved GDT blocks non-zero
[  149.499615][ T7922] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  149.514182][ T8197] netlink: 4 bytes leftover after parsing attributes in process `syz.2.793'.
[  149.615195][ T8199] loop4: detected capacity change from 0 to 4096
[  151.923220][ T8226] loop2: detected capacity change from 0 to 40427
[  151.927480][ T8226] F2FS-fs (loop2): Image doesn't support compression
[  151.929702][ T8226] F2FS-fs (loop2): build fault injection rate: 690
[  151.935370][ T8226] F2FS-fs (loop2): invalid crc value
[  151.998066][ T8226] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  152.022616][ T8226] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  152.118672][ T5852] syz-executor: attempt to access beyond end of device
[  152.118672][ T5852] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  152.128720][ T5852] CPU: 0 UID: 0 PID: 5852 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  152.128744][ T5852] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  152.128752][ T5852] Call Trace:
[  152.128759][ T5852]  <TASK>
[  152.128766][ T5852]  dump_stack_lvl+0x189/0x250
[  152.128792][ T5852]  ? __pfx_dump_stack_lvl+0x10/0x10
[  152.128807][ T5852]  ? __pfx_queue_work_on+0x10/0x10
[  152.128821][ T5852]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  152.128840][ T5852]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  152.128867][ T5852]  f2fs_handle_critical_error+0x37c/0x540
[  152.128894][ T5852]  f2fs_write_end_io+0x886/0xb60
[  152.128927][ T5852]  __submit_merged_bio+0x27a/0x6a0
[  152.128953][ T5852]  __submit_merged_write_cond+0x255/0x530
[  152.128979][ T5852]  f2fs_write_data_pages+0x261d/0x3000
[  152.129028][ T5852]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  152.129059][ T5852]  ? arch_stack_walk+0xfc/0x150
[  152.129101][ T5852]  ? __mod_zone_page_state+0xd7/0x140
[  152.129163][ T5852]  ? folios_put_refs+0x560/0x640
[  152.129192][ T5852]  ? __lock_acquire+0xab9/0xd20
[  152.129219][ T5852]  ? do_raw_spin_lock+0x121/0x290
[  152.129246][ T5852]  ? do_raw_spin_unlock+0x4d/0x240
[  152.129262][ T5852]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  152.129284][ T5852]  do_writepages+0x32e/0x550
[  152.129313][ T5852]  ? do_raw_spin_unlock+0x4d/0x240
[  152.129334][ T5852]  filemap_fdatawrite+0x199/0x240
[  152.129352][ T5852]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  152.129411][ T5852]  ? do_raw_spin_unlock+0x4d/0x240
[  152.129432][ T5852]  f2fs_sync_dirty_inodes+0x31f/0x830
[  152.129461][ T5852]  f2fs_write_checkpoint+0x95a/0x1df0
[  152.129498][ T5852]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  152.129554][ T5852]  ? kill_f2fs_super+0x298/0x6c0
[  152.129575][ T5852]  kill_f2fs_super+0x2c3/0x6c0
[  152.129595][ T5852]  ? __pfx_kill_f2fs_super+0x10/0x10
[  152.129606][ T5852]  ? radix_tree_delete_item+0x2b6/0x400
[  152.129632][ T5852]  ? shrinker_free+0x2ce/0x3e0
[  152.129649][ T5852]  deactivate_locked_super+0xbc/0x130
[  152.129668][ T5852]  cleanup_mnt+0x425/0x4c0
[  152.129685][ T5852]  ? lockdep_hardirqs_on+0x9c/0x150
[  152.129705][ T5852]  task_work_run+0x1d4/0x260
[  152.129727][ T5852]  ? __pfx_task_work_run+0x10/0x10
[  152.129743][ T5852]  ? __x64_sys_umount+0x122/0x160
[  152.129766][ T5852]  ? exit_to_user_mode_loop+0x40/0x110
[  152.129789][ T5852]  exit_to_user_mode_loop+0xec/0x110
[  152.129808][ T5852]  do_syscall_64+0x2bd/0x3b0
[  152.129824][ T5852]  ? lockdep_hardirqs_on+0x9c/0x150
[  152.129841][ T5852]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.129854][ T5852]  ? exc_page_fault+0x9f/0xf0
[  152.129873][ T5852]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.129888][ T5852] RIP: 0033:0x7f52cdb8ff17
[  152.129902][ T5852] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  152.129915][ T5852] RSP: 002b:00007fffdcf8b148 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  152.129930][ T5852] RAX: 0000000000000000 RBX: 00007f52cdc11c05 RCX: 00007f52cdb8ff17
[  152.129939][ T5852] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffdcf8b200
[  152.129947][ T5852] RBP: 00007fffdcf8b200 R08: 0000000000000000 R09: 0000000000000000
[  152.129955][ T5852] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffdcf8c290
[  152.129962][ T5852] R13: 00007f52cdc11c05 R14: 0000000000025199 R15: 00007fffdcf8c2d0
[  152.129986][ T5852]  </TASK>
[  152.129994][ T5852] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  152.170018][ T8248] netlink: 8 bytes leftover after parsing attributes in process `syz.3.815'.
[  152.376350][ T8250] loop3: detected capacity change from 0 to 256
[  152.404505][ T8250] exFAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  152.420499][ T8250] exFAT-fs (loop3): Medium has reported failures. Some data may be lost.
[  152.432010][ T8250] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  152.463410][ T8240] loop4: detected capacity change from 0 to 40427
[  152.466502][ T8240] F2FS-fs (loop4): build fault injection rate: 771
[  152.484210][ T8240] F2FS-fs (loop4): invalid crc value
[  152.557166][ T8240] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  152.565782][ T8240] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  152.577959][ T8257] input: syz0 as /devices/virtual/input/input9
[  152.647459][ T8259] CIFS: VFS: Malformed UNC in devname
[  152.670671][ T7922] syz-executor: attempt to access beyond end of device
[  152.670671][ T7922] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  152.680171][ T7922] CPU: 1 UID: 0 PID: 7922 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  152.680187][ T7922] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  152.680192][ T7922] Call Trace:
[  152.680198][ T7922]  <TASK>
[  152.680206][ T7922]  dump_stack_lvl+0x189/0x250
[  152.680222][ T7922]  ? __pfx_dump_stack_lvl+0x10/0x10
[  152.680231][ T7922]  ? __pfx_queue_work_on+0x10/0x10
[  152.680240][ T7922]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  152.680251][ T7922]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  152.680265][ T7922]  f2fs_handle_critical_error+0x37c/0x540
[  152.680280][ T7922]  f2fs_write_end_io+0x886/0xb60
[  152.680295][ T7922]  __submit_merged_bio+0x27a/0x6a0
[  152.680308][ T7922]  __submit_merged_write_cond+0x255/0x530
[  152.680322][ T7922]  f2fs_write_data_pages+0x261d/0x3000
[  152.680348][ T7922]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  152.680358][ T7922]  ? is_bpf_text_address+0x26/0x2b0
[  152.680374][ T7922]  ? arch_stack_walk+0xfc/0x150
[  152.680397][ T7922]  ? __lock_acquire+0xab9/0xd20
[  152.680417][ T7922]  ? __lock_acquire+0xab9/0xd20
[  152.680431][ T7922]  ? do_raw_spin_lock+0x121/0x290
[  152.680445][ T7922]  ? do_raw_spin_unlock+0x4d/0x240
[  152.680454][ T7922]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  152.680465][ T7922]  do_writepages+0x32e/0x550
[  152.680481][ T7922]  ? do_raw_spin_unlock+0x4d/0x240
[  152.680492][ T7922]  filemap_fdatawrite+0x199/0x240
[  152.680502][ T7922]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  152.680533][ T7922]  ? do_raw_spin_unlock+0x4d/0x240
[  152.680543][ T7922]  f2fs_sync_dirty_inodes+0x31f/0x830
[  152.680558][ T7922]  f2fs_write_checkpoint+0x95a/0x1df0
[  152.680577][ T7922]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  152.680603][ T7922]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  152.680611][ T7922]  ? kfree+0x18e/0x440
[  152.680621][ T7922]  ? kill_f2fs_super+0x298/0x6c0
[  152.680632][ T7922]  kill_f2fs_super+0x2c3/0x6c0
[  152.680642][ T7922]  ? __pfx_kill_f2fs_super+0x10/0x10
[  152.680649][ T7922]  ? radix_tree_delete_item+0x2b6/0x400
[  152.680662][ T7922]  ? shrinker_free+0x2ce/0x3e0
[  152.680672][ T7922]  deactivate_locked_super+0xbc/0x130
[  152.680682][ T7922]  cleanup_mnt+0x425/0x4c0
[  152.680691][ T7922]  ? lockdep_hardirqs_on+0x9c/0x150
[  152.680703][ T7922]  task_work_run+0x1d4/0x260
[  152.680715][ T7922]  ? __pfx_task_work_run+0x10/0x10
[  152.680723][ T7922]  ? __x64_sys_umount+0x122/0x160
[  152.680735][ T7922]  ? exit_to_user_mode_loop+0x40/0x110
[  152.680748][ T7922]  exit_to_user_mode_loop+0xec/0x110
[  152.680759][ T7922]  do_syscall_64+0x2bd/0x3b0
[  152.680769][ T7922]  ? lockdep_hardirqs_on+0x9c/0x150
[  152.680778][ T7922]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.680786][ T7922]  ? exc_page_fault+0x9f/0xf0
[  152.680813][ T7922]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  152.680820][ T7922] RIP: 0033:0x7fe0f718ff17
[  152.680830][ T7922] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  152.680837][ T7922] RSP: 002b:00007ffe641ba808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  152.680846][ T7922] RAX: 0000000000000000 RBX: 00007fe0f7211c05 RCX: 00007fe0f718ff17
[  152.680852][ T7922] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe641ba8c0
[  152.680857][ T7922] RBP: 00007ffe641ba8c0 R08: 0000000000000000 R09: 0000000000000000
[  152.680861][ T7922] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe641bb950
[  152.680866][ T7922] R13: 00007fe0f7211c05 R14: 00000000000253b4 R15: 00007ffe641bb990
[  152.680879][ T7922]  </TASK>
[  152.847063][ T7922] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  152.908982][ T8265] openvswitch: netlink: Message has 1 unknown bytes.
[  152.911919][ T8265] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  153.231267][    T9] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  153.301312][ T5914] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  153.381683][    T9] usb 4-1: Using ep0 maxpacket: 8
[  153.386710][    T9] usb 4-1: New USB device found, idVendor=22b8, idProduct=6425, bcdDevice=d3.6c
[  153.390336][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  153.394412][    T9] usb 4-1: Product: syz
[  153.395667][    T9] usb 4-1: Manufacturer: syz
[  153.397666][    T9] usb 4-1: SerialNumber: syz
[  153.406182][    T9] usb 4-1: config 0 descriptor??
[  153.411416][    T9] usb 4-1: bad CDC descriptors
[  153.419628][    T9] usb 4-1: unsupported MDLM descriptors
[  153.465163][ T5914] usb 3-1: Using ep0 maxpacket: 32
[  153.474768][ T5914] usb 3-1: config 0 has an invalid interface number: 67 but max is 0
[  153.483594][ T5914] usb 3-1: config 0 has no interface number 0
[  153.490188][ T5914] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  153.497543][ T5914] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  153.501684][ T5914] usb 3-1: Product: syz
[  153.503416][ T5914] usb 3-1: Manufacturer: syz
[  153.505242][ T5914] usb 3-1: SerialNumber: syz
[  153.521788][ T5914] usb 3-1: config 0 descriptor??
[  153.526097][ T5914] smsc95xx v2.0.0
[  153.529720][ T8289] loop4: detected capacity change from 0 to 1024
[  153.556980][ T8289] EXT4-fs (loop4): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  153.562087][ T8289] ext4 filesystem being mounted at /34/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  153.586713][  T737] EXT4-fs error (device loop4): ext4_map_blocks:814: inode #15: comm kworker/u9:3: lblock 0 mapped to illegal pblock 0 (length 1)
[  153.596436][  T737] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 117
[  153.602707][  T737] EXT4-fs (loop4): This should not happen!! Data will be lost
[  153.602707][  T737] 
[  153.609383][ T7922] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  153.633736][    T9] usb 4-1: USB disconnect, device number 9
[  153.756044][ T8298] process 'syz.4.836' launched './file2' with NULL argv: empty string added
[  153.935841][ T5914] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  153.952565][ T5914] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  154.167420][ T8306] loop4: detected capacity change from 0 to 32768
[  154.195113][ T8306] ocfs2: Mounting device (7,4) on (node local, slot 0) with writeback data mode.
[  154.235199][   T33] audit: type=1800 audit(1755394799.851:19): pid=8306 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.840" name="file1" dev="loop4" ino=17059 res=0 errno=0
[  154.250970][ T8310] loop3: detected capacity change from 0 to 256
[  154.369321][ T7922] ocfs2: Unmounting device (7,4) on (node local)
[  154.473948][ T8316] PKCS7: Unknown OID: [4] 0.38.35.0.951690.11253
[  154.476573][ T8316] PKCS7: Only support pkcs7_signedData type
[  154.592428][ T8320] netlink: 4 bytes leftover after parsing attributes in process `syz.3.846'.
[  155.224601][ T8332] netlink: 'syz.4.848': attribute type 12 has an invalid length.
[  155.227852][ T8332] netlink: 'syz.4.848': attribute type 29 has an invalid length.
[  155.231306][ T8332] netlink: 148 bytes leftover after parsing attributes in process `syz.4.848'.
[  155.234958][ T8332] netlink: 51 bytes leftover after parsing attributes in process `syz.4.848'.
[  156.299788][ T8352] loop4: detected capacity change from 0 to 512
[  156.332054][ T8352] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  156.489996][ T8352] EXT4-fs (loop4): 1 truncate cleaned up
[  156.501361][ T8352] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  156.516686][ T8352] bpf: Bad value for 'mode'
[  157.136098][ T5914] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  157.151104][ T5914] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -71
[  157.165412][ T5914] usb 3-1: USB disconnect, device number 14
[  157.227304][ T7922] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  157.267289][ T8356] loop3: detected capacity change from 0 to 32768
[  157.323606][ T8358] loop4: detected capacity change from 0 to 4096
[  157.333387][ T8358] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512).
[  157.397707][ T8358] ntfs3(loop4): ino=1d, mi_enum_attr
[  157.399611][ T8358] ntfs3(loop4): Mark volume as dirty due to NTFS errors
[  157.406737][ T8356] bcachefs (loop3): starting version 1.13: inode_has_child_snapshots opts=metadata_checksum=none,data_checksum=none,compression=lz4
[  157.406782][ T8356]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  157.407115][ T8358] ntfs3(loop4): ino=1d, mi_enum_attr
[  157.414444][ T8356] bcachefs (loop3): Using encoding defined by superblock: utf8-12.1.0
[  157.419519][ T8358] ntfs3(loop4): ino=1d, mi_enum_attr
[  157.423586][ T8356] bcachefs (loop3): recovering from clean shutdown, journal seq 9
[  157.432735][ T8356] bcachefs (loop3): Doing compatible version upgrade from 1.13: inode_has_child_snapshots to 1.28: inode_has_case_insensitive
[  157.432735][ T8356]   running recovery passes: check_allocations,check_extents_to_backpointers,check_inodes
[  157.492284][ T8356] bcachefs (loop3): error reading btree root btree=accounting level=0: btree_node_read_error, fixing
[  157.498536][ T8356] bcachefs (loop3): check_topology... done
[  157.503669][ T8356] bcachefs (loop3): accounting_read... done
[  157.514364][ T8356] bcachefs (loop3): alloc_read... done
[  157.517587][ T8356] bcachefs (loop3): snapshots_read... done
[  157.521778][ T8356] bcachefs (loop3): check_allocations...
[  157.536596][ T8356] bcachefs (loop3): bucket 0:78 gen 0 has wrong data_type: got btree, should be need_discard, fixing
[  157.550908][ T8356] bcachefs (loop3): bucket 0:78 gen 0 data type need_discard has wrong dirty_sectors: got 64, should be 0, fixing
[  157.564592][ T8356]  done
[  157.579808][ T8356] bcachefs (loop3): going read-write
[  157.602601][ T8356] bcachefs (loop3): journal_replay... done
[  157.680250][ T8356] bcachefs (loop3): check_lrus... done
[  157.698155][ T8356] bcachefs (loop3): check_backpointers_to_extents... done
[  157.715479][ T8356] bcachefs (loop3): check_extents_to_backpointers... done
[  157.721636][ T8356] bcachefs (loop3): check_inodes... done
[  157.725369][ T8356] bcachefs (loop3): resume_logged_ops... done
[  157.728289][ T8356] bcachefs (loop3): delete_dead_inodes... done
[  157.734125][ T8356] bcachefs (loop3): Fixed errors, running fsck a second time to verify fs is clean
[  157.737825][ T8356] bcachefs (loop3): check_extents_to_backpointers...
[  157.739051][ T8356] bcachefs (loop3): scanning for missing backpointers in 1/512 buckets
[  157.747543][ T8356]  done
[  157.750373][ T8356] bcachefs (loop3): check_inodes... done
[  157.754340][ T8356] bcachefs (loop3): resume_logged_ops... done
[  157.756911][ T8356] bcachefs (loop3): delete_dead_inodes... done
[  157.760334][ T8356] bcachefs (loop3): done starting filesystem
[  157.783083][ T8356] syz.3.857 (8356) used greatest stack depth: 12824 bytes left
[  157.810444][ T6882] bcachefs (loop3): shutting down
[  157.839808][ T6882] bcachefs (loop3): going read-only
[  157.842779][ T6882] bcachefs (loop3): finished waiting for writes to stop
[  157.849174][ T6882] bcachefs (loop3): flushing journal and stopping allocators, journal seq 18
[  157.856210][ T6882] bcachefs (loop3): flushing journal and stopping allocators complete, journal seq 19
[  157.863573][ T6882] bcachefs (loop3): clean shutdown complete, journal seq 20
[  157.867235][ T6882] bcachefs (loop3): marking filesystem clean
[  158.241550][ T6882] bcachefs (loop3): shutdown complete
[  158.635840][    T9] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  158.798755][ T8397] bpq0: entered allmulticast mode
[  158.805230][    T9] usb 5-1: config index 0 descriptor too short (expected 4114, got 18)
[  158.813099][    T9] usb 5-1: New USB device found, idVendor=0dba, idProduct=1000, bcdDevice= 0.09
[  158.816562][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  158.826939][    T9] usb 5-1: Product: syz
[  158.828696][    T9] usb 5-1: Manufacturer: syz
[  158.833500][    T9] usb 5-1: SerialNumber: syz
[  158.840053][    T9] usb 5-1: config 0 descriptor??
[  159.073017][    T9] usb 5-1: USB disconnect, device number 4
[  159.759630][ T8406] netlink: 'syz.2.870': attribute type 1 has an invalid length.
[  159.764413][ T8406] netlink: 224 bytes leftover after parsing attributes in process `syz.2.870'.
[  159.767697][ T8406] nbd: illegal input index 1048576
[  160.134855][ T8417] loop2: detected capacity change from 0 to 32768
[  160.610559][ T8417] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=metadata_checksum=none,data_checksum=none,compression=lz4,journal_flush_disabled,fsck,recovery_pass_last=set_may_go_rw,reconstruct_alloc
[  160.610575][ T8417]   allowing incompatible features above 0.0: (unknown version)
[  160.610580][ T8417]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  160.627393][ T8417] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0
[  160.630577][ T8417] bcachefs (loop2): recovering from clean shutdown, journal seq 10
[  160.633911][ T8417] bcachefs (loop2): Version upgrade required:
[  160.633911][ T8417] Version upgrade from 0.24: unwritten_extents to 1.7: mi_btree_bitmap incomplete
[  160.633911][ T8417] Doing incompatible version upgrade from 0.24: unwritten_extents to 1.28: inode_has_case_insensitive
[  160.633911][ T8417]   running recovery passes: check_allocations,check_alloc_info,check_lrus,check_btree_backpointers,check_backpointers_to_extents,check_extents_to_backpointers,check_alloc_to_lru_refs,bucket_gens_init,check_snapshot_trees,check_snapshots,check_subvols,check_subvol_children,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_dirents,check_xattrs,check_root,check_unreachable_inodes,check_subvolume_structure,check_directory_structure,check_nlinks,check_rebalance_work,set_fs_needs_rebalance
[  160.665124][ T8417] bcachefs (loop2): dropping and reconstructing all alloc info
[  160.685620][ T8417] bcachefs (loop2): btree node read error at btree extents level 0/0
[  160.686209][ T8417]   u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c6c25c0300000000 written 16 min_key POS_MIN durability: 1 ptr: 0:27:0 gen 0
[  160.686223][ T8417]   loop2 node offset 0/16: got wrong btree node: got
[  160.686230][ T8417]   btree=extents level=0 seq c6c25c03258c59c5 1
[  160.686238][ T8417]   min: POS_MIN
[  160.686244][ T8417]   max: SPOS_MAX
[  160.686252][ T8417]   loop2 btree validate error
[  160.686260][ T8417]   flagging btree extents lost data
[  160.686267][ T8417]   running recovery pass check_topology (2), currently at recovery_pass_empty (0)
[  160.686276][ T8417]   running recovery pass check_topology (2), currently at recovery_pass_empty (0)
[  160.686286][ T8417]   running recovery pass scan_for_btree_nodes (1), currently at recovery_pass_empty (0)
[  160.686296][ T8417]   ret btree_node_read_err_bad_node
[  160.695048][ T8429] loop3: detected capacity change from 0 to 128
[  160.703620][ T8429] EXT4-fs (loop3): Test dummy encryption mode enabled
[  160.705099][ T8417] bcachefs (loop2): error reading btree root btree=extents level=0: btree_node_read_error, fixing
[  160.714820][ T8429] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  160.719937][ T8417] bcachefs (loop2): invalid bkey in btree_node btree=inodes level=0: u64s 18 type inode_v3 0:4099:U32_MAX len 0 ver 0: (unpack error)
[  160.723762][ T8429] ext4 filesystem being mounted at /163/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  160.726395][ T8417]   invalid variable length fields, deleting
[  160.745848][ T8417] bcachefs (loop2): check_topology...
[  160.745911][ T8417] bcachefs (loop2): btree root extents unreadable, must recover from scan
[  160.751889][ T8417] bcachefs (loop2): running recovery pass scan_for_btree_nodes (1), currently at check_topology (2) - rewinding
[  160.757643][ T8417] bcachefs (loop2): bch2_check_root(): error restart_recovery
[  160.760674][ T8417] bcachefs (loop2): scan_for_btree_nodes...
[  160.764242][ T6882] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  160.790777][ T8417] bcachefs (loop2): btree node scan found 1 nodes after overwrites
[  160.847370][ T8417]  done
[  160.848385][ T8417] bcachefs (loop2): check_topology...
[  160.848493][ T8417] bcachefs (loop2): btree root extents unreadable, must recover from scan
[  160.855813][ T8417] bcachefs (loop2): bch2_get_scanned_nodes(): recovery btree=extents level=0 POS_MIN - SPOS_MAX
[  160.859265][ T8417] bcachefs (loop2): bch2_get_scanned_nodes(): recovering u64s 11 type btree_ptr_v2 SPOS_MAX len 0 ver 0: seq c6c25c03258c59c5 written 16 min_key POS_MIN durability: 1 ptr: 0:27:0 gen 0
[  160.879655][ T8417]  done
[  160.880977][ T8417] bcachefs (loop2): accounting_read...
[  160.884185][ T8434] loop3: detected capacity change from 0 to 1024
[  160.902159][ T8417]  done
[  160.903130][ T8417] bcachefs (loop2): alloc_read... done
[  160.906215][ T8417] bcachefs (loop2): snapshots_read... done
[  160.914631][ T8417] bcachefs (loop2): check_allocations...
[  160.933283][ T8434] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  160.974151][ T8417]  done
[  160.980559][ T8417] bcachefs (loop2): going read-write
[  161.040400][ T8417] bcachefs (loop2): Fixed errors, running fsck a second time to verify fs is clean
[  161.049696][ T8417] bcachefs (loop2): done starting filesystem
[  161.073903][   T32] bcachefs (loop2): bucket incorrectly unset in freespace btree
[  161.073943][   T32]   u64s 5 type deleted 0:28:0 len 0 ver 0, , continuing
[  161.092977][ T6882] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  161.117830][   T32] bcachefs (loop2): bucket incorrectly unset in freespace btree
[  161.117847][   T32]   u64s 5 type deleted 0:26:0 len 0 ver 0, , continuing
[  161.132374][   T32] bcachefs (loop2): bucket incorrectly unset in freespace btree
[  161.132390][   T32]   u64s 5 type deleted 0:29:0 len 0 ver 0, , continuing
[  161.160989][ T5852] bcachefs (loop2): shutting down
[  161.163046][ T5852] bcachefs (loop2): going read-only
[  161.171215][ T5852] bcachefs (loop2): finished waiting for writes to stop
[  161.184351][ T5852] bcachefs (loop2): flushing journal and stopping allocators, journal seq 12
[  161.235109][   T32] bcachefs (loop2): bucket incorrectly unset in freespace btree
[  161.235128][   T32]   u64s 5 type deleted 0:40:0 len 0 ver 0, , continuing
[  161.254446][ T8450] loop4: detected capacity change from 0 to 4096
[  161.294685][ T5852] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 12
[  161.308831][ T5852] bcachefs (loop2): unclean shutdown complete, journal seq 13
[  161.315453][ T5852] bcachefs (loop2): done going read-only, filesystem not clean
[  161.354332][ T5852] bcachefs (loop2): shutdown complete
[  161.366422][ T8452] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  161.397900][   T33] audit: type=1800 audit(1755394807.021:20): pid=8450 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.881" name="file1" dev="loop4" ino=15 res=0 errno=0
[  161.660972][  T843] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  161.818623][  T843] usb 4-1: config 220 has an invalid interface number: 76 but max is 2
[  161.825537][  T843] usb 4-1: config 220 contains an unexpected descriptor of type 0x2, skipping
[  161.829104][  T843] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  161.841760][  T843] usb 4-1: config 220 has no interface number 2
[  161.850554][  T843] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12
[  161.858123][  T843] usb 4-1: config 220 interface 0 has no altsetting 0
[  161.860886][  T843] usb 4-1: config 220 interface 76 has no altsetting 0
[  161.865079][  T843] usb 4-1: config 220 interface 1 has no altsetting 0
[  161.872329][  T843] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  161.875746][  T843] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  161.880620][  T843] usb 4-1: Product: syz
[  161.885155][  T843] usb 4-1: Manufacturer: syz
[  161.887003][  T843] usb 4-1: SerialNumber: syz
[  161.968049][ T8462] loop4: detected capacity change from 0 to 4096
[  161.980936][ T8462] ntfs3(loop4): Different NTFS sector size (4096) and media sector size (512).
[  162.004187][ T8462] ntfs3(loop4): Failed to initialize $Extend/$Reparse.
[  162.119167][  T843] usb 4-1: Found UVC 7.01 device syz (8086:0b07)
[  162.121516][  T843] usb 4-1: No valid video chain found.
[  162.123811][  T843] usb 4-1: selecting invalid altsetting 0
[  162.146625][  T843] usb 4-1: selecting invalid altsetting 0
[  162.148337][  T843] usbtest 4-1:220.1: probe with driver usbtest failed with error -22
[  162.178889][  T843] usb 4-1: USB disconnect, device number 10
[  162.569388][ T8476] loop4: detected capacity change from 0 to 256
[  162.644249][ T8476] FAT-fs (loop4): Directory bread(block 64) failed
[  162.646462][ T8476] FAT-fs (loop4): Directory bread(block 65) failed
[  162.648470][ T8476] FAT-fs (loop4): Directory bread(block 66) failed
[  162.660292][ T8476] FAT-fs (loop4): Directory bread(block 67) failed
[  162.669536][ T8476] FAT-fs (loop4): Directory bread(block 68) failed
[  162.677052][ T8476] FAT-fs (loop4): Directory bread(block 69) failed
[  162.691515][ T8476] FAT-fs (loop4): Directory bread(block 70) failed
[  162.697009][ T8476] FAT-fs (loop4): Directory bread(block 71) failed
[  162.699729][ T8476] FAT-fs (loop4): Directory bread(block 72) failed
[  162.702871][ T8476] FAT-fs (loop4): Directory bread(block 73) failed
[  162.846696][ T8493] loop2: detected capacity change from 0 to 1024
[  162.971123][    T9] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  163.120952][    T9] usb 4-1: Using ep0 maxpacket: 16
[  163.125602][    T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  163.129853][    T9] usb 4-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  163.133589][    T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  163.138994][    T9] usb 4-1: config 0 descriptor??
[  163.161122][   T47] usb 3-1: new full-speed USB device number 15 using dummy_hcd
[  163.315000][   T47] usb 3-1: config 0 has an invalid interface number: 128 but max is 0
[  163.318378][   T47] usb 3-1: config 0 has no interface number 0
[  163.321894][   T47] usb 3-1: config 0 interface 128 altsetting 6 endpoint 0x5 has invalid maxpacket 1024, setting to 1023
[  163.326284][   T47] usb 3-1: config 0 interface 128 altsetting 6 endpoint 0xF has invalid maxpacket 512, setting to 64
[  163.330522][   T47] usb 3-1: config 0 interface 128 altsetting 6 endpoint 0x6 has invalid maxpacket 1023, setting to 64
[  163.336686][   T47] usb 3-1: config 0 interface 128 has no altsetting 0
[  163.344511][   T47] usb 3-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=95.91
[  163.348091][   T47] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  163.351595][   T47] usb 3-1: Product: syz
[  163.353300][   T47] usb 3-1: Manufacturer: syz
[  163.355161][   T47] usb 3-1: SerialNumber: syz
[  163.359942][   T47] usb 3-1: config 0 descriptor??
[  163.371794][   T47] radio-si470x 3-1:0.128: could not find interrupt in endpoint
[  163.374795][   T47] radio-si470x 3-1:0.128: probe with driver radio-si470x failed with error -5
[  163.378468][   T47] usbhid 3-1:0.128: couldn't find an input interrupt endpoint
[  163.560642][    T9] mcp2221 0003:04D8:00DD.0004: item fetching failed at offset 2/5
[  163.564624][    T9] mcp2221 0003:04D8:00DD.0004: can't parse reports
[  163.567765][    T9] mcp2221 0003:04D8:00DD.0004: probe with driver mcp2221 failed with error -22
[  163.577704][   T47] usb 3-1: USB disconnect, device number 15
[  163.772968][   T47] usb 4-1: USB disconnect, device number 11
[  164.659676][ T5851] Bluetooth: hci0: unexpected Set CIG Parameters response data
[  164.668159][ T5851] Bluetooth: hci0: unexpected event for opcode 0x2062
[  164.789513][ T8524] loop9: detected capacity change from 0 to 8
[  164.814153][ T8524] Dev loop9: unable to read RDB block 8
[  164.819888][ T8524]  loop9: unable to read partition table
[  164.827184][ T8524] loop9: partition table beyond EOD, truncated
[  164.833295][ T8524] loop_reread_partitions: partition scan of loop9 (被x ) failed (rc=-5)
[  165.190932][ T8543] loop3: detected capacity change from 0 to 1024
[  165.253129][ T8543] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  165.269464][ T8543] ext4 filesystem being mounted at /175/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  165.307920][ T8543] EXT4-fs error (device loop3): ext4_map_blocks:814: inode #15: block 3: comm syz.3.922: lblock 3 mapped to illegal pblock 3 (length 13)
[  165.318485][ T8543] EXT4-fs (loop3): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 13 with error 117
[  165.327880][ T8543] EXT4-fs (loop3): This should not happen!! Data will be lost
[  165.327880][ T8543] 
[  165.340733][ T8543] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: block 3: comm syz.3.922: lblock 3 mapped to illegal pblock 3 (length 1)
[  165.355537][ T8543] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: block 3: comm syz.3.922: lblock 3 mapped to illegal pblock 3 (length 1)
[  165.363200][ T8543] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: block 3: comm syz.3.922: lblock 3 mapped to illegal pblock 3 (length 1)
[  165.371976][ T8539] loop4: detected capacity change from 0 to 40427
[  165.374883][ T8543] EXT4-fs error (device loop3): ext4_map_blocks:778: inode #15: block 3: comm syz.3.922: lblock 3 mapped to illegal pblock 3 (length 1)
[  165.384007][ T8539] F2FS-fs (loop4): invalid crc value
[  165.412781][ T8549] EXT4-fs error (device loop3): ext4_ext_remove_space:2955: inode #15: comm syz.3.922: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0)
[  165.437109][ T8549] EXT4-fs error (device loop3) in ext4_setattr:6071: Corrupt filesystem
[  165.442786][ T8546] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1289: group 0, block bitmap and bg descriptor inconsistent: 21 vs 268369941 free clusters
[  165.443401][ T8539] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  165.453249][ T8539] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  165.538383][ T6882] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  165.619502][ T8553] IPVS: set_ctl: invalid protocol: 1 224.0.0.1:20000
[  166.116985][ T7922] syz-executor: attempt to access beyond end of device
[  166.116985][ T7922] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  166.149890][ T7922] CPU: 0 UID: 0 PID: 7922 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  166.149906][ T7922] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  166.149912][ T7922] Call Trace:
[  166.149917][ T7922]  <TASK>
[  166.149923][ T7922]  dump_stack_lvl+0x189/0x250
[  166.149948][ T7922]  ? __pfx_dump_stack_lvl+0x10/0x10
[  166.149962][ T7922]  ? __pfx_queue_work_on+0x10/0x10
[  166.149970][ T7922]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  166.149981][ T7922]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  166.149995][ T7922]  f2fs_handle_critical_error+0x37c/0x540
[  166.150010][ T7922]  f2fs_write_end_io+0x886/0xb60
[  166.150036][ T7922]  __submit_merged_bio+0x27a/0x6a0
[  166.150059][ T7922]  __submit_merged_write_cond+0x255/0x530
[  166.150074][ T7922]  f2fs_write_data_pages+0x261d/0x3000
[  166.150085][ T7922]  ? __pfx_hlock_conflict+0x10/0x10
[  166.150113][ T7922]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  166.150191][ T7922]  ? __mod_zone_page_state+0xd7/0x140
[  166.150217][ T7922]  ? folios_put_refs+0x560/0x640
[  166.150243][ T7922]  ? __lock_acquire+0xab9/0xd20
[  166.150270][ T7922]  ? do_raw_spin_lock+0x121/0x290
[  166.150289][ T7922]  ? do_raw_spin_unlock+0x4d/0x240
[  166.150303][ T7922]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  166.150323][ T7922]  do_writepages+0x32e/0x550
[  166.150351][ T7922]  ? do_raw_spin_unlock+0x4d/0x240
[  166.150370][ T7922]  filemap_fdatawrite+0x199/0x240
[  166.150388][ T7922]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  166.150433][ T7922]  ? do_raw_spin_unlock+0x4d/0x240
[  166.150453][ T7922]  f2fs_sync_dirty_inodes+0x31f/0x830
[  166.150479][ T7922]  f2fs_write_checkpoint+0x95a/0x1df0
[  166.150513][ T7922]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  166.150552][ T7922]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  166.150565][ T7922]  ? kfree+0x18e/0x440
[  166.150582][ T7922]  ? kill_f2fs_super+0x298/0x6c0
[  166.150599][ T7922]  kill_f2fs_super+0x2c3/0x6c0
[  166.150618][ T7922]  ? __pfx_kill_f2fs_super+0x10/0x10
[  166.150629][ T7922]  ? radix_tree_delete_item+0x2b6/0x400
[  166.150653][ T7922]  ? shrinker_free+0x2ce/0x3e0
[  166.150665][ T7922]  deactivate_locked_super+0xbc/0x130
[  166.150681][ T7922]  cleanup_mnt+0x425/0x4c0
[  166.150697][ T7922]  ? lockdep_hardirqs_on+0x9c/0x150
[  166.150716][ T7922]  task_work_run+0x1d4/0x260
[  166.150736][ T7922]  ? __pfx_task_work_run+0x10/0x10
[  166.150751][ T7922]  ? __x64_sys_umount+0x122/0x160
[  166.150774][ T7922]  ? exit_to_user_mode_loop+0x40/0x110
[  166.150810][ T7922]  exit_to_user_mode_loop+0xec/0x110
[  166.150831][ T7922]  do_syscall_64+0x2bd/0x3b0
[  166.150848][ T7922]  ? lockdep_hardirqs_on+0x9c/0x150
[  166.150865][ T7922]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  166.150878][ T7922]  ? exc_page_fault+0x9f/0xf0
[  166.150896][ T7922]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  166.150906][ T7922] RIP: 0033:0x7fe0f718ff17
[  166.150918][ T7922] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  166.150930][ T7922] RSP: 002b:00007ffe641ba808 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  166.150945][ T7922] RAX: 0000000000000000 RBX: 00007fe0f7211c05 RCX: 00007fe0f718ff17
[  166.150953][ T7922] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe641ba8c0
[  166.150961][ T7922] RBP: 00007ffe641ba8c0 R08: 0000000000000000 R09: 0000000000000000
[  166.150969][ T7922] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe641bb950
[  166.150978][ T7922] R13: 00007fe0f7211c05 R14: 0000000000028811 R15: 00007ffe641bb990
[  166.151001][ T7922]  </TASK>
[  166.327681][ T7922] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  166.354786][ T8569] netlink: 'syz.3.931': attribute type 3 has an invalid length.
[  166.358011][ T8569] netlink: 716 bytes leftover after parsing attributes in process `syz.3.931'.
[  166.497332][ T8575] loop2: detected capacity change from 0 to 512
[  166.512285][ T8575] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  166.577071][ T8575] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  166.584316][ T8575] ext4 filesystem being mounted at /327/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  166.620253][ T8582] loop3: detected capacity change from 0 to 2048
[  166.645670][ T8582] UDF-fs: error (device loop3): udf_process_sequence: Primary Volume Descriptor not found!
[  166.662309][ T8582] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  166.669735][ T5852] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  166.711954][ T8582] UDF-fs: error (device loop3): udf_verify_fi: directory (ino 1376) has entry at pos 0 with unaligned length of impUse field
[  167.201853][ T8598] loop4: detected capacity change from 0 to 32768
[  167.206362][ T8598] bcachefs (/dev/loop4): error reading default superblock: Bad minimum version 1.536: (unknown version), greater than version field 1.7: mi_btree_bitmap
[  167.213887][ T8598] bcachefs (/dev/loop4): error validating superblock: Invalid option invalid compression opt 7
[  167.217815][ T8598] bcachefs: bch2_fs_get_tree() error: invalid_sb_opt_compression
[  167.251189][    T9] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  167.412867][    T9] usb 4-1: Using ep0 maxpacket: 32
[  167.416916][    T9] usb 4-1: config 0 has an invalid interface number: 229 but max is 0
[  167.419889][    T9] usb 4-1: config 0 has no interface number 0
[  167.435687][    T9] usb 4-1: New USB device found, idVendor=3b53, idProduct=a0d3, bcdDevice=e3.d4
[  167.451058][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  167.461743][    T9] usb 4-1: Product: syz
[  167.463341][    T9] usb 4-1: Manufacturer: syz
[  167.474466][    T9] usb 4-1: SerialNumber: syz
[  167.524495][    T9] usb 4-1: config 0 descriptor??
[  167.616444][   T33] audit: type=1400 audit(1755394813.171:21): apparmor="DENIED" operation="change_hat" class="file" info="unconfined can not change_hat" error=-1 profile="unconfined" pid=8609 comm="syz.2.950"
[  167.687789][    T9] usb-storage 4-1:0.229: USB Mass Storage device detected
[  167.699351][ T8616] loop4: detected capacity change from 0 to 1024
[  167.766142][   T26] hfsplus: b-tree write err: -5, ino 4
[  167.857188][ T8622] loop4: detected capacity change from 0 to 512
[  167.885058][  T843] usb 4-1: USB disconnect, device number 12
[  167.888332][ T8622] EXT4-fs (loop4): Cannot turn on journaled quota: type 0: error -2
[  167.899462][ T8622] EXT4-fs (loop4): 1 truncate cleaned up
[  167.904645][ T8622] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  167.936692][ T7922] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  168.195183][ T8626] loop4: detected capacity change from 0 to 32768
[  168.224878][ T8626] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  168.261649][ T8635] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  168.283502][ T8626] XFS (loop4): Ending clean mount
[  168.322346][   T33] audit: type=1800 audit(1755394813.941:22): pid=8626 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.954" name="file1" dev="loop4" ino=6150 res=0 errno=0
[  168.350081][ T7922] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  168.744890][ T5847] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  168.749670][ T5847] Bluetooth: hci0: Injecting HCI hardware error event
[  168.756260][ T5847] Bluetooth: hci0: hardware error 0x00
[  168.910102][ T8661] netlink: 12 bytes leftover after parsing attributes in process `syz.4.967'.
[  169.061139][   T33] audit: type=1804 audit(1755394814.671:23): pid=8670 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.4.971" name="/newroot/96/bus/file1" dev="overlay" ino=2 res=1 errno=0
[  169.080672][   T33] audit: type=1800 audit(1755394814.691:24): pid=8670 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.971" name="file1" dev="overlay" ino=2 res=0 errno=0
[  169.325806][ T8688] Bluetooth: MGMT ver 1.23
[  170.088842][ T8715] netlink: 'syz.3.992': attribute type 6 has an invalid length.
[  170.339067][ T8718] netlink: 8 bytes leftover after parsing attributes in process `syz.4.993'.
[  170.429805][   T33] audit: type=1326 audit(1755394816.051:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8723 comm="syz.3.996" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc1118ebe9 code=0x7ffc0000
[  170.450313][   T33] audit: type=1326 audit(1755394816.051:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8723 comm="syz.3.996" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc1118ebe9 code=0x7ffc0000
[  170.458345][   T33] audit: type=1326 audit(1755394816.051:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8723 comm="syz.3.996" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fdc1118ebe9 code=0x7ffc0000
[  170.466962][   T33] audit: type=1326 audit(1755394816.071:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8723 comm="syz.3.996" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc1118ebe9 code=0x7ffc0000
[  170.474764][   T33] audit: type=1326 audit(1755394816.071:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8723 comm="syz.3.996" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdc1118ebe9 code=0x7ffc0000
[  170.489170][   T33] audit: type=1326 audit(1755394816.071:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8723 comm="syz.3.996" exe="/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fdc1118ebe9 code=0x7ffc0000
[  170.828588][ T8732] loop4: detected capacity change from 0 to 32768
[  170.855938][ T8732] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.999 (8732)
[  170.864614][ T8732] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  170.869966][ T8732] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  170.879267][ T8732] BTRFS info (device loop4): disk space caching is enabled
[  170.886312][ T8732] BTRFS warning (device loop4): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  170.902354][ T5847] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  171.004687][ T8732] BTRFS info (device loop4): rebuilding free space tree
[  171.019306][ T8732] BTRFS info (device loop4): disabling free space tree
[  171.022127][ T8755] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1005'.
[  171.028122][ T8732] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  171.034477][ T8732] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  171.050715][ T8755] bond_slave_0: entered promiscuous mode
[  171.053242][ T8755] bond_slave_1: entered promiscuous mode
[  171.072942][ T8755] macvtap1: entered promiscuous mode
[  171.081894][ T8755] bond0: entered promiscuous mode
[  171.085559][ T8755] macvtap1: entered allmulticast mode
[  171.087892][ T8755] bond0: entered allmulticast mode
[  171.095283][ T8755] bond_slave_0: entered allmulticast mode
[  171.097679][ T8755] bond_slave_1: entered allmulticast mode
[  171.106648][ T8755] 8021q: adding VLAN 0 to HW filter on device macvtap1
[  171.174429][ T7922] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  171.226406][ T8763] hub 1-0:1.0: USB hub found
[  171.228679][ T8763] hub 1-0:1.0: 1 port detected
[  171.315701][ T8769] netlink: 124 bytes leftover after parsing attributes in process `syz.4.1007'.
[  171.535530][ T8778] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check.
[  171.620193][ T8785] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1015'.
[  171.671003][ T8785] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1015'.
[  171.675396][ T8785] netlink: 60 bytes leftover after parsing attributes in process `syz.4.1015'.
[  172.297898][ T8808] loop4: detected capacity change from 0 to 256
[  172.314441][ T8808] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  172.319368][ T8808] exFAT-fs (loop4): Medium has reported failures. Some data may be lost.
[  172.329274][ T8808] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c1d22, utbl_chksum : 0xe619d30d)
[  172.529910][ T8814] loop2: detected capacity change from 0 to 256
[  172.566425][ T8814] exFAT-fs (loop2): error, The cluster chain has a loop
[  172.568839][ T8814] exFAT-fs (loop2): Filesystem has been set read-only
[  172.584125][ T8814] exFAT-fs (loop2): failed to count the number of clusters in root
[  172.587397][ T8814] exFAT-fs (loop2): failed to recognize exfat type
[  172.834445][ T8833] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1037'.
[  172.870773][ T8835] loop4: detected capacity change from 0 to 1024
[  173.011387][    T9] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  173.275014][    T9] usb 3-1: config 0 has an invalid interface number: 64 but max is 0
[  173.280932][    T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  173.291014][    T9] usb 3-1: config 0 has no interface number 0
[  173.298476][    T9] usb 3-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48
[  173.303312][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  173.307152][    T9] usb 3-1: Product: syz
[  173.308899][    T9] usb 3-1: Manufacturer: syz
[  173.310751][    T9] usb 3-1: SerialNumber: syz
[  173.315656][    T9] usb 3-1: config 0 descriptor??
[  173.323331][    T9] uvcvideo 3-1:0.64: probe with driver uvcvideo failed with error -22
[  173.640400][  T791] usb 3-1: USB disconnect, device number 16
[  174.381088][    T9] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  174.561109][    T9] usb 5-1: Using ep0 maxpacket: 16
[  174.571480][    T9] usb 5-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  174.584043][    T9] usb 5-1: config 0 interface 0 has no altsetting 0
[  174.589095][    T9] usb 5-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  174.609915][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  174.624464][    T9] usb 5-1: config 0 descriptor??
[  175.051057][   T24] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  175.064184][    T9] nzxt-smart2 0003:1E71:2009.0005: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.4-1/input0
[  175.203124][   T24] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  175.207064][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  175.210600][   T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0
[  175.214269][   T24] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  175.218326][   T24] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  175.221746][   T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  175.226075][   T24] usb 4-1: config 0 descriptor??
[  175.453712][  T791] usb 5-1: USB disconnect, device number 5
[  175.707198][   T24] plantronics 0003:047F:FFFF.0006: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0
[  176.263200][ T8894] loop4: detected capacity change from 0 to 1024
[  176.278077][ T8894] hfsplus: extend alloc file! (8192,8,110)
[  176.516748][ T8907] loop4: detected capacity change from 0 to 128
[  176.538893][ T8907] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  176.544056][ T8907] ext4 filesystem being mounted at /138/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  176.564098][ T7922] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  176.645829][   T24] usb 4-1: USB disconnect, device number 13
[  176.720996][ T5909] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  176.883603][    T9] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  176.888016][ T5909] usb 3-1: New USB device found, idVendor=0c70, idProduct=f010, bcdDevice= 0.00
[  176.891890][ T5909] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  176.897564][ T5909] usb 3-1: config 0 descriptor??
[  177.055706][    T9] usb 5-1: New USB device found, idVendor=0b95, idProduct=772b, bcdDevice=a2.4c
[  177.059788][    T9] usb 5-1: New USB device strings: Mfr=24, Product=2, SerialNumber=3
[  177.064826][    T9] usb 5-1: Product: syz
[  177.066780][    T9] usb 5-1: Manufacturer: syz
[  177.068882][    T9] usb 5-1: SerialNumber: syz
[  177.077578][    T9] usb 5-1: config 0 descriptor??
[  177.427797][ T5909] aquacomputer_d5next 0003:0C70:F010.0007: item fetching failed at offset 1/5
[  177.442201][ T5909] aquacomputer_d5next 0003:0C70:F010.0007: probe with driver aquacomputer_d5next failed with error -22
[  177.509220][    T9] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32
[  177.517264][    T9] asix 5-1:0.0: probe with driver asix failed with error -32
[  177.527693][    T9] usb 5-1: USB disconnect, device number 6
[  177.576738][ T5909] usb 3-1: USB disconnect, device number 17
[  178.629633][ T8927] loop3: detected capacity change from 0 to 2048
[  178.718573][ T8927] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  178.739184][   T33] kauditd_printk_skb: 2 callbacks suppressed
[  178.739208][   T33] audit: type=1800 audit(1755394824.361:33): pid=8927 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1074" name="file1" dev="loop3" ino=1415 res=0 errno=0
[  178.863134][ T8936] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1078'.
[  178.894893][ T8938] xt_limit: Overflow, try lower: 604147548/4200216962
[  178.993389][ T8944] loop2: detected capacity change from 0 to 128
[  180.407602][ T8974] bridge0: port 3(syz_tun) entered blocking state
[  180.410307][ T8974] bridge0: port 3(syz_tun) entered disabled state
[  180.415829][ T8974] syz_tun: entered allmulticast mode
[  180.434207][ T8974] syz_tun: entered promiscuous mode
[  180.441482][ T8974] bridge0: port 3(syz_tun) entered blocking state
[  180.444287][ T8974] bridge0: port 3(syz_tun) entered forwarding state
[  180.469608][ T8974] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  181.489550][  T737] kworker/u9:3: attempt to access beyond end of device
[  181.489550][  T737] loop2: rw=1, sector=145, nr_sectors = 8 limit=128
[  181.502765][  T737] kworker/u9:3: attempt to access beyond end of device
[  181.502765][  T737] loop2: rw=1, sector=161, nr_sectors = 8 limit=128
[  181.509800][  T737] kworker/u9:3: attempt to access beyond end of device
[  181.509800][  T737] loop2: rw=1, sector=177, nr_sectors = 8 limit=128
[  181.517049][  T737] kworker/u9:3: attempt to access beyond end of device
[  181.517049][  T737] loop2: rw=1, sector=193, nr_sectors = 8 limit=128
[  181.522682][  T737] kworker/u9:3: attempt to access beyond end of device
[  181.522682][  T737] loop2: rw=1, sector=209, nr_sectors = 8 limit=128
[  181.528403][  T737] kworker/u9:3: attempt to access beyond end of device
[  181.528403][  T737] loop2: rw=1, sector=225, nr_sectors = 8 limit=128
[  181.538266][  T737] kworker/u9:3: attempt to access beyond end of device
[  181.538266][  T737] loop2: rw=1, sector=241, nr_sectors = 8 limit=128
[  181.545552][  T737] kworker/u9:3: attempt to access beyond end of device
[  181.545552][  T737] loop2: rw=1, sector=257, nr_sectors = 8 limit=128
[  181.551642][  T737] kworker/u9:3: attempt to access beyond end of device
[  181.551642][  T737] loop2: rw=1, sector=273, nr_sectors = 8 limit=128
[  181.557364][  T737] kworker/u9:3: attempt to access beyond end of device
[  181.557364][  T737] loop2: rw=1, sector=289, nr_sectors = 8 limit=128
[  181.675387][ T8983] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1098'.
[  181.742736][ T5909] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  181.745773][ T8989] netlink: 'syz.4.1100': attribute type 1 has an invalid length.
[  181.748835][ T8989] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  181.799484][ T8991] syz_tun: entered promiscuous mode
[  181.890909][ T5909] usb 4-1: Using ep0 maxpacket: 8
[  181.898241][ T5909] usb 4-1: New USB device found, idVendor=0458, idProduct=7003, bcdDevice=7a.1a
[  181.904048][ T5909] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  181.908099][ T5909] usb 4-1: Product: syz
[  181.909998][ T5909] usb 4-1: Manufacturer: syz
[  181.912329][ T5909] usb 4-1: SerialNumber: syz
[  181.924017][ T5909] usb 4-1: config 0 descriptor??
[  181.938411][ T5909] gspca_main: sn9c2028-2.14.0 probing 0458:7003
[  182.076756][ T8991] syz_tun: left promiscuous mode
[  182.340738][ T5909] gspca_sn9c2028: read1 error -71
[  182.349102][ T5909] gspca_sn9c2028: read1 error -71
[  182.350891][ T5909] sn9c2028 4-1:0.0: probe with driver sn9c2028 failed with error -71
[  182.355017][ T5909] usb 4-1: USB disconnect, device number 14
[  182.409017][ T9000] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1106'.
[  182.412907][ T9000] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1106'.
[  182.595678][ T9008] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1110'.
[  182.640452][ T9010] (unnamed net_device) (uninitialized): option ad_user_port_key: mode dependency failed, not supported in mode balance-rr(0)
[  182.880983][ T5909] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  182.921914][    T9] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  183.032366][ T5909] usb 3-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad
[  183.035488][ T5909] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  183.048060][ T5909] usb 3-1: config 0 descriptor??
[  183.052436][ T5909] gspca_main: spca508-2.14.0 probing 8086:0110
[  183.073866][ T5312] IPVS: starting estimator thread 0...
[  183.080965][    T9] usb 5-1: Using ep0 maxpacket: 8
[  183.085352][    T9] usb 5-1: config 179 has an invalid interface number: 65 but max is 0
[  183.088193][    T9] usb 5-1: config 179 has no interface number 0
[  183.090304][    T9] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  183.094048][    T9] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  183.097514][    T9] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  183.101815][    T9] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  183.106198][    T9] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  183.111150][    T9] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  183.114852][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  183.125279][ T9012] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22
[  183.162077][ T9016] IPVS: using max 48 ests per chain, 115200 per kthread
[  183.255543][ T5909] gspca_spca508: reg_read err -32
[  183.258359][ T5909] gspca_spca508: reg_read err -32
[  183.263000][ T5909] gspca_spca508: reg_read err -32
[  183.269560][ T5909] gspca_spca508: reg_read err -32
[  183.276952][ T9010] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  183.280387][ T9010] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  183.399655][ T9025] loop3: detected capacity change from 0 to 8
[  183.422593][ T9025] SQUASHFS error: lzo decompression failed, data probably corrupt
[  183.425558][ T9025] SQUASHFS error: Failed to read block 0x62b: -5
[  183.451705][ T9025] SQUASHFS error: Unable to read metadata cache entry [629]
[  183.458769][ T9025] SQUASHFS error: Unable to read inode 0x11f
[  183.565161][ T9012] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  183.580667][ T9012] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  183.597043][ T9027] loop3: detected capacity change from 0 to 1024
[  183.628490][   T33] audit: type=1800 audit(1755394829.251:34): pid=9027 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1118" name="bus" dev="loop3" ino=25 res=0 errno=0
[  183.967150][ T5909] gspca_spca508: reg_read err -110
[  184.065189][ T5909] gspca_spca508: reg write: error -32
[  184.068194][ T5909] spca508 3-1:0.0: probe with driver spca508 failed with error -32
[  184.311824][   T24] usb 5-1: USB disconnect, device number 7
[  184.311924][    C0] xpad 5-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  184.317595][    C0] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  184.989341][ T9037] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1123'.
[  185.184767][ T5312] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input11
[  185.235468][ T5914] usb 3-1: USB disconnect, device number 18
[  185.417075][ T9049] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1129'.
[  185.474983][ T9051] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1130'.
[  185.553258][ T9045] loop4: detected capacity change from 0 to 40427
[  185.557137][ T9045] F2FS-fs (loop4): Insane cp_payload (553648128 >= 504)
[  185.559857][ T9045] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  185.567352][ T9045] F2FS-fs (loop4): build fault injection rate: 8
[  185.569839][ T9045] F2FS-fs (loop4): build fault injection type: 0x3bfe8d
[  185.576296][    C0] F2FS-fs (loop4): inject read IO error in f2fs_read_end_io of blk_update_request+0x57e/0xe60
[  185.581499][ T9045] F2FS-fs (loop4): invalid crc value
[  185.589086][ T9045] F2FS-fs (loop4): Failed to get valid F2FS checkpoint
[  185.696017][ T9060] loop3: detected capacity change from 0 to 512
[  185.722333][ T9060] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  185.724921][ T9060] EXT4-fs (loop3): orphan cleanup on readonly fs
[  185.727935][ T9060] Quota error (device loop3): v2_read_file_info: Block with free entry 4294967071 out of range (1, 6).
[  185.742221][ T9060] EXT4-fs warning (device loop3): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  185.762058][ T9060] EXT4-fs (loop3): Cannot turn on quotas: error -117
[  185.790501][ T9060] EXT4-fs error (device loop3): ext4_validate_block_bitmap:441: comm syz.3.1132: bg 0: block 40: padding at end of block bitmap is not set
[  185.846679][ T9060] EXT4-fs error (device loop3) in ext4_mb_clear_bb:6657: Corrupt filesystem
[  185.850346][ T9060] EXT4-fs (loop3): 1 truncate cleaned up
[  185.855142][ T9060] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  185.925963][ T6882] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  186.013487][ T9074] netlink: 120 bytes leftover after parsing attributes in process `syz.4.1138'.
[  186.072362][ T9077] loop4: detected capacity change from 0 to 128
[  186.088497][ T9077] EXT4-fs (loop4): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  186.096081][ T9077] ext4 filesystem being mounted at /167/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  186.179318][ T7922] EXT4-fs (loop4): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  186.210239][ T9072] loop2: detected capacity change from 0 to 32768
[  186.238863][ T9072] o2cb: This node has not been configured.
[  186.240879][ T9072] o2cb: Cluster check failed. Fix errors before retrying.
[  186.242970][ T9072] (syz.2.1137,9072,0):ocfs2_dlm_init:3354 ERROR: status = -22
[  186.249108][ T9072] (syz.2.1137,9072,0):ocfs2_mount_volume:1735 ERROR: status = -22
[  186.254804][ T9072] (syz.2.1137,9072,0):ocfs2_fill_super:1177 ERROR: status = -22
[  186.396987][ T9085] openvswitch: netlink: Either Ethernet header or EtherType is required.
[  186.800214][ T9085] loop4: detected capacity change from 0 to 32768
[  186.834701][ T9085] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  186.875608][ T9085] XFS (loop4): Ending clean mount
[  186.884143][ T9085] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  187.325183][ T9089] loop2: detected capacity change from 0 to 40427
[  187.438265][ T9089] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  187.444616][ T9089] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  187.473538][ T5852] bio_check_eod: 98 callbacks suppressed
[  187.473641][ T5852] syz-executor: attempt to access beyond end of device
[  187.473641][ T5852] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  187.483382][ T5852] CPU: 1 UID: 0 PID: 5852 Comm: syz-executor Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  187.483410][ T5852] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  187.483419][ T5852] Call Trace:
[  187.483427][ T5852]  <TASK>
[  187.483434][ T5852]  dump_stack_lvl+0x189/0x250
[  187.483460][ T5852]  ? __pfx_dump_stack_lvl+0x10/0x10
[  187.483477][ T5852]  ? __pfx_queue_work_on+0x10/0x10
[  187.483490][ T5852]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  187.483509][ T5852]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  187.483536][ T5852]  f2fs_handle_critical_error+0x37c/0x540
[  187.483562][ T5852]  f2fs_write_end_io+0x886/0xb60
[  187.483593][ T5852]  __submit_merged_bio+0x27a/0x6a0
[  187.483619][ T5852]  __submit_merged_write_cond+0x255/0x530
[  187.483642][ T5852]  f2fs_write_data_pages+0x261d/0x3000
[  187.483711][ T5852]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  187.483785][ T5852]  ? folios_put_refs+0x559/0x640
[  187.483814][ T5852]  ? __lock_acquire+0xab9/0xd20
[  187.483842][ T5852]  ? do_raw_spin_lock+0x121/0x290
[  187.483870][ T5852]  ? do_raw_spin_unlock+0x4d/0x240
[  187.483886][ T5852]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  187.483907][ T5852]  do_writepages+0x32e/0x550
[  187.483937][ T5852]  ? do_raw_spin_unlock+0x4d/0x240
[  187.483964][ T5852]  filemap_fdatawrite+0x199/0x240
[  187.483984][ T5852]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  187.484048][ T5852]  ? do_raw_spin_unlock+0x4d/0x240
[  187.484069][ T5852]  f2fs_sync_dirty_inodes+0x31f/0x830
[  187.484100][ T5852]  f2fs_write_checkpoint+0x95a/0x1df0
[  187.484138][ T5852]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  187.484198][ T5852]  ? kill_f2fs_super+0x298/0x6c0
[  187.484217][ T5852]  kill_f2fs_super+0x2c3/0x6c0
[  187.484238][ T5852]  ? __pfx_kill_f2fs_super+0x10/0x10
[  187.484250][ T5852]  ? radix_tree_delete_item+0x2b6/0x400
[  187.484275][ T5852]  ? shrinker_free+0x2ce/0x3e0
[  187.484293][ T5852]  deactivate_locked_super+0xbc/0x130
[  187.484313][ T5852]  cleanup_mnt+0x425/0x4c0
[  187.484329][ T5852]  ? lockdep_hardirqs_on+0x9c/0x150
[  187.484350][ T5852]  task_work_run+0x1d4/0x260
[  187.484372][ T5852]  ? __pfx_task_work_run+0x10/0x10
[  187.484388][ T5852]  ? __x64_sys_umount+0x122/0x160
[  187.484411][ T5852]  ? exit_to_user_mode_loop+0x40/0x110
[  187.484434][ T5852]  exit_to_user_mode_loop+0xec/0x110
[  187.484454][ T5852]  do_syscall_64+0x2bd/0x3b0
[  187.484472][ T5852]  ? lockdep_hardirqs_on+0x9c/0x150
[  187.484485][ T5852]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  187.484497][ T5852]  ? exc_page_fault+0x9f/0xf0
[  187.484516][ T5852]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  187.484529][ T5852] RIP: 0033:0x7f52cdb8ff17
[  187.484543][ T5852] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  187.484554][ T5852] RSP: 002b:00007fffdcf8b148 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  187.484567][ T5852] RAX: 0000000000000000 RBX: 00007f52cdc11c05 RCX: 00007f52cdb8ff17
[  187.484575][ T5852] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fffdcf8b200
[  187.484584][ T5852] RBP: 00007fffdcf8b200 R08: 0000000000000000 R09: 0000000000000000
[  187.484592][ T5852] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fffdcf8c290
[  187.484601][ T5852] R13: 00007f52cdc11c05 R14: 000000000002dbc0 R15: 00007fffdcf8c2d0
[  187.484627][ T5852]  </TASK>
[  187.484634][ T5852] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  187.896743][ T9117] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1146'.
[  187.900382][ T9117] bridge_slave_1: left allmulticast mode
[  187.904491][ T9117] bridge_slave_1: left promiscuous mode
[  187.907231][ T9117] bridge0: port 2(bridge_slave_1) entered disabled state
[  187.913303][ T9117] bridge_slave_0: left allmulticast mode
[  187.915849][ T9117] bridge_slave_0: left promiscuous mode
[  187.918401][ T9117] bridge0: port 1(bridge_slave_0) entered disabled state
[  188.111235][  T791] usb 5-1: new full-speed USB device number 8 using dummy_hcd
[  188.146967][ T9122] loop3: detected capacity change from 0 to 128
[  188.264537][  T791] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  188.269034][  T791] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84
[  188.274176][  T791] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10
[  188.278558][  T791] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 232, setting to 64
[  188.282941][  T791] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  188.292664][  T791] usb 5-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae
[  188.296292][  T791] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  188.299544][  T791] usb 5-1: Product: syz
[  188.301366][  T791] usb 5-1: Manufacturer: syz
[  188.303558][  T791] usb 5-1: SerialNumber: syz
[  188.307787][  T791] usb 5-1: config 0 descriptor??
[  188.310565][ T9116] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  188.318374][  T791] input: KB Gear Tablet as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input12
[  188.377376][    C1] kbtab 5-1:0.0: kbtab_irq - usb_submit_urb failed with result -1
[  188.571048][    C0] kbtab 5-1:0.0: kbtab_irq - usb_submit_urb failed with result -1
[  188.579451][ T5312] usb 5-1: USB disconnect, device number 8
[  188.850986][    T9] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  188.903395][ T9139] loop2: detected capacity change from 0 to 4096
[  189.110933][    T9] usb 4-1: Using ep0 maxpacket: 16
[  189.120970][    T9] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  189.125392][    T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  189.136194][    T9] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  189.140891][    T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  189.144070][    T9] usb 4-1: Product: syz
[  189.145875][    T9] usb 4-1: Manufacturer: syz
[  189.147675][    T9] usb 4-1: SerialNumber: syz
[  189.585481][    T9] usb 4-1: 0:2 : does not exist
[  189.623491][    T9] usb 4-1: USB disconnect, device number 15
[  189.678147][ T5854] udevd[5854]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such device
[  189.859426][ T9147] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1161'.
[  189.954330][ T9149] tmpfs: Bad value for 'size'
[  190.089052][ T9153] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1164'.
[  190.278991][ T9164] openvswitch: netlink: IP tunnel dst address not specified
[  190.657733][ T9155] loop2: detected capacity change from 0 to 32768
[  190.904141][ T9155] bcachefs (loop2): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,nojournal_transaction_names
[  190.904164][ T9155]   allowing incompatible features above 0.0: (unknown version)
[  190.904173][ T9155]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  190.946672][ T9155] bcachefs (loop2): Using encoding defined by superblock: utf8-12.1.0
[  190.954926][ T9155] bcachefs (loop2): initializing new filesystem
[  190.985592][ T9155] bcachefs (loop2): going read-write
[  190.999266][ T9155] bcachefs (loop2): marking superblocks
[  191.036336][ T9155] bcachefs (loop2): initializing freespace
[  191.074658][ T9155] bcachefs (loop2): done initializing freespace
[  191.098094][ T9155] bcachefs (loop2): reading snapshots table
[  191.111134][ T9155] bcachefs (loop2): reading snapshots done
[  191.143352][ T5851] Bluetooth: hci2: command 0x0406 tx timeout
[  191.195925][ T9155] bcachefs (loop2): done starting filesystem
[  191.366977][ T9188] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0)
[  191.368809][ T9181] loop4: detected capacity change from 0 to 32768
[  191.371543][   T33] audit: type=1800 audit(1755394836.991:35): pid=9155 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1165" name="file1" dev="loop2" ino=4098 res=0 errno=0
[  191.380124][ T9181] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1174 (9181)
[  191.426858][ T9181] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  191.430251][ T9181] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm
[  191.443281][ T9181] BTRFS info (device loop4): using free-space-tree
[  191.464933][ T5852] bcachefs (loop2): shutting down
[  191.466780][ T5852] bcachefs (loop2): going read-only
[  191.472225][ T5852] bcachefs (loop2): finished waiting for writes to stop
[  191.485453][ T5852] bcachefs (loop2): flushing journal and stopping allocators, journal seq 3
[  191.568352][ T5852] bcachefs (loop2): flushing journal and stopping allocators complete, journal seq 4
[  191.595384][ T5852] bcachefs (loop2): clean shutdown complete, journal seq 5
[  191.598835][ T5852] bcachefs (loop2): marking filesystem clean
[  191.629967][ T7922] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  191.668159][ T5852] bcachefs (loop2): shutdown complete
[  191.998859][ T9222] tipc: Enabled bearer <eth:batadv0>, priority 10
[  192.086347][ T9226] loop4: detected capacity change from 0 to 256
[  192.140541][ T9226] exFAT-fs (loop4): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x421408f7, utbl_chksum : 0xe619d30d)
[  192.174971][ T9226] exFAT-fs (loop4): bogus allocation bitmap size(need : 2, cur : 17179869186)
[  192.455045][ T9228] loop3: detected capacity change from 0 to 40427
[  192.464982][ T9228] F2FS-fs (loop3): invalid crc value
[  192.517696][ T9228] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  192.522261][ T9228] F2FS-fs (loop3): Start checkpoint disabled!
[  192.528233][ T9228] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  193.148284][    T9] tipc: Node number set to 4278190081
[  193.259338][ T1089] kworker/u10:4: attempt to access beyond end of device
[  193.259338][ T1089] loop3: rw=2049, sector=45096, nr_sectors = 24 limit=40427
[  193.267709][ T1089] CPU: 1 UID: 0 PID: 1089 Comm: kworker/u10:4 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  193.267733][ T1089] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  193.267742][ T1089] Workqueue: writeback wb_workfn (flush-7:3)
[  193.267765][ T1089] Call Trace:
[  193.267771][ T1089]  <TASK>
[  193.267779][ T1089]  dump_stack_lvl+0x189/0x250
[  193.267800][ T1089]  ? __pfx_dump_stack_lvl+0x10/0x10
[  193.267817][ T1089]  ? __pfx_queue_work_on+0x10/0x10
[  193.267830][ T1089]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  193.267848][ T1089]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  193.267876][ T1089]  f2fs_handle_critical_error+0x37c/0x540
[  193.267901][ T1089]  f2fs_write_end_io+0x886/0xb60
[  193.267931][ T1089]  __submit_merged_bio+0x27a/0x6a0
[  193.267956][ T1089]  __submit_merged_write_cond+0x255/0x530
[  193.267981][ T1089]  f2fs_write_data_pages+0x261d/0x3000
[  193.268030][ T1089]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  193.268056][ T1089]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  193.268103][ T1089]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  193.268134][ T1089]  ? trace_f2fs_writepages+0x7f/0x200
[  193.268154][ T1089]  ? f2fs_write_node_pages+0x478/0x6e0
[  193.268177][ T1089]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  193.268217][ T1089]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  193.268239][ T1089]  do_writepages+0x32e/0x550
[  193.268260][ T1089]  ? reacquire_held_locks+0x127/0x1d0
[  193.268274][ T1089]  ? writeback_sb_inodes+0x384/0x1010
[  193.268328][ T1089]  __writeback_single_inode+0x145/0xff0
[  193.268346][ T1089]  ? do_raw_spin_unlock+0x4d/0x240
[  193.268366][ T1089]  writeback_sb_inodes+0x6c7/0x1010
[  193.268407][ T1089]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  193.268464][ T1089]  ? rcu_is_watching+0x15/0xb0
[  193.268488][ T1089]  wb_writeback+0x43b/0xaf0
[  193.268513][ T1089]  ? queue_io+0x3c1/0x590
[  193.268535][ T1089]  ? __pfx_wb_writeback+0x10/0x10
[  193.268569][ T1089]  ? _raw_spin_unlock_irq+0x23/0x50
[  193.268608][ T1089]  wb_workfn+0x409/0xef0
[  193.268639][ T1089]  ? __pfx_wb_workfn+0x10/0x10
[  193.268659][ T1089]  ? __lock_acquire+0xab9/0xd20
[  193.268688][ T1089]  ? process_scheduled_works+0x9ef/0x17b0
[  193.268708][ T1089]  ? _raw_spin_unlock_irq+0x23/0x50
[  193.268723][ T1089]  ? process_scheduled_works+0x9ef/0x17b0
[  193.268736][ T1089]  ? process_scheduled_works+0x9ef/0x17b0
[  193.268751][ T1089]  process_scheduled_works+0xae1/0x17b0
[  193.268793][ T1089]  ? __pfx_process_scheduled_works+0x10/0x10
[  193.268825][ T1089]  worker_thread+0x8a0/0xda0
[  193.268852][ T1089]  ? __kthread_parkme+0x7b/0x200
[  193.268877][ T1089]  kthread+0x711/0x8a0
[  193.268898][ T1089]  ? __pfx_worker_thread+0x10/0x10
[  193.268911][ T1089]  ? __pfx_kthread+0x10/0x10
[  193.268930][ T1089]  ? _raw_spin_unlock_irq+0x23/0x50
[  193.268945][ T1089]  ? lockdep_hardirqs_on+0x9c/0x150
[  193.268962][ T1089]  ? __pfx_kthread+0x10/0x10
[  193.268980][ T1089]  ret_from_fork+0x3fc/0x770
[  193.268999][ T1089]  ? __pfx_ret_from_fork+0x10/0x10
[  193.269019][ T1089]  ? __switch_to_asm+0x39/0x70
[  193.269035][ T1089]  ? __switch_to_asm+0x33/0x70
[  193.269050][ T1089]  ? __pfx_kthread+0x10/0x10
[  193.269067][ T1089]  ret_from_fork_asm+0x1a/0x30
[  193.269100][ T1089]  </TASK>
[  193.270155][ T1089] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  193.402311][ T1089] CPU: 1 UID: 0 PID: 1089 Comm: kworker/u10:4 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  193.402331][ T1089] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  193.402340][ T1089] Workqueue: writeback wb_workfn (flush-7:3)
[  193.402363][ T1089] Call Trace:
[  193.402369][ T1089]  <TASK>
[  193.402376][ T1089]  dump_stack_lvl+0x189/0x250
[  193.402398][ T1089]  ? __pfx_dump_stack_lvl+0x10/0x10
[  193.402415][ T1089]  ? __pfx_queue_work_on+0x10/0x10
[  193.402428][ T1089]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  193.402447][ T1089]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  193.402472][ T1089]  f2fs_handle_critical_error+0x37c/0x540
[  193.402498][ T1089]  f2fs_write_end_io+0x886/0xb60
[  193.402527][ T1089]  __submit_merged_bio+0x27a/0x6a0
[  193.402559][ T1089]  __submit_merged_write_cond+0x255/0x530
[  193.402585][ T1089]  f2fs_write_data_pages+0x261d/0x3000
[  193.402634][ T1089]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  193.402667][ T1089]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  193.402714][ T1089]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  193.402745][ T1089]  ? trace_f2fs_writepages+0x7f/0x200
[  193.402765][ T1089]  ? f2fs_write_node_pages+0x478/0x6e0
[  193.402787][ T1089]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  193.402817][ T1089]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  193.402838][ T1089]  do_writepages+0x32e/0x550
[  193.402863][ T1089]  ? reacquire_held_locks+0x127/0x1d0
[  193.402877][ T1089]  ? writeback_sb_inodes+0x384/0x1010
[  193.402901][ T1089]  __writeback_single_inode+0x145/0xff0
[  193.402920][ T1089]  ? do_raw_spin_unlock+0x4d/0x240
[  193.402940][ T1089]  writeback_sb_inodes+0x6c7/0x1010
[  193.402981][ T1089]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  193.403036][ T1089]  ? rcu_is_watching+0x15/0xb0
[  193.403059][ T1089]  wb_writeback+0x43b/0xaf0
[  193.403084][ T1089]  ? queue_io+0x3c1/0x590
[  193.403106][ T1089]  ? __pfx_wb_writeback+0x10/0x10
[  193.403130][ T1089]  ? _raw_spin_unlock_irq+0x23/0x50
[  193.403152][ T1089]  wb_workfn+0x409/0xef0
[  193.403202][ T1089]  ? __pfx_wb_workfn+0x10/0x10
[  193.403222][ T1089]  ? __lock_acquire+0xab9/0xd20
[  193.403253][ T1089]  ? process_scheduled_works+0x9ef/0x17b0
[  193.403305][ T1089]  ? _raw_spin_unlock_irq+0x23/0x50
[  193.403321][ T1089]  ? process_scheduled_works+0x9ef/0x17b0
[  193.403333][ T1089]  ? process_scheduled_works+0x9ef/0x17b0
[  193.403348][ T1089]  process_scheduled_works+0xae1/0x17b0
[  193.403384][ T1089]  ? __pfx_process_scheduled_works+0x10/0x10
[  193.403413][ T1089]  worker_thread+0x8a0/0xda0
[  193.403441][ T1089]  ? __kthread_parkme+0x7b/0x200
[  193.403465][ T1089]  kthread+0x711/0x8a0
[  193.403486][ T1089]  ? __pfx_worker_thread+0x10/0x10
[  193.403500][ T1089]  ? __pfx_kthread+0x10/0x10
[  193.403519][ T1089]  ? _raw_spin_unlock_irq+0x23/0x50
[  193.403540][ T1089]  ? lockdep_hardirqs_on+0x9c/0x150
[  193.403557][ T1089]  ? __pfx_kthread+0x10/0x10
[  193.403575][ T1089]  ret_from_fork+0x3fc/0x770
[  193.403592][ T1089]  ? __pfx_ret_from_fork+0x10/0x10
[  193.403613][ T1089]  ? __switch_to_asm+0x39/0x70
[  193.403629][ T1089]  ? __switch_to_asm+0x33/0x70
[  193.403644][ T1089]  ? __pfx_kthread+0x10/0x10
[  193.403661][ T1089]  ret_from_fork_asm+0x1a/0x30
[  193.403693][ T1089]  </TASK>
[  193.408222][ T1089] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  193.535672][ T1089] CPU: 1 UID: 0 PID: 1089 Comm: kworker/u10:4 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  193.535693][ T1089] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  193.535703][ T1089] Workqueue: writeback wb_workfn (flush-7:3)
[  193.535724][ T1089] Call Trace:
[  193.535730][ T1089]  <TASK>
[  193.535737][ T1089]  dump_stack_lvl+0x189/0x250
[  193.535759][ T1089]  ? __pfx_dump_stack_lvl+0x10/0x10
[  193.535774][ T1089]  ? __pfx_queue_work_on+0x10/0x10
[  193.535786][ T1089]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  193.535804][ T1089]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  193.535829][ T1089]  f2fs_handle_critical_error+0x37c/0x540
[  193.535852][ T1089]  f2fs_write_end_io+0x886/0xb60
[  193.535879][ T1089]  __submit_merged_bio+0x27a/0x6a0
[  193.535905][ T1089]  __submit_merged_write_cond+0x255/0x530
[  193.535930][ T1089]  f2fs_write_data_pages+0x261d/0x3000
[  193.535983][ T1089]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  193.536016][ T1089]  ? __pfx_f2fs_available_free_memory+0x10/0x10
[  193.536061][ T1089]  ? __pfx_f2fs_balance_fs_bg+0x10/0x10
[  193.536093][ T1089]  ? trace_f2fs_writepages+0x7f/0x200
[  193.536113][ T1089]  ? f2fs_write_node_pages+0x478/0x6e0
[  193.536136][ T1089]  ? __pfx_f2fs_write_node_pages+0x10/0x10
[  193.536168][ T1089]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  193.536188][ T1089]  do_writepages+0x32e/0x550
[  193.536212][ T1089]  ? reacquire_held_locks+0x127/0x1d0
[  193.536225][ T1089]  ? writeback_sb_inodes+0x384/0x1010
[  193.536251][ T1089]  __writeback_single_inode+0x145/0xff0
[  193.536299][ T1089]  ? do_raw_spin_unlock+0x4d/0x240
[  193.536321][ T1089]  writeback_sb_inodes+0x6c7/0x1010
[  193.536363][ T1089]  ? __pfx_writeback_sb_inodes+0x10/0x10
[  193.536419][ T1089]  ? rcu_is_watching+0x15/0xb0
[  193.536441][ T1089]  wb_writeback+0x43b/0xaf0
[  193.536466][ T1089]  ? queue_io+0x3c1/0x590
[  193.536486][ T1089]  ? __pfx_wb_writeback+0x10/0x10
[  193.536511][ T1089]  ? _raw_spin_unlock_irq+0x23/0x50
[  193.536538][ T1089]  wb_workfn+0x409/0xef0
[  193.536585][ T1089]  ? __pfx_wb_workfn+0x10/0x10
[  193.536605][ T1089]  ? __lock_acquire+0xab9/0xd20
[  193.536635][ T1089]  ? process_scheduled_works+0x9ef/0x17b0
[  193.536655][ T1089]  ? _raw_spin_unlock_irq+0x23/0x50
[  193.536675][ T1089]  ? process_scheduled_works+0x9ef/0x17b0
[  193.536688][ T1089]  ? process_scheduled_works+0x9ef/0x17b0
[  193.536703][ T1089]  process_scheduled_works+0xae1/0x17b0
[  193.536743][ T1089]  ? __pfx_process_scheduled_works+0x10/0x10
[  193.536769][ T1089]  worker_thread+0x8a0/0xda0
[  193.536796][ T1089]  ? __kthread_parkme+0x7b/0x200
[  193.536820][ T1089]  kthread+0x711/0x8a0
[  193.536839][ T1089]  ? __pfx_worker_thread+0x10/0x10
[  193.536853][ T1089]  ? __pfx_kthread+0x10/0x10
[  193.536870][ T1089]  ? _raw_spin_unlock_irq+0x23/0x50
[  193.536884][ T1089]  ? lockdep_hardirqs_on+0x9c/0x150
[  193.536899][ T1089]  ? __pfx_kthread+0x10/0x10
[  193.536914][ T1089]  ret_from_fork+0x3fc/0x770
[  193.536932][ T1089]  ? __pfx_ret_from_fork+0x10/0x10
[  193.536953][ T1089]  ? __switch_to_asm+0x39/0x70
[  193.536969][ T1089]  ? __switch_to_asm+0x33/0x70
[  193.536984][ T1089]  ? __pfx_kthread+0x10/0x10
[  193.537002][ T1089]  ret_from_fork_asm+0x1a/0x30
[  193.537035][ T1089]  </TASK>
[  193.538026][ T1089] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  194.032918][ T9253] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1178'.
[  194.093355][ T9257] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1198'.
[  194.096754][ T9257] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1198'.
[  194.211865][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[  194.216783][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[  194.306540][   T33] audit: type=1326 audit(1755394839.931:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9266 comm="syz.2.1203" exe="/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f52cdb8ebe9 code=0x0
[  194.649038][ T9274] loop4: detected capacity change from 0 to 8192
[  195.051843][ T9285] block nbd3: shutting down sockets
[  195.281785][ T9301] loop2: detected capacity change from 0 to 512
[  195.313877][ T9301] EXT4-fs (loop2): revision level too high, forcing read-only mode
[  195.321082][ T9301] EXT4-fs (loop2): orphan cleanup on readonly fs
[  195.323557][   T33] audit: type=1326 audit(1755394840.851:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9297 comm="syz.2.1218" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f52cdb8ebe9 code=0x0
[  195.333720][ T9301] Quota error (device loop2): v2_read_file_info: Free block number 1 out of range (1, 6).
[  195.337704][ T9301] EXT4-fs warning (device loop2): ext4_enable_quotas:7168: Failed to enable quota tracking (type=1, err=-117, ino=4). Please run e2fsck to fix.
[  195.411346][ T9301] EXT4-fs (loop2): Cannot turn on quotas: error -117
[  195.438054][ T9301] EXT4-fs (loop2): 1 truncate cleaned up
[  195.587637][ T9310] loop3: detected capacity change from 0 to 1024
[  195.650154][ T9301] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  195.866878][ T5852] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  195.939665][ T9314] loop2: detected capacity change from 0 to 1024
[  195.995624][ T9314] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  196.029873][ T9314] EXT4-fs error (device loop2): __ext4_remount:6736: comm syz.2.1224: Abort forced by user
[  196.038485][ T9314] EXT4-fs (loop2): Remounting filesystem read-only
[  196.043206][ T9314] EXT4-fs (loop2): re-mounted 00000000-0000-0000-0000-000000000000.
[  196.134678][  T737] hfsplus: b-tree write err: -5, ino 4
[  196.154423][ T9322] CUSE: DEVNAME unspecified
[  196.219479][ T5852] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  196.592477][ T9333] TCP: TCP_TX_DELAY enabled
[  197.323802][ T9338] loop2: detected capacity change from 0 to 256
[  197.823328][ T9351] exFAT-fs (loop2): start_clu is invalid cluster(0x400)
[  199.420391][ T9386] loop2: detected capacity change from 0 to 2048
[  200.106317][ T9392] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  200.233493][ T9398] loop2: detected capacity change from 0 to 8
[  200.263776][ T9399] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1256'.
[  200.361104][ T9403] kAFS: unable to lookup cell 'syz169@=R'
[  200.588691][ T9418] loop4: detected capacity change from 0 to 512
[  200.613593][ T9418] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a846c118, mo2=0002]
[  200.616958][ T9418] System zones: 1-12
[  200.620030][ T9418] EXT4-fs error (device loop4): ext4_map_blocks:778: inode #2: block 3: comm syz.4.1264: lblock 0 mapped to illegal pblock 3 (length 1)
[  200.643094][ T9418] EXT4-fs warning (device loop4): dx_probe:791: inode #2: lblock 0: comm syz.4.1264: error -117 reading directory block
[  200.647559][ T9418] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117
[  200.652380][ T9418] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  200.660149][ T9418] EXT4-fs error (device loop4): ext4_xattr_block_get:593: inode #2: comm syz.4.1264: corrupted xattr block 255: invalid header
[  200.691839][ T7922] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  200.938669][ T9443] loop2: detected capacity change from 0 to 512
[  200.979144][ T9443] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  200.992008][ T9443] ext4 filesystem being mounted at /414/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  201.425669][ T7972] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  201.533341][ T5852] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  201.631202][ T7972] usb 4-1: Using ep0 maxpacket: 32
[  201.644246][ T7972] usb 4-1: config 0 has an invalid interface number: 51 but max is 0
[  201.654115][ T7972] usb 4-1: config 0 has no interface number 0
[  201.673474][ T7972] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f
[  201.691029][ T7972] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  201.708233][ T7972] usb 4-1: Product: syz
[  201.723354][ T7972] usb 4-1: Manufacturer: syz
[  201.730226][ T7972] usb 4-1: SerialNumber: syz
[  201.750362][ T7972] usb 4-1: config 0 descriptor??
[  201.776682][ T7972] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected
[  201.937920][ T9463] loop2: detected capacity change from 0 to 1024
[  201.941828][ T9463] EXT4-fs: Ignoring removed nobh option
[  201.944470][ T9463] EXT4-fs: Ignoring removed bh option
[  201.966946][ T9463] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  201.989354][ T7972] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0
[  201.996391][ T9463] EXT4-fs error (device loop2): mb_free_blocks:2017: group 0, inode 15: block 225:freeing already freed block (bit 14); block bitmap corrupt.
[  202.003617][ T7972] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1
[  202.091671][    T9] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  202.124635][ T5852] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  202.261576][    T9] usb 5-1: Using ep0 maxpacket: 32
[  202.267038][    T9] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40
[  202.271173][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  202.292071][    T9] usb 5-1: config 0 descriptor??
[  202.390086][    C0] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71
[  202.402300][   T47] usb 4-1: USB disconnect, device number 16
[  202.418321][   T47] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0
[  202.448503][   T47] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1
[  202.462118][   T47] quatech2 4-1:0.51: device disconnected
[  202.515181][    T9] dvb-usb: found a 'Elgato EyeTV Sat' in warm state.
[  202.517061][ T9476] loop2: detected capacity change from 0 to 1024
[  202.523235][ T9476] ext4: Unknown parameter 'fsmagic'
[  202.536982][    T9] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  202.547090][    T9] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat)
[  202.551563][    T9] usb 5-1: media controller created
[  202.573151][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  202.715578][    T9] az6027: usb out operation failed. (-71)
[  202.720523][    T9] az6027: usb out operation failed. (-71)
[  202.723185][    T9] stb0899_attach: Driver disabled by Kconfig
[  202.726572][    T9] az6027: no front-end attached
[  202.726572][    T9] 
[  202.729788][    T9] az6027: usb out operation failed. (-71)
[  202.732334][    T9] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat'
[  202.737166][    T9] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input13
[  202.748426][    T9] dvb-usb: schedule remote query interval to 400 msecs.
[  202.751045][    T9] dvb-usb: Elgato EyeTV Sat successfully initialized and connected.
[  202.755368][    T9] usb 5-1: USB disconnect, device number 9
[  202.797362][    T9] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected.
[  203.675519][ T9506] loop4: detected capacity change from 0 to 32768
[  203.682905][ T9506] 
[  203.682905][ T9506]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  203.682905][ T9506] 
[  203.739504][ T9506] 
[  203.739504][ T9506]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  203.739504][ T9506] 
[  203.764651][ T9506] 
[  203.764651][ T9506]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  203.764651][ T9506] 
[  203.773852][ T9506] 
[  203.773852][ T9506]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  203.773852][ T9506] 
[  203.777943][ T9506] 
[  203.777943][ T9506]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  203.777943][ T9506] 
[  203.789752][ T9506] 
[  203.789752][ T9506]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  203.789752][ T9506] 
[  203.798232][ T9513] loop2: detected capacity change from 0 to 128
[  203.798914][ T9506] 
[  203.798914][ T9506]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  203.798914][ T9506] 
[  203.805485][ T9515] loop3: detected capacity change from 0 to 128
[  203.813649][  T114] 
[  203.813649][  T114]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  203.813649][  T114] 
[  203.842188][ T9515] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  203.882812][ T9515] ext4 filesystem being mounted at /290/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  203.899444][ T7922] 
[  203.899444][ T7922]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  203.899444][ T7922] 
[  203.906273][ T7922] 
[  203.906273][ T7922]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  203.906273][ T7922] 
[  203.983385][ T9515] fscrypt: AES-256-CBC-CTS using implementation "cts(cbc(ecb(aes-fixed-time)))"
[  204.051750][ T9515] fscrypt: loop3: 1 inode(s) still busy after removing key with identifier 69b2f6edeee720cce0577937eb8a6751, including ino 12
[  204.111609][ T6882] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  204.163130][ T9520] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1305'.
[  204.174213][ T9520] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1305'.
[  204.177345][ T9520] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1305'.
[  204.193260][ T9520] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1305'.
[  204.440949][ T5312] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  204.594351][ T5312] usb 4-1: unable to get BOS descriptor or descriptor too short
[  204.605013][ T5312] usb 4-1: config index 0 descriptor too short (expected 64776, got 27)
[  204.609051][ T5312] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  204.622261][ T5312] usb 4-1: config 1 interface 0 altsetting 9 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  204.627387][ T5312] usb 4-1: config 1 interface 0 has no altsetting 0
[  204.637313][ T5312] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40
[  204.642249][ T5312] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  204.645482][ T5312] usb 4-1: Product: syz
[  204.647203][ T5312] usb 4-1: Manufacturer: syz
[  204.649098][ T5312] usb 4-1: SerialNumber: syz
[  204.754569][ T9554] loop2: detected capacity change from 0 to 512
[  204.769780][ T9554] EXT4-fs error (device loop2): ext4_orphan_get:1392: inode #15: comm syz.2.1317: iget: bad extended attribute block 1
[  204.776588][ T9554] EXT4-fs error (device loop2): ext4_orphan_get:1397: comm syz.2.1317: couldn't read orphan inode 15 (err -117)
[  204.782952][ T9554] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  204.806972][ T5852] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  204.821020][ T7972] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  204.885615][ T5312] usb 4-1: USB disconnect, device number 17
[  205.187128][ T7972] usb 5-1: unable to get BOS descriptor or descriptor too short
[  205.771466][ T7972] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  205.926126][ T9569] netlink: 'syz.2.1321': attribute type 10 has an invalid length.
[  205.946536][ T9569] bond0: (slave wlan1): Enslaving as an active interface with an up link
[  206.049972][ T9570] mac80211_hwsim hwsim6 wlan1: entered allmulticast mode
[  206.072943][ T7972] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  206.078070][ T7972] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  206.083518][ T7972] usb 5-1: Product: syz
[  206.086549][ T7972] usb 5-1: Manufacturer: syz
[  206.089827][ T7972] usb 5-1: SerialNumber: syz
[  206.445100][ T7972] usb 5-1: USB disconnect, device number 10
[  206.488939][ T5854] udevd[5854]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  206.860481][ T9591] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1331'.
[  206.945695][ T9597] loop2: detected capacity change from 0 to 512
[  206.986794][ T9597] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  206.998918][ T9597] ext4 filesystem being mounted at /449/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  207.022143][ T9597] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #2: comm syz.2.1334: corrupted inode contents
[  207.051741][ T9597] EXT4-fs error (device loop2): ext4_dirty_inode:6538: inode #2: comm syz.2.1334: mark_inode_dirty error
[  207.057365][ T9597] EXT4-fs error (device loop2): ext4_do_update_inode:5653: inode #2: comm syz.2.1334: corrupted inode contents
[  207.069127][ T9597] EXT4-fs error (device loop2): __ext4_ext_dirty:206: inode #2: comm syz.2.1334: mark_inode_dirty error
[  207.087788][ T9603] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1336'.
[  207.123067][ T5852] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  207.376898][ T9595] loop3: detected capacity change from 0 to 32768
[  207.440733][ T9595] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  207.498017][ T9595] XFS (loop3): Ending clean mount
[  207.526618][ T9595] XFS (loop3): Quotacheck needed: Please wait.
[  207.628922][ T9595] XFS (loop3): Quotacheck: Done.
[  207.791373][ T6882] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  208.296185][ T9630] loop3: detected capacity change from 0 to 512
[  208.342436][ T9630] EXT4-fs (loop3): revision level too high, forcing read-only mode
[  208.345719][ T9630] EXT4-fs (loop3): orphan cleanup on readonly fs
[  208.363343][ T9630] EXT4-fs error (device loop3): ext4_orphan_get:1392: inode #15: comm syz.3.1343: iget: bad i_size value: 38620345925642
[  208.368384][ T9630] EXT4-fs error (device loop3): ext4_orphan_get:1397: comm syz.3.1343: couldn't read orphan inode 15 (err -117)
[  208.378166][ T9630] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  208.397906][ T6882] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  208.776814][ T9652] loop4: detected capacity change from 0 to 4096
[  208.819671][ T9652] ntfs3(loop4): Mark volume as dirty due to NTFS errors
[  208.843855][ T9652] ntfs3(loop4): Failed to load $Extend (-22).
[  208.845768][ T9652] ntfs3(loop4): Failed to initialize $Extend.
[  209.002596][ T9670] 9pnet_rdma: rdma_create_trans (9670): problem binding to privport: 13
[  209.106116][ T9672] loop2: detected capacity change from 0 to 1024
[  209.193863][ T9672] hfsplus: request for non-existent node 16777216 in B*Tree
[  209.196931][ T9672] hfsplus: request for non-existent node 16777216 in B*Tree
[  209.233033][ T9672] hfsplus: request for non-existent node 16777216 in B*Tree
[  209.235589][ T9672] hfsplus: request for non-existent node 16777216 in B*Tree
[  209.239442][ T9658] loop3: detected capacity change from 0 to 32768
[  209.246379][ T9677] hfsplus: request for non-existent node 16777216 in B*Tree
[  209.249429][ T9677] hfsplus: request for non-existent node 16777216 in B*Tree
[  209.259779][ T9658] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.1354 (9658)
[  209.271515][ T9672] hfsplus: request for non-existent node 16777216 in B*Tree
[  209.274373][ T9672] hfsplus: request for non-existent node 16777216 in B*Tree
[  209.314701][ T9658] BTRFS info (device loop3): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  209.341003][ T9658] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  209.344827][ T9658] BTRFS info (device loop3): using free-space-tree
[  209.547829][ T9676] loop4: detected capacity change from 0 to 32768
[  209.584936][ T9676] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1365 (9676)
[  209.618615][ T9676] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  209.628885][ T9676] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm
[  209.651070][ T9676] BTRFS info (device loop4): using free-space-tree
[  209.726047][ T9714] openvswitch: netlink: Missing key (keys=40, expected=2000)
[  209.808052][ T6882] BTRFS info (device loop3): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  210.128088][ T9729] (unnamed net_device) (uninitialized): option updelay: invalid value (18446744073709510581)
[  210.141906][ T9729] (unnamed net_device) (uninitialized): option updelay: allowed values 0 - 2147483647
[  210.230443][ T7922] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  210.284439][ T9732] loop2: detected capacity change from 0 to 128
[  210.508543][ T9740] tmpfs: Bad value for 'nr_blocks'
[  211.174253][ T5847] Bluetooth: hci1: command tx timeout
[  211.716751][ T9785] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] SMP KASAN PTI
[  211.720855][ T9785] KASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]
[  211.724565][ T9785] CPU: 1 UID: 0 PID: 9785 Comm: syz.2.1398 Not tainted 6.17.0-rc1-syzkaller-00036-gdfc0f6373094-dirty #0 PREEMPT(full) 
[  211.730257][ T9785] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  211.733674][ T9785] RIP: 0010:pcl818_ai_cancel+0x69/0x3f0
[  211.735879][ T9785] Code: 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 39 5e 36 f9 48 8b 03 48 89 04 24 49 83 c4 28 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 18 5e 36 f9 4d 8b 24 24 48 83 c3
[  211.741963][ T9785] RSP: 0018:ffffc90006fb7a60 EFLAGS: 00010206
[  211.743825][ T9785] RAX: 0000000000000005 RBX: ffff88810ea1be80 RCX: 0000000000080000
[  211.746270][ T9785] RDX: ffffc90020021000 RSI: 00000000000003da RDI: 00000000000003db
[  211.748669][ T9785] RBP: 0000000000000001 R08: ffff888021ee692f R09: 1ffff110043dcd25
[  211.751084][ T9785] R10: dffffc0000000000 R11: ffffffff88ec9110 R12: 0000000000000028
[  211.753571][ T9785] R13: dffffc0000000000 R14: ffff888021ee6800 R15: dffffc0000000000
[  211.756221][ T9785] FS:  00007f52ceac16c0(0000) GS:ffff8881a3c1c000(0000) knlGS:0000000000000000
[  211.759105][ T9785] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  211.761731][ T9785] CR2: 0000001b3251eff8 CR3: 000000002a680000 CR4: 00000000000006f0
[  211.764909][ T9785] Call Trace:
[  211.766223][ T9785]  <TASK>
[  211.767375][ T9785]  pcl818_detach+0x66/0xd0
[  211.769132][ T9785]  comedi_device_detach_locked+0x178/0x750
[  211.771409][ T9785]  comedi_unlocked_ioctl+0xcde/0x1020
[  211.773502][ T9785]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  211.775798][ T9785]  ? __lock_acquire+0xab9/0xd20
[  211.777732][ T9785]  ? __fget_files+0x2a/0x420
[  211.779541][ T9785]  ? __fget_files+0x2a/0x420
[  211.781367][ T9785]  ? __fget_files+0x3a0/0x420
[  211.783198][ T9785]  ? __fget_files+0x2a/0x420
[  211.784996][ T9785]  ? bpf_lsm_file_ioctl+0x9/0x20
[  211.786947][ T9785]  ? __pfx_comedi_unlocked_ioctl+0x10/0x10
[  211.789244][ T9785]  __se_sys_ioctl+0xfc/0x170
[  211.791080][ T9785]  do_syscall_64+0xfa/0x3b0
[  211.792857][ T9785]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  211.795257][ T9785]  ? asm_sysvec_call_function_single+0x1a/0x20
[  211.797648][ T9785]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  211.799946][ T9785] RIP: 0033:0x7f52cdb8ebe9
[  211.801692][ T9785] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  211.809159][ T9785] RSP: 002b:00007f52ceac1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010
[  211.812348][ T9785] RAX: ffffffffffffffda RBX: 00007f52cddb6090 RCX: 00007f52cdb8ebe9
[  211.815428][ T9785] RDX: 0000000000000000 RSI: 0000000040946400 RDI: 0000000000000005
[  211.818502][ T9785] RBP: 00007f52cdc11e19 R08: 0000000000000000 R09: 0000000000000000
[  211.821544][ T9785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  211.824561][ T9785] R13: 00007f52cddb6128 R14: 00007f52cddb6090 R15: 00007fffdcf8beb8
[  211.827583][ T9785]  </TASK>
[  211.828824][ T9785] Modules linked in:
[  211.831587][ T9785] ---[ end trace 0000000000000000 ]---
[  211.838302][ T9785] RIP: 0010:pcl818_ai_cancel+0x69/0x3f0
[  211.841372][ T9785] Code: 8b 1b 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 39 5e 36 f9 48 8b 03 48 89 04 24 49 83 c4 28 4c 89 e0 48 c1 e8 03 <42> 80 3c 28 00 74 08 4c 89 e7 e8 18 5e 36 f9 4d 8b 24 24 48 83 c3
[  211.849250][ T9785] RSP: 0018:ffffc90006fb7a60 EFLAGS: 00010206
[  211.851929][ T9785] RAX: 0000000000000005 RBX: ffff88810ea1be80 RCX: 0000000000080000
[  211.853342][ T9772] delete_channel: no stack
[  211.855139][ T9785] RDX: ffffc90020021000 RSI: 00000000000003da RDI: 00000000000003db
[  211.860239][ T9785] RBP: 0000000000000001 R08: ffff888021ee692f R09: 1ffff110043dcd25
[  211.863471][ T9785] R10: dffffc0000000000 R11: ffffffff88ec9110 R12: 0000000000000028
[  211.866080][ T9785] R13: dffffc0000000000 R14: ffff888021ee6800 R15: dffffc0000000000
[  211.868697][ T9785] FS:  00007f52ceac16c0(0000) GS:ffff8881a3c1c000(0000) knlGS:0000000000000000
[  211.872458][ T9785] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  211.874632][ T9785] CR2: 00007f52ceaa0d58 CR3: 000000002a680000 CR4: 00000000000006f0
[  211.877310][ T9785] Kernel panic - not syncing: Fatal exception
[  211.879850][ T9785] Kernel Offset: disabled
[  211.881251][ T9785] Rebooting in 86400 seconds..

VM DIAGNOSIS:
01:40:57  Registers:
info registers vcpu 0

CPU#0
RAX=aaf0e6616d45a200 RBX=ffffffff8216ab7a RCX=dffffc0000000000 RDX=0000000000000000
RSI=ffffea0000ff16c0 RDI=ffffffff8216ab7a RBP=ffffc90006816408 RSP=ffffc90006816328
R8 =ffff88805fffc17f R9 =1ffff1100bfff82f R10=dffffc0000000000 R11=ffffed100bfff830
R12=dffffc0000000000 R13=0000000000000a06 R14=0000000000000001 R15=1ffff92000d02c6c
RIP=ffffffff8b794a95 RFL=00000046 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007fdc11f216c0 ffffffff 00c00000
GS =0000 ffff8880b861c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b32d23ffc CR3=000000010b864000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=00007fe0f7eed100 00007fe0f7387460 XMM05=00007fe0f7387478 00007fe0f73874c0
XMM06=00007fe0f73874b8 00007fe0f73874b0 XMM07=00007fe0f73874a8 00007fe0f73874a0
XMM08=0000000000000000 00007fe0f7212ee7 XMM09=0000000000000000 00007fe0f7212fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=000000000000003a RBX=000000000000003a RCX=0000000000000000 RDX=00000000000003f8
RSI=000000000000169b RDI=000000000000169c RBP=00000000000003f8 RSP=ffffc90006fb71f0
R8 =ffff888106ed8237 R9 =1ffff11020ddb046 R10=dffffc0000000000 R11=ffffffff854efeb0
R12=dffffc0000000000 R13=ffffffff99af98f4 R14=ffffffff99dee3a0 R15=0000000000000000
RIP=ffffffff854eff2c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f52ceac16c0 ffffffff 00c00000
GS =0000 ffff8881a3c1c000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b3251eff8 CR3=000000002a680000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f52cdd87498 00007f52cdd87470 XMM03=00007f52cdd874a8 00007f52cdd874a0
XMM04=00007f52ce8ed100 00007f52cdd87460 XMM05=00007f52cdd87478 00007f52cdd874c0
XMM06=00007f52cdd874b8 00007f52cdd874b0 XMM07=00007f52cdd874a8 00007f52cdd874a0
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007f52cdc12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
