last executing test programs:

3m30.516092929s ago: executing program 0 (id=1902):
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000005c40)={0x0, 0x0, &(0x7f0000005c00)={&(0x7f0000000000)=@newtaction={0x68, 0x30, 0x9, 0x2, 0x0, {}, [{0x54, 0x1, [@m_bpf={0x50, 0x1, 0x0, 0x0, {{0x8}, {0x28, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_OPS_LEN={0x6, 0x3, 0x7}, @TCA_ACT_BPF_OPS={0x4}, @TCA_ACT_BPF_PARMS={0x18, 0x2, {0x2, 0x0, 0x1aa7fd4b544226f, 0x0, 0x80}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0)

3m30.466343791s ago: executing program 0 (id=1903):
madvise(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x17)
madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15)
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x3})
ioctl$UFFDIO_WRITEPROTECT(r0, 0xc018aa06, &(0x7f0000000140)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1})

3m30.406419211s ago: executing program 0 (id=1904):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
io_setup(0x200, &(0x7f0000000140)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0x0, 0x2, 0x8, 0x4000, r0, 0x0, 0x0, 0x0, 0x0, 0x2}])

3m30.295254809s ago: executing program 0 (id=1905):
mq_open(0x0, 0x6e93ebbbcc0884f2, 0x4, 0x0)
syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f0000000140)='./file1\x00', 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="6163746976655f6c6f67733d342c646174615f666c7573682c66617374626f6f742c6a71666d743d76667376312c6e6f696e6c696e655f64656e7472792c7573726a71756f74613d66326673002c00ff371013587045d0d273e856ce75c2b11120ece6d6a76856a2cdd8c835ef14aa3aea583b7f3affd12ff9abc9b21098874a75607f009920ad1a283ce7b8b528e239692ab156e30dd8365f708e6c98cfcd0b30d5304dd70f87da026e2d4e4df1ad07ba72683f43d76541d455d1fa118f0900000009fe28bfded255e7c5806f05b80ec0e186b4f72759eb096a1fe6793e734fe61555f01ff9f23bc11370aa247215e8f1410ea4728bb2a2c2d20bc5e61b0a4c7ddb25da21c75f35f711581d1f5b8db3be07c80000000000000000"], 0x1, 0x54f4, &(0x7f0000005600)="$eJzs3M1rI2UYAPBn2u1+uxbx4G0HFqGFTdj0Y9Fb1V38wC7Fj4MnTZM0ZDfJlCZNa08ePIoH/xNR8OTRv8GDZ2/iQfEmKJmZ6tYvhKaNtb8fTJ6ZN2+eed5QCs9MmADOrfn0px+SuBFXImI2Iq5H5PtJueXWivBMRNyMiJnHtqQc/23gYkRcjYgb4+RFzqR865Pbo1ur37/245dfX7pw7dMvvpneqoFpezYietvF/l6viFm7iA/L8fqok8feyqiMxRu9R+VxVsS91maeYa9+OK+ex+V2MT/b3h2MY5LUG+PY7mzl49v94oSDUfswT/6Bh/Wd/LjZ2sxjZ5DlsX1Q1LV/UPxvOxgMizzNMt/7efoYDg9jMd7abxXr2X6Ux0Z/WI4XebNma38cR2UsTxeNrNvM69g8zjf93/Z6p7+7n45aO4NO1k9Xq7XnqrW7ldpO1mwNWyuVeq95dyVdaHfH0yrDVr231s6ydrdVbWS9xXSh3WhUarV04V5rs1Pvp7Vadbl6p7K6WO7dTl9+8HbabaYL4/hip7877HQH6Va2kxafWEyXqsvPL6a3aumb6xvpxhv3769vvPXuvXcevLD+6kvlpD+VlS4s3VlaqtTuVJZqi+do/R+WRU9w/XAsybQLADh79P/ANEyj/9/qTq7/D/3/RJyp/ve89/8nsH44Fv0/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMC59e3cZ6/kO/PF8bVy/ImIm+Ohp8rjJCJmIuKXvzAbF4/knC3zzP3N/Lk/1PBVEnmG8TkuldvViFgrt5+fPOlvAQAAAP6/Pv/g5sdFt168zE+7IE5TcdFm5vp7E8qXRMTc/HcTyjYzfnl6Qsnyv+8LsT+hbPkFrMsTSlZccrswqWz/yuyRcPmxkBRh5lTLAQAATsXRTuB0uxAAAABO00fTLoDpSOLwVubhveD8l/e/3xC8cuQIAAAAOIOSaRcAAAAAnLi8//+H5/+F5/8BAADA2Vc8/w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiVnfvJSR2K4gB8Wuh7vD9GYpy7FWewDJfg0KFhAW6CJeAW3ABrwJlLMGBoS7QGE5PetpF8X9JebkN+nBIm515SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6NJzsZo/3l89tM3Z7tpJczcAAADAMZtiNS9fTKv5v/r6WX3pop5nEZFHxLHefRS/GpmjOqf44v3FpxqeIsqE/Wf8ro+/EXFdH6/nXX8LAAAAcLrWi+Ws6tar03ToguhTtWiT/79JlJdFRDF9SZSW70+XicLK3/c47hKllQtYk0Rh1ZLbOFXat4waw+TDkFVD3ms5AABAL5qdQL9dCAAAAH26HboAhpHFYSvzsBdc/vP+fUPwT2MGAAAA/EDZ0AUAAAAAnSv7f8//AwAAgNNWPf8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACALm2K1Xy9WM7a5mx37aS5GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgjf15R4EQCIMw2Lu+M5n7H1YaNDU1qQLh428MBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu9uclBUIgCKJgzvjfSd//sJKgZxAhAhoeVdSiAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAudu7nNY4qDgD4d2Z2trYqxig5RETBg17sdlNbe/WgBA/+CUJItzW69Ueagy1FyMWb5NyL6FFEUOKt/0PPLfRSbz3soYJnZWZnmmkacLV0Zpt8PvD2fWcY5n3fJIR8570EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA2eW8vzoqPhWmcVudu3b+2XvS39/WFGzt3lotWxEmbST8dXm0eJEvdJQIAAMDRkdX1fUTczXdXiz5dKOv/vL6mqPl/eH4a1/X8/rq/7uvav2i//3bv5QcDLUzHKW56YWM8OvVoKr0nN8v59sK/XtErn3z57iUrvyDph9svTfLyeSbf3bz5fr8Mj7WRLQDwf5ys+yqofx8q+mGXiQFwZPQahXdd/2cL3eYEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0IbJdjxbx0lELPf24sLt+9fWD+pv7NxZrtvZ69d3mvcsbpFHxIWN8ehUi3OZd5evXP1sbTwebbYfvBYR3Y1eBR/PcE1ElxkKHjdIq+/1ecnn6Qg6/sEEAMChk1etqOvv5rurxblkMeLvHx+u/99sxDFj/X/vk7O3mmM16/9hazOcf4OtS18OLl+5+vbGpbWLo4ujz99ZGb47PH3uzJlzg/JdycAbEwAAAB5PP4no76v/08VH1/9PNOKYsf7/6vvhN82xMvX/gfYW/brOBAAA4Gh78fW//kwOOJ/0+/H12tbW5nD6WR3H5kp5vNJBqv/Zsao16/9sseusAAAAgDZMtpOH1v/PN+KYcf3/uZ9e+aV5zywijlfr/yfXvxifb286c62NPyfueo4AAAB063jVmuv/ebn/P32w5SGNiLfemMbVvwGcqf7PPvj25+ZYzf3/p9ub4lxKl6bPo+yXInpLXWcEAADAYfZM1Ypi/498d/XTX0981Lf/HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBt/wQAAP//K8ZAQg==")
syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x20, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000000)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000b80), 0x10000, &(0x7f0000000280)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}]})
fallocate(0xffffffffffffffff, 0x10, 0x6, 0x110001)

3m29.99888719s ago: executing program 0 (id=1906):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_DELETE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)={0x60, 0x2, 0x1, 0x201, 0x0, 0x0, {0xa, 0x0, 0x8}, [@CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x2}, @CTA_TUPLE_ORIG={0x44, 0x1, 0x0, 0x1, [@CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x3}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @loopback}, {0x14, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x60}, 0x1, 0x0, 0x0, 0x1}, 0x20000000)

3m29.535905743s ago: executing program 0 (id=1910):
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0xab567000)
r0 = socket(0x1e, 0x2, 0x0)
setsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, &(0x7f0000000480), 0x4)

3m29.508830695s ago: executing program 32 (id=1910):
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0xab567000)
r0 = socket(0x1e, 0x2, 0x0)
setsockopt$TIPC_DEST_DROPPABLE(r0, 0x10f, 0x81, &(0x7f0000000480), 0x4)

2m46.693994514s ago: executing program 1 (id=2459):
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
setsockopt$inet_mreq(r0, 0x0, 0x24, &(0x7f0000000000)={@loopback, @empty}, 0x8)

2m46.542925429s ago: executing program 1 (id=2460):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newlink={0x20, 0x10, 0xffffffffffffffff, 0x70bd25, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, 0x220, 0x52000}}, 0x20}, 0x1, 0x0, 0x0, 0x4008000}, 0x8000)
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000440)={0x500, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x2, 0x1, 0x0, 0x2, 0x2, 0x0, 0x70bd2c}, 0x10}, 0x19}, 0x0)

2m46.542583551s ago: executing program 1 (id=2461):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x804}, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x40000103, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
sched_setaffinity(r1, 0x8, &(0x7f0000000240)=0x2)
recvmmsg(r2, &(0x7f00000000c0), 0x10138, 0x2, 0x0)
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
syz_clone3(&(0x7f00000002c0)={0x8040000, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0xe, 0x16, &(0x7f0000000940)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[], 0x50)
r4 = socket$inet6(0xa, 0x1, 0x0)
r5 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r5, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB="020300090a0000000000000004000000030006000000000002000000ac1414000000000000000000020001000000000000000002fffffffb030005000000000002"], 0x50}}, 0x0)
setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000180)={{{@in=@private, @in6=@dev, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {}, 0x0, 0x0, 0x1}, {{@in=@local, 0x0, 0x6c}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0x4}}, 0xe8)
connect$inet6(r4, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c)
r6 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)={0x2, 0x9, 0x0, 0x0, 0x2}, 0x10}}, 0x0)
syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)

2m45.6188236s ago: executing program 1 (id=2466):
syz_mount_image$udf(&(0x7f00000000c0), &(0x7f0000000180)='./file0\x00', 0x2000002, &(0x7f0000000300)={[{@volume={'volume', 0x3d, 0x3e}}, {@gid}, {@dmode={'dmode', 0x3d, 0x4}}, {@rootdir={'rootdir', 0x3d, 0x4}}, {@iocharset={'iocharset', 0x3d, 'cp1255'}}, {@unhide}, {@noadinicb}, {@iocharset={'iocharset', 0x3d, 'macturkish'}}, {@longad}]}, 0x1, 0xc32, &(0x7f0000000e00)="$eJzs3U1sXNd9N+D/uRyKI/l9KyZ2FCeNi0lbpLJiufqKqViFO6pptgFkWQjF7AJwJI7UgSmSIKlGNtKC6aaLLgIURRdZEWiNAikaGE0RdMm0LpBsvCiy6opoYSMoumCLAFkFLO6dM9KQIm1GFCVKeh6b+s3ce86dc+4Z3ysLOvcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDxe6+dP3EyPexWAAAP0sXxr5445f4PAE+Uy/7/HwAAAAAAAAAAAAAA9rsURTwdKeYurqXJ6n1X/UJn8OatidGxrasdTFXNgap8+VM/eer0mS+9NHK2lxc6Mx9R/377bLwxfvl849XZG3Pz7YWF9lRjYqZzdXaqveMj7Lb+ZseqE9C48ebNqWvXFhqnXjy9Yfet4Q+HnjoyfG7k+ePP9cpOjI6Njd8pUu8vX7vnhnRtN8PjQBRxPFK88L2fplZEFLH7c1F/sGO/2cGqE8eqTkyMjlUdme60ZhbLnZd6J6KIaPRVavbO0dZjEbXBB9qH7TUjlsrmlw0+VnZvfK4137oy3W5cas0vdhY7szOXUre1ZX8aUcTZFLEcEatDdx9uMIqoRYrvHF5LVyJioHcevlhNDN6+HcUe9nEHynY2BiOWi0dgzPaxoSji9Ujxs/eOxtV8namuNV+IeL3MH0S8U+YrEan8YpyJ+GCL7xGPploU8efl+J9bS1PV9aB3XbnwtcZXZq7N9pXtXVd+yfvDXVeKh3R/OLgpH4x9fm2qRxGt6oq/lu79NzsAAAAAAAAAAAAAAAAA3G8Ho4jPRIrX/u2PqnnFUc1LP3xu5PeH/3//nPFnP+Y4ZdkXI2Kp2Nmc3AN5YuCldCmlhzyX+ElWjyL+OM//+9bDbgwAAAAAAAAAAAAAAAAAAMATrYifRIqX3z+alqN/TfHOzPXG5daV6e6qsL21f3trpq+vr683UjebOSdzLuVczrmSczVnFLl+zmbOyZxLOZdzruRczRkDuX7OZs7JnEs5l3Ou5FzNGbVcP2cz52TOpZzLOVdyruaMfbJ2LwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA46SIIn4RKb79jbUUKSKaEZPRzZWhh906AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA0lIr4fqRo/EHz9rZaRKTq366j5S9nonmgzE9Gc6TMV6J5PmerylrzWw+h/ezOYCrix5FiqP7u7QHP4z/YfXf7axDvfPPOu8/WujnQ2zn84dBTRw6fGxn7tWe3e522asCxC52Zm7caE6NjY+N9m2v50z/Zt204f25xf7pORCy89fabrenp9vy9vyi/Aruo/gi9SLUnpadeVC+iti+a8XD6zhOgvP9/ECl++/1/793wu/f/evy/7rvbd/j4+Z/cuf+/vPlAO7z/1zbXy/f/8p6+1f3/6b5tL+ffjQzWIuqLN+YGj0TUF956+3jnRut6+3p75syJE18eGfny6RODByLq1zrT7b5X9+V0AQAAAAAAAAAAAAAAADw4qYjfjRStH6+lRkTcquZrDZ8bef74cwMxUM232jBv+43xy+cbr87emJtvLyy0pxoTM52rs1PtnX5cvZruNTE6tied+VgH97j9B+uvzs69Nd+5/oeLW+4/VD9/ZWFxvnV1691xMIqIZv+WY1WDJ0bHqkZPd1ozVdVLW06m/+UNpiL+I1JcPdNIn8/b8vz/zTP8N8z/X9p8oD2a//+Jvm3lZ6ZUxM8jxW/9xbPx+aqdh+Kuc5bL/U2kOHb2c7lcHCjL9drQfa5Ad2ZgWfZ/IsU//GJj2d58yKfvlD254xP7iCjH/3Ck+P6ffTd+PW/b+PyHrcf/0OYD7dH4P9O37dCG5xXsuuvk8T8eKV55+t34jbzto57/0Xv2xtFc+PbzOfZo/D/Vt204f+5v3p+uAwAAAAAAAAAAPNIGUxF/Gyl+OFZLL+VtO/n7f1ObD7RHf//r033bpu7PekUf+2LXJxUAAAAA9onBVMRPIsX1xXdvz6HeOP+7b/7n79yZ/zmaNu2t/pzvV6rnBtzPP//rN5w/d3L33QYAAAAAAAAAAAAAAAAAAIB9JaUiXsrrqU9W8/mntl1PfSVSvPZfL+Ry6UhZrrcO/HD1a/3i7Mzx89PTs1dbi60r0+3G+Fzrarus+0ykWPvrz+W6RbW+em+9+e4a73fWYp+PFGN/1yvbXYu9tzb5M72yS+2TZdlPRIr//PuNZXvrWH/qznFPlWX/KlJ8/Z+2LnvkTtnTZdnvRooffb3RK3uoLNt7Puqn75R98epssQejAgAAAAAAAAAAAAAAAAAAwJNmMBXxp5Hiv28s357Ln9f/H+x7W3nnm33r/W9yq1rnf7ha/3+71/ey/n/1XIGl7T4VAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeTymKeDtSzF1cSytD5fuu+oXOzM1bE6NjW1c7mKqaA1X58qd+8tTpM196aeRsLz+6/v32mXhj/PL5xquzN+bm2wsL7anGxEzn6uxUe8dH2G39zY5VJ6Bx482bU9euLTROvXh6w+5bwx8OPXVk+NzI88ef65WdGB0bG+8rUxu850+/S9pm+4Eo4i8jxQvf+2n64VBEEbs/Fx/z3dlrB6tOHKs6MTE6VnVkutOaWSx3XuqdiCKi0Vep2TtHD2AsdqUZsVQ2v2zwsbJ743Ot+daV6XbjUmt+sbPYmZ25lLqtLfvTiCLOpojliFgduvtwg1HEm5HiO4fX0j8PRQz0zsMXL45/9cSp7dtR7GEfd6BsZ2MwYrn4qDHbosNsMBRF/GOk+Nl7R+NfhiJq0f2JL0S8XuYPIt6J7nin8otxJuIDp/WxUYsi/rcc/3Nr6b2h8nrQu65c+FrjKzPXZvvK9q4rj/z94UHa5/eTehTxo+qKv5b+1X/XAAAAAAAAAAAAAAAAAPtIEb8aKV5+/2iq5gffnlPcmbneuNy6Mt2d1teb+9ebM72+vr7eSN1s5pzMuZRzOedKztWcUeT6OZtl1tfXJ/P7pZzLOVdyruaMgVw/ZzPnZM6lnMs5V3Ku5oxarp+zmXMy51LO5ZwrOVdzxj6ZuwcAAAAAAAAAAAAAAAAAADxeiuqfFN/+xlpaH6rWlx7o7VuxHuhj7/8CAAD//0pa+Ck=")
syz_mount_image$fuse(0x0, &(0x7f0000000140)='./bus\x00', 0x1a06496, 0x0, 0x2, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@metacopy_on}]})

2m45.551941978s ago: executing program 1 (id=2467):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000940)=ANY=[@ANYBLOB="140000001000010400000000000000000100000a74000000060a0b04000000000000000002000008400004803c000180080001006c6f670030000280060004400001000008000340fffffffa0a0002407d5def2e21000000080003400000000806000140000100000900010073797a30000000000900020073797a320000000008000b400000000314000000110001"], 0x9c}}, 0x0)
close(r0)

2m45.425697246s ago: executing program 1 (id=2468):
r0 = epoll_create1(0x80000)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
pselect6(0x40, &(0x7f00000003c0)={0x8, 0x8, 0x0, 0x1000, 0x80000000, 0x6e5, 0xe7d9, 0x5}, 0x0, 0x0, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000300)={0xe0006005})

2m45.383025709s ago: executing program 33 (id=2468):
r0 = epoll_create1(0x80000)
r1 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0)
pselect6(0x40, &(0x7f00000003c0)={0x8, 0x8, 0x0, 0x1000, 0x80000000, 0x6e5, 0xe7d9, 0x5}, 0x0, 0x0, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000300)={0xe0006005})

2m9.445033934s ago: executing program 2 (id=2992):
setresuid(0x0, 0xee00, 0xee00)
r0 = shmget$private(0x0, 0x1000, 0x40, &(0x7f000032a000/0x1000)=nil)
setuid(0x0)
shmctl$IPC_RMID(r0, 0x0)

2m9.384355625s ago: executing program 2 (id=2995):
socket$inet6_sctp(0xa, 0x5, 0x84)
r0 = socket(0x2, 0x805, 0x0)
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)=<r1=>0x0)
r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0)
connect(r2, 0x0, 0x0)
timer_settime(r1, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
r3 = socket$unix(0x1, 0x1, 0x0)
r4 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r4, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
connect$unix(r3, &(0x7f0000000640)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
connect$unix(r4, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x6, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3)
sched_setaffinity(0x0, 0x8, &(0x7f00000003c0)=0xa)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000032680)=""/102392, 0x18ff8)
getpgrp(0x0)
getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, 0x0, 0x0)
r6 = socket$inet_sctp(0x2, 0x5, 0x84)
sendmmsg$inet(r6, &(0x7f00000014c0)=[{{&(0x7f0000000140)={0x2, 0x4e22, @rand_addr=0x64010101}, 0x10, &(0x7f00000002c0)=[{&(0x7f0000000340)="bd", 0x1}], 0x1}}], 0x1, 0x46054)

2m8.095152404s ago: executing program 2 (id=3003):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
listen(r0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000700)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000095000000000000009f33ef60916e6e893f1eeb0be20000d072f5b89c3043c47c896ce0bc8731fa595b6b4d45ef26dcca5582054d54d53cd2b685b431c70ea948259c4c869b4fc8db714e4b94bdae214fa68a051d4dca7d2647bec1fc89398d2b9000f224891060017c4700de60beac671e8e8f00cb03588aa6007e71f871ab5c2ff88afc6002084e5b52710aeee835cf0d78e45f70983826fb8579c1fb47d2c59005cff414ed55b0d18a9d446935fb332bb593ee341ab59016f81860324b800c00000000000092d9c5fe34ccb80a61ffcb3363073fd8962823ee45f5d7394e9510f4ac6c702cfabe8a9c55c8dafcdb110036e14c1035cafdfef6a358cbfadb3579a285580a3c080d4e0a48d7bdc38a0437c8c1b3aa408a0000000000002248950b000000"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @sk_skb, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x48)
bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000ac0)=ANY=[@ANYRES32=r2, @ANYRES32=r1, @ANYBLOB='&'], 0x10)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000048c0)={r2, &(0x7f00000047c0), &(0x7f0000004880)=@udp=r0}, 0x20)
recvmmsg(r0, &(0x7f0000000b80)=[{{0x0, 0xffffffffffffff6c, 0x0, 0x0, 0x0, 0x52}, 0xa}], 0x360, 0x120, 0x0)
recvfrom$inet6(r0, &(0x7f00000000c0)=""/42, 0x2a, 0x4020, 0x0, 0x0)

2m8.0947807s ago: executing program 2 (id=3004):
syz_mount_image$ext4(0x0, &(0x7f0000000140)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, &(0x7f0000000000))
mount(0x0, &(0x7f0000000200)='./file0\x00', &(0x7f00000000c0)='sysfs\x00', 0x0, 0x0)
mount(0x0, &(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000000)='binfmt_misc\x00', 0xc00, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
pivot_root(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000640)='./file0/../file0\x00')

2m8.034085221s ago: executing program 2 (id=3005):
nanosleep(&(0x7f0000000300)={0x44, 0xfffffffe}, 0x0)

2m7.870934066s ago: executing program 2 (id=3010):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xd, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [@alu={0x7, 0x0, 0x5, 0x1, 0x0, 0xfffffffffffffff8, 0x10}]}, &(0x7f0000000280)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0xcc03, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

2m7.788035745s ago: executing program 34 (id=3010):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0xd, 0x4, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, [@alu={0x7, 0x0, 0x5, 0x1, 0x0, 0xfffffffffffffff8, 0x10}]}, &(0x7f0000000280)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0xcc03, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)

1m27.623558881s ago: executing program 5 (id=3597):
syz_mount_image$bcachefs(&(0x7f0000000140), &(0x7f0000000100)='./bus\x00', 0x2800000, &(0x7f0000000740)=ANY=[@ANYRES64, @ANYBLOB="1a8655d26e06c6450bdb9303032f6eb1d14d2a1a97778c701e02cb65e93f8c2c55acc8d8b229057658092950d36f5a7708726018c20d7dd7d402982b10679e4caf71ba5b1179e2eecb16786dc112f9601d783f85bbe54dd69cf82090835fa3b2ef465a4f2f8ee5e0c9ebf49280320a5ef65410103aa2435966db15e64dcc69fbfd00fa7a850207d76381abbd17ff6fd174af4c06fd1a6863b81924bba857133e013cfda1f33c6f3454b500cbad2f5823", @ANYRES8, @ANYRES64=0x0], 0xfd, 0x5ab0, &(0x7f0000006400)="$eJzs3X2QHOV5IPC3Z2a1X/pYCRxkMKtFRheCY2vFV/kjFSu5xE6B45KLlIM42bCgFZG9Eip9BJBxLHLgswrsslNOJTipOuLCvrOtuKiyL0ahTMCcxPlLxcVHXWHq7Bz2H74iHKoAOsrl86Z2pt/ZmZ7p7dnZ2UWC36+k7el3ep5+++13evp5u3cnAAAA8Jpw/K59p9577u9+508nX/rY7/39rjvCcLlaPhAXGEmnt75SNWQp9VfWVqfZfvGrH/nyT8du/O1vPzD0hZePbb9gxw9/56wbH/rQlUfv/atHX1zx9V8+UxQ39qeLZ+eT55IQBr558s8/fuy758yUJStnfpYOhbA6WfPo6iSEOxtDjP88hLA9nVlbL766+vNrL126Y2Z6x939TetdlamH/v7aNrOfkxDCwVO3vCn86Le23vn9dV/9274jzx6aXSQZaOhPIay8vvH1fSGEwfT/jNjbYn9M0umWEMJQw+veWlCvN3ZQ7xkbM+Vx/rx0uiydDhfEi8+vz8yXMstl56O+zHSoYH0LlVePbpcrsjwzn/QobpRXz1i+Op1+I51ePM/45XQbykkoJaFSr/5UMttHQsN+S0JS3ZcD9flSfd+GdPsz80lmvpSZL/dltqu63rSjlZOkuTwulymPh+NKWn5B47G6jasbHjcu9/pYlr5RX84ukwk63PKgvl1VsV4n56jLUig1HIPaldd3fLozhtOy4WRNy2um24jPHdt6z4bytm8dH8mpR/JAksZPuop/8Hurl3/wK4cPrM2Lf30pjV/qKv6Przrx/LWHP/+53PifjvHLXcW/5OGh56567K71ue1zMrZPpav4E888/sl1Z99wJLf+98X4A13F33z0RP+KUw8/klv/8VIIlZn4g13Ff/od7/rJl5588Nnc+CG2/1BX8bcd3fOp/tFTF+XGfyS2z3B3/eeFI1c8NTr6s7G8+E/E+Cu6iv/FQ/1vv3/V3Vfm7t8tsX1Guor/ngsfunP5qQfPzzt2Jvf16pMT4LXprPQc6xPpfLd55kI15At/OVapnfMtT/+v6OWKMief2TwBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHrhdW/6b+/+3+8fea6SzvenD54u1aaxfFkIyWAIYd/+ib37d+6+aexDNx/Yu3tiamxi/9jk7v17bxu77NfH9k7umZq4bebZ8TdfWnvdmpDUpsn5Levun56eLo00l8X1/dsLj/xow1v/zz+HMP66H4xWcuu/8d5d95/d5mdGsnn6nbsOvPcHl/9Nul0jab1G2tRrenp6OuTU6/9e84v7/+zkTy8KYfxX5qrX40//5j80VahaMBsnVeoPtQr1J0Nt61GvdVqf2F6VHTunJsfnbt+Z15dztuPffeTZn++49TO/qLXvQO52dNi+g5unp0p/sfU9//8vbq8VFNXrldrvM+1dzok5U6+4FbF+sf0G0vZemW7XypztquRs113ff+TJb557+MVDYbzywrrWfV20XX1pB+hLXt/ReuMahpLVTeUD6fJxj8fXbdy/a8/GfbcdfPPOXRM3Td40ufttmy7bdMX45VdcvrG65Rt7vP1x/f+mw+1fmv606o8PfSP+7Kw/Nddr2bzbY6Zexe3RWKO899/Q1R//7Nvufey9tYKi40pcun48SadDM/t5U2job61t1W67ivZPCGGsXTs8/+KV4Zz/ufPOouNQ455p/JmRbJ7+7vp/+Zu3/vXa36gVLMlxvrFCXR7n67WerU+1vQbS/TF9mrZvf3o07U+G29Zr03cf67vn+D9/tF6/ZcvCrRP79+/dVPu5PK3p8uS8tvXKlsbtWlf9WQ5ps4R6N23TX2f0hVr9ssfPuHi2VYfT54aTNW23Kys+d2zrPRvK2751PK+lkwdqaxwMK2rT5A05S05lXliuV7jd+k/X919R/xh9919//f1f/7vLWvrHJbWfRduV5GzXV5/84me/8Jn/8He92653/+aJkX/5X3+0oVawBMeVsKDjSrlWkXqt0/okjceVS0Ioev+tC+23I/f9V2q/PUXvv+x6ZpdvH28sMz8cyl29Xy95eOi5qx67a33u+/XkXO/Xxo29vel15YL36+nyuZR9fyWV5nos3vurqaMkm6e//YmzDj36sS3n1gqKPi/rS7fr15d2kH/kbNc/XPvU6M1j//5/9O648eVf/9p1P5zY/Ce1gu73e6xLb/b7QNq+AzntW691zDsb2/ctN948tb1WXtTOr9z5bzotyH/ioWTfbQc/PDE1Nbl3X2fb1ennaVxPtpW7/TyNR7c1BdtVatmuxXoQ9nXSXp2+32L9t3fdXs3vt+GQdPW5cPB7q5d/8CuHD4y0vCpd0fWlNH6pq/g/vurE89ce/vzncuN/OsavdBV/4pnHP7nu7BuO5Ma/L0njDxTHXxla4m8+eqJ/xamHH8mNPx7rP9hV/Z9+x7t+8qUnH3w2N36I8Ye7a/8Xjlzx1Ojoz3LjP5Gk65k5Rwrhay9duqM2n4S+9P0W69HXVK+QnU8y86XMfLlxvhRHEdIVlJOkuTwul5Zf0FCXdv4wpzyehQ2srU1fjvMh+2Du8tNNqeHY3658jvPU/7jYdQMAOB3E6//xHDRe/59MT5TyRxpg1kLzsLU5cWMeNjue03yNdW0aP74+jgOOviWMz0zvGKud6M/3OkJ8P2THOeN6Lnpjc4y24xNHG1dSXX/LOGfR+Pv6zHysV228vNKQh6Za85pK6GD8vXU9c4+/Zza/+HrW2CdaqjXWMG6V3X996YhZu/sdMvWtzETI6x/ZcbF4P8foyrClur4O+0f2Ppq4H7L30cT1nJs5cHZ7H01e/xhpbYemesX+EZebo39Uq1x8PbJ1/4U52nd2/7WPlt1/89jfAzPLL/b12R6MG7Y9pC3duOHiXg+b77hkvPrb03HJNvVf4nHJ5S3x0zfY6T5uGMtjO1U6HE98f055r8YT4+Ei1uvkHHVZCgsYTwQ4rcX8P35GzOT/Myfg/y+zXFGekj1rjPFy7xPKuQm7KO9ovU9vqKvP8W1H93yqf/TURbnnOY90ep/enqa5oYL7foracUNmvrAdcwZoivK97HqK2j17X8ZwWNFVu3/x0L1vv3/V3VfmtvuW2gdpcbt/tmluRUG7nwH5Qvv4r9F8IT73KssXWuP36D6GovGz/HykXK/HouQj6Y1Pi5WP/EFO+XzzkaGWB/Xtqjp985HZD9KmfKRvaesFAJw5Yv5fv36W5v//FE8s0vOIorz14sx8jJebt+acn+Tlrb+fTm/NLD+c/kbFfM+b33PhQ3cuP/Xg+bl5y32d5qH/uWlupDAPXVjenJtHbOnN/eK5eUQ9z1pYnphb/3qeuLA8PecybUOevrA8Ord96nl08zjAZ0/MZhpzxY/jALnx6+MAPcxzfzm70NLluQXjdZmVxdlOx+uWOo+eKelb2bydzXnxUG/y6PQC6mLl0VfnlM83jx5ueVDfrqrTN49uLpdHAwCvVjH/j6dx1fy/P4TH4gKD8cHCrrPn5gU9Om/P/j2QevwnFiWvnI3fo+u/xXnfYueti53XL/a4xJl+/Xexx4VGqn/Ac7HGyV6x+10XJS/+p/qjjvPidKXyYgAATmcx/49pfrz+/1hmuYXmJy35W1/tFHI2Pznz8vPG5c7g/PyasFT5ef+ZnJ+f6eNfi3ufzKsr/5/V5XXxl6dfxfl/tc7yfwCAM1LM/+OvPca///df0/ns363vME+/L3s7r+vorqMHeXoHeXqPx9li/Mb7AM7gcYDywscBBpf8/vjB2eVfTeMAVX3BYAAAwBmgr5optf6e/QfSafb37PN+L//anOU7VUlPj2/Yv3dy8roDe7ZP7J+8bvfN2yf3XXfL3p3790/Wz50Xljfm5i1p3tgXKml7tF8um7etSv8ewqqcv4eQXT6GPa/6oPXvIWRXO1jwdwRm919n9c3bf6U5lm/XP/L2d178P8xZPqrv/xv/6JLrduy7bufunft3TkztPDjZvNxI9TepO//ezHidcl7fl5r50aI0/+/vjLtnYfUotdSjL22PvO9nTzL1WJ3WZHXe9x/k1Ps7//3P/vjC6V98KYTx15XfsKD2SzZP/5drJn9///Ef7Jmpf2nO+teXTOtV9H2l2eXj9lSmbt63/007bj6wO/uNkt2J4xml+vwi3deQvv3LHY5PbMspn+/v75dbHpyeOh6fAACgSbz+H89n4/XDz6QnULG8ME/fXVtuodePc/P08c7y9Oz3ks3m6YMdLR+3t9M8fWCBeXp2/UV5ervl2+XpeXl3Xvw/yFl+vjrvJ/O/z2MqLvCVwwdy+8n1nfWT7PcZFI3nZJefbz9JFthPsusv6iftlm/XT/L2e1789+Usn6eoP1Tq/WFh9+Xk9odPd9Yffi0zX9QfssvPtz+UFtgfsusv6g/tlm/XH/L2b2v85gGC3oz/znSMar+YvO6Wm/d+uGG5TvpHOeT3j6Lvvwitt2R0Ur9ls69d3O//6Fbn7bu4930tvP4hbK6W5NU/Xh9YNq/6d3pf2cLrX9T+87ivbGVoua8st/5PLGwkrPP6z+u+xDvic51+v0tG3uKtr1+q8dq02xXdf1Y0jrs1p3y+47jLWh6cnozjwisn5v/xbC7m/3en015fBjrzvyeti/vv4zHY95jlt3+H5zGn+ef5R7P1XvDnefaSe5vP8yT/svyS83kOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0Jn+ytrq9Phd+06999zf/c6fTr70sd/7+113/OpHvvzTsRt/+9sPDH3h5WPbL9jxw98568aHPnTl0Xv/6tEXV3z9l88UBh6p/qxcnM4OhJA8l4Qw8M2Tf/7xY989Z6YsCSGUk5FDIaxO1jy6OslEGP95CGF7vZ7NT37tpUt3zEzvuLu/qXxVJkh2u8JwOdansZ4h3Fq4RZyBBtJ+dvDULW8KP/qtrXd+f91X/7bvyLOHZhdJBhr6Uwgrr298fV8IYTD9PyP2trXxxel0SwhhqOF1by2o1xs7rP/GnPnz0umydDpcECc+vz4zX8osl52P+jLThm0dLFh1V/Lq0e1yRZZn5rMHo4XKq2csX51Ov5FOL55n/HL8n4RSEir16k8ls30kNOy3JCTVfTlQny/V921Itz8zn2TmS5n5cl9mu6rrTTtaOUmay+NymfJ4OK6k5Rc0HqvbuDqn/PXpdCB9o74c50P2Qc1wy4P6dlXFep2coy6p/9S+uFL8yg6UGo5B7crrOz7dGcNp2XCypuU1023E545tvWdDedu3jo/k1CN5IEnjJ13FP/i91cs/+JXDB9bmxb++lMYvdRX/x1edeP7aw5//XG78T8f45a7iX/Lw0HNXPXbX+tz2ORnbp9JV/IlnHv/kurNvOJJb//ti/IGu4m8+eqJ/xamHH8mt/3hsn8Gu4j/9jnf95EtPPvhsbvwQ4w91FX/b0T2f6h89dVFu/Edi+wx3139eOHLFU6OjPxvLi/9EjL+iq/hfPHTv2+9fdfeVuft3S2yfka7iv+fCh+5cfurB8/OOncl9vfrkBHhtOis9x/pEOt9tnrlQDfnCX45Vaud8y9P/K3q5ooyZ9axcxPgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALw6/ePtl33gmne+b2slCSHJWWa6jfhcednmzWNdrHfimcc/ue7swaaytV3EAQAAAIrV8vAbjpTqJQNhbbglGQzntV0+jhGcF+eS5vLsGEKMkx0j6DZOqU2cUhdxyj2qT6VHcfp6FGdZj+L09yjOQEGcgdBZnME54lRmekCH9Rmasz6dxxnuUZzlPYqzIhOi2zgre1SfVT2KMzJnnM774eoexVnTozhn9SjO2T2K87oexfmVHsU5p0dxsmPK8+2HK9Ilz82LU31QLoxTScr1J9qNp5+Truf8Ba5nuGA9K4o+jztcz2CH63lj5nWlea5noMP1XLbA9SQdrufXFrieUsF6Yr+9NVu/uJ4412H/v61HcQ72KM5HehTn9h7F+WiP4vxJj+J8LDSfnM43DkCnYv4/m++NhP7Kb4Sh9IiTHQWI+e666s/Wz7u8A1KM94ZM+bKieNlEPRNv3Xzrlx1AaIw3GML6THlfU7xKPR+ZI95AY/02ZJ6ca3vfsbl93RrjXZwp758jXtMGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAS+MfbL/vANe9839aQhJl/bU23EZ8rL9u8eayL9R7bes+G8rZvHW8s6690EQgAAAAoFPPwvnrJQOivbAr9ybKm5QbScYCBdL48UpuOrgxbZqbJWKk6P5SsnvN1lfR1G/fv2rNx320H37xz18RNkzdN7n7bpss2XTF++RWXb9yxc2pyvPYzhP6CeCGE6vDDvtsOfnhiampy775aYbb+a9PXrU3nk/R1o28J4zPTO9L6rylYX6llfYv3oHjvAQAAAAAAAAAAAPwru/YbImldBwD8+8zMzoyrlxv+Gw/vHM5TrKz0WkNL3AeCBP8cLkLMWpsceZK0eofeidmkB6kpRaAcHBe+6MIkTXrjn5TIPxwYZgntdYRK+aJeFFqGii9CmdjdeebfzjjbJLfn9fm8mOeZ7+/7+31/v4fj4PvMAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMChNV+fnK1NTc+MJxHJgJxGH9lYvpim1RHqfuXJ7T8orX/nzM5YqTDCQgAAAMBQWR8+1oqUo1TIRz5OXvy2IToGot33AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/3/m65OztanpmaOTiGRATqOPbCxfTNPqCHVffevhz760fv3fOmOVEdYBAAAAhsv68FwrUo5KnBZjyckLnX8rmr0bWNszfymvLVtn3Qrzet8dDMo7bYV5Z6ww72ND8jY3rzcHAAAAfPhl/X+hFZmIUmHNsn446/+H9fVZ3qk9efnmtdqZ9L6KK0kCAAAAViDr/0utSCVKhUqrX19pv7+hHVr86TybP+x3+2z+6T152fxhv+df1rz6nR4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjzm65OztanpmXwSkQzIafSRjeWLaVodoe6mp8b/ccn+OzZ0xkqFERYCAAAAhsr68HbrXY5SYTzG4ujFvn/9Rfc9+qVHH5+MiKU2v1iMm7fs2HHDpoXP2JTlnfPC/rHvP/f6t5flnbP0uWoHBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjDz9cnZ2tT0zFFJRDIgp9FHNpYvpml1hLqvfP6Lf3nw4BOvdcYqI6wDAAAADJf14e3evxyVKEYxTlz81tnrL8j1zB/0zgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4ctz4zVu+sWVubusNblbnppGPOAy28T/eZP+cDpf9fPhvyqu9jdX9fwkAAPjgnRpJNP5LJ12+2rsGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOB/P1ydna1PRMOYlIBuQ0MqV2IBvLF9O0OkLd9MkXS2veeeqZzlhlhHUAAACA4bI+vN37l6MSYzEWJyx+6/dOoLHQ/08cwk0CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAh5X5+uRsbWp6Zk0SkQzIafSRjeWLaVodoe4Du/Z+7v5jv3dxZ6xUGGEhAAAAYKisDy+2IuUoFT4epTil+X2ue0KSb177vxdoz9veNW18xfPqXfPy7zcvKUS05t3Vc7JC8zQL88rt9SaWrq161fa8XHNetTWv0ahEq3y1NW/xYe3uqrZmyPl6nzsAAAAcSln/X2pFJqJUKHX0/z9tXo9qXgf1ublDu3EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4LAzX5+crU1NzyRJRDIgp9FHNpYvpml1hLq3/Pajx3z1Z3fv7IxVRlgHAAAAGC7rw9u9fzkqsS4+EusW+/6Y6M7P8v5Ze/f+e//11zMjzj7xwPpC77I/ym5+/cqFT/d+ROS6s3MRxzbrJQPq/eb39960sfHugxFnn5A/ZVm9eP963UumjcdqWy/b8dyB7UMeDgAAABwhsv5/rBWZiFLh+oH9f9Z5D+n/WxYb8GNv2vWL45ufzY68Z0ZuolkvN6DeFzY+/OfTz/v76wv9//J6n2zdfXrvdfcf31VwKdIjSRtT1+3cfODcfbns1Ev18z31s+fy5W+99u9rbr7n3aX65Sg342t7trJUbflnT/lIG3O5PTOXvren3l2/MOD8d/zumYO/Wnv32wv13zp1vFX/jOhXf+nkhYH146i0MX7FnbvP37t/c3f9iKj2q//G2xfHSX+89vbe84/Hwa6FO59852fvA0gbL2x4c99591Uu6K6f9NTPnv/PDz6w+yf3fPfxrH72tyJnnhYrrJ/rqf/8Xcfteva2y9d2188NOP/TV760flv1O3/oPf/VXasWBu5i+fkfOuuRq17ekt7aOwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHBkma9PztampmdySUQyIKfRRzaWL6ZpdYS6r17y4htX3v3jH3bGKiOsAwAAAAyX9eHt3r8clShGMcYX+/7Halsv2/Hcge0xsTSaNK+FuW037vjENdt2Xn/1Ku0cAAAAWKlXL0kW+/9CKzIRpcLGGGv2/1PX7dx84Nx9uaz/zy1ck4i45tq5rWdHK+/5u47b9extl69tvSeIWPyzgPJC3mfaeRdd+OLEm3/6+ul98za1817Y8Oa+8+6rXJDlRWfeOdF6P/HQWY9c9fKW9NbW/jrzPvW1bXPN1xPZuuNX3Ln7/L37N+ey9xjN63hz3SxvLrdn5tL39tRzE1FaGM8388rNcwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAy83XJ2drU9MzkY9IBuQ0OjUD2Vi+mKbVEepeuvGXtx/zzhPrOmOlwggLAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP9hBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCvv1ExpH2ccB/Hl2kzebbNIm7QtGxTStilIPLQoielFRkVak4KlSpNragygIIko9mEorlqp4EaxeiqigRilUsLFYWiUV/xUvHlRQqB6EUgxoluJBJZtnNpvJTjduVFA+H1iePM/MfOc3M88+mwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAf5WeruF6e2LPQ7XbL7j5kyfunX781vce2HXZY2/8MLrtxo8P9r16dnL76h1f37Ry25H7Nkzsf+n4LwPv/HaqbfCjs83a1K2EEM/EECrvTz3/5OSn582MxRBCOQ6OhTAUVxwfirmE9b+GELY36py/8dD0VTtm2l37euaNL8+F5K8rVMtZPbMG59fLf0slzbOdtUeuCN/esHn356vefqt7/PTY3C5xZp9ymk8hLNvafHx3CKE3fWZks204Ozi1m0IIfU3HXdOmrosXWf+6EGq5ft2Fqf1faqttcrLta3L9Um6/fD/TnWv72pxvqYrqaLtfb2fn68/184vRUjXqXNd6fCi176Z27Z/ML2efGEoxdDXKvz/OzZHQ9NxiiPVnWWn0S41nG9L15/ox1y/l+uXu3HXVz5smWjnG+ePZfrnxbDnuSuOrm9fqFu4oGD8/tZX0RT2b9UP+j1nVBX80rqsuq2vqHLX8E0pNa1Cr8caDTw+jmsaqccWCY35vIds2ufnpS8tbPjgxWFBHPBhTfuwof+dnQ/13vbn34eGi/K2llF/qKP+7jSd/unPvyy8W5j+X5Zc7yr/yaN+ZjR/uWVN4f6bmVpDF5MfUz7bdfeqjZ1b9/57xVs+6nnkgu/+Vjuq/fuJkz0Dt6LHC+tdn96e3o/xvrrvl+9e/PHy6MD9k+X0d5W+ZePDZnpHa5YX5x2a/CtX6DO1g/vw8fvVXIyM/jhblf5Hd/4EW+bFt/mtj+699Zfm+DYXzc1N2fwZT/sIftnPl33bJkd39tcMXFa2d8cBif2EBaGVl+h/rqdRv9555aLrU8j1zqZreF14Y7Zr9BepPn4G/8kQ5M+dZ9jfmAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH+wAwckAAAAAIL+v25HoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8FQAAAD//5LgCR4=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x1ff)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f0000000000)=0x60)

1m27.229403309s ago: executing program 5 (id=3602):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = epoll_create(0x2)
r1 = signalfd4(0xffffffffffffffff, &(0x7f0000000100), 0x8, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000140))
signalfd4(r1, &(0x7f0000000000), 0x8, 0x0)

1m25.912916277s ago: executing program 5 (id=3616):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x8002, &(0x7f00000000c0), 0x1, 0x4b4, &(0x7f0000000c80)="$eJzs3E9sFNUfAPDvbHdpgR8/KiIKoi6isdHYQkHh4AWjiQdMjHjQY9MWghRqaE2EECmJwaMh8W48evXgVb0ZTyZe8WhiSIjhAnhaM7sz7e52t//Y7oL7+SRL35t9s+99982bfTNvlwD6Vjn9J4n4X0TcjIidtWxjgXLtz707Vybv37kyGQuVyqm/k2q5u2k+k++3PcuMFCIKXyRNL1gzd+nyuYmZmemLWX5s/vwnY3OXLr969vzEmekz0xfGjx8/euTwsdfHX1t/UC3qS+O6u+/z2f173/noxruTxXz7UPa3Po5OKUe5VVOqXux0ZT22oy6dFHvYENZlICLS7ipVx//OGAidB/2iUqlUBts/vVBpdm3ZFuCRlUSvWwD0Rv5Bn17/5o8uTT0eCrdP1C6A0rjvZY/aM8UoZGVKTde3nTQUER8u/PNN+ohNug8BAFDvpxP5TLB5/leIPXXl/p+toQxHxGMRsSsiHo+I3RHxRES17JMR8VTT65cjorJC/eWm/PL5T+HWAwW4inT+90a2ttU4/8tnfzE8kOV2ROQT5ulD2XsyEqXB02dnpg+vUMfPb/3+VbvnynXzv/SR1p/PBbN23Co23aCbmpif2HDATW5fi9hXbI4/KUYkiysBSUTsjYh963jd4br02Ze/27+YKTWWWz3+qkrLdbQOLFVUvo14qdb/C9HQ/0s1JiuvT44Nxcz0obH0KDjUso5ff7v+Xrv6V43/hz+bd3n72I+nHjTsRWn/b6s7/iNfv12KfziJSBbXa+fWX8f1P75se02ztuP/asM+6fG/Jfmgmt6SbftsYn7+4uGILcnJ5dvHl/bN83n5NP6Rg63H/65sn/SdeDoi0oP4mYh4NiKey9p+ICKej4iDK8T/y5svfLzx+DdXGv9Uy/NfQ/8vrdfPncwTl9aaGDh34Ob9NiePtfX/0WpqJNvS+vyXNJwi1trADryFAAAA8NArRPW7/4XRxXShMDpauwe0O7YVZmbn5l85PfvphanabwSGo1TI73TV7geXkvz+53BdfrwpfyS7b/z1wNZqfnRydmaq18FDn9teHfPJsvGf+mug160DNp2f/ED/Wm3877nRpYYAXefzH/pX3fhfaFNkwTdl4L+p9ed/qevtALqv1fi/uoF9gEdLxViGvmb8Q/8qxvuL6UJPWwJ0m89/6Etr/xX/RhKVwdZPDcXywjG0Oc3Y2qKuniTSmVVPat+6kb3y/02hbZkorPY6xYZjbDCWlxmInvTFmT0dP/gr2XflO93U71cep/l0fRPeqO6ehwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADbLvwEAAP//cdfX0w==")
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x4008a, &(0x7f00000001c0)={[{@dioread_nolock}, {@usrjquota, 0x22}, {@nogrpid}, {@noload}, {@acl}, {@grpjquota, 0x22}, {@errors_continue}, {@nodelalloc}, {@usrjquota}]}, 0xfe, 0x44e, &(0x7f0000000d80)="$eJzs3M1vG0UbAPDHdpw0bfMmbykfDS0ECiLiI2nSD3rgUgQSB5CQ4FDEKSRpFeo2qAkSrSIIHMIRVeKOOCLxF3ChXBBwQuIKd4QUoVwonIzW3k3dxE7ixIlL/ftJm8x4xpp5dnfs8azXAXSsoeRPLuJgRPwaEf3V7J0Vhqr/bq0sTP69sjCZi3L5jT9zlXp/rSxMZlWz5x2oZsrlDdpdejtiolSavprmR+cvvzc6d+36czOXJy5OX5y+Mn727KmTx7rPjJ9uSZx9SV8HP5w9euSVt268Nnn+xjs/fp3092BaXhtHqwxV925dT7a6sTbrq0nnutrYEZpSiIjkcBUr478/CtG7WtYfL3/S1s4Bu6pczpd7GhcvloF7WDJRBzpR9kaffP7Ntj2aetwVls/F6jrGrXSrlnRFPq1TTD8j7YahiDi/+M8XyRa7tA4BAFDr5rmIeLbe/C8fD9TU+196bWggIv4fEYci4r6IOBwR90dU6j4YEQ812f7aKyTr5z/l/m0FtkXJ/O+F9NrWnfO/bPYXA4U011eJv5i7MFOaPpHuk+Eo9iT5sQ3a+O6lXz5rVFY7/0u2pP1sLpj244+uNQt0UxPzEzuJudbyxxGDXfXiz63OeZP58ZGIGNxmGzNPf3W0Udnm8W+gBZPy8pcRT1WP/2KsiT+Ta3h9cuz5M+OnR/dFafrEaHZWrPfTz0uvN2p/R/G3wPLNcuyve/6vxj+Q2xcxd+36pcr12rnm21j67dOGn2m2e/53596spLvTxz6YmJ+/OhbRnXt1/ePjt5+b5bP6yfk/fLz++D8Ut/fEwxGRnMTHIuKRiHg07ftjEfF4RBzfIP4fXnzi3ebj32BVvoWS+Kc2O/5Re/ybTxQuff9N8/FnkuN/qpIaTh/ZyuvfVju4k30HAAAA/xX5ynfgc/mR1XQ+PzJS/Q7/4difL83OzT9zYfb9K1PV78oPRDGfrXT116yHjqVrw1l+fE3+ZLpu/Hmht5IfmZwtTbU7eOhwBxqM/8TvhXb3Dth17teCzmX8Q+cy/qFzGf/QuYx/6Fz1xv9HbegHsPc2ef/v3at+AHvP/B86l/EPncv4h47U8N74/I5u+ZdoU+Lb7p39VsPWE5G/S0K+ZxLFqFvUteUfs9hmoqduUbtfmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFrj3wAAAP//j57jFA==")
syz_mount_image$msdos(&(0x7f0000000040), &(0x7f0000000100)='.\x00', 0x80061, &(0x7f00000001c0)=ANY=[], 0xfe, 0x0, &(0x7f0000000000))

1m25.620023939s ago: executing program 5 (id=3622):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f0000000000), 0xfc, 0x582, &(0x7f0000000b40)="$eJzs3d9rW+UbAPDnpO3W/fh+28EY6oUUduFkLl1bf0zwYl6J6HCg9zO0WRlNl9GkY60Dtwt3440MQcSB6L33Xg7/Af+KgQ6GjKIX3lROctKFNunSLF2z5vOBs73vOSd9z5P3PG/ek5OQAAbWRPpPLuLliPgmiRhr2jYc2caJ+n5rj2/OpksS6+uf/pVEkq1r7J9k/x/JKi9FxG9fRZzObW23srK6UCiViktZfbK6eG2ysrJ65spiYb44X7w6PTNz7q2Z6Xffebtnsb5+8Z/vP7n/4bmvT65998vDY3eTOB9Hs23NcTyDW82ViZjInpOROL9px6keNNZPkr0+ALoylOX5SKRjwFgMZVnf0vrY8zw0YJd9maY1MKAS+Q8DqjEPaFzb9+g6+IXx6P36BdDW+Ifr743EaO3a6PBaUr8yOljfml7vjveg/bSNX/+8dzddot37EAd70BDAJrduR8TZ4eGt41+SjX/dO9vBPpvbGLTXH9hL99P5zxut5j+5jflPNM9/Mkda5G43np7/uYc9aKatdP73Xsv578ZNq/GhrPa/2pxvJLl8pVRMx7b/R8SpGDmY1qci4oPWN0E+z609WG/XfvP8L13S9htzwew4Hg5vmv/NFaqFZ4+87tHtiFdazn+Tjf5PWvR/+nxc7LCNE8V7r7bb9vT4d9f6TxGvtez/J52ZbH9/crJ2Pkw2zoqt/r5z4vd27W8b/2jPw90i7f/D28c/njTfr63svI0fR/8tttvW7fl/IPmsVj6QrbtRqFaXpiIOJB9vXT/95LGNemP/NP5TJ7cf/1qd/4fSxO4w/jvH7zTvOrqz+HdXGv/cjvp/54UHH33xQ7v2O+v/N2ulU9maTsa/Tg/wWZ47AAAAAAAA6De5iDgaSS6/Uc7l8vn65zuOx+FcqVypnr5cXr46F7Xvyo7HSK5xp3us6fMQU9nnYRv16U31mYg4FhHfDh2q1fOz5dLcXgcPAAAAAAAAAAAAAAAAAAAAfeJIxGir7/+n/hhq/Zg2q4EX0TY/+Q3sc+3zP9vSi196AvqS138YXF3kv/cAYJ/w+g+DS/7D4JL/MLjkPwwu+Q+Dayf5//OFXTwQAAAAAAAAAAAAAAAAAAAAAAAAAAAA2B8uXriQLutrj2/OpvW56yvLC+XrZ+aKlYX84vJsfra8dC0/Xy7Pl4r52fLi0/5eqVy+NjUdyzcmq8VKdbKysnppsbx8tXrpymJhvnipOPJcogIAAAAAAAAAAAAAAAAAAIAXS2VldaFQKhWXFBS6Kgz3x2H0YSHXH4fRZWGvRyYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeOK/AAAA//92vTrs")
open(&(0x7f0000000180)='./bus\x00', 0x14937e, 0x111)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x0, 0x0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x1c0000000, 0x8005, 0x0, 0x0, 0x15, 0x0, "ef359f413bb93852f7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e737ff0edf110ff4117639c2eb4b78c660e677df701905b9aafab4afaaf755a3f6a004", "036c47c6780820d1cbf7966d61fdcf335263bd9bffbcc2542ded71038259ca171ce1a311ef54ec32d71e14ef3dc177e9b48b00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x200]})
r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r1, 0x0, 0x0)

1m25.117271789s ago: executing program 5 (id=3631):
syz_usb_connect(0x3, 0x1c, 0x0, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$can_bcm(0x1d, 0x2, 0x2)
r2 = socket(0x1d, 0x2, 0x6)
ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vxcan0\x00', <r3=>0x0})
bind$can_j1939(r2, &(0x7f0000000100)={0x1d, r3, 0x2, {0x3}}, 0x18)
ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000100)={'vxcan0\x00', <r4=>0x0})
r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), r2)
sendmsg$TIPC_NL_KEY_SET(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)={0x14, r5, 0x800, 0x70bd2c, 0x25dfdbfd}, 0x14}}, 0x10)
sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x8, &(0x7f00000001c0)={&(0x7f0000000380)=@getchain={0x24, 0x11, 0x1, 0x0, 0x25dfdbfb, {0x0, 0x0, 0x0, r4, {}, {0x7, 0x2}, {0x0, 0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000}, 0x98)

1m24.785147771s ago: executing program 5 (id=3633):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_GETSHIFTSTATE(r0, 0x541c, &(0x7f0000000040)={0x6, 0xf})

1m24.687581295s ago: executing program 35 (id=3633):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$TIOCL_GETSHIFTSTATE(r0, 0x541c, &(0x7f0000000040)={0x6, 0xf})

43.498605222s ago: executing program 3 (id=4311):
r0 = io_uring_setup(0x7c41, &(0x7f0000000300)={0x0, 0x0, 0x40, 0x0, 0xfffffffd})
r1 = syz_io_uring_setup(0x49a, &(0x7f00000000c0)={0x0, 0x44dc, 0x3180, 0x8000, 0x840024c}, &(0x7f0000000200)=<r2=>0x0, &(0x7f0000000040)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_MSG_RING={0x28, 0x40, 0x0, r0, 0x0, 0x0, 0x0, 0x2})
io_uring_enter(r1, 0x627, 0x4c1, 0x9, 0x0, 0x18)

43.428639085s ago: executing program 3 (id=4312):
bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xb, 0x6, &(0x7f0000000000)=@framed={{0x5, 0x0, 0x0, 0x0, 0x0, 0x69, 0x11, 0x28}, [@func={0x85, 0x0, 0x1, 0x0, 0x2}, @call={0x85, 0x0, 0x0, 0x5}, @exit], {0x95, 0x0, 0x5a5}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x6}, 0x70)

43.428265356s ago: executing program 3 (id=4313):
r0 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000035c0)="5c00000013006bcd9e3fe3dc4e48aa31086b8703340000001f00000003000000040014000d000a00140000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x240000c0)

43.332663236s ago: executing program 3 (id=4314):
syz_mount_image$ext4(&(0x7f0000000980)='ext4\x00', &(0x7f0000000280)='./mnt\x00', 0x840, &(0x7f0000000340)={[{@test_dummy_encryption_v1}, {@test_dummy_encryption_v1}, {@nomblk_io_submit}, {@auto_da_alloc}]}, 0x1, 0x241, &(0x7f0000000540)="$eJzs3U9oFFccB/DfzO42TbKUtL0UCm2hlNIGQnor9JJeWgiUEEoptIUUES9KIsQEb4knLx70rJKTlyDejB4ll+BFETxFzSFeBA0eDB70sDI7iUSz/oGJO+J8PjC7M7vvze8Ns983exkmgMoaiIiRiKhFxGBENCIi2dngm3wZ2Npc6F2ZiGi1/nyYtNvl27ntfv0RMR8RP0fEcprEwXrE7NK/649Xf//+xEzju3NL//R29SC3bKyv/bF5duz4xdGfZq/fvD+WxEg0XziuvZd0+KyeRHz2Loq9J5J62SPgbYwfvXAry/3nEfFtO/+NSCM/eSenP1puxI9nXtX31IMbX3ZzrMDea7Ua2TVwvgVUThoRzUjSoYjI19N0aCj/D3+71pcempo+MnhgamZyf9kzFbBXmhFrv13uudT/Uv7v1fL8Ax+uLP9/jS/eydY3a2WPBuimLP+D/8/9EPIPlSP/UF3yD9Ul/1Bdr8t/WtKYgO5w/Yfqkn+oLvmH6pJ/qC75h+ramX8AoFpaPWXfgQyUpez5BwAAAAAAAAAAAAAAAAAA2G2hd2Vie+lWzaunIzZ+jYh6p/q1recQfNx+7XuUZM2eS/Juhfz3dcEdFHS+5LuvP7lbbv1rX5Vbf24yYv5YRAzX67t/f0nh52B8+obvG/sKFijol7/Lrf90sdz6o6sRV7L5Z7jT/JPGF+33zvNPMzt/BesfflJwBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHTNswAAAP//ceptKw==")
r0 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)=0x10)
r1 = open(&(0x7f0000000300)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r1, 0x40086602, &(0x7f00000001c0)=0x10)

43.332549162s ago: executing program 3 (id=4315):
syz_mount_image$iso9660(&(0x7f0000000c80), &(0x7f0000002380)='./bus\x00', 0x3a0cc0a, &(0x7f0000000800)={[{@dmode={'dmode', 0x3d, 0x51}}, {@dmode={'dmode', 0x3d, 0x5}}, {@map_normal}, {@map_normal}, {@check_strict}, {@overriderock}, {@nocompress}, {@dmode={'dmode', 0x3d, 0x81}}, {@unhide}, {@nojoliet}, {@session={'session', 0x3d, 0x32}}, {@sbsector={'sbsector', 0x3d, 0x1}}, {@nojoliet}], [{@uid_eq}], 0x2c}, 0x3, 0x9ea, &(0x7f0000004100)="$eJzs3U1sHOUZB/D/+CNxTRQCpDRFQDahAQOpYzslNOLSxF4npv6obEciqipCSVJFsUoFRQLUQypVPRW1h6oHekPqpSckLnCpcmuvvfRQqeLcG+op6qFbzew6tmOv1wn+Ivx+1nrn45n3fd6d2Xnl8e684cus0WhUj3ucv/Dn7UyW3efs2GcffvR++fjljexJd14oPkn6ktSSniSHkt7RsdmZqQ4FXU8uJbmZFEn2pvm8IZdS/Db7luZvpvhjWW/lwj02jA1p8JW208cfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADsRsXo2NDQcJHJiekLr9Taq4YAb7eya6m8T6tRv4tPO9abFOUjfX2LQ30fOri0+tHy19E83px7vBqQPH1574FHD7z0SE/X4vbrJHw3/tcaDPmuN3zr3feuv7awcOXNTUrky+ZcfXpibmZi6sy5em1ibqZ2+tSpoRPnx+dq4xOT9bmLc/P1qdrobP3M/MxsbWD02drw6dMna/XBizMXps+NDU7WFxe++O2RoaFTtZcHf1A/Mzs3M33i5cG50fMTk5MT0+eqmHJ1GfNieSB+f2K+Nl8/M1WrXb22cOXkiozWOCTKoOFOLSmDRjoFjQyNjAwPj4wMn3rh9AsvDg31LC3oTrVg6A5Ztcntgzb7slnHLzvvg66NRm7yGRzuXVer/89kJjKdC3kltTV/RjOW2cxkqs36lsX+/9iJ+rr1Lu//F3v5Q0urH0vV/z/ZnHuyXf/fJpft+3kr7+a9XM9rWchCruTNFWv33kOJjcbarfrT35uvxU63eOXPudQznYnMZSYTmcqZakmttaSW0zmVUxnKqzmf8cyllvFMZDL1zOVi5jKfenVEjWY29ZzJfE+zjQMZzbOpZTinczonU0s9g7mYmVzIdM5lLGeqUq7mWvW6n1wnx9tBwxsJGlknaJ3+v7XgLvp/vqI2+xQO96zR6v/3dA4dGN2OhAAAAIBN982/Zf/Bh//6r6Q3T1TX2AEAAID7TfVxvcfLp95y6okU4xOT9aHVgW9vf24AAADA5iiq79gVSfpzuDm1+E2oNS4CAAAAAF9G1f//nyyf+supwyn8/Q8AAAD3m8732O8YURxPLTfKVbXLzcjLrYjWfX77xycm64OjM5MvDefp6i4D1TcNVpXWnQNJ9fWD53KkGXWkv/ncv7LEvjJqePCl4fTlaKshA0+VT08NrBE5UkY+l2eakc8sRvZlVeTJMhIA7ndH1+mPN9r/P5fjzYjjj1W3b+95bI0+eEjPCgC7RecxdjpGFN9ZHP6nzd//3bl6uPmRgsG8njeykMs5Xn3boPrEQavU3CyyVGr/so8hHO9wNaB/2QgvxxevBxzet+b1gP5lA70cX3VFoF3syTVfu2LT9wYAbI+jq/rhdfr/RqM5ter6//p///f7SCEA7Cq3R7Dfwok76+zdmaYCAC3te+l1dG9hQgAAAAAAAAAAAAAAAAAAAAAAAAAAAHAf2Mr7/3cl2dqRBb7AxI0kuyCNbZ74d2u3r1rVWn5jxzNcNrE3X7ycvm0Z4eLdH+3ZxYf6vU3s4EkJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAbVMk3Wst70r2Jj1DSU5sf1Zb58ZOJ7DDilu5lXeyf6fzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC437Tu/9+V5vMDzUXp6UqOJbmU5Ic7neNmurXTCeywZff/L/d5GkV6mrs9Re/o2OzMVLn7s7dc/9mHH71fPu6lnrKAsoYVg0u0ami/1UPVVv1jV966/vM3flYbO1sleXZ+fHJs6tzs95YCHy0+TmppPhYt5vuLonUUr2z5x2VLO9db1jJe1Tu2ut5vrLX17XqP/eV37du2ZCmNawtXRsqa5uuvzL/902vvLAt6OEeSpwaSgZU1/aR8tKnpSHrXq7f4vPh1sT9/yKVq/5dpFI2i3EUPVu3/2tVrC1cGX39j4XKbnA7kcJLLSd/Gczq8ek8sqo66rt6y1qEqqPx1sEN563qge3+j0SxxuE0bHqoOmf67akOtfRsqHV73VhtPtsnokTx913v66Q41tvy30dScKz4v/lmczz/yq2Xjf3SV+/9YNvLuLGOqyGVHSvs2H1tq+cjyFa/eGdn2XckW+E1+nO/e3v9dy87/rX21PeejZTVu2fuiaPZCLdX0wTt6pNbZp12WrTwPNqPa5Pn1PL96uw55Pt/hjLJJ7/+Vis+LD4qB/Cc3jP8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADsfkXSvdbyruRYkgNJHizna0ljM+rr6i82o5gN2rNqyY1trH336Lo9VdzKrbyT/TuaDgAAAAAAAACb5uzYZx9+9H75qP4f351vFZ8kfc3/9PckOVD8vnd0bHZmqkNBvcmlJDfL6b67y6HcLvuW5m+Wc4fuvi0AwMb8PwAA//9F2m9c")

42.758558068s ago: executing program 3 (id=4318):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000880)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1ff8d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002706870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a83984e68a6d80a5f5222ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0007000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1f6428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e1700000000000000000a034000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1ebbb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa5210b16eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xe2c, 0x60000000, &(0x7f0000000100)="b9ff03076844268cb89e14f086dd47e0ffff00122c00631177fbac141416e000030a44079f034d2f87e589ca6aab845013f2325f1a3911050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000, 0x0, 0x7000002}, 0x2c)

42.727278021s ago: executing program 36 (id=4318):
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000880)=ANY=[@ANYBLOB="b702000007000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1ff8d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002706870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447e2edfae4f390a83984e68a6d80a5f5222ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2a2d0e0007000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e48455b5a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1f6428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afdc0e1700000000000000000a034000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033ec14bb9cc16bd83a00840e31d828ec78e116ae46c4897e2795b6ff92e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1ebbb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa5210b16eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb74b5589829b6b0679b5d6"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x18000000000002a0, 0xe2c, 0x60000000, &(0x7f0000000100)="b9ff03076844268cb89e14f086dd47e0ffff00122c00631177fbac141416e000030a44079f034d2f87e589ca6aab845013f2325f1a3911050b038da1880b25181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000, 0x0, 0x7000002}, 0x2c)

468.550944ms ago: executing program 4 (id=4930):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
getsockopt$sock_int(r0, 0x1, 0xa, 0x0, &(0x7f0000000b80))

417.741915ms ago: executing program 4 (id=4933):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f0000000140)={0x2, 0x3, 0x69, 0x9, 0xa, 0x0, 0xfffffffd, 0x0, [@sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0xffff, @loopback}}, @sadb_sa={0x2, 0x1, 0xffffffff, 0x0, 0x8, 0x7, 0x2, 0xa808ec24493b2b08}, @sadb_address={0x3, 0x6, 0x0, 0x0, 0xe, @in={0x2, 0x0, @multicast1=0xe0000009}}]}, 0x50}}, 0x20008024)

357.375248ms ago: executing program 4 (id=4936):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000300)='rcu_utilization\x00', r0}, 0x10)
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB="ff0012bb9e"], 0x48)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0e0000000400000008"], 0x48)

321.13866ms ago: executing program 7 (id=4938):
lsm_set_self_attr(0x2, 0x0, 0x0, 0x20)

209.659641ms ago: executing program 7 (id=4940):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0x10, &(0x7f0000000a40)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x8000}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@call={0x85, 0x0, 0x0, 0x7d}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000ac0)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x8, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000003f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x20}, 0x15)

209.333125ms ago: executing program 4 (id=4942):
syz_mount_image$fuse(0x0, &(0x7f0000000040)='./file0\x00', 0x818808, 0x0, 0x0, 0x0, 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff097b000008003950323030302e4c"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000100)={0x18}, 0x18)
write$FUSE_DIRENTPLUS(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="b0000000000000008d15c937040795e9ec68ba339b8fd15e58983b3da942"], 0xb0)
getresuid(&(0x7f0000000440), &(0x7f0000000480), &(0x7f0000000400)=<r3=>0x0)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000580)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r2, @ANYBLOB=',privport,access=', @ANYRESDEC=r3])
setxattr(&(0x7f0000000140)='./file0\x00', &(0x7f0000000180)=@known='user.syz\x00', 0x0, 0x0, 0x1)

209.150138ms ago: executing program 6 (id=4943):
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
r0 = syz_io_uring_setup(0x235, &(0x7f0000001240)={0x0, 0x10008cc8, 0x10100, 0x2, 0x75}, &(0x7f0000000000)=<r1=>0x0, &(0x7f0000000100)=<r2=>0x0)
syz_io_uring_submit(r1, r2, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x3b, 0x2, 0x1})
io_uring_enter(r0, 0x7a98, 0x0, 0x0, 0x0, 0xfffffffffffffc76)

208.74342ms ago: executing program 7 (id=4944):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff)
sendmsg$DEVLINK_CMD_PORT_UNSPLIT(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)={0x64, r1, 0x731, 0x4, 0x25dfdbfe, {0x38}, [{{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x73, 0x80000}}}, {{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0x3, 0x2}}}]}, 0x64}, 0x1, 0x2}, 0x2)

149.953699ms ago: executing program 4 (id=4945):
r0 = getpid()
r1 = syz_pidfd_open(r0, 0x0)
setns(r1, 0x8020000)
syz_clone3(&(0x7f00000008c0)={0x14860000, 0x0, 0x0, 0x0, {0x28}, 0x0, 0x0, 0x0, 0x0}, 0x58)

149.764461ms ago: executing program 6 (id=4946):
r0 = socket(0x2, 0x80805, 0x0)
getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r0, 0x84, 0x70, 0x0, &(0x7f0000000000))

149.480774ms ago: executing program 7 (id=4947):
r0 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000280)={0x41}, 0x10)
r1 = socket$tipc(0x1e, 0x5, 0x0)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000900)={0x41, 0x4}, 0x10)
r2 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000040)={0x41}, 0x10)
r3 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000280)={0x41, 0x0, 0x2}, 0x10)
r4 = socket$tipc(0x1e, 0x2, 0x0)
setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000100)={0x41, 0x0, 0x2}, 0x1be)
sendmsg$tipc(r4, &(0x7f0000000180)={&(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x41}}, 0x10, 0x0}, 0x0)

89.447174ms ago: executing program 7 (id=4948):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_TIMEOUT_NEW(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="840000000008010300000000000000000000000a060002406558000006000240600100000600024088a2000005000300840000000600024060020000060002400011000034000480080008400000000608000340000000010800044000000004080002400000000008000940000007ff0807074000000001090001"], 0x84}}, 0x8000)

89.181916ms ago: executing program 6 (id=4949):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@setlink={0x50, 0x13, 0x1, 0x3000000, 0x0, {}, [@IFLA_IFNAME={0x14, 0x3, 'lo\x00'}, @IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET={0x18, 0x2, 0x0, 0x1, {0x6, 0x1, 0x0, 0x1, [{0x8, 0xd, 0x0, 0x0, 0x8}, {0x8, 0x16, 0x0, 0x0, 0xadb}]}}]}]}, 0x50}}, 0x0)

88.961945ms ago: executing program 4 (id=4950):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r3, &(0x7f0000000100)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-sse2\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0)
r4 = accept4(r3, 0x0, 0x0, 0x0)
sendmmsg$alg(r4, &(0x7f0000001800)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0)
sendmsg$xdp(r4, &(0x7f0000000c40)={0x0, 0x0, &(0x7f0000000c00)=[{&(0x7f00000009c0)="22613fdba0da05ae867cac56aab11ac819a18aa6c99d7fdee052ea631826c069d9fb7bfb1240a1b5f513daa7ab849014b47dea4039bc6b7006dc77e7d301078cd285f43e95002dab5758ce7e643c117ec7f7f7de04bd2940d7ee88f32c19d3fc098c6338fc038ff837a00b9dd4174284a1408ba88cb80fdb68c80e92dea7e1ab", 0x80}], 0x1, 0x0, 0x0, 0x2400c090}, 0x840)
recvmmsg(r4, &(0x7f0000000680)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000280)=""/135, 0x87}], 0x1}, 0x10000}], 0x1, 0x28101, 0x0)
sendmsg$RDMA_NLDEV_CMD_GET(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB], 0x10}, 0x1, 0x0, 0x0, 0x8005}, 0x400c4)

88.789218ms ago: executing program 7 (id=4951):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4)
bind$inet(r0, &(0x7f0000000240)={0x2, 0x0, @local}, 0x6f)
connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x300)
setsockopt$inet_int(r0, 0x0, 0x19, &(0x7f0000000180)=0x1f5, 0x4)
setsockopt$inet_int(r0, 0x0, 0x17, &(0x7f00000001c0)=0x40, 0x4)
recvmmsg(r0, &(0x7f0000000580)=[{{0x0, 0x0, 0x0}, 0xd}], 0x1, 0x45833af92e4b39ff, 0x0)

88.642574ms ago: executing program 6 (id=4952):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001000)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef42d430f6296b72a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed40000000022278d00031e5388ee5c867ddd58211d6ece3ccb0cd2b6d3cffd962867a3a2f624f992daa94a6a556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff020000000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219"], 0x0}, 0x94)
r0 = socket$kcm(0x2, 0x3, 0x2)
sendmsg$inet(r0, &(0x7f0000001640)={&(0x7f0000000300)={0x2, 0x0, @multicast2=0xe0000001}, 0x10, 0x0, 0x0, &(0x7f0000001140)=ANY=[@ANYBLOB="1c000000000000000000000008000000", @ANYRES32=0x0, @ANYBLOB="ac141411e0000001000000002800000000000000000000000700000094040007441405"], 0x48}, 0x0)

149.218µs ago: executing program 6 (id=4953):
r0 = socket$packet(0x11, 0x3, 0x300)
getsockopt$packet_int(r0, 0x107, 0x13, 0x0, &(0x7f0000000100))

0s ago: executing program 6 (id=4954):
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000000c0)='./file1\x00', 0x101880a, &(0x7f0000000400)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c61636c2c6673796e635f6d6f64653d7374726963742c696e6c696e655f78617474722c6673796e635f6d6f64653d706f7369782c646973636172645f756e69743d7365676d656e742c6261636b67726f756e645f67633d6f6e2c6e6f696e6c696e655f78617474722c646973636172645f756e69743d626c6f636b2c6673796e635f6d6f64653d7374726963742c617467632c657874656e745f63616368652c6661756c745f696e6a656374696f6e3d30303030303030303030303030303031343033302c00271d57a599b8b169a579679e220c689eaaec4fa6229021e75c68a687d319b615573b0b0ceefba8e2e2419434463974ef8174b66469344931de0ccad650792761"], 0x1, 0x550b, &(0x7f00000079c0)="$eJzs3M1rI2UYAPAn/dhv1yIevO3AIrSwiU0/Fr1V3cUP7FJWPXjSNElDdpNMadK09uTBo3jwPxEFTx79Gzx49iYeFG+Ckpmpbv0AoWlj298PJs+8b94887xhWXhmSgK4sOaSX34qxc24GhHTEXEjIjsvFUdmLQ/PRcStiJh64igV839MXIqIaxFxc5Q8z1kq3vrszvD26o9v/vz1t5dnrn/+1XeT2zUwac9HRHc7P9/r5jFt5fFRMV8btrPYXRkWMX+j+7gYp3nca25mGfZqh+tqWVxu5evT7d3+KG51avVRbLW3svntXn7B/rB1mCf7wKPaTjZuNDez2O6nWWwd5HXtH+T/tx30B3meRpHvwyx9DAaHMZ9v7jfz/Ww/zmK9Nyjm87xpo7k/isMiFpeLetppZHVsHueb/n97q93b3U+GzZ1+O+0lq5Xqi5Xq3XJ1J200B82Vcq3buLuSzLc6o2XlQbPWXWulaavTrNTT7kIy36rXy9VqMn+vudmu9ZJqtbJcWSyvLhRnd5LXHrybdBrJ/Ci+0u7tDtqdfrKV7iT5JxaSpcrySwvJ7Wry9vpGsvHw/v31jXfev/feg5fX33i1WPS3spL5pcWlpXJ1sbxUXbhA+/+4KHqM+4djKU26AICzR/8PTMLJ9f87DyNOvv8P/f9YnKn+9/z1/3svREx0/3As+n8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgAvr+9kvXs9O5vLx9WL+qWLqmWJcioipiPjtH0zHpSM5p4s8s/+yfvYvNXxTiizD6BqXi+NaRKwVx69Pn/S3AAAAAOfXlx/d+jTv1vOXuUkXxGnKb9pM3fhgTPlKETE798OYsk2NXp4dU7Ls3/dM7I8pW3YD68qYkuW33GbGle0/mT4SrjwRSnmYOtVyAACAU3G0EzjdLgQAAIDT9MmkC2AySnH4KPPwWXD2l/d/PhC8emQEAAAAnEGlSRcAAAAAnLis//f7fwAAAHC+5b//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAv7NzP7eJA1EcgJ8NXth/WrTa+7ayNyhjS9jjHiMKSBMUkANpIQ1QA7mlhAgiPA6BiEMkj20l+j7JmYxlfrxBcJgZaQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAu3Vfrxe3V7+u2Obt9O3lGAwAAAFyyrdaL+p9Z6n9t7n9vbv1s+kVElBFxae4+ik9nmaMmp3p5/ub0+epVDXcRdcLhPSbN9SUi/jTX44+uPwUAAAD4uDbL1TzN1tOf2dAF0ae0aFN++5spr4iIavaQKa085P3KFFZ/v8fxP1NavYA1zRSWltzGudLepP65H1ftpidNkZry4suORWYbOwAA0KPRWdPvLAQAAIA+/Ru6AIZRxPNW5nErcJKaZnvv81kPAAAAeIeKoQsAAAAAOlfP/3s6/2/v/D8AAAAYRjr/DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgC5tq/Vis1zN2+bs9u3kGQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADyxP+8oEAJhEAZ713cmc//DSoOmpiZVIHz8jcEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMX+vKRACARBFMwZ/zvp+x9WEvQMIkRAw6OKWjQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMXO/bzGUcUBAP/OzM7WtooxSg4RUfCgF5tua2tv4kEJHvwThJBua+zWH20QW4qYizfJuRfRo4igxFv/h55b6KXeethDBc/KzM5kp23A9dfMNvl84M377jDM+75ZCPnOewkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtfFb0zgrDguTOK3O3bp/bb3obz/UF25s31kuWhEnbSb9eHih+SFZioij3SUDAADAwZDV9X1E3M13Vos+XSjr/7y+pqj5v31qElf1/Gd1yfpw/V/X/kX75ed7z+0OtDAZp7jpuY3R8PijqfT+rznOu6f/8ope+eTLdy9Z+YWk7249O87L55l8ffPm2/0yPNRGtgDAP3Gs7qug/n2o6AddJgbAgdFrFN51/Z8tdJsTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQBvGW3G0jpOIWO5N48Lt+9fW9+pvbN9Zrtvp69e348vpPYtb5BFxbmM0PN7qbObb5StXL6yNRsNL7QcvRkRXo79ZTf/C+zNcHNHJ8xH8R0Fafdnzks/jEXT4QwkAgH0pr1pR19/Nd1aLc8lixB/fPVj/v9KIY8b6/94Hp281x2rW/4PWZjj/VjYvfrJy+crV1zYurp0fnh9+9PqJwRuDk2dOnTqzUr4rWfHGBAAAgH+nX7Vm/Z8uPrr+f6QRx4z1/6ffDL5ojpWp//c0XfTrOhMAAICD7ZmXfv8t2eN80u/H52ubm5cGk+Pu5xOTYwep/m2Hqtas/7PFrrMCAAAA2jDeSh5Y/z/biGPG9f8nv3/+x+Y9s4g4XK3/H1v/eHS2venMtTb+nLjrOQIAANCtw1Vrrv/n5f7/dHfLQxoRr748iat/AzhT/Z+989UPzbGa+/9PtjfFuZQuTZ5H2S9F9Ja6zggAAID97ImqFcX+r/nO6oc/HXmvb/8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQNv+DAAA///fxzxy")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x1a37c1, 0x42)
ioctl$F2FS_IOC_START_ATOMIC_WRITE(r0, 0xf501, 0x0)
r1 = open(&(0x7f0000000380)='./file1\x00', 0x109042, 0x0)
write$binfmt_register(r1, &(0x7f0000000180)={0x3a, 'syz2', 0x3a, 'E', 0x3a, 0x5, 0x3a, 'xfs\x00', 0x3a, 'prjquota', 0x3a, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x12c)
fallocate(r1, 0x0, 0x0, 0x7000000)
ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r0, 0xf502, 0x0)

kernel console output (not intermixed with test programs):

ALL_64_after_hwframe+0x77/0x7f
[  316.070798][T12356] RIP: 0033:0x7f641c98ff17
[  316.070805][T12356] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  316.070812][T12356] RSP: 002b:00007ffe94c55f48 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  316.070821][T12356] RAX: 0000000000000000 RBX: 00007f641ca11c05 RCX: 00007f641c98ff17
[  316.070827][T12356] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe94c56000
[  316.070831][T12356] RBP: 00007ffe94c56000 R08: 0000000000000000 R09: 0000000000000000
[  316.070836][T12356] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe94c57090
[  316.070841][T12356] R13: 00007f641ca11c05 R14: 000000000004d225 R15: 00007ffe94c570d0
[  316.070849][T12356]  </TASK>
[  316.070852][T12356] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  316.216833][T10854] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  316.261287][    T9] ft260 0003:0403:6030.0011: USB HID v0.00 Device [HID 0403:6030] on usb-dummy_hcd.6-1/input0
[  316.314140][T15649] loop3: detected capacity change from 0 to 1024
[  316.317000][T15649] EXT4-fs: Ignoring removed bh option
[  316.319300][T15649] EXT4-fs (loop3): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  316.357185][T15649] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  316.411289][T10854] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  316.662750][    T9] ft260 0003:0403:6030.0011: failed to retrieve status: -71
[  316.666183][    T9] ft260 0003:0403:6030.0011: failed to reset I2C controller: -71
[  316.672041][   T55] Bluetooth: hci0: command tx timeout
[  316.709501][    T9] usb 7-1: USB disconnect, device number 2
[  316.754819][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  316.757285][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[  317.249675][T15666] 9pnet: p9_errstr2errno: server reported unknown error t/event#
[  317.481363][ T5913] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  317.705412][T15675] loop4: detected capacity change from 0 to 764
[  317.785209][T15675] rock: directory entry would overflow storage
[  317.793771][T15675] rock: sig=0x4654, size=5, remaining=4
[  317.849829][ T5913] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 52, changing to 7
[  317.857568][ T5913] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 9272, setting to 1024
[  317.865917][ T5913] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  317.869611][ T5913] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  317.879180][ T5913] usb 4-1: config 0 descriptor??
[  318.040904][T15693] comedi: No check for data length of config insn id 7 is implemented
[  318.045155][T15693] comedi: Add a check to check_insn_config_length in drivers/comedi/comedi_fops.c
[  318.048900][T15693] comedi: Assuming n=15 is correct
[  318.104225][T15697] netlink: 'syz.4.3718': attribute type 32 has an invalid length.
[  318.109034][ T5913] ath6kl: Failed to submit usb control message: -71
[  318.113759][ T5913] ath6kl: unable to send the bmi data to the device: -71
[  318.116746][ T5913] ath6kl: Unable to send get target info: -71
[  318.119908][ T5913] ath6kl: Failed to init ath6kl core: -71
[  318.123082][ T5913] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -71
[  318.139005][ T5913] usb 4-1: USB disconnect, device number 18
[  318.344693][T15701] loop4: detected capacity change from 0 to 32768
[  318.406511][T15701] bcachefs (loop4): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,checksum_err_retry_nr=24,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,degraded=very,nojournal_transaction_names,rebalance_on_ac_only
[  318.406567][T15701]   allowing incompatible features above 0.0: (unknown version)
[  318.406577][T15701]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  318.430928][T15701] bcachefs (loop4): Using encoding defined by superblock: utf8-12.1.0
[  318.433579][T15701] bcachefs (loop4): initializing new filesystem
[  318.439020][T15701] bcachefs (loop4): going read-write
[  318.456494][T15701] bcachefs (loop4): marking superblocks
[  318.465991][T15701] bcachefs (loop4): initializing freespace
[  318.468944][T15701] bcachefs (loop4): done initializing freespace
[  318.476431][T15701] bcachefs (loop4): reading snapshots table
[  318.478431][T15701] bcachefs (loop4): reading snapshots done
[  318.484412][T15701] bcachefs (loop4): done starting filesystem
[  318.524189][T12356] bcachefs (loop4): shutting down
[  318.526385][T12356] bcachefs (loop4): going read-only
[  318.531591][T12356] bcachefs (loop4): finished waiting for writes to stop
[  318.539212][T12356] bcachefs (loop4): flushing journal and stopping allocators, journal seq 2
[  318.547100][T12356] bcachefs (loop4): flushing journal and stopping allocators complete, journal seq 3
[  318.552037][T12356] bcachefs (loop4): clean shutdown complete, journal seq 4
[  318.555096][T12356] bcachefs (loop4): marking filesystem clean
[  318.568485][T12356] bcachefs (loop4): shutdown complete
[  318.620995][   T33] audit: type=1326 audit(2000000392.659:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15739 comm="syz.6.3732" exe="/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f45f278ebe9 code=0x0
[  318.742021][   T55] Bluetooth: hci0: command tx timeout
[  319.490565][   T47] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  319.652596][   T47] usb 7-1: New USB device found, idVendor=249c, idProduct=9002, bcdDevice=de.ad
[  319.654635][   T33] audit: type=1804 audit(2000000393.699:198): pid=15764 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.3741" name="file0" dev="ramfs" ino=41326 res=1 errno=0
[  319.656075][   T47] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  319.668401][   T47] usb 7-1: config 0 descriptor??
[  319.876715][   T47] usb 7-1: can't set first interface for hiFace device.
[  319.879189][   T47] snd-usb-hiface 7-1:0.0: probe with driver snd-usb-hiface failed with error -5
[  319.884318][   T47] usb 7-1: USB disconnect, device number 3
[  320.242563][T15795] loop4: detected capacity change from 0 to 40427
[  320.245441][T15795] F2FS-fs (loop4): build fault injection rate: 771
[  320.251246][T15795] F2FS-fs (loop4): invalid crc value
[  320.278849][T15795] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  320.282919][T15795] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  320.345123][T12356] syz-executor: attempt to access beyond end of device
[  320.345123][T12356] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  320.351329][T12356] CPU: 0 UID: 0 PID: 12356 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  320.351342][T12356] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  320.351348][T12356] Call Trace:
[  320.351351][T12356]  <TASK>
[  320.351355][T12356]  dump_stack_lvl+0x189/0x250
[  320.351369][T12356]  ? __pfx_dump_stack_lvl+0x10/0x10
[  320.351377][T12356]  ? __pfx_queue_work_on+0x10/0x10
[  320.351385][T12356]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  320.351396][T12356]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  320.351406][T12356]  f2fs_handle_critical_error+0x37c/0x540
[  320.351417][T12356]  f2fs_write_end_io+0x886/0xb60
[  320.351427][T12356]  __submit_merged_bio+0x27a/0x6a0
[  320.351437][T12356]  __submit_merged_write_cond+0x255/0x530
[  320.351447][T12356]  f2fs_write_data_pages+0x261d/0x3000
[  320.351462][T12356]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  320.351478][T12356]  ? __mod_zone_page_state+0xd7/0x140
[  320.351489][T12356]  ? folios_put_refs+0x560/0x640
[  320.351498][T12356]  ? __pfx_folios_put_refs+0x10/0x10
[  320.351532][T12356]  ? rcu_is_watching+0x15/0xb0
[  320.351540][T12356]  ? lru_add+0xa2f/0xd80
[  320.351547][T12356]  ? lru_add+0x198/0xd80
[  320.351554][T12356]  ? do_raw_spin_lock+0x121/0x290
[  320.351564][T12356]  ? do_raw_spin_unlock+0x4d/0x240
[  320.351572][T12356]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  320.351583][T12356]  do_writepages+0x32e/0x550
[  320.351592][T12356]  ? rcu_is_watching+0x15/0xb0
[  320.351600][T12356]  ? do_raw_spin_unlock+0x4d/0x240
[  320.351609][T12356]  filemap_fdatawrite+0x199/0x240
[  320.351621][T12356]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  320.351635][T12356]  ? rcu_is_watching+0x15/0xb0
[  320.351643][T12356]  ? do_raw_spin_unlock+0x4d/0x240
[  320.351651][T12356]  f2fs_sync_dirty_inodes+0x31f/0x830
[  320.351660][T12356]  f2fs_write_checkpoint+0x95a/0x1df0
[  320.351670][T12356]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  320.351683][T12356]  ? f2fs_stop_gc_thread+0x7f/0xb0
[  320.351690][T12356]  ? kfree+0x18e/0x440
[  320.351699][T12356]  ? kill_f2fs_super+0x298/0x6c0
[  320.351706][T12356]  kill_f2fs_super+0x2c3/0x6c0
[  320.351714][T12356]  ? __pfx_kill_f2fs_super+0x10/0x10
[  320.351720][T12356]  ? radix_tree_delete_item+0x2b6/0x400
[  320.351731][T12356]  ? shrinker_free+0x2ce/0x3e0
[  320.351739][T12356]  deactivate_locked_super+0xbc/0x130
[  320.351748][T12356]  cleanup_mnt+0x425/0x4c0
[  320.351757][T12356]  task_work_run+0x1d4/0x260
[  320.351767][T12356]  ? __pfx_task_work_run+0x10/0x10
[  320.351775][T12356]  ? __x64_sys_umount+0x122/0x160
[  320.351785][T12356]  ? __pfx___x64_sys_umount+0x10/0x10
[  320.351794][T12356]  ? rcu_is_watching+0x15/0xb0
[  320.351801][T12356]  exit_to_user_mode_loop+0xec/0x110
[  320.351811][T12356]  do_syscall_64+0x2bd/0x3b0
[  320.351822][T12356]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  320.351829][T12356]  ? exc_page_fault+0x9f/0xf0
[  320.351838][T12356]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  320.351845][T12356] RIP: 0033:0x7f641c98ff17
[  320.351853][T12356] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  320.351859][T12356] RSP: 002b:00007ffe94c55f48 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  320.351875][T12356] RAX: 0000000000000000 RBX: 00007f641ca11c05 RCX: 00007f641c98ff17
[  320.351880][T12356] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffe94c56000
[  320.351885][T12356] RBP: 00007ffe94c56000 R08: 0000000000000000 R09: 0000000000000000
[  320.351889][T12356] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007ffe94c57090
[  320.351894][T12356] R13: 00007f641ca11c05 R14: 000000000004e2cf R15: 00007ffe94c570d0
[  320.351902][T12356]  </TASK>
[  320.351906][T12356] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  320.861291][T15820] loop6: detected capacity change from 0 to 32768
[  320.893918][T15820] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  320.907334][T15820] XFS (loop6): Ending clean mount
[  320.911037][T15820] XFS (loop6): Quotacheck needed: Please wait.
[  320.924394][T15820] XFS (loop6): Quotacheck: Done.
[  320.981952][T15414] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  321.014760][T15822] loop4: detected capacity change from 0 to 32768
[  321.023155][T15822] bcachefs (/dev/loop4): error validating superblock: Invalid superblock section ext: field too small (64 < 88)
[  321.023155][T15822] ext (size 64):
[  321.023155][T15822] Recovery passes required:      recovery_pass_empty,scan_for_btree_nodes,accounting_read,stripes_read,set_may_go_rw,journal_replay,check_btree_backpointers,check_backpointers_to_extents,bucket_gens_init,reconstruct_snapshots,check_snapshot_trees,check_snapshots,check_subvols,delete_dead_snapshots,check_inodes,check_extents,check_indirect_extents,check_unreachable_inodes,check_nlinks,resume_logged_ops,fix_reflink_p
[  321.023155][T15822] Errors to silently fix:        jset_unknown_csum,bkey_at_pos_max,alloc_key_empty_but_have_data,lru_entry_bad,btree_ptr_val_too_big,btree_ptr_v2_val_too_big,extent_ptrs_invalid_entry,extent_ptrs_no_ptrs,extent_ptrs_redundant_crc,extent_ptrs_unwritten,extent_ptrs_written_and_unwritten,ptr_to_invalid_device,ptr_to_duplicate_device,ptr_after_last_bucket,ptr_before_first_bucket,ptr_to_missing_alloc_key,ptr_to_missing_replicas_entry,ptr_too_stale,stale_dirty_ptr,ptr_crc_uncompress
[  321.023251][T15822] bcachefs: bch2_fs_get_tree() error: invalid_sb_ext
[  321.379133][T15840] netlink: 16 bytes leftover after parsing attributes in process `syz.6.3768'.
[  321.385221][T15840] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3768'.
[  321.393289][T15840] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  321.414574][T15840] batman_adv: batadv0: Removing interface: batadv_slave_1
[  321.565565][T15846] team0: No ports can be present during mode change
[  321.821060][T15857] loop4: detected capacity change from 0 to 8192
[  321.973317][ T9554]  loop4: AHDI p2 p3 p4
[  321.985560][ T9554] loop4: p3 size 4294967042 extends beyond EOD, truncated
[  322.007948][ T9554] loop4: p4 size 16777216 extends beyond EOD, truncated
[  322.014742][T15857]  loop4: AHDI p2 p3 p4
[  322.017154][T15857] loop4: p3 size 4294967042 extends beyond EOD, truncated
[  322.023062][T15857] loop4: p4 size 16777216 extends beyond EOD, truncated
[  322.047377][T15866] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3783'.
[  322.068777][T15868] loop4: detected capacity change from 0 to 512
[  322.068832][ T9554] udevd[9554]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory
[  322.076941][T15868] EXT4-fs warning (device loop4): dx_probe:846: Directory (ino: 2) htree depth 0x0002 exceedsupported value
[  322.083397][ T6296] udevd[6296]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory
[  322.085341][T15868] EXT4-fs warning (device loop4): dx_probe:849: Enable large directory feature to access it
[  322.091146][T15868] EXT4-fs warning (device loop4): dx_probe:934: inode #2: comm syz.4.3784: Corrupt directory, running e2fsck is recommended
[  322.094253][ T6117] udevd[6117]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory
[  322.096522][T15868] EXT4-fs (loop4): Cannot turn on journaled quota: type 1: error -117
[  322.103259][T15868] EXT4-fs error (device loop4): ext4_iget_extra_inode:5104: inode #15: comm syz.4.3784: corrupted in-inode xattr: e_name out of bounds
[  322.108545][T15868] EXT4-fs error (device loop4): ext4_orphan_get:1397: comm syz.4.3784: couldn't read orphan inode 15 (err -117)
[  322.113863][T15868] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  322.115076][ T9554] udevd[9554]: inotify_add_watch(7, /dev/loop4p2, 10) failed: No such file or directory
[  322.124990][ T6117] udevd[6117]: inotify_add_watch(7, /dev/loop4p3, 10) failed: No such file or directory
[  322.129364][T15868] netlink: 'syz.4.3784': attribute type 83 has an invalid length.
[  322.134823][ T6296] udevd[6296]: inotify_add_watch(7, /dev/loop4p4, 10) failed: No such file or directory
[  322.150194][T12356] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  322.185399][T15874] loop4: detected capacity change from 0 to 256
[  322.189379][T15874] exFAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  322.193589][T15874] exFAT-fs (loop4): Medium has reported failures. Some data may be lost.
[  322.200469][T15874] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0xe62de5da, utbl_chksum : 0xe619d30d)
[  322.833323][T15894] loop4: detected capacity change from 0 to 4096
[  322.912769][T15896] loop4: detected capacity change from 0 to 4096
[  322.950023][    T9] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  322.965823][T15898] netem: unknown loss type 0
[  322.967791][T15898] netem: change failed
[  323.017602][T15902] bond0: (slave team0): Releasing backup interface
[  323.023424][T15902] bridge_slave_0: left allmulticast mode
[  323.025840][T15902] bridge_slave_0: left promiscuous mode
[  323.028239][T15902] bridge0: port 1(bridge_slave_0) entered disabled state
[  323.037000][T15902] bond0: (slave bridge_slave_1): Releasing backup interface
[  323.041722][T15902] bond0: (slave bond_slave_0): Releasing backup interface
[  323.045342][T15902] bond0: (slave bond_slave_1): Releasing backup interface
[  323.049755][T15902] team0: Port device team_slave_0 removed
[  323.052904][T15902] team0: Port device team_slave_1 removed
[  323.055337][T15902] batman_adv: batadv0: Removing interface: batadv_slave_0
[  323.059866][T15902] batman_adv: batadv0: Removing interface: batadv_slave_1
[  323.063978][T15902] bond0: (slave macvlan0): Releasing backup interface
[  323.109183][    T9] usb 7-1: too many configurations: 65, using maximum allowed: 8
[  323.122522][    T9] usb 7-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c
[  323.126214][    T9] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  323.129992][    T9] usb 7-1: Product: syz
[  323.131682][    T9] usb 7-1: Manufacturer: syz
[  323.133544][    T9] usb 7-1: SerialNumber: syz
[  323.136511][    T9] usb 7-1: config 0 descriptor??
[  323.352209][    T9] usb 7-1: USB disconnect, device number 4
[  323.385897][T15916] fuse: Bad value for 'fd'
[  324.034424][T15947] loop4: detected capacity change from 0 to 512
[  324.060230][T15947] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  324.064766][T15947] ext4 filesystem being mounted at /504/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  324.080670][T12356] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  324.081681][T15939] loop6: detected capacity change from 0 to 32768
[  324.112169][T15952] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3808'.
[  324.136782][T15954] loop4: detected capacity change from 0 to 256
[  324.139510][T15954] exfat: Deprecated parameter 'utf8'
[  324.144299][T15954] exFAT-fs (loop4): failed to load upcase table (idx : 0x00010000, chksum : 0x4d7dfc9d, utbl_chksum : 0xe619d30d)
[  324.202033][T15956] loop4: detected capacity change from 0 to 2048
[  324.220857][T15956] NILFS (loop4): invalid segment: Checksum error in segment payload
[  324.224303][T15956] NILFS (loop4): trying rollback from an earlier position
[  324.227061][T15956] NILFS (loop4): too large filesystem blocksize: 2 ^ 347668480 KiB
[  324.235321][T15956] NILFS (loop4): error -22 while searching super root
[  324.288072][T15960] loop6: detected capacity change from 0 to 8192
[  324.331868][T15960] FAT-fs (loop6): error, fat_get_cluster: invalid cluster chain (i_pos 2074)
[  324.340183][T15960] FAT-fs (loop6): Filesystem has been set read-only
[  324.445830][T15970] netlink: 'syz.3.3816': attribute type 4 has an invalid length.
[  324.470844][T15970] netlink: 'syz.3.3816': attribute type 4 has an invalid length.
[  325.813166][T16002] netlink: 36 bytes leftover after parsing attributes in process `syz.6.3831'.
[  326.168620][  T973] IPVS: starting estimator thread 0...
[  326.186898][T16004] loop6: detected capacity change from 0 to 32768
[  326.201203][T16013] loop4: detected capacity change from 0 to 2048
[  326.205408][T16013] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  326.281874][T16004] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  326.297785][T16014] IPVS: using max 70 ests per chain, 168000 per kthread
[  326.336676][T16004] XFS (loop6): Ending clean mount
[  326.344735][T16004] XFS (loop6): Quotacheck needed: Please wait.
[  326.380509][T16004] XFS (loop6): Quotacheck: Done.
[  326.491835][T15414] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  326.556324][T16024] netlink: 224 bytes leftover after parsing attributes in process `syz.6.3835'.
[  326.798435][T16009] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  327.305688][T16053] overlayfs: failed to clone upperpath
[  327.402535][T16065] netlink: 'syz.4.3855': attribute type 5 has an invalid length.
[  327.492583][T16073] ALSA: mixer_oss: invalid OSS volume 'A141=wVe]'
[  327.495389][T16073] ALSA: mixer_oss: invalid OSS volume 'ұB;T`@$EcXMYd,'
[  327.500504][T16073] ALSA: mixer_oss: invalid OSS volume 'b@h#'
[  327.502913][T16073] ALSA: mixer_oss: invalid OSS volume 'h4XS4v=0_>&'
[  327.505579][T16073] ALSA: mixer_oss: invalid OSS volume '|/"tj'
[  327.507989][T16073] ALSA: mixer_oss: invalid OSS volume '-z5c^J6$'
[  327.510681][T16073] ALSA: mixer_oss: invalid OSS volume '0Ty󉴪jP&at'
[  327.516574][T16073] ALSA: mixer_oss: invalid OSS volume '|~\'
[  327.519314][T16073] ALSA: mixer_oss: invalid OSS volume '@^3bɜ}G$#\("/oL'
[  327.522018][T16073] ALSA: mixer_oss: invalid OSS volume ''
[  327.986182][    T9] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  328.149930][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  328.154375][    T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  328.158864][    T9] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  328.164590][    T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  328.181105][    T9] usb 5-1: config 0 descriptor??
[  328.395608][    T9] usbhid 5-1:0.0: can't add hid device: -71
[  328.398636][    T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  328.403006][    T9] usb 5-1: USB disconnect, device number 11
[  328.730538][T16117] netlink: 28 bytes leftover after parsing attributes in process `syz.6.3879'.
[  328.734240][T16117] netlink: 'syz.6.3879': attribute type 7 has an invalid length.
[  328.738618][T16117] netlink: 'syz.6.3879': attribute type 8 has an invalid length.
[  328.741805][T16117] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3879'.
[  329.326377][T16134] loop4: detected capacity change from 0 to 32768
[  329.331089][T16134] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.3886 (16134)
[  329.346057][T16134] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  329.351025][T16134] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm
[  329.354601][T16134] BTRFS warning (device loop4): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  329.447059][T16134] BTRFS info (device loop4): rebuilding free space tree
[  329.483554][T16134] BTRFS info (device loop4): disabling free space tree
[  329.492262][T16134] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  329.502237][T16134] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  329.520871][T16134] BTRFS info (device loop4): setting nodatasum
[  329.524122][T16134] BTRFS info (device loop4): setting nodatacow
[  329.531110][T16134] BTRFS info (device loop4): enabling ssd optimizations
[  329.540734][T16134] BTRFS info (device loop4): turning off barriers
[  329.547947][T16134] BTRFS info (device loop4): turning on flush-on-commit
[  329.558993][T16134] BTRFS info (device loop4): enabling disk space caching
[  329.569948][T16134] BTRFS info (device loop4): force clearing of disk cache
[  329.583774][T16134] BTRFS info (device loop4): doing ref verification
[  329.603691][T16134] BTRFS info (device loop4): max_inline set to 4096
[  329.679143][T12356] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  330.353930][T16165] loop4: detected capacity change from 0 to 32768
[  330.366401][T16165] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  330.379614][T16165] XFS (loop4): Ending clean mount
[  330.382945][T16165] XFS (loop4): Quotacheck needed: Please wait.
[  330.390118][T16165] XFS (loop4): Quotacheck: Done.
[  330.414290][T12356] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  330.507090][T16181] loop4: detected capacity change from 0 to 1024
[  330.515271][ T5913] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  330.576989][   T26] hfsplus: b-tree write err: -5, ino 4
[  330.734951][ T5913] usb 7-1: Using ep0 maxpacket: 32
[  330.744289][ T5913] usb 7-1: config 0 has an invalid interface number: 16 but max is 0
[  330.754856][ T5913] usb 7-1: config 0 has no interface number 0
[  330.757390][ T5913] usb 7-1: config 0 interface 16 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023
[  330.765927][ T5913] usb 7-1: config 0 interface 16 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  330.776105][ T5913] usb 7-1: New USB device found, idVendor=0499, idProduct=102a, bcdDevice=85.2d
[  330.779921][ T5913] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  330.783175][ T5913] usb 7-1: Product: syz
[  330.789356][ T5913] usb 7-1: Manufacturer: syz
[  330.791409][ T5913] usb 7-1: SerialNumber: syz
[  330.797559][ T5913] usb 7-1: config 0 descriptor??
[  330.800383][T16169] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  330.808850][ T5913] usb 7-1: Quirk or no altset; falling back to MIDI 1.0
[  330.818088][ T5913] usb 7-1: invalid MIDI in EP 0
[  330.849313][ T5913] snd-usb-audio 7-1:0.16: probe with driver snd-usb-audio failed with error -22
[  330.874297][ T5846] udevd[5846]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.16/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  331.029512][    T9] usb 7-1: USB disconnect, device number 5
[  331.722309][T16225] deleting an unspecified loop device is not supported.
[  331.885709][T16229] loop4: detected capacity change from 0 to 32768
[  331.890477][T16229] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.3917 (16229)
[  331.904178][T16229] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  331.912968][T16229] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  331.932658][T16242] openvswitch: netlink: VXLAN extension 0 has unexpected len 4 expected 0
[  331.998587][T16229] BTRFS info (device loop4): enabling ssd optimizations
[  332.009361][T16229] BTRFS info (device loop4): enabling free space tree
[  332.059102][T12356] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  332.305166][T16264] loop4: detected capacity change from 0 to 32768
[  332.313078][T16282] loop6: detected capacity change from 0 to 1024
[  332.319049][T16282] EXT4-fs: Ignoring removed i_version option
[  332.324617][T16282] EXT4-fs (loop6): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  332.332186][T16264] jfs_mount: Mount Failure: File System Dirty.
[  332.335875][T16282] EXT4-fs error (device loop6): ext4_read_block_bitmap_nowait:483: comm syz.6.3934: Invalid block bitmap block 0 in block_group 0
[  332.340020][T16264] Mount JFS Failure: -22
[  332.341068][T16282] Quota error (device loop6): write_blk: dquota write failed
[  332.342743][T16264] jfs_mount failed w/return code = -22
[  332.346669][T16282] Quota error (device loop6): qtree_write_dquot: Error -117 occurred while creating quota
[  332.351863][T16282] EXT4-fs error (device loop6): ext4_acquire_dquot:6937: comm syz.6.3934: Failed to acquire dquot type 0
[  332.356906][T16282] EXT4-fs error (device loop6): ext4_free_blocks:6696: comm syz.6.3934: Freeing blocks not in datazone - block = 0, count = 4096
[  332.364981][T16282] EXT4-fs error (device loop6): ext4_read_inode_bitmap:139: comm syz.6.3934: Invalid inode bitmap blk 0 in block_group 0
[  332.374483][   T40] Quota error (device loop6): do_check_range: Getting block 0 out of range 1-8
[  332.374859][T16282] EXT4-fs error (device loop6) in ext4_free_inode:361: Corrupt filesystem
[  332.377456][   T40] EXT4-fs error (device loop6): ext4_release_dquot:6973: comm kworker/u10:2: Failed to release dquot type 0
[  332.380583][T16282] EXT4-fs (loop6): 1 orphan inode deleted
[  332.388740][T16282] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  332.421874][T15414] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  332.671746][   T33] audit: type=1326 audit(2000000406.726:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16291 comm="syz.6.3938" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45f278ebe9 code=0x7ffc0000
[  332.696206][   T33] audit: type=1326 audit(2000000406.726:200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16291 comm="syz.6.3938" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45f278ebe9 code=0x7ffc0000
[  332.705702][   T33] audit: type=1326 audit(2000000406.726:201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16291 comm="syz.6.3938" exe="/syz-executor" sig=0 arch=c000003e syscall=122 compat=0 ip=0x7f45f278ebe9 code=0x7ffc0000
[  332.713952][   T33] audit: type=1326 audit(2000000406.726:202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16291 comm="syz.6.3938" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45f278ebe9 code=0x7ffc0000
[  332.722088][   T33] audit: type=1326 audit(2000000406.726:203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16291 comm="syz.6.3938" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45f278ebe9 code=0x7ffc0000
[  332.732693][   T33] audit: type=1326 audit(2000000406.726:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16291 comm="syz.6.3938" exe="/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f45f278ebe9 code=0x7ffc0000
[  332.752625][   T33] audit: type=1326 audit(2000000406.726:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16291 comm="syz.6.3938" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45f278ebe9 code=0x7ffc0000
[  334.119661][T16340] netlink: 'syz.4.3958': attribute type 14 has an invalid length.
[  334.213880][T16348] tipc: Enabled bearer <eth:batadv0>, priority 10
[  334.822551][T16356] loop6: detected capacity change from 0 to 63
[  334.830473][T16356] Buffer I/O error on dev loop6, logical block 0, async page read
[  334.833887][T16356] Buffer I/O error on dev loop6, logical block 0, async page read
[  334.837615][T16356] Buffer I/O error on dev loop6, logical block 0, async page read
[  334.841087][T16356] Buffer I/O error on dev loop6, logical block 0, async page read
[  334.844822][T16356] Buffer I/O error on dev loop6, logical block 0, async page read
[  334.847961][T16356] Buffer I/O error on dev loop6, logical block 0, async page read
[  334.851248][T16356] Buffer I/O error on dev loop6, logical block 0, async page read
[  334.854974][T16356] Buffer I/O error on dev loop6, logical block 0, async page read
[  334.858193][T16356] ldm_validate_partition_table(): Disk read failed.
[  334.860873][T16356] Buffer I/O error on dev loop6, logical block 0, async page read
[  334.864478][T16356] Buffer I/O error on dev loop6, logical block 0, async page read
[  334.868451][T16356] Dev loop6: unable to read RDB block 0
[  334.871418][T16356]  loop6: unable to read partition table
[  334.874213][T16356] loop_reread_partitions: partition scan of loop6 (3) failed (rc=-5)
[  334.969519][T16359] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3965'.
[  334.981010][T16359] netdevsim netdevsim6 netdevsim0: entered promiscuous mode
[  334.987113][T16359] netdevsim netdevsim6 netdevsim0: left promiscuous mode
[  335.206911][T16363] loop6: detected capacity change from 0 to 512
[  335.251257][T16363] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  335.257564][T16363] ext4 filesystem being mounted at /99/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  335.270609][T16363] EXT4-fs error (device loop6): ext4_do_update_inode:5653: inode #2: comm syz.6.3967: corrupted inode contents
[  335.278164][T16363] EXT4-fs error (device loop6): ext4_dirty_inode:6538: inode #2: comm syz.6.3967: mark_inode_dirty error
[  335.284591][T16363] EXT4-fs error (device loop6): ext4_do_update_inode:5653: inode #2: comm syz.6.3967: corrupted inode contents
[  335.290407][T16363] EXT4-fs error (device loop6): __ext4_ext_dirty:206: inode #2: comm syz.6.3967: mark_inode_dirty error
[  335.336409][T15414] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  335.410076][T16372] loop6: detected capacity change from 0 to 512
[  335.424243][T16372] EXT4-fs: Ignoring removed nobh option
[  335.442619][T16372] EXT4-fs (loop6): Cannot turn on journaled quota: type 0: error -117
[  335.455436][T16372] EXT4-fs error (device loop6): ext4_free_branches:1023: inode #13: comm syz.6.3969: invalid indirect mapped block 256 (level 1)
[  335.471355][T16372] EXT4-fs error (device loop6): ext4_free_branches:1023: inode #13: comm syz.6.3969: invalid indirect mapped block 2683928664 (level 1)
[  335.482089][T16372] EXT4-fs (loop6): 1 truncate cleaned up
[  335.488067][T16372] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  335.518019][T15414] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  335.551068][T16376] input: syz0 as /devices/virtual/input/input19
[  335.584738][   T55] Bluetooth: hci1: link tx timeout
[  335.586693][   T55] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[  335.768236][ T5850] Bluetooth: hci0: unexpected subevent 0x0e length: 30 > 15
[  335.773779][ T5850] Bluetooth: hci0: Unable to find connection for dst 00:00:00:00:00:20 sid 0x00
[  335.898883][T16398] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  336.253651][    T9] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  336.542005][    T9] usb 5-1: Using ep0 maxpacket: 32
[  336.546523][    T9] usb 5-1: config 0 has an invalid interface number: 67 but max is 0
[  336.549866][    T9] usb 5-1: config 0 has no interface number 0
[  336.554747][    T9] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.39
[  336.558658][    T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  336.559526][T16419] loop6: detected capacity change from 0 to 32768
[  336.562412][    T9] usb 5-1: Product: syz
[  336.566901][    T9] usb 5-1: Manufacturer: syz
[  336.569039][T16419] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.3992 (16419)
[  336.569396][    T9] usb 5-1: SerialNumber: syz
[  336.586299][T16419] BTRFS info (device loop6): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  336.590737][T16419] BTRFS info (device loop6): using sha256 (sha256-lib) checksum algorithm
[  336.593603][    T9] usb 5-1: config 0 descriptor??
[  336.600286][    T9] smsc95xx v2.0.0
[  336.614061][T16419] BTRFS info (device loop6): enabling ssd optimizations
[  336.620029][T16419] BTRFS info (device loop6): enabling free space tree
[  336.681264][T15414] BTRFS info (device loop6): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  336.830926][T16445] 8021q: adding VLAN 0 to HW filter on device bond1
[  336.902165][T16447] bond_slave_0: entered promiscuous mode
[  336.902183][T16447] bond_slave_1: entered promiscuous mode
[  336.902459][T16447] 8021q: adding VLAN 0 to HW filter on device macvlan2
[  336.903706][T16447] bond1: (slave macvlan2): Enslaving as a backup interface with an up link
[  337.011382][    T9] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  337.015893][    T9] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  337.154234][T16459] CIFS mount error: No usable UNC path provided in device string!
[  337.154234][T16459] 
[  337.158530][T16459] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  337.463155][    T9] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000108: -71
[  337.469112][    T9] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -71
[  337.482401][    T9] usb 5-1: USB disconnect, device number 12
[  337.611834][ T5850] Bluetooth: hci1: command 0x0406 tx timeout
[  337.896891][T16488] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(3)
[  337.899584][T16488] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed)
[  337.920768][T16488] vhci_hcd vhci_hcd.0: Device attached
[  337.926798][T16489] vhci_hcd: connection closed
[  337.926936][   T12] vhci_hcd: stop threads
[  337.930494][   T12] vhci_hcd: release socket
[  337.933590][   T12] vhci_hcd: disconnect device
[  338.198168][T16496] loop4: detected capacity change from 0 to 64
[  338.217104][T16496] syz.4.4018: attempt to access beyond end of device
[  338.217104][T16496] loop4: rw=0, sector=268435468, nr_sectors = 2 limit=64
[  338.228921][T16496] syz.4.4018: attempt to access beyond end of device
[  338.228921][T16496] loop4: rw=0, sector=268435468, nr_sectors = 2 limit=64
[  338.277068][T16506] loop4: detected capacity change from 0 to 512
[  338.280180][T16506] EXT4-fs: Ignoring removed nomblk_io_submit option
[  338.286502][T16506] EXT4-fs: old and new quota format mixing
[  338.627554][T16540] loop6: detected capacity change from 0 to 4096
[  338.636764][T16541] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  338.910897][   T47] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  339.062183][   T47] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  339.066973][   T47] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  339.071414][   T47] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 4
[  339.078044][   T47] usb 7-1: New USB device found, idVendor=172f, idProduct=0037, bcdDevice= 0.00
[  339.082450][   T47] usb 7-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0
[  339.085379][   T47] usb 7-1: Product: syz
[  339.087920][   T47] usb 7-1: config 0 descriptor??
[  339.503799][   T47] waltop 0003:172F:0037.0012: unknown main item tag 0x0
[  339.506071][   T47] waltop 0003:172F:0037.0012: unknown main item tag 0x0
[  339.508320][   T47] waltop 0003:172F:0037.0012: unknown main item tag 0x0
[  339.514247][   T47] waltop 0003:172F:0037.0012: hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.6-1/input0
[  339.704493][   T47] usb 7-1: USB disconnect, device number 6
[  340.500196][T16595] bridge2: entered promiscuous mode
[  340.593727][T16600] netlink: 4 bytes leftover after parsing attributes in process `syz.6.4064'.
[  340.744440][T16603] netlink: 20 bytes leftover after parsing attributes in process `syz.6.4066'.
[  340.753826][T16605] TCP: TCP_TX_DELAY enabled
[  340.904090][T16615] loop6: detected capacity change from 0 to 32768
[  340.914186][T16615] JBD2: Ignoring recovery information on journal
[  340.932877][T16615] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  340.976379][T15414] ocfs2: Unmounting device (7,6) on (node local)
[  341.155828][T16629] loop6: detected capacity change from 0 to 32768
[  341.162690][T16629] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.4078 (16629)
[  341.176368][T16629] BTRFS info (device loop6): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  341.180808][T16629] BTRFS info (device loop6): using xxhash64 (xxhash64-generic) checksum algorithm
[  341.193926][T16629] BTRFS info (device loop6): rebuilding free space tree
[  341.198398][T16629] BTRFS info (device loop6): disabling free space tree
[  341.204872][T16629] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  341.211212][T16629] BTRFS info (device loop6): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  341.216433][T16649] netlink: 'syz.3.4080': attribute type 4 has an invalid length.
[  341.218102][T16629] BTRFS info (device loop6): setting nodatasum
[  341.223699][T16629] BTRFS info (device loop6): allowing degraded mounts
[  341.226117][T16629] BTRFS info (device loop6): enabling ssd optimizations
[  341.228779][T16629] BTRFS info (device loop6): force clearing of disk cache
[  341.231877][T16629] BTRFS info (device loop6): force zlib compression, level 3
[  341.239514][T16649] netlink: 'syz.3.4080': attribute type 4 has an invalid length.
[  341.253581][T15414] BTRFS info (device loop6): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  341.368300][T16661] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4086'.
[  341.479882][   T33] kauditd_printk_skb: 61 callbacks suppressed
[  341.479895][   T33] audit: type=1326 audit(2000000415.530:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16675 comm="syz.6.4093" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45f278ebe9 code=0x7ffc0000
[  341.511091][   T33] audit: type=1326 audit(2000000415.550:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16675 comm="syz.6.4093" exe="/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f45f278ebe9 code=0x7ffc0000
[  341.519056][   T33] audit: type=1326 audit(2000000415.550:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16675 comm="syz.6.4093" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45f278ebe9 code=0x7ffc0000
[  341.527523][   T33] audit: type=1326 audit(2000000415.550:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16675 comm="syz.6.4093" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f45f278ebe9 code=0x7ffc0000
[  341.689931][   T55] Bluetooth: hci1: command 0x0406 tx timeout
[  341.813517][T16679] loop6: detected capacity change from 0 to 32768
[  341.821143][T16679] (syz.6.4094,16679,0):ocfs2_read_blocks:239 ERROR: status = -12
[  341.827672][T16679] (syz.6.4094,16679,0):ocfs2_map_slot_buffers:388 ERROR: status = -12
[  341.830978][T16679] (syz.6.4094,16679,0):ocfs2_init_slot_info:426 ERROR: status = -12
[  341.833693][T16679] (syz.6.4094,16679,0):ocfs2_initialize_super:2222 ERROR: status = -12
[  341.836931][T16679] (syz.6.4094,16679,0):ocfs2_fill_super:1177 ERROR: status = -12
[  341.929642][ T5850] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0
[  341.933305][ T5850] Bluetooth: hci0: Injecting HCI hardware error event
[  341.937478][   T55] Bluetooth: hci0: hardware error 0x00
[  341.988358][T16690] nfs: Unknown parameter 'ntext'
[  342.032587][T16692] loop6: detected capacity change from 0 to 4096
[  342.046856][T16695] NILFS (loop6): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  342.050449][T16696] netlink: 12 bytes leftover after parsing attributes in process `syz.3.4101'.
[  342.056313][T16692] NILFS error (device loop6): nilfs_dotdot: directory #12 missing '.'
[  342.059824][T16692] Remounting filesystem read-only
[  342.078031][T15414] NILFS (loop6): disposed unprocessed dirty file(s) when detaching log writer
[  342.441565][T16715] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  342.809047][ T5894] usb 5-1: new full-speed USB device number 13 using dummy_hcd
[  342.975921][ T5894] usb 5-1: config 36 interface 0 altsetting 0 has an endpoint descriptor with address 0xB2, changing to 0x82
[  342.982208][ T5894] usb 5-1: config 36 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  342.986977][ T5894] usb 5-1: config 36 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  342.993091][ T5894] usb 5-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice= 0.06
[  342.997371][ T5894] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=16
[  343.001012][ T5894] usb 5-1: SerialNumber: syz
[  343.260072][ T5894] yealink 5-1:36.0: invalid payload size 0, expected 16
[  343.266523][ T5894] input: Yealink usb-p1k as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:36.0/input/input20
[  343.276781][    C1] yealink 5-1:36.0: urb_ctl_callback - urb status -71
[  343.279602][    C1] yealink 5-1:36.0: urb_ctl_callback - urb status -71
[  343.282649][    C1] yealink 5-1:36.0: urb_ctl_callback - urb status -71
[  343.285677][    C1] yealink 5-1:36.0: urb_ctl_callback - urb status -71
[  343.288940][    C1] yealink 5-1:36.0: urb_ctl_callback - urb status -71
[  343.292078][    C1] yealink 5-1:36.0: urb_ctl_callback - urb status -71
[  343.294814][    C1] yealink 5-1:36.0: urb_ctl_callback - urb status -71
[  343.297611][    C1] yealink 5-1:36.0: urb_ctl_callback - urb status -71
[  343.300112][    C1] yealink 5-1:36.0: urb_ctl_callback - usb_submit_urb failed -90
[  343.306399][ T5894] usb 5-1: USB disconnect, device number 13
[  343.394615][T16759] loop6: detected capacity change from 0 to 32768
[  343.402102][T16759] BTRFS warning: excessive commit interval 2147483647, use with care
[  343.405345][T16759] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.4124 (16759)
[  343.414187][T16759] BTRFS info (device loop6): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  343.418130][T16759] BTRFS info (device loop6): using crc32c (crc32c-lib) checksum algorithm
[  343.421525][T16759] BTRFS error (device loop6): cannot disable free-space-tree
[  343.424187][T16759] BTRFS warning (device loop6): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  343.429295][T16759] BTRFS error (device loop6): open_ctree failed: -22
[  343.537013][T16762] loop6: detected capacity change from 0 to 32768
[  343.930220][T16774] kernel read not supported for file / 7âW)s!Qfsl{Tr)rO2:"T+͟v|ղADvc֠6xc: (pid: 16774 comm: syz.4.4129)
[  343.935915][   T33] audit: type=1800 audit(2000000417.992:271): pid=16774 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.4129" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B2414476638E93D8D6A0C536D278E3633A dev="mqueue" ino=43748 res=0 errno=0
[  343.982710][T16776] loop4: detected capacity change from 0 to 4096
[  343.985516][T16776] ntfs3(loop4): Different NTFS sector size (1024) and media sector size (512).
[  344.020906][   T55] Bluetooth: hci0: Opcode 0x0c03 failed: -110
[  344.056512][T16780] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4133'.
[  344.065512][T16780] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4133'.
[  344.098405][T16784] loop4: detected capacity change from 0 to 2048
[  344.102140][T16784] NILFS (loop4): broken superblock, retrying with spare superblock (blocksize = 1024)
[  344.110617][ T9554] udevd[9554]: incorrect nilfs2 checksum on /dev/loop4
[  344.114267][T16785] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  344.232950][T16798] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4141'.
[  344.565179][T16815] loop4: detected capacity change from 0 to 32768
[  344.579087][T16815] JBD2: Ignoring recovery information on journal
[  344.601618][T16815] ocfs2: Mounting device (7,4) on (node local, slot 0) with writeback data mode.
[  344.626520][T12356] ocfs2: Unmounting device (7,4) on (node local)
[  344.704078][T16826] loop4: detected capacity change from 0 to 128
[  344.712269][T16826] affs: Unknown parameter 'smackfsroot'
[  344.844552][T16834] 9pnet_fd: Insufficient options for proto=fd
[  346.310161][T16880] loop6: detected capacity change from 0 to 32768
[  346.325986][T16880] XFS (loop6): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  346.337399][T16880] XFS (loop6): Ending clean mount
[  346.355087][   T33] audit: type=1800 audit(2000000420.413:272): pid=16880 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.4175" name="file1" dev="loop6" ino=6150 res=0 errno=0
[  346.380234][T15414] XFS (loop6): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  346.494491][T16890] autofs4:pid:16890:validate_dev_ioctl: path string terminator missing for cmd(0xc0189373)
[  347.017580][T16897] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4179'.
[  347.159970][T16917] fuse: Bad value for 'fd'
[  348.069146][T16967] netlink: 180 bytes leftover after parsing attributes in process `syz.6.4208'.
[  348.130729][T16973] loop6: detected capacity change from 0 to 2048
[  348.133955][T16973] UDF-fs: warning (device loop6): udf_fill_super: No fileset found
[  348.422799][T16994] netlink: 64 bytes leftover after parsing attributes in process `syz.4.4221'.
[  348.438820][T16999] loop6: detected capacity change from 0 to 1024
[  348.462254][T16999] EXT4-fs (loop6): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: none.
[  348.468333][T16999] ext4 filesystem being mounted at /193/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  348.511590][T15414] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  348.518044][T17008] netlink: 'syz.3.4227': attribute type 10 has an invalid length.
[  348.553108][T17012] loop6: detected capacity change from 0 to 1024
[  348.581535][   T33] audit: type=1800 audit(2000000422.644:273): pid=17012 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.4228" name="file1" dev="loop6" ino=20 res=0 errno=0
[  348.619319][   T40] hfsplus: b-tree write err: -5, ino 4
[  348.771996][T17040] loop4: detected capacity change from 0 to 512
[  348.791673][T17040] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  348.799104][T17040] ext4 filesystem being mounted at /609/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  348.810124][T17040] Quota error (device loop4): do_check_range: Getting dqdh_next_free 2741 out of range 0-6
[  348.814706][T17040] Quota error (device loop4): qtree_write_dquot: Error -117 occurred while creating quota
[  348.824742][T17040] EXT4-fs error (device loop4): ext4_acquire_dquot:6937: comm syz.4.4241: Failed to acquire dquot type 0
[  348.839494][T12356] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  349.277774][T17064] netlink: 240 bytes leftover after parsing attributes in process `syz.4.4247'.
[  349.356207][   T33] audit: type=1326 audit(2000000423.424:274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17073 comm="syz.4.4252" exe="/syz-executor" sig=31 arch=c000003e syscall=39 compat=0 ip=0x7f641c985ba7 code=0x0
[  349.721221][T17120] loop6: detected capacity change from 0 to 128
[  349.731814][T17120] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  349.736746][T17120] ext4 filesystem being mounted at /203/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  349.770568][T15414] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  350.078101][T17134] loop6: detected capacity change from 0 to 40427
[  350.093707][T17134] F2FS-fs (loop6): Small segment_count (9 < 1 * 24)
[  350.116065][T17134] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  350.194879][T17134] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  350.205555][T17134] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  350.208633][T17134] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  350.259887][T15414] syz-executor: attempt to access beyond end of device
[  350.259887][T15414] loop6: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  350.275004][T15414] CPU: 0 UID: 0 PID: 15414 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) 
[  350.275025][T15414] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  350.275032][T15414] Call Trace:
[  350.275036][T15414]  <TASK>
[  350.275042][T15414]  dump_stack_lvl+0x189/0x250
[  350.275061][T15414]  ? __pfx_dump_stack_lvl+0x10/0x10
[  350.275073][T15414]  ? __pfx_queue_work_on+0x10/0x10
[  350.275085][T15414]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  350.275099][T15414]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  350.275115][T15414]  f2fs_handle_critical_error+0x37c/0x540
[  350.275132][T15414]  f2fs_write_end_io+0x886/0xb60
[  350.275146][T15414]  __submit_merged_bio+0x27a/0x6a0
[  350.275162][T15414]  __submit_merged_write_cond+0x255/0x530
[  350.275178][T15414]  f2fs_write_data_pages+0x261d/0x3000
[  350.275203][T15414]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  350.275223][T15414]  ? arch_stack_walk+0xfc/0x150
[  350.275267][T15414]  ? __mod_zone_page_state+0xd7/0x140
[  350.275288][T15414]  ? folios_put_refs+0x560/0x640
[  350.275304][T15414]  ? __pfx_folios_put_refs+0x10/0x10
[  350.275316][T15414]  ? rcu_is_watching+0x15/0xb0
[  350.275328][T15414]  ? lru_add+0xa2f/0xd80
[  350.275339][T15414]  ? lru_add+0x198/0xd80
[  350.275351][T15414]  ? folio_batch_move_lru+0x319/0x3a0
[  350.275365][T15414]  ? filemap_get_folios_tag+0xed/0x630
[  350.275377][T15414]  ? rcu_is_watching+0x15/0xb0
[  350.275389][T15414]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  350.275407][T15414]  do_writepages+0x32e/0x550
[  350.275423][T15414]  ? rcu_is_watching+0x15/0xb0
[  350.275437][T15414]  ? do_raw_spin_unlock+0x4d/0x240
[  350.275453][T15414]  filemap_fdatawrite+0x199/0x240
[  350.275476][T15414]  ? __pfx_filemap_fdatawrite+0x10/0x10
[  350.275500][T15414]  ? rcu_is_watching+0x15/0xb0
[  350.275514][T15414]  ? do_raw_spin_unlock+0x4d/0x240
[  350.275529][T15414]  f2fs_sync_dirty_inodes+0x31f/0x830
[  350.275545][T15414]  f2fs_write_checkpoint+0x95a/0x1df0
[  350.275563][T15414]  ? __pfx_f2fs_write_checkpoint+0x10/0x10
[  350.275586][T15414]  ? rcu_is_watching+0x15/0xb0
[  350.275598][T15414]  ? kill_f2fs_super+0x298/0x6c0
[  350.275611][T15414]  kill_f2fs_super+0x2c3/0x6c0
[  350.275624][T15414]  ? __pfx_kill_f2fs_super+0x10/0x10
[  350.275635][T15414]  ? radix_tree_delete_item+0x2b6/0x400
[  350.275653][T15414]  ? shrinker_free+0x2ce/0x3e0
[  350.275666][T15414]  deactivate_locked_super+0xbc/0x130
[  350.275682][T15414]  cleanup_mnt+0x425/0x4c0
[  350.275696][T15414]  task_work_run+0x1d4/0x260
[  350.275712][T15414]  ? __pfx_task_work_run+0x10/0x10
[  350.275727][T15414]  ? __x64_sys_umount+0x122/0x160
[  350.275742][T15414]  ? __pfx___x64_sys_umount+0x10/0x10
[  350.275758][T15414]  ? rcu_is_watching+0x15/0xb0
[  350.275770][T15414]  exit_to_user_mode_loop+0xec/0x110
[  350.275787][T15414]  do_syscall_64+0x2bd/0x3b0
[  350.275804][T15414]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  350.275816][T15414]  ? exc_page_fault+0x9f/0xf0
[  350.275832][T15414]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  350.275843][T15414] RIP: 0033:0x7f45f278ff17
[  350.275855][T15414] Code: a8 ff ff ff f7 d8 64 89 01 48 83 c8 ff c3 0f 1f 44 00 00 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8
[  350.275866][T15414] RSP: 002b:00007fff97087088 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  350.275881][T15414] RAX: 0000000000000000 RBX: 00007f45f2811c05 RCX: 00007f45f278ff17
[  350.275891][T15414] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff97087140
[  350.275899][T15414] RBP: 00007fff97087140 R08: 0000000000000000 R09: 0000000000000000
[  350.275907][T15414] R10: 00000000ffffffff R11: 0000000000000246 R12: 00007fff970881d0
[  350.275915][T15414] R13: 00007f45f2811c05 R14: 00000000000557bf R15: 00007fff97088210
[  350.275928][T15414]  </TASK>
[  350.275933][T15414] F2FS-fs (loop6): Stopped filesystem due to reason: 3
[  350.471975][T17201] loop4: detected capacity change from 0 to 32768
[  350.488986][T17201] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.4281 (17201)
[  350.515347][T17201] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  350.519579][T17201] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  350.605755][T17201] BTRFS info (device loop4): enabling ssd optimizations
[  350.608621][T17201] BTRFS info (device loop4): enabling free space tree
[  350.657841][T12356] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  350.785940][T17242] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4292'.
[  350.841208][T17234] loop6: detected capacity change from 0 to 32768
[  350.848062][T17234] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.4290 (17234)
[  350.866019][T17234] BTRFS info (device loop6): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  350.872587][T17234] BTRFS info (device loop6): using sha256 (sha256-lib) checksum algorithm
[  350.896908][T17234] BTRFS info (device loop6): rebuilding free space tree
[  350.904370][T17234] BTRFS info (device loop6): enabling ssd optimizations
[  350.907563][T17234] BTRFS info (device loop6): using spread ssd allocation scheme
[  350.910073][T17234] BTRFS info (device loop6): enabling free space tree
[  350.912284][T17234] BTRFS info (device loop6): force clearing of disk cache
[  350.941538][T15414] BTRFS info (device loop6): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  350.961052][T17277] netlink: 140 bytes leftover after parsing attributes in process `syz.4.4302'.
[  351.003920][T17275] netlink: 4 bytes leftover after parsing attributes in process `syz.3.4300'.
[  351.195019][T17289] loop6: detected capacity change from 0 to 40427
[  351.198700][T17289] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[  351.202172][T17289] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  351.210767][T17289] F2FS-fs (loop6): invalid crc value
[  351.234617][ T5913] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  351.264611][T17289] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  351.275225][T17289] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  351.278124][T17289] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  351.387718][ T5913] usb 5-1: Using ep0 maxpacket: 16
[  351.393540][T17305] netlink: 'syz.3.4313': attribute type 10 has an invalid length.
[  351.396163][ T5913] usb 5-1: config 0 has an invalid interface number: 8 but max is 0
[  351.398712][T17305] netlink: 40 bytes leftover after parsing attributes in process `syz.3.4313'.
[  351.404694][ T5913] usb 5-1: config 0 has no interface number 0
[  351.404707][T17305] batman_adv: batadv0: Adding interface: virt_wifi0
[  351.404716][T17305] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  351.407331][ T5913] usb 5-1: config 0 interface 8 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F
[  351.409967][T17305] batman_adv: batadv0: Interface activated: virt_wifi0
[  351.435692][ T5913] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7
[  351.455589][ T5913] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f
[  351.460081][ T5913] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3
[  351.468717][ T5913] usb 5-1: Product: syz
[  351.470600][ T5913] usb 5-1: SerialNumber: syz
[  351.476273][ T5913] usb 5-1: config 0 descriptor??
[  351.486313][ T5913] input: CM109 USB driver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.8/input/input21
[  351.684982][    C1] cm109 5-1:0.8: cm109_urb_ctl_callback: urb status -71
[  351.685371][    T9] usb 5-1: USB disconnect, device number 14
[  351.687401][    C1] cm109 5-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19
[  351.694764][    T9] cm109 5-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19
[  351.722490][T17311] loop6: detected capacity change from 0 to 32768
[  351.780947][T17311] bcachefs (loop6): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,metadata_target=invalid label 246,noinodes_use_key_cache,journal_flush_delay=3,journal_reclaim_delay=1000,nocow
[  351.780968][T17311]   allowing incompatible features above 0.0: (unknown version)
[  351.780976][T17311]   features: lz4,new_siphash,inline_data,new_extent_overwrite,btree_ptr_v2,new_varint,journal_no_flush,alloc_v2,extents_across_btree_nodes
[  351.801796][T17311] bcachefs (loop6): Using encoding defined by superblock: utf8-12.1.0
[  351.805403][T17311] bcachefs (loop6): initializing new filesystem
[  351.814010][T17311] bcachefs (loop6): going read-write
[  351.818042][T17311] bcachefs (loop6): marking superblocks
[  351.823955][T17311] bcachefs (loop6): initializing freespace
[  351.828033][T17311] bcachefs (loop6): done initializing freespace
[  351.832085][T17311] bcachefs (loop6): reading snapshots table
[  351.834715][T17311] bcachefs (loop6): reading snapshots done
[  351.842044][T17311] bcachefs (loop6): done starting filesystem
[  351.907704][T15414] bcachefs (loop6): shutting down
[  351.909770][T15414] bcachefs (loop6): going read-only
[  351.911988][T15414] bcachefs (loop6): finished waiting for writes to stop
[  351.915906][T15414] bcachefs (loop6): flushing journal and stopping allocators, journal seq 4
[  351.927227][T15414] bcachefs (loop6): flushing journal and stopping allocators complete, journal seq 5
[  351.931897][T15414] bcachefs (loop6): clean shutdown complete, journal seq 6
[  351.936044][T15414] bcachefs (loop6): marking filesystem clean
[  351.944787][T15414] bcachefs (loop6): shutdown complete
[  352.010979][ T5881] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  352.015684][ T5881] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  352.076413][ T5881] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  352.081826][ T5881] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  352.166824][ T5881] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  352.170846][ T5881] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  352.192826][T17324] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  352.196048][T17324] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  352.204078][T17324] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  352.207331][T17324] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  352.210065][T17324] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  352.257277][ T5881] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  352.260719][ T5881] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  352.375840][T17323] chnl_net:caif_netlink_parms(): no params data found
[  352.469636][ T5881] dvmrp5 (unregistering): left allmulticast mode
[  352.571545][ T5881] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  352.586984][ T5881] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  352.594796][ T5881] bond0 (unregistering): Released all slaves
[  352.706485][ T5881] tipc: Disabling bearer <udp:syz2>
[  352.708732][ T5881] tipc: Disabling bearer <eth:batadv0>
[  352.712317][ T5881] tipc: Left network mode
[  352.750176][T17323] bridge0: port 1(bridge_slave_0) entered blocking state
[  352.968313][T17323] bridge0: port 1(bridge_slave_0) entered disabled state
[  352.972446][T17323] bridge_slave_0: entered allmulticast mode
[  352.977395][T17323] bridge_slave_0: entered promiscuous mode
[  352.985808][T17323] bridge0: port 2(bridge_slave_1) entered blocking state
[  352.992255][T17323] bridge0: port 2(bridge_slave_1) entered disabled state
[  352.995879][T17323] bridge_slave_1: entered allmulticast mode
[  352.999374][T17323] bridge_slave_1: entered promiscuous mode
[  353.049158][T17323] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  353.056779][T17323] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  353.074649][T17323] team0: Port device team_slave_0 added
[  353.078326][T17323] team0: Port device team_slave_1 added
[  353.095515][T17323] batman_adv: batadv0: Adding interface: batadv_slave_0
[  353.098127][T17323] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  353.107608][T17323] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  353.112503][T17323] batman_adv: batadv0: Adding interface: batadv_slave_1
[  353.115822][T17323] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  353.126477][T17323] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  353.176598][T17323] hsr_slave_0: entered promiscuous mode
[  353.179183][T17323] hsr_slave_1: entered promiscuous mode
[  353.181642][T17323] debugfs: 'hsr0' already exists in 'hsr'
[  353.184743][T17323] Cannot create hsr debugfs directory
[  353.187611][ T5881] hsr_slave_0: left promiscuous mode
[  353.191891][ T5881] hsr_slave_1: left promiscuous mode
[  353.211063][ T5881] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  353.218195][ T5881] batman_adv: batadv0: Removing interface: batadv_slave_0
[  353.222065][ T5881] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  353.227107][ T5881] batman_adv: batadv0: Removing interface: batadv_slave_1
[  353.230390][ T5881] batman_adv: batadv0: Interface deactivated: virt_wifi0
[  353.232995][ T5881] batman_adv: batadv0: Removing interface: virt_wifi0
[  353.239726][ T5881] veth1_macvtap: left promiscuous mode
[  353.241771][ T5881] veth0_macvtap: left promiscuous mode
[  353.292985][ T5881] team0 (unregistering): Port device team_slave_1 removed
[  353.479972][T17323] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  353.566084][T17323] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  353.588615][T17323] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  353.608832][T17323] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  353.713102][T17323] 8021q: adding VLAN 0 to HW filter on device bond0
[  353.726654][T17323] 8021q: adding VLAN 0 to HW filter on device team0
[  353.755149][   T40] bridge0: port 1(bridge_slave_0) entered blocking state
[  353.758008][   T40] bridge0: port 1(bridge_slave_0) entered forwarding state
[  353.771852][T17395] loop6: detected capacity change from 0 to 4096
[  353.779906][ T3639] bridge0: port 2(bridge_slave_1) entered blocking state
[  353.782632][ T3639] bridge0: port 2(bridge_slave_1) entered forwarding state
[  353.787192][T17395] ntfs3(loop6): It is recommened to use chkdsk.
[  353.802855][T17395] ntfs3(loop6): ino=0, mi_enum_attr
[  353.805203][T17395] ntfs3(loop6): try to read out of volume at offset 0x3fffffc0c00
[  353.807945][T17395] ntfs3(loop6): try to read out of volume at offset 0x3fffffc0c00
[  353.810649][T17395] ntfs3(loop6): try to read out of volume at offset 0x3fffffc0c00
[  353.833298][T17395] ntfs3(loop6): try to read out of volume at offset 0x3fffffc0c00
[  353.836305][T17395] ntfs3(loop6): try to read out of volume at offset 0x3fffffc1c00
[  353.842615][T17395] ntfs3(loop6): try to read out of volume at offset 0x3fffffc2c00
[  353.850534][T17395] ntfs3(loop6): try to read out of volume at offset 0x3fffffc4c00
[  353.855264][T17395] ntfs3(loop6): try to read out of volume at offset 0x3fffffc8c00
[  353.927805][T17379] loop4: detected capacity change from 0 to 32768
[  353.935996][T17379] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  353.941604][T17323] 8021q: adding VLAN 0 to HW filter on device batadv0
[  353.971907][T17379] XFS (loop4): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x50.
[  353.986134][T17379] XFS (loop4): Tail block (0x29) overwrite detected. Updated to 0x30
[  354.006622][T17379] XFS (loop4): Ending clean mount
[  354.040322][T17379] XFS (loop4): Metadata corruption detected at xfs_dinode_verify+0x1a6/0x1570, inode 0x1803 dinode
[  354.050378][T17379] XFS (loop4): Unmount and run xfs_repair
[  354.052887][T17379] XFS (loop4): First 128 bytes of corrupted metadata buffer:
[  354.061942][T17379] 00000000: 49 4e 41 ed 03 01 00 00 00 00 00 00 00 00 00 00  INA.............
[  354.066553][T17379] 00000010: 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  354.069530][T17379] 00000020: 34 f7 58 68 a5 a5 b6 11 34 f7 58 68 a5 e2 bf 3d  4.Xh....4.Xh...=
[  354.072515][T17379] 00000030: 34 f7 58 68 a5 e2 bf 3d 00 00 00 00 00 00 00 20  4.Xh...=....... 
[  354.077195][T17379] 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  354.081045][T17379] 00000050: 00 00 00 02 00 00 00 00 00 00 00 00 ca e6 3d c1  ..............=.
[  354.085134][T17379] 00000060: ff ff ff ff 6e d0 e3 2d 00 00 00 00 00 00 00 04  ....n..-........
[  354.088243][T17379] 00000070: 00 00 00 03 00 00 00 10 00 00 00 00 00 00 00 06  ................
[  354.093550][T17422] XFS (loop4): Metadata corruption detected at xfs_dinode_verify+0x1a6/0x1570, inode 0x1803 dinode
[  354.104394][T17422] XFS (loop4): Unmount and run xfs_repair
[  354.106896][T17422] XFS (loop4): First 128 bytes of corrupted metadata buffer:
[  354.110062][T17422] 00000000: 49 4e 41 ed 03 01 00 00 00 00 00 00 00 00 00 00  INA.............
[  354.118372][T17422] 00000010: 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  354.123066][T17422] 00000020: 34 f7 58 68 a5 a5 b6 11 34 f7 58 68 a5 e2 bf 3d  4.Xh....4.Xh...=
[  354.127123][T17422] 00000030: 34 f7 58 68 a5 e2 bf 3d 00 00 00 00 00 00 00 20  4.Xh...=....... 
[  354.143283][T17422] 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  354.149680][T17422] 00000050: 00 00 00 02 00 00 00 00 00 00 00 00 ca e6 3d c1  ..............=.
[  354.156573][T17422] 00000060: ff ff ff ff 6e d0 e3 2d 00 00 00 00 00 00 00 04  ....n..-........
[  354.161836][T17422] 00000070: 00 00 00 03 00 00 00 10 00 00 00 00 00 00 00 06  ................
[  354.182394][T17323] veth0_vlan: entered promiscuous mode
[  354.197901][T17323] veth1_vlan: entered promiscuous mode
[  354.222474][T17323] veth0_macvtap: entered promiscuous mode
[  354.227000][T17323] veth1_macvtap: entered promiscuous mode
[  354.229836][T17419] loop6: detected capacity change from 0 to 32768
[  354.234641][T17323] batman_adv: batadv0: Interface activated: batadv_slave_0
[  354.236850][T17419] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.4333 (17419)
[  354.245804][   T55] Bluetooth: hci1: command tx timeout
[  354.246350][T17323] batman_adv: batadv0: Interface activated: batadv_slave_1
[  354.258585][ T5881] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  354.264940][ T5881] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  354.268902][ T5881] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  354.272820][ T5881] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  354.274203][T17419] BTRFS info (device loop6): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  354.287468][T17419] BTRFS info (device loop6): using blake2b (blake2b-256-generic) checksum algorithm
[  354.326134][T17419] BTRFS info (device loop6): enabling ssd optimizations
[  354.329243][T17419] BTRFS info (device loop6): enabling free space tree
[  354.332148][T17419] BTRFS info (device loop6): use zstd compression, level 3
[  354.346536][ T3639] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  354.364494][ T3639] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  354.380519][   T33] audit: type=1800 audit(2000000428.447:275): pid=17419 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.4333" name="file1" dev="loop6" ino=260 res=0 errno=0
[  354.391261][ T3639] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  354.400398][ T3639] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  354.422567][T15414] BTRFS info (device loop6): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  354.644300][   T55] Bluetooth: hci2: command 0x0406 tx timeout
[  354.684608][T12356] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  354.702739][ T5913] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  354.854175][ T5913] usb 8-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  354.860609][ T5913] usb 8-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  354.875177][ T5913] usb 8-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  354.884441][ T5913] usb 8-1: config 1 has no interface number 1
[  354.886660][ T5913] usb 8-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  354.902545][ T5913] usb 8-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  354.914838][ T5913] usb 8-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  354.917870][ T5913] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  354.931779][ T5913] usb 8-1: Product: syz
[  354.934811][ T5913] usb 8-1: Manufacturer: syz
[  354.936699][ T5913] usb 8-1: SerialNumber: syz
[  354.944272][T17465] loop4: detected capacity change from 0 to 32768
[  354.969374][T17465] ocfs2: Slot 0 on device (7,4) was already allocated to this node!
[  354.981099][T17465] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  355.066136][T12356] ocfs2: Unmounting device (7,4) on (node local)
[  355.155456][ T5913] usb 8-1: No endpoint at altset 1, falling back to MIDI 1.0
[  355.158640][ T5913] usb 8-1: MIDIStreaming interface descriptor not found
[  355.219856][ T5913] usb 8-1: USB disconnect, device number 2
[  355.298872][T17488] netlink: 16186 bytes leftover after parsing attributes in process `syz.6.4348'.
[  355.436480][T17500] loop6: detected capacity change from 0 to 4096
[  355.450829][T17500] ntfs3(loop6): Different NTFS sector size (2048) and media sector size (512).
[  355.741157][T17531] loop7: detected capacity change from 0 to 4096
[  355.750396][T17531] ntfs3(loop7): Different NTFS sector size (2048) and media sector size (512).
[  355.902703][ T5852] usb 7-1: new high-speed USB device number 7 using dummy_hcd
[  355.939241][T17537] loop4: detected capacity change from 0 to 32768
[  355.945788][T17537] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.4370 (17537)
[  355.973427][T17537] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  355.977619][T17537] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  356.071507][ T5852] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  356.082219][ T5852] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  356.086231][ T5852] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  356.091567][ T5852] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  356.102238][ T5852] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  356.111355][T17537] BTRFS info (device loop4): enabling ssd optimizations
[  356.114846][ T5852] usb 7-1: config 0 descriptor??
[  356.122378][T17537] BTRFS info (device loop4): enabling free space tree
[  356.144691][   T33] audit: type=1800 audit(2000000430.208:276): pid=17537 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.4370" name="file1" dev="loop4" ino=260 res=0 errno=0
[  356.160829][ T5881] BTRFS info (device loop4): qgroup scan completed (inconsistency flag cleared)
[  356.327974][T17324] Bluetooth: hci1: command tx timeout
[  356.534491][ T5852] plantronics 0003:047F:FFFF.0013: unknown main item tag 0x0
[  356.546027][ T5852] plantronics 0003:047F:FFFF.0013: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[  356.646125][T12356] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  356.813458][ T5852] usb 7-1: USB disconnect, device number 7
[  356.971399][T17583] loop7: detected capacity change from 0 to 256
[  356.975859][T17583] exfat: Deprecated parameter 'namecase'
[  356.982402][T17583] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[  357.037145][T17182] Bluetooth: hci3: Frame reassembly failed (-84)
[  357.067402][T17589] loop7: detected capacity change from 0 to 128
[  357.168221][T17595] input: syz0 as /devices/virtual/input/input22
[  357.303788][T17602] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4392'.
[  357.320928][T17602] loop7: detected capacity change from 0 to 1024
[  357.717769][T17610] loop6: detected capacity change from 0 to 1024
[  357.723984][T17610] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[  357.737628][T17610] Quota error (device loop6): do_check_range: Getting block 64 out of range 1-5
[  357.741756][T17610] Quota error (device loop6): qtree_read_dquot: Can't read quota structure for id 0
[  357.747403][T17610] EXT4-fs error (device loop6): ext4_acquire_dquot:6937: comm syz.6.4395: Failed to acquire dquot type 0
[  357.754845][T17610] EXT4-fs error (device loop6): mb_free_blocks:2017: group 0, inode 13: block 144:freeing already freed block (bit 9); block bitmap corrupt.
[  357.761583][T17610] EXT4-fs error (device loop6): ext4_do_update_inode:5653: inode #13: comm syz.6.4395: corrupted inode contents
[  357.767779][T17610] EXT4-fs error (device loop6): ext4_dirty_inode:6538: inode #13: comm syz.6.4395: mark_inode_dirty error
[  357.774150][T17610] EXT4-fs error (device loop6): ext4_do_update_inode:5653: inode #13: comm syz.6.4395: corrupted inode contents
[  357.779913][T17610] EXT4-fs error (device loop6): __ext4_ext_dirty:206: inode #13: comm syz.6.4395: mark_inode_dirty error
[  357.785434][T17610] EXT4-fs error (device loop6): ext4_do_update_inode:5653: inode #13: comm syz.6.4395: corrupted inode contents
[  357.790903][T17610] EXT4-fs error (device loop6) in ext4_orphan_del:305: Corrupt filesystem
[  357.795976][T17610] EXT4-fs error (device loop6): ext4_do_update_inode:5653: inode #13: comm syz.6.4395: corrupted inode contents
[  357.804876][T17610] EXT4-fs error (device loop6): ext4_truncate:4666: inode #13: comm syz.6.4395: mark_inode_dirty error
[  357.810704][T17610] EXT4-fs error (device loop6) in ext4_process_orphan:347: Corrupt filesystem
[  357.818525][T17610] EXT4-fs (loop6): 1 truncate cleaned up
[  357.822434][T17610] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  357.866618][T15414] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  358.086129][T17617] loop6: detected capacity change from 0 to 1024
[  358.107655][T17617] netlink: 96 bytes leftover after parsing attributes in process `syz.6.4397'.
[  358.417317][   T55] Bluetooth: hci1: command tx timeout
[  358.759792][T17644] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4409'.
[  358.764089][T17644] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4409'.
[  358.767317][T17644] netlink: 'syz.7.4409': attribute type 18 has an invalid length.
[  358.770020][T17644] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4409'.
[  358.840093][T17645] loop6: detected capacity change from 0 to 256
[  358.851974][T17645] FAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  358.997359][T17651] loop7: detected capacity change from 0 to 8
[  359.040820][T17324] Bluetooth: hci3: Opcode 0x1003 failed: -110
[  359.103594][T17659] netlink: 'syz.7.4416': attribute type 10 has an invalid length.
[  359.139417][T17661] loop4: detected capacity change from 0 to 1024
[  359.153508][T17661] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  359.155284][T17665] netlink: 'syz.7.4418': attribute type 1 has an invalid length.
[  359.161913][T17665] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4418'.
[  359.169831][T17661] EXT4-fs warning (device loop4): ext4_empty_dir:3099: inode #11: comm syz.4.4417: directory missing '..'
[  359.183674][T12356] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  359.236710][T17672] loop4: detected capacity change from 0 to 4096
[  359.248850][T17672] ntfs3(loop4): Mark volume as dirty due to NTFS errors
[  359.252793][T17672] ntfs3(loop4): Failed to load $Extend (-22).
[  359.255000][T17672] ntfs3(loop4): Failed to initialize $Extend.
[  359.693716][   T28] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  359.693730][   T28] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  359.704530][T17674] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  359.706257][T17674] ntfs3(loop4): ino=21, The size of extended attributes must not exceed 64KiB
[  359.706810][T17680] loop6: detected capacity change from 0 to 512
[  359.737655][T17680] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  359.747974][T17680] ext4 filesystem being mounted at /254/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  359.751724][   T33] audit: type=1800 audit(2000000433.820:277): pid=17680 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.4423" name="file1" dev="loop6" ino=15 res=0 errno=0
[  359.752326][   T33] audit: type=1800 audit(2000000433.820:278): pid=17680 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.4423" name="file2" dev="loop6" ino=16 res=0 errno=0
[  359.785677][T15414] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  359.966482][T17700] sp0: Synchronizing with TNC
[  360.108593][T17711] loop7: detected capacity change from 0 to 128
[  360.207270][T17718] vhci_hcd vhci_hcd.0: pdev(6) rhport(0) sockfd(4)
[  360.209848][T17718] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed)
[  360.214670][T17718] vhci_hcd vhci_hcd.0: Device attached
[  360.218403][T17719] vhci_hcd: connection closed
[  360.218574][   T12] vhci_hcd: stop threads
[  360.221884][   T12] vhci_hcd: release socket
[  360.223365][   T12] vhci_hcd: disconnect device
[  360.479988][   T55] Bluetooth: hci1: command tx timeout
[  360.619989][ T5887] usb 8-1: new high-speed USB device number 3 using dummy_hcd
[  360.741625][T17742] netlink: 24 bytes leftover after parsing attributes in process `syz.6.4451'.
[  360.776942][T17744] loop6: detected capacity change from 0 to 512
[  360.783244][ T5887] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  360.787785][ T5887] usb 8-1: config 0 interface 0 has no altsetting 0
[  360.792793][ T5887] usb 8-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce
[  360.794639][T17744] EXT4-fs error (device loop6): ext4_orphan_get:1392: inode #15: comm syz.6.4452: iget: bad extended attribute block 1
[  360.795966][ T5887] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  360.804045][ T5887] usb 8-1: Product: syz
[  360.804285][T17744] EXT4-fs error (device loop6): ext4_orphan_get:1397: comm syz.6.4452: couldn't read orphan inode 15 (err -117)
[  360.805460][ T5887] usb 8-1: Manufacturer: syz
[  360.812247][ T5887] usb 8-1: SerialNumber: syz
[  360.812601][T17744] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  360.815359][ T5887] usb 8-1: config 0 descriptor??
[  360.831514][ T5887] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state.
[  360.836265][ T5887] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer.
[  360.841220][ T5887] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0)
[  360.844440][ T5887] usb 8-1: media controller created
[  360.857064][T17744] EXT4-fs warning (device loop6): ext4_resize_begin:82: There are errors in the filesystem, so online resizing is not allowed
[  360.857912][ T5887] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  360.882259][T15414] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  360.887925][ T5887] DVB: Unable to find symbol tda10046_attach()
[  360.892043][ T5887] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0'
[  360.895785][ T5887] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected.
[  360.912486][  T973] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  360.990964][T17753] netlink: 32 bytes leftover after parsing attributes in process `syz.6.4455'.
[  361.041567][T17757] loop6: detected capacity change from 0 to 512
[  361.044830][T17757] EXT4-fs: Ignoring removed bh option
[  361.052947][T17757] EXT4-fs (loop6): mounting ext3 file system using the ext4 subsystem
[  361.058296][T17757] EXT4-fs (loop6): 1 truncate cleaned up
[  361.061088][  T973] usb 5-1: Using ep0 maxpacket: 32
[  361.061900][T17757] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  361.066088][  T973] usb 5-1: config 4 has an invalid interface number: 128 but max is 0
[  361.074856][  T973] usb 5-1: config 4 has no interface number 0
[  361.077276][  T973] usb 5-1: config 4 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  361.082411][  T973] usb 5-1: config 4 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  361.087262][  T973] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  361.091481][T15414] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  361.092269][  T973] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  361.113679][  T973] hub 5-1:4.128: USB hub found
[  361.245178][ T5887] dvb_usb_m920x 8-1:0.0: probe with driver dvb_usb_m920x failed with error -71
[  361.252863][T17768] loop6: detected capacity change from 0 to 128
[  361.278808][ T5887] usb 8-1: USB disconnect, device number 3
[  361.317294][  T973] hub 5-1:4.128: 6 ports detected
[  361.319741][  T973] hub 5-1:4.128: Using single TT (err -22)
[  361.322440][  T973] hub 5-1:4.128: insufficient power available to use all downstream ports
[  361.323118][T17770] loop6: detected capacity change from 0 to 8
[  361.556994][  T973] hub 5-1:4.128: hub_hub_status failed (err = -71)
[  361.566536][  T973] hub 5-1:4.128: config failed, can't get hub status (err -71)
[  361.591947][  T973] usb 5-1: USB disconnect, device number 15
[  361.967725][T17784] loop7: detected capacity change from 0 to 32768
[  361.978881][T17784] bcachefs (/dev/loop7): error validating superblock: Invalid superblock section members_v1: too many devices for section size
[  361.978881][T17784] members_v1 (size 64):
[  361.978881][T17784] nr_devices mismatch: have 0 entries, should be 8
[  361.987226][T17784] bcachefs: bch2_fs_get_tree() error: invalid_sb_members
[  362.018733][T17786] netlink: 72 bytes leftover after parsing attributes in process `syz.7.4470'.
[  362.022926][T17786] netlink: 72 bytes leftover after parsing attributes in process `syz.7.4470'.
[  362.085538][T17790] netlink: 4 bytes leftover after parsing attributes in process `syz.7.4472'.
[  362.127051][T17792] loop4: detected capacity change from 0 to 4096
[  362.199920][T17796] overlayfs: fs on './bus' does not support file handles, falling back to index=off,nfs_export=off.
[  362.203567][T17796] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  362.254372][T17800] loop4: detected capacity change from 0 to 4096
[  362.302036][T17804] loop6: detected capacity change from 0 to 8
[  362.359525][ T5852] usb 8-1: new high-speed USB device number 4 using dummy_hcd
[  362.434461][T17813] loop6: detected capacity change from 0 to 128
[  362.437061][T17813] ext2: Unknown parameter 'context'
[  362.461807][T17813] loop6: detected capacity change from 0 to 128
[  362.476328][T17813] EXT4-fs (loop6): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  362.481205][T17813] ext4 filesystem being mounted at /282/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  362.538908][ T5852] usb 8-1: Using ep0 maxpacket: 8
[  362.550304][ T5852] usb 8-1: config 11 has an invalid interface number: 95 but max is 0
[  362.553862][ T5852] usb 8-1: config 11 has no interface number 0
[  362.559432][ T5852] usb 8-1: config 11 interface 95 has no altsetting 0
[  362.590392][ T5852] usb 8-1: language id specifier not provided by device, defaulting to English
[  362.611971][ T5852] usb 8-1: New USB device found, idVendor=10f0, idProduct=2002, bcdDevice=dc.4d
[  362.615457][ T5852] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  362.618024][ T5852] usb 8-1: Product: syz
[  362.619912][ T5852] usb 8-1: SerialNumber: syz
[  362.700102][T17820] loop4: detected capacity change from 0 to 47
[  362.856427][T15414] EXT4-fs (loop6): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  362.881847][ T5852] usb 8-1: USB disconnect, device number 4
[  362.915415][ T5913] kernel write not supported for file /vcsa1 (pid: 5913 comm: kworker/1:6)
[  363.268546][ T5887] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  363.381004][T17855] MTD: Attempt to mount non-MTD device "/dev/nullb0"
[  363.383953][T17855] VFS: Can't find a romfs filesystem on dev nullb0.
[  363.383953][T17855] 
[  363.429032][ T5887] usb 7-1: Using ep0 maxpacket: 32
[  363.432164][ T5887] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0
[  363.437509][ T5887] usb 7-1: New USB device found, idVendor=0c72, idProduct=0011, bcdDevice= 9.75
[  363.442200][ T5887] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  363.444725][ T5887] usb 7-1: Product: syz
[  363.446117][ T5887] usb 7-1: Manufacturer: syz
[  363.447815][ T5887] usb 7-1: SerialNumber: syz
[  363.452282][ T5887] usb 7-1: config 0 descriptor??
[  363.809564][ T5913] usb 7-1: USB disconnect, device number 8
[  365.199642][T17890] netlink: 14528 bytes leftover after parsing attributes in process `syz.6.4507'.
[  365.232029][T17892] loop6: detected capacity change from 0 to 1024
[  365.276209][T17184] hfsplus: b-tree write err: -5, ino 4
[  365.306625][T17896] 8021q: adding VLAN 0 to HW filter on device bond2
[  365.486474][T17911] binder: BINDER_SET_CONTEXT_MGR already set
[  365.489321][T17911] binder: 17908:17911 ioctl 4018620d 200000000040 returned -16
[  366.562001][T17951] netlink: 'syz.4.4532': attribute type 1 has an invalid length.
[  366.564648][T17951] netlink: 36 bytes leftover after parsing attributes in process `syz.4.4532'.
[  366.813063][T17960] loop7: detected capacity change from 0 to 16
[  366.831130][T17960] erofs (device loop7): mounted with root inode @ nid 36.
[  366.841394][T17962] loop4: detected capacity change from 0 to 4096
[  366.845329][T17962] ntfs3(loop4): ino=0, mi_enum_attr
[  366.854030][T17962] ntfs3(loop4): ino=0, mi_enum_attr
[  366.856233][T17962] ntfs3(loop4): Mark volume as dirty due to NTFS errors
[  366.867942][T17962] ntfs3(loop4): This driver is compiled without CONFIG_NTFS3_64BIT_CLUSTER (like windows driver).
[  366.867942][T17962] Volume contains 64 bits run: vcn 0, lcn ffffffffff000000, len 7ff.
[  366.867942][T17962] Activate CONFIG_NTFS3_64BIT_CLUSTER to process this case
[  366.878652][T17962] ntfs3(loop4): Failed to load $BadClus (-95).
[  366.992833][T17972] loop7: detected capacity change from 0 to 1024
[  366.999493][T17972] EXT4-fs: Ignoring removed nobh option
[  367.020502][T17972] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  367.058464][T17323] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  367.279192][T17997] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4553'.
[  367.282231][T17997] netlink: 'syz.4.4553': attribute type 20 has an invalid length.
[  367.287661][ T5874] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  367.290766][T17997] netlink: 12 bytes leftover after parsing attributes in process `syz.4.4553'.
[  367.294010][ T5881] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  367.297889][T17997] netlink: 'syz.4.4553': attribute type 20 has an invalid length.
[  367.303785][ T5881] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  367.307981][ T5881] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  367.337217][   T47] usb 8-1: new high-speed USB device number 5 using dummy_hcd
[  367.374407][T18001] loop4: detected capacity change from 0 to 4096
[  367.382394][T18001] ntfs3(loop4): Primary boot: invalid sectors per cluster 75.
[  367.385618][T18001] ntfs3(loop4): try to read out of volume at offset 0x1ffe00
[  367.486508][   T47] usb 8-1: Using ep0 maxpacket: 16
[  367.516752][T18003] loop6: detected capacity change from 0 to 32768
[  367.516954][   T47] usb 8-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  367.520947][T18003] ocfs2: Slot 0 on device (7,6) was already allocated to this node!
[  367.529382][   T47] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  367.529712][T18003] ocfs2: Mounting device (7,6) on (node local, slot 0) with ordered data mode.
[  367.544283][   T47] usb 8-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  367.550783][   T47] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  367.554328][   T47] usb 8-1: Product: syz
[  367.556178][   T47] usb 8-1: Manufacturer: syz
[  367.560951][   T47] usb 8-1: SerialNumber: syz
[  367.563244][T15414] ocfs2: Unmounting device (7,6) on (node local)
[  367.744529][   T47] usb 8-1: config 0 descriptor??
[  367.747687][   T47] em28xx 8-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  367.751377][   T47] em28xx 8-1:0.0: Audio interface 0 found (Vendor Class)
[  368.106032][ T5852] usb 7-1: new high-speed USB device number 9 using dummy_hcd
[  368.257847][ T5852] usb 7-1: New USB device found, idVendor=1b80, idProduct=e396, bcdDevice=a7.b1
[  368.261194][ T5852] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  368.265171][ T5852] usb 7-1: config 0 descriptor??
[  368.269062][ T5852] usb 7-1: dvb_usb_v2: usb_bulk_msg() failed=-22
[  368.297599][ T5852] dvb_usb_af9015 7-1:0.0: probe with driver dvb_usb_af9015 failed with error -22
[  368.412732][   T47] em28xx 8-1:0.0: unknown em28xx chip ID (0)
[  368.420646][   T47] em28xx 8-1:0.0: Config register raw data: 0xfffffffb
[  368.487901][ T5887] usb 7-1: USB disconnect, device number 9
[  369.159996][T18024] loop6: detected capacity change from 0 to 32768
[  369.163492][T18024] XFS: ikeep mount option is deprecated.
[  369.181341][T18024] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  369.214543][T18024] XFS (loop6): Ending clean mount
[  369.217540][T18024] XFS (loop6): Quotacheck needed: Please wait.
[  369.223297][T18024] XFS (loop6): Quotacheck: Done.
[  369.242615][   T47] em28xx 8-1:0.0: Unknown AC97 audio processor detected!
[  369.247195][   T47] em28xx 8-1:0.0: couldn't setup AC97 register 2
[  369.251621][   T47] em28xx 8-1:0.0: couldn't setup AC97 register 4
[  369.254527][   T47] em28xx 8-1:0.0: couldn't setup AC97 register 6
[  369.258285][T15414] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  369.258449][   T47] em28xx 8-1:0.0: couldn't setup AC97 register 54
[  369.264212][   T47] em28xx 8-1:0.0: couldn't setup AC97 register 56
[  369.271664][   T47] usb 8-1: USB disconnect, device number 5
[  369.370199][T18034] loop4: detected capacity change from 0 to 32768
[  369.387359][T18034] (syz.4.4564,18034,1):ocfs2_load_local_alloc:320 ERROR: Local alloc size is invalid (la_size = 0)
[  369.391605][T18034] (syz.4.4564,18034,1):ocfs2_load_local_alloc:356 ERROR: status = -22
[  369.394341][T18034] (syz.4.4564,18034,1):ocfs2_check_volume:2404 ERROR: status = -22
[  369.410379][T18034] (syz.4.4564,18034,1):ocfs2_check_volume:2432 ERROR: status = -22
[  369.413663][T18034] (syz.4.4564,18034,1):ocfs2_mount_volume:1764 ERROR: status = -22
[  369.417793][T18034] (syz.4.4564,18034,1):ocfs2_fill_super:1177 ERROR: status = -22
[  369.528431][T18054] loop4: detected capacity change from 0 to 256
[  369.635137][T18056] loop4: detected capacity change from 0 to 32768
[  369.642825][T18056] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.4574 (18056)
[  369.650689][T18056] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  369.654768][T18056] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm
[  369.658828][T18056] BTRFS warning (device loop4): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  369.694059][T18056] BTRFS info (device loop4): rebuilding free space tree
[  369.699652][T18056] BTRFS info (device loop4): disabling free space tree
[  369.702026][T18056] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  369.706474][T18056] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  369.711345][T18056] BTRFS info (device loop4): setting nodatasum
[  369.713476][T18056] BTRFS info (device loop4): setting nodatacow
[  369.715916][ T6513] usb 7-1: new high-speed USB device number 10 using dummy_hcd
[  369.720487][T18056] BTRFS info (device loop4): enabling ssd optimizations
[  369.722868][T18056] BTRFS info (device loop4): turning off barriers
[  369.725069][T18056] BTRFS info (device loop4): enabling disk space caching
[  369.728614][T18056] BTRFS info (device loop4): force clearing of disk cache
[  369.731241][T18056] BTRFS info (device loop4): doing ref verification
[  369.733428][T18056] BTRFS info (device loop4): max_inline set to 4096
[  369.781690][T12356] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  369.853382][T18075] syzkaller0: entered promiscuous mode
[  369.856112][T18075] syzkaller0: entered allmulticast mode
[  369.967213][ T6513] usb 7-1: config 0 has an invalid interface number: 161 but max is 0
[  369.970803][ T6513] usb 7-1: config 0 has no interface number 0
[  369.973549][ T6513] usb 7-1: config 0 interface 161 altsetting 8 has an endpoint descriptor with address 0xA1, changing to 0x81
[  369.979339][ T6513] usb 7-1: config 0 interface 161 has no altsetting 0
[  369.982319][ T6513] usb 7-1: New USB device found, idVendor=0572, idProduct=cb07, bcdDevice=33.62
[  369.986636][ T6513] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  369.991856][ T6513] usb 7-1: config 0 descriptor??
[  369.997116][ T6513] cxacru 7-1:0.161: cxacru_bind: interface has incorrect endpoints
[  370.000833][ T6513] cxacru 7-1:0.161: usbatm_usb_probe: bind failed: -19!
[  370.252846][ T5913] usb 7-1: USB disconnect, device number 10
[  370.363753][T18082] loop7: detected capacity change from 0 to 32768
[  370.368669][T18082] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop7 (7:7) scanned by syz.7.4577 (18082)
[  370.376993][T18082] BTRFS info (device loop7): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  370.381533][T18082] BTRFS info (device loop7): using crc32c (crc32c-lib) checksum algorithm
[  370.420852][T18082] BTRFS info (device loop7): rebuilding free space tree
[  370.434148][T18082] BTRFS info (device loop7): setting nodatasum
[  370.437512][T18082] BTRFS info (device loop7): setting nodatacow
[  370.440361][T18082] BTRFS info (device loop7): enabling ssd optimizations
[  370.443467][T18082] BTRFS info (device loop7): turning off barriers
[  370.446574][T18082] BTRFS info (device loop7): turning on flush-on-commit
[  370.449667][T18082] BTRFS info (device loop7): enabling free space tree
[  370.452660][T18082] BTRFS info (device loop7): force clearing of disk cache
[  370.456016][T18082] BTRFS info (device loop7): doing ref verification
[  370.459032][T18082] BTRFS info (device loop7): max_inline set to 4096
[  370.488706][T17323] BTRFS info (device loop7): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  371.044806][ T6513] usb 7-1: new high-speed USB device number 11 using dummy_hcd
[  371.207185][ T6513] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  371.211863][ T6513] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  371.216004][ T6513] usb 7-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00
[  371.219779][ T6513] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  371.224565][ T6513] usb 7-1: config 0 descriptor??
[  371.442862][T18109] netlink: 209852 bytes leftover after parsing attributes in process `syz.7.4582'.
[  371.482403][T18111] loop7: detected capacity change from 0 to 1024
[  371.487400][T18111] EXT4-fs: Ignoring removed nobh option
[  371.497837][T18111] EXT4-fs (loop7): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  371.510296][T18111] EXT4-fs error (device loop7): ext4_ext_check_inode:523: inode #11: comm syz.7.4583: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 1, max 4(4), depth 32512(32512)
[  371.521617][T18111] EXT4-fs error (device loop7): ext4_orphan_get:1397: comm syz.7.4583: couldn't read orphan inode 11 (err -117)
[  371.528454][T18111] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  371.537904][T18111] EXT4-fs error (device loop7): ext4_read_block_bitmap_nowait:483: comm syz.7.4583: Invalid block bitmap block 0 in block_group 0
[  371.543621][T18111] Quota error (device loop7): write_blk: dquota write failed
[  371.547100][T18111] Quota error (device loop7): qtree_write_dquot: Error -117 occurred while creating quota
[  371.551476][T18111] EXT4-fs error (device loop7): ext4_acquire_dquot:6937: comm syz.7.4583: Failed to acquire dquot type 0
[  371.557053][T18111] EXT4-fs error (device loop7): ext4_read_inode_bitmap:139: comm syz.7.4583: Invalid inode bitmap blk 137438953472 in block_group 0
[  371.575457][ T3639] EXT4-fs error (device loop7): __ext4_get_inode_loc:4861: comm kworker/u10:4: Invalid inode table block 8589934593 in block_group 0
[  371.582767][T17323] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  371.639703][ T6513] hid-steam 0003:28DE:1142.0014: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.6-1/input0
[  371.704384][ T6513] hid-steam 0003:28DE:1142.0014: Steam wireless receiver connected
[  371.709658][ T6513] hid-steam 0003:28DE:1142.0015: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.6-1/input0
[  371.856848][ T6513] usb 7-1: USB disconnect, device number 11
[  371.861765][ T6513] hid-steam 0003:28DE:1142.0014: Steam wireless receiver disconnected
[  372.382339][T18123] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4586'.
[  372.880787][T18132] loop7: detected capacity change from 0 to 1024
[  372.884336][T18132] EXT4-fs: Ignoring removed nobh option
[  372.886856][T18132] EXT4-fs: Ignoring removed bh option
[  372.924303][T18132] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  373.065161][T17323] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  373.249855][T18144] loop7: detected capacity change from 0 to 512
[  373.258522][T18144] ext4: Unknown parameter 'smackfsdef'
[  373.951347][   T55] Bluetooth: hci2: unexpected event for opcode 0x200f
[  375.285907][T18184] netlink: 'syz.6.4612': attribute type 1 has an invalid length.
[  375.356390][T18184] 8021q: adding VLAN 0 to HW filter on device bond3
[  375.375683][T18186] vlan2: entered promiscuous mode
[  375.377995][T18186] bond3: entered promiscuous mode
[  375.380428][T18186] vlan2: entered allmulticast mode
[  375.386993][T18186] bond3: entered allmulticast mode
[  375.435740][T18174] loop4: detected capacity change from 0 to 32768
[  375.477471][T18174] ocfs2: Mounting device (7,4) on (node local, slot 0) with writeback data mode.
[  375.481801][T18184] bond3: (slave gretap1): making interface the new active one
[  375.486378][T18184] gretap1: entered promiscuous mode
[  375.490964][T18184] gretap1: entered allmulticast mode
[  375.519543][T18184] bond3: (slave gretap1): Enslaving as an active interface with an up link
[  375.560986][T12356] ocfs2: Unmounting device (7,4) on (node local)
[  375.879396][T18214] loop7: detected capacity change from 0 to 128
[  376.165267][T18200] loop6: detected capacity change from 0 to 32768
[  376.177177][T18200] XFS (loop6): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  376.213908][T18200] XFS (loop6): Ending clean mount
[  376.233497][T15414] XFS (loop6): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  376.442125][T18246] cgroup: Unknown subsys name 'cpuset'
[  376.508052][T18248] netlink: 108 bytes leftover after parsing attributes in process `syz.6.4635'.
[  376.511373][T18248] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4635'.
[  377.062632][   T47] usb 7-1: new low-speed USB device number 12 using dummy_hcd
[  377.183424][T18271] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  377.223851][   T47] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  377.227424][   T47] usb 7-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  377.230471][   T47] usb 7-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  377.234675][   T47] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  377.243182][   T47] usb 7-1: config 0 descriptor??
[  377.271119][T18277] loop7: detected capacity change from 0 to 128
[  377.278339][T18277] ufs: ufs_fill_super(): fragment size 2066844866 is not a power of 2
[  377.352920][T18279] tipc: Started in network mode
[  377.354620][T18279] tipc: Node identity 5a3468381b62, cluster identity 4711
[  377.357198][T18279] tipc: Enabled bearer <eth:syzkaller0>, priority 0
[  377.360082][T18279] syzkaller0: entered promiscuous mode
[  377.362098][T18279] syzkaller0: entered allmulticast mode
[  377.367594][T18279] sch_tbf: burst 127 is lower than device syzkaller0 mtu (1514) !
[  377.372267][T18279] tipc: Resetting bearer <eth:syzkaller0>
[  377.376504][T18278] tipc: Resetting bearer <eth:syzkaller0>
[  377.380615][T18278] tipc: Disabling bearer <eth:syzkaller0>
[  377.458297][   T47] usb 7-1: USB disconnect, device number 12
[  377.702371][ T5913] usb 8-1: new high-speed USB device number 6 using dummy_hcd
[  377.726297][T18283] loop4: detected capacity change from 0 to 32768
[  377.853247][ T5913] usb 8-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  377.857886][ T5913] usb 8-1: config 0 interface 0 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0
[  377.862783][ T5913] usb 8-1: config 0 interface 0 has no altsetting 0
[  377.865728][ T5913] usb 8-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  377.869555][ T5913] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  377.874234][ T5913] usb 8-1: config 0 descriptor??
[  378.069217][T18287] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4651'.
[  378.127524][T18289] loop4: detected capacity change from 0 to 512
[  378.134458][T18289] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=256, location=256
[  378.155871][ T1363] ieee802154 phy0 wpan0: encryption failed: -22
[  378.158612][ T1363] ieee802154 phy1 wpan1: encryption failed: -22
[  378.160155][T18289] UDF-fs: error (device loop4): udf_read_inode: (ino 19) failed ident=264
[  378.166262][T18289] binfmt_misc: register: failed to install interpreter file ./file0
[  378.316485][T18301] netlink: 'syz.6.4659': attribute type 1 has an invalid length.
[  378.319688][T18301] netlink: 224 bytes leftover after parsing attributes in process `syz.6.4659'.
[  378.349808][T18303] input: syz0 as /devices/virtual/input/input24
[  378.487577][ T5913] usb 8-1: string descriptor 0 read error: -22
[  378.544381][T18313] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4663'.
[  378.693203][ T5913] uclogic 0003:256C:006D.0016: interface is invalid, ignoring
[  378.757698][T18328] loop4: detected capacity change from 0 to 1024
[  378.767024][T18328] hfsplus: bad catalog entry type
[  378.777563][  T868] hfsplus: b-tree write err: -5, ino 4
[  378.885850][T18338] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4670'.
[  378.909191][   T47] usb 8-1: USB disconnect, device number 6
[  379.843438][    T9] usb 8-1: new high-speed USB device number 7 using dummy_hcd
[  379.922033][T18373] loop4: detected capacity change from 0 to 512
[  379.934219][T18373] EXT4-fs (loop4): orphan cleanup on readonly fs
[  379.949274][T18373] EXT4-fs error (device loop4): ext4_orphan_get:1418: comm syz.4.4681: bad orphan inode 13
[  379.969290][T18373] ext4_test_bit(bit=12, block=18) = 1
[  379.973118][T18373] is_bad_inode(inode)=0
[  379.974882][T18373] NEXT_ORPHAN(inode)=2130706432
[  379.976942][T18373] max_ino=32
[  379.978329][T18373] i_nlink=1
[  379.983036][T18373] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  379.991960][T18373] EXT4-fs (loop4): warning: mounting fs with errors, running e2fsck is recommended
[  380.017435][T18373] EXT4-fs (loop4): re-mounted 00000000-0000-0000-0000-000000000000 r/w.
[  380.027193][    T9] usb 8-1: config 0 has an invalid interface number: 1 but max is 0
[  380.040471][    T9] usb 8-1: config 0 has no interface number 0
[  380.051775][    T9] usb 8-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b
[  380.055591][    T9] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  380.061499][T12356] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  380.067540][    T9] usb 8-1: Product: syz
[  380.069945][    T9] usb 8-1: Manufacturer: syz
[  380.074869][    T9] usb 8-1: SerialNumber: syz
[  380.078038][    T9] usb 8-1: config 0 descriptor??
[  380.287406][    T9] usb 8-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state
[  380.298332][    T9] usb 8-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer
[  380.307626][    T9] dvbdev: DVB: registering new adapter (E3C EC168 reference design)
[  380.317685][    T9] usb 8-1: media controller created
[  380.346144][    T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered.
[  380.378568][T18409] syz_tun: entered allmulticast mode
[  380.382917][T18408] syz_tun: left allmulticast mode
[  380.497261][    T9] i2c i2c-3: ec100: i2c rd failed=-71 reg=33
[  380.544704][    T9] usb 8-1: USB disconnect, device number 7
[  380.550681][  T973] Bluetooth: hci2: Opcode 0x0c1a failed: -110
[  380.553521][   T55] Bluetooth: hci2: command 0x0406 tx timeout
[  380.562607][  T973] Bluetooth: hci2: Error when powering off device on rfkill (-110)
[  380.729384][T18441] sg_write: data in/out 16514940/4 bytes for SCSI command 0x1c-- guessing data in;
[  380.729384][T18441]    program syz.4.4695 not setting count and/or reply_len properly
[  380.789548][T18447] loop4: detected capacity change from 0 to 1764
[  380.935945][T18461] overlayfs: failed to clone lowerpath
[  381.223058][T18478] loop4: detected capacity change from 0 to 32768
[  381.226718][T18478] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.4713 (18478)
[  381.236943][T18478] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  381.244152][T18478] BTRFS info (device loop4): using sha256 (sha256-lib) checksum algorithm
[  381.295784][T18478] BTRFS info (device loop4): enabling ssd optimizations
[  381.301935][T18478] BTRFS info (device loop4): enabling free space tree
[  381.324608][T18478] BTRFS info (device loop4): setting incompat feature flag for DEFAULT_SUBVOL (0x2)
[  381.358115][T12356] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  381.422590][ T5887] usb 8-1: new high-speed USB device number 8 using dummy_hcd
[  381.740574][ T5887] usb 8-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b
[  381.743655][ T5887] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  381.747548][ T5887] usb 8-1: config 0 descriptor??
[  381.750634][ T5887] ums-realtek 8-1:0.0: USB Mass Storage device detected
[  381.960727][ T5913] usb 8-1: USB disconnect, device number 8
[  382.138824][T18536] netlink: 'syz.6.4731': attribute type 1 has an invalid length.
[  382.231066][T18546] syz_tun: entered allmulticast mode
[  382.234037][T18545] syz_tun: left allmulticast mode
[  382.303373][T18552] lo: entered promiscuous mode
[  382.305741][T18552] lo: entered allmulticast mode
[  382.374030][T18558] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4742'.
[  382.833829][   T55] Bluetooth: hci1: command 0x0c1a tx timeout
[  382.843101][T18582] loop7: detected capacity change from 0 to 4096
[  382.846118][T18582] ntfs3: Invalid value for fmask.
[  382.851157][  T973] Bluetooth: hci1: Opcode 0x0c1a failed: -110
[  382.854778][  T973] Bluetooth: hci1: Error when powering off device on rfkill (-110)
[  383.437941][T18596] loop7: detected capacity change from 0 to 64
[  384.175824][T18618] loop4: detected capacity change from 0 to 32768
[  384.182003][T18618] JBD2: Ignoring recovery information on journal
[  384.196776][T18618] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  384.221931][T12356] ocfs2: Unmounting device (7,4) on (node local)
[  384.296268][T18624] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4770'.
[  384.541350][T18646] netlink: 12 bytes leftover after parsing attributes in process `syz.6.4780'.
[  384.713276][T18666] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4789'.
[  385.213648][  T973] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  385.358069][  T973] usb 5-1: Using ep0 maxpacket: 8
[  385.361779][  T973] usb 5-1: config 162 has an invalid interface number: 150 but max is 0
[  385.365320][  T973] usb 5-1: config 162 has no interface number 0
[  385.368620][  T973] usb 5-1: config 162 interface 150 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  385.374165][  T973] usb 5-1: config 162 interface 150 has no altsetting 0
[  385.380153][  T973] usb 5-1: New USB device found, idVendor=058f, idProduct=3820, bcdDevice=e0.0e
[  385.383809][  T973] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  385.387166][  T973] usb 5-1: Product: syz
[  385.389554][  T973] usb 5-1: Manufacturer: syz
[  385.391467][  T973] usb 5-1: SerialNumber: syz
[  385.532526][T18714] A link change request failed with some changes committed already. Interface sit0 may have been left with an inconsistent configuration, please check.
[  385.591305][T18718] netlink: 16 bytes leftover after parsing attributes in process `syz.6.4815'.
[  385.605039][  T973] usb 5-1: Found UVC 0.0a device syz (058f:3820)
[  385.607478][  T973] usb 5-1: No valid video chain found.
[  385.611130][  T973] usb 5-1: USB disconnect, device number 16
[  385.748093][T18724] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4817'.
[  385.752853][T18724] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4817'.
[  386.007330][ T5852] usb 8-1: new full-speed USB device number 9 using dummy_hcd
[  386.141905][T18742] loop4: detected capacity change from 0 to 128
[  386.159829][ T5852] usb 8-1: config 2 has an invalid interface number: 183 but max is 0
[  386.164256][   T33] audit: type=1800 audit(2000000460.243:279): pid=18742 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.4826" name="file1" dev="loop4" ino=1048723 res=0 errno=0
[  386.166482][ T5852] usb 8-1: config 2 has no interface number 0
[  386.176141][ T5852] usb 8-1: config 2 interface 183 has no altsetting 0
[  386.182089][ T5852] usb 8-1: New USB device found, idVendor=0d49, idProduct=7310, bcdDevice=58.ae
[  386.185926][ T5852] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  386.190137][ T5852] usb 8-1: Product: syz
[  386.191871][ T5852] usb 8-1: Manufacturer: syz
[  386.193754][ T5852] usb 8-1: SerialNumber: syz
[  386.415205][ T5852] usb-storage 8-1:2.183: USB Mass Storage device detected
[  386.429630][ T5852] usb-storage 8-1:2.183: Quirks match for vid 0d49 pid 7310: 8000
[  386.478443][ T5852] usb 8-1: USB disconnect, device number 9
[  386.562458][T18751] netlink: 8 bytes leftover after parsing attributes in process `syz.6.4829'.
[  386.997752][T18762] loop7: detected capacity change from 0 to 64
[  387.005035][T18762] MINIX-fs: bad superblock
[  387.070673][T18766] bond0: entered allmulticast mode
[  387.072984][T18766] bond_slave_0: entered allmulticast mode
[  387.075496][T18766] bond_slave_1: entered allmulticast mode
[  387.364209][T18776] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  387.571191][T18783] overlayfs: failed to clone upperpath
[  388.050038][   T33] audit: type=1326 audit(2000000462.104:280): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18791 comm="syz.4.4845" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641c98ebe9 code=0x7ffc0000
[  388.095349][   T33] audit: type=1326 audit(2000000462.104:281): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18791 comm="syz.4.4845" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641c98ebe9 code=0x7ffc0000
[  388.118233][   T33] audit: type=1326 audit(2000000462.104:282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18791 comm="syz.4.4845" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f641c98ebe9 code=0x7ffc0000
[  388.135560][   T33] audit: type=1326 audit(2000000462.104:283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18791 comm="syz.4.4845" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641c98ebe9 code=0x7ffc0000
[  388.191678][   T33] audit: type=1326 audit(2000000462.104:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18791 comm="syz.4.4845" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641c98ebe9 code=0x7ffc0000
[  388.207513][   T33] audit: type=1326 audit(2000000462.104:285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18791 comm="syz.4.4845" exe="/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f641c98ebe9 code=0x7ffc0000
[  388.215062][   T33] audit: type=1326 audit(2000000462.104:286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18791 comm="syz.4.4845" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641c98ebe9 code=0x7ffc0000
[  388.224098][   T33] audit: type=1326 audit(2000000462.114:287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18791 comm="syz.4.4845" exe="/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f641c98ebe9 code=0x7ffc0000
[  388.233002][   T33] audit: type=1326 audit(2000000462.114:288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18791 comm="syz.4.4845" exe="/syz-executor" sig=0 arch=c000003e syscall=441 compat=0 ip=0x7f641c98ebe9 code=0x7ffc0000
[  388.251709][T18798] dummy0: entered promiscuous mode
[  388.253617][T18798] macsec1: entered promiscuous mode
[  388.256148][T18798] macsec1: entered allmulticast mode
[  388.258330][T18798] dummy0: entered allmulticast mode
[  388.261726][T18798] dummy0: left allmulticast mode
[  388.266256][T18798] dummy0: left promiscuous mode
[  388.331064][ T5887] IPVS: starting estimator thread 0...
[  388.345570][T18813] ieee802154 phy1 wpan1: encryption failed: -90
[  388.416090][T18810] IPVS: using max 133 ests per chain, 319200 per kthread
[  388.635933][ T5887] usb 8-1: new high-speed USB device number 10 using dummy_hcd
[  388.718535][T18823] sch_fq: defrate 4294967295 ignored.
[  388.741763][T18825] openvswitch: netlink: Flow actions may not be safe on all matching packets.
[  388.786375][ T5887] usb 8-1: Using ep0 maxpacket: 8
[  388.811633][ T5887] usb 8-1: config 4 has an invalid interface number: 244 but max is 0
[  388.815060][ T5887] usb 8-1: config 4 has no interface number 0
[  388.818671][ T5887] usb 8-1: config 4 interface 244 altsetting 1 endpoint 0x1 has an invalid bInterval 41, changing to 7
[  388.823160][ T5887] usb 8-1: config 4 interface 244 altsetting 1 endpoint 0x2 has invalid wMaxPacketSize 0
[  388.836754][ T5887] usb 8-1: config 4 interface 244 altsetting 1 bulk endpoint 0x2 has invalid maxpacket 0
[  388.846038][ T5887] usb 8-1: config 4 interface 244 has no altsetting 0
[  388.853158][ T5887] usb 8-1: New USB device found, idVendor=05ac, idProduct=fa33, bcdDevice=cb.aa
[  388.859500][ T5887] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  388.862970][ T5887] usb 8-1: Product: syz
[  388.866222][ T5887] usb 8-1: Manufacturer: syz
[  388.868192][ T5887] usb 8-1: SerialNumber: syz
[  388.925896][T18835] netlink: 3 bytes leftover after parsing attributes in process `syz.4.4864'.
[  388.929808][T18835] netlink: 3 bytes leftover after parsing attributes in process `syz.4.4864'.
[  388.933525][T18835] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check.
[  388.957612][T18837] loop4: detected capacity change from 0 to 256
[  388.960269][T18837] FAT-fs (loop4): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  389.106024][ T5887] ipheth 8-1:4.244: Unable to find endpoints
[  389.113298][ T5887] usb 8-1: USB disconnect, device number 10
[  390.102976][T18860] netlink: 'syz.4.4873': attribute type 2 has an invalid length.
[  390.107130][T18860] netlink: 'syz.4.4873': attribute type 1 has an invalid length.
[  390.165432][T18856] loop7: detected capacity change from 0 to 32768
[  390.236568][T18856] bcachefs (loop7): starting version 1.7: mi_btree_bitmap opts=errors=continue,metadata_checksum=none,data_checksum=none,compression=lz4,foreground_target=invalid label 767,background_target=invalid device 7,nojournal_transaction_names
[  390.236588][T18856]   allowing incompatible features above 0.0: (unknown version)
[  390.236596][T18856]   features: 
[  390.252156][T18856] bcachefs (loop7): Using encoding defined by superblock: utf8-12.1.0
[  390.255864][T18856] bcachefs (loop7): initializing new filesystem
[  390.262929][T18856] bcachefs (loop7): going read-write
[  390.267383][T18856] bcachefs (loop7): marking superblocks
[  390.273834][T18856] bcachefs (loop7): initializing freespace
[  390.277715][T18856] bcachefs (loop7): done initializing freespace
[  390.344551][T18856] bcachefs (loop7): reading snapshots table
[  390.349663][T18856] bcachefs (loop7): reading snapshots done
[  390.534556][T18856] bcachefs (loop7): done starting filesystem
[  390.572849][T18878] fuse: Bad value for 'fd'
[  390.581676][T18856] bcachefs (loop7): going read-only
[  390.584006][T18856] bcachefs (loop7): finished waiting for writes to stop
[  390.588320][T18856] bcachefs (loop7): flushing journal and stopping allocators, journal seq 2
[  390.604292][T18856] bcachefs (loop7): flushing journal and stopping allocators complete, journal seq 2
[  390.608974][T18856] bcachefs (loop7): clean shutdown complete, journal seq 3
[  390.611619][T18856] bcachefs (loop7): marking filesystem clean
[  390.641004][T17323] bcachefs (loop7): shutting down
[  390.647952][T17323] bcachefs (loop7): shutdown complete
[  391.122727][T18884] loop4: detected capacity change from 0 to 32768
[  391.126260][T18884] btrfs: Deprecated parameter 'usebackuproot'
[  391.128488][T18884] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  391.132421][T18884] BTRFS error: unrecognized compression value n
[  391.369313][T18897] loop4: detected capacity change from 0 to 40427
[  391.373552][T18897] F2FS-fs: heap/no_heap options were deprecated
[  391.378338][T18897] F2FS-fs: heap/no_heap options were deprecated
[  391.380851][T18897] F2FS-fs (loop4): FLUSH_MERGE not compatible with readonly mode
[  391.475667][T18901] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4888'.
[  391.718493][T18915] netlink: 24 bytes leftover after parsing attributes in process `syz.7.4892'.
[  391.754336][  T973] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  391.779195][T18919] overlayfs: fs on './bus' does not support file handles, falling back to index=off,nfs_export=off.
[  391.784042][T18919] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  391.906836][  T973] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  391.911332][  T973] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  391.915750][  T973] usb 5-1: New USB device found, idVendor=2179, idProduct=0077, bcdDevice= 0.00
[  391.919484][  T973] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  391.923771][  T973] usb 5-1: config 0 descriptor??
[  392.331820][  T973] uclogic 0003:2179:0077.0017: interface is invalid, ignoring
[  392.532396][  T973] usb 5-1: USB disconnect, device number 17
[  392.734861][T18934] openvswitch: netlink: nsh attribute has 2 unknown bytes.
[  392.919019][T18948] netlink: 16 bytes leftover after parsing attributes in process `syz.6.4908'.
[  393.116293][T18960] netlink: 24 bytes leftover after parsing attributes in process `syz.4.4913'.
[  393.227955][T18967] nfs4: Unexpected value for 'acl'
[  394.445900][T19008] netlink: 'syz.6.4937': attribute type 10 has an invalid length.
[  394.449203][T19008] netlink: 40 bytes leftover after parsing attributes in process `syz.6.4937'.
[  394.449574][T19009] loop7: detected capacity change from 0 to 1024
[  394.452425][T19008] dummy0: entered promiscuous mode
[  394.452941][T19008] bridge0: port 3(dummy0) entered blocking state
[  394.475472][T19008] bridge0: port 3(dummy0) entered disabled state
[  394.478570][T19008] dummy0: entered allmulticast mode
[  394.484608][T19008] bridge0: port 3(dummy0) entered blocking state
[  394.487279][T19008] bridge0: port 3(dummy0) entered forwarding state
[  394.706925][T19035] netlink: 8 bytes leftover after parsing attributes in process `syz.7.4948'.
[  394.931138][T19048] trusted_key: syz.4.4950 sent an empty control message without MSG_MORE.
[  395.116601][T19051] ==================================================================
[  395.119500][T19051] BUG: KASAN: slab-use-after-free in __xfrm_state_lookup+0x6ad/0x8d0
[  395.122131][T19051] Read of size 2 at addr ffff88803c4d6e42 by task syz.7.4955/19051
[  395.125629][T19051] 
[  395.126990][T19051] CPU: 1 UID: 0 PID: 19051 Comm: syz.7.4955 Not tainted syzkaller #0 PREEMPT(full) 
[  395.127006][T19051] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  395.127014][T19051] Call Trace:
[  395.127021][T19051]  <TASK>
[  395.127025][T19051]  dump_stack_lvl+0x189/0x250
[  395.127045][T19051]  ? __pfx_dump_stack_lvl+0x10/0x10
[  395.127059][T19051]  ? lock_release+0x4b/0x3e0
[  395.127084][T19051]  ? __virt_addr_valid+0x4a5/0x5c0
[  395.127101][T19051]  print_report+0xca/0x240
[  395.127112][T19051]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  395.127122][T19051]  kasan_report+0x118/0x150
[  395.127138][T19051]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  395.127146][T19051]  __xfrm_state_lookup+0x6ad/0x8d0
[  395.127159][T19051]  ? __pfx___xfrm_state_lookup+0x10/0x10
[  395.127175][T19051]  xfrm_state_add+0x27d/0xc40
[  395.127190][T19051]  xfrm_add_sa+0x35a1/0x4070
[  395.127206][T19051]  ? __pfx_xfrm_add_sa+0x10/0x10
[  395.127218][T19051]  ? apparmor_capable+0x137/0x1b0
[  395.127233][T19051]  ? __nla_parse+0x40/0x60
[  395.127248][T19051]  xfrm_user_rcv_msg+0x7a3/0xab0
[  395.127259][T19051]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  395.127280][T19051]  ? __pfx___mutex_trylock_common+0x10/0x10
[  395.127295][T19051]  ? rcu_is_watching+0x15/0xb0
[  395.127307][T19051]  ? trace_contention_end+0x39/0x120
[  395.127319][T19051]  ? __mutex_lock+0x335/0x1350
[  395.127337][T19051]  netlink_rcv_skb+0x208/0x470
[  395.127354][T19051]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  395.127362][T19051]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  395.127380][T19051]  ? lock_release+0x4b/0x3e0
[  395.127397][T19051]  ? netlink_deliver_tap+0x2e/0x1b0
[  395.127413][T19051]  xfrm_netlink_rcv+0x79/0x90
[  395.127426][T19051]  netlink_unicast+0x82f/0x9e0
[  395.127443][T19051]  ? __pfx_netlink_unicast+0x10/0x10
[  395.127458][T19051]  ? netlink_sendmsg+0x642/0xb30
[  395.127470][T19051]  ? skb_put+0x11b/0x210
[  395.127479][T19051]  netlink_sendmsg+0x805/0xb30
[  395.127498][T19051]  ? __pfx_netlink_sendmsg+0x10/0x10
[  395.127514][T19051]  ? futex_unqueue+0x22/0x240
[  395.127526][T19051]  ? aa_sock_msg_perm+0xf1/0x1d0
[  395.127538][T19051]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  395.127550][T19051]  ? __pfx_netlink_sendmsg+0x10/0x10
[  395.127562][T19051]  __sock_sendmsg+0x21c/0x270
[  395.127576][T19051]  ____sys_sendmsg+0x505/0x830
[  395.127589][T19051]  ? __pfx_____sys_sendmsg+0x10/0x10
[  395.127603][T19051]  ? import_iovec+0x74/0xa0
[  395.127617][T19051]  ___sys_sendmsg+0x21f/0x2a0
[  395.127629][T19051]  ? __pfx____sys_sendmsg+0x10/0x10
[  395.127642][T19051]  ? futex_wait+0x285/0x360
[  395.127664][T19051]  ? __fget_files+0x2a/0x420
[  395.127680][T19051]  ? __fget_files+0x3a0/0x420
[  395.127694][T19051]  __x64_sys_sendmsg+0x19b/0x260
[  395.127705][T19051]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  395.127720][T19051]  ? rcu_is_watching+0x15/0xb0
[  395.127732][T19051]  ? rcu_is_watching+0x15/0xb0
[  395.127744][T19051]  do_syscall_64+0xfa/0x3b0
[  395.127760][T19051]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  395.127771][T19051]  ? exc_page_fault+0x9f/0xf0
[  395.127781][T19051]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  395.127793][T19051] RIP: 0033:0x7f7d4ad8ebe9
[  395.127805][T19051] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  395.127816][T19051] RSP: 002b:00007f7d4bb48038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  395.127830][T19051] RAX: ffffffffffffffda RBX: 00007f7d4afb5fa0 RCX: 00007f7d4ad8ebe9
[  395.127838][T19051] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  395.127846][T19051] RBP: 00007f7d4ae11e19 R08: 0000000000000000 R09: 0000000000000000
[  395.127883][T19051] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  395.127891][T19051] R13: 00007f7d4afb6038 R14: 00007f7d4afb5fa0 R15: 00007ffdff839028
[  395.127904][T19051]  </TASK>
[  395.127907][T19051] 
[  395.271735][T19051] Allocated by task 17728:
[  395.273588][T19051]  kasan_save_track+0x3e/0x80
[  395.275495][T19051]  __kasan_slab_alloc+0x6c/0x80
[  395.277323][T19051]  kmem_cache_alloc_noprof+0x1c1/0x3c0
[  395.279425][T19051]  xfrm_state_alloc+0x24/0x2f0
[  395.281217][T19051]  __find_acq_core+0x8a7/0x1c00
[  395.282928][T19051]  xfrm_find_acq+0x78/0xa0
[  395.284676][T19051]  xfrm_alloc_userspi+0x6b3/0xc90
[  395.286474][T19051]  xfrm_user_rcv_msg+0x7a3/0xab0
[  395.288150][T19051]  netlink_rcv_skb+0x208/0x470
[  395.290140][T19051]  xfrm_netlink_rcv+0x79/0x90
[  395.292011][T19051]  netlink_unicast+0x82f/0x9e0
[  395.293730][T19051]  netlink_sendmsg+0x805/0xb30
[  395.295559][T19051]  __sock_sendmsg+0x21c/0x270
[  395.297304][T19051]  ____sys_sendmsg+0x505/0x830
[  395.298845][T19051]  ___sys_sendmsg+0x21f/0x2a0
[  395.300301][T19051]  __x64_sys_sendmsg+0x19b/0x260
[  395.301987][T19051]  do_syscall_64+0xfa/0x3b0
[  395.303557][T19051]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  395.305568][T19051] 
[  395.306436][T19051] Freed by task 5887:
[  395.307888][T19051]  kasan_save_track+0x3e/0x80
[  395.309907][T19051]  kasan_save_free_info+0x46/0x50
[  395.311936][T19051]  __kasan_slab_free+0x5b/0x80
[  395.313954][T19051]  kmem_cache_free+0x18f/0x400
[  395.315844][T19051]  xfrm_state_gc_task+0x52d/0x6b0
[  395.317743][T19051]  process_scheduled_works+0xae1/0x17b0
[  395.319635][T19051]  worker_thread+0x8a0/0xda0
[  395.321409][T19051]  kthread+0x711/0x8a0
[  395.322875][T19051]  ret_from_fork+0x3fc/0x770
[  395.324602][T19051]  ret_from_fork_asm+0x1a/0x30
[  395.326493][T19051] 
[  395.327470][T19051] The buggy address belongs to the object at ffff88803c4d6d00
[  395.327470][T19051]  which belongs to the cache xfrm_state of size 928
[  395.332428][T19051] The buggy address is located 322 bytes inside of
[  395.332428][T19051]  freed 928-byte region [ffff88803c4d6d00, ffff88803c4d70a0)
[  395.337319][T19051] 
[  395.338169][T19051] The buggy address belongs to the physical page:
[  395.340440][T19051] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88803c4d6d00 pfn:0x3c4d4
[  395.344088][T19051] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  395.346955][T19051] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  395.349529][T19051] page_type: f5(slab)
[  395.350915][T19051] raw: 00fff00000000040 ffff88801d77d280 dead000000000122 0000000000000000
[  395.354118][T19051] raw: ffff88803c4d6d00 00000000800e0006 00000000f5000000 0000000000000000
[  395.357595][T19051] head: 00fff00000000040 ffff88801d77d280 dead000000000122 0000000000000000
[  395.360768][T19051] head: ffff88803c4d6d00 00000000800e0006 00000000f5000000 0000000000000000
[  395.363957][T19051] head: 00fff00000000002 ffffea0000f13501 00000000ffffffff 00000000ffffffff
[  395.367336][T19051] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004
[  395.370485][T19051] page dumped because: kasan: bad access detected
[  395.373093][T19051] page_owner tracks the page as allocated
[  395.375365][T19051] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 7038, tgid 7036 (syz.0.437), ts 76388114965, free_ts 76287675951
[  395.382729][T19051]  post_alloc_hook+0x240/0x2a0
[  395.384555][T19051]  get_page_from_freelist+0x21e4/0x22c0
[  395.386453][T19051]  __alloc_frozen_pages_noprof+0x181/0x370
[  395.388394][T19051]  alloc_pages_mpol+0x232/0x4a0
[  395.390079][T19051]  allocate_slab+0x8a/0x370
[  395.391689][T19051]  ___slab_alloc+0xbeb/0x1410
[  395.393592][T19051]  kmem_cache_alloc_noprof+0x283/0x3c0
[  395.395533][T19051]  xfrm_state_alloc+0x24/0x2f0
[  395.397629][T19051]  pfkey_add+0x6e4/0x2e00
[  395.399443][T19051]  pfkey_sendmsg+0xbfe/0x1090
[  395.401341][T19051]  __sock_sendmsg+0x21c/0x270
[  395.403125][T19051]  ____sys_sendmsg+0x505/0x830
[  395.404765][T19051]  ___sys_sendmsg+0x21f/0x2a0
[  395.406366][T19051]  __x64_sys_sendmsg+0x19b/0x260
[  395.408201][T19051]  do_syscall_64+0xfa/0x3b0
[  395.409899][T19051]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  395.411953][T19051] page last free pid 7030 tgid 7029 stack trace:
[  395.414622][T19051]  __free_frozen_pages+0xbc4/0xd30
[  395.416786][T19051]  free_large_kmalloc+0x13a/0x1f0
[  395.418812][T19051]  vhost_dev_cleanup+0x35d/0x9e0
[  395.420817][T19051]  vhost_vsock_dev_release+0x377/0x3f0
[  395.422783][T19051]  __fput+0x44c/0xa70
[  395.424400][T19051]  task_work_run+0x1d4/0x260
[  395.426158][T19051]  exit_to_user_mode_loop+0xec/0x110
[  395.428456][T19051]  do_syscall_64+0x2bd/0x3b0
[  395.430522][T19051]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  395.433003][T19051] 
[  395.434190][T19051] Memory state around the buggy address:
[  395.436638][T19051]  ffff88803c4d6d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  395.439670][T19051]  ffff88803c4d6d80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  395.442417][T19051] >ffff88803c4d6e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  395.445324][T19051]                                            ^
[  395.447440][T19051]  ffff88803c4d6e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  395.450741][T19051]  ffff88803c4d6f00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  395.454003][T19051] ==================================================================
[  395.457329][T19051] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  395.460272][T19051] CPU: 1 UID: 0 PID: 19051 Comm: syz.7.4955 Not tainted syzkaller #0 PREEMPT(full) 
[  395.463635][T19051] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.2-debian-1.16.2-1 04/01/2014
[  395.467224][T19051] Call Trace:
[  395.468494][T19051]  <TASK>
[  395.469706][T19051]  dump_stack_lvl+0x99/0x250
[  395.471469][T19051]  ? __asan_memcpy+0x40/0x70
[  395.473256][T19051]  ? __pfx_dump_stack_lvl+0x10/0x10
[  395.475326][T19051]  ? __pfx__printk+0x10/0x10
[  395.477367][T19051]  vpanic+0x281/0x750
[  395.478984][T19051]  ? __pfx_vpanic+0x10/0x10
[  395.480599][T19051]  ? rcu_is_watching+0x15/0xb0
[  395.482311][T19051]  panic+0xb9/0xc0
[  395.483693][T19051]  ? __pfx_panic+0x10/0x10
[  395.485076][T19051]  ? _raw_spin_unlock_irqrestore+0xa8/0x110
[  395.486957][T19051]  ? _raw_spin_unlock_irqrestore+0xad/0x110
[  395.488867][T19051]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  395.490591][T19051]  check_panic_on_warn+0x89/0xb0
[  395.492312][T19051]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  395.494317][T19051]  end_report+0x78/0x160
[  395.495881][T19051]  kasan_report+0x129/0x150
[  395.497627][T19051]  ? __xfrm_state_lookup+0x6ad/0x8d0
[  395.499759][T19051]  __xfrm_state_lookup+0x6ad/0x8d0
[  395.501644][T19051]  ? __pfx___xfrm_state_lookup+0x10/0x10
[  395.503929][T19051]  xfrm_state_add+0x27d/0xc40
[  395.505543][T19051]  xfrm_add_sa+0x35a1/0x4070
[  395.507101][T19051]  ? __pfx_xfrm_add_sa+0x10/0x10
[  395.509019][T19051]  ? apparmor_capable+0x137/0x1b0
[  395.510961][T19051]  ? __nla_parse+0x40/0x60
[  395.512567][T19051]  xfrm_user_rcv_msg+0x7a3/0xab0
[  395.514396][T19051]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  395.516469][T19051]  ? __pfx___mutex_trylock_common+0x10/0x10
[  395.518747][T19051]  ? rcu_is_watching+0x15/0xb0
[  395.520716][T19051]  ? trace_contention_end+0x39/0x120
[  395.522743][T19051]  ? __mutex_lock+0x335/0x1350
[  395.524565][T19051]  netlink_rcv_skb+0x208/0x470
[  395.526481][T19051]  ? __pfx_xfrm_user_rcv_msg+0x10/0x10
[  395.528449][T19051]  ? __pfx_netlink_rcv_skb+0x10/0x10
[  395.530323][T19051]  ? lock_release+0x4b/0x3e0
[  395.531919][T19051]  ? netlink_deliver_tap+0x2e/0x1b0
[  395.533694][T19051]  xfrm_netlink_rcv+0x79/0x90
[  395.535303][T19051]  netlink_unicast+0x82f/0x9e0
[  395.536920][T19051]  ? __pfx_netlink_unicast+0x10/0x10
[  395.538732][T19051]  ? netlink_sendmsg+0x642/0xb30
[  395.540462][T19051]  ? skb_put+0x11b/0x210
[  395.542117][T19051]  netlink_sendmsg+0x805/0xb30
[  395.543697][T19051]  ? __pfx_netlink_sendmsg+0x10/0x10
[  395.545436][T19051]  ? futex_unqueue+0x22/0x240
[  395.546939][T19051]  ? aa_sock_msg_perm+0xf1/0x1d0
[  395.548574][T19051]  ? bpf_lsm_socket_sendmsg+0x9/0x20
[  395.550299][T19051]  ? __pfx_netlink_sendmsg+0x10/0x10
[  395.552124][T19051]  __sock_sendmsg+0x21c/0x270
[  395.553871][T19051]  ____sys_sendmsg+0x505/0x830
[  395.555352][T19051]  ? __pfx_____sys_sendmsg+0x10/0x10
[  395.557141][T19051]  ? import_iovec+0x74/0xa0
[  395.558639][T19051]  ___sys_sendmsg+0x21f/0x2a0
[  395.560117][T19051]  ? __pfx____sys_sendmsg+0x10/0x10
[  395.561945][T19051]  ? futex_wait+0x285/0x360
[  395.563520][T19051]  ? __fget_files+0x2a/0x420
[  395.565244][T19051]  ? __fget_files+0x3a0/0x420
[  395.567046][T19051]  __x64_sys_sendmsg+0x19b/0x260
[  395.568892][T19051]  ? __pfx___x64_sys_sendmsg+0x10/0x10
[  395.570770][T19051]  ? rcu_is_watching+0x15/0xb0
[  395.572534][T19051]  ? rcu_is_watching+0x15/0xb0
[  395.574277][T19051]  do_syscall_64+0xfa/0x3b0
[  395.576311][T19051]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  395.578982][T19051]  ? exc_page_fault+0x9f/0xf0
[  395.580952][T19051]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  395.583329][T19051] RIP: 0033:0x7f7d4ad8ebe9
[  395.584920][T19051] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  395.591521][T19051] RSP: 002b:00007f7d4bb48038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  395.594451][T19051] RAX: ffffffffffffffda RBX: 00007f7d4afb5fa0 RCX: 00007f7d4ad8ebe9
[  395.597298][T19051] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003
[  395.600533][T19051] RBP: 00007f7d4ae11e19 R08: 0000000000000000 R09: 0000000000000000
[  395.603738][T19051] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  395.606966][T19051] R13: 00007f7d4afb6038 R14: 00007f7d4afb5fa0 R15: 00007ffdff839028
[  395.610282][T19051]  </TASK>
[  395.612360][T19051] Kernel Offset: disabled
[  395.614149][T19051] Rebooting in 86400 seconds..

VM DIAGNOSIS:
13:26:00  Registers:
info registers vcpu 0

CPU#0
RAX=ffffffff82005c62 RBX=0000000000000000 RCX=ffff888040079cc0 RDX=0000000000000002
RSI=0000000000000000 RDI=0000000000000000 RBP=ffffc900029cf870 RSP=ffffc900029cf738
R8 =ffffea0000d2fd07 R9 =1ffffd40001a5fa0 R10=dffffc0000000000 R11=fffff940001a5fa1
R12=1ffff92000539ef4 R13=dffffc0000000000 R14=000000000000074d R15=ffffea0000d2fd00
RIP=ffffffff81bfab67 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f45f35b26c0 ffffffff 00c00000
GS =0000 ffff8880b861b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe0000003000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000001000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=0000200000000000 CR3=000000003d8be000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=7acbc738c5000000 00a2b90d14aa4785
XMM02=0000000000000000 0000000000000000 XMM03=0000000000000000 0000000000000000
XMM04=00007f7d4baed100 00007f7d4af87460 XMM05=00007f7d4af87478 00007f7d4af874c0
XMM06=00007f7d4af874b8 00007f7d4af874b0 XMM07=00007f7d4af874a8 00007f7d4af874a0
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007f7d4ae12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
info registers vcpu 1

CPU#1
RAX=0000000000000032 RBX=0000000000000032 RCX=0000000000000000 RDX=00000000000003f8
RSI=0000000000001d61 RDI=0000000000001d62 RBP=00000000000003f8 RSP=ffffc90003cc69d0
R8 =ffff888106da0237 R9 =1ffff11020db4046 R10=dffffc0000000000 R11=ffffffff854f1c80
R12=dffffc0000000000 R13=ffffffff99afa8c9 R14=ffffffff99def3e0 R15=0000000000000000
RIP=ffffffff854f1cfc RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0
ES =0000 0000000000000000 ffffffff 00c00000
CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA]
SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS   [-WA]
DS =0000 0000000000000000 ffffffff 00c00000
FS =0000 00007f7d4bb486c0 ffffffff 00c00000
GS =0000 ffff8881a3c1b000 ffffffff 00c00000
LDT=0000 0000000000000000 ffffffff 00c00000
TR =0040 fffffe000004a000 00004087 00008b00 DPL=0 TSS64-busy
GDT=     fffffe0000048000 0000007f
IDT=     fffffe0000000000 00000fff
CR0=80050033 CR2=00007f7d4bb47fc8 CR3=00000001176a4000 CR4=000006f0
DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 
DR6=00000000ffff0ff0 DR7=0000000000000400
EFER=0000000000000d01
FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80
FPR0=0000000000000000 0000 FPR1=0000000000000000 0000
FPR2=0000000000000000 0000 FPR3=0000000000000000 0000
FPR4=0000000000000000 0000 FPR5=0000000000000000 0000
FPR6=0000000000000000 0000 FPR7=0000000000000000 0000
XMM00=0000000000000000 0000000000000000 XMM01=0000000000000000 0000000000000000
XMM02=00007f7d4af87498 00007f7d4af87470 XMM03=00007f7d4af874a8 00007f7d4af874a0
XMM04=00007f7d4baed100 00007f7d4af87460 XMM05=00007f7d4af87478 00007f7d4af874c0
XMM06=00007f7d4af874b8 00007f7d4af874b0 XMM07=00007f7d4af874a8 00007f7d4af874a0
XMM08=6161616161616161 6161616161616161 XMM09=0000000000000000 00007f7d4ae12fc5
XMM10=0000000000000000 0000000000000000 XMM11=0000000000000000 0000000000000000
XMM12=0000000000000000 0000000000000000 XMM13=0000000000000000 0000000000000000
XMM14=0000000000000000 0000000000000000 XMM15=0000000000000000 0000000000000000
