last executing test programs:

6m12.746905005s ago: executing program 32 (id=245):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x1, @dev={0xac, 0x14, 0x14, 0x23}}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f00000000c0)=0x1, 0x4)
sendto$inet(r0, 0x0, 0x0, 0x4048002, &(0x7f0000000180)={0x2, 0x4e24, @multicast2}, 0x10)
sendto$inet(r0, 0x0, 0x43, 0x4004084, 0x0, 0x0)

3m14.158891745s ago: executing program 33 (id=1505):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r1 = openat$cgroup_devices(r0, &(0x7f0000000000)='devices.deny\x00', 0x2, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cpuset.memory_pressure\x00', 0x26e1, 0x0)
write$cgroup_devices(0xffffffffffffffff, &(0x7f0000000140)=ANY=[@ANYBLOB='c 75:*\tm\n'], 0xa)
write$cgroup_devices(r1, &(0x7f0000000140)=ANY=[@ANYBLOB="62a02a3a34096d"], 0xa)

3m10.265255322s ago: executing program 34 (id=1522):
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$SMC_PNETID_GET(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0)
getsockname$packet(r1, &(0x7f0000000180)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="640000001000370403000000ffffffff00000000", @ANYRES32=r2, @ANYBLOB="0b1b050000000000440012800b00010069703667726500003400028008000100", @ANYRES32, @ANYBLOB="14000600fe8000000000000000000000000000aa1400070000000000000000000000000000bb"], 0x64}, 0x1, 0x0, 0x0, 0x48810}, 0x4000010)
sendmmsg$inet(r0, &(0x7f0000000440)=[{{&(0x7f0000000000)={0x2, 0x4e24, @multicast2}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000600)="e75ed380043ba3ddd4e755b6d98e02222e3e2bc8d3b90033ee4129c392206954de9e5d44e3d871fff667eb0bd6a89614fef702435dc8e604f09ad67eefaf491921f72abeae9c77a7cd11634930c3947024509aeb4a15ef30c738de41c6f56ea16cf246108101bc2b24e399d5a9d2fbe8e4fe7d49d47f5da44ed26f2db8799944d9c41dc3dcad8968f42b82c857edda1d4633220153bcf00262f892438f87de13791ff1ad040576c38f8855af54a4f53696bce02b7ea708c5359bce5665fe70251ba458029cc6f4672edc0728389059f33bee3901943551be28f538e4791f2f5a086e3177f60921cad13e90c60175a8f41b5ba8b458a6aa902f6477a8907b29eba0763f0b91f4fd3c97bc7b18371b5a826025d36cbd9f6b53ddbf9e1e65890bee9b9e4ef780e4d420a0d7d9314343315a65a1ca7eeb509b5f51ad282f15757475b1fca46695d12d16888d60c96137410836f7b61b2a44d8bfe860dde804748489a7b3f68de657e8298ded7ab0e6ec127fe3fd87d23ef0aedf033f2dd718963d030e2f1d2d2c2b6268e797e8edec6d179efc77117f558d04d2efbbdfa415ed2c4e58ff5dc97aa27a55645bc711a05dd81e89441758be36638bc1a66c6b6c22acd6acaacb8147b60cabbadc47b76684d2e167abbe9ab0176417c7def86677f3d0f626ee76a8c0aec544f679e8fd9579843f2e722efa0cb15f4cd7a4b2bbb0932c78038abed85ae160afddae23e997d271b36f730172fbd4912802e7bfe36b48ea5fc6b90c7b8995be3d3504eaa7e1b688c32a426ac80ac9bd48843de36c9848b08a45573a1be284ba8721e8f0082e463cf5230419776fee6713f6cc2e188e941329670a78ba56cd21aca73e16b6770696b2c8d27bca47e68bd66bb7b00dd05040f11e41426aaab0f0a547ee4b047faeab3bfb11727af512305202bd15d89c368739962636c01ccd34d2e353040f67aa5d509ff3eba7de6ad2428d439d8d060efe4510cf5498597a62886f5a7b163d670b91d529f3a001a45a5b7d2909003000c8aba5846e9b48397f584249a64f545211172948efca65b0b0273d89bd7885738dfe5e202033008274efd42d530760a6c9c234e3b53d7f63a6964aac0489e807f88d58c7769e38ef3cbf050910f774c53c264dffbba1b0da53e6336de963c7111190315bb960d22b938e871404e4e1403ccbe6ee0b93c18d14eaec999180835832dc6c620faa6c6c2bfed071e56633e816744e3a76355ac221ff6c455d7b4082f4315116c9fcaf1b072bae44e9f45002aba593e8bf2eba460f41526f1e6179f4235c389f77084c2329b8e06387760fde3ebd304d426004f48d1d32c13b0983ec3404039680d2ffc693603008f3847a198ee24297a29389075a65c79c3293ad7a6b1ac1f25720cb630d42f26616f66d489ec423b604c4284c0b6f1322eebb3d80a0691687116a6ce0061483049a5ed55e9116437678de6a640e36954198c02a0d7d766c0065fcf38c0e607292646b0dbae85f38176126b69c06039dfd7087ea44bc6214c4a87b4f751f4a601c6b7edd4b5040036056c61131786b3239d0b5780eb94055a5c66574223cf29810822853f50ba1506dd40b7ffd942de68f5551ae1d47dc2e5ab5ffca18ff560356ec3f32c8451f73bbdfd3c56c648b6991b1813c018cf0fccd03a2b274ce312943774da7b5e946615116e6f7b3371f850f7b160a2307a6c8a807982d26a1345b4877b20f199ffcd77f61c8b98a9dfe18e115c4d4ba0aac2385024d4379aca15413a0b24258b6662b346d4d33fcb61000083eb32cf58135eb597620915d1eefc2183255669bd03f5d022ff0d43e2394582092a06cd4a3a2e6980ed259cced7d911057d528359e529f60a066a14ee78c8a7c92956bd5668ee4a7b2aa6036f4494c444dc4dafc5ce5ab048e0e2cff9d5cd31d94f0f16a49af612394574886214c998640305b42d0ed240be246c91ab8879f9d996b304b826468c70c0cfbbbbd9a", 0x588}], 0x1, &(0x7f0000000200)=[@ip_retopts={{0x14, 0x0, 0x7, {[@timestamp_prespec={0x44, 0x4, 0xad, 0x3, 0xb}]}}}, @ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @empty, @initdev={0xac, 0x1e, 0x0, 0x0}}}}], 0x38}}], 0x1, 0xc0)

2m35.740436733s ago: executing program 6 (id=1680):
r0 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r0, &(0x7f0000002c80)={0xa, 0x14e24}, 0x1c)
connect$inet6(r0, &(0x7f00000002c0)={0xa, 0x4e24}, 0x1c)
recvmmsg(r0, &(0x7f0000000440)=[{{0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000040)=""/47, 0x2f}, {&(0x7f0000001e40)=""/91, 0x5b}], 0x2}, 0x2}], 0x1, 0x100, 0x0)
sendmmsg$inet6(r0, &(0x7f0000000780)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000000)='3', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000240)=[{&(0x7f00000004c0)="b458b09a7bc6afad62c3f97125bc54bad5b9f64492fb3237f80678f40515a15a9bc7f8f9c9244e7fe0c328f6457f6d457effb6e3090a2f0e0a47d7c95dddc94d4d0ca124", 0x44}], 0x1}}], 0x2, 0x20e8086)
sendmmsg(r0, &(0x7f00000092c0), 0x4ff, 0x0)

2m35.187244158s ago: executing program 6 (id=1683):
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={0x0, 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0)
sendmmsg$inet(0xffffffffffffffff, &(0x7f0000000440)=[{{0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000800)="21ae1baf930b4569b9ddef9797ffd935c7d80e6466b3e4e62dc9603583f5d4b61fbc65b6ac744d7319535e75bf552062e4cfde1ba7ce29263322e18ea9740aa82ca692f123993e57cda00d2b1f4e799bd41e3f76258180fa91a42aaa8b1ebc4e0ea8fb12f2c71e6e5bc57a8e91f254005514721d93c13c5606ae1fea7f31f558d562bd5a8dfb0b9fed873efa221fccffa847cd374c92e6cbb03e6a9de890ce323f000000abcc6c01326d588495b7c1a7db31ec4129e6336f26bb9e0b7552af3cd2d5dda1632799bbc98425c433384d8a8e4071ff39a36dfdfdf05af35a4ddd340cfecd7ec935f4ce7d3e851583ba1cf53a90a7f7bce5703de57ce93ddef7849b30a01de0637e6d5e507b801d32e582e0c2d564539ebfc84c098a23e765552767b122885fb1629e9c180be47da7931bd125b80de15aab0c56a2edf2e0483b87f5ab299dc046076203dea10ccbfc631d5b", 0x150}, {&(0x7f0000000bc0)="ab29d92826349952eb8f7a2a74f535bc9739c1df57144c51a3391625b8b5354134b06ef1355506aeae96e3f097503998f375a054cf3d7de4fe53ea51518955349cdbadca60e1c65cc18dbe99369be03e492fb55fc9067bb6f7f7c3ee1720000000054a63ac58225ed0502f5ac8999e0c74a5dbb320bd54ec813e8bee6bfa5cbfb0726ac1b6ad97d802d5fae186f0769421fb965c7396854e2a3ac844a3769f8449901ba5e2b2da1ff6119aeb26ac204cfc6b54be73b6f195491ae2c0cb26b0cba61dae7a17740e8112ff188919c6e2e31a2a074863edba4a0e58b61faec4a42c29d7f9e48a43b8cb7d3c5a1e5aa67f87538140f8d633a54bceb8b1dda2397ea147d3b26e903f608b6ab1844ea7cf630d828118bba0f0f85e2e6316ae1ed9a2a7d08a05c170cb76bf111930df0cf760f7768571afdefe82a95296cee7c010f748a97046efcc774e7d85edbd5058104fef4942fb4430da89f67d1fea33bf2acfb793a610b3738b393eed8633fc8e8f630932206960e9076c7d7fc99fce018701c50d39b811a7427a7a9fcb340c2755541f228462010ec40ba945a0febd460dad5d548f", 0x1a2}], 0x2, 0x0, 0x0, 0x900}}], 0x1, 0x0)
r0 = socket(0x10, 0x803, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000440)={0x0, 0x5c}}, 0x4000000)
sendto(r0, &(0x7f00000000c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0)
recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x14c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x188}, {&(0x7f00000007c0)=""/154, 0x8}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x0, &(0x7f0000003700)={0x77359400})

2m34.979291324s ago: executing program 6 (id=1684):
r0 = epoll_create1(0x0)
r1 = socket$unix(0x1, 0x1, 0x0)
close(r1)
socket(0x23, 0x80805, 0x0)
setsockopt$sock_int(r1, 0x1, 0x2e, &(0x7f0000000040)=0x80, 0x4)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000100)={0x40000000})

2m34.711271041s ago: executing program 6 (id=1685):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x214802, &(0x7f0000000440)={[{@nojournal_checksum}, {@nombcache}, {@barrier}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@nomblk_io_submit}, {@nodelalloc}, {@usrquota}, {@noauto_da_alloc}, {@journal_dev={'journal_dev', 0x3d, 0x2}}, {@init_itable}]}, 0xff, 0x551, &(0x7f0000000cc0)="$eJzs3d9vU1UcAPDv7Tp+KyMhJPpgFnkQg3Rs8wcmPuCjUSKJvmOzXRaylpK1I2ySCA/y4oshJsZIYvwDfPeR+A/4V5AoCTFk0Qdfam53ywprt9EVNuznk9xyzj23nHt67vdwbs8lDWBojWcvhYhXIuLbJOJwR1kx8sLx1eNWHl6fybYkms3P/koiyfe1j0/yPw+2M8WI376OOFl4rMqx7KW+tDxfrlTShXznRKN6ZaK+tHzqUrU8l86ll6emp8+8Mz31/nvvDqytb57/54dP73505pvjK9//cv/I7STOxqG8rLMd23CjMzMe4/lnMhpnnzhwcgCV7SbJTp8AfRnJ43w0sjHgcIzkUQ/8/30VEU1gSCXiH4ZUex7Qvrcf0H3wC+PBh6s3QOvbX1z9biT2te6NDqwkj90ZJe0vMrYpq+PXP+/czrYY3PcQAJu6cTMiTheL68e/JB//+nd6C8c8WYfxD56fu9n8561u85/Co/lPdJn/HOwSu/3YPP4L9wdQTU/Z/O+DrvPffNFqLMZG8txLrexocvFSJc3Gtpcj4kSM7s3yG63nnFm51+xV1jn/y7as/vZcMD+P+8W9j79nttwob6/Vax7cjHi16/w3edT/SZf+zz6P81us41h657VeZZu3/9lq/hzxRtf+X1vRSjZen5xoXQ8T7ativb9vHfu9V/073f6s/w9s3P6xpHO9tv70dfy079+0V1m/1/+e5PNWek++71q50ViYjNiTfLJ+/9Tae9v59vFZ+08c33j863b974+IL7bY/ltHb/U8dFv9P4BF16z9s0/V/0+fuPfxlz/23/6s/99upU7ke7Yy/m31BLfz2QEAAAAAAMBuU4iIQ5EUSo/ShUKptPp8x9E4UKjU6o2TF2uvR6us9fxDob3SfbjjeYjJ/HnYdn7qifx0RByJiO9G9rfypZlaZXanGw8AAAAAAAAAAAAAAAAAAAC7xMEe//8/88fITp8d8Mz5yW8YXpvG/yB+6QnYlfz7D8NL/MPwEv8wvMQ/DC/xD8NL/MPwEv8wvMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAADNT5c+eyrbny8PpMlp+9urQ4X7t6ajatz5eqizOlmdrCldJcrTZXSUsztepmf1+lVrsyORWL1yYaab0xUV9avlCtLV5uXLhULc+lF9LR59IqAAAAAAAAAAAAAAAAAAAAeLHUl5bny5VKuiAh0VeiuDtOQ2LAiZ0emQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgzX8BAAD//7VBN58=")
open(&(0x7f0000000040)='./bus\x00', 0x400141042, 0x2a)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x8000, 0xa0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x14, 0xd, "ef359f413bb9386ff7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e7376b7a5ff537ed73ac58818d78c660e677df8dc905b90242b7c528a076d2f6a00400", "036c5bc6780820d1cbf7966d61fdcf335263bd9b0abdc2542ded71038259ca171ce1a311ef545032d71e14ef3dc177e9b48b001d00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x8]})
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x103042, 0x0)

2m34.235377794s ago: executing program 5 (id=1689):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mount(0x0, &(0x7f0000000d40)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x40, 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x2a05004, 0x0)
pivot_root(&(0x7f0000000400)='./file0/../file0\x00', &(0x7f0000000340)='./file0/../file0/../file0\x00')

2m34.078717798s ago: executing program 6 (id=1690):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r0, &(0x7f0000000300)="00f0e105e23d6dd552f94e8582e028e4c2226bf4f4fae343f8be47bb", 0x1c, 0x2002c144, &(0x7f00000001c0)={0xa, 0x2, 0x0, @loopback, 0xd}, 0x1c)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='bic', 0x3)
shutdown(r0, 0x1)

2m34.053194569s ago: executing program 5 (id=1691):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_WIPHY(r2, &(0x7f0000000580)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={0x24, r1, 0x20, 0x70bd28, 0x80000000, {}, [@NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8, 0x61, 0xc00000}, @NL80211_ATTR_TXQ_QUANTUM={0x8}]}, 0x24}, 0x1, 0x0, 0x0, 0x40086}, 0x0)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000200)={0x0, 0xffffffffffffff8c, &(0x7f0000000b00)={&(0x7f0000000040)={0x28, r1, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r3}, @void}}}, 0x28}}, 0x0)

2m33.507237684s ago: executing program 6 (id=1693):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15)
socket$xdp(0x2c, 0x3, 0x0)
creat(0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x6, 0x40, 0x40, 0x41}, 0x48)
bpf$MAP_LOOKUP_ELEM(0x4, &(0x7f0000000b80)={r0, &(0x7f00000014c0), 0x0}, 0x20)

2m33.507052314s ago: executing program 5 (id=1694):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r0 = syz_clone(0x100011, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4(r0, 0x0, 0x0, &(0x7f0000001140))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2)
unshare(0x6e020100)

2m32.875505511s ago: executing program 35 (id=1694):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
r0 = syz_clone(0x100011, 0x0, 0x0, 0x0, 0x0, 0x0)
wait4(r0, 0x0, 0x0, &(0x7f0000001140))
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19)
mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x4, 0x0, 0x0, 0x2)
unshare(0x6e020100)

2m32.797200443s ago: executing program 36 (id=1693):
mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x15)
socket$xdp(0x2c, 0x3, 0x0)
creat(0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x6, 0x40, 0x40, 0x41}, 0x48)
bpf$MAP_LOOKUP_ELEM(0x4, &(0x7f0000000b80)={r0, &(0x7f00000014c0), 0x0}, 0x20)

2m27.629139234s ago: executing program 4 (id=1717):
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'team_slave_0\x00', 0x4000})
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x80d4}, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f000000c000/0x3000)=nil, &(0x7f000000d000/0x1000)=nil, 0x3000, 0x3})

2m27.471889908s ago: executing program 4 (id=1719):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000080)={@remote}, 0x14)
setsockopt$inet6_mreq(r0, 0x29, 0x1b, &(0x7f0000000200)={@dev}, 0x14)
r1 = socket(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', <r2=>0x0})
setsockopt$inet6_mreq(r0, 0x29, 0x1c, &(0x7f00000003c0)={@remote, r2}, 0x14)

2m26.867250205s ago: executing program 4 (id=1721):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="19000000040000000400000002"], 0x48)
close(r0)
bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000001000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000f4751f2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000005000000b70300000000ff808500000004"], &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000380)={r1}, 0xc)

2m26.745715778s ago: executing program 4 (id=1723):
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x4000, &(0x7f00000002c0)={[{@test_dummy_encryption}, {@nombcache}, {@noblock_validity}, {@commit={'commit', 0x3d, 0x5}}, {@inlinecrypt}, {@max_batch_time}, {@barrier_val={'barrier', 0x3d, 0xffffffff}}, {@auto_da_alloc}, {@lazytime}, {@dax_inode}, {@block_validity}]}, 0xd, 0x5ef, &(0x7f0000001200)="$eJzs3c9vFdUeAPDv3P6gpbzXQl7ee7iQJsZAorS0gCHGBWwNafBH3Lix0oJIgYbWaNGEkuDGxLgxxsSVC/G/UCJbVrpy4caVISFiWJJ4zdzOlP6Y29JLe6fpfD7J5c6cc6fnDLffnjPnnjM3gMoaTP+pReyPiOkkoj+ZX8zrjCxzcOF1D//65Gz6SKJef+PPJJIsLX99kj33ZQf3RMTPPyWxr2N1uTNz1y6OT01NXs32h2cvTQ/PzF07fOHS+PnJ85OXR18aPXH82PETI0daOq/rBWmnb77/Yf9nY29/982jZOT738aSOBmvZi9ceh6bZTAGG/8nyeqsvhObXVhJOrLfk6VvcdJZYoXYkPz964qI/0V/dMTjN68/Pn2t1MoBW6qeRNRzj+pApSRRdg2AcuT9gPzafuV1cK2UXgnQDvdPLQwArI7/zoWxwehpjA3sfpjE0mGdJCJaG5lbbk9E3L0zdvPcnbGbsUXjcECx+RsR8f+i+E8a8T8QPTHQiP/asvhP+wVnsuc0/fUWy185VCz+oX0W4r9nzfiPJvH/zpL4f7fF8gcfb77Xuyz+e1s9JQAAAAAAAKis26ci4sWiz/9ri/N/omD+T19EnNyE8gdX7K/+/L92bxOKAQrcPxXxSuH831o++3egI9v6V2M+QFdy7sLU5JGI+HdEHIquXen+yBplHP5839fN8gaz+X/5Iy3/bjYXMKvHvc5dy4+ZGJ8df9rzBiLu34h4pnD+b7LY/icF7X/692D6CcvY9/ytM83y1o9/YKvUv404WNj+P75rRbL2/TmGG/2B4bxXsNqzH3/xQ7PyW41/t5iAp5e2/7vXjv+BZOn9emY2XsbRuc56s7xW+//dyZuNW850Z2kfjc/OXh2J6E5Od6Spy9JHN15n2InyeMjjJY3/Q8+tPf5X1P/vjYj5FT87ebB8TXHuv3/3/d6sPvr/UJ40/ic21P5vfGP01sCPzcp/svb/WKOtP5SlGP+DBV/lYdq9PL0gHDuLstpdXwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYCWoRsSeS2tDidq02NBTRFxH/id21qSszsy+cu/LB5Yk0r/H9/7X8m377F/aT/Pv/B5bsj67YPxoReyPiy47exv7Q2StTE2WfPAAAAAAAAAAAAAAAAAAAAGwTfU3W/6f+6Ci7dsCW6yy7AkBpCuL/l4WnB31trwzQVtp/qC7xD9Ul/qG6xD9Ul/iH6hL/UF3iH6pL/AMAAAAAwI6y98DtX5OImH+5t/FIdWd5XaXWDNhqtbIrAJTGLX6gukz9gera4DW+ywXYgZJ18nuaHrTekWuZPvsUBwMAAAAAAAAAAABA5Rzcb/0/VJUFPVBd1v9DdeXr/w+UXA+g/VzjA7HOSv7C9f/rHgUAAAAAAAAAAAAAbKaZuWsXx6emJq/aeGt7VKOdG/V6/Xr6W7BFRTR+9PY407Zs5FPht0t9Vmzka/2e7KjS/iQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAr/BMAAP//+jYkDA==")
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
wait4(r0, 0x0, 0x40000000, 0x0)
ptrace$setregs(0xd, r0, 0x2, &(0x7f0000000280))
ptrace$cont(0x9, r0, 0x100000000, 0x6)

2m26.369274039s ago: executing program 4 (id=1724):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r2=>0x0})
r3 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xffff}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x1, [], 0xfc, [0x1, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x5c4, 0x8000, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000)

2m24.288113565s ago: executing program 4 (id=1732):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_ERR_FILTER(r0, 0x65, 0x2, &(0x7f0000000000)=0x8, 0x4)
setsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vxcan1\x00', <r1=>0x0})
bind$can_raw(r0, &(0x7f0000000080)={0x1d, r1}, 0x10)
bind$can_raw(r0, &(0x7f0000000280), 0x10)

2m23.75598745s ago: executing program 37 (id=1732):
r0 = socket$can_raw(0x1d, 0x3, 0x1)
setsockopt$CAN_RAW_ERR_FILTER(r0, 0x65, 0x2, &(0x7f0000000000)=0x8, 0x4)
setsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vxcan1\x00', <r1=>0x0})
bind$can_raw(r0, &(0x7f0000000080)={0x1d, r1}, 0x10)
bind$can_raw(r0, &(0x7f0000000280), 0x10)

59.452767539s ago: executing program 8 (id=2200):
r0 = socket(0x2, 0x2, 0x0)
setsockopt$inet_int(r0, 0x0, 0x13, &(0x7f00000000c0)=0xfffffffd, 0x4)
connect$l2tp(r0, &(0x7f0000000680)={0x2, 0x0, @remote, 0x2}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000002c0)=ANY=[@ANYBLOB="2800000010005fba00"/20, @ANYRES32=0x0, @ANYBLOB="80000200e180001a08001b"], 0x28}}, 0x800)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000000), 0x4)

57.094719093s ago: executing program 8 (id=2207):
ioctl$sock_inet_SIOCSIFFLAGS(0xffffffffffffffff, 0x8914, &(0x7f0000000000)={'team_slave_0\x00', 0x4000})
r0 = userfaultfd(0x801)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000040))
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={0x0}, 0x1, 0x0, 0x0, 0x80d4}, 0x0)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9)
ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f000000c000/0x3000)=nil, &(0x7f000000d000/0x1000)=nil, 0x3000, 0x3})

56.903759108s ago: executing program 8 (id=2210):
r0 = syz_open_dev$vim2m(&(0x7f0000000100), 0x0, 0x2)
ioctl$vim2m_VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000000)={0x1, @raw_data="a425e2f1a54d24f16152413860608d70566e425a6c36af37b33fac9d31c8a9c7044410d324b03e044e454d2092a62fea8f13441431ce248bfc73a6726ee61ba491d15d8f392ff66fe0b17f0e11f5d2367d5593205ab1efa97d40619a553e7da2518125b850a186ef691daa55c9e50ffaf6ddc25220ded32aeba4524cec1afbd17abba1d15ea05e97ed3dcad452db6e08a991e2c78b057f55de7fdeba7411ce65700c0a1ad7946ff7c355db87566e3e5abb7a37a06731ed19ddfa970bb58a27fd9fa1810000000319"})
syz_mount_image$hfsplus(&(0x7f0000000200), &(0x7f0000000240)='./file1\x00', 0x14c00, &(0x7f0000000040)=ANY=[], 0x1, 0x6fd, &(0x7f0000001b40)="$eJzs3c1rHOcZAPBnVitppYIjJ/5oSyBLAmmpqC1ZKK16qVtK0SGUND30vNhyLLyWg6QUJZRKbvoH9JBTT+lBN9NDSaFHQ3tuCJRcdQwUcslJN5WZnVntake7K2VlKcnvJ2bmnXk/5p1nvnZ2ERPAN9bybFQPDg62l2df30rn93YXmmO7C5N5djMiJiKiElFtTSJZiyz3dj7Ed9KFefnkuPV8sLr05qdf7H3WmqvmQ1a+0q9eiYneRTv5EPWIGMunvcaPafGjo6vvau9Od3vHNdJH0t7CNGCvFIGLv5y8KRilgx477bwn/83G/aqf5LwFLqikdd/sMRMxHRG1iNZdP786VJ5t70Zv57w7AAAAACc1NahA7+P6c/uxH1tx6ay6BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF9H+fv/k3yoFOl6JMX7/yfyZZGnv5I+mWxNn553RwAAAAAAAABgBF7aj/3YikvF/EGS/eb/csdv/N+Kd2IjVmI9bsRWNGIzNmM95iNipqOhia3G5ub6fFYz4kqfmrfi45Kat47v4+3+m/DPX59mwwEAAAAAAADg4qoNyH8w3rvsj7F8+Ps/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABcBEnEWGuSDVeK9ExUqhFRi4iJtNxOxMdF+sJ5f7JsaVK28OmZdwYAAABGq9Y9m9SGqPPcduzHVlwq5g+S7Jn/Wva8XIt3Yi02YzU2oxkrcTd/hk6f+it7uwvNvd2Fh+nQ2+7PPj9R17MWo/XdQ/mav52VmIp7sZotuRF3IomDTKXo/HZr+nBvNynp1+O0T8lPc316M9aRvpuOrn+Upf/c/S1C9USbeEqVY3NmstzxdkTmHh/WuFzsmfI9NHDvVPuuaT4q7W9+rvRfU3nMH/df+/SRUqXf3JyLo5G4FZX2HrrWPxIR3/vHk9/eb649uH9vY/bibFKp7YEljkZioSMS179GkRhsLovE1fb8cvwyfhOz8fnkG7Eeq/G7aMRmrNSL/EZ+PKfjmf6R+mS6c+6NQT1Jz8l6+/pV1qd6dPUp6vGLLNWIlyOJmbgUq5HEo4jxlXgt+7sV8+2rweEevjrEWV8Z4krbofb9bNIOU0wdX/ZvwzU5KmlcL3fEteOam50Hl7uWHEbp+dIoFfe64e9HHarfzRNpC+9H6Rfd5+RoJOY7IvHCccdLK6R/PUjHG821B+v3G28Pub5X82lxdJZcSA6+zPacXrqHn49avnGXs3Hau/ToSPNeaPe6O14T+S8uLZWevKvteq0z9VfxKO5G55n6o1iMxVjKSl/LSo/33LHSvOvtlrqv4Wle+kmr2v5hp/Pz1qNotj4PAXCxTf9gemLqf1P/mfpw6k9T96der/188seTL07E+L/Hf1KdG3u18mLy9/gw/nD4/A8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJzexrvvPWg0myvr5YlKeVbSv1ajWbyRr1+ZrkSSvyonXxJ9CidDNdg/Ubw/6cu205Won6rB4m2NgwvXR9fVnkSyk++w9pLaoGOj0cze8rQ91F5OegKeVj51n4v3S51RNEaUqI+uweKA7Vdm4FlZvFmtK2ssIsoKD7hwjI3qCgScl5ubD9++ufHuez9cfdh4a+WtlbXxxcWluaXF1xZu3lttrsy1xh0VnsnLb4Fn4fCm37m0EvHS4Lp9XtQKAAAAAAAAAAAAnKGj/9FxFv8L8eS8NxIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4SluejerTSGJ+7sZcOr+3u9BMhyJ9WLIaEZWISH4fkfwr4na0hpjpaC45bj0frC69+ekXe58dtlUtylcido6tN5ydfIh6RIzl01G1d2dwexOHycmS7KQdmTRgrxSBg/P2/wAAAP//YBTwuQ==")
sendmsg$NFT_MSG_GETOBJ(0xffffffffffffffff, 0x0, 0x20000000)
socket$inet_udp(0x2, 0x2, 0x0)
mount(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x2200020, &(0x7f0000000000))

56.767877602s ago: executing program 9 (id=2211):
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0)
close(0x3)
userfaultfd(0x80001)
dup3(r1, r0, 0x0)

56.648613345s ago: executing program 8 (id=2212):
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x4000, &(0x7f00000002c0)={[{@test_dummy_encryption}, {@nombcache}, {@noblock_validity}, {@commit={'commit', 0x3d, 0x5}}, {@inlinecrypt}, {@max_batch_time}, {@barrier_val={'barrier', 0x3d, 0xffffffff}}, {@auto_da_alloc}, {@lazytime}, {@dax_inode}, {@block_validity}]}, 0xd, 0x5ef, &(0x7f0000001200)="$eJzs3c9vFdUeAPDv3P6gpbzXQl7ee7iQJsZAorS0gCHGBWwNafBH3Lix0oJIgYbWaNGEkuDGxLgxxsSVC/G/UCJbVrpy4caVISFiWJJ4zdzOlP6Y29JLe6fpfD7J5c6cc6fnDLffnjPnnjM3gMoaTP+pReyPiOkkoj+ZX8zrjCxzcOF1D//65Gz6SKJef+PPJJIsLX99kj33ZQf3RMTPPyWxr2N1uTNz1y6OT01NXs32h2cvTQ/PzF07fOHS+PnJ85OXR18aPXH82PETI0daOq/rBWmnb77/Yf9nY29/982jZOT738aSOBmvZi9ceh6bZTAGG/8nyeqsvhObXVhJOrLfk6VvcdJZYoXYkPz964qI/0V/dMTjN68/Pn2t1MoBW6qeRNRzj+pApSRRdg2AcuT9gPzafuV1cK2UXgnQDvdPLQwArI7/zoWxwehpjA3sfpjE0mGdJCJaG5lbbk9E3L0zdvPcnbGbsUXjcECx+RsR8f+i+E8a8T8QPTHQiP/asvhP+wVnsuc0/fUWy185VCz+oX0W4r9nzfiPJvH/zpL4f7fF8gcfb77Xuyz+e1s9JQAAAAAAAKis26ci4sWiz/9ri/N/omD+T19EnNyE8gdX7K/+/L92bxOKAQrcPxXxSuH831o++3egI9v6V2M+QFdy7sLU5JGI+HdEHIquXen+yBplHP5839fN8gaz+X/5Iy3/bjYXMKvHvc5dy4+ZGJ8df9rzBiLu34h4pnD+b7LY/icF7X/692D6CcvY9/ytM83y1o9/YKvUv404WNj+P75rRbL2/TmGG/2B4bxXsNqzH3/xQ7PyW41/t5iAp5e2/7vXjv+BZOn9emY2XsbRuc56s7xW+//dyZuNW850Z2kfjc/OXh2J6E5Od6Spy9JHN15n2InyeMjjJY3/Q8+tPf5X1P/vjYj5FT87ebB8TXHuv3/3/d6sPvr/UJ40/ic21P5vfGP01sCPzcp/svb/WKOtP5SlGP+DBV/lYdq9PL0gHDuLstpdXwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYCWoRsSeS2tDidq02NBTRFxH/id21qSszsy+cu/LB5Yk0r/H9/7X8m377F/aT/Pv/B5bsj67YPxoReyPiy47exv7Q2StTE2WfPAAAAAAAAAAAAAAAAAAAAGwTfU3W/6f+6Ci7dsCW6yy7AkBpCuL/l4WnB31trwzQVtp/qC7xD9Ul/qG6xD9Ul/iH6hL/UF3iH6pL/AMAAAAAwI6y98DtX5OImH+5t/FIdWd5XaXWDNhqtbIrAJTGLX6gukz9gera4DW+ywXYgZJ18nuaHrTekWuZPvsUBwMAAAAAAAAAAABA5Rzcb/0/VJUFPVBd1v9DdeXr/w+UXA+g/VzjA7HOSv7C9f/rHgUAAAAAAAAAAAAAbKaZuWsXx6emJq/aeGt7VKOdG/V6/Xr6W7BFRTR+9PY407Zs5FPht0t9Vmzka/2e7KjS/iQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAr/BMAAP//+jYkDA==")
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
wait4(r0, 0x0, 0x40000000, 0x0)
ptrace$setregs(0xd, r0, 0x2, &(0x7f0000000280))
ptrace$cont(0x9, r0, 0x100000000, 0x6)

56.611455176s ago: executing program 9 (id=2213):
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x0, 0x0, 0x0, 0xd, 0x0, 0x0, 0x0, 0x20}, 0x94)
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f000012d000/0x1000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffc000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f00005a4000/0x2000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r0 = io_uring_setup(0x1b7b, &(0x7f0000000040)={0x0, 0x970, 0x1f680, 0x1, 0x39c})
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1)
io_uring_enter(r0, 0x12a, 0x14, 0x17, 0x0, 0x0)

56.202305308s ago: executing program 9 (id=2214):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1, 0xfffffffc}, 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0x14, &(0x7f00000001c0)=ANY=[@ANYBLOB="18000000000100000000000000000000180100002020782500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000007000000850000000600000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bca2000000000000a6020000f8ffffffb703000018000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @xdp=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r3=>0x0})
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000002c0)={r1, r3, 0x25, 0x2, @void}, 0x10)
syz_emit_ethernet(0x66, &(0x7f0000000880)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x33}, @broadcast, @void, {@mpls_uc={0x8847, {[], @ipv4=@gre={{0x5, 0x4, 0x1, 0x5, 0x58, 0x65, 0x0, 0x8, 0x2f, 0x0, @loopback, @initdev={0xac, 0x1e, 0x1, 0x0}}, {{0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x1, 0x880b, 0x0, 0x3}, {0x0, 0x0, 0x0, 0x1}, {0x1, 0x0, 0x1, 0x1}, {0x8, 0x88be, 0x3, {{0x7, 0x1, 0x9, 0x0, 0x1, 0x2, 0x2, 0xb}, 0x1, {0x2}}}, {0x8, 0x22eb, 0x4, {{0x6, 0x2, 0x6, 0x3, 0x1, 0x1, 0x4, 0x2e}, 0x2, {0x5, 0x5, 0x3, 0x7, 0x1, 0x1, 0x2, 0x1, 0x1}}}, {0x8, 0x6558, 0x1}}}}}}}, 0x0)

56.075339141s ago: executing program 8 (id=2215):
r0 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0)
timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)=<r1=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
read(r0, &(0x7f00000001c0)=""/93, 0x5d)

56.074331701s ago: executing program 1 (id=2223):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x3, &(0x7f0000000000)=0x1, 0x4)
bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @loopback, 0x6}, 0x1c)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000000040)=0x40, 0x4)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x56202329, @empty, 0x4000005}, 0x1c)
sendmmsg$inet6(r0, &(0x7f0000002dc0)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000002b40)="4137a29b582bd471798f15f967e7f8118e1abf61ebd7d146a12a42f6ffd2340daaa8dcf6da818cc0efac75e8c35abbde7a18e0226b424f5557c71db5d327baccef203377178ddb12221cdaf45711a2535ae87e6ab62ecba71b6f2ac0f6c9ead0ec52116d305204537900daaad0d6e4dd9d3ad654711b72964f28b8b5d231d709bf3cd4a0477ef446e7da5eaa15cc39e9c57d89217e33a93e080000000000000086448a8e871cf560229a3cc36317ac47bae1596458badc9ebde2c707dea2e18f859e20f7595cce0a88485e5223b2c8fc383e37cbbfe8353e2a8eb6dc65d76746a31d8f206f3152176a502d3e582a31933e40cff645d93afca045741f99af1cba5b3b6dd6c2edd5e6c4505ae594aa23cbc8a143512180028d9b3984a2517ac9a15154460ff0f654df3f8cf1c13455cb5f440a67de7a6dad269c76e2625c35222985a47aa3b920d97dea05c43bc937361d33781f8057097ca11a9d90eea3d8ae56f0e57f3a6f32f8786e165305301a3d86367337d2651a27b8c222f349491648ba165a6ed9a1e5e5397a1ee963651c2d9c79d6d5b34941375b6b53abcc7882c4e57a63de2e32c30e41030f24ae6efee9e3446eab3b5407cc20f581095dde95241e3853c4864ea7ecd07888956d9375b9ef74be4454d7693b53ed6bd0644cd93945b2eb35a6ac7c34aa11facf27ca4463e2bb1eef7126a982f0de190da6ca5b992c9fecf37053894f4b8001fa9902cb9544f8394c96faa2767c0af169cf7c3e0c49d962d47061f788999120bc2144d3bdd4cd8dc5c6f00b10958416318ef9ea9b4f2e", 0x241}], 0x1}}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f00000006c0)="8dacf1d2", 0x4}], 0x1}}], 0x2, 0x4000001)

55.998428173s ago: executing program 9 (id=2216):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x214802, &(0x7f0000000440)={[{@nojournal_checksum}, {@nombcache}, {@barrier}, {@norecovery}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@nomblk_io_submit}, {@nodelalloc}, {@usrquota}, {@noauto_da_alloc}, {@journal_dev={'journal_dev', 0x3d, 0x2}}, {@init_itable}]}, 0xff, 0x551, &(0x7f0000000cc0)="$eJzs3d9vU1UcAPDv7Tp+KyMhJPpgFnkQg3Rs8wcmPuCjUSKJvmOzXRaylpK1I2ySCA/y4oshJsZIYvwDfPeR+A/4V5AoCTFk0Qdfam53ywprt9EVNuznk9xyzj23nHt67vdwbs8lDWBojWcvhYhXIuLbJOJwR1kx8sLx1eNWHl6fybYkms3P/koiyfe1j0/yPw+2M8WI376OOFl4rMqx7KW+tDxfrlTShXznRKN6ZaK+tHzqUrU8l86ll6emp8+8Mz31/nvvDqytb57/54dP73505pvjK9//cv/I7STOxqG8rLMd23CjMzMe4/lnMhpnnzhwcgCV7SbJTp8AfRnJ43w0sjHgcIzkUQ/8/30VEU1gSCXiH4ZUex7Qvrcf0H3wC+PBh6s3QOvbX1z9biT2te6NDqwkj90ZJe0vMrYpq+PXP+/czrYY3PcQAJu6cTMiTheL68e/JB//+nd6C8c8WYfxD56fu9n8561u85/Co/lPdJn/HOwSu/3YPP4L9wdQTU/Z/O+DrvPffNFqLMZG8txLrexocvFSJc3Gtpcj4kSM7s3yG63nnFm51+xV1jn/y7as/vZcMD+P+8W9j79nttwob6/Vax7cjHi16/w3edT/SZf+zz6P81us41h657VeZZu3/9lq/hzxRtf+X1vRSjZen5xoXQ8T7ativb9vHfu9V/073f6s/w9s3P6xpHO9tv70dfy079+0V1m/1/+e5PNWek++71q50ViYjNiTfLJ+/9Tae9v59vFZ+08c33j863b974+IL7bY/ltHb/U8dFv9P4BF16z9s0/V/0+fuPfxlz/23/6s/99upU7ke7Yy/m31BLfz2QEAAAAAAMBuU4iIQ5EUSo/ShUKptPp8x9E4UKjU6o2TF2uvR6us9fxDob3SfbjjeYjJ/HnYdn7qifx0RByJiO9G9rfypZlaZXanGw8AAAAAAAAAAAAAAAAAAAC7xMEe//8/88fITp8d8Mz5yW8YXpvG/yB+6QnYlfz7D8NL/MPwEv8wvMQ/DC/xD8NL/MPwEv8wvMQ/AAAAAAAAAAAAAAAAAAAAAAAAAAAADNT5c+eyrbny8PpMlp+9urQ4X7t6ajatz5eqizOlmdrCldJcrTZXSUsztepmf1+lVrsyORWL1yYaab0xUV9avlCtLV5uXLhULc+lF9LR59IqAAAAAAAAAAAAAAAAAAAAeLHUl5bny5VKuiAh0VeiuDtOQ2LAiZ0emQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgzX8BAAD//7VBN58=")
open(&(0x7f0000000040)='./bus\x00', 0x400141042, 0x2a)
mount(&(0x7f0000000280)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x5000, 0x0)
r0 = open(&(0x7f0000000000)='./bus\x00', 0x8000, 0xa0)
ioctl$LOOP_SET_STATUS64(r0, 0x4c04, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x0, 0x8005, 0x0, 0x0, 0x14, 0xd, "ef359f413bb9386ff7d6a4ae6dddfbd1ce5d29c2ee5e5ca9000ff8ee09e7376b7a5ff537ed73ac58818d78c660e677df8dc905b90242b7c528a076d2f6a00400", "036c5bc6780820d1cbf7966d61fdcf335263bd9b0abdc2542ded71038259ca171ce1a311ef545032d71e14ef3dc177e9b48b001d00", "f28359738e229a4c66810000000000d300e6d602000000000000000000000001", [0x8]})
openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file2\x00', 0x103042, 0x0)

55.972486234s ago: executing program 1 (id=2217):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800714, &(0x7f0000000500), 0xf7, 0x485, &(0x7f0000001040)="$eJzs3M9rHFUcAPDvTJL+bhNrrba2Gq1i8UfSpFV78KCi4EFB0EM9xiSttdtGmgi2BI0i9SgF7+JR8C/w5kXUgwheFTxKoWgQmnqKzK9mu9mkSZpkbfbzgc2+t/Nm3/vOzNt9My+zAbSt3uxPErEjIn6LiO4ie3OB3uJpZnpy+Pr05HASs7Nv/JXk5a5NTw5XRav1tpeZw2lE+mkSzyfz6x2/cPHMUK02er7M90+cfa9//MLFp06fHTo1emr03ODx48eODjz7zODTqxJnFte1/R+OHdj3yluXXxs+cfntH7/JmrX3YLG8Po5but4koCZ6s63292yucdmjy2j7nWBnXTrpbGFDWJaOiMh2V1fe/7ujI+Z2Xne8/ElLGwesqey7afPCi6dmgQ0siVa3AGiN6os+O/+tHus09PhfuPpCxKYyPTM9OTxzI/7OSMvXu9aw/t6IODH175fZI5Z7HQIAYAXysc2TzcZ/aezNn4u5jl3lHEpPRNwVEbsj4u6I2BMR90TkZe+NiPuKlWe7l1h/b0N+/vgnvdK0zaskG/89Vzf2m6mLv3zq6ShzO/P4u5KTp2ujR8ptcji6Nmf5gUXq+O6lXz9faFn9+C97ZPVXY8GyAVc6Gy7QjQxNDK3WRrj6ccT+zmbxJzdmArIjYF9E7F/eW++qEqcf//rAQoVuHf8iVmGeafariMeK/T8VDfFXksXnJ/u3RG30SH91VMz30y+XXl+o/tuKfxVk+3/bzcd/Q4nuf5JivrYrarXR8+PLr+PS758teE6z0uN/U/JmPmf98zvFax8MTUycH4jYlLya56tzuvz1wbl1q3xVPov/8KHm/X93uU4W//0RkR3EByPigYh4sGz7QxHxcEQcWiT+H1585N1F4k8iiZbu/5Gmn383jv+epH6+fgWJjjPff7vQjPnS9v+xmMo/awv5598tLLWBt7n5AAAA4I6QRsSOSNK+It27I9K0r6/4H/49sS2tjY1PPHFy7P1zI8U9Aj3RlVZXurrrrocOJFPlOxb5wfJacbX8aHnd+IuOrXm+b3isNtLi2KHdbb+5/0fV/zN/drS6dcCac78WtK/G/p+2qB3A+lvK979zAdiYmvT/ra1oB7D+nP9D+2rW/z9qyBv/w8Y0v///0eQn64CNyPgf2pf+D+1L/4e2dDv39a88Ud0ssPL32bLkO/zbJVH94sVa1rU15l6JtOUht1Ei6zHrW+ncb6gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADcyf4LAAD///ss5ts=")
r0 = creat(&(0x7f0000000000)='./file0\x00', 0x40)
lsetxattr$security_capability(&(0x7f0000002580)='./file0\x00', &(0x7f00000025c0), 0x0, 0x0, 0x0)
write$binfmt_elf32(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="7f454c460904028d0400000000000000020006000400000019000000380000005e020000080400000400200001"], 0x58)
close(r0)
execve(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)

55.401811529s ago: executing program 1 (id=2219):
r0 = socket$inet6(0xa, 0x6, 0x0)
bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
r1 = socket$inet_dccp(0x2, 0x6, 0x0)
listen(r0, 0x5)
connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e20, @local}, 0x10)
sendmmsg(r1, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=[{0x10, 0x10d, 0x173000}], 0x10}}], 0x1, 0x200088c4)

55.066140068s ago: executing program 9 (id=2221):
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x20085e, &(0x7f00000107c0)={[{@grpjquota}, {@max_dir_size_kb={'max_dir_size_kb', 0x3d, 0xa32}}, {@acl}]}, 0x1, 0x53a, &(0x7f0000010280)="$eJzs3c9vI1cdAPDvOLGT3U2bbekBELRLW1jQap2Nt11VPUA5IYQqIXoEaRsSbxTFjqPYKU1YifTMFYlKnODIH8C5J+5cENy4lAMSPyJQg8Rh0IwnWSexk7SbxJH9+Ugjz5vnzPe9zc57469jvwDG1q2I2ImISkS8GxGzxfGk2OKt7pY975Pdx4t7u48Xk0jTd/6Z5PXZsej5mcyN4pzTEfGD70T8ODket721vbrQaNQ3ivJcp7k+197avrvSXFiuL9fXarUH8w/uvXH/9dqn6M30ibUvNSvF3pc//sPON36aNWumONLbj/PU7Xr5IE5mMiK+dxHBhmCi6E9l2A3hMylFxPMR8XJ+/c/GRP7bBABGWZrORjrbWwYARl03B5aUqkUuYCZKpWq1m8N7Ia6XGq12586j1ubaUjdXdjPKpUcrjfq9Ild4M8pJVp7P95+Ua0fK9yPiuYj4xdS1vFxdbDWWhnnjAwBj7MaR+f8/U935HwAYcSf/2QwAMIrM/wAwfsz/ADB+zP8AMH668/+1T/tjaZr+7CKaAwBcgnz+7/MlXQDA6JL/B4Cx8v233862dK/4/uul97Y2V1vv3V2qt1erzc3F6mJrY7263Got59/Z0zztfI1Wa33+tdh8/+Y319udufbW9sNma3Ot8zD/Xu+H9XL+rJ1L6BkAMMhzL3305ySbkd+8lm/Rs5ZDeagtAy5aadgNAIZm4vgh7wbAmOiu9uVvf2AcPXmNP2jaH7iyo/QAjIjT7gCm+31AKE3T9OKaBFyw21+Q/4dxVeT/J+X9YPz0yf8fkq8N7E1CGEmTw24AMDRpmpx1zf846xMBgKvthBz/zcu8DwGGZ8D7/88Xj78t3hz40dLRZ3x4ka0CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAq21//d9qsczvTJRK1WrEM/kCQOXk0Uqjfi8ino2IP02Vp7Ly/JDbDAA8rdLfkmL9r9uzr84cqnrxxsFuJSJ+8qt3fvn+Qqez8ceISvKvqf3jnQ+L47VTg01fRA8AgJPtz9P5Y88L+U92Hy/ub5fZnr9/u3tXkMXd263E3kH8yZjMH6ejHBHX/50U5a6kJ3fxNHY+iIjP9+t/EjN5DqR7y3I0fhb7mXOKP3Gm+KVD8UvFAs2l4t/ic+fQFhg3H2Xjz1v9rr9S3Mof+1//0/kI9fSK8S871eJePgY+ib8//k0MGP9uHT/dVN8Yr/3+u929a8frPoj44mTEfuy9nvFnP34yIP6rZ+zjX7704suD6tJfR9yO/vF7Y811mutz7a3tuyvNheX6cn2tVnsw/+DeG/dfr83lOeq5wbPBP9688+yguqz/1wfEnz6l/18ddNIjr3J/8793f/iVE+J//ZV+8UvxwgnxsznxawN7fNjC9d8NfN2dxV863v/kLL//O2eM//Fft48tGw4ADE97a3t1odGob9gZ0Z3K1WjG+exk/2WvQDP67nzrsmJVon/Vz1/pXtNHqtL0M8UaNGKcR9YNuAoOLvqI+O+wGwMAAAAAAAAAAAAAAPR1GZ9YGnYfAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGF3/DwAA//8mOdOX")
r0 = creat(&(0x7f00000000c0)='./bus\x00', 0x182)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x80642, 0x150)
pwrite64(r1, &(0x7f0000000140)="d7", 0x24, 0xfecc)
fallocate(r0, 0x0, 0xbf5, 0x2000402)
ioctl$EXT4_IOC_MOVE_EXT(r1, 0xc028660f, &(0x7f0000000100)={0xc, r0, 0x0, 0x3e, 0x9, 0xfffffffffdffffff})

54.984169571s ago: executing program 8 (id=2222):
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
getgroups(0x2, &(0x7f0000000400)=[0xee01, <r1=>0x0])
setgroups(0x40000000000002e6, &(0x7f0000000140)=[0x0])
keyctl$chown(0x4, r0, 0xee01, r1)
keyctl$setperm(0x5, r0, 0x30925)
keyctl$read(0xb, r0, 0x0, 0x0)

54.65100871s ago: executing program 38 (id=2222):
r0 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe)
getgroups(0x2, &(0x7f0000000400)=[0xee01, <r1=>0x0])
setgroups(0x40000000000002e6, &(0x7f0000000140)=[0x0])
keyctl$chown(0x4, r0, 0xee01, r1)
keyctl$setperm(0x5, r0, 0x30925)
keyctl$read(0xb, r0, 0x0, 0x0)

54.483068604s ago: executing program 9 (id=2225):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='cdg', 0x3)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r0, &(0x7f0000000300)="a6", 0x1, 0x24000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x9}, 0x1c)
shutdown(r0, 0x1)

53.836797622s ago: executing program 39 (id=2225):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='cdg', 0x3)
bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c)
setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4)
sendto$inet6(r0, &(0x7f0000000300)="a6", 0x1, 0x24000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x9}, 0x1c)
shutdown(r0, 0x1)

53.828873402s ago: executing program 1 (id=2228):
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000005c0)='./file0\x00', 0x4000, &(0x7f00000002c0)={[{@test_dummy_encryption}, {@nombcache}, {@noblock_validity}, {@commit={'commit', 0x3d, 0x5}}, {@inlinecrypt}, {@max_batch_time}, {@barrier_val={'barrier', 0x3d, 0xffffffff}}, {@auto_da_alloc}, {@lazytime}, {@dax_inode}, {@block_validity}]}, 0xd, 0x5ef, &(0x7f0000001200)="$eJzs3c9vFdUeAPDv3P6gpbzXQl7ee7iQJsZAorS0gCHGBWwNafBH3Lix0oJIgYbWaNGEkuDGxLgxxsSVC/G/UCJbVrpy4caVISFiWJJ4zdzOlP6Y29JLe6fpfD7J5c6cc6fnDLffnjPnnjM3gMoaTP+pReyPiOkkoj+ZX8zrjCxzcOF1D//65Gz6SKJef+PPJJIsLX99kj33ZQf3RMTPPyWxr2N1uTNz1y6OT01NXs32h2cvTQ/PzF07fOHS+PnJ85OXR18aPXH82PETI0daOq/rBWmnb77/Yf9nY29/982jZOT738aSOBmvZi9ceh6bZTAGG/8nyeqsvhObXVhJOrLfk6VvcdJZYoXYkPz964qI/0V/dMTjN68/Pn2t1MoBW6qeRNRzj+pApSRRdg2AcuT9gPzafuV1cK2UXgnQDvdPLQwArI7/zoWxwehpjA3sfpjE0mGdJCJaG5lbbk9E3L0zdvPcnbGbsUXjcECx+RsR8f+i+E8a8T8QPTHQiP/asvhP+wVnsuc0/fUWy185VCz+oX0W4r9nzfiPJvH/zpL4f7fF8gcfb77Xuyz+e1s9JQAAAAAAAKis26ci4sWiz/9ri/N/omD+T19EnNyE8gdX7K/+/L92bxOKAQrcPxXxSuH831o++3egI9v6V2M+QFdy7sLU5JGI+HdEHIquXen+yBplHP5839fN8gaz+X/5Iy3/bjYXMKvHvc5dy4+ZGJ8df9rzBiLu34h4pnD+b7LY/icF7X/692D6CcvY9/ytM83y1o9/YKvUv404WNj+P75rRbL2/TmGG/2B4bxXsNqzH3/xQ7PyW41/t5iAp5e2/7vXjv+BZOn9emY2XsbRuc56s7xW+//dyZuNW850Z2kfjc/OXh2J6E5Od6Spy9JHN15n2InyeMjjJY3/Q8+tPf5X1P/vjYj5FT87ebB8TXHuv3/3/d6sPvr/UJ40/ic21P5vfGP01sCPzcp/svb/WKOtP5SlGP+DBV/lYdq9PL0gHDuLstpdXwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADYCWoRsSeS2tDidq02NBTRFxH/id21qSszsy+cu/LB5Yk0r/H9/7X8m377F/aT/Pv/B5bsj67YPxoReyPiy47exv7Q2StTE2WfPAAAAAAAAAAAAAAAAAAAAGwTfU3W/6f+6Ci7dsCW6yy7AkBpCuL/l4WnB31trwzQVtp/qC7xD9Ul/qG6xD9Ul/iH6hL/UF3iH6pL/AMAAAAAwI6y98DtX5OImH+5t/FIdWd5XaXWDNhqtbIrAJTGLX6gukz9gera4DW+ywXYgZJ18nuaHrTekWuZPvsUBwMAAAAAAAAAAABA5Rzcb/0/VJUFPVBd1v9DdeXr/w+UXA+g/VzjA7HOSv7C9f/rHgUAAAAAAAAAAAAAbKaZuWsXx6emJq/aeGt7VKOdG/V6/Xr6W7BFRTR+9PY407Zs5FPht0t9Vmzka/2e7KjS/iQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAr/BMAAP//+jYkDA==")
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r0)
wait4(r0, 0x0, 0x40000000, 0x0)
ptrace$setregs(0xd, r0, 0x2, &(0x7f0000000280))
ptrace$cont(0x9, r0, 0x100000000, 0x6)

52.997332115s ago: executing program 1 (id=2231):
r0 = socket$tipc(0x1e, 0x2, 0x0)
r1 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r1, &(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x1}}, 0x10)
bind$tipc(r0, &(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x3, {0x42, 0x2, 0xffffffff}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000100)={0x42, 0x2, 0x2}, 0x10)
sendmsg$tipc(r0, &(0x7f0000000180)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x43, 0x2, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0xc4040}, 0x4048804)

49.674362356s ago: executing program 1 (id=2233):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x65f005e6766dc923)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x2a05404, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x2b5b093, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262)

49.084362702s ago: executing program 40 (id=2233):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x65f005e6766dc923)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000000c0)='./file0/../file0\x00', 0x0, 0x2a05404, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x2b5b093, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x262)

14.339587689s ago: executing program 7 (id=2395):
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000018bbdecde39739fcd1df176dde746ec834120600000000003b814e50a959736d6572462abc30ef5b65c70f73ecea54b5e5bea9836c319f653557e79a002208ce996dda659bd5ba0f4ce5c2080002223dc60000000000000044cd0a1e3686873600000000005493b4b874cd601d5b9fa9b40fe4d76afc3a989c6d60044e89eb96e44d01a1034e3797ffa86870b82939f41ffa0f3d726f085663c29cbdc4c766a7eb77cc36160191acf5ae7469c82ab4145b595b987d75912a0fcd1c061835294cc0c618aba204f8adaa20c80108d356cd88cc86177056b06e7068c40f807d9e539f8f5b64a8ee0725aa8d00000000007cb6020d90ea79b8027cf75964dd86c2ed2b5e75779677aa8c76b848dd03dab190b5f02ec52830a17b01eaae1c3df076000000000000000000000000000083a48a6b926c668b9b90195018ea3619f9d80a0b894e212178e1a19909d764666264fa29e2c055fd7f8e67c2acfb75f0a8d41692f4542a575ee42ed94a0014fba44985cca9df12fe93bfaccf0122a6e7e593613ac0111701b125cc6799224883d08ce470220a6decad26f0378072a571da000000b1a6bdf03fd56697e348b5b494f6fddb9f56142a47a40ef81690a7eca421bd0ad198afa58ce69d61c29deaa93c0efea0df04f20020ee84075b4e1a2ad43d1be1138de4668e7b6137545708790c501f1ed7f6a571d5000000000000007d2bee8ed5acba62b8ce6eee44e813220ebc37ad7d422bb972c33e626d4d13827d303ee15e254c75ee569a56fa9e"], 0x25, 0x55a8, &(0x7f00000014c0)="$eJzs3EtvG2UXAOAzTtP71y9CLNh1pAopkWqrTi+CFQVacRGtKi4LVuDYruXW9kSx64asumCJWPBPEEisWPIbWMASdogFiB1SkWcm0KQNtI3jqO3zSDNn5vj1mXdGlqUzYzmAZ9ZC+sdvSZyIIxExFxHHk8i3k3KJuBNxsRj7QkScjIjKPUtS5v9OHIyIoxFxYlK8qJmUL31xenzq/K9v//7t94cOHPvymx/29cSBffViRPRXi+3b/SJmnSLeKPONcTeP/XPjMq5uqdHPivzt9kpe4XZjc1wjj2c7xfhs9dZwEq/3Gs1J7HSv5/nVQXHA4bizWWfyhvRGYy3fb7VX8tgdZnnsbBTHXd8ovts2hqOiTqus90lePkajzVjk2+vt4nxWb+axORiV+aJu1mqvT+K4jOXhopn1Wvk8Vh7zIj8B3ukObq2n4/basJsN0vO1+ku1+oVqfS1rtUftc9VGv3XhXLrY6U2GVUftRv9iJ8s6vXatmfWX0sVOs1mt19PFS+2VbmOQ1uu1s7Uz1fNL5dbp9I2rH6S9Vro4ia91B7dG3d4wvZ6tpcU7ltLl2tmXl9JT9fS9K9fSa+9evnzl2vsfXfrw6qtX3nq9HHTftNLF5TPLy9X6mepyfekZOv9Py0k/wvknD07/9OPuLhsUdviAAbCz+/r/2N7/h/4fmLrd9P/9m+X+3vT/8TD9f0yz/5+0VPr//+5/K4/U/56YSv87H/r/PTx/2JXH6/8PTn0eAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADM3M/zX72ZbywU+8fK/P/K1HPlfhIRlYi4+wBzcXBLzbmyzvwO4+e3zeG7JPIKk2McKpejEXGxXP78/15fBQAAAHh6fX3n5OdFt16sFvZ7QsxScdOmcvzjKdVLImJ+4ZcpVatMVs9PqVj++T4Q61Oqlt/AOjylYsUttwPTqvZQ5raEw/eEpAiVmU4HAACYia2dwGy7EAAAAGbps3999ZWZzYMZS2LzUebms+D8l/f/PBA8Mlnd3fbjfgAAAOBJkuz3BAAAAIA9l/f//v8PAAAAnm7F//8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBf7NzPjdpAFAfgZ4OB/FNQlHtayQ3KSAk55hgoIE1QAmkhDVADkXJICStYYc8ieRek1TLGWvR9ku2d8ernGeDyxtIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXfpbree/f375dWnObn+ZPLMBAAAATtlW63n9x7Rpv0v9H1LXp9QuIqKMiFO1+yBGrcxByqnO/H/1aAx/IuqEQ/84HW8j4ms67j52/SkAAADA7dosV7OmWm9OaQngX7+j4kqaRZvy/bdMeUVEVNP/mdLKw+lzprD69z2MH5nS6gWsSaawZsltePreKNdD2gaty8NMFvWXWLfKbp4LAAD0qV0JnKlCAAAAuAHf+x4A1/C0tC+Op+N7xnFzSS8E37RaAAAAwCtU9D0AAAAAoHN1/d/N/n+TF+3/V9j/DwAAALJr9v8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgS9tqPd8sV7Nz9xfPzNntL5NvRgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9+zPOwqEQBiEwd71ncnc/7DSoKGxSRUIH39jMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABvfveX/xNT40wy99pYeh5J1k6NrVNj79w4+sP4+jUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwsT8vKRACQRAFc8b/Tvr+h5UEPYMIEdDwqKIWDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwBf97pf/E1PjTDJ32lg6HknWrhpbV429B42jB+Pt3wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwsW//vm1UcQDA3/lspylUhIAiEUAFdYCFpm5p6YoQKGLgT0CKUqcEXAptBlpFlCxsKHMXBAsSQkigsOV/6NxIXcrWIUOQmBiC7lf6nJgmpO05TT8f6fl9/Xx5P86Wla/fHQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABQWX83vNIo4zR7GCviqu32xuJsVq9tqzOry3cms5LFyUjVeuz1+mZ/oL0aPzk+MbyJAAAAcFgc2/WItMrvQwh3WyvTWd0Yy/P/VnVMlvP/UHaVlG3b8/61jcUj5UuTVf7/x+/3XtwaaCzNx8k6nZvvdU/tnEpz38t8wj236xHN/Mznv72k+RvS+HDphfVWfj6T727der+dhyN1zBYA2I+TVV0G1f9DWd0Z5sQAeGo0o8S7yv/TseHOCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAO60vhmSpOQgiTzftxZm1jcXZQ/c3yncnVspy7eXM57jProhVCmJvvdU/VuJaDqzqb1z+b6fW6V65eqzs4HkIY8NKNvf15Wk7/P49phxD6Wk68NKCfj/cw1rZ+dgTlxzPUew5Hs/XtenDS15LsOOHvbRaG8QGoK2iU78/jGGK09ve9P6g+e4++5//zXTLyaL6SAAA41FplyTLRu62V6awtGQ9h88f+/P+NKA59ef/mjaKleL4a5f/3Pjl3Ox4rzv87Na3vSTC1cOmLqavXrr81f2nmYvdi9/O3T3fe6Zw5f/bs+an8t5KpudDwiwkAAAAPoV2WOP8fHbD/fzSKwwP2/4st4SL///L7ztfxWKn8f6D7m37DngkAAMDTqL0VPf/a338lA45I2u3w1czCwpVO8bj1/HTxWOt092mkLHH+n44Pe1YAAABAHdaXkr79/wtRHB6w/x9f///szy//GveZFtcWXA4hdE/OXu5dqG85B1r/Tb8/pY/jRuV8oPawVwoAAMCwjJYl3v9vjWf5f2PrkodGCOHNEyH8U97DH/aY/6cffPtLPFZ8/f+ZWld58DQmivOR1xMhNCeGPSMAAAAOsyNlyZL9P1sr05/+dvSjtuv/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOr2bwAAAP//aR4tAA==")
gettid()
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8000c61)
truncate(&(0x7f0000000940)='./file1\x00', 0x2fffffd)

14.148234285s ago: executing program 2 (id=2397):
r0 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040))
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f0000000200), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0x0, 0x18, 0xfa00, {0x10000000, 0x0, 0x104}}, 0x20)
ioctl$SNDRV_PCM_IOCTL_WRITEN_FRAMES(r2, 0x40184152, 0x0)

13.372500146s ago: executing program 2 (id=2404):
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{0x0}], 0x1}, 0x0)
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge0\x00', <r1=>0x0})
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000940)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r1, @ANYBLOB="00000000000000001c001a800800028008000200080000003e127a5108000200104013"], 0x44}}, 0x0)
r2 = socket(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f0000000000), 0x4000000000001f2, 0xfff0)

13.078273334s ago: executing program 2 (id=2407):
openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0)
openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
syz_init_net_socket$802154_raw(0x24, 0x3, 0x0)
syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x4a102)
unshare(0x22020600)
pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x800000c6e, 0x0, 0x800, 0x100000, 0x0, 0x5}, 0x0, &(0x7f0000000140)={0x70, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x8}, &(0x7f0000000280), 0x0)

12.83779261s ago: executing program 2 (id=2409):
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x8001, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0])
mount(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0x10, 0x0)
mount$fuseblk(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x24000, 0x0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)

12.619183366s ago: executing program 2 (id=2411):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000940)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(blowfish)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5", 0x4)
r1 = accept4(r0, 0x0, 0x0, 0x800)
sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800)
recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}, {0x0}], 0x2}, 0x0)

12.398772722s ago: executing program 7 (id=2414):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r2, @ANYBLOB="08002600940900000800b70099"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)={0x160, r3, 0x1, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x0]}, @NL80211_ATTR_FRAME={0x13a, 0x33, @beacon={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x9}, @device_b, @device_a, @initial, {0xf, 0x5}}, 0xffffffffffffffff, @default, 0x1000, @val={0x0, 0x6, @default_ibss_ssid}, @void, @val={0x3, 0x1, 0x2c}, @void, @val={0x6, 0x2, 0x1fc}, @val={0x5, 0x3, {0x5, 0x97, 0x5}}, @void, @val={0x2a, 0x1, {0x0, 0x0, 0x1}}, @void, @val={0x2d, 0x1a, {0x400, 0x2, 0x5, 0x0, {0x2, 0xb7b, 0x0, 0x347, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x100, 0x1}}, @void, @val={0x71, 0x7, {0x69, 0x0, 0x1, 0xffffffffffffffff, 0x1, 0x7, 0x20}}, @val={0x76, 0x6, {0x3, 0x0, 0x2f, 0x6}}, [{0xdd, 0x15, "8a70254dad90829ddb18be62e84e877606f1bb15aa"}, {0xdd, 0xb5, "a9b8e8b2e8815dfdd27ddf0d9e1cb4fa1bbb67c1e564d75e01a3568e885b2ad15a99d00b7ffdeb02eebcc7545ca67fcad48c79ee89e03a97f892233201e08cb02c084d6cc9e65633c4f51e62e7d245088db7b2a0857ec4e5f911cb353d191498218794a9bd9095865f05de5722159704b56e4dd354369f3480578abd5a8f408dc04f90e5953feace89747961bbd24dac7393ae66ff9e5c5dd5e0b7cf50058a5b5f27dea29e01315b0b6d58d4a2f6b6f06eb7d71f09"}]}}]}, 0x160}, 0x1, 0x0, 0x0, 0xc0}, 0x0)

12.148616769s ago: executing program 2 (id=2417):
syz_mount_image$iso9660(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x1000000, &(0x7f00000000c0)={[{@overriderock}, {@overriderock}, {@map_off}, {@map_off}, {@nocompress}, {@hide}]}, 0x0, 0x3e9, &(0x7f0000000840)="$eJzs3E1PG8cfwPFZYv/Fn0qoUtRACIdJ0wM9xNldipGV03Y9NpOsd1cz6whOVVQgQoW0alKp4VJxSVupfRG59kX0HUXtO6DaB6c8GEx5iFH0/Uhoxt7fzPxmZc3IRrMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIJ2y7rueISMf9VXmysG2S3inXB/19eqg4ZVwhnPxPTE6K2fKt2Zv/Xv6k7GSmfDUjJvNiUux+dOvjhzdrE4P2pyT0Xrx4tfvN0+3tje/PFF2Xtb/3C1ee2HvSVbG2ie4FXSW1TWSr2XQfrHSs7OhI2TWbqZ4MjQqyxMiF8HPptVqLUjXWkn7cbQeRGry5fN933aZ81EhVYGwSP3jUsOGKjiIdd4uY/HIes5x/EB/rTGYq6Em5ubW9sTgqyTzIO0uQPyrId33f83zfay61lpZdt+a7vjz0hnuEONZk/B9ajNclr+DA+e1X+z8AAAAAAPhwOcVv7Pn3/3rxO7wjOjpS7rjTAgAAAAAAl6j4z/9MXtTz2qxw+P4PAAAAAMCH5peDZ+z+P+yMnU03xZ9/CWPqzl66+pmzE+ThwY6oFe1uHO0x68w501UnRdGsVa9CNe/cLoNuD6LfVsXmqLN+zrEEqpGPJlCesNv/aUgC4jcxVwbNrZfl+uBKOcpUR0eqESbRQ08EwfREplazH55v/SiK6f8a96Ydsbm1vdH4+tvt9SKXvbyXvZ3qAMWxcxQn3wzx8t25x+Ezrhc/xFTjTpXjugfnP1E2n/gPY74Wd8qYO1NlOXV4/pP5mF7jpNlXWXgXnPlrMV/GzC/cy4t7C0Oy8Edl4R/M4lz34gxZLI7KYvGCWQDAuGyO2IWc4xv/OVa5y9vdT1/R75Yxd+eKhbU2N2RFd0et6O4Fd7c/jj0D4aQ9Nh/39yO76pu8wZsTx7WR7+S38MbLne/ErRevdu9v7Tx9tvFs47nvLzbdL1x3yRf1YhpVwd4DABhCmbfOVPazY4xOv/JaLS/IVpQ0SfhYGt3uKqnjTJlwJYi7SqYmyZIwifLKE91WVtp+miYmk53EyDSxerV48ousHv1iVS+IMx3aNFKBVTJM4iwIM9nWNpRp/8tI2xVlisY2VaHu6DDIdBJLm/RNqBpSWqUOBOq2ijPd0Xk1lqnRvcCsySdJ1O8p2VY2NDrNkrLDwVg67iSmV3TbGPfNBgDgmnj3BLuzV+pV0zO3GvMUAQDAEezSAAAAAAAAAAAAAAAAAAAAAABcf+c4/zfmiiOEuAZpUKFy2ZX/nfeDvX8F+Yx7ZQJw1f4JAAD//7CIqpQ=")
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x14e174135c0b87af)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x40, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f00000002c0)='./bus\x00', 0x322020, &(0x7f0000000100)=ANY=[], 0x1, 0x0, 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200)

11.487914707s ago: executing program 41 (id=2417):
syz_mount_image$iso9660(&(0x7f0000000080), &(0x7f0000000000)='./file0\x00', 0x1000000, &(0x7f00000000c0)={[{@overriderock}, {@overriderock}, {@map_off}, {@map_off}, {@nocompress}, {@hide}]}, 0x0, 0x3e9, &(0x7f0000000840)="$eJzs3E1PG8cfwPFZYv/Fn0qoUtRACIdJ0wM9xNldipGV03Y9NpOsd1cz6whOVVQgQoW0alKp4VJxSVupfRG59kX0HUXtO6DaB6c8GEx5iFH0/Uhoxt7fzPxmZc3IRrMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIJ2y7rueISMf9VXmysG2S3inXB/19eqg4ZVwhnPxPTE6K2fKt2Zv/Xv6k7GSmfDUjJvNiUux+dOvjhzdrE4P2pyT0Xrx4tfvN0+3tje/PFF2Xtb/3C1ee2HvSVbG2ie4FXSW1TWSr2XQfrHSs7OhI2TWbqZ4MjQqyxMiF8HPptVqLUjXWkn7cbQeRGry5fN933aZ81EhVYGwSP3jUsOGKjiIdd4uY/HIes5x/EB/rTGYq6Em5ubW9sTgqyTzIO0uQPyrId33f83zfay61lpZdt+a7vjz0hnuEONZk/B9ajNclr+DA+e1X+z8AAAAAAPhwOcVv7Pn3/3rxO7wjOjpS7rjTAgAAAAAAl6j4z/9MXtTz2qxw+P4PAAAAAMCH5peDZ+z+P+yMnU03xZ9/CWPqzl66+pmzE+ThwY6oFe1uHO0x68w501UnRdGsVa9CNe/cLoNuD6LfVsXmqLN+zrEEqpGPJlCesNv/aUgC4jcxVwbNrZfl+uBKOcpUR0eqESbRQ08EwfREplazH55v/SiK6f8a96Ydsbm1vdH4+tvt9SKXvbyXvZ3qAMWxcxQn3wzx8t25x+Ezrhc/xFTjTpXjugfnP1E2n/gPY74Wd8qYO1NlOXV4/pP5mF7jpNlXWXgXnPlrMV/GzC/cy4t7C0Oy8Edl4R/M4lz34gxZLI7KYvGCWQDAuGyO2IWc4xv/OVa5y9vdT1/R75Yxd+eKhbU2N2RFd0et6O4Fd7c/jj0D4aQ9Nh/39yO76pu8wZsTx7WR7+S38MbLne/ErRevdu9v7Tx9tvFs47nvLzbdL1x3yRf1YhpVwd4DABhCmbfOVPazY4xOv/JaLS/IVpQ0SfhYGt3uKqnjTJlwJYi7SqYmyZIwifLKE91WVtp+miYmk53EyDSxerV48ousHv1iVS+IMx3aNFKBVTJM4iwIM9nWNpRp/8tI2xVlisY2VaHu6DDIdBJLm/RNqBpSWqUOBOq2ijPd0Xk1lqnRvcCsySdJ1O8p2VY2NDrNkrLDwVg67iSmV3TbGPfNBgDgmnj3BLuzV+pV0zO3GvMUAQDAEezSAAAAAAAAAAAAAAAAAAAAAABcf+c4/zfmiiOEuAZpUKFy2ZX/nfeDvX8F+Yx7ZQJw1f4JAAD//7CIqpQ=")
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x14e174135c0b87af)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x40, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
syz_mount_image$fuse(&(0x7f00000001c0), &(0x7f00000002c0)='./bus\x00', 0x322020, &(0x7f0000000100)=ANY=[], 0x1, 0x0, 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200)

11.202300185s ago: executing program 0 (id=2422):
r0 = syz_usb_connect(0x3, 0x2d, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000062a10b40450c1010fce60102030109021b00010000000009043200019740a40009058203ff"], 0x0)
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
write$char_usb(r2, &(0x7f0000000280)='L', 0x1)
readv(r1, &(0x7f0000000500)=[{0x0}, {&(0x7f0000000140)=""/224, 0xe0}, {&(0x7f0000002380)=""/4099, 0x1003}, {&(0x7f0000000080)=""/168, 0xa8}, {&(0x7f00000003c0)=""/223, 0xdf}, {&(0x7f00000004c0)}], 0x6)
syz_usb_disconnect(r0)

10.183831313s ago: executing program 3 (id=2424):
syz_mount_image$udf(&(0x7f0000000c40), &(0x7f0000000340)='./file0\x00', 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB='noadinicb,nostrict,mode=00000000000000000000004,uid=forget,noadinicb,umask=00000000000000040002000,lastblock=00000000000000000013,undelete,partition=00000000000000000005,\x00'], 0x43, 0xc11, &(0x7f0000000d00)="$eJzs3V1oXOl5B/DnnSOtRto00WYTb9Jm04GUxCi18VdsBZcgZxW1AccbIit0r6LRh51h5ZGR5MabtkFtSQu9Cd2b0psimi4t5KJX3V5WabaQUAol5CK9KAiaLHvRC10ECi0bhXPmHWlky7ayXlvS7u+3zP7PnHnO+P0YnzkCvzoBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAER89nOXTp1OB90KAOBxujL5pVNnff8DwLvKVT//AwAAAAAAAAAAAADAYZeiiGORYujVzTRdPe+oX261b92eGp/Y+7DBFClqUVT15aN++szZc586f2G0m/c//u324Xh+8uqlxnOLN24uzS8vz881ptqt2cW5+X2/w8Mef6eRagAaN168NXft2nLjzMmzu16+Pfz6wJPHhi9eOHF+tFs7NT4xMdlT09f/lv/0u9xrhccTUUQzUrw5/EZqRkQtHn4sHvDZedQGq06MVJ2YGp+oOrLQarZXyhdTLVfVIho9B411x+gxzMVDGYtYLZtfNnik7N7kzeZSc2ZhvvHF5tJKa6W12E61TmvL/jSiFqMpYi0iNgbufrv+KOKjkeLlU5tpJiKK7jh8sloY/OD21B5BH/ehbGejP2KtdgTm7BAbiCKuRIqfvXY8Zssxy4/4eMQXynw14pUyPxORyg/GuYif7vE54mjqiyL+PVIsps00V50PuueVy19ufL59bbGntnteOfLfD4/TIT831aOImeqMv5ne+sUOAAAAAAAAAAAAAAAAAG+3wSji25HiT579vWpdcVTr0t93cfQ9L/x275rxZx7wPmXtyYhYre1vTW5/XjqcauV/j6Bj7Es9ivhGXv/3RwfdGAAAAAAAAAAAAAAAAAAAgHe1Il6IFF85cTytRe89xVvt642rzZmFzl1hu/f+7d4zfWtra6uROjmWczrnas61nOs5N3JGLR+fcyzndM7VnGs513Nu5IwiH59zLOd0ztWcaznXc27kjL58fM6xnNM5V3Ou5VzPuZEzDsm9ewEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3klqUcTPI8W3vraZIkXEWMR0dHJ94KBbBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACU6qmIk5Fi/YV69XytFnE1In6+tbXVfUTEZpkP66D7CgAAAAAAAAAAAAAAAAAAAIdWKuJjkeLp/9tMjYi4Pfz6wJPHhi9eOHF+tIgiUlnSW//85NVLjecWb9xcml9enp9rTLVbs4tz8/v94+qXW+1bt6fGJx5JZx5o8BG3f7D+3OLNl5Za17+6sufrQ/VLM8srS83ZvV+OwahFTPfuGakaPDU+UTV6odVsV4em2j0aWIsY229nAAAAAAAAAAAAAAAAAAAAODSGUhGfixQ/+a9zqbtuvK+z5v9XOs+K7dpX/mDndwEs3JFdvb8/YD/bab8NHakW3jemxicmJnt29/XfXVq2KaUinokUn3j5Q9V6+BRDe66NL+veW9bdOJfrhn+trFvdVVUfmRqfaFxZbJ+4tLCwONtcac4szDcmbzZn9/2LAwAAAAAAAAAAAAAAAAAAAOA+hlIRP4oU//P3/5G6953P6//7Os961v//VrWEvlJPu3Nbtbb/vdXa/s72+y6ODn302XvtfxTr/8s2pVTENyPF2R99qLqffnf9//QdtWXdn0WKN579SK6rPVHWNbvd6bzjtdbC/Kmy9q8jxa+/2a2NqvZ6rn16p/Z0WTsYKf5yc3ftV3PtB3Zqz5S1xyPF9/5779oP7tSeLWt/Ein+6e8a3dqhsvb3c+2xndqTs4sLcw8a1nL+vxMp/vbK76Run+85/z2//2H1jtx215zff/vtmv/hnn2reV7/NM9/8wHzfz5SfKf+kVzXGfuZ/PpT1f935v8TkeI//2137bVc+/6d2tP77dZBK+f/25Hiu3/14+0+5/nPI7szQ73z/6t9u3P7U3JA8/9Uz77h3K7ZX3Is3o2WX/r6i82FhfklGzZs2NjeOOgzE49D+f3/55Hi/48VqXsdk7//39N5tnP997/f2Pn+v3hHbjug7//39+y7mK9a+vsi6is3bvY/E1FffunrJ1o3mtfnr8+3z5w+9elPnz996vT5/ie6F3c7W/seu3eCcv5/ECl++A8/3P45Zvf1397X/0N35LYDmv+ne/u067pm30PxrlTO/99Eiqc+++Ptnzfvd/3f/fn/+Md25/bfvwOa/w/07BvO7Wr9kmMBAAAAAAAAAABwlAylIv4iUvzuH/9m6q4h2s+//5u7I7cd0L//Otazb+4xrWvY9yADABwi5fXfByPFP299f3st9+7rv/iNbm3v9d+9HIb7/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFGXoog/jBRDr26m9YHyeUf9cqt96/bU+MTehw2mSFGLoqovH/XTZ86e+9T5C6PdvP/xb7cPx/OTVy81nlu8cXNpfnl5fq4x1W7NLs7N7/sdHvb4O41UA9C48eKtuWvXlhtnTp7d9fLt4dcHnjw2fPHCifOj3dqp8YmJyZ6avv63/KffJd1j/xNRxPcjxZvDb6TvDkTU4uHH4gGfnUdtsOrESNWJqfGJqiMLrWZ7pXwx1XJVLaLRc9BYd4wew1w8lLGI1bL5ZYNHyu5N3mwuNWcW5htfbC6ttFZai+1U67S27E8jajGaItYiYmPg7rfrjyK+GSlePrWZ/mUgouiOwyevTH7p1NkHt6f2CPq4D2U7G/0Ra7UjMGeH2EAU8Y+R4mevHY/vDUT0RecRH4/4QpmvRrxS5mciUvnBOBfx0z0+RxxNfVHEuUixmDbTawPl+aB7Xrn85cbn29cWe2q755Uj//3wOB3yc1M9ivhBdcbfTP/q7zUAAAAAAAAAAAAAAADAIVLEWqT4yonjqVofvL2muNW+3rjanFnoLOvrrv3rrpne2traaqROjuWczrmacy3nes6NnFHLx+ccyzmdczXnWs71nBs5o8jH5xzLOZ1zNedazvWcGzmjLx+fcyzndM7VnGs513Nu5IxDsnYPAAAAAAAAAAAAAAAAAAB4Z6lFUd3F/Vtf20xbA537S09HJ9fdD/Qd7xcBAAD//0kCdPc=")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0xc0086c43, &(0x7f00000002c0)=0x700)
syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f0000000280)='./file0\x00', 0x180c8, &(0x7f0000000580)=ANY=[@ANYBLOB="6e66732c646f74732c636865636b3d7374726963742c646f74732c6572726f72733d72656d6f756e742d726f2c00fc403bb14281bbfb9b8213bd6284536d64789a24dd73b98b3e33cb47fed8a736464bb62e9e891aa832722dfc28bfa4489b3a127a503e72326b737d0f67c97be6f37ef46154dec39ef8718946ffc8cd4d735a0b101c1722477bbe2f923577ea51f7116f17c3ddf5c497fba2d0bb3272d123b31e9461d4e2d65a42e1174fa269de92e463fc1ca202650fe2628e15341e45dce6c0de2367bdb50cc5b2b462e1d45fc3265f1a88561ab6afb1b73a3b340b5c5fc6e601843a59f3cdeb36991cfa985453287d4c9d2d6e21adddc57a607369c682e821b20dc0efd51d12f386f3f8e53c05e696e50c7c3f79b1b0bd7e5cfaf3f63d8949c8dd2fd94aa0f259a4cb9412c30c45f9d4d63d267d2a43f03a47fa56b3"], 0x1, 0x242, &(0x7f0000000300)="$eJzs3bFqFFEUBuBjskmWNKYWiwEbq0WtbBeJIA4IK1No5UC0SUSYNKPVPIbP4CP5GKnSjZhZsklcbczm7s58Hyz3wM/Cuc3eLc6d+fDw8/HRl9NP7c/vMR5nMYpo2jbiILZiOzr35uvWRb0bVzUBAGya2aycpu6B1aqqabkTEXt/JMWPJA0BAAAAAAAAAADw35bN/8e5+X8A6DPz//1XVdNyf/7/7Trz/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEA65217v/3HJ3V/AMDtc/4DwPA4/wFgeJz/ADA8b9+9fz3N88NZlo0jzpq6qItu7fKXr/LDJ9mFg8W3zuq62L7Mn3Z5dj3fif15/mxpvhuPH3X57+zFm/xGvhdHq98+AAAAAAAAAAAAAAAAAAAArIVJdmnp/f7J5G95V115PsCN+/ujeDC6s20AAAAAAAAAAAAAAAAAAADARjv9+u24PDn5WCl6U8TztWjjrouItWijL0XqXyYAAAAAAAAAAAAAAAAAABiexaXf1J0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQDqL9/+vroiIpu2k3i4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQY78CAAD//139ms4=")
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
renameat2(0xffffffffffffff9c, &(0x7f0000000280)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0)

10.182903002s ago: executing program 7 (id=2425):
r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0)
write$UHID_CREATE2(r0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119)
syz_usb_connect$cdc_ecm(0x5, 0x4d, &(0x7f00000011c0)=ANY=[@ANYBLOB="12010000020000402505a1a44000000001010902"], 0x0)
r1 = syz_open_dev$hidraw(&(0x7f0000000000), 0x0, 0x81)
ioctl$HIDIOCSFEATURE(r1, 0xc0404806, &(0x7f0000000040))
write$UHID_SET_REPORT_REPLY(r0, &(0x7f0000000300)=ANY=[@ANYBLOB="0e00000001"], 0xc)

9.628635197s ago: executing program 3 (id=2426):
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000005600)='./file0\x00', 0x0, &(0x7f0000000040)={[{@noacl}]}, 0x1, 0x5599, &(0x7f0000005680)="$eJzs3X1oVecdB/BzTaKhFpPV1alY6RSqdGVTW5DNUeNLZjvfkhq0NTXGaWudrViZW9qJCwliOi2NSh2jrjhkRVtWApO+iFPXoUM2psikszLnim44ahZ1gh2Tjdx7n+u955rk1nVNXz6fknvuc3/nec5zD+eP+731OTcCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAKIoSm289OevImvqxM8fNeeA/j7y669ljk5aNPnL25/N3TCuqWv1U3fSGlrq5UzqaKxfPP3p1/aEoSqT6pfsvnHzfA4/OWTizNAxYX53alpd3ecjk4+lUo2/Oi539cv8WRVFUEhugKL2tLMpqJ+IHiFblD9it6k1X3lxWM/XtxssXJg6vHbU3/63TqbS3J9Bb0tfVmWvXUkXysU9sj0w769JL5Fyiqf7xC+4jeRMAwAcypiq5yXwcTX/EzbQb4/VYuyLWbo21wyeE1uzGjUiN27ered4er/fSPCtSUaFfl/OM1dPnP9OuivePtWNR4wPMM3fXdKQp7WqeK2P13ponAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMfJu5PmXZgy/cXLfSfV7hiy4a+z+mxcv+9UbfVLd+2sPrHujf61ddMbWurmTulorlw8/+jV9YeiqDzZL5Hqnnhj08Kn+tbNfHDzQ2srZ0w49FpRetywLc7aOfpjePLVsij6VlblTBj23IAoqsotJJvRj/MLy5JP7g8FAAAAPk2GJB/7ZNqpOFiS004k02Qi+V+QCovVm668uaxm6tuNly9MHF47au+Nj1fVxXgV1x0v0y6/9pfICsYh/sbHu1YPu67KG6d78RHjef7YtHdmnBlRf27rlfNNTWsv7h534K73tkw93/zNd/av6Hf/cyPy8n959/k/nDn5HwAAgP+F/B8fp3s95f+3ZlfOaPvDvT/6/biv/31o9cZ3m/YmVg09vmLkd+ZNPPXa869fzcv/t+ccMi//hxmH/N8nurH8DwAAAB9n/+/8X5E3Tvd6yv/PHDwxdM+ogzWN0furyv6VOLhk36nnvtZ8ec29216oPDvrsf55+X9MYfm/OHva4cXfhQkvL4uiMYWfVAAAACBH+P/u175aCHk99c1BPK+/PP7FnRdLZxYvKf7yrl3bnl5TevcdA5fWLn5l9EtDnjg8/9nVefm/orD8X/LRvF0AAACgAIs23L100D/mjd+2pH32rVePVg66Z/vRO25un7G6Zv2kFbec/kpe/q8qLP/36523AwAAAFzHsfmPLFrxt9071v16xOQxpe9PGTn7e3WX9hwe++9RNR0vjP/GW3n5v76w/H9Tepte+ZDqdCj8K4QtZVFU2vlkZarwm6h1YqYAAAAAfEhCTm/44eylDZuf2fbPizV3vtJ8y8utf374C+V3bpz2s+9vOT63adO+vPy/svv7/4c7HYT1/zn3/8tb/59VSN31b4IbAwAAAPBZlL+eP9weP/XLBV39/n6h6/8fe3r4o1u/+5Olv7itfHfitpNPfumJ5ocrfzpwYHvL6JHNRYNL8vJ/Y2H5vyh7+2H+/h8AAADcgE/a7/89lDdO93q6//+0BesOL2gf+/kDLe3Pjxn02znFDy7Y+af2m/c/Oax9/7nzLcPy8n9rYfk/bPtnv70D4fw0l0XR4M4n6bsJ7grTXR4rtJVkFVInPtZjTuiRLrT1yyokrYz1GFcWRV/sfNIYK3wuFFpjhY4B6cL2WOFIKKSvh0zh1VjhQLjStg5ITzdeeD0U0gss2sIKiv6ZJRGxHpe66tFZuG6Pk5mDAwAAfKaE8JzOsiW5zSgeZdsSPe1wU0879Olph6KediiO7RDfsavXo/rcQnj9L6dXv/f48l/WTmi4Z+7kPcOOP37f2bE/+PbaX83uv6XxxKUpTXn5f3th+T+cir6pTVfr/6Ow/j/9u4aZ9f/1oVAeK7SFQlX8jgFV4RipsLshHKO8Kt2jY3CmAAAAAJ9q4XuBol6eBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBf9u49Sq6qThTw7nd30uk0OI6AykSdJEZMdydBlICLPERUjHQYZFTGPEg65NEkIQ8kwYWBsBwUdQLBxDvDXQS4WYCixDgEERgSlcC9RHnNMAzyFLiBUSFc3nCZ3NV9aleqzulKV0wa0tzv+6NrV/3289Sja59zah8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPj/w+BDv7LgilOeuWnkC3936imNC59+bsxlB3/kiPqb5h48/PUtd8+6fcrxZ10w5eSJO1YeO+Mrd7/591tDaO8uV5EUr/j5RVOX1U6Z9KWLv3zOsZ8/auum2ly9uXgY2PWnMnfn/Njqk4NCuKEihOp0YGRjEqjJ3W+M9b2vMYQDwq5AvkTHgKREuuFwW0MI68KuQL6qGxtCaCwInHTvL2/9blfikoYQhoYQ6tJtPFyXtNGQDgyrTQID0oEF1UnglZ2JfODnlUkA9lp8M+Rf9BvaizM091yuxOuvZp917O2VHl5VTDSXzven8X3cqQK16Qfa9+ppy1RHn8i8PTZ7t/WDd1tmO6/ytBV+kcp9Q9m5K1QXKmd2zJq+tHNJfKQytLRUlaqpj57nh5//+ow9Sfeb12HsQPM+eR1W7dh+59mNn7pu9aD1r64ce+WWve3mQwWbtDDd1+pC7jXXb57HaJzPk37w9st8SxriS1cI4V9vqNv26hcuf/nTa7ZcPem8v13zzIjTW9veuO+F6yctWLXg+v/+i8z8v3n38//4co63lUW5Y6tvNCVz8/hIY0w815TMzQEAAKDf6A97Tac+NOvF4b/5xD9PvvHR7YOO/5tFqw/+de2Wdz34VOX4Z285ecT81zLz/yHlHf+Ph/wbC0e7OYRx3YmVg0M4qPvxJHBN7M6pg0P4QHeqvTgwPhXYHMLB3YkR+apSJepjiSGpwPamXGBcKrA1BtpTgfUxsCoVOD8GNqQCM2JgcyowIQbCnOJxfKQpN46yAw0xMC3ZiBviWQgvNMXWUtvqd/mqAAAA9pHc7LCm+G7BuQ57myFOLzc09JYhnoFdMkNdqob0DDY/rSpZQ3VvNVT2VkN+3Ct2P/xMzRW91Zw5DaOiOMPSb/7h/rFfXDW3euj22sNemnfczN8d8/41O1s++uPanT8cd9fahsz8v2338/+6HjpSkTn+H8Lk7r8xd2Uu0pmPT2svygAAAADshdETP/ZPl733l9fdcuLnfzv4jiOv2PjDqbVjv/XK0nt+uGLCudt+dEFm/j+uvPP/4z6RqoLMYVvcDTFvcAhtxYGk2qOygeSo98BcAAAAAPqD/PH4/LHwObnb5BTt9Hw6m799D/PHA//jesw//pC/fmzDf8z99k8nTjli7TmPzd9+1+EfrWn7m+cf/tIF86Z947JvZub/7eWd/z+g+DbpxNbYi9WDQ6gvCNwee9kV6DYkBh47pjiQG//WuAEujFXlTkzIV3VhLDEtBtpSgXWlStydL3FQcSD3ZOUbX5kfx5xciYIAAAAAvOXi7oB4XD6e/3/fgg/PPmpb3aG3rKr46V/uuKZz4vVtNc+M/VXT61/4whNff63xzMz8f9qenf/fPQ/OnN7fOTCE1uoQqtI/DNg2IFkYMAYaK3KJWwYkdVWlqzp3QAhHdw0sXdXjufX/q9NrDN7bkFQVAwd98Ornh3UlrmwIobUwcP8pl3+sK7EkFcg3/sWGEP6qa7Tpxq+vTxqvSTe+tj6EQwsC+apOrQ+hq7HadFW/rMtdxyBd1XV1IbyrIJCv6oi6EJYFAPqp+K90ZuGDi5ctnze9s7NjUR8m4j78hjBrTmdHy4wFnTPrSvRpZqrPRcsYnZsdU8nlkFLiEkWr7lk7tJx0/neCbYV9ye3Hz5w4mLsfvwvVdI9zdE3R3THpIX/4Q9kmQsE3qbdryAMKK9n1JGbqj/lrw8BQv3Rxx6KWs6YvWbJoVPK33Oyjk79xUMm2GpXeVgN66tt+8PIYXlhJ65LTF7YuXrZ85JzTp5/WcVrH/NFtYw5vO3LMqCM+3to1qrbkby9DHd5T1amh7rz8rR/qIdUFlbwVnxoSEhL9LfE/zjj95DuOnPOpE+5d+oGj1oybcPaNh89qXXPb9ZPWT3ts8I9GXZKZ/y/c/fw/furET/7c+gyljv83x8P8yeO7DvNPi4F15R7/by51ND9/YsCQVGBFDKxwmB8AAIB3hrg7Mu52jHutH6q74qrDL3329C2jJn7tzOaRv57wwXEHfvqML99x3H/+3/d/7xN//N+Z+f+K8n7/v4/W/88vXf+5Usv8j4gl2kqt/59e5j+//v+KUuv/p5f5z6//v+5tWP9/aT6Q2iQvWP8fAAB4J3jr1v/vdXn/9AUCMhl6Xd4/fYGATIZel/Ev9wIBe7z+/5PHXPv0B97/TPvPrr/j8ekXn3HOx9fUD9uxrL7l9m//+y9u/MqpgzLz/1Xlzf8t3A8AAAD7j2uPffLfjr3q+7ec3Pjsj2sWzT7/5vNuahz2WsWsjfMnDJh8zez/ysz/15U3/3/r1/8Lpc7/H1Iq0F5qYUDr/wEAANBPlVr/b/tP6i+9sHHHuk0bXv/ske9+/Tt3fOdrry34wQ8+89H3zV48adyEmzPz/w3lzf/jaReVRbljb95oSta0C+k17Z5ryv9kAAAAAPqHytDSUlNm3qKVUcf/+W3GpUB3ly504nE//WT70HffPufaKa3/cN99Ha2H3NnUsH7+zi+d8PTyp05YeWVm/r+5vPl/0e8yqnZsv/Psxk9d98bqQetfXTn2yi27jv8DAAAAfafc/RIAAAAAAAAAAAAAAMDb770Lxoy/t+Xxd1+0evn5zdddcfmbm1q3fPUfL6na/uHZf7hg7uiGzO//w+TucqV+/x+v+xd/X/AXRbljq72v/5e7f9LxP1nWvWThtqYQPlQYmHfevANC7tr8wwsDt351xHu6EuelS9z8yISnuhJT04HPjDzw5a7E0anAtLhI4sHpQLyq4suDUoG4vOJ96UDcHhvSgdpc4FuDknFUpLfVM43JtqpIb6sHG0MYXBDIb6sbGpM2KtIDvCQVyA/wjHQgDvALuUBlulc/GZj0KgYaY9HLBia9AgBgvxW/BdaEWXM6O9riV/h4e0h18W1UtGTZudlqq8psPi5NtuqetUPLSVelv4vuutZ4TajrGsKozNfVwiwV3aPcN7X0sun+osSQe1vtra82XW3pETUkI2qZsaBzZk2vAx/Te5bR1b1mGZWZ7BRmqezepGXUUkZfyhhRmdumjC7H+5WhpaUqlWtsDDaHIr29Isr9vX5Pa/6VekV0+cSXb/rD41ubPn3Ye9pPO/+eyvff+6sDr3jxQ688dN1hm/7bR9b++urM/L+5vPl/XeG4Xs5dDGBFvLLeUYNDmFbmiAAAAOCdb/b8Ry6+4FcXbX+sfdhTC1ovuvWBZT9YXt10zfnHPnjzmS+d8r2pexu/9skTfvvAb3+0cdj4WxaOGfDEWVdedtw9d92xetvxb95w2P8ZOePRzPx/SHnz/7hjLHcoONnbsTle/3/l4BC6L63fnASuicM9dXAIH+hOtccSyQX1PxdLtCWBa+IOkxGxxLT24qrqY2BDKrC9KRfYnApsjYHcXoqrQ25XzkVNIXysOzW5uMTCWKI5FTghBoakAi0x0JYKDIqBcanAHwflAu2pwJ0xEOYUb6ufDcptKwAAgD2Rm2fVFN8N6XnehureMlT0lmFAbxkqe8tQ11uGUqOI9zfGDDWFx+NzGeJDNelaG1K1ZDLEi+Hvcb8yGcLdxTnTBTNN588kaS7OGTN8+x8f/OT0lx6+YemP3hh+4rmf/PH3tm16be4Tp40cPO3VsfNGfPuPmfl/W3nz/wHFt0nrW+P8f9f1/5LA7bF7q+Op40Ni4LFjigO5HQNb42T3wnxV7bkSuUn7hbHEuBgYkgosjIFxqcC0ybnAuvcUB3Iz7XzjK/ONz8mVKAgAAADAWy7uIIi7aeL8/9K/mz353O+0dqyc9dWnps0Y+ukDL33fpcfcNOk3c9cedOCpd14zLzP/H1fe/D+2N7CwsfNjb54cFMINFbt6kw+MbEwCcT9GY/x5/PsaQzigYAdHvkTHgKREbarhcFtD8gv12nRVNzYkawzE+yfd+8tbv9uVuKQhhKEFe1/ybTxcl7TRkA4Mq00CA9KBBdVJIO75yQd+XpkEYK/l9wrGF1TuVJe85p7LlXj9vVOuCZoeXmYfaA/5evrNVV+pSz+Q26eat2dPW6Y6+kTm7bHZu60/vtuavdsKv0jlvqHs3BWqC5UzO2ZNX9q5JD5S+EvWjD56nnv6Jevu0vvgdbjiz+9t7+rSHWhLfXy09Vyu59dhRayuasf2O89u/NR1qwetf3Xl2Cu3lN2NEuIm/cuvjR/2UMHm7Wt1Ifea63efJ+0+T/rjv4EhnrYQwqbnvlF/5okn/tsB/7Rw0/cf/a/mV7/1zTs2blzW1HJz1ZpJF3722sz8v728+X916rbba3FjLh4cwocLNu62uPknDk4+BwsCyafku7KB5JD7E00lPzkBAABgX8vv7sjvL5iTu01OCE/Pk7P52/cwf9xfMa7H/OX2+4TP3/0vf7vid6u/uGX9AxW/+f3GK04YM3XhYwvvu3jiP/+v31/16I2Z+f+03c//61PddPzf8X/6iOP/Pdrfd0XXpx9YsVe7ojPV0Scc/+/R/v5uc/y/R47/O/7fE8f/e+H4f4/296ct8y1poS9dIYSnn/2XC//hgmUnPfTqu4+4+IE/PTjx7IobOv9j+kPPdLzx0Vdm3XpoZv6/sLz5v/X/el60L7/+37RS6/8tLLX+3wrr/wEAAH2qxEJz6XleZvW+TIb06n2ZDL0uENjrEoPW/9vj9f82nFz9+1/P/ffvf+6+pw+vnHr/f46eP++m4UcdM+KqNU+t+NcX2lsy8/8V5c3/48thYGHr/WX9vyGTS1S1KgYWWhgQAACA/VGpHQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC8vcaceedL33lh+2G3Lrlt5cnj/3r1qV//7NEH/+zKnZ/YHL7x4vKX7ply/FkXTDl54o6Vx874yt1v/v3WEOZ0l6tIilf8/KKpy2qnTPrSxV8+59jPH7V1U12u3prc7XuLcsdW32gKYV3BI40x8VxT151dgZOO/8my6q7EtqYQPlQYmHfevAO6EuubQhheGLj1qyPe05U4L13i5kcmPNWVmJoOfGbkgS93JY7OBSrS3b10UNLdinR3vzsohMEFgXx35w4qrirfxnG5QGW6jasakzZioDEW/UFj0kYMdMYSc+pDaK0OoSpd1f+sS6qqSlf1i7qkqqp0VefUhXB0CKE6XdUjtUlV1emR31WbVBUDB33w6ueHdSXW1YbQWhi4/5TLP9aVOCMVyDd+Ym0If9X1kkk3vrEmabwm3fglNSEcGkKoTZd4sTopUZsu8Xh1CO8qCOQbn10dwrLAO0L88JlZ+ODiZcvnTe/s7FjUh4naXFsNYdaczo6WGQs6Z9al+lRKRUF657nZeGWZY3/4+a/P6Lpddc/aoeWkq3Plarq7PLqm6O6YfdX7ij7qfezXgMJKdj0fmfpj/towMNQvXdyxqOWs6UuWLBqV/C03++jkb1UummyrUftqW5Xrz91WwwsraV1y+sLWxcuWj5xz+vTTOk7rmD+6bczhbUeOGXXEx1u7RtWW/N0XQ708G6/q46EeUl1QyVvxASAhIdHfEpVFn25t+/u/7MwX/V0drQl13R/QmWlFYZaK7lHui0GP3318Xw46MyXJjGhUZuKQyTK69yxjMpOJXVkakizd3+syk8PCmiq7N2m8XxlaWkr+p2suvlu4+f7Uw+YtV9x05aYBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+H/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCwAAAAAIMzfOoyeDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuBQAAP//CAsM0g==")
truncate(&(0x7f0000000040)='./file1\x00', 0x41bfc)
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143042, 0x40)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r1, &(0x7f0000000140)='2', 0x1, 0x8000c61)
lseek(r0, 0x4, 0x4)

8.329966723s ago: executing program 3 (id=2427):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)={0x0, 0x10, 0x572, 0x8000, 0x9, "ff000d00009a468e0cd912098d00"})
r1 = syz_open_pts(r0, 0x0)
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000000)=0x13)
ioctl$TCSETA(r1, 0x5406, &(0x7f00000000c0)={0xfff6, 0xcd3d, 0x2, 0x2, 0x49, "4e160020046b17c3"})
ioctl$TIOCSTI(r1, 0x5412, &(0x7f0000000140)=0x4)

8.329835813s ago: executing program 0 (id=2428):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000000)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xfff1, 0xffff}}}, 0x24}, 0x1, 0x800000400000000}, 0x0)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x1c, 0x2, 0x6, 0x3, 0x0, 0x0, {}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000)
bpf$PROG_LOAD(0x5, &(0x7f0000000240)={0x1a, 0x0, 0x0, 0x0, 0x80000002, 0x57, 0x0, 0x0, 0x0, '\x00', 0x0, @tracing=0x1c, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000)={0x0, 0x1000, 0x0, 0xde0}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
r0 = socket$inet6_mptcp(0xa, 0x1, 0x106)
listen(r0, 0x0)
getsockopt$inet6_mptcp_buf(r0, 0x11c, 0x4, &(0x7f0000000000)=""/152, &(0x7f00000000c0)=0x98)

8.131455359s ago: executing program 0 (id=2429):
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000600)={0x26, 'hash\x00', 0x0, 0x0, 'cbcmac(camellia-generic)\x00'}, 0x58)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000000)="3e1c1adaceb67a6f219b124f8d60f2f9", 0x10)
r1 = accept4(r0, 0x0, 0x0, 0x80800)
sendmsg$nl_route_sched(r1, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=@newqdisc={0x24, 0x24, 0xf0b, 0x1, 0x0, {0x0, 0x0, 0x0, 0x0, {0x0, 0x3}, {0xffff, 0xffff}}}, 0x24}}, 0xc080)
sendmmsg$unix(r1, &(0x7f0000000300)=[{{0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000180)="f62ad04ea54ce072443d4b3e74f52ca0a221620fa86c1169d868a249", 0x1c}], 0x1, 0x0, 0x0, 0x40000}}], 0x1, 0x40050)

7.845385876s ago: executing program 3 (id=2430):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x901800, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x47f2, 0x8})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
keyctl$KEYCTL_MOVE(0x3, 0x0, 0x0, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x3, 0x2, 0x3000, 0x1000, &(0x7f0000feb000/0x1000)=nil})

1.945269097s ago: executing program 5 (id=2418):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000600)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6469725f726573765f6c6576656c3d30303030303030303030303030303030303030332c726573765f6c6576656c3d30303030303030303030303030303030303030362c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c636f686572656e63793d66756c6c2c6e6f61636c2c004c98065b85e5b137d63b2211c62c402045083da9bddc3b0d88d44ecd24ba5288d428197284f332858b83349af2c7646f1e07e91120d7f23ce20389bbc031d81d654f1ca08f61c92d90e6ea478843c1ad942c7c257f9ff5348dd038e947775991ad90f8861dada21d5fa2de7042b5e2cbbcd1ada2b568e375812eb0bc448e68eda4c70cf1d5adf566142ed45924fe72a1eb1a914faf754b9d94bf0fdc1f98c708bd89940b5ef96e328240c39559b35bc83c15c15104f3b3fe1945f0278c34e2399dadcd9776ac659afcbb239569140ab408ad87f15b353941"], 0x1, 0x442a, &(0x7f0000004480)="$eJzs3c9vVNUeAPBzb/seLQ94LY8FLzFxEkk0apqWlVoSSymUFioGhRg3w7QdoDrtkHZqXLCoOxJXJi6MC6KJu65IF27xT3DjEtckunBjQkKsmZk7be/tTDrWTivk80nonXt+z3znnjl3cTlxonJ7bik3t5QrLOTKMzeXTuc+KZeW54sh3icH3T/t6UScxP7gXDl34b3rp0P4Yfanx+vr6+uhqjs0NbTl9e+/3Z3ZemyIM3Wq7TZvba98GEI4sW1cVV0hhA++DyEKIZxN0kaTY28I4Vio512/+/mN3B6N5sGj4pn806l7a8OnJlfvr7V+71EIX5f+//qt+V9e6hr++dU96h4AAAAAAAAAAAAAAAAAgGfc+NUr194dHAoPo9C9Gm1/Xnc8ObZ6PnZ9z7zY1nifJKX/7vsGAAAAAAAAAAAAAAAAAACAf5LN5/9z0fEmz/+PJceRFvXX3+78GOmciXeujJ0fHEr2f4+25b+RJP16tiv0N9n3Pbv/+9lM/eb7v2/vZ7ca42v02xeieCB1HscDAyF8m2z8fjI6HJfKS5XXbpaXF2b3bBjPrHT867v3p6KTbOjfbvxHM+13fv///237NlXPb+zdV+y5lo5/V8ty330WtRX/c5l6+xF/di8d/+5aWu/WAiP1CaAa/y+6d47/WKb9TsX/WAghF1XHmkvNANU1TDW91XqFtHT8/1VLS02dyQfZ6vp/kon/+Uz7BzX/r2R/iGgqHf9/19J6UiU2r//+eOfr/0Km/YOIf3X8K37/25KO/6F6YneqSO2TbHf+H8+036n4X4uTcR6LUt+A1aie3ur/qyMtHf+ebfmb939xW+u/i5n6+3X/1+i3cf/XmP5fier3fzSXjn9vy3LtXv8TmXqdnv9Haus/disd/8O1tPTaua/2t934T2ba71T8a6uSnkb8N+eTPw7V07+x/mtLOv7/qSfGW0us1P7W1n/Rzuv/S5n2D2L9Vx3/StzZXp8X6fgfaVmuGv8f2/j9v5yp1/n4hzBorb9r6fgfbVmudv337Bz/qUy9Tsf/5U42DgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAMGE2OfSGKB1LncTwwEMK55PxkOBxNF2bz06XyzMdLIYwl6blwPLpVKk8XSvm5hfJsMV8olcozIZxP8k+EnmipVK7k5wt3Lmy01RvdLhYWK9PFQiWEMJ6kvxCONtqanqvMF+6EEC5u5P03Li/euV1YyM/OLb41ODg4GCY2xtAfFT+tFBcq9d7ruSFMbtTti7YMrpZ9aWMsR6KPysuLC4VSLf3yljql8kyhtKXOVJL3ZeiPKovLCzOFSjFfKt9q9HeQRpLj2MTV969eHtqWfyOqH0f3d1gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/EUPh9/8KoTQXT+LQwi5KHkRJf9SHjwqnsk/nbq3NnxqcvX+2uNmZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiTHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzSP0oDQRQH4DdjoaXHsFp2O9sVRbRwRfAEegwPo0fxEt7BIkXaFCGQzELYP7BNUn1f82B+zLwH8wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACWe3zr3l/rJiLF1fYy4vfz7/84fy71+276/sUZZuR0nl66+4e6Kf+eRvltOVq1eZ9u1l8fMVF7P4M9Ge7TwbjP0Ny+zc3X972OlKuIaEt+k3KuqmVvAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOzYgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCwAAAAAI87eOom8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4FcAAAD//0OnJ0Q=")
r0 = open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x14)
r1 = open(&(0x7f00000000c0)='./file1\x00', 0x14927e, 0x6)
fallocate(r1, 0x0, 0x0, 0x4004)
r2 = open(&(0x7f00000001c0)='./file1\x00', 0x101000, 0x4)
copy_file_range(r2, 0x0, r0, 0x0, 0x20000000004, 0x0)

1.931856247s ago: executing program 7 (id=2438):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0e000000040000000800000008"], 0x50)
close(0x3)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x9, 0x4, 0x7fe2, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180), &(0x7f0000000200), 0x81, r1}, 0x38)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x14, &(0x7f0000000880)=ANY=[@ANYBLOB="1800000003000000000000000040000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000018010000756c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000005000000850000000600000095"], &(0x7f0000000400)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x3a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f00000003c0)={r2}, 0xc)

1.931166478s ago: executing program 3 (id=2439):
bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000240)={@map, 0x32, 0x1, 0x7, 0x0, 0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000400), 0x0}, 0x40)
r0 = socket$inet_udp(0x2, 0x2, 0x0)
recvmmsg(r0, &(0x7f0000000080)=[{{0x0, 0x0, 0x0}}], 0x40000000000012d, 0x2, 0x0)
setsockopt$inet_int(r0, 0x0, 0x17, &(0x7f0000000180)=0x6, 0x4)
bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10)
syz_emit_ethernet(0x2e, &(0x7f0000000500)={@broadcast, @broadcast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}, 0x0)

1.927512858s ago: executing program 0 (id=2440):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4)
setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f0000000280)=0x1, 0x4)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c)
sendto$inet6(r0, &(0x7f00000001c0)="a6e2976b", 0x4, 0x840, 0x0, 0x0)
getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r0, 0x6, 0x23, &(0x7f0000000140)={&(0x7f0000fff000/0x1000)=nil, 0x3000, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffc4, 0x0, 0x0}, &(0x7f0000000100)=0x35)

808.484188ms ago: executing program 5 (id=2431):
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f00000003c0)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_CHANNEL_SWITCH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r2, @ANYBLOB="08002600940900000800b70099"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0)
r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff)
sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000780)={0x160, r3, 0x1, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_CSA_C_OFFSETS_TX={0x6, 0xcd, [0x0]}, @NL80211_ATTR_FRAME={0x13a, 0x33, @beacon={{{0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {0x9}, @device_b, @device_a, @initial, {0xf, 0x5}}, 0xffffffffffffffff, @default, 0x1000, @val={0x0, 0x6, @default_ibss_ssid}, @void, @val={0x3, 0x1, 0x2c}, @void, @val={0x6, 0x2, 0x1fc}, @val={0x5, 0x3, {0x5, 0x97, 0x5}}, @void, @val={0x2a, 0x1, {0x0, 0x0, 0x1}}, @void, @val={0x2d, 0x1a, {0x400, 0x2, 0x5, 0x0, {0x2, 0xb7b, 0x0, 0x347, 0x0, 0x1, 0x0, 0x0, 0x1}, 0x0, 0x100, 0x1}}, @void, @val={0x71, 0x7, {0x69, 0x0, 0x1, 0xffffffffffffffff, 0x1, 0x7, 0x20}}, @val={0x76, 0x6, {0x3, 0x0, 0x2f, 0x6}}, [{0xdd, 0x15, "8a70254dad90829ddb18be62e84e877606f1bb15aa"}, {0xdd, 0xb5, "a9b8e8b2e8815dfdd27ddf0d9e1cb4fa1bbb67c1e564d75e01a3568e885b2ad15a99d00b7ffdeb02eebcc7545ca67fcad48c79ee89e03a97f892233201e08cb02c084d6cc9e65633c4f51e62e7d245088db7b2a0857ec4e5f911cb353d191498218794a9bd9095865f05de5722159704b56e4dd354369f3480578abd5a8f408dc04f90e5953feace89747961bbd24dac7393ae66ff9e5c5dd5e0b7cf50058a5b5f27dea29e01315b0b6d58d4a2f6b6f06eb7d71f09"}]}}]}, 0x160}, 0x1, 0x0, 0x0, 0xc0}, 0x0)

808.380148ms ago: executing program 3 (id=2432):
r0 = gettid()
timer_create(0x1, &(0x7f0000000800)={0x0, 0x21, 0x4, @tid=r0}, &(0x7f0000000000))
fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x3ed4, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x9)
timer_settime(0x0, 0x1, &(0x7f0000000040), 0x0)
remap_file_pages(&(0x7f000032d000/0x2000)=nil, 0x2000, 0x0, 0xfffffffffffffffe, 0x2)

798.550459ms ago: executing program 0 (id=2433):
syz_mount_image$udf(&(0x7f0000000c40), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000100)=ANY=[], 0x43, 0xc23, &(0x7f0000002280)="$eJzs3V9oXNl9B/DfmSutRto00WYTb9Jm04GUxCi18b/YCi5BzipqA443RFboPkWjP3aGlWeMJDfetA1qS1roS+i+lL4U0XRpIQ996vaxSrOFhFIoIQ/pQ0HQZNmHPughUGjZKNyZM9LIkm1lvbJk+/Mx4++dO787Ouee0Z07oDM3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICIz37u0qnT6bBbAQA8TFcmv3TqrPd/AHiiXPX5HwAAAAAAAAAAAAAAjroURRyLFEOvb6Tp9v2O6uVG89btqfGJvTcbTJGiEkW7vrxVT585e+5T5y+MdvPe27/bPhwvTl69VHuhdePm4vzS0vxcbarZmG3Nze/7GR50+zuNtHdA7cbLt+auXVuqnTl5dsfDt4ffHHj62PDFCyfOj3Zrp8YnJiZ7avr63/FP3+VuMzyeiiLqkeLt4bdSPSIq8eD74j6vnYM22O7ESLsTU+MT7Y4sNOrN5fLBVMlVlYhaz0Zj3X30EMbigYxFrJTNLxs8UnZv8mZ9sT6zMF/7Yn1xubHcaDVTpdPasj+1qMRoiliNiPWB3U/XH0V8NFK8emojzURE0d0Pn2xPDL5/eyoH0Md9KNtZ649YrTwCY3aEDUQRVyLFz944HrPlPsu3+HjEF8p8PeK1Mj8TkcoXxrmIn+7xOuLR1BdF/HukaKWNNNc+HnSPK5e/XPt881qrp7Z7XHnk3x8e5tMe8WNTNYqYaR/xN9I7P9kBAAAAAAAAAAAAAAAA4N02GEV8O1L8yfO/155XHO156e+7OPqel367d874c/d5nrL2ZESsVPY3J7c/Tx1OlfLfAXSMfalGEd/I8//+6LAbAwAAAAAAAAAAAAAAAAAA8EQr4qVI8ZUTx9Nq9F5TvNG8Xrtan1noXBW2e+3f7jXTNzc3N2upk2M5p3Ou5FzNuZZzPWdU8vY5x3JO51zJuZpzLed6zijy9jnHck7nXMm5mnMt53rO6Mvb5xzLOZ1zJedqzrWc6znjiFy7FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgcVKJIn4eKb71tY0UKSLGIqajk2sDh906AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBUTUWcjBRrL1Xb91crEVcj4uebm5vdW0RslPmgDruvAAAAAAAAAAAAAAAAAAAAcGSlIj4WKZ79v41Ui4jbw28OPH1s+OKFE+dHiygilSW99S9OXr1Ue6F14+bi/NLS/FxtqtmYbc3N7/fHVS83mrduT41PHEhn7mvwgNs/WH2hdfOVxcb1ry7v+fhQ9dLM0vJifXbvh2MwKhHTvWtG2g2eGp9oN3qhUW+2N02VuzSwEjG2384AAAAAAAAAAAAAAAAAAABwZAylIj4XKX7yX+dSd954X2fO/6907hVbta/9wfZ3ASzckV293x+wa7m6e33ab0NH2hPva1PjExOTPav7+neXlm1KqYjnIsUnXv1Qez58iqE958aXde8t626cy3XDv1bWreyoqo5MjU/UrrSaJy4tLLRm68v1mYX52uTN+uy+vzhgy90m7gMAAAAAAAAAAAAAAAAAAPAkG0pF/ChS/M/f/0fqXnc+z//v69zrmf//W9uz16tpZ25pz+1/b3tuf2f5fRdHhz76/N3WH8T8/7JNKRXxzUhx9kcfal9Pvzv/f/qO2rLuzyLFW89/JNdVnirr6t3udJ7xWmNh/lRZ+9eR4tff7tZGu/Z6rn12u/Z0WTsYKf5yY2ftV3PtB7Zrz5S1xyPF9/5779oPbteeLWt/Ein+6e9q3dqhsvb3c+2x7dqTs62Fufvt1nL8vxMp/vbK76Run3eP/2B7qff7H1buyC27xvzey+/W+A/3rFvJ4/qnefzr9xn/85HiO9WP5LrOvp/Jjz/T/n97/D8RKf7z33bWXsu179+uPb3fbh22cvy/HSm++1c/3upzHv+8Z7dHqHf8f7VvZ24dJQ5p/J/pWTec2zX7S+6LJ9HSK19/ub6wML9owYIFC1sLh31k4mEo3///PFL8/7Eidc9j8vv/ezr3ts////cb2+//F+/ILYf0/v/+nnUX81lLf19EdfnGzf7nIqpLr3z9RONG/fr89fnmmdOnPv3p86dPnT7f/1T35G57ad/77nFQjv8PIsUP/+GHW59jdp7/7f39b0N35JZDGv9ne/u047xm37viiVSO/99Eimc+++Otz5v3Ov/vfv4//rGdufX7d0jj/4GedcO5XY1fcl8AAAAAAAAAAAA8SoZSEX8RKX73j38zdecQ7efv/+buyC2H9Pdfx3rWzT2keQ373skAAEdIef73wUjxz5vf35rLvfP8L36jW9t7/nc397z+/x7LBzH/HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHnUpivjDSDH0+kZaGyjvd1QvN5q3bk+NT+y92WCKFJUo2vXlrXr6zNlznzp/YbSb997+3fbheHHy6qXaC60bNxfnl5bm52pTzcZsa25+38/woNvfaaS9A2o3Xr41d+3aUu3MybM7Hr49/ObA08eGL144cX60Wzs1PjEx2VPT1/+Of/ou6S7rn4oivh8p3h5+K313IKISD74v7vPaOWiD7U6MtDsxNT7R7shCo95cLh9MlVxViaj1bDTW3UcPYSweyFjEStn8ssEjZfcmb9YX6zML87Uv1heXG8uNVjNVOq0t+1OLSoymiNWIWB/Y/XT9UcQ3I8WrpzbSvwxEFN398Mkrk186dfb+7akcQB/3oWxnrT9itfIIjNkRNhBF/GOk+Nkbx+N7AxF90bnFxyO+UObrEa+V+ZmIVL4wzkX8dI/XEY+mvijiXKRopY30xkB5POgeVy5/ufb55rVWT233uPLIvz88TEf82FSNIn7QPuJvpH/1ew0AAAAAAAAAAAAAAABwhBSxGim+cuJ4as8P3ppT3Gher12tzyx0pvV15/5150xvbm5u1lInx3JO51zJuZpzLed6zqjk7XOO5ZzOuZJzNedazvWcUeTtc47lnM65knM151rO9ZzRl7fPOZZzOudKztWcaznXc8YRmbsHAAAAAAAAAAAAAAAAAAA8XipRtK/i/q2vbaTNgc71paejk2uuB/rY+0UAAAD//ywddP0=")
syz_mount_image$vfat(&(0x7f0000000080), &(0x7f0000000680)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x804051, 0x0, 0x1, 0x0, &(0x7f0000000d40))
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000100)='\x00', 0x89901)
r1 = fspick(r0, &(0x7f00000000c0)='.\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0)
rmdir(&(0x7f0000000400)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

798.083049ms ago: executing program 7 (id=2442):
r0 = socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, &(0x7f0000000100)='syzkaller\x00', 0x8001000d, 0xad, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x8d}, 0x90)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
ioctl(r0, 0x8b1a, &(0x7f0000000040))
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={<r1=>0xffffffffffffffff})
ioctl$SIOCSIFHWADDR(r1, 0x8b06, &(0x7f0000000080)={'wlan1\x00', @random="02000000000a"})

336.884861ms ago: executing program 7 (id=2434):
syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000340)='./file1\x00', 0x210000, &(0x7f0000002f40)={[{@nobarrier}, {@dioread_lock}, {@barrier_val={'barrier', 0x3d, 0x4}}, {@nolazytime}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@lazytime}, {@errors_remount}, {@stripe={'stripe', 0x3d, 0x10}}, {@bh}, {@init_itable}]}, 0xfc, 0x56f, &(0x7f0000003780)="$eJzs3d9rW1UcAPDvTdPup66DMdQHGezByVy6tv6YIDgfRYcDfZ+hzcpouowmHWsduD24F19kCCIOxD/Adx+H/4B/xUAHQ0bRBxEiN73psjZp2i4z2fL5wG3Pyb23535z7vf2nNyEBDC0jqU/chEvR8Q3ScShlnX5yFYeW9tu9eH1mXRJol7/9M8kkuyx5vZJ9vtAVnkpIn79KuJkbnO71eWV+WK5XFrM6hO1hSsT1eWVU5cWinOludLlqenpM29NT737zts9i/X1839//8ndD898fXz1u5/vH76dxNk4mK1rjeMJ3GitHCv+m5VG4+yGDSd70NggSfp9AOzKSJbno5FeAw7FSJb1wPPvy4ioA0Mqkf8wpJrjgObcvkfz4GfGgw/WJkCN2Mda48+vvTYSextzo/2ryWMzo3S+O96D9tM2fvnjzu10ia1fh9jXpQ6wIzduRsTpfH7z9T/Jrn+7d7rx4vHWNrYxbP9/oJ/upuOfN9qN/3Lr459oM/450CZ3d6N7/ufu96CZjtLx33ttx7/rl67xkaz2QmPMN5pcvFQunY6IFyPiRNS73vo4s3qv3mld6/gvXdL2m2PB7Dju5/c8vs9ssVaMiLFdhvyYBzcjXsm3iz9Z7/+kTf+nz8f5bbZxtHTn1U7rusf/dNV/initbf8/6tZk6/uTE43zYaJ5Vmz2162jv3Vqv9/xp/2/f+v4x5PW+7XVnbfx495/Sp3W7fb8H0s+a5SbSXCtWKstTkaMJR9vfnzq0b7NenP7NP4Tx7e+/rU7/9PJ1+fbjP/WkVsdNx2E/p/dUf/vvHDvoy9+6NT+9vr/zUbpRPZIdv1rLztXtnuAT/r8AQAAAAAAwCDJRcTBSHKF9XIuVyisvb/jSOzPlSvV2smLlaXLs9H4rOx4jOaad7oPtbwfYjJ7P2yzPrWhPh0RhyPi25F9jXphplKe7XfwAAAAAAAAAAAAAAAAAAAAMCAOdPj8f+r3kX4fHfDUNb7YYE+/jwLoh65f+d+Lb3oCBlLX/AeeW/Ifhpf8h+El/2F4yX8YXvIfhpf8h+El/wEAAAAAAAAAAAAAAAAAAAAAAAAAAKCnzp87ly711YfXZ9L67NXlpfnK1VOzpep8YWFppjBTWbxSmKtU5sqlwkxlodvfK1cqVyanYunaRK1UrU1Ul1cuLFSWLtcuXFoozpUulEb/l6gAAAAAAAAAAAAAAAAAAADg2VJdXpkvlsulRYWOhfdjIA7jaQa4Zle75wclCoUOhZtZ9+5srz5elAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgg/8CAAD//4yLMZo=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x0)
pwrite64(r0, &(0x7f00000005c0)='\"', 0x1, 0x4fed0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x143042, 0x80)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x185942, 0x0)
sendfile(r2, r1, 0x0, 0x80000001)

284.807712ms ago: executing program 0 (id=2435):
syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, &(0x7f0000000240)={0x44, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r0 = syz_open_dev$evdev(&(0x7f0000001540), 0x0, 0x0)
ioctl$EVIOCGLED(r0, 0x5452, &(0x7f0000000240)=""/77)
ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000180)={0x57, 0x0, 0x0, {0xfffe, 0x1}, {0x74, 0x2}, @period={0x5c, 0x46, 0x1, 0xffc0, 0x3, {0x3, 0x9, 0xfd59, 0xca9}, 0x0, 0x0}})
r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x78, 0x822b01)
write$char_usb(r1, &(0x7f0000000040)="e2", 0x1068)

0s ago: executing program 5 (id=2436):
ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000500)={'veth1\x00', &(0x7f0000000200)=@ethtool_per_queue_op={0x4b, 0xf, [0xa, 0x1, 0x7fff, 0x1, 0x4, 0x9, 0xa4, 0x40000ffb, 0x7, 0xb69, 0xc1, 0x4, 0x1, 0x3, 0x5, 0x101, 0x1000, 0x3, 0x2, 0x0, 0x2, 0xfffffffa, 0x0, 0x6, 0x9, 0x4, 0x3, 0x5, 0x100000, 0x762, 0x3, 0xd, 0xe, 0x2b12, 0x2, 0x6, 0x1c00, 0xb, 0x7, 0xbed4, 0x6, 0x8000100, 0x3, 0x0, 0x11000, 0x6, 0x5, 0x79b, 0x2, 0x1, 0x7f, 0x4, 0xa, 0x5, 0x8000c, 0x101, 0xd7, 0x1fa0860a, 0x7, 0xaa, 0x81, 0x2, 0x180000, 0x4007, 0x8b, 0x5, 0x2af, 0x3, 0x5, 0x2, 0x6, 0x9, 0x4, 0xcd, 0x4009, 0x80000000, 0x4, 0xa8, 0x8, 0x752, 0x0, 0x5, 0x0, 0xfffd, 0x2, 0xffffffff, 0x6, 0x6, 0x9, 0x80000000, 0xfdffffff, 0x2, 0x6, 0x84, 0x100, 0x5, 0x252, 0x81, 0xb, 0x5, 0x20006, 0x5, 0x2, 0xb, 0x2, 0xd9a, 0xd, 0x2a2, 0xfffffffd, 0x3, 0x3, 0x5, 0x8, 0x0, 0x4, 0x2, 0x40, 0xb, 0x0, 0x4, 0x401, 0x66cd, 0x5, 0x8, 0x3, 0x7fff, 0xc5c, 0xffffffff]}})
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)
r0 = socket$alg(0x26, 0x5, 0x0)
bind$alg(r0, &(0x7f0000000300)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18)

kernel console output (not intermixed with test programs):

g interface: batadv_slave_0
[  346.798400][T11009] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  346.824727][T11009] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  346.920121][T11003] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  347.039982][T11009] batman_adv: batadv0: Adding interface: batadv_slave_1
[  347.067470][T11009] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  347.119042][T11009] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  347.365601][ T5784] Bluetooth: hci1: command tx timeout
[  347.436444][T11003] team0: Port device team_slave_0 added
[  347.486348][T11003] team0: Port device team_slave_1 added
[  347.525244][ T5784] Bluetooth: hci2: command tx timeout
[  347.701972][T11009] hsr_slave_0: entered promiscuous mode
[  347.758499][T11009] hsr_slave_1: entered promiscuous mode
[  347.789902][T11009] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  347.805065][T11009] Cannot create hsr debugfs directory
[  347.985534][T11003] batman_adv: batadv0: Adding interface: batadv_slave_0
[  347.995385][T11003] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  348.064902][T11003] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  348.077765][T11161] input: syz0 as /devices/virtual/input/input28
[  348.097157][T11003] batman_adv: batadv0: Adding interface: batadv_slave_1
[  348.104685][T11003] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  348.185266][T11003] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  348.606867][ T6523] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  348.618091][   T12] hsr_slave_0: left promiscuous mode
[  348.631824][   T12] hsr_slave_1: left promiscuous mode
[  348.655232][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  348.662718][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  348.675337][   T12] bridge_slave_1: left allmulticast mode
[  348.681056][   T12] bridge_slave_1: left promiscuous mode
[  348.702678][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  348.740404][   T12] bridge_slave_0: left allmulticast mode
[  348.754817][   T12] bridge_slave_0: left promiscuous mode
[  348.763118][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  348.840826][   T12] hsr_slave_0: left promiscuous mode
[  348.861098][   T12] hsr_slave_1: left promiscuous mode
[  348.883410][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  348.906770][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  348.926867][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  348.952936][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  348.974474][   T12] bridge_slave_1: left allmulticast mode
[  348.982266][   T12] bridge_slave_1: left promiscuous mode
[  349.003621][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  349.022641][   T12] bridge_slave_0: left allmulticast mode
[  349.029969][   T12] bridge_slave_0: left promiscuous mode
[  349.041696][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  349.154734][   T12] veth1_macvtap: left promiscuous mode
[  349.160575][   T12] veth0_macvtap: left promiscuous mode
[  349.172911][   T12] veth1_vlan: left promiscuous mode
[  349.180976][   T12] veth0_vlan: left promiscuous mode
[  349.201855][   T12] veth1_macvtap: left promiscuous mode
[  349.219868][   T12] veth0_macvtap: left promiscuous mode
[  349.240041][   T12] veth1_vlan: left promiscuous mode
[  349.251689][   T12] veth0_vlan: left promiscuous mode
[  349.444887][ T5784] Bluetooth: hci1: command tx timeout
[  349.606523][ T5784] Bluetooth: hci2: command tx timeout
[  349.803850][ T5083] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  349.816778][ T5083] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  349.849270][ T5083] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  349.866716][ T5083] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  349.874560][ T5083] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  349.883503][ T5083] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  350.431868][   T12] team0 (unregistering): Port device team_slave_1 removed
[  350.498945][   T12] team0 (unregistering): Port device team_slave_0 removed
[  350.559421][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  350.624169][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  351.135014][   T12] bond0 (unregistering): (slave bridge0): Releasing backup interface
[  351.144098][   T12] bond0 (unregistering): Released all slaves
[  351.976345][   T12] team0 (unregistering): Port device team_slave_1 removed
[  352.008608][ T5784] Bluetooth: hci3: command tx timeout
[  352.053784][   T12] team0 (unregistering): Port device team_slave_0 removed
[  352.112199][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  352.174467][   T12] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  352.658365][   T12] bond0 (unregistering): Released all slaves
[  352.814372][T11003] hsr_slave_0: entered promiscuous mode
[  352.830456][T11003] hsr_slave_1: entered promiscuous mode
[  352.861670][T11003] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  352.876641][T11003] Cannot create hsr debugfs directory
[  353.511348][ T5831] IPVS: starting estimator thread 0...
[  353.551675][T11009] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  353.630386][T11009] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  353.635271][T11197] IPVS: using max 20 ests per chain, 48000 per kthread
[  353.660872][T11009] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  353.699649][T11009] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  354.087047][ T5784] Bluetooth: hci3: command tx timeout
[  354.210046][T11003] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  354.254642][T11003] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  354.290973][T11003] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  354.329730][T11003] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  354.388383][T11184] chnl_net:caif_netlink_parms(): no params data found
[  354.490157][T11009] 8021q: adding VLAN 0 to HW filter on device bond0
[  354.771920][T11184] bridge0: port 1(bridge_slave_0) entered blocking state
[  354.793423][T11184] bridge0: port 1(bridge_slave_0) entered disabled state
[  354.804554][T11184] bridge_slave_0: entered allmulticast mode
[  354.812836][T11184] bridge_slave_0: entered promiscuous mode
[  354.841646][T11184] bridge0: port 2(bridge_slave_1) entered blocking state
[  354.853692][T11184] bridge0: port 2(bridge_slave_1) entered disabled state
[  354.864153][T11184] bridge_slave_1: entered allmulticast mode
[  354.891339][T11184] bridge_slave_1: entered promiscuous mode
[  355.000300][   T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0
[  355.025017][   T12] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  355.128938][T11009] 8021q: adding VLAN 0 to HW filter on device team0
[  355.312828][   T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0
[  355.332865][ T5812] libceph: connect (1)[c::]:6789 error -101
[  355.341334][ T5812] libceph: mon0 (1)[c::]:6789 connect error
[  355.359818][   T12] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  355.375408][ T5812] libceph: connect (1)[c::]:6789 error -101
[  355.381493][ T5812] libceph: mon0 (1)[c::]:6789 connect error
[  355.393617][    T8] libceph: connect (1)[c::]:6789 error -101
[  355.403793][    T8] libceph: mon0 (1)[c::]:6789 connect error
[  355.411963][   T42] bridge0: port 1(bridge_slave_0) entered blocking state
[  355.419154][   T42] bridge0: port 1(bridge_slave_0) entered forwarding state
[  355.433320][   T42] bridge0: port 2(bridge_slave_1) entered blocking state
[  355.440528][   T42] bridge0: port 2(bridge_slave_1) entered forwarding state
[  355.453887][T11184] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  355.493336][   T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0
[  355.503894][   T12] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  355.524480][T11184] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  355.601452][   T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 2816 - 0
[  355.613000][   T12] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  355.663647][T11184] team0: Port device team_slave_0 added
[  355.687056][  T971] libceph: connect (1)[c::]:6789 error -101
[  355.697517][  T971] libceph: mon0 (1)[c::]:6789 connect error
[  355.709098][  T971] libceph: connect (1)[c::]:6789 error -101
[  355.711086][T11184] team0: Port device team_slave_1 added
[  355.721220][  T971] libceph: mon0 (1)[c::]:6789 connect error
[  355.848268][T11184] batman_adv: batadv0: Adding interface: batadv_slave_0
[  355.861520][T11184] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  355.894443][T11184] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  355.913089][T11184] batman_adv: batadv0: Adding interface: batadv_slave_1
[  355.920623][T11184] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  355.954019][T11184] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  356.013319][T11003] 8021q: adding VLAN 0 to HW filter on device bond0
[  356.052649][T11184] hsr_slave_0: entered promiscuous mode
[  356.062756][T11184] hsr_slave_1: entered promiscuous mode
[  356.070772][T11184] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  356.095014][T11184] Cannot create hsr debugfs directory
[  356.116733][T11231] ceph: No mds server is up or the cluster is laggy
[  356.130310][T11237] ceph: No mds server is up or the cluster is laggy
[  356.166000][ T5784] Bluetooth: hci3: command tx timeout
[  356.235518][ T5812] libceph: connect (1)[c::]:6789 error -101
[  356.241628][ T5812] libceph: mon0 (1)[c::]:6789 connect error
[  356.260027][  T971] libceph: connect (1)[c::]:6789 error -101
[  356.266689][  T971] libceph: mon0 (1)[c::]:6789 connect error
[  356.524316][T11003] 8021q: adding VLAN 0 to HW filter on device team0
[  356.610901][  T140] bridge0: port 1(bridge_slave_0) entered blocking state
[  356.618167][  T140] bridge0: port 1(bridge_slave_0) entered forwarding state
[  356.667121][  T140] bridge0: port 2(bridge_slave_1) entered blocking state
[  356.674347][  T140] bridge0: port 2(bridge_slave_1) entered forwarding state
[  356.784918][T11020] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  356.997071][T11020] usb 2-1: unable to get BOS descriptor or descriptor too short
[  357.017947][T11020] usb 2-1: config 1 has an invalid descriptor of length 233, skipping remainder of the config
[  357.042796][T11020] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  357.078748][T11020] usb 2-1: New USB device found, idVendor=1235, idProduct=0010, bcdDevice= 0.40
[  357.093401][T11020] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  357.104939][T11020] usb 2-1: Product: syz
[  357.114934][T11020] usb 2-1: Manufacturer: syz
[  357.122652][T11020] usb 2-1: SerialNumber: syz
[  357.148333][T11020] usb 2-1: selecting invalid altsetting 1
[  357.156530][T11020] usb 2-1: unit 6 not found!
[  357.303085][T11009] 8021q: adding VLAN 0 to HW filter on device batadv0
[  357.686076][T11184] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  357.780134][T11184] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  357.810037][T11184] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  357.871953][T11184] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  358.246680][ T5784] Bluetooth: hci3: command tx timeout
[  358.257446][T11020] snd-usb-audio: probe of 2-1:1.0 failed with error -22
[  358.270791][T11003] 8021q: adding VLAN 0 to HW filter on device batadv0
[  358.300002][T11020] usb 2-1: USB disconnect, device number 17
[  358.382203][   T12] hsr_slave_0: left promiscuous mode
[  358.398258][ T5786] udevd[5786]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  358.426950][   T12] hsr_slave_1: left promiscuous mode
[  358.441910][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  358.451044][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  358.459459][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  358.467065][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  358.475413][   T12] bridge_slave_1: left allmulticast mode
[  358.481176][   T12] bridge_slave_1: left promiscuous mode
[  358.492085][   T12] bridge0: port 2(bridge_slave_1) entered disabled state
[  358.501397][   T12] bridge_slave_0: left allmulticast mode
[  358.508040][   T12] bridge_slave_0: left promiscuous mode
[  358.513854][   T12] bridge0: port 1(bridge_slave_0) entered disabled state
[  358.551372][   T12] veth1_macvtap: left promiscuous mode
[  358.557020][   T12] veth0_macvtap: left promiscuous mode
[  358.564274][   T12] veth1_vlan: left promiscuous mode
[  358.571307][   T12] veth0_vlan: left promiscuous mode
[  359.614027][   T12] team0 (unregistering): Port device team_slave_1 removed
[  359.683029][   T12] team0 (unregistering): Port device team_slave_0 removed
[  359.748911][   T12] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  360.435534][   T12] bond0 (unregistering): Released all slaves
[  360.644465][T11009] veth0_vlan: entered promiscuous mode
[  360.786241][T11184] 8021q: adding VLAN 0 to HW filter on device bond0
[  360.815775][T11009] veth1_vlan: entered promiscuous mode
[  360.941599][T11009] veth0_macvtap: entered promiscuous mode
[  360.960050][T11009] veth1_macvtap: entered promiscuous mode
[  360.994577][T11184] 8021q: adding VLAN 0 to HW filter on device team0
[  361.086973][T11009] batman_adv: batadv0: Interface activated: batadv_slave_0
[  361.131264][ T8403] bridge0: port 1(bridge_slave_0) entered blocking state
[  361.138528][ T8403] bridge0: port 1(bridge_slave_0) entered forwarding state
[  361.215298][ T8403] bridge0: port 2(bridge_slave_1) entered blocking state
[  361.222574][ T8403] bridge0: port 2(bridge_slave_1) entered forwarding state
[  361.253271][T11009] batman_adv: batadv0: Interface activated: batadv_slave_1
[  361.317420][T11009] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  361.339370][T11009] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  361.360634][T11009] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  361.391577][T11009] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  361.714997][  T140] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  361.722899][  T140] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  361.824085][T11003] veth0_vlan: entered promiscuous mode
[  361.912606][ T8399] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  361.921015][T11003] veth1_vlan: entered promiscuous mode
[  361.955082][ T8399] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  362.089122][T11003] veth0_macvtap: entered promiscuous mode
[  362.127599][T11003] veth1_macvtap: entered promiscuous mode
[  362.177463][T11003] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  362.195768][T11003] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  362.216626][T11003] batman_adv: batadv0: Interface activated: batadv_slave_0
[  362.284400][T11003] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  362.308085][T11340] loop8: detected capacity change from 0 to 512
[  362.320620][T11003] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  362.346683][T11003] batman_adv: batadv0: Interface activated: batadv_slave_1
[  362.371901][T11184] 8021q: adding VLAN 0 to HW filter on device batadv0
[  362.398011][T11003] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  362.468353][T11003] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  362.477417][T11003] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  362.486569][T11003] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  362.937461][ T8405] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  362.945681][ T8405] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  363.042723][ T8401] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  363.081578][ T8401] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  363.506000][T11184] veth0_vlan: entered promiscuous mode
[  363.542509][T11184] veth1_vlan: entered promiscuous mode
[  363.675418][T11184] veth0_macvtap: entered promiscuous mode
[  363.698469][T11184] veth1_macvtap: entered promiscuous mode
[  363.794426][T11184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  363.830499][T11184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  363.874898][T11184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  363.888271][T11184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  363.930874][T11184] batman_adv: batadv0: Interface activated: batadv_slave_0
[  364.045055][T11184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  364.092542][T11184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  364.130544][T11184] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  364.164645][T11184] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  364.197741][T11184] batman_adv: batadv0: Interface activated: batadv_slave_1
[  364.384253][T11184] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  364.398920][T11184] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  364.411636][T11184] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  364.424715][T11184] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  364.787455][  T140] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  364.817158][  T140] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  364.976188][ T8403] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  364.997412][ T8403] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  365.314885][   T28] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  365.586768][   T28] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  365.626330][   T28] usb 8-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[  365.650301][   T28] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  365.663065][T11426] netlink: 'syz.8.1772': attribute type 19 has an invalid length.
[  365.671988][   T28] usb 8-1: config 0 descriptor??
[  365.684245][T11426] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1772'.
[  365.715444][   T28] pwc: Askey VC010 type 2 USB webcam detected.
[  365.746338][T11426] netdevsim netdevsim8 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  365.755311][T11426] netdevsim netdevsim8 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  365.764102][T11426] netdevsim netdevsim8 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  365.773119][T11426] netdevsim netdevsim8 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  365.831118][T11426] netlink: 'syz.8.1772': attribute type 19 has an invalid length.
[  365.846245][T11426] netlink: 4 bytes leftover after parsing attributes in process `syz.8.1772'.
[  366.127499][   T28] pwc: recv_control_msg error -32 req 02 val 2b00
[  366.138261][   T28] pwc: recv_control_msg error -32 req 02 val 2700
[  366.150307][   T28] pwc: recv_control_msg error -32 req 02 val 2c00
[  366.375112][   T28] pwc: recv_control_msg error -71 req 04 val 1300
[  366.396541][   T28] pwc: recv_control_msg error -71 req 04 val 1400
[  366.410020][   T28] pwc: recv_control_msg error -71 req 02 val 2000
[  366.428662][   T28] pwc: recv_control_msg error -71 req 02 val 2100
[  366.462139][   T28] pwc: recv_control_msg error -71 req 04 val 1500
[  366.505208][   T28] pwc: recv_control_msg error -71 req 02 val 2500
[  366.521620][   T28] pwc: recv_control_msg error -71 req 02 val 2400
[  366.539101][   T28] pwc: recv_control_msg error -71 req 02 val 2600
[  366.555220][   T28] pwc: recv_control_msg error -71 req 02 val 2900
[  366.567784][   T28] pwc: recv_control_msg error -71 req 02 val 2800
[  366.585784][   T28] pwc: recv_control_msg error -71 req 04 val 1100
[  366.604993][   T28] pwc: recv_control_msg error -71 req 04 val 1200
[  366.671029][   T28] pwc: Registered as video103.
[  366.682104][   T28] input: PWC snapshot button as /devices/platform/dummy_hcd.7/usb8/8-1/input/input29
[  366.719741][   T28] usb 8-1: USB disconnect, device number 2
[  366.731270][T11454] loop9: detected capacity change from 0 to 128
[  366.837113][T11454] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  366.873984][T11454] hpfs: filesystem error: improperly stopped
[  366.883447][T11454] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  366.897051][T11454] hpfs: You really don't want any checks? You are crazy...
[  366.908800][T11454] hpfs: hpfs_map_sector(): read error
[  366.914228][T11454] hpfs: code page support is disabled
[  366.974700][T11454] hpfs: hpfs_map_4sectors(): unaligned read
[  366.991741][T11454] hpfs: hpfs_map_4sectors(): unaligned read
[  367.015294][T11454] hpfs: filesystem error: unable to find root dir
[  367.170429][T11463] kernel read not supported for file /file1 (pid: 11463 comm: syz.7.1781)
[  367.232314][   T27] audit: type=1800 audit(2000000264.165:171): pid=11463 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.1781" name="file1" dev="mqueue" ino=28023 res=0 errno=0
[  367.563173][T11475] netlink: 16 bytes leftover after parsing attributes in process `syz.7.1785'.
[  367.604021][T11475] netlink: 208 bytes leftover after parsing attributes in process `syz.7.1785'.
[  369.452750][T11531] loop9: detected capacity change from 0 to 128
[  369.476071][T11531] FAT-fs (loop9): Unrecognized mount option "ÿÿÿ" or missing value
[  369.857967][T11543] loop9: detected capacity change from 0 to 512
[  369.935788][T11543] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  369.994594][T11543] ext4 filesystem being mounted at /9/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  370.110166][   T27] audit: type=1800 audit(2000000267.045:172): pid=11543 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.1805" name="file1" dev="loop9" ino=15 res=0 errno=0
[  370.352870][T11559] loop7: detected capacity change from 0 to 256
[  370.389093][T11559] exfat: Deprecated parameter 'utf8'
[  370.443001][T11559] exFAT-fs (loop7): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d)
[  370.531021][T11184] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  370.912066][T11569] loop1: detected capacity change from 0 to 512
[  371.198547][T11575] "syz.7.1812" (11575) uses obsolete ecb(arc4) skcipher
[  371.255794][T11577] loop1: detected capacity change from 0 to 2048
[  371.285394][T11577] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024)
[  371.336724][T11579] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  371.899598][T11570] loop8: detected capacity change from 0 to 32768
[  372.032824][T11570] XFS (loop8): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  372.202318][T11570] XFS (loop8): Ending clean mount
[  372.236761][T11570] XFS (loop8): Quotacheck needed: Please wait.
[  372.364120][T11570] XFS (loop8): Quotacheck: Done.
[  372.389213][T11615] loop7: detected capacity change from 0 to 64
[  372.482582][   T27] audit: type=1800 audit(2000000269.415:173): pid=11615 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.1821" name="file1" dev="loop7" ino=21 res=0 errno=0
[  372.621352][T11615] hfs: request for non-existent node -16318464 in B*Tree
[  372.675421][T11615] hfs: request for non-existent node -16318464 in B*Tree
[  372.703483][T11009] XFS (loop8): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  372.811155][T11614] hfs: request for non-existent node -16318464 in B*Tree
[  372.820031][T11614] hfs: request for non-existent node -16318464 in B*Tree
[  372.978494][ T8399] hfs: request for non-existent node -16318464 in B*Tree
[  372.995404][ T8399] hfs: request for non-existent node -16318464 in B*Tree
[  375.046663][T11685] netlink: 16 bytes leftover after parsing attributes in process `syz.7.1840'.
[  375.401744][T11671] loop9: detected capacity change from 0 to 40427
[  375.456546][T11671] F2FS-fs (loop9): invalid crc value
[  375.462291][T11694] IPVS: persistence engine module ip_vs_pe_ not found
[  375.519216][T11671] F2FS-fs (loop9): Found nat_bits in checkpoint
[  375.698964][T11671] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5
[  376.041911][T11688] loop8: detected capacity change from 0 to 32768
[  376.065629][T11688] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop8 scanned by syz.8.1841 (11688)
[  376.122391][T11688] BTRFS info (device loop8): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  376.155807][T11688] BTRFS info (device loop8): using sha256 (sha256-avx2) checksum algorithm
[  376.178376][T11688] BTRFS info (device loop8): enabling auto defrag
[  376.190693][T11688] BTRFS info (device loop8): use no compression
[  376.201015][T11688] BTRFS info (device loop8): force clearing of disk cache
[  376.212162][T11688] BTRFS info (device loop8): max_inline at 4096
[  376.220261][T11688] BTRFS info (device loop8): disabling free space tree
[  376.301967][T11688] BTRFS info (device loop8): enabling ssd optimizations
[  376.337686][T11688] BTRFS info (device loop8): auto enabling async discard
[  376.367596][T11688] BTRFS info (device loop8): rebuilding free space tree
[  376.413931][T11184] syz-executor: attempt to access beyond end of device
[  376.413931][T11184] loop9: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  376.445560][T11688] BTRFS info (device loop8): disabling free space tree
[  376.452596][T11184] F2FS-fs (loop9): Stopped filesystem due to reason: 3
[  376.467298][T11688] BTRFS info (device loop8): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  376.490771][T11688] BTRFS info (device loop8): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  376.695201][   T27] audit: type=1800 audit(2000000273.625:174): pid=11688 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.1841" name="bus" dev="loop8" ino=263 res=0 errno=0
[  377.070673][T11009] BTRFS info (device loop8): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  377.827341][T11770] loop9: detected capacity change from 0 to 512
[  377.960519][T11770] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  377.987291][T11773] loop7: detected capacity change from 0 to 512
[  378.003516][T11770] ext4 filesystem being mounted at /17/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  378.028520][T11773] EXT4-fs (loop7): Test dummy encryption mode enabled
[  378.036236][T11773] EXT4-fs (loop7): encrypted files will use data=ordered instead of data journaling mode
[  378.080221][T11773] EXT4-fs error (device loop7): ext4_orphan_get:1430: comm syz.7.1856: bad orphan inode 131083
[  378.132311][T11773] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  378.376330][T11184] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  378.417280][T11003] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  378.732251][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[  378.739155][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[  379.533030][T11829] loop9: detected capacity change from 0 to 512
[  380.125057][T11840] loop8: detected capacity change from 0 to 136
[  380.280066][T11841] loop7: detected capacity change from 0 to 2048
[  380.336562][T11841] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  380.393550][T11845] loop9: detected capacity change from 0 to 1024
[  380.451063][T11845] EXT4-fs: Ignoring removed bh option
[  380.535407][T11845] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  380.912646][T11184] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  381.009914][T11863] loop1: detected capacity change from 0 to 4096
[  381.080815][T11863] ntfs3: loop1: Mark volume as dirty due to NTFS errors
[  381.135058][T11018] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  381.155481][T11863] ntfs3: loop1: Failed to load $Extend (-22).
[  381.167651][T11863] ntfs3: loop1: Failed to initialize $Extend.
[  381.263199][T11872] loop7: detected capacity change from 0 to 2048
[  381.346734][T11018] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  381.374445][T11018] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  381.392201][   T27] audit: type=1800 audit(2000000278.325:175): pid=11863 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1881" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop1" ino=33 res=0 errno=0
[  381.434153][    C1] vkms_vblank_simulate: vblank timer overrun
[  381.459152][T11872] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  381.481680][T11018] usb 9-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  381.540596][T11018] usb 9-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  381.585601][T11018] usb 9-1: Manufacturer: syz
[  381.600869][T11018] usb 9-1: config 0 descriptor??
[  381.697409][T11880] gretap1: entered promiscuous mode
[  382.044005][   T27] audit: type=1326 audit(2000000278.975:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11885 comm="syz.1.1887" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f765219cdd9 code=0x7ffc0000
[  382.088595][T11886] loop1: detected capacity change from 0 to 512
[  382.119816][   T27] audit: type=1326 audit(2000000278.975:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11885 comm="syz.1.1887" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f765219cdd9 code=0x7ffc0000
[  382.156887][   T27] audit: type=1326 audit(2000000279.015:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11885 comm="syz.1.1887" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f765219cdd9 code=0x7ffc0000
[  382.234558][T11886] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  382.254910][   T27] audit: type=1326 audit(2000000279.015:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11885 comm="syz.1.1887" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f765219cb42 code=0x7ffc0000
[  382.293904][T11886] ext4 filesystem being mounted at /530/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  382.384876][   T27] audit: type=1326 audit(2000000279.015:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11885 comm="syz.1.1887" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f765215d60e code=0x7ffc0000
[  382.475313][T11018] uclogic 0003:256C:006D.0013: interface is invalid, ignoring
[  382.488174][   T27] audit: type=1326 audit(2000000279.025:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11885 comm="syz.1.1887" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f765219cc07 code=0x7ffc0000
[  382.550769][   T27] audit: type=1326 audit(2000000279.025:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11885 comm="syz.1.1887" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f765215d60e code=0x7ffc0000
[  382.601165][   T27] audit: type=1326 audit(2000000279.025:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11885 comm="syz.1.1887" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f765219ca6b code=0x7ffc0000
[  382.630111][ T5772] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  382.681508][   T27] audit: type=1326 audit(2000000279.045:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11885 comm="syz.1.1887" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f765215d60e code=0x7ffc0000
[  382.726178][T11348] usb 9-1: USB disconnect, device number 2
[  382.819864][T11901] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1889'.
[  383.091063][T11910] loop9: detected capacity change from 0 to 512
[  383.132953][T11884] loop7: detected capacity change from 0 to 40427
[  383.178318][T11910] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  383.191990][T11910] ext4 filesystem being mounted at /27/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  383.226750][T11884] F2FS-fs (loop7): invalid crc value
[  383.323248][T11184] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  383.552034][T11884] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  383.787123][ T1137] kworker/u4:7: attempt to access beyond end of device
[  383.787123][ T1137] loop7: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  383.840667][ T1137] F2FS-fs (loop7): Stopped filesystem due to reason: 3
[  383.873712][ T1137] F2FS-fs (loop7): Stopped filesystem due to reason: 3
[  383.926435][T11884] VFS:Filesystem freeze failed
[  384.438484][T11948] PF_CAN: dropped non conform CAN FD skbuff: dev type 65534, len 4080
[  385.341434][T11982] input: syz0 as /devices/virtual/input/input30
[  385.348191][T11982] input: failed to attach handler leds to device input30, error: -6
[  385.958708][T11990] loop7: detected capacity change from 0 to 2048
[  386.043086][T11990] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  386.229558][T11990] EXT4-fs error (device loop7): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  386.356747][T11003] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  386.665750][T12005] loop9: detected capacity change from 0 to 8192
[  386.701724][T12005] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  386.724411][T12005] REISERFS (device loop9): found reiserfs format "3.5" with non-standard journal
[  386.745681][T12005] REISERFS (device loop9): using ordered data mode
[  386.752346][T12005] reiserfs: using flush barriers
[  386.868104][T12005] REISERFS (device loop9): journal params: device loop9, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  386.927645][T12005] REISERFS (device loop9): checking transaction log (loop9)
[  386.937967][T12005] REISERFS (device loop9): Using r5 hash to sort names
[  386.956681][T12005] REISERFS (device loop9): Created .reiserfs_priv - reserved for xattr storage.
[  387.108777][   T27] kauditd_printk_skb: 16 callbacks suppressed
[  387.108794][   T27] audit: type=1800 audit(2000000284.045:201): pid=12005 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.9.1917" name="file1" dev="loop9" ino=3 res=0 errno=0
[  387.430993][T12024] netlink: 'syz.7.1925': attribute type 10 has an invalid length.
[  387.457049][T12024] bridge0: port 2(bridge_slave_1) entered disabled state
[  387.464975][T12024] bridge0: port 1(bridge_slave_0) entered disabled state
[  387.532294][T12024] bridge0: port 2(bridge_slave_1) entered blocking state
[  387.539600][T12024] bridge0: port 2(bridge_slave_1) entered forwarding state
[  387.547243][T12024] bridge0: port 1(bridge_slave_0) entered blocking state
[  387.554466][T12024] bridge0: port 1(bridge_slave_0) entered forwarding state
[  387.586683][T12024] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  387.733616][T12030] syzkaller1: entered promiscuous mode
[  387.739558][T12030] syzkaller1: entered allmulticast mode
[  387.760794][T12003] loop8: detected capacity change from 0 to 40427
[  387.774025][T12003] F2FS-fs (loop8): build fault injection attr: rate: 771, type: 0x7ffff
[  387.782867][ T5831] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  387.793961][T12003] F2FS-fs (loop8): invalid crc value
[  387.807967][T12003] F2FS-fs (loop8): Found nat_bits in checkpoint
[  387.871142][T12003] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  387.902821][T12003] F2FS-fs (loop8): inject no more block in inc_valid_block_count of f2fs_map_blocks+0x12c0/0x3e60
[  387.979542][T12003] F2FS-fs (loop8): inject no more block in inc_valid_block_count of f2fs_map_blocks+0x12c0/0x3e60
[  388.011632][ T5831] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  388.043790][ T5831] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  388.086325][ T5831] usb 10-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  388.119213][ T5831] usb 10-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  388.129405][ T5831] usb 10-1: Manufacturer: syz
[  388.136419][T11009] syz-executor: attempt to access beyond end of device
[  388.136419][T11009] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  388.153050][T11009] F2FS-fs (loop8): Stopped filesystem due to reason: 3
[  388.163122][ T5831] usb 10-1: config 0 descriptor??
[  388.425616][T12041] overlayfs: refusing to follow metacopy origin for (/file1)
[  389.222549][ T5831] uclogic 0003:256C:006D.0014: v1 frame probing failed: -71
[  389.241287][ T5831] uclogic 0003:256C:006D.0014: failed probing parameters: -71
[  389.274973][ T5831] uclogic: probe of 0003:256C:006D.0014 failed with error -71
[  389.329001][ T5831] usb 10-1: USB disconnect, device number 2
[  389.958391][T12057] loop7: detected capacity change from 0 to 32768
[  390.007597][T12057] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop7 scanned by syz.7.1933 (12057)
[  390.038176][T12057] BTRFS info (device loop7): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  390.058722][T12057] BTRFS info (device loop7): using sha256 (sha256-avx2) checksum algorithm
[  390.071019][T12057] BTRFS info (device loop7): enabling auto defrag
[  390.079145][T12057] BTRFS info (device loop7): use no compression
[  390.087940][T12057] BTRFS info (device loop7): turning on sync discard
[  390.104999][T12057] BTRFS info (device loop7): using free space tree
[  390.261503][T12064] loop8: detected capacity change from 0 to 32768
[  390.300357][T12064] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop8 scanned by syz.8.1935 (12064)
[  390.352911][T12057] BTRFS info (device loop7): enabling ssd optimizations
[  390.419604][T12064] BTRFS info (device loop8): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  390.451997][T12057] BTRFS info (device loop7): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  390.478943][T12064] BTRFS info (device loop8): using sha256 (sha256-avx2) checksum algorithm
[  390.512938][T12064] BTRFS info (device loop8): using free space tree
[  390.575079][T12066] loop1: detected capacity change from 0 to 40427
[  390.599587][T12066] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  390.611693][T12066] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  390.745542][T12064] BTRFS info (device loop8): enabling ssd optimizations
[  390.752575][T12064] BTRFS info (device loop8): auto enabling async discard
[  390.767719][T12066] F2FS-fs (loop1): Found nat_bits in checkpoint
[  391.181901][T12066] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  391.205463][T12066] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  391.371028][T11009] BTRFS info (device loop8): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  391.729213][ T6158] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 10 /dev/loop8 scanned by udevd (6158)
[  391.902023][T12114] loop9: detected capacity change from 0 to 32768
[  391.992765][T12114] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop9 scanned by syz.9.1939 (12114)
[  392.104298][T12114] BTRFS info (device loop9): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  392.149025][T12114] BTRFS info (device loop9): using crc32c (crc32c-intel) checksum algorithm
[  392.194853][T12114] BTRFS info (device loop9): metadata ratio 2
[  392.201017][T12114] BTRFS info (device loop9): allowing degraded mounts
[  392.238965][T12114] BTRFS info (device loop9): force zlib compression, level 3
[  392.271302][T12114] BTRFS info (device loop9): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  392.313359][T12114] BTRFS info (device loop9): use zstd compression, level 3
[  392.359976][T12114] BTRFS info (device loop9): force clearing of disk cache
[  392.398804][T12114] BTRFS info (device loop9): allowing degraded mounts
[  392.413929][T12114] BTRFS info (device loop9): max_inline at 0
[  392.437787][T12114] BTRFS info (device loop9): using free space tree
[  392.722069][T12156] loop7: detected capacity change from 0 to 1024
[  392.744867][T12114] BTRFS info (device loop9): enabling ssd optimizations
[  392.789587][T12114] BTRFS info (device loop9): rebuilding free space tree
[  392.836729][T12156] EXT4-fs error (device loop7): ext4_quota_enable:7144: inode #3: comm syz.7.1945: iget: bad extended attribute block 5
[  392.905070][T12156] EXT4-fs error (device loop7): ext4_quota_enable:7147: comm syz.7.1945: Bad quota inode: 3, type: 0
[  392.942393][T12167] loop8: detected capacity change from 0 to 256
[  392.955150][T12156] EXT4-fs warning (device loop7): ext4_enable_quotas:7188: Failed to enable quota tracking (type=0, err=-117, ino=3). Please run e2fsck to fix.
[  393.022421][T12167] exFAT-fs (loop8): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  393.065200][T12156] EXT4-fs (loop7): mount failed
[  393.070207][T12167] exFAT-fs (loop8): Medium has reported failures. Some data may be lost.
[  393.171673][T12167] exFAT-fs (loop8): failed to load upcase table (idx : 0x0000ff98, chksum : 0xc64c91aa, utbl_chksum : 0xe619d30d)
[  393.399564][T12175] exFAT-fs (loop8): invalid start cluster (2155877699)
[  393.706709][T11184] BTRFS info (device loop9): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  394.155900][T12192] netlink: 12 bytes leftover after parsing attributes in process `syz.7.1954'.
[  394.957633][T12219] loop8: detected capacity change from 0 to 16
[  395.028791][T12219] erofs: (device loop8): mounted with root inode @ nid 36.
[  396.060996][T12245] loop1: detected capacity change from 0 to 1024
[  396.269416][T12216] loop9: detected capacity change from 0 to 40427
[  396.319848][T12216] F2FS-fs (loop9): invalid crc value
[  396.392648][T12216] F2FS-fs (loop9): Found nat_bits in checkpoint
[  396.594264][T12216] F2FS-fs (loop9): Start checkpoint disabled!
[  396.653244][T12216] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e6
[  397.095606][   T12] kworker/u4:1: attempt to access beyond end of device
[  397.095606][   T12] loop9: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  397.133400][   T12] F2FS-fs (loop9): Stopped filesystem due to reason: 3
[  397.154439][   T12] F2FS-fs (loop9): Stopped filesystem due to reason: 3
[  398.122602][T12313] loop9: detected capacity change from 0 to 512
[  398.218391][T12313] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  398.271105][T12313] ext4 filesystem being mounted at /44/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  398.562394][T11184] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  398.994887][    T8] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  399.186046][    T8] usb 10-1: Using ep0 maxpacket: 32
[  399.199843][    T8] usb 10-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  399.221092][    T8] usb 10-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  399.243746][    T8] usb 10-1: config 0 interface 0 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0
[  399.255380][    T8] usb 10-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  399.284957][    T8] usb 10-1: config 0 interface 0 has no altsetting 0
[  399.301372][    T8] usb 10-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[  399.325243][    T8] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  399.346990][    T8] usb 10-1: config 0 descriptor??
[  399.679287][T12358] loop1: detected capacity change from 0 to 32768
[  399.710972][T12358] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 scanned by syz.1.1996 (12358)
[  399.754687][T12358] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  399.771899][T12358] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  399.782577][T12358] BTRFS warning (device loop1): the 'inode_cache' option is deprecated and has no effect since 5.11
[  399.806144][T12358] BTRFS info (device loop1): using free space tree
[  399.816955][    T8] corsair-cpro 0003:1B1C:0C10.0015: hidraw0: USB HID v4.06 Device [HID 1b1c:0c10] on usb-dummy_hcd.9-1/input0
[  399.954339][    T8] corsair-cpro: probe of 0003:1B1C:0C10.0015 failed with error -38
[  399.980069][T12358] BTRFS info (device loop1): enabling ssd optimizations
[  399.987263][T12358] BTRFS info (device loop1): auto enabling async discard
[  400.024980][    T8] usb 10-1: USB disconnect, device number 3
[  400.139661][ T5772] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  400.150374][ T5811] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  400.162277][T12382] fido_id[12382]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.9/usb10/report_descriptor': No such file or directory
[  400.375014][ T5811] usb 9-1: Using ep0 maxpacket: 16
[  400.401545][ T5811] usb 9-1: New USB device found, idVendor=0d8c, idProduct=0102, bcdDevice= 0.40
[  400.454968][ T5811] usb 9-1: New USB device strings: Mfr=1, Product=21, SerialNumber=3
[  400.483914][ T5811] usb 9-1: Product: syz
[  400.524894][ T5811] usb 9-1: Manufacturer: syz
[  400.535168][ T5811] usb 9-1: SerialNumber: syz
[  401.061873][ T5811] snd-usb-audio: probe of 9-1:1.0 failed with error -71
[  401.094013][ T5811] usb 9-1: USB disconnect, device number 3
[  404.905663][T12515] loop7: detected capacity change from 0 to 256
[  405.023180][T12515] FAT-fs (loop7): Directory bread(block 64) failed
[  405.058226][T12515] FAT-fs (loop7): Directory bread(block 65) failed
[  405.083445][T12515] FAT-fs (loop7): Directory bread(block 66) failed
[  405.095143][T12515] FAT-fs (loop7): Directory bread(block 67) failed
[  405.129498][T12515] FAT-fs (loop7): Directory bread(block 68) failed
[  405.160349][T12515] FAT-fs (loop7): Directory bread(block 69) failed
[  405.183910][T12515] FAT-fs (loop7): Directory bread(block 70) failed
[  405.220618][T12515] FAT-fs (loop7): Directory bread(block 71) failed
[  405.242606][T12515] FAT-fs (loop7): Directory bread(block 72) failed
[  405.250876][T12521] vlan2: entered promiscuous mode
[  405.281104][T12515] FAT-fs (loop7): Directory bread(block 73) failed
[  405.285335][T12521] bond0: entered promiscuous mode
[  405.300087][T12521] bond_slave_0: entered promiscuous mode
[  405.332960][T12521] bond_slave_1: entered promiscuous mode
[  406.371902][T12517] loop1: detected capacity change from 0 to 32768
[  406.438113][T12517] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  406.523595][T12517] XFS (loop1): Ending clean mount
[  406.547258][T12517] XFS (loop1): Quotacheck needed: Please wait.
[  406.682456][T12517] XFS (loop1): Quotacheck: Done.
[  406.878917][ T5772] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  406.978963][T12528] loop8: detected capacity change from 0 to 40427
[  407.020402][T12528] F2FS-fs (loop8): build fault injection attr: rate: 0, type: 0x35f7
[  407.045276][T12528] F2FS-fs (loop8): build fault injection attr: rate: 690, type: 0x7ffff
[  407.053749][T12528] F2FS-fs (loop8): Image doesn't support compression
[  407.099737][T12528] F2FS-fs (loop8): invalid crc value
[  407.110170][T12528] F2FS-fs (loop8): Found nat_bits in checkpoint
[  407.212797][T12528] F2FS-fs (loop8): Start checkpoint disabled!
[  407.222660][T12528] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e6
[  407.305780][T12528] F2FS-fs (loop8): inject alloc nid in f2fs_alloc_nid of f2fs_new_inode+0x108/0x1030
[  407.618818][   T12] kworker/u4:1: attempt to access beyond end of device
[  407.618818][   T12] loop8: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  407.669768][   T12] F2FS-fs (loop8): Stopped filesystem due to reason: 3
[  407.684969][   T12] F2FS-fs (loop8): Stopped filesystem due to reason: 3
[  408.128660][T12587] loop9: detected capacity change from 0 to 2048
[  408.223761][T12584] 8021q: adding VLAN 0 to HW filter on device bond1
[  408.325185][T12587] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  408.935175][T11348] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  409.145074][T11348] usb 2-1: Using ep0 maxpacket: 32
[  409.152717][T11348] usb 2-1: config 0 has an invalid interface number: 67 but max is 0
[  409.181504][T11348] usb 2-1: config 0 has no interface number 0
[  409.223152][T11348] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57
[  409.241599][T11348] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  409.304887][T11348] usb 2-1: Product: syz
[  409.309131][T11348] usb 2-1: Manufacturer: syz
[  409.343775][T11348] usb 2-1: SerialNumber: syz
[  409.365533][T12629] input: syz0 as /devices/virtual/input/input31
[  409.383245][T11348] usb 2-1: config 0 descriptor??
[  409.444109][T11348] smsc95xx v2.0.0
[  409.700386][T12635] loop8: detected capacity change from 0 to 128
[  409.863599][T11348] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32
[  409.964862][T11348] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  410.553194][T12640] lo: entered promiscuous mode
[  410.613955][T11348] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000104: -71
[  410.701314][T11348] smsc95xx: probe of 2-1:0.67 failed with error -71
[  410.771327][T11348] usb 2-1: USB disconnect, device number 18
[  410.879532][T12639] lo: left promiscuous mode
[  410.975019][ T5851] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[  411.192366][ T5851] usb 10-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02
[  411.228067][ T5851] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  411.254128][ T5851] usb 10-1: Product: syz
[  411.263735][ T5851] usb 10-1: Manufacturer: syz
[  411.281539][T12656] loop1: detected capacity change from 0 to 128
[  411.291240][ T5851] usb 10-1: SerialNumber: syz
[  411.314301][ T5851] usb 10-1: config 0 descriptor??
[  411.341350][ T5851] gspca_main: sunplus-2.14.0 probing 04fc:504a
[  411.936879][T11022] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  412.157332][T11022] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  412.174638][T11022] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  412.186357][T11022] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  412.196266][T11022] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  412.215413][T11022] usb 2-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  412.224702][T11022] usb 2-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  412.233371][T11022] usb 2-1: Manufacturer: syz
[  412.243188][T11022] usb 2-1: config 0 descriptor??
[  412.563009][ T5851] gspca_sunplus: reg_w_riv err -71
[  412.587575][ T5851] sunplus: probe of 10-1:0.0 failed with error -71
[  412.608893][ T5851] usb 10-1: USB disconnect, device number 4
[  412.682380][T11022] appleir 0003:05AC:8243.0016: unknown main item tag 0x0
[  412.698452][T11022] appleir 0003:05AC:8243.0016: No inputs registered, leaving
[  412.722473][T11022] appleir 0003:05AC:8243.0016: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.1-1/input0
[  412.982339][T11022] usb 2-1: USB disconnect, device number 19
[  413.383197][T12709] netlink: 11 bytes leftover after parsing attributes in process `syz.9.2073'.
[  413.392606][T12709] netlink: 24 bytes leftover after parsing attributes in process `syz.9.2073'.
[  413.409564][T12709] netlink: 24 bytes leftover after parsing attributes in process `syz.9.2073'.
[  413.516104][T12713] loop9: detected capacity change from 0 to 128
[  413.529076][T12713] EXT4-fs: inline encryption not supported
[  413.537754][T12713] EXT4-fs (loop9): Test dummy encryption mode enabled
[  413.567070][T12713] EXT4-fs (loop9): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: writeback.
[  413.602851][T12713] ext4 filesystem being mounted at /62/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  413.955706][T11184] EXT4-fs (loop9): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  414.128183][T12742] overlayfs: failed to clone upperpath
[  414.187010][T12744] overlayfs: failed to clone upperpath
[  414.415277][T12750] loop1: detected capacity change from 0 to 4096
[  414.466012][T12753] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  414.509761][   T27] audit: type=1800 audit(2000000311.435:202): pid=12750 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.2081" name="file1" dev="loop1" ino=15 res=0 errno=0
[  414.646576][ T5851] usb 10-1: new high-speed USB device number 5 using dummy_hcd
[  414.814475][T12737] loop7: detected capacity change from 0 to 32768
[  414.845042][T11348] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  414.858750][ T5851] usb 10-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  414.873777][T12737] JBD2: Ignoring recovery information on journal
[  414.899917][ T5851] usb 10-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  414.929497][ T5851] usb 10-1: config 1 has 1 interface, different from the descriptor's value: 66
[  414.975889][ T5851] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  414.987506][ T5851] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  415.003610][T12737] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode.
[  415.031531][ T5851] usb 10-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  415.065358][ T5851] usb 10-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  415.074987][T11348] usb 2-1: Using ep0 maxpacket: 8
[  415.093781][ T5851] usb 10-1: Product: syz
[  415.123380][T11348] usb 2-1: config 0 has no interfaces?
[  415.146546][ T5851] usb 10-1: Manufacturer: syz
[  415.173772][ T5851] cdc_wdm 10-1:1.0: skipping garbage
[  415.179661][ T5851] cdc_wdm 10-1:1.0: skipping garbage
[  415.188256][ T5851] cdc_wdm 10-1:1.0: cdc-wdm0: USB WDM device
[  415.194713][ T5851] cdc_wdm 10-1:1.0: Unknown control protocol
[  415.202426][T11348] usb 2-1: New USB device found, idVendor=1235, idProduct=8212, bcdDevice= 0.40
[  415.228453][T12737] OCFS2: ERROR (device loop7): int ocfs2_change_extent_flag(handle_t *, struct ocfs2_extent_tree *, u32, u32, u32, struct ocfs2_alloc_context *, struct ocfs2_cached_dealloc_ctxt *, int, int): Owner 17058 has an extent at cpos 0 which can no longer be found
[  415.254251][T12737] On-disk corruption discovered. Please run fsck.ocfs2 once the filesystem is unmounted.
[  415.264215][T12737] OCFS2: File system is now read-only.
[  415.270042][T12737] (syz.7.2079,12737,0):ocfs2_mark_extent_refcounted:2359 ERROR: status = -30
[  415.279674][T12737] (syz.7.2079,12737,0):ocfs2_add_refcount_flag:3706 ERROR: status = -30
[  415.288770][T12737] (syz.7.2079,12737,0):ocfs2_reflink_remap_extent:4570 ERROR: status = -30
[  415.298171][T12737] (syz.7.2079,12737,0):ocfs2_reflink_remap_blocks:4694 ERROR: status = -30
[  415.307551][T12737] (syz.7.2079,12737,0):ocfs2_remap_file_range:2746 ERROR: status = -30
[  415.333492][T11348] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  415.353887][T11348] usb 2-1: Product: syz
[  415.359619][T11348] usb 2-1: Manufacturer: syz
[  415.388549][T11348] usb 2-1: SerialNumber: syz
[  415.410414][T11348] usb 2-1: config 0 descriptor??
[  415.423281][T12759] netlink: 84 bytes leftover after parsing attributes in process `syz.8.2083'.
[  415.527347][T11003] ocfs2: Unmounting device (7,7) on (node local)
[  415.737721][T12764] loop8: detected capacity change from 0 to 256
[  415.823545][   T27] audit: type=1804 audit(2000000312.755:203): pid=12764 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.8.2086" name="/newroot/91/file0/file0" dev="loop8" ino=1048662 res=1 errno=0
[  415.861703][T11018] usb 2-1: USB disconnect, device number 20
[  415.951969][    C0] cdc_wdm 10-1:1.0: Unexpected error -71
[  415.964932][ T5851] usb 10-1: USB disconnect, device number 5
[  416.206716][T12775] loop8: detected capacity change from 0 to 256
[  416.227558][T12775] exFAT-fs (loop8): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  416.238967][T12775] exFAT-fs (loop8): Medium has reported failures. Some data may be lost.
[  416.260538][T12775] exFAT-fs (loop8): failed to load upcase table (idx : 0x00010000, chksum : 0x5817f139, utbl_chksum : 0xe619d30d)
[  416.429749][T12777] netlink: 64 bytes leftover after parsing attributes in process `syz.7.2091'.
[  417.024343][T12800] raw_sendmsg: syz.7.2099 forgot to set AF_INET. Fix it!
[  417.291559][T12811] loop8: detected capacity change from 0 to 512
[  417.323657][T12811] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  417.380118][T12811] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  417.436169][T12819] IPVS: nq: FWM 3 0x00000003 - no destination available
[  417.443427][ T5851] IPVS: starting estimator thread 0...
[  417.462446][T12811] ext4 filesystem being mounted at /97/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  417.554902][T12821] IPVS: using max 19 ests per chain, 45600 per kthread
[  417.665936][T11009] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  418.744317][T12834] loop8: detected capacity change from 0 to 40427
[  418.773026][T12834] F2FS-fs (loop8): Invalid segment count (0)
[  418.805736][T12834] F2FS-fs (loop8): Can't find valid F2FS filesystem in 2th superblock
[  418.846584][T12834] F2FS-fs (loop8): invalid crc value
[  418.882486][T12834] F2FS-fs (loop8): Found nat_bits in checkpoint
[  419.098686][T12834] F2FS-fs (loop8): Start checkpoint disabled!
[  419.122764][T12834] F2FS-fs (loop8): Try to recover 2th superblock, ret: 0
[  419.149587][T12834] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e6
[  419.734869][    T8] usb 10-1: new high-speed USB device number 6 using dummy_hcd
[  419.934968][    T8] usb 10-1: Using ep0 maxpacket: 8
[  419.942551][    T8] usb 10-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024
[  419.984106][    T8] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024
[  420.019939][    T8] usb 10-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  420.044893][    T8] usb 10-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  420.073988][    T8] usb 10-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  420.108620][    T8] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  420.356471][    T8] usb 10-1: GET_CAPABILITIES returned 0
[  420.362196][    T8] usbtmc 10-1:16.0: can't read capabilities
[  420.567306][T12880] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  420.578601][T12880] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  420.593158][    C1] usbtmc 10-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
[  420.603616][    C1] usbtmc 10-1:16.0: usbtmc_write_bulk_cb - nonzero write bulk status received: -71
[  420.628117][T11018] usb 10-1: USB disconnect, device number 6
[  420.826944][T12898] loop1: detected capacity change from 0 to 32768
[  420.884445][T12898] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  420.960063][T12898] XFS (loop1): Ending clean mount
[  421.144388][ T5772] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  421.756351][T12945] netlink: 4 bytes leftover after parsing attributes in process `syz.8.2136'.
[  422.502332][T12968] 9pnet: p9_errstr2errno: server reported unknown error _vlan
[  423.199020][T12994] netlink: 'syz.9.2150': attribute type 15 has an invalid length.
[  423.315231][ T5850] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  423.481783][T13001] ip6erspan1: entered allmulticast mode
[  423.542307][ T5850] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  423.573641][ T5850] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  423.617175][ T5850] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  423.630586][ T5850] usb 2-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0
[  423.640680][ T5850] usb 2-1: Manufacturer: syz
[  423.673670][ T5850] usb 2-1: config 0 descriptor??
[  424.214094][   T27] audit: type=1326 audit(2000000321.145:204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13030 comm="syz.8.2158" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3a3c19cdd9 code=0x7ffc0000
[  424.257546][T13031] loop8: detected capacity change from 0 to 512
[  424.335820][T13031] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  424.355588][   T27] audit: type=1326 audit(2000000321.175:205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13030 comm="syz.8.2158" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f3a3c19cdd9 code=0x7ffc0000
[  424.428482][T13031] ext4 filesystem being mounted at /110/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  424.523934][ T5850] uclogic 0003:256C:006D.0017: interface is invalid, ignoring
[  424.531803][   T27] audit: type=1326 audit(2000000321.175:206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13030 comm="syz.8.2158" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f3a3c19cb42 code=0x7ffc0000
[  424.724005][   T27] audit: type=1326 audit(2000000321.185:207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13030 comm="syz.8.2158" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f3a3c15d60e code=0x7ffc0000
[  424.853740][ T5850] usb 2-1: USB disconnect, device number 21
[  424.922700][T11009] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  424.959815][   T27] audit: type=1326 audit(2000000321.195:208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13030 comm="syz.8.2158" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f3a3c19cc07 code=0x7ffc0000
[  425.102885][   T27] audit: type=1326 audit(2000000321.195:209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13030 comm="syz.8.2158" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3a3c15d60e code=0x7ffc0000
[  425.296097][   T27] audit: type=1326 audit(2000000321.195:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13030 comm="syz.8.2158" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3a3c19ca6b code=0x7ffc0000
[  425.352236][T13027] loop9: detected capacity change from 0 to 131072
[  425.409931][T13043] loop8: detected capacity change from 0 to 2048
[  425.469326][   T27] audit: type=1326 audit(2000000321.215:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13030 comm="syz.8.2158" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f3a3c15d60e code=0x7ffc0000
[  425.509508][T13027] XFS (loop9): Mounting V5 Filesystem b93a8937-ccd4-41a2-86c7-66a1570a2846
[  425.605147][T13043] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  425.638158][   T27] audit: type=1326 audit(2000000321.225:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13030 comm="syz.8.2158" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7f3a3c15d60e code=0x7ffc0000
[  425.787117][   T27] audit: type=1326 audit(2000000321.225:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13030 comm="syz.8.2158" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7f3a3c19bc47 code=0x7ffc0000
[  425.842102][T13043] EXT4-fs error (device loop8): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  425.866588][T13027] XFS (loop9): Starting recovery (logdev: internal)
[  425.937753][T13027] XFS (loop9): Ending recovery (logdev: internal)
[  426.008194][T13027] XFS (loop9): EXPERIMENTAL online shrink feature in use. Use at your own risk!
[  426.075828][T11009] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  426.205155][T11184] XFS (loop9): Unmounting Filesystem b93a8937-ccd4-41a2-86c7-66a1570a2846
[  426.489103][T13071] netlink: 44 bytes leftover after parsing attributes in process `syz.8.2163'.
[  426.546773][T13071] bridge0: port 2(bridge_slave_1) entered disabled state
[  426.554599][T13071] bridge0: port 1(bridge_slave_0) entered disabled state
[  426.719483][T13074] netlink: 44 bytes leftover after parsing attributes in process `syz.8.2163'.
[  427.072849][T13079] loop7: detected capacity change from 0 to 32768
[  427.102258][T13079] JBD2: Ignoring recovery information on journal
[  427.170677][T13079] ocfs2: Mounting device (7,7) on (node local, slot 0) with ordered data mode.
[  427.403732][T11003] ocfs2: Unmounting device (7,7) on (node local)
[  428.265585][T13110] loop9: detected capacity change from 0 to 512
[  428.372714][T13110] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  428.438755][T13110] ext4 filesystem being mounted at /81/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  428.451745][T13118] loop1: detected capacity change from 0 to 2048
[  428.529264][T13095] loop8: detected capacity change from 0 to 40427
[  428.538762][T13095] F2FS-fs (loop8): invalid crc value
[  428.615345][T13118] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  428.770814][T13118] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  428.823318][T11184] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  428.906137][T13095] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  428.969319][ T5772] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  429.121726][ T1137] kworker/u4:7: attempt to access beyond end of device
[  429.121726][ T1137] loop8: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  429.146576][ T1137] F2FS-fs (loop8): Stopped filesystem due to reason: 3
[  429.161897][ T1137] F2FS-fs (loop8): Stopped filesystem due to reason: 3
[  429.186159][T13095] VFS:Filesystem freeze failed
[  429.248909][T13138] loop1: detected capacity change from 0 to 512
[  429.277259][T13138] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000d40000 r/w without journal. Quota mode: writeback.
[  429.315420][T13138] ext4 filesystem being mounted at /604/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  429.392414][ T5772] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000d40000.
[  429.798301][T13151] netlink: 44 bytes leftover after parsing attributes in process `syz.7.2179'.
[  429.864814][T13151] bridge0: port 2(bridge_slave_1) entered disabled state
[  429.872356][T13151] bridge0: port 1(bridge_slave_0) entered disabled state
[  429.947016][T13154] netlink: 44 bytes leftover after parsing attributes in process `syz.7.2179'.
[  430.330752][T13165] loop8: detected capacity change from 0 to 8192
[  430.365999][T13165] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  430.383504][T13165] REISERFS (device loop8): found reiserfs format "3.5" with non-standard journal
[  430.394659][T13165] REISERFS (device loop8): using ordered data mode
[  430.403249][T13165] reiserfs: using flush barriers
[  430.415396][T13165] REISERFS (device loop8): journal params: device loop8, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  430.434080][T13165] REISERFS (device loop8): checking transaction log (loop8)
[  430.446841][T13165] REISERFS (device loop8): Using r5 hash to sort names
[  430.453867][T13165] REISERFS (device loop8): using 3.5.x disk format
[  430.462418][T13165] REISERFS (device loop8): Created .reiserfs_priv - reserved for xattr storage.
[  430.753582][   T27] kauditd_printk_skb: 38 callbacks suppressed
[  430.753597][   T27] audit: type=1326 audit(2000000327.685:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13177 comm="syz.7.2184" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb4cf99cdd9 code=0x7ffc0000
[  430.792665][T13178] loop7: detected capacity change from 0 to 512
[  430.830412][T13176] loop9: detected capacity change from 0 to 2048
[  430.856147][   T27] audit: type=1326 audit(2000000327.725:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13177 comm="syz.7.2184" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7fb4cf99cdd9 code=0x7ffc0000
[  430.958602][   T27] audit: type=1326 audit(2000000327.725:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13177 comm="syz.7.2184" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fb4cf99cb42 code=0x7ffc0000
[  431.000871][T13176] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  431.001509][T13178] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  431.074974][T13178] ext4 filesystem being mounted at /115/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  431.125078][   T27] audit: type=1326 audit(2000000327.725:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13177 comm="syz.7.2184" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fb4cf95d60e code=0x7ffc0000
[  431.182752][T13176] EXT4-fs error (device loop9): ext4_mb_generate_buddy:1244: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  431.210815][T13163] loop1: detected capacity change from 0 to 32768
[  431.235577][   T27] audit: type=1326 audit(2000000327.725:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13177 comm="syz.7.2184" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7fb4cf99cc07 code=0x7ffc0000
[  431.271148][   T27] audit: type=1326 audit(2000000327.725:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13177 comm="syz.7.2184" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb4cf95d60e code=0x7ffc0000
[  431.306607][   T27] audit: type=1326 audit(2000000327.725:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13177 comm="syz.7.2184" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb4cf99ca6b code=0x7ffc0000
[  431.390575][T11184] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  431.435051][   T27] audit: type=1326 audit(2000000327.765:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13177 comm="syz.7.2184" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fb4cf95d60e code=0x7ffc0000
[  431.530826][T13163] syz.1.2181: attempt to access beyond end of device
[  431.530826][T13163] loop1: rw=2049, sector=4680032, nr_sectors = 8 limit=32768
[  431.606439][   T27] audit: type=1326 audit(2000000327.765:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13177 comm="syz.7.2184" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fb4cf95d60e code=0x7ffc0000
[  431.755168][   T27] audit: type=1326 audit(2000000327.765:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13177 comm="syz.7.2184" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=0 arch=c000003e syscall=258 compat=0 ip=0x7fb4cf99bc47 code=0x7ffc0000
[  431.861684][  T113] blkno = 8ed2c, nblocks = 1
[  431.876512][T11003] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  431.888276][  T113] ERROR: (device loop1): dbUpdatePMap: blocks are outside the map
[  431.888276][  T113] 
[  431.942275][  T113] ERROR: (device loop1): remounting filesystem as read-only
[  432.126312][T13198] loop8: detected capacity change from 0 to 128
[  432.183609][T13198] EXT4-fs (loop8): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  432.226202][T13198] ext4 filesystem being mounted at /117/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  432.531499][T11009] EXT4-fs (loop8): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  432.765656][T13216] Bluetooth: MGMT ver 1.22
[  432.967486][T13219] loop1: detected capacity change from 0 to 512
[  433.011656][T13219] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  433.136905][T13219] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  433.182110][T13192] loop9: detected capacity change from 0 to 40427
[  433.202201][T13219] ext4 filesystem being mounted at /608/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  433.230729][T13192] F2FS-fs (loop9): invalid crc value
[  433.335389][T13235] input: syz0 as /devices/virtual/input/input32
[  433.525805][ T5772] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  433.594454][T13192] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e5
[  433.838118][ T8405] kworker/u4:13: attempt to access beyond end of device
[  433.838118][ T8405] loop9: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  433.890656][ T8405] F2FS-fs (loop9): Stopped filesystem due to reason: 3
[  433.904168][ T8405] F2FS-fs (loop9): Stopped filesystem due to reason: 3
[  433.992331][T13192] VFS:Filesystem freeze failed
[  435.058764][T13245] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  435.115778][T13245] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  435.581817][T13245] netdevsim netdevsim8 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  435.590857][T13245] netdevsim netdevsim8 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  435.600375][T13245] netdevsim netdevsim8 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  435.609599][T13245] netdevsim netdevsim8 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  435.792457][T13271] sctp: [Deprecated]: syz.1.2206 (pid 13271) Use of struct sctp_assoc_value in delayed_ack socket option.
[  435.792457][T13271] Use struct sctp_sack_info instead
[  435.811018][T13245] netdevsim netdevsim8 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  435.820175][T13245] netdevsim netdevsim8 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  435.829197][T13245] netdevsim netdevsim8 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  435.838226][T13245] netdevsim netdevsim8 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  436.179256][T13282] loop8: detected capacity change from 0 to 1024
[  436.203039][T13282] hfsplus: Filesystem is marked locked, mounting read-only.
[  436.267946][T13282] hfsplus: filesystem is marked locked, leaving read-only.
[  436.463408][T13291] loop8: detected capacity change from 0 to 1024
[  436.499921][T13291] EXT4-fs: inline encryption not supported
[  436.540299][T13291] EXT4-fs (loop8): Test dummy encryption mode enabled
[  436.607456][T13291] EXT4-fs (loop8): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  436.929406][T11009] EXT4-fs error (device loop8): ext4_validate_block_bitmap:439: comm syz-executor: bg 0: block 106: padding at end of block bitmap is not set
[  436.975358][T11009] EXT4-fs error (device loop8) in ext4_mb_clear_bb:6655: Corrupt filesystem
[  437.065453][T13313] loop1: detected capacity change from 0 to 512
[  437.100299][T11009] EXT4-fs error (device loop8): ext4_iget_extra_inode:4739: inode #15: comm syz-executor: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled
[  437.165126][T13313] EXT4-fs error (device loop1): ext4_orphan_get:1404: inode #15: comm syz.1.2217: inode has both inline data and extents flags
[  437.193167][T13313] EXT4-fs error (device loop1): ext4_orphan_get:1409: comm syz.1.2217: couldn't read orphan inode 15 (err -117)
[  437.206435][T11009] EXT4-fs error (device loop8): ext4_iget_extra_inode:4739: inode #15: comm syz-executor: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled
[  437.227274][T13313] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  437.241198][T13318] loop9: detected capacity change from 0 to 1024
[  437.249156][T13318] EXT4-fs: Ignoring removed nomblk_io_submit option
[  437.309896][T13318] EXT4-fs (loop9): mounted filesystem 00000000-0000-0000-0000-001000000000 r/w without journal. Quota mode: writeback.
[  437.428795][T13313] Invalid argument reading file caps for ./file0
[  437.493509][T12670] EXT4-fs (loop8): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  437.534285][T13318] loop9: detected capacity change from 1024 to 64
[  437.615084][T13328] syz.9.2216: attempt to access beyond end of device
[  437.615084][T13328] loop9: rw=524288, sector=192, nr_sectors = 18 limit=64
[  437.660641][ T5772] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  437.695975][T13328] syz.9.2216: attempt to access beyond end of device
[  437.695975][T13328] loop9: rw=0, sector=192, nr_sectors = 8 limit=64
[  437.796574][   T27] kauditd_printk_skb: 19 callbacks suppressed
[  437.796591][   T27] audit: type=1800 audit(2000000334.735:281): pid=13328 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.9.2216" name="file2" dev="loop9" ino=16 res=0 errno=0
[  438.370154][T11184] EXT4-fs (loop9): unmounting filesystem 00000000-0000-0000-0000-001000000000.
[  438.432665][T13322] kmmpd-loop9: attempt to access beyond end of device
[  438.432665][T13322] loop9: rw=14337, sector=128, nr_sectors = 2 limit=64
[  438.462597][T13322] Buffer I/O error on dev loop9, logical block 64, lost sync page write
[  439.345188][T13358] loop1: detected capacity change from 0 to 1024
[  439.362308][ T5083] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  439.392281][T13358] EXT4-fs: inline encryption not supported
[  439.414422][T13358] EXT4-fs (loop1): Test dummy encryption mode enabled
[  439.421518][ T5083] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  439.441282][ T5083] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  439.460785][T13358] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  439.473835][ T5083] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  439.500373][ T5083] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  439.508214][ T5083] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  439.965566][ T5772] EXT4-fs error (device loop1): ext4_validate_block_bitmap:439: comm syz-executor: bg 0: block 106: padding at end of block bitmap is not set
[  440.002124][ T5772] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6655: Corrupt filesystem
[  440.091571][ T5772] EXT4-fs error (device loop1): ext4_iget_extra_inode:4739: inode #15: comm syz-executor: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled
[  440.146538][ T5772] EXT4-fs error (device loop1): ext4_iget_extra_inode:4739: inode #15: comm syz-executor: corrupted in-inode xattr: ea_inode specified without ea_inode feature enabled
[  440.172102][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[  440.181987][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[  440.288992][ T5784] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  440.302986][ T5784] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  440.312630][ T5784] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  440.326287][ T5784] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  440.343729][ T5784] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  440.355126][ T5784] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  440.551708][T10617] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  441.194415][T13360] chnl_net:caif_netlink_parms(): no params data found
[  441.438115][ T8403] hsr_slave_0: left promiscuous mode
[  441.444317][ T8403] hsr_slave_1: left promiscuous mode
[  441.451965][ T8403] batman_adv: batadv0: Removing interface: batadv_slave_0
[  441.460626][ T8403] batman_adv: batadv0: Removing interface: batadv_slave_1
[  441.468785][ T8403] bridge_slave_1: left allmulticast mode
[  441.474467][ T8403] bridge_slave_1: left promiscuous mode
[  441.492277][ T8403] bridge0: port 2(bridge_slave_1) entered disabled state
[  441.523790][ T8403] bridge_slave_0: left allmulticast mode
[  441.530289][ T8403] bridge_slave_0: left promiscuous mode
[  441.538224][ T8403] bridge0: port 1(bridge_slave_0) entered disabled state
[  441.609358][ T5784] Bluetooth: hci2: command tx timeout
[  442.350289][ T8403] team0 (unregistering): Port device team_slave_1 removed
[  442.415490][ T5784] Bluetooth: hci3: command tx timeout
[  442.424171][ T8403] team0 (unregistering): Port device team_slave_0 removed
[  442.489126][ T8403] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  442.499516][ T8403] bond_slave_1 (unregistering): left promiscuous mode
[  442.563544][ T8403] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  442.576054][ T8403] bond_slave_0 (unregistering): left promiscuous mode
[  443.014971][ T8403] bond0 (unregistering): Released all slaves
[  443.297838][T13360] bridge0: port 1(bridge_slave_0) entered blocking state
[  443.325062][T13360] bridge0: port 1(bridge_slave_0) entered disabled state
[  443.345705][T13360] bridge_slave_0: entered allmulticast mode
[  443.353218][T13360] bridge_slave_0: entered promiscuous mode
[  443.409186][T13386] chnl_net:caif_netlink_parms(): no params data found
[  443.463355][T13360] bridge0: port 2(bridge_slave_1) entered blocking state
[  443.481300][T13360] bridge0: port 2(bridge_slave_1) entered disabled state
[  443.515682][T13360] bridge_slave_1: entered allmulticast mode
[  443.523898][T13360] bridge_slave_1: entered promiscuous mode
[  443.695040][ T5784] Bluetooth: hci2: command tx timeout
[  443.760516][T13360] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  443.788720][T13360] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  443.973070][T13360] team0: Port device team_slave_0 added
[  444.019146][T13386] bridge0: port 1(bridge_slave_0) entered blocking state
[  444.031506][T13386] bridge0: port 1(bridge_slave_0) entered disabled state
[  444.039216][T13386] bridge_slave_0: entered allmulticast mode
[  444.072726][T13386] bridge_slave_0: entered promiscuous mode
[  444.098861][T13360] team0: Port device team_slave_1 added
[  444.121765][T13386] bridge0: port 2(bridge_slave_1) entered blocking state
[  444.135285][T13386] bridge0: port 2(bridge_slave_1) entered disabled state
[  444.142614][T13386] bridge_slave_1: entered allmulticast mode
[  444.174505][T13386] bridge_slave_1: entered promiscuous mode
[  444.300201][T13360] batman_adv: batadv0: Adding interface: batadv_slave_0
[  444.325258][T13360] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  444.351710][T13360] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  444.367717][T13386] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  444.381260][T13360] batman_adv: batadv0: Adding interface: batadv_slave_1
[  444.394249][T13360] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  444.422932][T13360] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  444.441957][T13386] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  444.485100][ T5784] Bluetooth: hci3: command tx timeout
[  444.520556][ T5083] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  444.532887][ T5083] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  444.550330][ T5083] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  444.561544][ T5083] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  444.573895][ T5083] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  444.582692][ T5083] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  444.685259][ T8403] netdevsim netdevsim9 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  444.740479][T13360] hsr_slave_0: entered promiscuous mode
[  444.747679][T13360] hsr_slave_1: entered promiscuous mode
[  444.755333][T13360] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  444.762936][T13360] Cannot create hsr debugfs directory
[  444.798848][T13386] team0: Port device team_slave_0 added
[  444.816688][T13386] team0: Port device team_slave_1 added
[  444.882190][ T8403] netdevsim netdevsim9 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  444.953850][T13386] batman_adv: batadv0: Adding interface: batadv_slave_0
[  444.961292][T13386] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  444.989797][T13386] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  445.031260][ T8403] netdevsim netdevsim9 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  445.063143][T13386] batman_adv: batadv0: Adding interface: batadv_slave_1
[  445.071009][T13386] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  445.100128][T13386] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  445.160067][ T8403] netdevsim netdevsim9 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  445.336882][T13386] hsr_slave_0: entered promiscuous mode
[  445.343614][T13386] hsr_slave_1: entered promiscuous mode
[  445.357409][T13386] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  445.365370][T13386] Cannot create hsr debugfs directory
[  445.766670][ T5784] Bluetooth: hci2: command tx timeout
[  445.890544][T13433] chnl_net:caif_netlink_parms(): no params data found
[  446.278811][T13433] bridge0: port 1(bridge_slave_0) entered blocking state
[  446.304909][T13433] bridge0: port 1(bridge_slave_0) entered disabled state
[  446.312241][T13433] bridge_slave_0: entered allmulticast mode
[  446.327931][T13433] bridge_slave_0: entered promiscuous mode
[  446.344206][T13433] bridge0: port 2(bridge_slave_1) entered blocking state
[  446.353437][T13433] bridge0: port 2(bridge_slave_1) entered disabled state
[  446.365088][T13433] bridge_slave_1: entered allmulticast mode
[  446.384966][T13433] bridge_slave_1: entered promiscuous mode
[  446.522288][T13433] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  446.548273][T13433] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  446.579620][ T5784] Bluetooth: hci3: command tx timeout
[  446.655326][ T5784] Bluetooth: hci0: command tx timeout
[  446.666054][T13433] team0: Port device team_slave_0 added
[  446.679752][T13433] team0: Port device team_slave_1 added
[  446.803832][T13433] batman_adv: batadv0: Adding interface: batadv_slave_0
[  446.821667][T13433] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  446.854504][T13433] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  446.870100][T13433] batman_adv: batadv0: Adding interface: batadv_slave_1
[  446.878828][T13433] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  446.905784][T13433] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  447.017355][T13433] hsr_slave_0: entered promiscuous mode
[  447.024339][T13433] hsr_slave_1: entered promiscuous mode
[  447.031833][T13433] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  447.040919][T13433] Cannot create hsr debugfs directory
[  447.437185][ T8403] hsr_slave_0: left promiscuous mode
[  447.443376][ T8403] hsr_slave_1: left promiscuous mode
[  447.450080][ T8403] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  447.458704][ T8403] batman_adv: batadv0: Removing interface: batadv_slave_0
[  447.472526][ T8403] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  447.482377][ T8403] batman_adv: batadv0: Removing interface: batadv_slave_1
[  447.500295][ T8403] bridge_slave_1: left allmulticast mode
[  447.508535][ T8403] bridge_slave_1: left promiscuous mode
[  447.514353][ T8403] bridge0: port 2(bridge_slave_1) entered disabled state
[  447.532239][ T8403] bridge_slave_0: left allmulticast mode
[  447.540406][ T8403] bridge_slave_0: left promiscuous mode
[  447.546582][ T8403] bridge0: port 1(bridge_slave_0) entered disabled state
[  447.616377][ T8403] veth1_macvtap: left promiscuous mode
[  447.621969][ T8403] veth0_macvtap: left promiscuous mode
[  447.640152][ T8403] veth1_vlan: left promiscuous mode
[  447.646083][ T8403] veth0_vlan: left promiscuous mode
[  447.851839][ T5784] Bluetooth: hci2: command tx timeout
[  448.497012][ T8403] team0 (unregistering): Port device team_slave_1 removed
[  448.558434][ T8403] team0 (unregistering): Port device team_slave_0 removed
[  448.620013][ T8403] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  448.655203][ T5784] Bluetooth: hci3: command tx timeout
[  448.693417][ T8403] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  448.735309][ T5784] Bluetooth: hci0: command tx timeout
[  449.200671][ T8403] bond0 (unregistering): Released all slaves
[  450.811144][ T5784] Bluetooth: hci0: command tx timeout
[  452.052485][T13433] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  452.064412][T13433] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  452.098396][T13433] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  452.151969][T13433] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  452.265945][T13360] netdevsim netdevsim3 netdevsim0: renamed from eth0
[  452.278624][T13360] netdevsim netdevsim3 netdevsim1: renamed from eth1
[  452.305846][T13360] netdevsim netdevsim3 netdevsim2: renamed from eth2
[  452.351674][T13360] netdevsim netdevsim3 netdevsim3: renamed from eth3
[  452.414988][T13386] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  452.430251][T13386] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  452.449011][T13386] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  452.483243][T13386] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  452.548974][T13433] 8021q: adding VLAN 0 to HW filter on device bond0
[  452.587760][T13433] 8021q: adding VLAN 0 to HW filter on device team0
[  452.609881][  T140] bridge0: port 1(bridge_slave_0) entered blocking state
[  452.617096][  T140] bridge0: port 1(bridge_slave_0) entered forwarding state
[  452.670095][  T140] bridge0: port 2(bridge_slave_1) entered blocking state
[  452.677376][  T140] bridge0: port 2(bridge_slave_1) entered forwarding state
[  452.827979][T13386] 8021q: adding VLAN 0 to HW filter on device bond0
[  452.883490][T13360] 8021q: adding VLAN 0 to HW filter on device bond0
[  452.892286][ T5784] Bluetooth: hci0: command tx timeout
[  452.969946][T13386] 8021q: adding VLAN 0 to HW filter on device team0
[  453.002695][T13360] 8021q: adding VLAN 0 to HW filter on device team0
[  453.049446][ T8403] bridge0: port 1(bridge_slave_0) entered blocking state
[  453.056698][ T8403] bridge0: port 1(bridge_slave_0) entered forwarding state
[  453.095988][ T8403] bridge0: port 1(bridge_slave_0) entered blocking state
[  453.103198][ T8403] bridge0: port 1(bridge_slave_0) entered forwarding state
[  453.137940][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[  453.145146][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[  453.217272][ T8401] bridge0: port 2(bridge_slave_1) entered blocking state
[  453.224468][ T8401] bridge0: port 2(bridge_slave_1) entered forwarding state
[  453.320419][T13433] 8021q: adding VLAN 0 to HW filter on device batadv0
[  453.562779][T13433] veth0_vlan: entered promiscuous mode
[  453.587786][T13433] veth1_vlan: entered promiscuous mode
[  453.648069][T13433] veth0_macvtap: entered promiscuous mode
[  453.670496][T13433] veth1_macvtap: entered promiscuous mode
[  453.717742][T13433] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  453.745233][T13433] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  453.762477][T13433] batman_adv: batadv0: Interface activated: batadv_slave_0
[  453.797235][T13433] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  453.834862][T13433] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  453.858714][T13433] batman_adv: batadv0: Interface activated: batadv_slave_1
[  453.888894][T13433] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  453.900786][T13433] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  453.911629][T13433] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  453.950666][T13433] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  454.003785][T13360] 8021q: adding VLAN 0 to HW filter on device batadv0
[  454.099271][T13386] 8021q: adding VLAN 0 to HW filter on device batadv0
[  454.203081][ T1137] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  454.221436][ T1137] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  454.260693][T13360] veth0_vlan: entered promiscuous mode
[  454.324689][T13360] veth1_vlan: entered promiscuous mode
[  454.368959][ T1137] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  454.392607][ T1137] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  454.409238][T13386] veth0_vlan: entered promiscuous mode
[  454.436790][T13386] veth1_vlan: entered promiscuous mode
[  454.466468][T13360] veth0_macvtap: entered promiscuous mode
[  454.483116][T13360] veth1_macvtap: entered promiscuous mode
[  454.597263][T13360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  454.614502][T13360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  454.631852][T13360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  454.642852][T13360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  454.659499][T13360] batman_adv: batadv0: Interface activated: batadv_slave_0
[  454.673588][T13386] veth0_macvtap: entered promiscuous mode
[  454.716675][T13360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  454.728033][T13360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  454.773007][T13360] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  454.844858][T13360] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  454.892659][T13360] batman_adv: batadv0: Interface activated: batadv_slave_1
[  454.902506][T13386] veth1_macvtap: entered promiscuous mode
[  455.004428][T13360] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  455.039461][T13360] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  455.061245][T13360] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  455.089322][T13360] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  455.120271][T13386] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  455.143413][T13386] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  455.166131][T13386] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  455.215461][T13386] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  455.249490][T13386] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  455.276373][T13386] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  455.298984][T13386] batman_adv: batadv0: Interface activated: batadv_slave_0
[  455.329574][T13624] loop2: detected capacity change from 0 to 1024
[  455.356317][T13624] EXT4-fs: inline encryption not supported
[  455.386403][T13386] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  455.398225][T13624] EXT4-fs (loop2): Test dummy encryption mode enabled
[  455.407669][T13386] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  455.420404][T13386] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  455.434055][T13386] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  455.444575][T13386] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  455.456755][T13386] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  455.469836][T13386] batman_adv: batadv0: Interface activated: batadv_slave_1
[  455.486085][T13624] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  455.611449][T13386] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  455.636319][T13386] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  455.674771][T13386] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  455.714192][T13386] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  455.981889][ T8399] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  455.999065][ T8399] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  456.047749][ T1137] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  456.076640][ T1137] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  456.133518][T13433] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  456.145699][ T1137] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  456.153574][ T1137] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  456.236311][ T8403] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  456.244204][ T8403] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  457.107680][T13636] loop3: detected capacity change from 0 to 32768
[  457.125254][T13645] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2242'.
[  457.148318][T13636] BTRFS: device fsid e0cb6322-611b-4325-acdf-015f79de3787 devid 1 transid 8 /dev/loop3 scanned by syz.3.2224 (13636)
[  457.175639][T13645] netlink: 208 bytes leftover after parsing attributes in process `syz.2.2242'.
[  457.243933][T13636] BTRFS info (device loop3): first mount of filesystem e0cb6322-611b-4325-acdf-015f79de3787
[  457.275767][T13636] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  457.285946][T13636] BTRFS info (device loop3): enabling ssd optimizations
[  457.292962][T13636] BTRFS info (device loop3): not using ssd optimizations
[  457.325856][T13636] BTRFS info (device loop3): turning off barriers
[  457.351333][T13636] BTRFS info (device loop3): using free space tree
[  457.476936][T13639] bridge0: port 2(bridge_slave_1) entered disabled state
[  457.484860][T13639] bridge0: port 1(bridge_slave_0) entered disabled state
[  457.817418][T13360] BTRFS info (device loop3): last unmount of filesystem e0cb6322-611b-4325-acdf-015f79de3787
[  458.172128][ T5786] BTRFS: device fsid e0cb6322-611b-4325-acdf-015f79de3787 devid 1 transid 9 /dev/loop3 scanned by udevd (5786)
[  458.918688][T13639] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  458.989742][T13639] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  459.666869][T13639] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  459.683232][T13639] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  459.692779][T13639] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  459.702972][T13639] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  459.978633][T13704] bridge0: port 2(bridge_slave_1) entered disabled state
[  459.986486][T13704] bridge0: port 1(bridge_slave_0) entered disabled state
[  460.200945][T13710] loop7: detected capacity change from 0 to 512
[  460.620111][T13722] futex_wake_op: syz.3.2262 tries to shift op by 144; fix this program
[  461.347137][T13730] loop7: detected capacity change from 0 to 8192
[  461.422155][T13730] FAT-fs (loop7): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  461.501470][   T27] audit: type=1800 audit(2000000358.435:282): pid=13730 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.7.2268" name="file2" dev="loop7" ino=1048676 res=0 errno=0
[  461.520013][T13730] FAT-fs (loop7): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[  461.532362][T13730] FAT-fs (loop7): Filesystem has been set read-only
[  461.539269][T13730] FAT-fs (loop7): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[  461.548139][T13730] FAT-fs (loop7): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[  461.559508][T13730] FAT-fs (loop7): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[  461.568563][T13730] FAT-fs (loop7): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[  461.577472][T13730] FAT-fs (loop7): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[  461.586367][T13730] FAT-fs (loop7): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[  461.595250][T13730] FAT-fs (loop7): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[  461.604076][T13730] FAT-fs (loop7): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[  461.613072][T13730] FAT-fs (loop7): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[  462.885678][T13780] kernel read not supported for file /file1 (pid: 13780 comm: syz.2.2281)
[  462.920742][   T27] audit: type=1800 audit(2000000359.855:283): pid=13780 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2281" name="file1" dev="mqueue" ino=35965 res=0 errno=0
[  463.025093][T13785] binder: 13784:13785 ioctl c0306201 2000000001c0 returned -14
[  463.209454][T13788] netlink: 104 bytes leftover after parsing attributes in process `syz.2.2283'.
[  463.912767][T13820] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2291'.
[  464.164007][   T27] audit: type=1326 audit(2000000361.095:284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13825 comm="syz.7.2293" exe="/root/ci2-linux-6-6-kasan/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb4cf99cdd9 code=0x0
[  466.216936][T13883] "syz.3.2312" (13883) uses obsolete ecb(arc4) skcipher
[  466.534318][T13894] loop3: detected capacity change from 0 to 256
[  466.708248][T13897] loop2: detected capacity change from 0 to 4096
[  466.750345][T13897] EXT4-fs: inline encryption not supported
[  466.858884][T13897] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  466.928231][T13897] System zones: 0-5
[  466.977668][T13897] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  467.073097][   T27] audit: type=1800 audit(2000000364.005:285): pid=13897 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.2309" name="file1" dev="loop2" ino=15 res=0 errno=0
[  467.375097][T13433] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  467.685823][T13924] netlink: 'syz.2.2315': attribute type 2 has an invalid length.
[  467.714917][T13924] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2315'.
[  467.757831][T13926] loop7: detected capacity change from 0 to 2048
[  467.812081][T13926] NILFS (loop7): broken superblock, retrying with spare superblock (blocksize = 1024)
[  467.826106][ T5786] udevd[5786]: incorrect nilfs2 checksum on /dev/loop7
[  467.850650][ T5083] Bluetooth: hci1: command 0x0406 tx timeout
[  467.934347][T13929] NILFS (loop7): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  467.945822][ T5786] udevd[5786]: incorrect nilfs2 checksum on /dev/loop7
[  468.341284][T13943] loop7: detected capacity change from 0 to 128
[  468.554471][T13943] syz.7.2320: attempt to access beyond end of device
[  468.554471][T13943] loop7: rw=2049, sector=138, nr_sectors = 112 limit=128
[  468.917819][T13959] loop0: detected capacity change from 0 to 256
[  468.945796][T13959] exfat: Deprecated parameter 'utf8'
[  469.014463][T13959] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d)
[  469.897614][T13985] loop2: detected capacity change from 0 to 2048
[  469.926358][T13985] NILFS (loop2): broken superblock, retrying with spare superblock (blocksize = 1024)
[  470.020602][T13992] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  470.034490][ T5786] udevd[5786]: incorrect nilfs2 checksum on /dev/loop2
[  470.374448][T14004] loop2: detected capacity change from 0 to 256
[  470.391495][T14004] exfat: Deprecated parameter 'utf8'
[  470.476501][T14004] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0xabf88b1f, utbl_chksum : 0xe619d30d)
[  470.539186][T14007] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2337'.
[  470.562731][T14007] bond0: entered promiscuous mode
[  470.579946][T14007] bond_slave_0: entered promiscuous mode
[  470.586510][T14007] bond_slave_1: entered promiscuous mode
[  470.604537][T14007] batadv_slave_0: entered promiscuous mode
[  470.646761][T14010] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2337'.
[  470.939526][T14017] af_packet: tpacket_rcv: packet too big, clamped from 36 to 4294967272. macoff=96
[  471.561510][T14035] IPVS: persistence engine module ip_vs_pe_ not found
[  472.637649][T14076] loop3: detected capacity change from 0 to 2048
[  472.698048][T14076] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  472.735051][T14076] ext4 filesystem being mounted at /31/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  472.950369][T13360] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  473.754572][T14116] bond0: entered promiscuous mode
[  473.767736][T14116] bond_slave_0: entered promiscuous mode
[  473.780407][T14116] bond_slave_1: entered promiscuous mode
[  473.792764][T14116] bridge0: entered promiscuous mode
[  474.047237][T14124] loop3: detected capacity change from 0 to 128
[  474.089983][T14124] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  474.119421][T14124] hpfs: filesystem error: improperly stopped
[  474.159583][T14115] bond0: left promiscuous mode
[  474.164425][T14115] bond_slave_0: left promiscuous mode
[  474.172165][T14124] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  474.213378][T14124] hpfs: You really don't want any checks? You are crazy...
[  474.221779][T14115] bond_slave_1: left promiscuous mode
[  474.235318][T14124] hpfs: hpfs_map_sector(): read error
[  474.240774][T14124] hpfs: code page support is disabled
[  474.251828][T14115] bridge0: left promiscuous mode
[  474.282552][T14124] hpfs: hpfs_map_4sectors(): unaligned read
[  474.309321][T14124] hpfs: hpfs_map_4sectors(): unaligned read
[  474.344790][T14124] hpfs: filesystem error: unable to find root dir
[  474.420898][T14124] hpfs: hpfs_map_4sectors(): unaligned read
[  474.456479][T14124] hpfs: hpfs_map_sector(): read error
[  474.492328][T14124] hpfs: hpfs_map_4sectors(): unaligned read
[  474.513643][T14124] hpfs: hpfs_map_sector(): read error
[  474.682304][T14134] Bluetooth: MGMT ver 1.22
[  474.715915][  T971] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  474.964871][  T971] usb 3-1: Using ep0 maxpacket: 32
[  474.985452][  T971] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[  475.021350][  T971] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  475.051250][  T971] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  475.081754][  T971] usb 3-1: config 0 descriptor??
[  475.120101][  T971] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  475.316836][  T971] usb 3-1: USB disconnect, device number 17
[  475.554336][T14161] loop7: detected capacity change from 0 to 512
[  475.626531][T14161] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  475.651403][T14161] ext4 filesystem being mounted at /164/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  475.795623][T11003] EXT4-fs (loop7): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  476.244285][T14182] loop3: detected capacity change from 0 to 512
[  476.290259][T14182] EXT4-fs: Ignoring removed oldalloc option
[  476.353456][T14182] EXT4-fs (loop3): 1 truncate cleaned up
[  476.389132][T14182] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  476.637183][T14182] EXT4-fs (loop3): re-mounted 00000000-0000-0000-0000-000000000000 ro.
[  476.776377][T13360] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  478.203983][T14249] loop3: detected capacity change from 0 to 1024
[  478.313520][T14249] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  478.572739][T13360] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  479.259353][T14287] gretap1: entered promiscuous mode
[  479.689820][    C1] Unknown status report in ack skb
[  479.852193][T14273] loop7: detected capacity change from 0 to 40427
[  479.890308][T14273] F2FS-fs (loop7): Invalid log_blocksize (268), supports only 12
[  479.944951][T14273] F2FS-fs (loop7): Can't find valid F2FS filesystem in 1th superblock
[  479.986209][T14273] F2FS-fs (loop7): invalid crc value
[  480.051483][T14273] F2FS-fs (loop7): Found nat_bits in checkpoint
[  480.287428][T14273] F2FS-fs (loop7): Try to recover 1th superblock, ret: 0
[  480.294533][T14273] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  480.635759][T11003] syz-executor: attempt to access beyond end of device
[  480.635759][T11003] loop7: rw=2049, sector=40960, nr_sectors = 8 limit=40427
[  480.694556][T11003] F2FS-fs (loop7): Stopped filesystem due to reason: 3
[  480.761467][T14329] loop3: detected capacity change from 0 to 2048
[  481.145456][ T8403] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  481.372783][ T8403] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  481.613222][ T8403] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  481.899153][ T8403] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  481.962442][    C1] Unknown status report in ack skb
[  482.248092][ T5850] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  482.467691][ T5850] usb 1-1: config 0 has an invalid interface number: 50 but max is 0
[  482.481444][ T5850] usb 1-1: config 0 has no interface number 0
[  482.515288][ T5850] usb 1-1: config 0 interface 50 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  482.537239][ T5083] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  482.549177][ T5083] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  482.576232][ T5850] usb 1-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=e6.fc
[  482.598334][ T5850] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  482.598454][ T5083] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  482.613721][ T5850] usb 1-1: Product: syz
[  482.635625][ T5083] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  482.643618][ T5083] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  482.652870][ T5850] usb 1-1: Manufacturer: syz
[  482.663331][ T5083] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  482.689056][ T5850] usb 1-1: SerialNumber: syz
[  482.708683][ T5850] usb 1-1: config 0 descriptor??
[  482.765166][ T5850] yurex 1-1:0.50: USB YUREX device now attached to Yurex #0
[  482.853128][T11020] hid-generic 0000:0000:0000.0018: unknown main item tag 0x0
[  482.885743][T11020] hid-generic 0000:0000:0000.0018: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  483.065070][    C0] usb 1-1: yurex_control_callback - control failed: -71
[  483.078960][T11346] usb 1-1: USB disconnect, device number 17
[  483.093579][T14373] loop3: detected capacity change from 0 to 2048
[  483.102696][T11346] yurex 1-1:0.50: USB YUREX #0 now disconnected
[  483.169338][T14373] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  484.062530][T14365] chnl_net:caif_netlink_parms(): no params data found
[  484.191429][T14383] loop3: detected capacity change from 0 to 32768
[  484.251502][T14383] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop3 scanned by syz.3.2426 (14383)
[  484.280896][T14383] BTRFS info (device loop3): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  484.295352][T14383] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  484.310018][T14383] BTRFS info (device loop3): using free space tree
[  484.401450][T14383] BTRFS info (device loop3): enabling ssd optimizations
[  484.426534][T14383] BTRFS info (device loop3): auto enabling async discard
[  484.516121][T14365] bridge0: port 1(bridge_slave_0) entered blocking state
[  484.564959][T14365] bridge0: port 1(bridge_slave_0) entered disabled state
[  484.572381][T14365] bridge_slave_0: entered allmulticast mode
[  484.601057][T14365] bridge_slave_0: entered promiscuous mode
[  484.637443][ T8403] hsr_slave_0: left promiscuous mode
[  484.654541][ T8403] hsr_slave_1: left promiscuous mode
[  484.681039][ T8403] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  484.695288][ T8403] batman_adv: batadv0: Removing interface: batadv_slave_0
[  484.763606][ T8403] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  484.774971][ T8403] batman_adv: batadv0: Removing interface: batadv_slave_1
[  484.802283][ T8403] bridge_slave_1: left allmulticast mode
[  484.814949][ T5083] Bluetooth: hci0: command tx timeout
[  484.825492][ T8403] bridge_slave_1: left promiscuous mode
[  484.831289][ T8403] bridge0: port 2(bridge_slave_1) entered disabled state
[  484.839922][T13360] BTRFS info (device loop3): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  484.917754][ T8403] bridge_slave_0: left allmulticast mode
[  484.923482][ T8403] bridge_slave_0: left promiscuous mode
[  484.992960][ T8403] bridge0: port 1(bridge_slave_0) entered disabled state
[  485.273641][ T8403] veth1_macvtap: left promiscuous mode
[  485.308532][ T8403] veth0_macvtap: left promiscuous mode
[  485.314295][ T8403] veth1_vlan: left promiscuous mode
[  485.335654][ T8403] veth0_vlan: left promiscuous mode
[  486.887382][ T5083] Bluetooth: hci0: command tx timeout
[  486.901570][ T8403] team0 (unregistering): Port device team_slave_1 removed
[  486.973428][ T8403] team0 (unregistering): Port device team_slave_0 removed
[  487.034936][ T8403] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  487.103345][ T8403] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  487.582687][ T8403] bond0 (unregistering): Released all slaves
[  487.699495][T14365] bridge0: port 2(bridge_slave_1) entered blocking state
[  487.706840][T14365] bridge0: port 2(bridge_slave_1) entered disabled state
[  487.714037][T14365] bridge_slave_1: entered allmulticast mode
[  487.721352][T14365] bridge_slave_1: entered promiscuous mode
[  487.757642][T14365] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  487.770000][T14365] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  487.830566][T14365] team0: Port device team_slave_0 added
[  487.864555][T14365] team0: Port device team_slave_1 added
[  487.923652][T14365] batman_adv: batadv0: Adding interface: batadv_slave_0
[  487.946650][T14365] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  487.998391][T14365] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  488.024253][T14365] batman_adv: batadv0: Adding interface: batadv_slave_1
[  488.048223][T14365] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  488.091598][T14365] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  488.215267][T14365] hsr_slave_0: entered promiscuous mode
[  488.223113][T14365] hsr_slave_1: entered promiscuous mode
[  488.238693][T14365] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  488.251570][T14365] Cannot create hsr debugfs directory
[  488.965042][ T5083] Bluetooth: hci0: command tx timeout
[  489.434088][T14365] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  489.451259][T14365] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  489.469960][T14365] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  489.487601][T14365] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  489.597716][T14365] 8021q: adding VLAN 0 to HW filter on device bond0
[  489.632954][T14365] 8021q: adding VLAN 0 to HW filter on device team0
[  489.660415][ T8403] bridge0: port 1(bridge_slave_0) entered blocking state
[  489.667706][ T8403] bridge0: port 1(bridge_slave_0) entered forwarding state
[  489.694493][ T8403] bridge0: port 2(bridge_slave_1) entered blocking state
[  489.701721][ T8403] bridge0: port 2(bridge_slave_1) entered forwarding state
[  490.032700][T14365] 8021q: adding VLAN 0 to HW filter on device batadv0
[  490.423624][T14365] veth0_vlan: entered promiscuous mode
[  490.447292][T14365] veth1_vlan: entered promiscuous mode
[  490.499154][T14365] veth0_macvtap: entered promiscuous mode
[  490.521699][T14365] veth1_macvtap: entered promiscuous mode
[  490.560924][T14365] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  490.579944][T14365] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  490.591059][T14365] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  490.607275][T14365] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  490.619427][T14365] batman_adv: batadv0: Interface activated: batadv_slave_0
[  490.633985][T14365] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  490.646378][T14365] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  490.664853][T14365] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  490.681315][T14365] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  490.694458][T14365] batman_adv: batadv0: Interface activated: batadv_slave_1
[  490.720103][T14365] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  490.733870][T14365] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  490.750372][T14365] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  490.763174][T14365] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  490.892757][ T1137] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  490.920283][ T1137] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  490.983739][   T42] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  490.993031][   T42] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  491.055994][ T5083] Bluetooth: hci0: command tx timeout
[  491.691493][T14549] loop5: detected capacity change from 0 to 32768
[  491.730733][T14549] JBD2: Ignoring recovery information on journal
[  491.895300][T14549] ocfs2: Mounting device (7,5) on (node local, slot 0) with ordered data mode.
[  492.049230][   T27] audit: type=1804 audit(2000000388.985:286): pid=14549 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.2418" name="/newroot/0/file1/file1" dev="loop5" ino=17059 res=1 errno=0
[  492.295902][T14365] ocfs2: Unmounting device (7,5) on (node local)
[  492.299479][T14580] loop0: detected capacity change from 0 to 2048
[  492.402998][T14580] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  492.822814][T14588] loop7: detected capacity change from 0 to 1024
[  492.854494][T14588] EXT4-fs: Ignoring removed bh option
[  492.943999][T14588] EXT4-fs (loop7): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  492.963646][    C0] Unknown status report in ack skb
[  493.007617][T14594] 
[  493.010118][T14594] =====================================================
[  493.017171][T14594] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected
[  493.024692][T14594] syzkaller #0 Not tainted
[  493.029141][T14594] -----------------------------------------------------
[  493.036146][T14594] syz.0.2435/14594 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
[  493.043916][T14594] ffff8880778bd2b8 (&new->fa_lock){....}-{2:2}, at: kill_fasync+0x192/0x4b0
[  493.052701][T14594] 
[  493.052701][T14594] and this task is already holding:
[  493.060098][T14594] ffff888027519028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0xcb/0xab0
[  493.069932][T14594] which would create a new lock dependency:
[  493.075896][T14594]  (&client->buffer_lock){....}-{2:2} -> (&new->fa_lock){....}-{2:2}
[  493.084052][T14594] 
[  493.084052][T14594] but this new dependency connects a HARDIRQ-irq-safe lock:
[  493.093545][T14594]  (&dev->event_lock#2){-.-.}-{2:2}
[  493.093589][T14594] 
[  493.093589][T14594] ... which became HARDIRQ-irq-safe at:
[  493.106577][T14594]   lock_acquire+0x19e/0x420
[  493.111215][T14594]   _raw_spin_lock_irqsave+0xb4/0x100
[  493.116661][T14594]   input_event+0x7a/0xc0
[  493.121069][T14594]   psmouse_report_standard_packet+0x53/0x200
[  493.127181][T14594]   psmouse_process_byte+0x478/0x670
[  493.132513][T14594]   psmouse_handle_byte+0x43/0x490
[  493.137675][T14594]   ps2_interrupt+0x164/0x980
[  493.142397][T14594]   serio_interrupt+0x8b/0x130
[  493.147216][T14594]   i8042_interrupt+0x385/0x710
[  493.152103][T14594]   __handle_irq_event_percpu+0x271/0x940
[  493.157895][T14594]   handle_irq_event+0x8b/0x1e0
[  493.162808][T14594]   handle_edge_irq+0x247/0xb30
[  493.167706][T14594]   __common_interrupt+0x13b/0x230
[  493.172865][T14594]   common_interrupt+0xb4/0xd0
[  493.177673][T14594]   asm_common_interrupt+0x26/0x40
[  493.182831][T14594]   pv_native_safe_halt+0xf/0x10
[  493.187827][T14594]   default_idle+0x13/0x20
[  493.192283][T14594]   default_idle_call+0x6c/0xa0
[  493.197177][T14594]   do_idle+0x33d/0x590
[  493.201375][T14594]   cpu_startup_entry+0x43/0x60
[  493.206269][T14594]   start_secondary+0xee/0xf0
[  493.210987][T14594]   secondary_startup_64_no_verify+0x179/0x17b
[  493.217186][T14594] 
[  493.217186][T14594] to a HARDIRQ-irq-unsafe lock:
[  493.224231][T14594]  (tasklist_lock){.+.+}-{2:2}
[  493.224268][T14594] 
[  493.224268][T14594] ... which became HARDIRQ-irq-unsafe at:
[  493.237007][T14594] ...
[  493.237018][T14594]   lock_acquire+0x19e/0x420
[  493.244266][T14594]   _raw_read_lock+0x36/0x50
[  493.248904][T14594]   do_wait+0x294/0xae0
[  493.253114][T14594]   kernel_wait+0xd7/0x1c0
[  493.257578][T14594]   call_usermodehelper_exec_work+0xb9/0x220
[  493.263608][T14594]   process_scheduled_works+0xa5d/0x15d0
[  493.269289][T14594]   worker_thread+0xa55/0xfc0
[  493.274005][T14594]   kthread+0x2fa/0x390
[  493.278213][T14594]   ret_from_fork+0x48/0x80
[  493.282763][T14594]   ret_from_fork_asm+0x11/0x20
[  493.287670][T14594] 
[  493.287670][T14594] other info that might help us debug this:
[  493.287670][T14594] 
[  493.297932][T14594] Chain exists of:
[  493.297932][T14594]   &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock
[  493.297932][T14594] 
[  493.311648][T14594]  Possible interrupt unsafe locking scenario:
[  493.311648][T14594] 
[  493.320000][T14594]        CPU0                    CPU1
[  493.325408][T14594]        ----                    ----
[  493.330810][T14594]   lock(tasklist_lock);
[  493.335095][T14594]                                local_irq_disable();
[  493.341892][T14594]                                lock(&dev->event_lock#2);
[  493.349138][T14594]                                lock(&client->buffer_lock);
[  493.356576][T14594]   <Interrupt>
[  493.360065][T14594]     lock(&dev->event_lock#2);
[  493.365021][T14594] 
[  493.365021][T14594]  *** DEADLOCK ***
[  493.365021][T14594] 
[  493.373209][T14594] 7 locks held by syz.0.2435/14594:
[  493.378458][T14594]  #0: ffff888144798110 (&evdev->mutex){+.+.}-{3:3}, at: evdev_write+0x180/0x490
[  493.387653][T14594]  #1: ffff888019304230 (&dev->event_lock#2){-.-.}-{2:2}, at: input_inject_event+0xab/0x320
[  493.397802][T14594]  #2: ffffffff8d1320e0 (rcu_read_lock){....}-{1:2}, at: input_inject_event+0xbc/0x320
[  493.407529][T14594]  #3: ffffffff8d1320e0 (rcu_read_lock){....}-{1:2}, at: input_pass_values+0xa3/0x12f0
[  493.417271][T14594]  #4: ffffffff8d1320e0 (rcu_read_lock){....}-{1:2}, at: evdev_events+0x79/0x330
[  493.426478][T14594]  #5: ffff888027519028 (&client->buffer_lock){....}-{2:2}, at: evdev_pass_values+0xcb/0xab0
[  493.436730][T14594]  #6: ffffffff8d1320e0 (rcu_read_lock){....}-{1:2}, at: kill_fasync+0x53/0x4b0
[  493.445855][T14594] 
[  493.445855][T14594] the dependencies between HARDIRQ-irq-safe lock and the holding lock:
[  493.456412][T14594]  -> (&dev->event_lock#2){-.-.}-{2:2} {
[  493.462160][T14594]     IN-HARDIRQ-W at:
[  493.466283][T14594]                       lock_acquire+0x19e/0x420
[  493.472661][T14594]                       _raw_spin_lock_irqsave+0xb4/0x100
[  493.479864][T14594]                       input_event+0x7a/0xc0
[  493.485983][T14594]                       psmouse_report_standard_packet+0x53/0x200
[  493.493846][T14594]                       psmouse_process_byte+0x478/0x670
[  493.500911][T14594]                       psmouse_handle_byte+0x43/0x490
[  493.507817][T14594]                       ps2_interrupt+0x164/0x980
[  493.514292][T14594]                       serio_interrupt+0x8b/0x130
[  493.520832][T14594]                       i8042_interrupt+0x385/0x710
[  493.527469][T14594]                       __handle_irq_event_percpu+0x271/0x940
[  493.534985][T14594]                       handle_irq_event+0x8b/0x1e0
[  493.541640][T14594]                       handle_edge_irq+0x247/0xb30
[  493.548278][T14594]                       __common_interrupt+0x13b/0x230
[  493.555180][T14594]                       common_interrupt+0xb4/0xd0
[  493.561725][T14594]                       asm_common_interrupt+0x26/0x40
[  493.568631][T14594]                       pv_native_safe_halt+0xf/0x10
[  493.575354][T14594]                       default_idle+0x13/0x20
[  493.581735][T14594]                       default_idle_call+0x6c/0xa0
[  493.588433][T14594]                       do_idle+0x33d/0x590
[  493.594373][T14594]                       cpu_startup_entry+0x43/0x60
[  493.601016][T14594]                       start_secondary+0xee/0xf0
[  493.607474][T14594]                       secondary_startup_64_no_verify+0x179/0x17b
[  493.615417][T14594]     IN-SOFTIRQ-W at:
[  493.619516][T14594]                       lock_acquire+0x19e/0x420
[  493.625885][T14594]                       _raw_spin_lock_irqsave+0xb4/0x100
[  493.633049][T14594]                       input_event+0x7a/0xc0
[  493.639185][T14594]                       xpad360_process_packet+0x1fe/0xb30
[  493.646433][T14594]                       xpad_irq_in+0x1571/0x2590
[  493.652894][T14594]                       __usb_hcd_giveback_urb+0x35f/0x520
[  493.660133][T14594]                       dummy_timer+0x8de/0x3320
[  493.666507][T14594]                       __hrtimer_run_queues+0x520/0xc40
[  493.673588][T14594]                       hrtimer_run_softirq+0x187/0x2b0
[  493.680562][T14594]                       handle_softirqs+0x280/0x820
[  493.687189][T14594]                       __irq_exit_rcu+0xd3/0x190
[  493.693651][T14594]                       irq_exit_rcu+0x9/0x20
[  493.699749][T14594]                       sysvec_apic_timer_interrupt+0xa4/0xc0
[  493.707249][T14594]                       asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  493.715095][T14594]                       finish_task_switch+0x26a/0x8f0
[  493.721983][T14594]                       __schedule+0x155b/0x45a0
[  493.728401][T14594]                       schedule+0xbd/0x170
[  493.734346][T14594]                       do_nanosleep+0x1ad/0x600
[  493.740713][T14594]                       hrtimer_nanosleep+0x175/0x370
[  493.747526][T14594]                       __se_sys_clock_nanosleep+0x30f/0x3a0
[  493.754943][T14594]                       do_syscall_64+0x55/0xa0
[  493.761233][T14594]                       entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  493.769001][T14594]     INITIAL USE at:
[  493.773020][T14594]                      lock_acquire+0x19e/0x420
[  493.779296][T14594]                      _raw_spin_lock_irqsave+0xb4/0x100
[  493.786543][T14594]                      input_inject_event+0xab/0x320
[  493.793265][T14594]                      led_trigger_event+0x133/0x210
[  493.799969][T14594]                      kbd_led_trigger_activate+0xbd/0x100
[  493.807203][T14594]                      led_trigger_set+0x52c/0x950
[  493.813756][T14594]                      led_trigger_set_default+0x1a0/0x1e0
[  493.820986][T14594]                      led_classdev_register_ext+0x733/0x9b0
[  493.828392][T14594]                      input_leds_connect+0x4eb/0x6b0
[  493.835196][T14594]                      input_register_device+0xcdc/0x1070
[  493.842359][T14594]                      atkbd_connect+0x70a/0x9b0
[  493.848735][T14594]                      serio_driver_probe+0x7a/0xa0
[  493.855365][T14594]                      really_probe+0x25b/0xb20
[  493.861654][T14594]                      __driver_probe_device+0x18c/0x330
[  493.868719][T14594]                      driver_probe_device+0x4f/0x420
[  493.875529][T14594]                      __driver_attach+0x44e/0x6e0
[  493.882068][T14594]                      bus_for_each_dev+0x235/0x2b0
[  493.888697][T14594]                      serio_handle_event+0x1a2/0x860
[  493.895494][T14594]                      process_scheduled_works+0xa5d/0x15d0
[  493.902822][T14594]                      worker_thread+0xa55/0xfc0
[  493.909195][T14594]                      kthread+0x2fa/0x390
[  493.915041][T14594]                      ret_from_fork+0x48/0x80
[  493.921247][T14594]                      ret_from_fork_asm+0x11/0x20
[  493.927804][T14594]   }
[  493.930422][T14594]   ... key      at: [<ffffffff97631ac0>] input_allocate_device.__key.5+0x0/0x20
[  493.939579][T14594] -> (&client->buffer_lock){....}-{2:2} {
[  493.945369][T14594]    INITIAL USE at:
[  493.949308][T14594]                    lock_acquire+0x19e/0x420
[  493.955418][T14594]                    _raw_spin_lock+0x2e/0x40
[  493.961534][T14594]                    evdev_pass_values+0xcb/0xab0
[  493.967999][T14594]                    evdev_events+0x19e/0x330
[  493.974107][T14594]                    input_pass_values+0xb88/0x12f0
[  493.980753][T14594]                    input_event_dispose+0x346/0x6c0
[  493.987477][T14594]                    input_inject_event+0x1f9/0x320
[  493.994121][T14594]                    evdev_write+0x35f/0x490
[  494.000159][T14594]                    vfs_write+0x296/0x990
[  494.006020][T14594]                    ksys_write+0x150/0x260
[  494.011969][T14594]                    do_syscall_64+0x55/0xa0
[  494.018004][T14594]                    entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  494.025512][T14594]  }
[  494.028039][T14594]  ... key      at: [<ffffffff97631d60>] evdev_open.__key.28+0x0/0x20
[  494.036254][T14594]  ... acquired at:
[  494.040088][T14594]    _raw_spin_lock+0x2e/0x40
[  494.044823][T14594]    evdev_pass_values+0xcb/0xab0
[  494.049891][T14594]    evdev_events+0x19e/0x330
[  494.054609][T14594]    input_pass_values+0xb88/0x12f0
[  494.059869][T14594]    input_event_dispose+0x346/0x6c0
[  494.065199][T14594]    input_inject_event+0x1f9/0x320
[  494.070440][T14594]    evdev_write+0x35f/0x490
[  494.075064][T14594]    vfs_write+0x296/0x990
[  494.079553][T14594]    ksys_write+0x150/0x260
[  494.084104][T14594]    do_syscall_64+0x55/0xa0
[  494.088753][T14594]    entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  494.094896][T14594] 
[  494.097258][T14594] 
[  494.097258][T14594] the dependencies between the lock to be acquired
[  494.097270][T14594]  and HARDIRQ-irq-unsafe lock:
[  494.110873][T14594]   -> (tasklist_lock){.+.+}-{2:2} {
[  494.116220][T14594]      HARDIRQ-ON-R at:
[  494.120415][T14594]                         lock_acquire+0x19e/0x420
[  494.126963][T14594]                         _raw_read_lock+0x36/0x50
[  494.133513][T14594]                         do_wait+0x294/0xae0
[  494.139640][T14594]                         kernel_wait+0xd7/0x1c0
[  494.146017][T14594]                         call_usermodehelper_exec_work+0xb9/0x220
[  494.153952][T14594]                         process_scheduled_works+0xa5d/0x15d0
[  494.161537][T14594]                         worker_thread+0xa55/0xfc0
[  494.168170][T14594]                         kthread+0x2fa/0x390
[  494.174272][T14594]                         ret_from_fork+0x48/0x80
[  494.180734][T14594]                         ret_from_fork_asm+0x11/0x20
[  494.187534][T14594]      SOFTIRQ-ON-R at:
[  494.191722][T14594]                         lock_acquire+0x19e/0x420
[  494.198350][T14594]                         _raw_read_lock+0x36/0x50
[  494.204904][T14594]                         do_wait+0x294/0xae0
[  494.211027][T14594]                         kernel_wait+0xd7/0x1c0
[  494.217408][T14594]                         call_usermodehelper_exec_work+0xb9/0x220
[  494.225335][T14594]                         process_scheduled_works+0xa5d/0x15d0
[  494.233019][T14594]                         worker_thread+0xa55/0xfc0
[  494.239665][T14594]                         kthread+0x2fa/0x390
[  494.245811][T14594]                         ret_from_fork+0x48/0x80
[  494.252276][T14594]                         ret_from_fork_asm+0x11/0x20
[  494.259087][T14594]      INITIAL USE at:
[  494.263189][T14594]                        lock_acquire+0x19e/0x420
[  494.269646][T14594]                        _raw_write_lock_irq+0xaf/0xf0
[  494.276557][T14594]                        copy_process+0x2275/0x3d80
[  494.283182][T14594]                        kernel_clone+0x24b/0x8a0
[  494.289633][T14594]                        user_mode_thread+0x111/0x180
[  494.296438][T14594]                        rest_init+0x27/0x300
[  494.302548][T14594]                        arch_call_rest_init+0xe/0x10
[  494.309360][T14594]                        start_kernel+0x459/0x4e0
[  494.315820][T14594]                        x86_64_start_reservations+0x2a/0x30
[  494.323248][T14594]                        copy_bootdata+0x0/0xe0
[  494.329532][T14594]                        secondary_startup_64_no_verify+0x179/0x17b
[  494.337555][T14594]      INITIAL READ USE at:
[  494.342095][T14594]                             lock_acquire+0x19e/0x420
[  494.349005][T14594]                             _raw_read_lock+0x36/0x50
[  494.355907][T14594]                             do_wait+0x294/0xae0
[  494.362475][T14594]                             kernel_wait+0xd7/0x1c0
[  494.369201][T14594]                             call_usermodehelper_exec_work+0xb9/0x220
[  494.377559][T14594]                             process_scheduled_works+0xa5d/0x15d0
[  494.385493][T14594]                             worker_thread+0xa55/0xfc0
[  494.392502][T14594]                             kthread+0x2fa/0x390
[  494.398974][T14594]                             ret_from_fork+0x48/0x80
[  494.405789][T14594]                             ret_from_fork_asm+0x11/0x20
[  494.412968][T14594]    }
[  494.415715][T14594]    ... key      at: [<ffffffff8ce0a058>] tasklist_lock+0x18/0x40
[  494.423687][T14594]    ... acquired at:
[  494.427729][T14594]    _raw_read_lock+0x36/0x50
[  494.432518][T14594]    send_sigio+0xf9/0x360
[  494.432677][T14614] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2445'.
[  494.436956][T14594]    dnotify_handle_event+0x153/0x420
[  494.436983][T14594]    fsnotify+0x148b/0x17c0
[  494.437001][T14594]    path_openat+0x149d/0x3230
[  494.437017][T14594]    do_filp_open+0x1f5/0x430
[  494.437032][T14594]    do_sys_openat2+0x134/0x1d0
[  494.437055][T14594]    __x64_sys_openat+0x139/0x160
[  494.437077][T14594]    do_syscall_64+0x55/0xa0
[  494.437100][T14594]    entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  494.437123][T14594] 
[  494.437127][T14594]  -> (&f->f_owner.lock){...-}-{2:2} {
[  494.494000][T14594]     IN-SOFTIRQ-R at:
[  494.498107][T14594]                       lock_acquire+0x19e/0x420
[  494.504495][T14594]                       _raw_read_lock_irqsave+0xbc/0x100
[  494.511660][T14594]                       send_sigurg+0x29/0x3c0
[  494.517875][T14594]                       sk_send_sigurg+0x6f/0xc0
[  494.524279][T14594]                       tcp_check_urg+0x200/0x750
[  494.530819][T14594]                       tcp_urg+0x164/0x410
[  494.536754][T14594]                       tcp_rcv_established+0xa34/0x1d20
[  494.543869][T14594]                       tcp_v4_do_rcv+0x4ed/0xb80
[  494.550343][T14594]                       tcp_v4_rcv+0x23bf/0x2af0
[  494.556723][T14594]                       ip_protocol_deliver_rcu+0x20e/0x3f0
[  494.564057][T14594]                       ip_local_deliver_finish+0x2ca/0x510
[  494.571392][T14594]                       NF_HOOK+0x32d/0x3b0
[  494.577335][T14594]                       NF_HOOK+0x32d/0x3b0
[  494.583281][T14594]                       __netif_receive_skb+0xcc/0x290
[  494.590168][T14594]                       process_backlog+0x391/0x6f0
[  494.596795][T14594]                       __napi_poll+0xc0/0x460
[  494.602997][T14594]                       net_rx_action+0x616/0xc40
[  494.609460][T14594]                       handle_softirqs+0x280/0x820
[  494.616141][T14594]                       do_softirq+0xfa/0x1a0
[  494.622251][T14594]                       __local_bh_enable_ip+0x184/0x1c0
[  494.629312][T14594]                       sk_stream_wait_memory+0x6e3/0xee0
[  494.636478][T14594]                       tcp_sendmsg_locked+0x15cd/0x4bd0
[  494.643572][T14594]                       tcp_sendmsg+0x2f/0x50
[  494.649763][T14594]                       __sys_sendto+0x4a9/0x6b0
[  494.656156][T14594]                       __x64_sys_sendto+0xde/0xf0
[  494.662719][T14594]                       do_syscall_64+0x55/0xa0
[  494.669000][T14594]                       entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  494.676757][T14594]     INITIAL USE at:
[  494.680771][T14594]                      lock_acquire+0x19e/0x420
[  494.687047][T14594]                      _raw_write_lock_irq+0xaf/0xf0
[  494.693800][T14594]                      __f_setown+0x3b/0x330
[  494.699825][T14594]                      fcntl_dirnotify+0x6e2/0x8d0
[  494.706388][T14594]                      do_fcntl+0x390/0x1490
[  494.712432][T14594]                      __se_sys_fcntl+0xc9/0x1a0
[  494.718842][T14594]                      do_syscall_64+0x55/0xa0
[  494.725065][T14594]                      entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  494.732745][T14594]     INITIAL READ USE at:
[  494.737195][T14594]                           lock_acquire+0x19e/0x420
[  494.743915][T14594]                           _raw_read_lock_irqsave+0xbc/0x100
[  494.751428][T14594]                           send_sigio+0x33/0x360
[  494.758059][T14594]                           kill_fasync+0x228/0x4b0
[  494.764709][T14594]                           sock_wake_async+0x137/0x160
[  494.771693][T14594]                           sk_wake_async+0x184/0x280
[  494.778495][T14594]                           unix_write_space+0x24b/0x370
[  494.785570][T14594]                           sock_wfree+0x1a0/0x610
[  494.792125][T14594]                           unix_destruct_scm+0x160/0x1b0
[  494.799288][T14594]                           skb_release_head_state+0xfa/0x240
[  494.806802][T14594]                           kfree_skb_reason+0xd7/0x170
[  494.813785][T14594]                           skb_queue_purge_reason+0x13b/0x1c0
[  494.821381][T14594]                           unix_dgram_connect+0x583/0xc70
[  494.828621][T14594]                           __sys_connect+0x3da/0x470
[  494.835464][T14594]                           __x64_sys_connect+0x7a/0x90
[  494.842451][T14594]                           do_syscall_64+0x55/0xa0
[  494.849083][T14594]                           entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  494.857198][T14594]   }
[  494.859834][T14594]   ... key      at: [<ffffffff97337ea0>] init_file.__key+0x0/0x20
[  494.867776][T14594]   ... acquired at:
[  494.871722][T14594]    _raw_read_lock_irqsave+0xbc/0x100
[  494.877224][T14594]    send_sigio+0x33/0x360
[  494.881700][T14594]    kill_fasync+0x228/0x4b0
[  494.886338][T14594]    sock_wake_async+0x137/0x160
[  494.891337][T14594]    sk_wake_async+0x184/0x280
[  494.896148][T14594]    unix_write_space+0x24b/0x370
[  494.901214][T14594]    sock_wfree+0x1a0/0x610
[  494.905770][T14594]    unix_destruct_scm+0x160/0x1b0
[  494.910958][T14594]    skb_release_head_state+0xfa/0x240
[  494.916458][T14594]    kfree_skb_reason+0xd7/0x170
[  494.921454][T14594]    skb_queue_purge_reason+0x13b/0x1c0
[  494.927046][T14594]    unix_dgram_connect+0x583/0xc70
[  494.932299][T14594]    __sys_connect+0x3da/0x470
[  494.937133][T14594]    __x64_sys_connect+0x7a/0x90
[  494.942117][T14594]    do_syscall_64+0x55/0xa0
[  494.946751][T14594]    entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  494.952873][T14594] 
[  494.955228][T14594] -> (&new->fa_lock){....}-{2:2} {
[  494.960446][T14594]    INITIAL USE at:
[  494.964383][T14594]                    lock_acquire+0x19e/0x420
[  494.970495][T14594]                    _raw_write_lock_irq+0xaf/0xf0
[  494.977071][T14594]                    fasync_remove_entry+0xf4/0x1c0
[  494.983706][T14594]                    sock_fasync+0x88/0xf0
[  494.989568][T14594]                    __fput+0x7f3/0x970
[  494.995158][T14594]                    task_work_run+0x1d4/0x260
[  495.001365][T14594]                    exit_to_user_mode_loop+0xe6/0x110
[  495.008273][T14594]                    exit_to_user_mode_prepare+0xee/0x180
[  495.015432][T14594]                    syscall_exit_to_user_mode+0x1a/0x50
[  495.022500][T14594]                    do_syscall_64+0x61/0xa0
[  495.028530][T14594]                    entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  495.036035][T14594]    INITIAL READ USE at:
[  495.040417][T14594]                         lock_acquire+0x19e/0x420
[  495.046969][T14594]                         _raw_read_lock_irqsave+0xbc/0x100
[  495.054317][T14594]                         kill_fasync+0x192/0x4b0
[  495.060789][T14594]                         sock_wake_async+0x137/0x160
[  495.067613][T14594]                         sk_wake_async+0x184/0x280
[  495.074245][T14594]                         unix_write_space+0x24b/0x370
[  495.081139][T14594]                         sock_wfree+0x1a0/0x610
[  495.087521][T14594]                         unix_destruct_scm+0x160/0x1b0
[  495.094504][T14594]                         skb_release_head_state+0xfa/0x240
[  495.101836][T14594]                         kfree_skb_reason+0xd7/0x170
[  495.108651][T14594]                         skb_queue_purge_reason+0x13b/0x1c0
[  495.116082][T14594]                         unix_dgram_connect+0x583/0xc70
[  495.123151][T14594]                         __sys_connect+0x3da/0x470
[  495.129797][T14594]                         __x64_sys_connect+0x7a/0x90
[  495.136618][T14594]                         do_syscall_64+0x55/0xa0
[  495.143075][T14594]                         entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  495.149321][   T12] ------------[ cut here ]------------
[  495.150995][T14594]  }
[  495.156969][   T12] WARNING: CPU: 0 PID: 12 at net/mac80211/chan.c:92 ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  495.158974][T14594]  ... key      at: [<ffffffff97338b20>] fasync_insert_entry.__key+0x0/0x20
[  495.169959][   T12] Modules linked in:
[  495.178433][T14594]  ... acquired at:
[  495.178442][T14594]    _raw_read_lock_irqsave+0xbc/0x100
[  495.178469][T14594]    kill_fasync+0x192/0x4b0
[  495.182394][   T12] 
[  495.186203][T14594]    evdev_pass_values+0x54b/0xab0
[  495.186225][T14594]    evdev_events+0x1d8/0x330
[  495.186243][T14594]    input_pass_values+0x905/0x12f0
[  495.186268][T14594]    input_event_dispose+0x346/0x6c0
[  495.191738][   T12] CPU: 0 PID: 12 Comm: kworker/u4:1 Not tainted syzkaller #0
[  495.196323][T14594]    input_inject_event+0x1f9/0x320
[  495.196349][T14594]    evdev_write+0x35f/0x490
[  495.196367][T14594]    vfs_write+0x296/0x990
[  495.198728][   T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  495.203849][T14594]    ksys_write+0x150/0x260
[  495.208610][   T12] Workqueue: phy27 ieee80211_csa_finalize_work
[  495.213754][T14594]    do_syscall_64+0x55/0xa0
[  495.219583][   T12] 
[  495.226438][T14594]    entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  495.226466][T14594] 
[  495.226470][T14594] 
[  495.226470][T14594] stack backtrace:
[  495.226477][T14594] CPU: 1 PID: 14594 Comm: syz.0.2435 Not tainted syzkaller #0
[  495.231674][   T12] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  495.236266][T14594] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  495.236279][T14594] Call Trace:
[  495.236289][T14594]  <TASK>
[  495.236297][T14594]  dump_stack_lvl+0x18c/0x250
[  495.240717][   T12] Code: 48 89 df e8 ea 3d d6 f7 e9 dc fc ff ff e8 d0 06 7e f7 eb 24 e8 c9 06 7e f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 b8 06 7e f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 aa 06 7e f7 48 8b 7c 24 08 4c 8b 7c
[  495.250785][T14594]  ? load_image+0x420/0x420
[  495.250815][T14594]  ? show_regs_print_info+0x20/0x20
[  495.250846][T14594]  ? load_image+0x420/0x420
[  495.250876][T14594]  ? print_shortest_lock_dependencies+0xf4/0x160
[  495.250904][T14594]  __lock_acquire+0x6851/0x7d40
[  495.250942][T14594]  ? verify_lock_unused+0x140/0x140
[  495.250970][T14594]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  495.251008][T14594]  ? verify_lock_unused+0x140/0x140
[  495.251035][T14594]  lock_acquire+0x19e/0x420
[  495.251058][T14594]  ? kill_fasync+0x192/0x4b0
[  495.251090][T14594]  ? read_lock_is_recursive+0x20/0x20
[  495.251121][T14594]  _raw_read_lock_irqsave+0xbc/0x100
[  495.251147][T14594]  ? kill_fasync+0x192/0x4b0
[  495.251172][T14594]  ? _raw_read_lock+0x50/0x50
[  495.251200][T14594]  kill_fasync+0x192/0x4b0
[  495.251225][T14594]  ? kill_fasync+0x53/0x4b0
[  495.251251][T14594]  evdev_pass_values+0x54b/0xab0
[  495.251290][T14594]  ? evdev_pass_values+0x4d1/0xab0
[  495.251315][T14594]  evdev_events+0x1d8/0x330
[  495.251335][T14594]  ? evdev_events+0x79/0x330
[  495.251354][T14594]  ? evdev_event+0xf0/0xf0
[  495.251392][T14594]  input_pass_values+0x905/0x12f0
[  495.251424][T14594]  ? input_pass_values+0xa3/0x12f0
[  495.251456][T14594]  input_event_dispose+0x346/0x6c0
[  495.251485][T14594]  input_inject_event+0x1f9/0x320
[  495.251511][T14594]  ? input_inject_event+0xbc/0x320
[  495.251539][T14594]  evdev_write+0x35f/0x490
[  495.251564][T14594]  ? evdev_read+0xba0/0xba0
[  495.251586][T14594]  ? common_file_perm+0x198/0x1f0
[  495.251614][T14594]  ? fsnotify_perm+0x5d/0x5e0
[  495.251645][T14594]  ? security_file_permission+0x79/0xa0
[  495.251677][T14594]  ? evdev_read+0xba0/0xba0
[  495.251698][T14594]  vfs_write+0x296/0x990
[  495.251731][T14594]  ? file_end_write+0x250/0x250
[  495.251759][T14594]  ? __fget_files+0x28/0x4b0
[  495.251775][    C0] ------------[ cut here ]------------
[  495.251786][T14594]  ? __fget_files+0x28/0x4b0
[  495.251787][    C0] WARNING: CPU: 0 PID: 12 at net/mac80211/tx.c:5033 __ieee80211_beacon_get+0x1233/0x1600
[  495.251813][T14594]  ? __fget_files+0x43d/0x4b0
[  495.251832][    C0] Modules linked in:
[  495.251844][T14594]  ? __fdget_pos+0x1d8/0x330
[  495.251847][    C0] CPU: 0 PID: 12 Comm: kworker/u4:1 Not tainted syzkaller #0
[  495.251869][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  495.251870][T14594]  ? ksys_write+0x75/0x260
[  495.251883][    C0] Workqueue: phy27 ieee80211_csa_finalize_work
[  495.251900][T14594]  ksys_write+0x150/0x260
[  495.251921][    C0] RIP: 0010:__ieee80211_beacon_get+0x1233/0x1600
[  495.251937][T14594]  ? __ia32_sys_read+0x90/0x90
[  495.251952][    C0] Code: 24 4c 89 e7 e8 be 74 c0 f7 45 31 f6 4c 8b bc 24 a0 00 00 00 e9 7a fe ff ff e8 b9 b2 82 f7 0f 0b e9 f6 f7 ff ff e8 ad b2 82 f7 <0f> 0b e9 48 fb ff ff e8 a1 b2 82 f7 48 c7 c7 20 89 64 8e 4c 89 e6
[  495.251967][T14594]  ? lockdep_hardirqs_on+0x98/0x150
[  495.251973][    C0] RSP: 0018:ffffc90000007a18 EFLAGS: 00010246
[  495.251993][    C0] RAX: ffffffff8a046f53 RBX: ffffffff8a045d56 RCX: ffff88801aa45a00
[  495.252002][T14594]  do_syscall_64+0x55/0xa0
[  495.252009][    C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[  495.252023][    C0] RBP: 0000000000000000 R08: ffff88801aa45a00 R09: 0000000000000003
[  495.252021][T14594]  ? clear_bhb_loop+0x40/0x90
[  495.252037][    C0] R10: 0000000000000007 R11: 0000000000000100 R12: ffff88804cc223c0
[  495.252052][    C0] R13: dffffc0000000000 R14: ffff88804cc228b0 R15: ffff88802d6a4c24
[  495.252048][T14594]  ? clear_bhb_loop+0x40/0x90
[  495.252069][    C0] FS:  0000000000000000(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
[  495.252075][T14594]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  495.252088][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  495.252100][T14594] RIP: 0033:0x7f03a439cdd9
[  495.252103][    C0] CR2: 00007f08b951d286 CR3: 0000000065f53000 CR4: 00000000003506f0
[  495.252122][    C0] Call Trace:
[  495.252118][T14594] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  495.252132][    C0]  <IRQ>
[  495.252135][T14594] RSP: 002b:00007f03a5217028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001
[  495.252141][    C0]  ? __ieee80211_beacon_get+0x36/0x1600
[  495.252157][T14594] RAX: ffffffffffffffda RBX: 00007f03a4615fa0 RCX: 00007f03a439cdd9
[  495.252173][T14594] RDX: 0000000000001068 RSI: 0000200000000040 RDI: 0000000000000004
[  495.252171][    C0]  ? rcu_is_watching+0x15/0xb0
[  495.252186][T14594] RBP: 00007f03a4432d69 R08: 0000000000000000 R09: 0000000000000000
[  495.252198][T14594] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  495.252203][    C0]  ieee80211_beacon_get_tim+0xbf/0x580
[  495.252210][T14594] R13: 00007f03a4616038 R14: 00007f03a4615fa0 R15: 00007ffd558f07f8
[  495.252233][T14594]  </TASK>
[  495.252233][    C0]  ? ieee80211_beacon_get_template_ema_list+0x90/0x90
[  495.252257][    C0]  ? lock_acquire+0xc6/0x420
[  495.252277][    C0]  ? __rwlock_init+0x150/0x150
[  495.252304][    C0]  ? lock_release+0xb5/0x8c0
[  495.252330][    C0]  mac80211_hwsim_beacon_tx+0x3c7/0x780
[  495.252359][    C0]  __iterate_interfaces+0x243/0x500
[  495.252387][    C0]  ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0
[  495.252410][    C0]  ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180
[  495.252440][    C0]  ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0
[  495.252463][    C0]  ieee80211_iterate_active_interfaces_atomic+0xdb/0x180
[  495.252498][    C0]  mac80211_hwsim_beacon+0xbb/0x1b0
[  495.252521][    C0]  __hrtimer_run_queues+0x520/0xc40
[  495.252544][    C0]  ? ktime_get_update_offsets_now+0x99/0x3f0
[  495.252574][    C0]  ? hw_scan_work+0xf60/0xf60
[  495.252598][    C0]  ? hrtimer_interrupt+0x9c0/0x9c0
[  495.252620][    C0]  ? ktime_get_update_offsets_now+0x3d2/0x3f0
[  495.252649][    C0]  hrtimer_run_softirq+0x187/0x2b0
[  495.252675][    C0]  handle_softirqs+0x280/0x820
[  495.252697][    C0]  ? __irq_exit_rcu+0xd3/0x190
[  495.252717][    C0]  ? do_softirq+0x1a0/0x1a0
[  495.252739][    C0]  ? irqtime_account_irq+0xb6/0x1c0
[  495.252776][    C0]  __irq_exit_rcu+0xd3/0x190
[  495.252797][    C0]  ? irq_exit_rcu+0x20/0x20
[  495.252822][    C0]  irq_exit_rcu+0x9/0x20
[  495.252841][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  495.252867][    C0]  </IRQ>
[  495.252873][    C0]  <TASK>
[  495.252881][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  495.252908][    C0] RIP: 0010:vprintk_emit+0x46f/0x610
[  495.252934][    C0] Code: 85 3f 01 00 00 e8 c1 a9 1b 00 45 89 f7 48 85 db 48 8b 1c 24 75 07 e8 b0 a9 1b 00 eb 06 e8 a9 a9 1b 00 fb 48 c7 c7 00 64 12 8d <31> f6 ba 01 00 00 00 31 c9 41 b8 01 00 00 00 45 31 c9 53 e8 b9 b1
[  495.252953][    C0] RSP: 0018:ffffc90000117500 EFLAGS: 00000293
[  495.252971][    C0] RAX: ffffffff816b7857 RBX: ffffffff816b76fb RCX: ffff88801aa45a00
[  495.252987][    C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8d126400
[  495.253001][    C0] RBP: ffffc900001175f0 R08: ffffffff8e8b19af R09: 1ffffffff1d16335
[  495.253015][    C0] R10: dffffc0000000000 R11: fffffbfff1d16336 R12: dffffc0000000000
[  495.253031][    C0] R13: 1ffff92000022ea4 R14: 00000000000000c7 R15: 00000000000000c7
[  495.253047][    C0]  ? vprintk_emit+0x30b/0x610
[  495.253072][    C0]  ? vprintk_emit+0x467/0x610
[  495.253097][    C0]  ? vprintk_emit+0x30b/0x610
[  495.253121][    C0]  ? printk_sprint+0x460/0x460
[  495.253146][    C0]  ? vprintk_emit+0x30b/0x610
[  495.253170][    C0]  ? vprintk_emit+0x53d/0x610
[  495.253210][    C0]  _printk+0xde/0x130
[  495.253236][    C0]  ? copy_from_kernel_nofault+0x1d2/0x310
[  495.253267][    C0]  ? load_image+0x420/0x420
[  495.253293][    C0]  ? _printk+0xde/0x130
[  495.253317][    C0]  ? set_worker_desc+0x1f0/0x1f0
[  495.253337][    C0]  ? copy_from_kernel_nofault_allowed+0xbd/0x130
[  495.253366][    C0]  ? ieee80211_vif_use_reserved_switch+0x10be/0x28f0
[  495.253391][    C0]  ? copy_from_kernel_nofault+0x1eb/0x310
[  495.253421][    C0]  ? ieee80211_vif_use_reserved_switch+0x10be/0x28f0
[  495.253443][    C0]  show_opcodes+0x146/0x170
[  495.253474][    C0]  show_iret_regs+0x1d/0x50
[  495.253516][    C0]  __show_regs+0x34/0x600
[  495.253540][    C0]  ? dump_stack_print_info+0xf5/0x150
[  495.253574][    C0]  show_regs+0x44/0x90
[  495.253599][    C0]  __warn+0x160/0x470
[  495.253624][    C0]  ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  495.253651][    C0]  ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  495.253676][    C0]  report_bug+0x2be/0x4f0
[  495.253697][    C0]  ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  495.253723][    C0]  ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  495.253755][    C0]  ? ieee80211_vif_use_reserved_switch+0x10ea/0x28f0
[  495.253781][    C0]  handle_bug+0xcf/0x120
[  495.253802][    C0]  exc_invalid_op+0x1a/0x50
[  495.253821][    C0]  asm_exc_invalid_op+0x1a/0x20
[  495.253844][    C0] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  495.253871][    C0] Code: 48 89 df e8 ea 3d d6 f7 e9 dc fc ff ff e8 d0 06 7e f7 eb 24 e8 c9 06 7e f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 b8 06 7e f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 aa 06 7e f7 48 8b 7c 24 08 4c 8b 7c
[  495.253890][    C0] RSP: 0018:ffffc900001179c0 EFLAGS: 00010293
[  495.253908][    C0] RAX: ffffffff8a09178f RBX: 0000000000000000 RCX: ffff88801aa45a00
[  495.253923][    C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  495.253935][    C0] RBP: dffffc0000000000 R08: ffff88804cc215af R09: 1ffff110099842b5
[  495.253952][    C0] R10: dffffc0000000000 R11: ffffed10099842b6 R12: 0000000000000001
[  495.253967][    C0] R13: ffff88804cc225d9 R14: ffff88805a8d2c70 R15: 0000000000000000
[  495.253986][    C0]  ? ieee80211_vif_use_reserved_switch+0xd2f/0x28f0
[  495.254023][    C0]  ieee80211_link_use_reserved_context+0x383/0x5c0
[  495.254050][    C0]  ieee80211_csa_finalize+0x5a6/0xf20
[  495.254078][    C0]  ? mutex_lock_nested+0x20/0x20
[  495.254099][    C0]  ? try_to_wake_up+0x74f/0x1190
[  495.254117][    C0]  ? ieee80211_csa_finalize_work+0x140/0x140
[  495.254146][    C0]  ? read_lock_is_recursive+0x20/0x20
[  495.254168][    C0]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  495.254198][    C0]  ieee80211_csa_finalize_work+0xf6/0x140
[  495.254226][    C0]  ? process_scheduled_works+0x96f/0x15d0
[  495.254253][    C0]  process_scheduled_works+0xa5d/0x15d0
[  495.254293][    C0]  ? worker_attach_to_pool+0x380/0x380
[  495.254324][    C0]  ? assign_work+0x3d2/0x5d0
[  495.254352][    C0]  worker_thread+0xa55/0xfc0
[  495.254391][    C0]  kthread+0x2fa/0x390
[  495.254411][    C0]  ? pr_cont_work+0x560/0x560
[  495.254435][    C0]  ? kthread_blkcg+0xd0/0xd0
[  495.254455][    C0]  ret_from_fork+0x48/0x80
[  495.254481][    C0]  ? kthread_blkcg+0xd0/0xd0
[  495.254502][    C0]  ret_from_fork_asm+0x11/0x20
[  495.254535][    C0]  </TASK>
[  495.254545][    C0] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  495.254555][    C0] CPU: 0 PID: 12 Comm: kworker/u4:1 Not tainted syzkaller #0
[  495.254573][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/18/2026
[  495.254586][    C0] Workqueue: phy27 ieee80211_csa_finalize_work
[  495.254612][    C0] Call Trace:
[  495.254619][    C0]  <IRQ>
[  495.254626][    C0]  dump_stack_lvl+0x18c/0x250
[  495.254659][    C0]  ? show_regs_print_info+0x20/0x20
[  495.254696][    C0]  ? load_image+0x420/0x420
[  495.254731][    C0]  panic+0x2dc/0x730
[  495.254766][    C0]  ? bpf_jit_dump+0xd0/0xd0
[  495.254795][    C0]  ? ret_from_fork_asm+0x11/0x20
[  495.254826][    C0]  __warn+0x2e0/0x470
[  495.254849][    C0]  ? __ieee80211_beacon_get+0x1233/0x1600
[  495.254877][    C0]  ? __ieee80211_beacon_get+0x1233/0x1600
[  495.254903][    C0]  report_bug+0x2be/0x4f0
[  495.254923][    C0]  ? __ieee80211_beacon_get+0x1233/0x1600
[  495.254950][    C0]  ? __ieee80211_beacon_get+0x1233/0x1600
[  495.254976][    C0]  ? __ieee80211_beacon_get+0x1235/0x1600
[  495.255002][    C0]  handle_bug+0xcf/0x120
[  495.255022][    C0]  exc_invalid_op+0x1a/0x50
[  495.255041][    C0]  asm_exc_invalid_op+0x1a/0x20
[  495.255065][    C0] RIP: 0010:__ieee80211_beacon_get+0x1233/0x1600
[  495.255093][    C0] Code: 24 4c 89 e7 e8 be 74 c0 f7 45 31 f6 4c 8b bc 24 a0 00 00 00 e9 7a fe ff ff e8 b9 b2 82 f7 0f 0b e9 f6 f7 ff ff e8 ad b2 82 f7 <0f> 0b e9 48 fb ff ff e8 a1 b2 82 f7 48 c7 c7 20 89 64 8e 4c 89 e6
[  495.255112][    C0] RSP: 0018:ffffc90000007a18 EFLAGS: 00010246
[  495.255129][    C0] RAX: ffffffff8a046f53 RBX: ffffffff8a045d56 RCX: ffff88801aa45a00
[  495.255146][    C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000
[  495.255159][    C0] RBP: 0000000000000000 R08: ffff88801aa45a00 R09: 0000000000000003
[  495.255172][    C0] R10: 0000000000000007 R11: 0000000000000100 R12: ffff88804cc223c0
[  495.255186][    C0] R13: dffffc0000000000 R14: ffff88804cc228b0 R15: ffff88802d6a4c24
[  495.255203][    C0]  ? __ieee80211_beacon_get+0x36/0x1600
[  495.255230][    C0]  ? __ieee80211_beacon_get+0x1233/0x1600
[  495.255260][    C0]  ? __ieee80211_beacon_get+0x1233/0x1600
[  495.255287][    C0]  ? __ieee80211_beacon_get+0x36/0x1600
[  495.255311][    C0]  ? rcu_is_watching+0x15/0xb0
[  495.255347][    C0]  ieee80211_beacon_get_tim+0xbf/0x580
[  495.255376][    C0]  ? ieee80211_beacon_get_template_ema_list+0x90/0x90
[  495.255404][    C0]  ? lock_acquire+0xc6/0x420
[  495.255425][    C0]  ? __rwlock_init+0x150/0x150
[  495.255452][    C0]  ? lock_release+0xb5/0x8c0
[  495.255476][    C0]  mac80211_hwsim_beacon_tx+0x3c7/0x780
[  495.255505][    C0]  __iterate_interfaces+0x243/0x500
[  495.255535][    C0]  ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0
[  495.255560][    C0]  ? ieee80211_iterate_active_interfaces_atomic+0x2a/0x180
[  495.255594][    C0]  ? mac80211_hwsim_vendor_cmd_test+0x2f0/0x2f0
[  495.255619][    C0]  ieee80211_iterate_active_interfaces_atomic+0xdb/0x180
[  495.255654][    C0]  mac80211_hwsim_beacon+0xbb/0x1b0
[  495.255677][    C0]  __hrtimer_run_queues+0x520/0xc40
[  495.255699][    C0]  ? ktime_get_update_offsets_now+0x99/0x3f0
[  495.255727][    C0]  ? hw_scan_work+0xf60/0xf60
[  495.255757][    C0]  ? hrtimer_interrupt+0x9c0/0x9c0
[  495.255779][    C0]  ? ktime_get_update_offsets_now+0x3d2/0x3f0
[  495.255809][    C0]  hrtimer_run_softirq+0x187/0x2b0
[  495.255833][    C0]  handle_softirqs+0x280/0x820
[  495.255856][    C0]  ? __irq_exit_rcu+0xd3/0x190
[  495.255878][    C0]  ? do_softirq+0x1a0/0x1a0
[  495.255900][    C0]  ? irqtime_account_irq+0xb6/0x1c0
[  495.255928][    C0]  __irq_exit_rcu+0xd3/0x190
[  495.255949][    C0]  ? irq_exit_rcu+0x20/0x20
[  495.255972][    C0]  irq_exit_rcu+0x9/0x20
[  495.255990][    C0]  sysvec_apic_timer_interrupt+0xa4/0xc0
[  495.256014][    C0]  </IRQ>
[  495.256020][    C0]  <TASK>
[  495.256027][    C0]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  495.256052][    C0] RIP: 0010:vprintk_emit+0x46f/0x610
[  495.256077][    C0] Code: 85 3f 01 00 00 e8 c1 a9 1b 00 45 89 f7 48 85 db 48 8b 1c 24 75 07 e8 b0 a9 1b 00 eb 06 e8 a9 a9 1b 00 fb 48 c7 c7 00 64 12 8d <31> f6 ba 01 00 00 00 31 c9 41 b8 01 00 00 00 45 31 c9 53 e8 b9 b1
[  495.256094][    C0] RSP: 0018:ffffc90000117500 EFLAGS: 00000293
[  495.256111][    C0] RAX: ffffffff816b7857 RBX: ffffffff816b76fb RCX: ffff88801aa45a00
[  495.256127][    C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: ffffffff8d126400
[  495.256140][    C0] RBP: ffffc900001175f0 R08: ffffffff8e8b19af R09: 1ffffffff1d16335
[  495.256156][    C0] R10: dffffc0000000000 R11: fffffbfff1d16336 R12: dffffc0000000000
[  495.256170][    C0] R13: 1ffff92000022ea4 R14: 00000000000000c7 R15: 00000000000000c7
[  495.256185][    C0]  ? vprintk_emit+0x30b/0x610
[  495.256210][    C0]  ? vprintk_emit+0x467/0x610
[  495.256237][    C0]  ? vprintk_emit+0x30b/0x610
[  495.256262][    C0]  ? printk_sprint+0x460/0x460
[  495.256285][    C0]  ? vprintk_emit+0x30b/0x610
[  495.256310][    C0]  ? vprintk_emit+0x53d/0x610
[  495.256338][    C0]  _printk+0xde/0x130
[  495.256364][    C0]  ? copy_from_kernel_nofault+0x1d2/0x310
[  495.256395][    C0]  ? load_image+0x420/0x420
[  495.256422][    C0]  ? _printk+0xde/0x130
[  495.256447][    C0]  ? set_worker_desc+0x1f0/0x1f0
[  495.256468][    C0]  ? copy_from_kernel_nofault_allowed+0xbd/0x130
[  495.256497][    C0]  ? ieee80211_vif_use_reserved_switch+0x10be/0x28f0
[  495.256522][    C0]  ? copy_from_kernel_nofault+0x1eb/0x310
[  495.256552][    C0]  ? ieee80211_vif_use_reserved_switch+0x10be/0x28f0
[  495.256578][    C0]  show_opcodes+0x146/0x170
[  495.256607][    C0]  show_iret_regs+0x1d/0x50
[  495.256632][    C0]  __show_regs+0x34/0x600
[  495.256656][    C0]  ? dump_stack_print_info+0xf5/0x150
[  495.256689][    C0]  show_regs+0x44/0x90
[  495.256714][    C0]  __warn+0x160/0x470
[  495.256737][    C0]  ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  495.256772][    C0]  ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  495.256797][    C0]  report_bug+0x2be/0x4f0
[  495.256817][    C0]  ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  495.256842][    C0]  ? ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  495.256867][    C0]  ? ieee80211_vif_use_reserved_switch+0x10ea/0x28f0
[  495.256892][    C0]  handle_bug+0xcf/0x120
[  495.256911][    C0]  exc_invalid_op+0x1a/0x50
[  495.256931][    C0]  asm_exc_invalid_op+0x1a/0x20
[  495.256954][    C0] RIP: 0010:ieee80211_vif_use_reserved_switch+0x10e8/0x28f0
[  495.256979][    C0] Code: 48 89 df e8 ea 3d d6 f7 e9 dc fc ff ff e8 d0 06 7e f7 eb 24 e8 c9 06 7e f7 c7 04 24 f4 ff ff ff e9 e4 f5 ff ff e8 b8 06 7e f7 <0f> 0b 0f 0b e9 cf f5 ff ff e8 aa 06 7e f7 48 8b 7c 24 08 4c 8b 7c
[  495.256996][    C0] RSP: 0018:ffffc900001179c0 EFLAGS: 00010293
[  495.257013][    C0] RAX: ffffffff8a09178f RBX: 0000000000000000 RCX: ffff88801aa45a00
[  495.257028][    C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000
[  495.257040][    C0] RBP: dffffc0000000000 R08: ffff88804cc215af R09: 1ffff110099842b5
[  495.257055][    C0] R10: dffffc0000000000 R11: ffffed10099842b6 R12: 0000000000000001
[  495.257069][    C0] R13: ffff88804cc225d9 R14: ffff88805a8d2c70 R15: 0000000000000000
[  495.257087][    C0]  ? ieee80211_vif_use_reserved_switch+0xd2f/0x28f0
[  495.257122][    C0]  ieee80211_link_use_reserved_context+0x383/0x5c0
[  495.257150][    C0]  ieee80211_csa_finalize+0x5a6/0xf20
[  495.257176][    C0]  ? mutex_lock_nested+0x20/0x20
[  495.257197][    C0]  ? try_to_wake_up+0x74f/0x1190
[  495.257216][    C0]  ? ieee80211_csa_finalize_work+0x140/0x140
[  495.257243][    C0]  ? read_lock_is_recursive+0x20/0x20
[  495.257264][    C0]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  495.257294][    C0]  ieee80211_csa_finalize_work+0xf6/0x140
[  495.257322][    C0]  ? process_scheduled_works+0x96f/0x15d0
[  495.257348][    C0]  process_scheduled_works+0xa5d/0x15d0
[  495.257386][    C0]  ? worker_attach_to_pool+0x380/0x380
[  495.257412][    C0]  ? assign_work+0x3d2/0x5d0
[  495.257438][    C0]  worker_thread+0xa55/0xfc0
[  495.257473][    C0]  kthread+0x2fa/0x390
[  495.257492][    C0]  ? pr_cont_work+0x560/0x560
[  495.257517][    C0]  ? kthread_blkcg+0xd0/0xd0
[  495.257537][    C0]  ret_from_fork+0x48/0x80
[  495.257560][    C0]  ? kthread_blkcg+0xd0/0xd0
[  495.257581][    C0]  ret_from_fork_asm+0x11/0x20
[  495.257615][    C0]  </TASK>
[  495.258207][    C0] Kernel Offset: disabled