last executing test programs:

1.624287021s ago: executing program 2 (id=137):
r0 = socket$kcm(0x21, 0x2, 0xa)
sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in6={0x21, 0xfffc, 0x2, 0x1c, {0xa, 0x0, 0x4, @dev}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=[{0x18, 0x110, 0x1, "dc"}], 0x18}, 0xfc00)
sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f00000008c0)=[{0x18, 0x110, 0x1, "dc"}], 0x18}, 0x0)

1.545396427s ago: executing program 2 (id=138):
syz_mount_image$vfat(&(0x7f00000002c0), &(0x7f0000000280)='./bus\x00', 0x8, 0x0, 0x4, 0x0, &(0x7f00000007c0))
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x20000008b}, 0x0)
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f00000001c0)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f00000000c0)={'vcan0\x00', <r4=>0x0})
bind$can_j1939(r3, &(0x7f0000000100)={0x1d, r4, 0x3, {0x0, 0xf0, 0x4}, 0xfe}, 0x18)
sendmmsg(r3, &(0x7f0000000040)=[{{&(0x7f0000000140)=@can={0x1d, r4}, 0x80, &(0x7f0000000000)=[{&(0x7f00000007c0)="155ed6", 0x3}], 0x1}}], 0x1, 0x2004c801)

871.095992ms ago: executing program 1 (id=141):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000036000/0x2000)=nil, &(0x7f0000594000/0x4000)=nil, &(0x7f0000f36000/0x2000)=nil, &(0x7f0000918000/0x4000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000c12000/0x2000)=nil, &(0x7f000003f000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0, 0x30}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r0 = io_uring_setup(0x7, &(0x7f0000000040)={0x0, 0xc8a1, 0xc000, 0x8, 0xc1})
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="19000000"], 0x50)
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)

794.525632ms ago: executing program 1 (id=142):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.numa_stat\x00', 0x26e1, 0x0)
close(r0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r0, 0x8b28, &(0x7f0000000000)={'wlan1\x00', @random="8100"})

794.410994ms ago: executing program 1 (id=143):
syz_emit_vhci(&(0x7f0000000cc0)=@HCI_EVENT_PKT={0x4, @hci_ev_le_meta={{0x3e, 0x2}}}, 0x5)

714.939602ms ago: executing program 1 (id=144):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x5, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000600)={&(0x7f0000000080)='sys_enter\x00', r0}, 0x10)
r1 = getpgrp(0x0)
r2 = syz_pidfd_open(r1, 0x0)
r3 = epoll_create(0x1)
epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f00000000c0))
r4 = syz_clone(0x20002000, 0x0, 0x0, 0x0, 0x0, 0x0)
kcmp$KCMP_EPOLL_TFD(r1, r4, 0x7, r2, &(0x7f0000000040)={r3, r2})

573.755103ms ago: executing program 0 (id=145):
syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000200)='./bus\x00', 0x8180, &(0x7f0000000340)=ANY=[], 0x1, 0x574, &(0x7f0000002100)="$eJzs2sFqE10UB/CTNk3LxwdmLS4G3Lgq1ScwSAvFgBLJQhFxMHGTEWGymWTVB/EBxOcRHySr7iJ1YtJoETWdjtrfD0IO+d9czuXC3Fncl7fejAZvx6+ff3wXe/eTaEbE1mlEO7ZiO0qNWGlEK847CQDgb9PrpZ26e6Baed5Jz97hdr9L+h9qaQgAAAAAAAAAAICN/cr9/63fuf8/qKJrAGAT5f3/Vt1tUKE876StxfvbOvf/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgPqczuc35j/4fB336kW9fQIAl+dnz38A4N/h/AeA68f5DwDXz5Onzx52ut3DXpLsRcxOin7RL7/L/Oi4e3iQfNFe/WtWFP3tZX63zJP1fCf+W+T3Lsxbced2mZ9lDx51v8l3Y1D98gEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBz9pOldmP566wo+ttlvhrQjrW8rI6Ou4cHiwHreTNuNq9uHQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDmxpPpKM2yYa6oomhGxObzPF7bpgsm3P+/3M2dxa5e/nIiGhXNrNiseP8pooqZ63smAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9RpPpqM0y4b5uO5OAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA/xXgyHaVZNswrLOpeIwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFfvcwAAAP//Bs6F/w==")
r0 = landlock_create_ruleset(&(0x7f00000000c0)={0x100}, 0x18, 0x0)
landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, 0x1, 0x0, 0x0)
landlock_restrict_self(r0, 0x0)
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./bus\x00', 0x101442, 0x0)

573.250207ms ago: executing program 2 (id=146):
r0 = socket$nl_crypto(0x10, 0x3, 0x15)
sendmsg$netlink(r0, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000005940)={0xe0, 0x10, 0x50b, 0x0, 0x200, "", [@generic="6f6d8864d22a3f2ffaa46c88bc", @nested={0xc0, 0x3f, 0x0, 0x1, [@typed={0xa, 0x12d, 0x0, 0x0, @str='\x7flan1\x00'}, @nested={0xad, 0x6c, 0x0, 0x1, [@typed={0x8, 0xb5, 0x0, 0x0, @fd}, @generic="98fbed031208d914678b4dfa950c2e1f9f73532c303c9f8dc424d4220e41a298b10b260ad41aab07f25d1d65dc66b3beb3591defea88cd06b90595788bf8c75ba0099ed72f0ce2aea6a297fe555accc416309bc98c032ed7ad3e9d7fb422d0e66dc80504372f3da1d62c7813ef96196d5984e610f9d22e537ea6e72d3087d90e4cbec39e5e8e00b86a7348be68a48093119dbf21d6aa32a892f9aaf62f14da0419"]}]}]}, 0xe0}], 0x1, 0x0, 0x0, 0x804}, 0x80)

572.881038ms ago: executing program 1 (id=147):
syz_init_net_socket$bt_l2cap(0x9, 0x0, 0x9)

474.361057ms ago: executing program 2 (id=148):
r0 = socket(0x8000000010, 0x2, 0x0)
write(r0, &(0x7f00000002c0)="fc0000001c000704ab5b2509b868030002ab087a0100000001481093210001c0f0030584050060100000000000039815fa2c53c28648000000b9d95662537a00bc000c00f0ff7f0000b400600033d44000040560916a0033f436313012dafd5a32e273fc83ab82d710f74cec184406f90d435ef8b29d3ef3d92c94170e5bba2e177312e081bea05d3a021e8ca062914a46ccfc510bb73c9455cdc8363ae4f5df77bc4cfd6239ec2a0f0d1bcae5fa0f5f9dcdd51af51af8502943283f4bb102b2b8f5566791cf190201ded815b2ccd243f395ed94e0ad91bd6433802e0784f2013cd1890058a10000c880ac801fe4af000049f0d4796f0000090548de", 0xfc)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_inet_SIOCSARP(r1, 0x8953, &(0x7f0000000180)={{0x2, 0x0, @empty}, {}, 0x0, {0x2, 0x0, @multicast1=0xe000cc02}})

474.159055ms ago: executing program 1 (id=149):
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
prctl$PR_GET_IO_FLUSHER(0x4)
prctl$PR_GET_IO_FLUSHER(0x3a)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@nfs_export_on}]})
chdir(&(0x7f00000000c0)='./bus\x00')
r3 = creat(&(0x7f0000000440)='./file0\x00', 0xffffffa1)
open_by_handle_at(r3, &(0x7f0000000140)=@OVL_FILEID_V1={0x18, 0x300fb, {'\x00', {0x0, 0xfb, 0x15, 0x7, 0x5, "e8371f2efe0868327a31a705ec978547"}}}, 0x830200)

474.075455ms ago: executing program 0 (id=150):
r0 = syz_open_dev$video4linux(&(0x7f00000000c0), 0x100000007, 0x0)
ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000000)={0xf0f001, 0x4})

384.750916ms ago: executing program 2 (id=151):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
writev(r0, &(0x7f0000000800)=[{&(0x7f0000000700)="ebfa0e81ceb3dc4c43c215dc4dade38ff8c84ace9d15af003afa41ae5fbebe5b175c12cf29c48c2d4b61ce76443645c1dc73113beeb9b5a73cd0415b0437839aa6c68111a4582c3a6a3bb8f9e0c37b9b3f376c", 0x53}], 0x1)

90.55149ms ago: executing program 0 (id=152):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000480)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x24, r1, 0x200, 0x70bd2b, 0x2, {}, [@NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8}, @NL80211_ATTR_TXQ_QUANTUM={0x8, 0x10c, 0x3}]}, 0x24}, 0x1, 0x0, 0x0, 0x840}, 0x0)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000200)={0x0, 0xffffffffffffff8c, &(0x7f0000000b00)={&(0x7f0000000040)={0x28, r1, 0x1, 0x14, 0x0, {{0x2}, {@val={0x8, 0x3, r2}, @void}}}, 0x28}}, 0x0)

82.844231ms ago: executing program 0 (id=153):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
sendmmsg$inet6(r0, &(0x7f0000001640)=[{{&(0x7f0000000100)={0xa, 0x4e20, 0x4, @private1={0xfc, 0x1, '\x00', 0x2}, 0x6}, 0x1c, &(0x7f0000000640)=[{&(0x7f0000000240)='Y', 0x1}], 0x1}}, {{&(0x7f0000000a00)={0xa, 0x4e20, 0x30, @local, 0x3}, 0x1c, &(0x7f0000000b40)=[{&(0x7f0000000a40)="a3", 0x1}], 0x1}}], 0x2, 0x840)
shutdown(r0, 0x1)
setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r0, 0x84, 0x22, &(0x7f0000000000)={0x9, 0x2, 0x5, 0x81}, 0x10)

278.493µs ago: executing program 2 (id=154):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000680)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6e6f757365725f78617474722c636f686572656e63793d66756c6c2c646174613d77726974656261636b2c6c6f63616c616c6c6f633d30303030303030303030303030303030303030312c61636c2c6e6f61636c2c6c6f63616c616c6c6f633d30303030303030303030303030303030303030302c00a89f6b8d5800aa954e6c8735dcd52921ce08462fb4ce7c1600883251443ac332f4d17b77d29867e4321610936dbc5963e9fb59a032c92e32ebffc3b739951e866d52bff6bd63136a656222062a8eea0cf97480bc8ac6c0e8a2aa38ffa8fa758cd54b9ef39a7f536d7b85173a83c34d78e210ecf4d040817bbe989e9eb015acb84bb90577b8b405a48292eeca69f5275cb7b7027d4bf643bd69b034c0221a30"], 0x1, 0x442d, &(0x7f0000004480)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3fGeefeYw+8SJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAsh9HX+7wUAAAAAAAAAAAAAAAAAAIC/o833/3PRiSbv/48lx5EW9dff6vwY6ZyJt6+OXRgcSvZ/j7blv54k/XKuK/Q32fc9u//7uUz95vu/b+9ntxrja/TbF6J4IHUexwMDIXyTbPx+KjoSl8pLlVdvlZcXZvdsGM+sdPzru/enopNs6N9u/Ecz7Xd+////bruaquc39+4Se66l49/Vsty3n0Ztxf98pt5+xJ/dS8e/u5bWu7XASH0CqMb/8+6d4z+Wab9T8T8eQshF1bHmUjNAdQ1TTW+1XiEtHf9DtbTU1Jn8I1vd/79n4n8h0/5Bzf8r2Q8imkrH/1+1tJ5Uic37vz/e+f6/mGn/IOJfHf+Kz/+2pON/uJ7YnSpS+0+2O/+PZ9rvVPyvx8k4j0epK2A1qqe3+r460tLx79mWv/n8F7e1/ruUqb9fz3+NfhvPf43p/+Wo/vxHc+n497Ys1+79P5Gp1+n5f6S2/mO30vE/UktLr53rX8rZbvwnM+13Kv61VUlPI/6b88kfh+vpX1v/tSUd/3/XE+OtJVZqP2vrv2jn9f/lTPsHsf6rjn8l7myvz4t0/I+2LFeN/w9tfP5fydTrfPxDGLTW37V0/I+1LFe7/3t2jv9Upl6n4/9SJxsHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeAaMJse+EMUDqfM4HhgI4XxyfiociaYLs/npUnnmo6UQxpL0XDgR3S6Vpwul/NxCebaYL5RK5ZkQLiT5J0NPtFQqV/LzhbsXN9rqje4UC4uV6WKhEkIYT9L/H4412pqeq8wX7oYQLm3k/ScuL969U1jIz84tvjk4ODgYJjbG0B8VP6kUFyr13uu5IUxu1O2Ltgyuln15YyxHow/Ly4sLhVIt/cqWOqXyTKG0pc5UkvdF6I8qi8sLM4VKMV8q3270d5BGkuPYxLX3rl0Z2pZ/M6ofR/d3WAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD8RY+G3/gyhNBdP4tDCCONX6Jm5R8+Lp7NP526vzZ8enL1wdqTVuUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgT3bgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwS8coDQRRGIDfjIXaeQyrZbezXVFEC1cET6DH8DB6FC/hHVKkSJsiBJJZCJtd2Capvq95MD8z78E8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYJ6n9+7jrW4iUlxtLiP+vv4Xh/lLqT/34/cvzjAjp/P82j081k3593SU35WjZZt36Xr1/Rkjtfc72JPhPu31fa4n55rat6n5+r43kXIVEW3Jb1POVTXvLQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAtO3AgAAAAAADk/9oIVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVdiBYwEAAAAAYf7WUfRtAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPwKAAD//+UFHyA=")
open(&(0x7f0000000240)='./file1\x00', 0x145142, 0x0)
open(&(0x7f0000000900)='./file1\x00', 0x84200, 0x104)

73.218µs ago: executing program 0 (id=155):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@getnexthop={0x28, 0x76, 0xb0d, 0x20, 0x25dfdbff, {0x3}, [@NHA_MASTER={0x8, 0xa, 0x2}, @NHA_ID={0x8, 0x1, 0x2}]}, 0x28}, 0x1, 0x0, 0x0, 0x80}, 0x0)

0s ago: executing program 0 (id=156):
syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000400)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x8, 0x5ac, 0x24b, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x4, 0xb0, 0x0, [{{0x9, 0x4, 0x0, 0xd, 0x2, 0x3, 0x1, 0x2, 0x3, {0x9, 0x21, 0x5, 0x6d, 0x1, {0x22, 0x634}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0x7, 0x8, 0xdb}}}}}]}}]}}, &(0x7f0000000900)={0x0, 0x0, 0x0, 0x0})

kernel console output (not intermixed with test programs):

Warning: Permanently added '[localhost]:52185' (ED25519) to the list of known hosts.
syzkaller login: [   48.900804][ T5774] cgroup: Unknown subsys name 'net'
[   48.968653][ T5774] cgroup: Unknown subsys name 'cpuset'
[   48.972657][ T5774] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   50.802591][ T5774] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   55.095805][ T5236] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   55.100285][ T5236] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   55.115922][ T5848] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   55.118439][ T5848] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   55.121275][ T5843] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   55.124598][ T5848] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   55.127483][ T5848] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   55.134449][ T5849] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   55.149807][ T5848] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   55.152312][ T5849] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   55.157375][ T5849] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   55.161397][ T5849] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   55.165900][ T5851] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   55.171849][ T5849] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   55.184582][ T5851] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   55.466064][ T5846] chnl_net:caif_netlink_parms(): no params data found
[   55.528792][ T5842] chnl_net:caif_netlink_parms(): no params data found
[   55.536493][ T5850] chnl_net:caif_netlink_parms(): no params data found
[   55.571879][ T5846] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.574837][ T5846] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.577467][ T5846] bridge_slave_0: entered allmulticast mode
[   55.580452][ T5846] bridge_slave_0: entered promiscuous mode
[   55.622752][ T5846] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.625739][ T5846] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.628582][ T5846] bridge_slave_1: entered allmulticast mode
[   55.631547][ T5846] bridge_slave_1: entered promiscuous mode
[   55.682681][ T5846] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.706748][ T5846] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.744512][ T5850] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.747426][ T5850] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.750232][ T5850] bridge_slave_0: entered allmulticast mode
[   55.753524][ T5850] bridge_slave_0: entered promiscuous mode
[   55.758412][ T5850] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.760892][ T5850] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.763239][ T5850] bridge_slave_1: entered allmulticast mode
[   55.766479][ T5850] bridge_slave_1: entered promiscuous mode
[   55.768842][ T5842] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.771257][ T5842] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.775631][ T5842] bridge_slave_0: entered allmulticast mode
[   55.779194][ T5842] bridge_slave_0: entered promiscuous mode
[   55.795232][ T5846] team0: Port device team_slave_0 added
[   55.809245][ T5842] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.811802][ T5842] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.816139][ T5842] bridge_slave_1: entered allmulticast mode
[   55.819529][ T5842] bridge_slave_1: entered promiscuous mode
[   55.823576][ T5846] team0: Port device team_slave_1 added
[   55.860024][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.862372][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.870616][ T5846] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.877749][ T5850] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.896870][ T5846] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.899270][ T5846] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.908758][ T5846] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.914117][ T5850] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.926904][ T5842] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.946478][ T5850] team0: Port device team_slave_0 added
[   55.950891][ T5850] team0: Port device team_slave_1 added
[   55.962599][ T5842] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   56.006975][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_0
[   56.009450][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.018038][ T5850] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   56.022565][ T5850] batman_adv: batadv0: Adding interface: batadv_slave_1
[   56.025453][ T5850] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.034807][ T5850] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   56.039382][ T5842] team0: Port device team_slave_0 added
[   56.062882][ T5842] team0: Port device team_slave_1 added
[   56.085333][ T5846] hsr_slave_0: entered promiscuous mode
[   56.088538][ T5846] hsr_slave_1: entered promiscuous mode
[   56.135105][ T5850] hsr_slave_0: entered promiscuous mode
[   56.138353][ T5850] hsr_slave_1: entered promiscuous mode
[   56.141331][ T5850] debugfs: 'hsr0' already exists in 'hsr'
[   56.143727][ T5850] Cannot create hsr debugfs directory
[   56.147349][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_0
[   56.150390][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.161786][ T5842] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   56.180345][ T5842] batman_adv: batadv0: Adding interface: batadv_slave_1
[   56.182871][ T5842] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.192045][ T5842] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   56.308420][ T5842] hsr_slave_0: entered promiscuous mode
[   56.310731][ T5842] hsr_slave_1: entered promiscuous mode
[   56.313265][ T5842] debugfs: 'hsr0' already exists in 'hsr'
[   56.317302][ T5842] Cannot create hsr debugfs directory
[   56.516153][ T5846] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   56.528605][ T5846] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   56.535892][ T5846] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   56.541878][ T5846] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   56.584261][ T5850] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   56.603341][ T5850] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   56.618631][ T5850] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   56.627561][ T5850] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   56.661232][ T5842] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   56.667538][ T5842] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   56.677667][ T5842] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   56.687509][ T5842] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   56.740046][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.763333][ T5846] 8021q: adding VLAN 0 to HW filter on device team0
[   56.783984][  T141] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.787238][  T141] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.805552][  T141] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.808282][  T141] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.828457][ T5850] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.880729][ T5850] 8021q: adding VLAN 0 to HW filter on device team0
[   56.900301][  T681] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.903254][  T681] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.917204][  T681] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.919868][  T681] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.926439][ T5842] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.947417][ T5842] 8021q: adding VLAN 0 to HW filter on device team0
[   56.963139][ T5850] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[   56.984539][ T5850] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   57.009041][  T681] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.011402][  T681] bridge0: port 1(bridge_slave_0) entered forwarding state
[   57.029209][  T681] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.032032][  T681] bridge0: port 2(bridge_slave_1) entered forwarding state
[   57.047896][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.060814][ T5842] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[   57.146269][ T5846] veth0_vlan: entered promiscuous mode
[   57.159533][ T5846] veth1_vlan: entered promiscuous mode
[   57.180091][ T5842] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.184207][ T5851] Bluetooth: hci0: command tx timeout
[   57.193662][ T5846] veth0_macvtap: entered promiscuous mode
[   57.220983][ T5846] veth1_macvtap: entered promiscuous mode
[   57.236531][ T5842] veth0_vlan: entered promiscuous mode
[   57.247997][ T5842] veth1_vlan: entered promiscuous mode
[   57.252610][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0
[   57.255294][ T5851] Bluetooth: hci2: command tx timeout
[   57.256377][ T5848] Bluetooth: hci1: command tx timeout
[   57.259606][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1
[   57.267533][ T5850] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.278392][ T5873] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   57.284703][ T5873] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   57.292789][ T5873] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   57.297576][ T5873] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   57.338456][ T5842] veth0_macvtap: entered promiscuous mode
[   57.356309][ T5842] veth1_macvtap: entered promiscuous mode
[   57.360377][ T5850] veth0_vlan: entered promiscuous mode
[   57.371709][ T3576] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.371727][ T5850] veth1_vlan: entered promiscuous mode
[   57.376600][ T3576] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.391353][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_0
[   57.406299][   T32] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.406808][ T5842] batman_adv: batadv0: Interface activated: batadv_slave_1
[   57.408879][   T32] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.421510][ T5873] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   57.427966][ T5873] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   57.430978][ T5873] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   57.442349][ T5873] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   57.468897][ T5846] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality.
[   57.477477][ T5850] veth0_macvtap: entered promiscuous mode
[   57.510617][ T5850] veth1_macvtap: entered promiscuous mode
[   57.522765][ T3576] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.528029][ T3576] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.529808][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_0
[   57.542709][ T5850] batman_adv: batadv0: Interface activated: batadv_slave_1
[   57.562480][ T3576] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.565080][ T5873] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   57.565336][ T3576] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.582266][ T5911] loop2: detected capacity change from 0 to 8192
[   57.582461][ T5873] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   57.588800][ T5873] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   57.599233][ T5873] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   57.694509][ T3576] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.704426][ T3576] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.722540][  T141] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.726968][  T141] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.023678][ T5919] loop0: detected capacity change from 0 to 40427
[   58.029354][ T5919] F2FS-fs (loop0): build fault injection rate: 26
[   58.034020][ T5919] F2FS-fs (loop0): build fault injection type: 0xeffa
[   58.062597][ T5919] F2FS-fs (loop0): invalid crc value
[   58.072759][ T5919] F2FS-fs (loop0): inject kvmalloc in f2fs_kvmalloc of f2fs_build_segment_manager+0x3227/0x49f0
[   58.084807][ T5919] F2FS-fs (loop0): Failed to initialize F2FS segment manager (-12)
[   58.140873][ T5925] loop1: detected capacity change from 0 to 32768
[   58.149456][ T5925] =======================================================
[   58.149456][ T5925] WARNING: The mand mount option has been deprecated and
[   58.149456][ T5925]          and is ignored by this kernel. Remove the mand
[   58.149456][ T5925]          option from the mount to silence this warning.
[   58.149456][ T5925] =======================================================
[   58.203402][ T5925] JBD2: Ignoring recovery information on journal
[   58.236450][ T5925] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[   58.328700][ T5842] ocfs2: Unmounting device (7,1) on (node local)
[   58.396021][    T9] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   58.544364][    T9] usb 3-1: Using ep0 maxpacket: 32
[   58.549869][    T9] usb 3-1: config 0 has an invalid interface number: 85 but max is 0
[   58.552731][    T9] usb 3-1: config 0 has no interface number 0
[   58.557926][    T9] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 123, changing to 10
[   58.562233][    T9] usb 3-1: config 0 interface 85 has no altsetting 0
[   58.568067][    T9] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[   58.571408][    T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   58.574269][    T9] usb 3-1: Product: syz
[   58.575796][    T9] usb 3-1: Manufacturer: syz
[   58.577311][    T9] usb 3-1: SerialNumber: syz
[   58.579430][ T5945] loop1: detected capacity change from 0 to 32768
[   58.590325][    T9] usb 3-1: config 0 descriptor??
[   58.590382][ T5945] ocfs2: Slot 0 on device (7,1) was already allocated to this node!
[   58.600588][ T5945] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[   58.674025][ T5893] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   58.692612][ T5842] ocfs2: Unmounting device (7,1) on (node local)
[   58.834102][ T5893] usb 1-1: Using ep0 maxpacket: 8
[   58.840539][ T5893] usb 1-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a
[   58.843483][ T5893] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   58.846823][ T5893] usb 1-1: Product: syz
[   58.848389][ T5893] usb 1-1: Manufacturer: syz
[   58.849913][ T5893] usb 1-1: SerialNumber: syz
[   58.855507][ T5893] usb 1-1: config 0 descriptor??
[   58.861627][ T5893] gspca_main: sq930x-2.14.0 probing 2770:930c
[   59.064329][ T5912] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   59.214285][ T5912] usb 2-1: Using ep0 maxpacket: 8
[   59.214392][    T9] appletouch 3-1:0.85: Geyser mode initialized.
[   59.220598][ T5912] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[   59.223436][    T9] input: appletouch as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.85/input/input4
[   59.226351][ T5912] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   59.233030][ T5912] usb 2-1: Product: syz
[   59.235700][ T5912] usb 2-1: Manufacturer: syz
[   59.237884][ T5912] usb 2-1: SerialNumber: syz
[   59.252921][ T5912] usb 2-1: config 0 descriptor??
[   59.264171][ T5848] Bluetooth: hci0: command tx timeout
[   59.334683][ T5848] Bluetooth: hci1: command tx timeout
[   59.344072][ T5848] Bluetooth: hci2: command tx timeout
[   59.427948][ T1267] usb 3-1: USB disconnect, device number 2
[   59.447408][ T1267] appletouch 3-1:0.85: input: appletouch disconnected
[   59.465571][ T5912] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[   59.903897][ T5893] gspca_sq930x: reg_w 0105 0f00 failed -71
[   60.123227][ T5966] warning: `syz.2.23' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[   60.127876][ T5893] gspca_sq930x: Sensor ov9630 not yet treated
[   60.134382][ T5893] sq930x 1-1:0.0: probe with driver sq930x failed with error -22
[   60.146602][ T5893] usb 1-1: USB disconnect, device number 2
[   60.186528][ T5970] PM: Enabling pm_trace changes system date and time during resume.
[   60.186528][ T5970] PM: Correct system time has to be restored manually after resume.
[   60.678225][ T5912] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[   60.701793][ T5912] usb 2-1: USB disconnect, device number 2
[   61.273531][ T6005] netlink: 'syz.1.40': attribute type 10 has an invalid length.
[   61.281200][ T6005] openvswitch: netlink: Flow key attr not present in new flow.
[   61.365243][ T5848] Bluetooth: hci0: command tx timeout
[   61.418861][ T5848] Bluetooth: hci2: command tx timeout
[   61.425829][ T5848] Bluetooth: hci1: command tx timeout
[   61.572435][ T6017] loop1: detected capacity change from 0 to 4096
[   61.620968][ T6017] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[   61.650231][ T6017] ntfs3(loop1): ino=1e, "file1" attr_set_size
[   61.659213][ T6026] loop2: detected capacity change from 0 to 512
[   61.675287][ T6026] EXT4-fs (loop2): couldn't mount as ext3 due to feature incompatibilities
[   61.781235][ T6034] loop1: detected capacity change from 0 to 1024
[   61.825971][ T6034] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   61.867198][ T5842] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   61.948448][ T6047] process 'syz.1.59' launched './file0' with NULL argv: empty string added
[   62.350538][ T6069] netlink: 4 bytes leftover after parsing attributes in process `syz.1.69'.
[   62.626115][ T6077] loop1: detected capacity change from 0 to 2048
[   62.630150][ T6077] udf: Unknown parameter ''
[   62.833985][    T9] usb 3-1: new full-speed USB device number 3 using dummy_hcd
[   62.980809][ T5880] IPVS: starting estimator thread 0...
[   63.075078][ T6081] IPVS: using max 45 ests per chain, 108000 per kthread
[   63.315632][    T9] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08
[   63.318879][    T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   63.325924][    T9] usb 3-1: config 0 descriptor??
[   63.413997][ T5851] Bluetooth: hci0: command tx timeout
[   63.495600][ T5849] Bluetooth: hci2: command tx timeout
[   63.498060][ T5851] Bluetooth: hci1: command tx timeout
[   63.537442][    T9] udl 3-1:0.0: [drm] Unrecognized vendor firmware descriptor
[   63.738175][    T9] [drm:udl_init] *ERROR* Selecting channel failed
[   63.768684][    T9] [drm] Initialized udl 0.0.1 for 3-1:0.0 on minor 3
[   63.771073][    T9] [drm] Initialized udl on minor 3
[   63.787103][    T9] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9
[   63.794457][    T9] udl 3-1:0.0: [drm] Cannot find any crtc or sizes
[   63.806807][    T9] usb 3-1: USB disconnect, device number 3
[   63.818398][ T5893] udl 3-1:0.0: [drm] Cannot find any crtc or sizes
[   64.220220][   T33] audit: type=1326 audit(1755091116.123:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6091 comm="syz.0.78" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbbfcd8ebe9 code=0x7ffc0000
[   64.227876][   T33] audit: type=1326 audit(1755091116.123:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6091 comm="syz.0.78" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbbfcd8ebe9 code=0x7ffc0000
[   64.237326][   T33] audit: type=1326 audit(1755091116.143:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6091 comm="syz.0.78" exe="/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7fbbfcd8ebe9 code=0x7ffc0000
[   64.248565][   T33] audit: type=1326 audit(1755091116.143:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6091 comm="syz.0.78" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbbfcd8ebe9 code=0x7ffc0000
[   64.263554][   T33] audit: type=1326 audit(1755091116.143:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6091 comm="syz.0.78" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbbfcd8ebe9 code=0x7ffc0000
[   64.272712][   T33] audit: type=1326 audit(1755091116.143:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6091 comm="syz.0.78" exe="/syz-executor" sig=0 arch=c000003e syscall=269 compat=0 ip=0x7fbbfcd8ebe9 code=0x7ffc0000
[   64.283501][   T33] audit: type=1326 audit(1755091116.143:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6091 comm="syz.0.78" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbbfcd8ebe9 code=0x7ffc0000
[   64.308020][ T6094] netlink: 28 bytes leftover after parsing attributes in process `syz.0.79'.
[   64.647510][ T6108] loop2: detected capacity change from 0 to 32768
[   64.668034][ T6108] o2cb: This node has not been configured.
[   64.670123][ T6108] o2cb: Cluster check failed. Fix errors before retrying.
[   64.673334][ T6108] (syz.2.83,6108,1):ocfs2_dlm_init:3354 ERROR: status = -22
[   64.677333][ T6108] (syz.2.83,6108,1):ocfs2_mount_volume:1735 ERROR: status = -22
[   64.681714][ T6108] (syz.2.83,6108,1):ocfs2_fill_super:1177 ERROR: status = -22
[   64.754206][   T52] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[   64.790852][ T5873] tipc: Subscription rejected, illegal request
[   64.903913][   T52] usb 1-1: Using ep0 maxpacket: 32
[   64.907619][   T52] usb 1-1: config 4 has an invalid interface number: 128 but max is 0
[   64.910465][   T52] usb 1-1: config 4 has no interface number 0
[   64.912405][   T52] usb 1-1: config 4 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   64.917100][   T52] usb 1-1: config 4 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   64.920332][   T52] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[   64.923223][   T52] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   64.930997][   T52] hub 1-1:4.128: USB hub found
[   65.123888][ T5880] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[   65.134687][   T52] hub 1-1:4.128: 2 ports detected
[   65.136386][   T52] hub 1-1:4.128: Using single TT (err -22)
[   65.283825][ T5880] usb 3-1: Using ep0 maxpacket: 8
[   65.287199][ T5880] usb 3-1: config 0 has an invalid interface number: 55 but max is 0
[   65.290116][ T5880] usb 3-1: config 0 has no interface number 0
[   65.292137][ T5880] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[   65.295613][ T5880] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B
[   65.299657][ T5880] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[   65.303444][ T5880] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[   65.307633][ T5880] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a
[   65.310951][ T5880] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   65.316049][ T5880] usb 3-1: config 0 descriptor??
[   65.326554][ T5880] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0
[   65.334867][   T52] hub 1-1:4.128: hub_hub_status failed (err = -71)
[   65.338625][   T52] hub 1-1:4.128: config failed, can't get hub status (err -71)
[   65.365251][   T52] usb 1-1: USB disconnect, device number 3
[   65.574124][ T5851] Bluetooth: hci2: command 0x0405 tx timeout
[   66.385700][ T6153] ipvlan2: entered allmulticast mode
[   66.387639][ T6153] syz_tun: entered allmulticast mode
[   66.674027][   T52] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[   66.823980][   T52] usb 1-1: Using ep0 maxpacket: 16
[   66.830474][   T52] usb 1-1: New USB device found, idVendor=04dd, idProduct=8002, bcdDevice=fc.b6
[   66.834606][   T52] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   66.838215][   T52] usb 1-1: Product: syz
[   66.840035][   T52] usb 1-1: Manufacturer: syz
[   66.841998][   T52] usb 1-1: SerialNumber: syz
[   66.847117][   T52] usb 1-1: config 0 descriptor??
[   66.852151][   T52] safe_serial 1-1:0.0: safe_serial converter detected
[   66.859791][   T52] usb 1-1: safe_serial converter now attached to ttyUSB0
[   67.057479][ T5880] usb 1-1: USB disconnect, device number 4
[   67.065745][ T5880] safe_serial ttyUSB0: safe_serial converter now disconnected from ttyUSB0
[   67.069647][ T5880] safe_serial 1-1:0.0: device disconnected
[   67.583445][ T5880] usb 3-1: USB disconnect, device number 4
[   67.633718][ T5880] ldusb 3-1:0.55: LD USB Device #0 now disconnected
[   68.311649][ T6181] loop0: detected capacity change from 0 to 256
[   68.335082][ T6181] FAT-fs (loop0): Directory bread(block 64) failed
[   68.337526][ T6181] FAT-fs (loop0): Directory bread(block 65) failed
[   68.339900][ T6181] FAT-fs (loop0): Directory bread(block 66) failed
[   68.342071][ T6181] FAT-fs (loop0): Directory bread(block 67) failed
[   68.345316][ T6181] FAT-fs (loop0): Directory bread(block 68) failed
[   68.347714][ T6181] FAT-fs (loop0): Directory bread(block 69) failed
[   68.350095][ T6181] FAT-fs (loop0): Directory bread(block 70) failed
[   68.352337][ T6181] FAT-fs (loop0): Directory bread(block 71) failed
[   68.356489][ T6181] FAT-fs (loop0): Directory bread(block 72) failed
[   68.358908][ T6181] FAT-fs (loop0): Directory bread(block 73) failed
[   68.827732][ T6203] loop1: detected capacity change from 0 to 4096
[   68.838236][ T6203] ntfs3(loop1): Failed to load $MFT (-22).
[   69.293169][ T6208] loop2: detected capacity change from 0 to 32768
[   69.298264][ T6208] bcachefs (/dev/loop2): error validating superblock: Invalid superblock section clean: entry type btree_keys overruns end of section
[   69.298264][ T6208] clean (size 2912):
[   69.298264][ T6208] flags:          0
[   69.298264][ T6208] journal_seq:    10
[   69.298264][ T6208] usage: type=inodes v=8
[   69.298264][ T6208] usage: type=key_version v=0
[   69.298264][ T6208] usage: type=reserved v=0
[   69.298264][ T6208] usage: type=reserved v=0
[   69.298264][ T6208] usage: type=reserved v=0
[   69.298264][ T6208] usage: type=reserved v=0
[   69.298264][ T6208] data_usage: btree: 1/1 [0]=2816
[   69.298264][ T6208] data_usage: journal: 1/1 [0]=0
[   69.298264][ T6208] data_usage: user: 1/1 [0]=16
[   69.298264][ T6208] dev_usage: dev=0  
[   69.298264][ T6208]   free: buckets=83 sectors=0 fragmented=0
[   69.298264][ T6208]   sb: buckets=25 sectors=6152 fragmented=248
[   69.298264][ T6208]   journal: buckets=8 sectors=2048 fragmented=0
[   69.298264][ T6208]   btree: buckets=11 sectors=2816 fragmented=0
[   69.298264][ T6208]   user: buckets=1 sectors=16 fragmented=240
[   69.298264][ T6208]   cached: buckets=0 sectors=0 fragmented=0
[   69.298264][ T6208]   parity: buckets=0 sectors=0 fragmented=0
[   69.298264][ T6208]   stripe: buckets=0 sectors=0 fragmented=0
[   69.298264][ T6208]   need_gc_gens: buckets=0 sectors=0 fragmented=0
[   69.298264][ T6208]   need_discard: buckets=0 sectors=0 fragmented=0
[   69.298264][ T6208] clock: read=0
[   69.298264][ T6208] clock: write=1280
[   69.298264][ T6208] btree_root: btree=extents level=0 u64s 11 type btree_ptr_v2 POS_MAX len 511 ver 0: seq c
[   69.298398][ T6208] bcachefs: bch2_fs_get_tree() error: invalid_sb_clean
[   69.658456][ T6221] syzkaller1: entered promiscuous mode
[   69.667436][ T6221] syzkaller1: entered allmulticast mode
[   70.037990][ T6223] loop0: detected capacity change from 0 to 32768
[   70.098657][ T6223] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   70.126841][ T6235] vcan0: tx drop: invalid sa for name 0x0000000000000003
[   70.402046][ T6223] XFS (loop0): Ending clean mount
[   70.462722][ T6223] XFS (loop0): User initiated shutdown received.
[   70.467788][ T6223] XFS (loop0): Log I/O Error (0x6) detected at xfs_fs_goingdown+0x71/0x150 (fs/xfs/xfs_fsops.c:476).  Shutting down filesystem.
[   70.473226][ T6223] XFS (loop0): Please unmount the filesystem and rectify the problem(s)
[   70.516898][ T5850] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   70.880084][ T6254] loop0: detected capacity change from 0 to 2048
[   70.955068][ T6260] netlink: 'syz.2.148': attribute type 12 has an invalid length.
[   71.022770][ T1364] ieee802154 phy0 wpan0: encryption failed: -22
[   71.026084][ T1364] ieee802154 phy1 wpan1: encryption failed: -22
[   71.128305][ T6269] netlink: 4 bytes leftover after parsing attributes in process `syz.0.152'.
[   71.257319][ T6270] overlayfs: failed to decode file handle (len=6, type=251, flags=0, err=-22)
[   71.561500][ T6276] loop2: detected capacity change from 0 to 32768
[   71.571928][ T6276] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode.
[   71.597006][   T33] audit: type=1800 audit(1755091379.505:9): pid=6276 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.154" name="file1" dev="loop2" ino=17058 res=0 errno=0
[   71.598648][ T6276] 
[   71.606384][ T6276] ======================================================
[   71.608685][ T6276] WARNING: possible circular locking dependency detected
[   71.610997][ T6276] 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 Not tainted
[   71.614274][ T6276] ------------------------------------------------------
[   71.616567][ T6276] syz.2.154/6276 is trying to acquire lock:
[   71.618536][ T6276] ffff88802cce4060 (&oi->ip_alloc_sem){++++}-{4:4}, at: ocfs2_try_remove_refcount_tree+0xb6/0x320
[   71.622021][ T6276] 
[   71.622021][ T6276] but task is already holding lock:
[   71.624467][ T6276] ffff88802cce40f8 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_try_remove_refcount_tree+0xa4/0x320
[   71.627968][ T6276] 
[   71.627968][ T6276] which lock already depends on the new lock.
[   71.627968][ T6276] 
[   71.631711][ T6276] 
[   71.631711][ T6276] the existing dependency chain (in reverse order) is:
[   71.634662][ T6276] 
[   71.634662][ T6276] -> #4 (&oi->ip_xattr_sem){++++}-{4:4}:
[   71.637167][ T6276]        lock_acquire+0x120/0x360
[   71.638785][ T6276]        down_read+0x46/0x2e0
[   71.640342][ T6276]        ocfs2_init_acl+0x2f9/0x720
[   71.642069][ T6276]        ocfs2_mknod+0x1321/0x2050
[   71.643779][ T6276]        ocfs2_create+0x1a5/0x440
[   71.645463][ T6276]        path_openat+0x14f4/0x3830
[   71.647171][ T6276]        do_filp_open+0x1fa/0x410
[   71.648847][ T6276]        do_sys_openat2+0x121/0x1c0
[   71.650591][ T6276]        __x64_sys_open+0x11e/0x150
[   71.652321][ T6276]        do_syscall_64+0xfa/0x3b0
[   71.654013][ T6276]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.656251][ T6276] 
[   71.656251][ T6276] -> #3 (jbd2_handle){++++}-{0:0}:
[   71.658578][ T6276]        lock_acquire+0x120/0x360
[   71.660172][ T6276]        start_this_handle+0x1fa7/0x21c0
[   71.662043][ T6276]        jbd2__journal_start+0x2c1/0x5b0
[   71.663815][ T6276]        jbd2_journal_start+0x2a/0x40
[   71.665515][ T6276]        ocfs2_start_trans+0x376/0x6d0
[   71.667330][ T6276]        ocfs2_mknod+0xe93/0x2050
[   71.669018][ T6276]        ocfs2_create+0x1a5/0x440
[   71.670682][ T6276]        path_openat+0x14f4/0x3830
[   71.672312][ T6276]        do_filp_open+0x1fa/0x410
[   71.673944][ T6276]        do_sys_openat2+0x121/0x1c0
[   71.675668][ T6276]        __x64_sys_openat+0x138/0x170
[   71.677471][ T6276]        do_syscall_64+0xfa/0x3b0
[   71.679156][ T6276]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.681268][ T6276] 
[   71.681268][ T6276] -> #2 (&journal->j_trans_barrier){.+.+}-{4:4}:
[   71.684070][ T6276]        lock_acquire+0x120/0x360
[   71.685739][ T6276]        down_read+0x46/0x2e0
[   71.687330][ T6276]        ocfs2_start_trans+0x36a/0x6d0
[   71.689066][ T6276]        ocfs2_mknod+0xe93/0x2050
[   71.690697][ T6276]        ocfs2_create+0x1a5/0x440
[   71.692410][ T6276]        path_openat+0x14f4/0x3830
[   71.694123][ T6276]        do_filp_open+0x1fa/0x410
[   71.695801][ T6276]        do_sys_openat2+0x121/0x1c0
[   71.697522][ T6276]        __x64_sys_openat+0x138/0x170
[   71.699307][ T6276]        do_syscall_64+0xfa/0x3b0
[   71.700991][ T6276]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.703116][ T6276] 
[   71.703116][ T6276] -> #1 (sb_internal#2){.+.+}-{0:0}:
[   71.705572][ T6276]        reacquire_held_locks+0x127/0x1d0
[   71.707483][ T6276]        lock_release+0x1b4/0x3e0
[   71.709168][ T6276]        up_write+0x2d/0x420
[   71.710706][ T6276]        ocfs2_free_alloc_context+0x97/0x1a0
[   71.712724][ T6276]        ocfs2_write_begin_nolock+0x4296/0x4340
[   71.714796][ T6276]        ocfs2_write_begin+0x1bb/0x310
[   71.716613][ T6276]        generic_perform_write+0x2c5/0x900
[   71.718552][ T6276]        ocfs2_file_write_iter+0x157a/0x1d10
[   71.720553][ T6276]        do_iter_readv_writev+0x56e/0x7f0
[   71.722432][ T6276]        vfs_writev+0x31a/0x960
[   71.724053][ T6276]        __se_sys_pwritev2+0x179/0x290
[   71.725854][ T6276]        do_syscall_64+0xfa/0x3b0
[   71.727545][ T6276]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.729683][ T6276] 
[   71.729683][ T6276] -> #0 (&oi->ip_alloc_sem){++++}-{4:4}:
[   71.732275][ T6276]        validate_chain+0xb9b/0x2140
[   71.734045][ T6276]        __lock_acquire+0xab9/0xd20
[   71.735767][ T6276]        lock_acquire+0x120/0x360
[   71.737456][ T6276]        down_write+0x96/0x1f0
[   71.739067][ T6276]        ocfs2_try_remove_refcount_tree+0xb6/0x320
[   71.741227][ T6276]        ocfs2_truncate_file+0xda0/0x1420
[   71.743225][ T6276]        ocfs2_setattr+0x1520/0x1b40
[   71.745075][ T6276]        notify_change+0xb36/0xe40
[   71.746846][ T6276]        do_truncate+0x1a4/0x220
[   71.748512][ T6276]        path_openat+0x306c/0x3830
[   71.750220][ T6276]        do_filp_open+0x1fa/0x410
[   71.751904][ T6276]        do_sys_openat2+0x121/0x1c0
[   71.753623][ T6276]        __x64_sys_open+0x11e/0x150
[   71.755378][ T6276]        do_syscall_64+0xfa/0x3b0
[   71.757069][ T6276]        entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.759199][ T6276] 
[   71.759199][ T6276] other info that might help us debug this:
[   71.759199][ T6276] 
[   71.762517][ T6276] Chain exists of:
[   71.762517][ T6276]   &oi->ip_alloc_sem --> jbd2_handle --> &oi->ip_xattr_sem
[   71.762517][ T6276] 
[   71.766729][ T6276]  Possible unsafe locking scenario:
[   71.766729][ T6276] 
[   71.769198][ T6276]        CPU0                    CPU1
[   71.770987][ T6276]        ----                    ----
[   71.772750][ T6276]   lock(&oi->ip_xattr_sem);
[   71.774311][ T6276]                                lock(jbd2_handle);
[   71.776499][ T6276]                                lock(&oi->ip_xattr_sem);
[   71.778837][ T6276]   lock(&oi->ip_alloc_sem);
[   71.780401][ T6276] 
[   71.780401][ T6276]  *** DEADLOCK ***
[   71.780401][ T6276] 
[   71.783082][ T6276] 3 locks held by syz.2.154/6276:
[   71.784775][ T6276]  #0: ffff8880225b2428 (sb_writers#13){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[   71.787821][ T6276]  #1: ffff88802cce43c0 (&sb->s_type->i_mutex_key#22){+.+.}-{4:4}, at: do_truncate+0x171/0x220
[   71.791249][ T6276]  #2: ffff88802cce40f8 (&oi->ip_xattr_sem){++++}-{4:4}, at: ocfs2_try_remove_refcount_tree+0xa4/0x320
[   71.794873][ T6276] 
[   71.794873][ T6276] stack backtrace:
[   71.796829][ T6276] CPU: 0 UID: 0 PID: 6276 Comm: syz.2.154 Not tainted 6.16.0-syzkaller-11895-gcca7a0aae895-dirty #0 PREEMPT(full) 
[   71.796844][ T6276] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[   71.796849][ T6276] Call Trace:
[   71.796873][ T6276]  <TASK>
[   71.796878][ T6276]  dump_stack_lvl+0x189/0x250
[   71.796890][ T6276]  ? __pfx_dump_stack_lvl+0x10/0x10
[   71.796899][ T6276]  ? __pfx__printk+0x10/0x10
[   71.796910][ T6276]  ? print_lock_name+0xde/0x100
[   71.796920][ T6276]  print_circular_bug+0x2ee/0x310
[   71.796929][ T6276]  check_noncircular+0x134/0x160
[   71.796938][ T6276]  validate_chain+0xb9b/0x2140
[   71.796948][ T6276]  __lock_acquire+0xab9/0xd20
[   71.796960][ T6276]  ? ocfs2_try_remove_refcount_tree+0xb6/0x320
[   71.796967][ T6276]  lock_acquire+0x120/0x360
[   71.796976][ T6276]  ? ocfs2_try_remove_refcount_tree+0xb6/0x320
[   71.796985][ T6276]  down_write+0x96/0x1f0
[   71.796995][ T6276]  ? ocfs2_try_remove_refcount_tree+0xb6/0x320
[   71.797001][ T6276]  ? __pfx_down_write+0x10/0x10
[   71.797011][ T6276]  ocfs2_try_remove_refcount_tree+0xb6/0x320
[   71.797018][ T6276]  ? __pfx_ocfs2_try_remove_refcount_tree+0x10/0x10
[   71.797025][ T6276]  ? up_write+0x1c4/0x420
[   71.797033][ T6276]  ocfs2_truncate_file+0xda0/0x1420
[   71.797043][ T6276]  ? __pfx_ocfs2_truncate_file+0x10/0x10
[   71.797051][ T6276]  ? do_raw_spin_unlock+0x4d/0x240
[   71.797060][ T6276]  ? _raw_spin_unlock+0x28/0x50
[   71.797068][ T6276]  ? ocfs2_inode_lock_tracker+0x3ec/0x660
[   71.797080][ T6276]  ? __pfx_ocfs2_inode_lock_tracker+0x10/0x10
[   71.797090][ T6276]  ? ocfs2_rw_lock+0x13a/0x240
[   71.797099][ T6276]  ? __pfx___dquot_initialize+0x10/0x10
[   71.797106][ T6276]  ? __pfx_ocfs2_rw_lock+0x10/0x10
[   71.797115][ T6276]  ? setattr_prepare+0x1e7/0xac0
[   71.797124][ T6276]  ? inode_newsize_ok+0x11b/0x1c0
[   71.797133][ T6276]  ocfs2_setattr+0x1520/0x1b40
[   71.797143][ T6276]  ? __pfx_ocfs2_setattr+0x10/0x10
[   71.797152][ T6276]  ? ktime_get_coarse_real_ts64_mg+0x52/0x1e0
[   71.797161][ T6276]  ? seqcount_lockdep_reader_access+0x175/0x1c0
[   71.797171][ T6276]  ? ns_to_timespec64+0x21/0xb0
[   71.797180][ T6276]  ? ktime_get_coarse_real_ts64_mg+0x175/0x1e0
[   71.797190][ T6276]  ? current_time+0x222/0x370
[   71.797197][ T6276]  ? evm_inode_setattr+0x1b6/0x7d0
[   71.797203][ T6276]  ? __pfx_current_time+0x10/0x10
[   71.797211][ T6276]  ? try_break_deleg+0x79/0x130
[   71.797219][ T6276]  ? __pfx_ocfs2_setattr+0x10/0x10
[   71.797227][ T6276]  notify_change+0xb36/0xe40
[   71.797237][ T6276]  do_truncate+0x1a4/0x220
[   71.797247][ T6276]  ? __pfx_do_truncate+0x10/0x10
[   71.797255][ T6276]  ? apparmor_file_truncate+0x23e/0x2d0
[   71.797265][ T6276]  path_openat+0x306c/0x3830
[   71.797273][ T6276]  ? arch_stack_walk+0xfc/0x150
[   71.797284][ T6276]  ? stack_depot_save_flags+0x40/0x860
[   71.797294][ T6276]  ? __pfx_path_openat+0x10/0x10
[   71.797302][ T6276]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.797311][ T6276]  do_filp_open+0x1fa/0x410
[   71.797319][ T6276]  ? __lock_acquire+0xab9/0xd20
[   71.797329][ T6276]  ? __pfx_do_filp_open+0x10/0x10
[   71.797340][ T6276]  ? _raw_spin_unlock+0x28/0x50
[   71.797350][ T6276]  ? alloc_fd+0x64c/0x6c0
[   71.797361][ T6276]  do_sys_openat2+0x121/0x1c0
[   71.797368][ T6276]  ? __se_sys_futex+0x36f/0x400
[   71.797377][ T6276]  ? __pfx_do_sys_openat2+0x10/0x10
[   71.797385][ T6276]  ? rcu_is_watching+0x15/0xb0
[   71.797393][ T6276]  __x64_sys_open+0x11e/0x150
[   71.797400][ T6276]  do_syscall_64+0xfa/0x3b0
[   71.797409][ T6276]  ? lockdep_hardirqs_on+0x9c/0x150
[   71.797417][ T6276]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.797423][ T6276]  ? exc_page_fault+0x9f/0xf0
[   71.797431][ T6276]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[   71.797438][ T6276] RIP: 0033:0x7f101b18ebe9
[   71.797446][ T6276] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[   71.797453][ T6276] RSP: 002b:00007f101bf5e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000002
[   71.797461][ T6276] RAX: ffffffffffffffda RBX: 00007f101b3b5fa0 RCX: 00007f101b18ebe9
[   71.797466][ T6276] RDX: 0000000000000104 RSI: 0000000000084200 RDI: 0000200000000900
[   71.797471][ T6276] RBP: 00007f101b211e19 R08: 0000000000000000 R09: 0000000000000000
[   71.797475][ T6276] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[   71.797479][ T6276] R13: 00007f101b3b6038 R14: 00007f101b3b5fa0 R15: 00007ffd23a9abe8
[   71.797486][ T6276]  </TASK>
[   71.799323][   T33] audit: type=1804 audit(1755091379.505:10): pid=6276 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.154" name="/newroot/48/file1/file1" dev="loop2" ino=17058 res=1 errno=0
[   71.992722][ T5846] ocfs2: Unmounting device (7,2) on (node local)
[   71.995534][   T33] audit: type=1800 audit(1755091379.505:11): pid=6276 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.154" name="file1" dev="loop2" ino=17058 res=0 errno=0
[   72.113950][   T52] usb 1-1: new full-speed USB device number 5 using dummy_hcd
[   72.275638][   T52] usb 1-1: not running at top speed; connect to a high speed hub
[   72.280149][   T52] usb 1-1: config 1 interface 0 altsetting 13 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[   72.285840][   T52] usb 1-1: config 1 interface 0 has no altsetting 0
[   72.290726][   T52] usb 1-1: New USB device found, idVendor=05ac, idProduct=024b, bcdDevice= 0.40
[   72.296499][   T52] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[   72.299951][   T52] usb 1-1: Product: syz
[   72.301738][   T52] usb 1-1: Manufacturer: syz
[   72.303730][   T52] usb 1-1: SerialNumber: syz
[   72.513651][   T52] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input5
[   72.517304][ T5280] bcm5974 1-1:1.0: could not read from device
[   72.519506][ T5280] bcm5974: mode switch failed
[   72.521686][ T5280] bcm5974 1-1:1.0: could not read from device
[   72.522511][   T52] usb 1-1: USB disconnect, device number 5
[   72.526208][ T5280] bcm5974: mode switch failed

VM DIAGNOSIS:
13:18:43  Registers:
info registers vcpu 0

CPU#0
RAX=0000000000000039 RBX=0000000000000039 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000054629 RDI=000000000005462a RBP=00000000000003f8 RSP=ffffc90004e2e850
R8 =ffff8881070b0237 R9 =1ffff11020e16046 R10=dffffc0000000000 R11=ffffffff854e72a0
R12=dffffc0000000000 R13=ffffffff99af18ec R14=ffffffff99de64e0 R15=0000000000000000
RIP=ffffffff854e731c RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f101bf5e6c0 ffffffff 00c00000
GS =0000 ffff8880b8624000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000001b32319ff8 CR3=00000001101f0000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=ffffffffffffffff ffffff0000000000 XMM01=0101010101010101 0101010000000000
XMM02=695f746e756f6d5f 7a79730032736667 XMM03=00ff0000000000ff 000000000000ff00
XMM04=aa00588d6b9fa800 2c30303030303030 XMM05=7cceb42f4608ce21 29d5dc35876c4e95
XMM06=6798d2777bd1f432 c33a445132880016 XMM07=2ec932a059fbe963 59bc6d93101632e4
XMM08=0000000000000000 0000006df451d6fe XMM09=0000000000000000 00007f101b212fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=ffffffff81b44d6b RBX=1ffff11009608341 RCX=ffff8881082f0000 RDX=0000000000000000
RSI=0000000000000001 RDI=0000000000000000 RBP=ffffc900071a77e0 RSP=ffffc900071a7660
R8 =ffffffff8fa34237 R9 =1ffffffff1f46846 R10=dffffc0000000000 R11=fffffbfff1f46847
R12=ffff88804b041a08 R13=dffffc0000000000 R14=ffff88813663b1c0 R15=0000000000000000
RIP=ffffffff81b44d53 RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 0000000000000000 ffffffff 00c00000
GS =0000 ffff8881a3c24000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f1011411000 CR3=000000000df36000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=2525252525252525 2525252525252525
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=0000000000000000 00000000000000ff XMM05=0000000000000000 00007fbbfce12e53
XMM06=0000000000000000 00007fbbfce12e4d XMM07=0000000000000000 00007fbbfce12e61
XMM08=0000000000000000 00007fbbfce12ee7 XMM09=0000000000000000 00007fbbfce12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
