last executing test programs:

10.004602657s ago: executing program 1 (id=1293):
madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
syz_io_uring_setup(0x3b, &(0x7f00000001c0)={0x0, 0x0, 0x10100}, &(0x7f0000000000), 0x0)
syz_open_procfs(0x0, 0x0)
r4 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r4, 0x7a7, &(0x7f0000000000)=0x10000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r4, 0x7a0, &(0x7f0000000100)={@local})
ioctl$IOCTL_VMCI_CTX_SET_CPT_STATE(r4, 0x7b2, &(0x7f0000001680)={&(0x7f0000000680)=[0x100000, 0x8, 0x0, 0x0, 0x7fffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x40000000, 0x40000000, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x695, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa, 0x4, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x2c1f0a7c, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8f1, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xb02b, 0x0, 0x0, 0x403, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0xaaad, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fc, 0x9, 0x0, 0x0, 0x0, 0x10000, 0x0, 0x3, 0x0, 0x0, 0x379, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x51b0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x65, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x44, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff2df3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x10000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffa6c7, 0x0, 0x3, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x10000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x84, 0x0, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x80, 0x0, 0x6, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200004, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x0, 0x3ff, 0x0, 0x0, 0x1, 0x0, 0x7, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x400, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100000, 0x1000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0xabaa, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4e4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x101, 0xd0db, 0x0, 0x0, 0x3ff, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1004, 0x0, 0x0, 0x0, 0x800000, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x70, 0x0, 0x400, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x195, 0x8000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x3, 0x2, 0x800, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffff8, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x4, 0xe8f], 0x1, 0x400})
r5 = socket$kcm(0x29, 0x2, 0x0)
r6 = socket$kcm(0x2, 0x1, 0x0)
sendmsg$inet(r6, &(0x7f0000000300)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0}, 0x20000015)
ioctl$sock_kcm_SIOCKCMCLONE(r5, 0x89e2, &(0x7f0000000180)={<r7=>r5})
sendmsg$inet(r7, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000200)='R', 0x1}], 0x1}, 0x0)
ioctl$sock_kcm_SIOCKCMATTACH(r5, 0x89e0, &(0x7f0000000040)={r6})
ioctl$sock_kcm_SIOCKCMUNATTACH(r5, 0x89e1, &(0x7f0000000100)={r6})
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000100)='./file3\x00', 0xcc0, &(0x7f0000001880)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6865617274626561743d6e6f6e652c636f686572656e63793d66756c6c2c636f686572656e63793d66756c6c2c636f686572656e63793d62756666657265642c6572726f72733d636f6e74696e75652c757365725f78617474722c626172726965723d30303030303030303030303030303032363131352c6469725f726573765f6c6576656c3d30303030303030303030303030303030303030362c696e74722c6a6f75726e616c5f6173796e635f636f6d6d69742c00535d4e036013ec9e6e7ecdee3849b40884b95e94f35cec9600cd19beb0", @ANYRES64], 0x21, 0x442a, &(0x7f0000004480)="$eJzs3c9PHGUfAPBnBvoW+rZ9oW8PfZM3cRObaNQQ6EmliZTSUmixptrGeNkusG3RhW1gMR56wFsTTyYejIdGE2+cGg5e65/gxWM9N9GDFxOTRszuzgIz7IaVsGDr53NgmOc3+5159pnD8MSJyp25pdzcUq6wkCvP3Fo6k/u4XFqeL4Z4nzTt/9D+9U97OnGdHPS190929fzFd2+cCeH72R+frK+vr4eq7tDU0Jbff/v13szWY0OcqVNtt3lre+WDEMLJbeOq6gohvP9dCFEI4VySNpoce0MIx0I978a9z27m9mg0Dx8Xz+afTt1fGz49ufpgrfXfHoXwVel/r92e//nFruGfXtmj7gEAAAAAAAAAAAAAAAAAeMaNX7t6/Z3BofAoCt2r0fb3dceTY6v3Y9f3zAud/2MBAAAAAAAAAAAAAAAAAADgb2rz/f9cdKLJ+/9jyXGkRf31tzo/Rjpn4u2rYxcGh5L936Nt+a8nSb+c6wr9TfZ9z+7/fi5Tv/n+79v72a3G+Br99oUoHkidx/HAQAjfJBu/n4qOxKXyUuXVW+Xlhdk9G8YzKx3/+u79qegkG/q3G//RTPud3///v9uupur5zb27xJ5r6fh3tSz37adRW/E/n6m3H/Fn99Lx766l9W4tMFKfAKrx/7x75/iPZdrvVPyPhxByUXWsudQMUF3DVNNbrVdIS8f/UC0tNXUmH2Sr+//3TPwvZNo/qPl/JftFRFPp+P+rltaTKrF5//fHO9//FzPtH0T8q+Nf8f3flnT8D9cTu1NFap9ku/P/eKb9TsX/epyM83iUugJWo3p6q/9XR1o6/j3b8jef/+K21n+XMvX36/mv0W/j+a8x/b8c1Z//aC4d/96W5dq9/ycy9To9/4/U1n/sVjr+R2pp6bVzX+1nu/GfzLTfqfjXViU9jfhvzid/HK6nf23915Z0/P9dT4y3llip/ayt/6Kd1/+XM+0fxPqvOv6VuLO9Pi/S8T/aslw1/j+08f1/JVOv8/EPYdBaf9fS8T/Wslzt/u/ZOf5TmXqdjv9LnWwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Bkwmhz7QhQPpM7jeGAghPPJ+alwJJouzOanS+WZj5ZCGEvSc+FEdLtUni6U8nML5dlivlAqlWdCuJDknww90VKpXMnPF+5e3GirN7pTLCxWpouFSghhPEn/fzjWaGt6rjJfuBtCuLSR95+4vHj3TmEhPzu3+Obg4OBgmNgYQ39U/KRSXKjUe6/nhjC5Ubcv2jK4WvbljbEcjT4sLy8uFEq19Ctb6pTKM4XSljpTSd4XoT+qLC4vzBQqxXypfLvR30EaSY5jE9feu3ZlaFv+zah+HN3fYQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwFz0afuPLEEJ3/SwOIYw0fomalX/4uHg2/3Tq/trw6cnVB2tPWpUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+JMdOBAAAAAAAPJ/bYSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqoq7NIxSgNBFAbgN2Ohdh7DatntbFcU0cIVwRPoMTyMHsVLeIcUKdKmCIFkFsJmF7ZJqu9rHszPzHswDwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgHme3ruPt7qJSHG1uYz4+/pfHOYvpf7cj9+/OMOMnM7za/fwWDfl39NRfleOlm3epevV92eM1N7vYE+G+7TX97menGtq36bm6/veRMpVRLQlv005V9W8twAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgyw4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRV24FgAAAAAQJi/dRR9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPArAAD///4CHxA=")

8.840499894s ago: executing program 2 (id=1295):
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x800, &(0x7f0000000300)=ANY=[@ANYBLOB='iocharset=macceltic,fmask=00000000000000000000240,errors=remount-ro,iocharset=cp936,iocharset=cp852,dmask=00000000000000000000000,gid=', @ANYRESHEX=0x0, @ANYBLOB="2c646d61736b3d303030303000303030303030312c6572726f72733d636f6e74696e75652c6572726f72733d636f6e74696e75652c00c5638743478b4a0765a108f13a6648c4bb79fbac1a4523231afd6d3cccc6512c438916373d3fc077180399cdbf4f8504ed6e82d03a91f2527149f109ee1f450a1c715866537fc86e597f991fd708e15ba285c6ddebc6b60251be5ace6b30d8fca6ae0be1f577acc82bf5d179e60fabe9161e6c35a84911d567d4930d9158351fe5cdf1e66aaff0d15a69a9d058594de4db6783ce3d35a9dd2475b17c31f7d6dddcca095388a8011b08b9c8465cf4c1b2f9cdbf3a11b40c180920738b4b6a7d898f8315cf6cb10d1f28acd901f3974b2396fa49776c919622946c1f497c752e5ad199aaeac2118a404cde6031cd64a11163e298"], 0x1, 0x152f, &(0x7f00000037c0)="$eJzs3AucTVX7OPDnWWvtMSSdJrkMa61nc5LLIklySZJLkiRJkltC0iSvJCSG3JKGJCSXIbkMIblMTBr3+/2SkCRNkoTklqz/Z8r81Vvv/33f39svv/9vnu/nsz+znrP2s/ba85yzz977nJlvug6r1aR29UZEBP8R/OVHIgDEAsAgALgGAAIAKB9XPi6zP6fExP9sI+zP9VDKlZ4Bu5K4/tkb1z974/pnb1z/7I3rn71x/bM3rn/2xvVnLDvbMqPgtbxk34Xv/2dn/P7/v0hG6XFfrCt9fTeAmH81hev//z/8D3K5/v9rBf/KSlz/7I3rn13FXukJsP8B+PWfHeT4hz1c/+yN689Ydvbre8GxcOXvR//VC0Sy92cgV/r5xxhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGMsezjrL1MAkNW+0vNijDHGGGOMMcbYn8fnuNIzYIwxxhhjjDHG2H8/BAESFAQQAzkgFnJCLhAAMVn910IcXAd54XrIB/mhABSEeCgEhUGDAQsEIRSBohCFG6AY3AjFoQSUhFLgoDSUgZugLNwM5eAWKA+3QgW4DSpCJagMVeB2qAp3QDW4E6rDXVADakItqA13Qx24B+rCvVAP7oP6cD80gAegITwIjeAhaAwPQxN4BJrCo9AMmkMLaAmt/kv5L0BPeBF6QW9IhD7QF16CftAfBsBAGAQvw2B4BYbAq5AEQ2EYvAbD4XUYAW/ASBgFo+FNGANvwVgYB+NhAiTDRJgEb8NkeAemwFSYBtMhBWbATHgXZsFsmAPvwVx4H+bBfFgACyEVPoBFsBjS4ENYAh9BOiyFZbAcVsBKWAWrYQ2shXWwHjbARtgEm2ELbIVtsB12wE7YBR/DbvgE9sBe2Aefwn747N/MP/N3+d0QEFCgQIUKYzAGYzEWc2EuzI25MQ/mwQhGMA7jMC/mxXyYDwtgAYzHeCyMhdGgQULCIlgEoxjFYlgMi2NxLIkl0aHDMlgGy+LNWA7LYXksjxWwAlbESlgJq2AVrIpVsRpWw+pYHWtgDayFtfBuvBv7YF2si/WwHtbH+lm3p7ARNsLG2BibYBNsik2xGTbDFtgCW2ErbI2tsQ22wXbYDttje+yAHTABE7AjdsRO2Ak7Y2fsgl2wK3bFbtgdu2e8kAPwRXwRe2MN0Qf7Yl/sh0k5BuBAHIgv42B8BV/BVzEJh+IwfA1fw9dxBJ7GkTgKR+NorCrewrE4DklMwGRMxkk4CSfjZJyCU3EqTscUnIEzcSbOwtk4G9/Dufg+vo/zcT4uxFRMxUW4GNMwDZfgGUzHpbgMl+MKXIkrcDWuwdW4DtfjOtyIG3EzbsatuBW343bciTvxY1QA+Anuxb2YhPtxPx7AA3gQD+IhPIQZmIGH8TAewSN4FI/iMTyGx/EEnsQTeApP4Wk8g2fxLJ7H83gBn4v/qvHHJdYmgcikhBIxIkbEiliRS+QSuUVukUfkEREREXEiTuQVeUU+kU8UEAVEvIgXhUVhYYQRJMLMI4WIiqgoJoqJ4qK4KClKCiecKCPKiLKirCgnyony4lZRQdwmKopKoq2rIqqIqqKdqybuFNVFdVFD1BS1RG1RW9QRdURdUVfUE/VEfVFfNBAPiIaiDw7Ah0RmZZqIodhUDMNmormQl45QrcUIbCPainbiCTEKR2IH0doliKdFRzEWO4m/iXH4rOgiJmBX8bzoJrqLHuIF0VO0cb1EbzEF+4i+Yjr2E/3FADFQzMKa4j2cm7OWeFUkiaFimHhNLMTXxQjxhhgpRonR4k0xRrwlxopxYryYIJLFRDFJvC0mi3fEFDFVTBPTRYqYIWaKd8UsMVvMEe+JueJ9MU/MFwvEQpEqPhCLxGKRJj4US8RHIl0sFcvEcrFCrBSrxGqxRqwV68R6sUFsFJvEZrFFbBXbxHaxQ+wUu8THYrf4ROwRe8U+8anYLz4TB8Tn4qD4QhwSX4oM8ZU4LL4WR8Q34qj4VhwT34nj4oQ4Kb4Xp8QP4rQ4I86Kc+K8+FFcED+Ji8ILkCiFlFLJQMbIHDJW5pS55FUytwyyjv8yTl4n88rrZT6ZXxaQBWW8LCQLSy2NtJJkKIvIojIqb5DF5I2yuCwhS8pS0snSsoy8SZaVN8ty8hZZXt4qK8jbZEVZSVaWVeTtsqq8Q0Lkl23UkDVlLVlb3i0T4R5ZV94r68n7ZH15v2wgH5AN5YOykXxINpYPyybyEdlUPiqbyeayhWwpW8nHZGv5uGwj28p28gnZXj4pO8inZIJ8WnaU/tJT5FnZRT4nu8rnZTfZXfaQP8mL0stesreEPiD7ypdkP9lfDpAD5SD5shwsX5FD5KsySQ6Vw+Rrcrh8XY6Qb8iRcpQcLd+UY+RbcqwcJ8fLCTJZTpST5NtysnxHTpFT5TQ5XabIGXLApZHmSPlP89/+g/whP299s9wit8ptcrvcIXfKXfJjuVvulnvkHrlP7pP75X55QB6QB+VBeUgekhkyQx6Wh+UReUQelUflMXlMHpcn5Dn5vTwlf5Cn5Rl5Rp6T5+V5eeHS7wAUKqGkUipQMSqHilU5VS51lcqtrlZ51DUqoq5Vceo6lVddr/Kp/KqAKqjiVSFVWGlllFWkQlVEFVVRdQNeesKokqqUcqq0KqNu+nfyVTF1oyquSvwmP2t+if9gfq1UK9VatVZtVBvVTrVT7VV71UF1UAkqQXVUHVUn1Ul1Vp1VF9VFdVVdVTfVTfVQPVRP1VP1Ur1UokpUfdVLqp/qrwaogWqQellk7sMQNUQlqSQ1TA1Tw9VwNUKNUCPVSDVajVZj1Bg1Vo1V49V4layS1SQ1SU1Wk9UUNUVNU9NUikpRM9VMNUvNUnPUHDVXzVXz1Dy1QC1QqSpVLVKLVJpKU0vUEpWulqqlarlarlaqlWq1Wq3WqrVqvVqvNqqNKl1tUVvUNrVN7VA71C61S+1Wu9UetUftU/vUfrVfHVAH1EF1UB1Sh1SGylCH1WF1RB1RR9VRdUwdU8fVcXVSnVSn1Cl1Wp1WZ9VZdV6dVxfUBXVRXcw87QtEIAIVqCAmiAlig9ggV5AryB3kDvIEeYJIEAnigrggb3B9kC/IHxQICgbxQaGgcKADE9hAXCp6NLghKBbcGBQPSgQlg1KBC0oHZYKbgrLBzUG54JagfHBrUCG4LagYVAoqB1WC24OqwR1BteDOoHpwV1AjqBnUCmoHdwd1gnuCusG9Qb3gvqB+cH/QIHggaBg8GDQKHgoaBw8HTYJHgqbBo0GzoHnQImgZtPpTx/f+dP7HXS/dWyfqPrqvfkn30/31AD1QD9Iv68H6FT1Ev6qT9FA9TL+mh+vX9Qj9hh6pR+nR+k09Rr+lx+pxeryeoJP1RD1Jv60n63f0FD1VT9PTdYqeoWfqd/UsPVvP0e/pufp9PU/P1wv0Qp2qP9CL9GKdpj/US/RHOl0v1cv0cr1Cr9Sr9Gq9Rq/V6/R6vUFv1Jv0Zr1Fb9Xb9Ha9Q+/Uu/THerf+RO/Re/U+/anerz/TB/Tn+qD+Qh/SX+oM/ZU+rL/WR/Q3+qj+Vh/T3+nj+oQ+qb/Xp/QP+rQ+o8/qc/q8/lFf0D/pi9pnntxnvr0bZZSJMTEm1sSaXCaXyW1ymzwmj4mYiIkzcSavyWvymXymgClg4k28KWwKm0xkyBQxRUzURE0xU8wUN8VNSVPSOONMGVPGlDVlTTlTzpQ35U0FU8FUNBVNZVPZ3G5uN3eYO8yd5k5zl7nL1DQ1TW1T29QxdUxdU9fUM/VMfVPfNDANTEPT0DQyjUxj09g0MU1MU9PUNDPNTAvTwrQyrUxr09q0MW1MO9POtDftTQfTwSSYBNPRdDSdTCfT2XQ2XUwX09V0Nd1MN9PD9DA9TU/Ty/QyiSbR9DV9TT/TzwwwA8wgM8gMNoPNEDPEJJkkM8wMM8PNcDPCjDAjzSgzOvNE1bxlxppxZryZYJJNsplkJpnJZrKZYqaYaWaaSTEpZqaZaWaZWWaOmWPmmrlmnplnFpgFJtWkmkVmkUkzaWaJWWLSTbpZZpaZFWaFWWVWmTVmjVln1pkNsMFsMpvMFrPFbDPbzA6zw+wyu8xus9vsMXvMPrPP7Df7zQFzwBw0B80hc8hkmAxz2Bw2R8wRc9QcNcfMMXPcHDcnzUlzypwyp81pc9acNedN/kvvl97E2pw2l73K5rZX2zz2Gvv3cQFb0MbbQraw1Tafzf+b2Fhri9sStqQtZZ0tbcvYm34XV7SVbGVbxd5uq9o7bLXfxXXsPbauvdfWs/fZ2vbu38T17f22gX3ENkQEsM1tY9vSNrGP2Kb2UdvMNrctbEvb3j5pO9inbIJ92na0z/wuXmQX2zV2rV1n19s9dq89a8/ZI/Ybe97+aHvZ3naQfdkOtq/YIfZVm2SH/i4ebd+0Y+xbdqwdZ8fbCb+Lp9npNsXOsDPtu3aWnf27ONV+YOfaNDvPzrcL7MKf48w5pdkP7RL7kU23ASyzy+0Ku9Kusqv/71yX2412k91sd9tP7Da73e6wO+2urBNhu9fus5/a/fYze9h+bQ/aL+whe9Rm2K9+jjP376j91h6z39nj9oQ9ab+3p+wPKis7c9+/tz/Zi9ZbICQgSYoCiqEcFEs5KRddRbnpaspD11CErqU4uo7y0vWUj/JTASpI8VSICpMmQ5aIQipCRSlKN1DW9EpSKXJUmsrQTVSWbqZydAuVp1upAt1GFakSVaYqdDtVpTuoGt1J1ekuqkE1qRbVprupDt1Ddeleqkf3UX26nxrQA9SQHqRG9BA1poepCT1CTelRakbNqQW1pFb0GLWmx6kNtaV29AS1pyepAz1FCfQ0daRnqBP9jTrTs9SFnqOu9Dx1o+7Ug16gnvQi9aLelEh9qC+9RP2oPw2ggTSIXqbB9AoNoVcpiYbSMHqNhtPrNILeoJE0ikbTmzSG3qKxNI7G0wRKpok0id6myfQOTaGpNI2mUwrNoJn0Ls2i2TSH3qO59D7No/m0gBZSKn1Ai2gxpdGHtIQ+onRaSstoOa2glbSKVtMaWkvraD1toI20iTbTFtpK22g77aCdtIs+pt30Ce2hvbSPPqX99BkdoM/pIH1Bh+hLyqCv6DB9TUfoGzpK3/re9B0dpxN0kr6nU/QDnaYzdJbO0Xn6kS7QT3SRPEGIoQhlqMIgjAlzhLFhzjBXeFWYO7w6zBNeE0bCa8O48Lowb3h9mC/MHxYIC4bxYaGwcKhDE9qQwjAsEhYNo+ENYbHwxrB4WCIsGZYKXVg6LBPeFJYNbw7LhbeE5cNbwwrhbWHFsFL4yH1VwtvDquEdYbXwzrB6eFdYI6wZ1gprh3eHdcJ7wrrhvWG98L6wXHh/2CB8IGwYPhg2Ch8KG4cPh03CR8Km4aNhs7B52CJsGbYKHwtbh4+HbcK2YbvwqrB9+GTYIXwqTAifDjuGz/zcf//irP4nftefGPYJ+4YvhS+F3t8rF0QXRlOjH0QXRRdH06IfRpdEP4qmR5dGl0WXR1dEV0ZXRVdH10TXRtdF10c3RDdGN0U3R72vnQMcOuGkUy5wMS6Hi3U5XS53lcvtrnZ53DUu4q51ce46l9dd7/K5/K6AK+jiXSFX2GlnnHXkQlfEFXVRd4Mr5m50xV0JV9KVcs6VdmVcS9fKtXKt3eOujWvr2rkn3BPuSfeke8o95Z52Hd0zrpP7m+vsnnVd3HPuOfe86+a6ux7uBdfTTczzy2sy0fV1fV0/188NcAPcIDfIDXaD3RA3xCW5JDfMDXPD3XA3wo1wI91IN9qNdmPcGDfWjXXj3XiX7JLdJDfJTXaT3RQ3xU1z01yKS3Ez3Uw3y81yVWf/spV5bp5b4Ba4VJfqFrnMc8Y0t8Qtceku3S1zy9wKt8KtcqvcGrfGrXPr3Aa3wW1ym9wWt8Vtc9vcDrfD7XK73G632+3x1/wyqNvvDrgD7qA76A65L12G+8oddl+7I+4bd9R9646579xxd8KddN+7U+4Hd9qdcWfdOXfe/eguuJ/cReddcmRiZFLk7cjkyDuRKZGpkWmR6ZGUyIzIzMi7kVmR2ZE5kfcicyPvR+ZF5kcWRBZGUiMfRBZFFkfSIh9GlkQ+iqRHlkaWRZZHVkRWRrwvtC30RXxRH/U3+GL+Rl/cl/AlfSnvfGlfxt/ky/qbfTl/iy/vb/UV/G2+oq/kK/tHfTPf3LfwLX0r/5hv7R/3bXxb384/4dv7J30H/5RP8E/7jv4Z38n/zXf2z/ou/jnf1T/vu/nuvod/wff0L/pevrdP9H18X/+S7+f7+wF+oB/kX/aD/St+iH/VJ/mhfph/zQ/3r/sR/g0/0o/yo2Pe9GOyLpFhgk/2E/0k/7af7N/xU/xUP81P9yl+hp/p3/Wz/Gw/x7/n5/r3/Tw/3y/wC32q/8Av8ot9mv/QL/Ef+XS/NOumsV/lV/s1fq1f59f7DX6j3+Q3+y1+q9/mt/sdfqff5T/2u/0nfo/f6/f5T/1+/5k/4D/3B/0X/pD/0mf4r/xh/7U/4r/xR/23/pj/zh/3J/xJ/70/5X/wp/0Zf9af8+f9j/6C/8lf5L9ZY4wxxhj7l0y83BS/7fnldn6fP8gRv1q5LwBcvb1gxq/7M88oN+T7pd1fxLePAMDTvbs+lLXUqJGYmHhp3XQJQdH5AFmfBGX6+asHl+Kl0A6ehARoC2X/cP79Rffz9E/Gj94KkOtXObFwOb48/ucAmPgH4z/2xOhFFcKzcf+P8ecDFC96OScnXI6XQruf76+0hXL/YP75W/+T+ef8Ihmgza9ycsPl+PL8y8Dj8Awk/GZNxhhjjDHGGGPsF/1F5c5Z159Z3/j8o+vzeHU5Jwdcjv/Z9TljjDHGGGOMMcauvGe793jqsYSEtp3//Ua1/1LWv9xoCv9dI3PjDxveA2Q9ogDgPxwQILMh/8q92PqXbCvp0kvn77tWnPMB/M8o5Z/RuMIHJsYYY4wxxtif7vJJ/28fV1dqQowxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGWDb0V/w7sSu9j4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxtiV9n8CAAD//7wUAB0=")
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000340)=ANY=[], 0xf0}, 0x1, 0xe}, 0x10)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xffffffff)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)

8.50090876s ago: executing program 1 (id=1298):
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x0)
ioctl$EVIOCGMASK(r0, 0x80104592, &(0x7f0000000300)={0x0, 0xffffffffffffff36, &(0x7f0000000200)="952bb3e006ae9a4c3a"})

6.783645056s ago: executing program 0 (id=1300):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x0, 0x0, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x2d)
r4 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000b40)=@filter={'filter\x00', 0x4, 0x4, 0x4b8, 0xffffffff, 0x260, 0x260, 0xe8, 0xfeffffff, 0xffffffff, 0x3e8, 0x3e8, 0x3e8, 0xffffffff, 0x4, 0x0, {[{{@ipv6={@dev={0xfe, 0x80, '\x00', 0x29}, @private2, [0xffffffff, 0xff000000, 0xff, 0xffffff00], [0xffffff00, 0xffffffff, 0xffffffff, 0xffffffff], 'hsr0\x00', 'sit0\x00', {}, {}, 0x87, 0x3, 0x4, 0x5}, 0x2f2, 0xa8, 0xe8}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5, {0x7}}}}, {{@ipv6={@private2, @empty, [], [0x0, 0x0, 0xff000000], 'sit0\x00', 'batadv_slave_1\x00'}, 0x0, 0x138, 0x178, 0x0, {}, [@common=@srh1={{0x90}, {0x21, 0x12, 0xbe, 0x7, 0x5aa9, @ipv4={'\x00', '\xff\xff', @empty}, @private1, @local, [0xff000000, 0xff000000, 0x0, 0xff], [0xffffff00, 0xff000000, 0xff], [0x0, 0xffffff, 0xffffff00, 0x7fffff7f], 0x3c80}}]}, @common=@unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz1\x00', 0x0, 0x5, {0x2000010}}}}, {{@uncond, 0x0, 0x160, 0x188, 0x0, {}, [@common=@unspec=@addrtype1={{0x28}, {0x21, 0x180, 0x5}}, @common=@srh1={{0x90}, {0x0, 0x0, 0x0, 0x3, 0x7, @private1={0xfc, 0x1, '\x00', 0x1}, @mcast1, @private1, [0x0, 0x0, 0xff, 0xff], [0x0, 0xffffff00], [0x0, 0xff000000], 0x843, 0x1400}}]}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x518)

6.443165672s ago: executing program 2 (id=1301):
listxattr(&(0x7f0000000d00)='./file0\x00', &(0x7f0000000d40)=""/4096, 0x1000)
syz_mount_image$ext4(&(0x7f00000000c0)='ext4\x00', &(0x7f0000000000)='./file0\x00', 0x804810, &(0x7f0000000100)={[{@quota}, {@bsdgroups}, {@nobh}, {@nodelalloc}, {@abort}]}, 0x4, 0x756, &(0x7f00000002c0)="$eJzs3M1rXOUaAPDnnGaafuTeyYUL9+pChBZaKD1Jmk27aty4KxQKbmtITkLISSZkJrUTC7auhdpsFARR1y7dCqX+Ae6koOBeEK1xIW5GzuSjNGam0ybpSPr7wcl53vP1vE/m8GYO5D0BvLReL38kEUMRcTUiqpvb04g42o6ORdzeOG790a2pckmi1br2S1KeFuut6va1ks31yWifEv+PiAeViHPv/z1vvbk6P1kU+fJme6SxsDRSb66en1uYnM1n88Wx8UujF8fHL46OP7WG//VY6+m3Lh2/9+2ba2vffdW4+9rA+SQm2nXHZm09XuaZbPxOKjGxY/viQSTro6TfHQAAoCfl9/wjETHQ/pZajSPtCAAAADhMWoMtAAAA4NBLot89AAAAAA7W1v8BbM3tPah5sJ38/EZEDO+Wf6A9hzjiWFQi4sR68sTMhGTjNNiT23ci4v7Ezvvvi/IOu73Ha4/uaD85R/roHq/Ofrhfjj8Tu40/6fb4E7uMPwNb707Yo87j3+P8RzqMf1d7zPH1p69UOua/E/HqwG75k+38SYf8b/eY/+7aB/c67Wt9HnFm178/yRO5urwfYmJmruj6+oEHf5592K3+E53yJ93rX+qx/nfXf5vvNJaU+c+e6v7575a/vCc+3OxHGhH3Ntdle21HjlML33/Trf7piNbzfP6f9Vj/j18O3uzxUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGhLI2IokjTbjtM0yyJORsR/40Ra1OqNczO1lcXpcl/EcFTSmbkiH42I6kY7Kdtj7fhx+8KO9nhE/OeH4xtJ54o8m6oV0/0uHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgG0nI2IokjSLiDQifq+maZZFDPRw7uAL6B8AAACwT4b73QEAAADgwHn+BwAAgMPveZ//k33uBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHCoXb1ypVxa649uTZXt6RvNlfnajfPTeX0+W1iZyqZqy0vZbK02W+TZVG3hadcrarWlsUuxcnOkkdcbI/Xm6vWF2spi4/rcwuRsfj2vvJCqAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAeFZD7SVJs4hI23GaZlnEvyJiOCrJzFyRj0bEvyPiYbUyWLbH+t1pAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9l29uTo/WRT5skAgeGHBexHxD+hGl6DfIxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP1Qb67OTxZFvlzvd08AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADor/SnJCLK5Uz19NDOvUeTP6rtdUS888m1j25ONhrLY+X2X7e3Nz7e3H6hH/0HAACAl8LlZzl46zl96zkeAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgV/Xm6vxkUeTLewsuR3O1lXQ4pt81AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAz+evAAAA//8KQsc4")
openat$sequencer(0xffffffffffffff9c, 0x0, 0xd02, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
r1 = syz_init_net_socket$llc(0x1a, 0x1, 0x0)
setsockopt$sock_int(r1, 0x1, 0x3e, &(0x7f00000000c0)=0x7, 0x4)
sendmmsg$inet(r1, &(0x7f0000000c40)=[{{&(0x7f0000000040)={0x2, 0x0, @multicast2}, 0x23, 0x0}}], 0x3284b164842c97f7, 0x8014)
chdir(&(0x7f0000000240)='./file0\x00')
r2 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r2, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r2, &(0x7f0000000340)="07000000010001", 0x7)
r3 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000200), 0xffffffffffffffff)
sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000cc0)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x73e5dda41de52e8e}, 0xc, &(0x7f0000000c80)={&(0x7f0000000a40)=ANY=[@ANYBLOB="40020000", @ANYRES16=r3, @ANYBLOB="000325bd7000fddbdf2501000000d0000c8014000b8008000a00d60f000008000900b89bf20d34000b8008000a0025690000080009001e49a716080009000a0a4c7308000900cfd3ca1d080009002d11b02a08000a007272000014000b8008000900b994d24a080009004e84df2224054b12a9d4dc08ed4740ea000b8008000a00d5d1000008000a00cddc000008000a007d5000000800090007148a771c000b8008000900e8cb460808000a004bae000008000900ce95a15124000b8008000900b4601f4f080009000bfbad5408000900cb938c4a08000a0068fa00000c000b8008000900d01d6d1b2c000480050003000500000005000300070000000500030001000000050003000700000005000300070000000800020000000000280108801c000780080006004a0000000800050081d4970208000500ff74db493400078008000500153d98500800050035a7056d0800050099ebbc4b080005009193467f080006005b0000000800050083f1b31e2c000780080006009900000008000600ab00000008000500f5c3d76708000500463a664f080006008c0000003400078008000500ae314674080005009380ff7c0800060052000000080005002abee117080005005830a627080005001dc0074e3400078008000600b200000008000500e639a262080006000d000000010006004100000008000600ee00000008000600a50000000c0007800800050023a8e11034000780080006009b000000080005000bd48a3608000600e700000008000600900000000800050029"], 0x240}, 0x1, 0x0, 0x0, 0x14}, 0x0)
r4 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(r4, 0x40806685, &(0x7f0000000240)={0x1, 0x2, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0})
bind$inet6(r4, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, 0x1}, 0x1c)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={0x0}, 0x18)
r5 = socket(0x2, 0x80805, 0x0)
sendmmsg$inet(r5, &(0x7f0000000880)=[{{&(0x7f0000000080)={0x2, 0x0, @rand_addr=0xac1414bb}, 0x10, &(0x7f0000000100)=[{&(0x7f00000000c0)='Q', 0x1}], 0x1}, 0x20000000}], 0x1, 0x0)
capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x3, 0xfffffff8})
r6 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000001dc0), 0x454880, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r6, 0xc0285700, &(0x7f00000000c0)={0x82, "abacd211119ca94c63377526aeb5ab2c7b9ca5fa07558139ede6dc06270ee042"})
ioctl$SW_SYNC_IOC_CREATE_FENCE(r6, 0xc0285700, &(0x7f0000000f40)={0x8, "b546baa5cc590d3033de259c2996817bb959ebab028deda525e19bdeffafde25"})
socket$packet(0x11, 0x3, 0x300)
openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)

6.172944005s ago: executing program 1 (id=1303):
syz_mount_image$btrfs(&(0x7f00000051c0), &(0x7f0000005200)='./file0\x00', 0x1204408, &(0x7f0000000080)={[{@compress_force}, {@clear_cache}, {@nodatasum}, {@ref_verify}, {}, {@space_cache_v1}]}, 0x0, 0x51ab, &(0x7f000000a440)="$eJzs3V9oVFceB/Az+aPxDyY+xV32wX1YWcUFWRF2UdggGF2Whdn1YVnYrFlZxT+7JUgDwb5YS2lBxGCgthSKD33pS0mlUFqqBAsthYogVloUW0teWiiESsGXlpK590xmzvVmxlQbq5+PJHfO/d1z7pnhPsx3zLkTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIIRwcM3Kv+xaPb2urD7dP3bq6LLt507vP3ljaGjLlRAqtf2VvL5n+66/79+95689scPw37JtX1/ZkFnXz7PGkqads/2af/4TQuhOBujMtzs6G/pW0hOEI8UB53XgZv/o5u7BaxN3zmy8eP3QhuJTZ1bPYk9gseTX1fTctTRQ+92RHFFvN1x6laZLNOufXnA/yZMAAO7JpmptU387mr/FrbePpfWkPZC0x5N2fIcw3thYiGzcJWXzXJvWF2meA1lUWFo6z6Sev/71djXtn7STqHEP82w+NI80PWXzHEnqizVPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIfJqx9euvTcy+u3ldWn+8dOHV22/dzp/SdvDA1tuRJCX21/JStXlv+q8w+fLtt57fiRN36zr+ftk515v7jtajg4fBIf/LE3hL0Nlek47JerQqg2F2rN8FKxcLD24M+xAAAAwKPkF7XfHfV2Fge7m9qVWpqs1P5FWVg8cLN/dHP34LWJO2c2Xrx+aMPCx6uWjDdw1/Hq7b65n0pDMI7xNx1vrh4PPVIYZ37piGme/2zmyVsXJn7777L+hfzfN3/+j6+c/A8AAMCPIf+n48yvVf6/+s7zT3UN7n2vrH8h/69tOmUh/8cZx/zfERaW/wEAAOBh9qDz/0BhnPm1yv/fnZ86f/nb46+U9S/k/03t5f+uxmnHnR/FCR/uDWFTq6kDAAAAJeL/u899tBDzevbJQZrXO2ZGe6d6blwtG6+Q/wfay//d9/2ZAQAAAAv1v7F/Hb8wNn6zrF7I/9X28v/SBz5zAAAAoF37Tvz/3PoNIyvL6oX8P9xe/l+eb/OVD1mn9+NfIUz0htAz+2AkK3wQxv9ULwAAAAD3SczpX41u/f7jwel3y44r5P+R+e//H+90ENf/N93/r7D+v6GQ3fVvqxsDAAAA8DgqruePt8fPvrmg7Pv3213/f+uXO3b9d+c/vig7fyH/H2sv/3c2bu/n9/8BAADAAvzcvv/vn4Vx5tfq/v/fDN36et3hZwfL+hfy/3h7+T9uVzQ+van4+jzTG8Ka2Qf53QRfi6c7nBQmuxsK2Quf9Ngde+SFyaUNhZqRpMfve0P49eyDY0lhdSyMJ4WZVXnhbFK4HAv59VAvvJ4UpuKV9sKqfLpp4a1YyBdYTMYVFCvqSyKSHrfLeswW7trjev3kAAAAj5UYnvMs293cDGmUnay0OmB5qwM6Wh3Q2eqAruSA9MCy/WG4uRD3v7jtd7evPPHm06FEIf+fbS//x5diSbYpW/8f4vr//HsN6+v/h2OhLylMxkI1vWNANZ4jC7sn4jn6qnmPmTX1AgAAADzS4ucCnYs8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5g7/6D7KrqA4Cf/f0jm91FHAFJNYqA6ZDNJjFKK1MC1UFxpi4OdZw60UR2g9ssJCZhICnthEA7U5hUVKa1o0NDHUdpkUY6jlK1pEyBcaRTm7ZMxWhl/EFtaxnGSodSm87be8/d+87dm/dCdiFLP58/9p33vufnfT/2nXvvOxcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOD/h38ZWPMb+1f89Py6+PfPuOHDewcuve+jWw8c3bRpw5EQJmYf78jCHYMrui785sBlj+3f+flzp/rvP9Cbl8vjYVnjT2d+55ai1uUhfLEjhO40sHooC/Tk94difSuGQjgtzAWKElODWYm04fDQQAgHw1ygqOr+gRCGSoErjzz4wIFG4o6BEM4NIfSlbXy7L2tjIA2c15sFBtPA9u4s8F/HMkXgS51ZAE5afDMUL/pDE80ZRucvV/P661mwjr240uF1xcRofb4fX7LInSrpTR+YOKmnrVIdi6Ly9jjs3bYE3m2V7Xy7p638RSr/hnJsLtQXOientm65bmZ3fKQzjI111dW0SM/z40/feNWJpJfM6zB2YHRBXofP3vme68+afMuNt24/54m177vg6Ml2s27zLra+kL/mlszzGG30ebIE3n6Vb0krfekKIfzcB7tv6vrtI5+qi1fm/6PHn//Hl3O87WzKHWt9bjibm8dHhmLiqeFsbg4AAABLxlLYa/qjs1/xe6s61zxeV19l/r+yveP/8ZB/PpnPRns4hI2ziZtHQjhz9vEscHds7gMjIbxmNjXRHLgkCRwO4azZxKqiqqREfyyxMgk8OZwHNiaBh2NgIgl8OgZuTwK3xMChJHBVDBxOApfGQJhuHsfPD+fjaDswEAObs414KJ6F8JPh2Fqyrb5VVAUAALBA8tlhT/Pd0rkOJ5shTi8PDbTKEM/Ars3Ql9SQzmCLaVVtDd2tauhsVUMx7n3HH36l5o5WNVdOw+hoznDpK/7w/BVfu+ELoUZl/j9+/Pl/3zwd6agc/w/hitm/MXdnHpkp4psnmjIAAAAAJ2HtG2a+9idnv+nNdfHK/H9je+f/x30iXaXM4dG4G2LbSAjjzYGs2jdXA9lR72V5AAAAAJaC4nh8cSx8Or/NTtFO59PV/BMnmD8e+N84b/5fCpOnb/vBUxvq+luZ/0+0d/7/YPNt1omHYy8+NhJCfynwSOxlIzBrZQx89+LmQD7+h+MGuC1WlZ+YUFR1WyyxOQbGk8DBuhLfKEqc2RzIn6yi8ZuLcUznJUoBAAAAeMHF3QHxuHw8///Ctd/70KaP7/1cXbnK/H/ziZ3/PzsPrpzeP7MshDXdIXSlPwx4dDBbGDAGhjryxFcHs7q60qpuGgzhosbA0qqeyNf/707XGDwykFUVA2e+9rNPn9dIfGoghDXlwGPvvWt2x8juJFA0/qsDIby6Mdq08S/0Z433pI3/QX8IryoFiqo+0B9Co7HetKoH+/LrGKRV/VlfCKeXAkVVb+wLYU8AYImK/0onyw/u2rN325aZmamdi5iI+/AHwtbpmamxq7bPTPbV9Gky6XPTMkY3VcfU2ebYj+ZLFN1z+dhIO+nid4Lj5b7k+/ErJw7m9+N3oZ7Zca7rabq7Ph3y68+pNpEO6cUY8mC5krknsVJ/zN8bloX+63ZN7Ry7Ycvu3TvXZn/bzb4u+xsPM2Xbam26rQbn61sbL492F0N/vtuq6TJXa3Zfs2PNrj17V09fs+Xqqaunrn3D+LrxdevHN7zpwjWNUY1nf1sM9fz5qk6Geuyu6hDavQbU8x3qK7tLlbwQnxoSEhJLLbHl4q/+5b1nfWJZ3cdPZf6/4/jz//ipEz/58/UZ6o7/j8bD/Nnjc4f5N8fAwXaP/4/WHc0vTgxYmQT2xcA+h/kBAAB4aYi7G+PezLhXuuem1WN//MlHnqwrV5n/72vv9/8LtP5/sXT95XXL/K+KJcbr1v9Pl/kv1v/fV7f+f7rMf7H+/8EXYf3/64pAskl+Yv1/AADgpeCFW/+/5fL+6QUCKhlaLu+fXiCgkqHlMv7tXiDghNf/f/tzr+u55iOvviXUqMz/b29v/m/hfgAAADh13HVkQ8eD//o/D9XFK/P/g+3N/1/49f9C3fn/K+sCE3ULA1r/DwAAgCWqbv2/9a/78ebP/WzFD+vKVeb/h9qb/8fTLjqbcsdanxvO1rQL6Zp2Tw0XPxkAAACApaEzjI21u6Jp08qolzz/Nh/PlwI9Xrrsr758zT8+8tb39tfVV5n/H25v/t/0u4xn73zP9WdNvuXG527dfs4Ta993wdG54/8AAADA4ml3vwQAAAAAAAAAAAAAAPDie3rv5Lv++ew7P1MXr/z+P1wx+3jd7//jdf/i7wte3pQ71tp6/b/8/pXvuHfP7JKFjw6HcE45sG3/ttNCfm3+88uBBzatOqOR2J+W+Mp3Lv1BI/H+NPC21S97ppG4KAlsjosknpUG4lUVn1meBOLyin+fBuL2OJQGevPA7y7PxtGRbqsfDWXbqiPdVo8PhTBSChTb6otDWRsd6QDvSALFAD+UBuIAfyUPdKa9undZ1qsYGIpF/2hZ1isAAE5Z8VtgT9g6PTM1Hr/Cx9tXdjffRk1Llt1UrbajzeaP5kuT3XP52Eg76a70u+jctcZ7Ql9jCGsrX1fLWTpmR7kwtbTYdC+vGXKr1d7a/XX2iW663voRDWQjGrtq+8xkT8uBr2+dZV13yyxrK5OdcpbO2U3aRi1t9KWNEbW5bdrocrzfGcbGupJcvxiDo6HJQr0iyuv81b0Kynn2Tb7xb75x7Nihuvoq8//R9ub/feVxPZNfDGBfvLLezSMhnNnmiAAAAIB2fevL/7Ru+yd+55709ort1956weCPLq4rV5n/r2xv/h93jOWHgrO9HYfj9f+L+f9oFrg7NveBkRBeM5uaiCWyC+pfHkuMZ4G74w6TVbHE5onmqvpj4FASeHI4DxxOAg/HQL6X4rMh35XzkeEQNsymrmgusSOWGE0C74yBlUlgLAbGk8DyGNiYBP59eR6YSAJfj4Ew3byt/ny5vSsAAMDzkM+zeprvhnSed6i7VYaOVhkGW2XobJWhr1WGulHE+/fFDD3JySsdpUw9aa0DSS2VDPFi+Cfcr0qG8I3mnGnBStPx/IPifIOO5gz/dtnrv33erlXtX/9/vL35/2Dzbdb6w3H+P3f9vyzwSOzex+Kp4ytj4LsXNwfyHQMPx8nubUVVE3mJfNJ+WyyxMQZWJoEdMbAxCWy+Ig8cPKM5kM+0i8ZvLhqfzkuUAgAAAPCCizsI4m6aOP//0/+++3MH/uHav64rV5n/b2xv/h/bW1Zu7Jai1uUhfLFjrjdFYPVQFoj7MYbiz+NXDIVwWmkHR1FiajAr0Zs0HB4ayH6h3ptWdf9AtsZAvH/lkQcfONBI3DEQwrmlvS9FG9/uy9oYSAPn9WaBwTSwvTsLxD0/ReBLnVkATlqxVzC+oPJTXQqj85eref29VK4Jmg6vsg90nnzz/eZqsfSlD+T7VAsn9rRVqmNRVN4eh73bluK7bdS7rfxFKv+Gcmwu1Bc6J6e2brluZnd8pPxL1opFep7Lv1JtJ70Ar8N9z7+3rfWlHRhPPj7G5y83/+uwI1b37J3vuf6sybfceOv2c55Y+74LjrbdjRrxh8Lv/uTLRsubd7H1hfw1t+Q+TyZ8nizFfwMrPW2NGexTv//V//jp4z+ri1fm/xPtzf+7k9tZz8aNuWskhNeXNu6jcfP/8kj2OVgKZJ+Sp1cD2SH37w3XfnICAADAQit2dxT7C6bz2+yE8HSeXM0/cYL54/6KjfPmb7ffW29+aP8P/+6Or9TFK/P/zcef//cn3XT83/F/Fonj//M61XdF96cP7DupXdGV6lgUjv/P61R/tzn+Py/H/x3/n4/j/y04/j+vU/1pq3xL2uFLVwjh6++/8+33bP+18+rilfn/jvbm/9b/m3/RvmL9v8116//tqFv/b5/1/wAAgEVVs9BcOs+rrN5XyZCu3lfJ0HKBwJZLDFr/74TX/3vrO//3+mOvuGRnqFGZ/+9rb/4fXw7Lyq0vlfX/Vl5RU9XtMbDDwoAAAACciup2EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPDievcvPLl8029eOF0X//4ZN3x478Cl931064GjmzZtOBJClrUjC3cMrui68JsDlz22f+fnz53qv/9AX16uJ789uyl3rPW54RAOlh4Ziomnhht35gJXvuPePd2NxKPDIZxTDmzbv+20RuLTwyGcXw48sGnVGY3E/rTEV75z6Q8aifengbetftkzjcRFeaAj7e4nl2fd7Ui7e2B5CCOlQNHdX1/eXFXRxmV5oDNt4zNDWRsxMBSLfnwoayMGZmKJ6f4Q1nSH0JVW9bW+rKqutKq/6Muq6kqr+q2+EC4KIXSnVX2nN6uqOx353/ZmVcXAma/97NPnNRIHe0NYUw489t67NjQSH0oCRePv6g3h1Y2XTNr4fT1Z4z1p43f0hPCqEEJvWuI/u7MSvWmJJ7pDOL0UKBr/YHcIewIvCfHDZ7L84K49e7dtmZmZ2rmIid68rYGwdXpmauyq7TOTfUmf6nSU0sduOn78eI4+feNVjdt7Lh8baSfdnZfrme3yup6mu+sXqvftOtHex34NliuZez4q9cf8vWFZ6L9u19TOsRu27N69c232t93s67K/XXk021ZrF2pbdbYoHz3fbXV+uZI1u6/ZsWbXnr2rp6/ZcvXU1VPXvmF83fi69eMb3nThmsaoxrO/CzHUu44fX4yhvrK7VMkL8QEgISGx1BKdTZ9u46f6P73KF/25jvaEvtkP6Mq0opylY3aUCzHoS6rxrkUadGVKUhnR2srEoZJlXess6yuTibksA1mW2e91lclhuabO2U0a73eGsbHazTLafLe8eX88z+Zt1+P5pms3DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/B87cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAsAAAAACPO3DqNnAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBSAAAA//+3Rsqd")
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xa, 0x20000261, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10)
recvmsg$kcm(0xffffffffffffffff, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000240)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@metacopy_on}]})
chdir(&(0x7f0000000140)='./bus\x00')
link(&(0x7f0000000200)='./file1\x00', &(0x7f0000000300)='./bus\x00')
open(&(0x7f00000005c0)='./bus\x00', 0x66842, 0x0)

6.093320527s ago: executing program 0 (id=1304):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x6)
openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
syz_mount_image$hfsplus(&(0x7f0000000980), &(0x7f0000000a80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000010, &(0x7f00000009c0)=ANY=[@ANYRES8=0x0, @ANYRES8, @ANYBLOB="4a3a9f8c2aab73255ecca15a5ad5b0b10a818868cc63e509dca434325eec52c449bc0f78c4d4996b7c34f8c4027731d8084daf83fa32ac4f26093d06abe1c066b64b56d81577ccc09ee10fa7258f8c9a08a6fa6f21d52366469e697011812e7133138514e15b9fe1f64a7d3062ee9a77ca0a5d9f6af20321dc3f0f0577b860b69773048ec9a9a6d40e94d2f4aca5a132897494efd6232446f0d416f1a75c1e7e1e233ad655fc58f85c"], 0xff, 0x6de, &(0x7f0000000180)="$eJzs3c9vHGcZB/DvrNeON1TBaZM2QkVYiVSQIhInVgrhgkEI5VChqhx6thKnsbpJqsRFaYUgBQQnJA79AwqSbxwQEvegcOFSbr36WAmJS8QhqpAWzezsete7ju0kXifw+UTjed9533nnmWd+eddZbYD/W5dOp3kvRS6dfuNOWd9YX2xvrC8eqpvbScpyI2l2ZyluJMX9ZKlsLwamDMxHfLx68a3PHmx83q0166nqP9Vfb3ZXIY/Zxt16ynw93vzYNad3NX53rCq8vJDkcj0fNrPbsYY6lkk7Vc/hwHVG3N3L6tte78Czr/d0KrrPzRFzyeH6yVz9TlDfHRqTi3B/7OkuBwAAAM+pT28edAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw/Km//7+op0Y9z3yK3vf/z/SW1eVn0NKue97b1zgAAAAAAAAAYDK+9jAPcydHevVOUf3N/2RVOZYvOsmX8n5uZyW3ciZ3spy1rOVWziWZGxho5s7y2tqtc/01S+PXPD92zfOT2mMAAAAAAAAA+J/0i7Q2//4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPgiKZ6s6q6Vg9z1wazWy25W7yjyQzBx3vHhTjFt6bfBwAAADwRGYfY50vP8zD3MmRXr1TVK/5X65eL8/m/dzIWlazlnZWcqV+DV2+6m9srC+2N9YXr5dTWR8e93v/2lMYM/UIU1Vt3JZPVD1auZrVasmZXC6S/3Q6nUZ326eSE714BuIa8FEZU/Hd2i4ja9ZpLff8d9u9i/BUDL8V0XhEz9ZmcEk/Iwt1bOWaR7sZKKo3apKtmdjx6DSHanPVqNP9LZ1Lo//Oz7F9yPnhel7uz6/3Ned71c9EI1UmzqfRP1IvPzoTydf/8se3r7VvvHvt6u3Tz84u7WBqm+Vbz4nFgUy88lxnornH/gtVJo7365fyw/w4pzOfN3Mrq/lJlrOWlXTq9uX6fC5/zj06U0tDtTd3imSmPi7dY7abmObzg6q0nJPVukeymiI3cyUreb36dz7n8q1cyIVcHDjCx7eNu9q36qpvbL3qe0f6r2ODP/WNulDe3X6zeZdbetQeb3d2Pi3de3+Z16MDee2e9Q/6vY4OXAcLA1l6sZed6bGDP869sfmVulBu45c7PCcma67ORHkB9Z4Svehe6maiWT2LRs/z33fK9dK+0elcW35vm/Hvbqm/Vs/L02r9qzv17hl/KJ6u8nx5MbP1nWT47CjbXurfZQbaOpvncrdt+Ilbrne8aiuK3pX6o9ysToDRK3Wm/h1udKTzVdsrY9sWq7YTA21Dv2/lZtq5MoH8AfA4/v52vziXwzOtf7Y+bX3S+lXrWuuN2e8f+vahV2cy/bfp7zQXpl5rvFr8OZ/kZ5uv/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMd3+4MP311ut1dujS80tm9aXup9cU27vdLK1j7bjXxo/IBF/YU+O8TzTBbSHG2aLfMyuGS6m6gJR9jaGsZIofPzZOIZ632J4Pg+vy0LzZEzalxhaWjJn0YH/GiPERa7uy72sdDIZDdaXsXjmg7ohgRMzNm16++dvf3Bh99cvb78zso7KzemL1y4uHDxwuuLZ6+utlcWuj8POkpgP2w+9A86EgAAAAAAAAAAAGC3xn0w4OQLO31oZFef8fA/CwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICn4tLpNO+lyLmFMwtlfWN9sV1OvfJmz2aSRiMpfpoU95OldKfMDQxX5A/30xmznY9XL7712YONzzfHanb7J416vr1Htya5W0+ZTzJVz5/A0HiXn3i84t+9fSgT9kWn01l6svjg6fhvAAAA///1I/PD")
syz_mount_image$hfs(&(0x7f0000000000), &(0x7f0000000680)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x100cc9a, &(0x7f0000000080)=ANY=[@ANYRES32=0x0], 0x1, 0x2bd, &(0x7f0000000780)="$eJzs3UFrE08Yx/Hf7KZp/v+WurYVQTxVBU+lrRcRRJG8Ay+eRG1SKIYKWkG9WD0XDx579y34IjyJZ8GbJ19AwcPKzG6a2Wx2k7Yka+r3Aw3b3Znd58lsducJhBWAf9a95o9PN37aPyOFCqW6pEBSQ6pJuqCLjZc7u9u7nXarbEeh62H/jJKeJtdmc6edLmW22X6uRyqy/9U0762r5/bVOEGyyGl8P3aXkDf/7DFxHMcD1gfSrD/aZ2Xk96oOoGLmUIearToKAEDV3Ow/mfiHUjifztGDQLqW3vbt9t79f3pvoL/jRNVxVMrd/19poVt5xcaO7zm3qVfvuTLNbg+6VWLpToPBq+vptjATwLCq0sUS/Le13Wmvbj7rtAK9152U12zZvbayB/ejfZff9cqA2rTESLkfeeudWHMuhxmbw0ZB/EunP6IzU7jFf2NiyXwxX81DE+lALTf+Vi02dpjcSEV9I5XEv6Zske5xWUZJq4Isz7vel7KFfC5LP9JQfWH46uk+a37yUS/Okl6LfVkk2a0P6bU0sNfGkF7L/b16Z3Nxz3EzH8wDs6Jf+qzm0fjb9z5MLvXDP5m2jWuZnhml+dRcy8jdT9JP3d7lgS0Lrh4Yi3090U0tvHj95unjTqf9nIXRFrrX2b8lnhMtdE+CiR89dAsfJVWR+/7q7S2btlujdIo71oMqn2moEbvXTnP07n3n5MFXcE3CxPUG/ZgdB08FMX0C9/W/q/+8emXNTdbsS1RSjQwtor09rhfUBovu9f/iCi7DuK8e5ooruFFrrivXpasFR2we5HYbpXFOtbvqfoVjmvqmR978HwAAAAAAAAAAAAAAAAAAAFPhdD9viOPezxsaKmpcdY4AAAAAAAAAAAAAAAAAAAAAAEy7/PN/dWsCz//NyDz/976S/7LP/wUwBn8CAAD///0feS4=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x107042, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
writev(r0, &(0x7f0000000140)=[{&(0x7f0000001200)="10", 0x69000}], 0x1)

5.780159442s ago: executing program 3 (id=1305):
syz_io_uring_setup(0x66e, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0xa8}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB], 0xdc}}, 0x0)

5.000518423s ago: executing program 3 (id=1306):
socket$netlink(0x10, 0x3, 0x0)
socket$nl_netfilter(0x10, 0x3, 0xc)
socketpair$unix(0x1, 0x3, 0x0, 0x0)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e)
sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = socket(0x10, 0x3, 0x0)
setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x4001}, 0xfea3)
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000180)=@RTM_GETMDB={0x18, 0x56, 0xf23}, 0x18}}, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000f00)={{0x12, 0x1, 0x0, 0x7c, 0xe7, 0xc8, 0x10, 0x4d8, 0xa30, 0xce47, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0xd, 0xe6, 0x7a, 0x0, [], [{{0x9, 0x5, 0x4, 0x2}}]}}]}}]}}, 0x0)
sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0)
socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_CREATE(0xc00000000000018, &(0x7f00000008c0)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="000000001100000000000000000000000000001f0000000800"], 0x48)
r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2)
r2 = syz_open_dev$video(&(0x7f0000000440), 0x8, 0x0)
ioctl$VIDIOC_S_SELECTION(r2, 0xc040565f, &(0x7f0000000940)={0xa, 0x0, 0x7, {0x8000, 0x1000, 0x4, 0x6}})
r3 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCBRDELBR(r3, 0x89a2, &(0x7f0000000000)='bridge0\x00')
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0)
close_range(r3, r2, 0x2)
socket$nl_route(0x10, 0x3, 0x0)
ioctl$IOCTL_GET_NCIDEV_IDX(0xffffffffffffffff, 0x0, 0x0)
ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000100)={0x2, @vbi={0x9, 0x7, 0x80000000, 0x34524742, [0x1000, 0x7], [0x9, 0xfff], 0x108}})

4.999368583s ago: executing program 0 (id=1314):
syz_io_uring_setup(0x66e, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0xa8}, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r0, 0x0, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB], 0xdc}}, 0x0)

3.780825762s ago: executing program 1 (id=1307):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000006c0)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x18, &(0x7f0000000080)={0x0, &(0x7f0000000440)=""/30, &(0x7f0000000380), 0x0, 0x1}, 0x38)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000300)={0xf0f002, 0x1})
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=@newtaction={0x180, 0x30, 0xcac229faa96ee7df, 0x0, 0x400, {}, [{0x16c, 0x1, [@m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x0, 0x7}, 0x1}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x0, 0x3}}}}, @m_skbmod={0x120, 0x1d, 0x0, 0x0, {{0xb}, {0x10, 0x2, 0x0, 0x1, [@TCA_SKBMOD_SMAC={0xa, 0x4, @broadcast}]}, {0xe5, 0x6, "5b86c26e93ead3b3dee01a1d164e89a414eb37e7f7907ff2379b5ecf6d48548cb39730415109b9f467ab8532b22387ce6fdf14fba6b47fadb37951389bc9b39f81c2cc260df073b1904850c7240ab68648a5c6c4cb869da9efc8486e931b2851084a0a51f41c87dc4290a9905be2773ced54f5e06348aa57ce09c80acdf9ec9d5be5897799c82e3a666278d4bfa34e4389cbe2ad193be4e35e5004c129bcef29f2319ebc9b3e5d542949484c064742219d5a4e1d26dfa97bde32ada36069162c4d263866563f502fffd9a86633da7e37f951ce8797c83e68faaa2c9deac6083035"}, {0xc, 0x7, {0x1, 0xa08f97f7e712d9d0}}, {0xc, 0x8, {0x2, 0x1}}}}]}]}, 0x180}, 0x1, 0x0, 0x0, 0x1}, 0x4040800)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000300)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
faccessat2(0xffffffffffffffff, 0x0, 0x14, 0x200)
fsconfig$FSCONFIG_CMD_CREATE(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0)
r6 = fsmount(0xffffffffffffffff, 0x0, 0x18)
uname(&(0x7f0000001180)=""/4096)
symlinkat(&(0x7f00000001c0)='./file0\x00', r6, &(0x7f0000000140)='./file0\x00')
openat2(r6, &(0x7f00000003c0)='./file0/../file0\x00', &(0x7f0000000040)={0x0, 0x0, 0x8}, 0x18)
r7 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0xa}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x201, 0x0, 0x0, {0xa}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}, @NFTA_CHAIN_TYPE={0x8, 0x7, 'nat\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8}, @NFTA_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x801, 0x0, 0x0, {0x0, 0x0, 0x1}}], {0x14}}, 0xa4}}, 0x0)

3.774219322s ago: executing program 0 (id=1316):
syz_mount_image$ext4(&(0x7f0000000780)='ext4\x00', &(0x7f0000000480)='./file1\x00', 0x200000, &(0x7f0000000180)={[{@delalloc}, {@noload}, {@acl}, {@mb_optimize_scan={'mb_optimize_scan', 0x3d, 0x1}}]}, 0x1, 0x783, &(0x7f0000001000)="$eJzs3c9rHFUcAPDvbJKmSauJIGg9BQQNlG5Mja2Ch4oHESwU9Gy7bLahZpMt2U1pQg4tIngRVDwIeunZH/Xm1R9X/S88SEvVtFjxIJHZH+222U03bXY3kM8HXva9mdm89903P97sDDsB7FkT6Z9MxKGI+DiJGKtPTyJiqJobjDhRW+72+lo+TUlsbLz9Z1Jd5tb6Wj6a3pM6UC88HRE/fRBxOLO53vLK6nyuWCws1ctTlYXzU+WV1SPnFnJzhbnC4rHpmZmjx186fmznYv3719WD1z954/lvT/z7/lNXP/o5iRNxsD6vOY6dMhET9c9kKP0I7/H6TlfWZ0m/G8BDSTfNgdpWHodiLAaquTZGetkyAKBbNgCAPSgxBgCAPabxPcCt9bV8I/X3G4neuvFaROyvxd+4vlmbM1i/Zre/eh109FZyz5WRJCLGd6D+iYj48vt3v05T1PvBtTSgFy5djogz4xOb9//JpnsWtuuFrWZuDFdfJu6bvNeOP9BPP6Tjn5dbjf8yd8Y/0WL8M9xi230YD97+M9d2oJq20vHfq033tt1uir9ufKBeeqw65htKzp4rFtJ92+MRMRlDw2l5urpo65Hb5M3/brarv3n899en732V1p++3l0ic21w+N73zOYquUeNu+HG5YhnBlvFn9zp/6TN+PdUh3W8+cqHX7Sbl8afxttIm+Pvro0rEc+17P+7fZlseX/iVHV1mGqsFC1899vno+3qb+7/NKX1N84FeiHt/9Gt4x9Pmu/XLG+/jl+ujP3Ybt6D42+9/u9L3qnm99WnXcxVKkvTEfuStzZPP3r3vY1yY/k0/slnW2//tWpbr//pOeGZDuMfvP7HNw8ff3el8c9uq/+3n7l6e36gXf2d9f9MNTdZn9LJ/q/TBj7KZwcAAAAAAAAAAAAAAAAAAAAAAAAAncpExMFIMtk7+Uwmm609w/vJGM0US+XK4bOl5cXZqD4rezyGMo2fuhxr+j3U6frv4TfKR+8rvxgRT0TEZ8Mj1XI2XyrO9jt4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKg70Ob5/6nfh/vdOgCga/b3uwEAQM85/gPA3rO94/9I19oBAPSO838A2Hs6Pv6f6W47AIDecf4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAl506eTJNG/+sr+XT8uyFleX50oUjs4XyfHZhOZ/Nl5bOZ+dKpbliIZsvLbT9R5dqL8VS6fxMLC5fnKoUypWp8srq6YXS8mLl9LmF3FzhdGGoZ5EBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQOfKK6vzuWKxsCSzZWZkdzRj12QGY1c0Q6Zrmea9xEj/dlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAu9z/AQAA//+MoS4e")
open(&(0x7f0000000000)='./bus\x00', 0x60142, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xb, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000a3850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4e)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10)
openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/kernel/address_bits', 0x200401, 0xcc)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000000640)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd020f4c0c8c56147d66527da307bf731fef97861750379585e5a076d839240d29c034055b67dafe6c8dc3d5d78c07fa1f7e655ce34e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab7ea0c34f17e3946ef3bb622003b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e860e3665f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1fb9c2aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd7130856f756436303767d2e24f29e5dad9796edb697aeea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fff0d7216fdb0d3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff2c91018afc9ffc2cc788bee1b47683db01a469398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa447c2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae486aca54183fb01c73f979ca9857399537f5dc2acb72e7ead0509d380578673f8b6e74ce23877a6b24db0000000000000003629fbef2461c96a088a22e8b15c3e233db7ab22e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d7b90dfae158b94f50adab988dd8e12b1b56073d0d10f7067c881434af5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf77bfc95769a9294df517d90bdc01e73835efd98ad5a3e1a90800c66ee2b1ad76dff9f9000071414c99d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b31592479ecf2392548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987591ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4e62b445c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708194cd6f496e5dee734fe7da3770845cf442d488afdc0e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbe1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5646ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db0c407081c6281e2d8429a863903ca75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b65f037b21f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4766e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec859c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f250057931d828ec78e116ae46c4897e2795b6ff92e9a1f63a6ed8fb4f8f3a6ec4e76f8621e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce40c14089c82759106f422582b42e3e8484ea5a6ad9aa52106eafe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403f02734137ff47257f164391c673b6071b6ad0f05eed164ca63e4ea26dce0fb3ce0f6591d80dfb8f386bb79f5589829b6b0679b5d65a81826fc9b38f791c8f1892b51ad65a89bc84646ebf78f5d5d4804d9abb071fd711b5e7cc163b42a6510b8f5ee6747df0b560eabe0499bf1fef7c18bb9f55effa018679845c6598fb78bf1b8d9d9f04a5f6062c2bbb91952755b3f7c948268cb647d0a0bb1286480615941154a01d23734bcafe3b164474e2f2efa77850686ee4541f3e79efa63545a7ae53d5f0c40cc86473f7eb093980bd0d97bb4750128d9c519984c5f731ea259e71b2f12d67ce12e52c283e74594dfc933e625737ed231d61263721d46daf093f770357cd78fe1431aef52b4a0a933f1a5334ad03f3876fc8a8e187f80318427b4c922075cf829e3cc49d71d52137b48e1fb6b05dd1c7b251a7059f0a4b4f3431f67fc65b75c202e43816e34ff41db85bacd77b25242830b788ae1e00"/2566], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
socket$nl_generic(0x10, 0x3, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000))
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48)
pipe2$9p(&(0x7f0000000240), 0x0)
r2 = socket$inet_udplite(0x2, 0x2, 0x88)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r2, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a0001000000"], 0x64}}, 0x0)

3.27337995s ago: executing program 2 (id=1308):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
r0 = getpid()
sched_setaffinity(0x0, 0x0, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r3}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r4, 0x0, 0x9}, 0x18)
r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000800)={0x11, 0xb, &(0x7f00000002c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020782500000000002020207b1af8fe00000000bfa100000000000007010000f8ffffffb702000008"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000140)='sched_switch\x00', r5, 0x0, 0xa}, 0x18)
r6 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x68a02, 0x0)
ioctl$TCSETS(r6, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x5, 0x0, "ff00f7000000000000000000af88008300"})
r7 = syz_open_pts(r6, 0x141601)
write(r7, &(0x7f0000000000)="d5", 0xfffffedf)
close_range(r6, 0xffffffffffffffff, 0x0)
r8 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401)
bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB], 0x50)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
ioctl$BLKTRACESETUP(r8, 0xc0481273, &(0x7f0000000b40)={'\x00', 0x7ff, 0x5, 0xc, 0xfffffffffffffffd, 0x59c, 0xffffffffffffffff})
r9 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001200)={0x1, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"/15, @ANYRES32=r9, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xe8f}, 0x94)
r10 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r10}, 0x10)

2.215643976s ago: executing program 0 (id=1309):
socket$nl_generic(0x10, 0x3, 0x10)
inotify_init1(0x80800)
r0 = syz_io_uring_setup(0x66e, &(0x7f0000000240)={0x0, 0x29cc, 0x10100}, &(0x7f0000000380), &(0x7f0000000200))
io_uring_enter(r0, 0x567, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$nilfs2(&(0x7f0000000ec0), &(0x7f0000000000)='./file0\x00', 0x40, &(0x7f00000000c0)=ANY=[], 0x4, 0xf82, &(0x7f0000003080)="$eJzs3U9sHNX9APA36/W/2MRr4AcGfoQUWhEo2CGJ1PQWBOqlEuLSOygkNMJQ1NBKREBMD4hKiCIhThUHEBdKpRSpSKBKFeqp7alVb+0F9UKlKpWCemgjJa5iv1nvPu9k12N7dtf7+UjffX7zZuf7HXsTz4xn3wZgZNXWHo8dW8hCeOeztx99+ansk2vL7mqucXDtMYu9RghhvKWfJdv7Ii64cumlk53aLBxZe8z74bGLzefOhBBWwsHweWiEj5aWv/rw3UcOffza1C1vnnvmlV3a/aZ0PwAAYC+68Mflv973jz88MH/5woETYbK5PD8+b8T+TDzuPxwPlPPj5Vpo72ct0WoiWW8sRi1ZbyxZr57kqRfkG0+2M16w3kSXfGMtyzrtJwAAAAyj/Ly2EbLaYlu/VltcXD/vv+aLuYls8bkzy6fP9qlQAAAAoLR/n1+76XaIY2oAahBpTOcvsK0976Pvbv0524paxfnqFecbmSj3ehNCCCGE2LlwPCKGIFbnKrzYAAAAANBhvrBNVnZ2pq7m1hq95b/4cK3z82EHJK+/zdNO7PDr//r5pzavUGn+DnY//3if8193/z941f84AACUt1ePJvP9yo+j83kM0nkEx9qeNTO21fOPWrKd+hbrLJpXcFjmGyyqc6ziOsoqqn+rP8d+Kao/nQ9zUBXVn87TOaiK6p+suI6yiurvcOUnDOI/66L6pyuuo6yi+vdVXEdZRfXPVFxHWUX1z1ZcR1lF9d9QcR1lFdW/v+I6yiqqf1huqy2qv1FxHWUV1T+/3gz8YURR/TdWXEdZRfXfVHEdZRXVf3PFdfTLnbHNvw8HCtab6XDwN3AHgwAAAEBH/x36+f9GNOoDUIMQQgx9vLr+y7B9+VSHZWJbURuAGnYrpju9hoQQQoiBjPN9vPYAAAAADIb8fQH5u95Xo3x8bNP4396/9piP11vHpzY2kI+Pd9n+RJfxyS7jAAAAQAi/ef30bW9lG/Pdpe/p3+p8ePm8UdPhk6uhxDxG6XyEW82/3XnPtpu/84QjwzIbGwAAAHtV9p3Pr97/6HsvzF++cOBEy9nv1Xi+m88DWo/XBj6N/fy+gNmkn+Xn0Cfa89QK1kuvD9xQtL3Ht7mjAAAAMMLy8/dGyGqLLefdjVCrLS5unI8vhPHs9JnlU4djP/98lt/PjU9eW/5QxXUDAAAAvds43+98/p9/ju9CmMgWnzuzfPrsen+2uXy81npdYG5jedZ6XaCRLD9SsPxo7MfP7wzfn5teW7548gfLT+30zgMAAMCIOPviuWeeXF4+9cPR+aIeQtjWdsIg7IUvfLGrX/T7fyYAAGCnffnl2+M/Ojr72/X3/2/Mf3c1fnEw9htxbr8/xeX5fQL5+wA2vV//ifY8c0XrPd++XiNZbyzGZFL3VMt2wtp8g+3Pmy/K12jfzkRBvpkk32ySL52noJ6sn3WYSzB0mAkwX28uWZ7Ow1hPcmRJ/rs75AIAAIDc0gvPPr909sVzD5559smnTz196rmjR45/+/jxww9966Gltfv6l1rv7gcAAACG0cZNv/2uBAAAAAAAAAAAAAAAAAAAAEZXFR8n1u99BAAAgFH3r/MhhBUhCiL/gMF+1zHskQ1ADbsXq5P9r2FvR/DvUAghhBDbjP6e9005lhmMWF1NP2keAAAAYHddufTSydZ2k5VsR/M1t9ZYb67GvHk7++Bf5q9FvtrFh9uvl+zb0WoYdVW//uUf1PyTHcc/eHVn869diG9s9Lv//1dr38CJtcd67E33mvfepV8sNPOHEG6v95g/3f/He83Y7lCS/97QW/7V95L8T7T1ar3mvy/Jv6/H/Jv2//miDFPXzX9/zL8Q+4fu6TV/+y5OJtl6fQF8M9n/p0Kv+ZP9b/SYMPFAzA8Ao6j523z1fH8L2WH5UUJ+PD0T+/n+5ges6d0PWz3+ryXbqW+78vbt5sdBt8Z+86hupT1vbqv159+X2djeULLO1LDcVVJU/079HHdbUf3jFddRVlH9ExXXUVZR/Z3P3gdPUf3XP3scHEX193whos+K6h+W68pF9c9UXEdZRfXPVlxHWUX1b/X3eL8U1b+/4jrKKqp/ruI6yiqqv+RltcoV1T9fcR1lFdV/Y8V1lFVU/00V11FWUf03V1xHv9wR26Lz4fz8cy6O5f1G0p/s8L3s+Y8hAAAAwK7650DO/9dy5aDvtQghhBBiGGJsAGoQYpjjP6vr+l2HEGL3YnW1n1cf6LdsiO4VB2Dn7O5sFgw6P//R5uc/2vz8uZ78L/FZ0s+NdRmvdxkf7zI+kYxnyRMni8ajm5LtrubXNaObu4z/X9yDovH9yfN/nIzf2mX7C13Gb+syfnuX8Tu6jAMAADAabomt80MAAADYu17+5adv/PreJy7NX75w4ESY2DTv/OHYn4x/W3899tN573Pj8W/+P4n992P7u9j+PVnf/ScAAACw+/LPifH3fwAAANi78s8pdf4PAAAAe9d8bJ3/AwAAwN51Y2yd/wMAAMAelk11Xhzb/LrA3bHtdV4/AGDw/X9s74ztgdjeFduvxTY/Drgntl+vqD4AYOf8/Hs/Pf5WtjHf/9Fk/EpcnrebrKxfKchq7TP5T8d2X2y/0WM96ecB9Jo/t7/HPLuVf26b+QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAvaO29njs2EIWwjufvf3ozybe+PO1ZXc11zi49pjFXiOEMN58Xj660f9VXPHKpZdOtrZXY5uFIyELWXN5eOxiM9NMCGElHAyfh0b4aGn5qw/ffeTQx69N3fLmuWde2cVvQdv+AQAAwF70vwAAAP//7lUWHg==")
r1 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x0)
socket$nl_rdma(0x10, 0x3, 0x14)
prlimit64(0x0, 0xe, &(0x7f0000000100)={0x8, 0xa8}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0)
r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r2, 0x0, 0x0)
r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000080)=0x1)
ioctl$TCFLSH(r3, 0x8925, 0xbffffffffffffffb)
r4 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0)
r5 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="dc00000000010104000000000000000002000000240002801400018008000100e000000108000200e00000010c000280050001000000000008000480040003800800084000000000080008400000000734000f800800024000000b8608000340000047510800034000000003080001"], 0xdc}}, 0x0)
pwrite64(r1, &(0x7f00000000c0)='a', 0x200000c1, 0x9000)
creat(&(0x7f0000003180)='./file1\x00', 0x51)
r6 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
bind$bt_hci(r6, &(0x7f0000000080)={0x1f, 0xffff, 0x3}, 0x6)
write(r6, &(0x7f0000000340)="07000000010001", 0x7)

1.122286252s ago: executing program 1 (id=1310):
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000000000)='./file0\x00', 0x800, &(0x7f0000000300)=ANY=[@ANYBLOB='iocharset=macceltic,fmask=00000000000000000000240,errors=remount-ro,iocharset=cp936,iocharset=cp852,dmask=00000000000000000000000,gid=', @ANYRESHEX=0x0, @ANYBLOB="2c646d61736b3d303030303000303030303030312c6572726f72733d636f6e74696e75652c6572726f72733d636f6e74696e75652c00c5638743478b4a0765a108f13a6648c4bb79fbac1a4523231afd6d3cccc6512c438916373d3fc077180399cdbf4f8504ed6e82d03a91f2527149f109ee1f450a1c715866537fc86e597f991fd708e15ba285c6ddebc6b60251be5ace6b30d8fca6ae0be1f577acc82bf5d179e60fabe9161e6c35a84911d567d4930d9158351fe5cdf1e66aaff0d15a69a9d058594de4db6783ce3d35a9dd2475b17c31f7d6dddcca095388a8011b08b9c8465cf4c1b2f9cdbf3a11b40c180920738b4b6a7d898f8315cf6cb10d1f28acd901f3974b2396fa49776c919622946c1f497c752e5ad199aaeac2118a404cde6031cd64a11163e298"], 0x1, 0x152f, &(0x7f00000037c0)="$eJzs3AucTVX7OPDnWWvtMSSdJrkMa61nc5LLIklySZJLkiRJkltC0iSvJCSG3JKGJCSXIbkMIblMTBr3+/2SkCRNkoTklqz/Z8r81Vvv/33f39svv/9vnu/nsz+znrP2s/ba85yzz977nJlvug6r1aR29UZEBP8R/OVHIgDEAsAgALgGAAIAKB9XPi6zP6fExP9sI+zP9VDKlZ4Bu5K4/tkb1z974/pnb1z/7I3rn71x/bM3rn/2xvVnLDvbMqPgtbxk34Xv/2dn/P7/v0hG6XFfrCt9fTeAmH81hev//z/8D3K5/v9rBf/KSlz/7I3rn13FXukJsP8B+PWfHeT4hz1c/+yN689Ydvbre8GxcOXvR//VC0Sy92cgV/r5xxhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGMsezjrL1MAkNW+0vNijDHGGGOMMcbYn8fnuNIzYIwxxhhjjDHG2H8/BAESFAQQAzkgFnJCLhAAMVn910IcXAd54XrIB/mhABSEeCgEhUGDAQsEIRSBohCFG6AY3AjFoQSUhFLgoDSUgZugLNwM5eAWKA+3QgW4DSpCJagMVeB2qAp3QDW4E6rDXVADakItqA13Qx24B+rCvVAP7oP6cD80gAegITwIjeAhaAwPQxN4BJrCo9AMmkMLaAmt/kv5L0BPeBF6QW9IhD7QF16CftAfBsBAGAQvw2B4BYbAq5AEQ2EYvAbD4XUYAW/ASBgFo+FNGANvwVgYB+NhAiTDRJgEb8NkeAemwFSYBtMhBWbATHgXZsFsmAPvwVx4H+bBfFgACyEVPoBFsBjS4ENYAh9BOiyFZbAcVsBKWAWrYQ2shXWwHjbARtgEm2ELbIVtsB12wE7YBR/DbvgE9sBe2Aefwn747N/MP/N3+d0QEFCgQIUKYzAGYzEWc2EuzI25MQ/mwQhGMA7jMC/mxXyYDwtgAYzHeCyMhdGgQULCIlgEoxjFYlgMi2NxLIkl0aHDMlgGy+LNWA7LYXksjxWwAlbESlgJq2AVrIpVsRpWw+pYHWtgDayFtfBuvBv7YF2si/WwHtbH+lm3p7ARNsLG2BibYBNsik2xGTbDFtgCW2ErbI2tsQ22wXbYDttje+yAHTABE7AjdsRO2Ak7Y2fsgl2wK3bFbtgdu2e8kAPwRXwRe2MN0Qf7Yl/sh0k5BuBAHIgv42B8BV/BVzEJh+IwfA1fw9dxBJ7GkTgKR+NorCrewrE4DklMwGRMxkk4CSfjZJyCU3EqTscUnIEzcSbOwtk4G9/Dufg+vo/zcT4uxFRMxUW4GNMwDZfgGUzHpbgMl+MKXIkrcDWuwdW4DtfjOtyIG3EzbsatuBW343bciTvxY1QA+Anuxb2YhPtxPx7AA3gQD+IhPIQZmIGH8TAewSN4FI/iMTyGx/EEnsQTeApP4Wk8g2fxLJ7H83gBn4v/qvHHJdYmgcikhBIxIkbEiliRS+QSuUVukUfkEREREXEiTuQVeUU+kU8UEAVEvIgXhUVhYYQRJMLMI4WIiqgoJoqJ4qK4KClKCiecKCPKiLKirCgnyony4lZRQdwmKopKoq2rIqqIqqKdqybuFNVFdVFD1BS1RG1RW9QRdURdUVfUE/VEfVFfNBAPiIaiDw7Ah0RmZZqIodhUDMNmormQl45QrcUIbCPainbiCTEKR2IH0doliKdFRzEWO4m/iXH4rOgiJmBX8bzoJrqLHuIF0VO0cb1EbzEF+4i+Yjr2E/3FADFQzMKa4j2cm7OWeFUkiaFimHhNLMTXxQjxhhgpRonR4k0xRrwlxopxYryYIJLFRDFJvC0mi3fEFDFVTBPTRYqYIWaKd8UsMVvMEe+JueJ9MU/MFwvEQpEqPhCLxGKRJj4US8RHIl0sFcvEcrFCrBSrxGqxRqwV68R6sUFsFJvEZrFFbBXbxHaxQ+wUu8THYrf4ROwRe8U+8anYLz4TB8Tn4qD4QhwSX4oM8ZU4LL4WR8Q34qj4VhwT34nj4oQ4Kb4Xp8QP4rQ4I86Kc+K8+FFcED+Ji8ILkCiFlFLJQMbIHDJW5pS55FUytwyyjv8yTl4n88rrZT6ZXxaQBWW8LCQLSy2NtJJkKIvIojIqb5DF5I2yuCwhS8pS0snSsoy8SZaVN8ty8hZZXt4qK8jbZEVZSVaWVeTtsqq8Q0Lkl23UkDVlLVlb3i0T4R5ZV94r68n7ZH15v2wgH5AN5YOykXxINpYPyybyEdlUPiqbyeayhWwpW8nHZGv5uGwj28p28gnZXj4pO8inZIJ8WnaU/tJT5FnZRT4nu8rnZTfZXfaQP8mL0stesreEPiD7ypdkP9lfDpAD5SD5shwsX5FD5KsySQ6Vw+Rrcrh8XY6Qb8iRcpQcLd+UY+RbcqwcJ8fLCTJZTpST5NtysnxHTpFT5TQ5XabIGXLApZHmSPlP89/+g/whP299s9wit8ptcrvcIXfKXfJjuVvulnvkHrlP7pP75X55QB6QB+VBeUgekhkyQx6Wh+UReUQelUflMXlMHpcn5Dn5vTwlf5Cn5Rl5Rp6T5+V5eeHS7wAUKqGkUipQMSqHilU5VS51lcqtrlZ51DUqoq5Vceo6lVddr/Kp/KqAKqjiVSFVWGlllFWkQlVEFVVRdQNeesKokqqUcqq0KqNu+nfyVTF1oyquSvwmP2t+if9gfq1UK9VatVZtVBvVTrVT7VV71UF1UAkqQXVUHVUn1Ul1Vp1VF9VFdVVdVTfVTfVQPVRP1VP1Ur1UokpUfdVLqp/qrwaogWqQellk7sMQNUQlqSQ1TA1Tw9VwNUKNUCPVSDVajVZj1Bg1Vo1V49V4layS1SQ1SU1Wk9UUNUVNU9NUikpRM9VMNUvNUnPUHDVXzVXz1Dy1QC1QqSpVLVKLVJpKU0vUEpWulqqlarlarlaqlWq1Wq3WqrVqvVqvNqqNKl1tUVvUNrVN7VA71C61S+1Wu9UetUftU/vUfrVfHVAH1EF1UB1Sh1SGylCH1WF1RB1RR9VRdUwdU8fVcXVSnVSn1Cl1Wp1WZ9VZdV6dVxfUBXVRXcw87QtEIAIVqCAmiAlig9ggV5AryB3kDvIEeYJIEAnigrggb3B9kC/IHxQICgbxQaGgcKADE9hAXCp6NLghKBbcGBQPSgQlg1KBC0oHZYKbgrLBzUG54JagfHBrUCG4LagYVAoqB1WC24OqwR1BteDOoHpwV1AjqBnUCmoHdwd1gnuCusG9Qb3gvqB+cH/QIHggaBg8GDQKHgoaBw8HTYJHgqbBo0GzoHnQImgZtPpTx/f+dP7HXS/dWyfqPrqvfkn30/31AD1QD9Iv68H6FT1Ev6qT9FA9TL+mh+vX9Qj9hh6pR+nR+k09Rr+lx+pxeryeoJP1RD1Jv60n63f0FD1VT9PTdYqeoWfqd/UsPVvP0e/pufp9PU/P1wv0Qp2qP9CL9GKdpj/US/RHOl0v1cv0cr1Cr9Sr9Gq9Rq/V6/R6vUFv1Jv0Zr1Fb9Xb9Ha9Q+/Uu/THerf+RO/Re/U+/anerz/TB/Tn+qD+Qh/SX+oM/ZU+rL/WR/Q3+qj+Vh/T3+nj+oQ+qb/Xp/QP+rQ+o8/qc/q8/lFf0D/pi9pnntxnvr0bZZSJMTEm1sSaXCaXyW1ymzwmj4mYiIkzcSavyWvymXymgClg4k28KWwKm0xkyBQxRUzURE0xU8wUN8VNSVPSOONMGVPGlDVlTTlTzpQ35U0FU8FUNBVNZVPZ3G5uN3eYO8yd5k5zl7nL1DQ1TW1T29QxdUxdU9fUM/VMfVPfNDANTEPT0DQyjUxj09g0MU1MU9PUNDPNTAvTwrQyrUxr09q0MW1MO9POtDftTQfTwSSYBNPRdDSdTCfT2XQ2XUwX09V0Nd1MN9PD9DA9TU/Ty/QyiSbR9DV9TT/TzwwwA8wgM8gMNoPNEDPEJJkkM8wMM8PNcDPCjDAjzSgzOvNE1bxlxppxZryZYJJNsplkJpnJZrKZYqaYaWaaSTEpZqaZaWaZWWaOmWPmmrlmnplnFpgFJtWkmkVmkUkzaWaJWWLSTbpZZpaZFWaFWWVWmTVmjVln1pkNsMFsMpvMFrPFbDPbzA6zw+wyu8xus9vsMXvMPrPP7Df7zQFzwBw0B80hc8hkmAxz2Bw2R8wRc9QcNcfMMXPcHDcnzUlzypwyp81pc9acNedN/kvvl97E2pw2l73K5rZX2zz2Gvv3cQFb0MbbQraw1Tafzf+b2Fhri9sStqQtZZ0tbcvYm34XV7SVbGVbxd5uq9o7bLXfxXXsPbauvdfWs/fZ2vbu38T17f22gX3ENkQEsM1tY9vSNrGP2Kb2UdvMNrctbEvb3j5pO9inbIJ92na0z/wuXmQX2zV2rV1n19s9dq89a8/ZI/Ybe97+aHvZ3naQfdkOtq/YIfZVm2SH/i4ebd+0Y+xbdqwdZ8fbCb+Lp9npNsXOsDPtu3aWnf27ONV+YOfaNDvPzrcL7MKf48w5pdkP7RL7kU23ASyzy+0Ku9Kusqv/71yX2412k91sd9tP7Da73e6wO+2urBNhu9fus5/a/fYze9h+bQ/aL+whe9Rm2K9+jjP376j91h6z39nj9oQ9ab+3p+wPKis7c9+/tz/Zi9ZbICQgSYoCiqEcFEs5KRddRbnpaspD11CErqU4uo7y0vWUj/JTASpI8VSICpMmQ5aIQipCRSlKN1DW9EpSKXJUmsrQTVSWbqZydAuVp1upAt1GFakSVaYqdDtVpTuoGt1J1ekuqkE1qRbVprupDt1Ddeleqkf3UX26nxrQA9SQHqRG9BA1poepCT1CTelRakbNqQW1pFb0GLWmx6kNtaV29AS1pyepAz1FCfQ0daRnqBP9jTrTs9SFnqOu9Dx1o+7Ug16gnvQi9aLelEh9qC+9RP2oPw2ggTSIXqbB9AoNoVcpiYbSMHqNhtPrNILeoJE0ikbTmzSG3qKxNI7G0wRKpok0id6myfQOTaGpNI2mUwrNoJn0Ls2i2TSH3qO59D7No/m0gBZSKn1Ai2gxpdGHtIQ+onRaSstoOa2glbSKVtMaWkvraD1toI20iTbTFtpK22g77aCdtIs+pt30Ce2hvbSPPqX99BkdoM/pIH1Bh+hLyqCv6DB9TUfoGzpK3/re9B0dpxN0kr6nU/QDnaYzdJbO0Xn6kS7QT3SRPEGIoQhlqMIgjAlzhLFhzjBXeFWYO7w6zBNeE0bCa8O48Lowb3h9mC/MHxYIC4bxYaGwcKhDE9qQwjAsEhYNo+ENYbHwxrB4WCIsGZYKXVg6LBPeFJYNbw7LhbeE5cNbwwrhbWHFsFL4yH1VwtvDquEdYbXwzrB6eFdYI6wZ1gprh3eHdcJ7wrrhvWG98L6wXHh/2CB8IGwYPhg2Ch8KG4cPh03CR8Km4aNhs7B52CJsGbYKHwtbh4+HbcK2YbvwqrB9+GTYIXwqTAifDjuGz/zcf//irP4nftefGPYJ+4YvhS+F3t8rF0QXRlOjH0QXRRdH06IfRpdEP4qmR5dGl0WXR1dEV0ZXRVdH10TXRtdF10c3RDdGN0U3R72vnQMcOuGkUy5wMS6Hi3U5XS53lcvtrnZ53DUu4q51ce46l9dd7/K5/K6AK+jiXSFX2GlnnHXkQlfEFXVRd4Mr5m50xV0JV9KVcs6VdmVcS9fKtXKt3eOujWvr2rkn3BPuSfeke8o95Z52Hd0zrpP7m+vsnnVd3HPuOfe86+a6ux7uBdfTTczzy2sy0fV1fV0/188NcAPcIDfIDXaD3RA3xCW5JDfMDXPD3XA3wo1wI91IN9qNdmPcGDfWjXXj3XiX7JLdJDfJTXaT3RQ3xU1z01yKS3Ez3Uw3y81yVWf/spV5bp5b4Ba4VJfqFrnMc8Y0t8Qtceku3S1zy9wKt8KtcqvcGrfGrXPr3Aa3wW1ym9wWt8Vtc9vcDrfD7XK73G632+3x1/wyqNvvDrgD7qA76A65L12G+8oddl+7I+4bd9R9646579xxd8KddN+7U+4Hd9qdcWfdOXfe/eguuJ/cReddcmRiZFLk7cjkyDuRKZGpkWmR6ZGUyIzIzMi7kVmR2ZE5kfcicyPvR+ZF5kcWRBZGUiMfRBZFFkfSIh9GlkQ+iqRHlkaWRZZHVkRWRrwvtC30RXxRH/U3+GL+Rl/cl/AlfSnvfGlfxt/ky/qbfTl/iy/vb/UV/G2+oq/kK/tHfTPf3LfwLX0r/5hv7R/3bXxb384/4dv7J30H/5RP8E/7jv4Z38n/zXf2z/ou/jnf1T/vu/nuvod/wff0L/pevrdP9H18X/+S7+f7+wF+oB/kX/aD/St+iH/VJ/mhfph/zQ/3r/sR/g0/0o/yo2Pe9GOyLpFhgk/2E/0k/7af7N/xU/xUP81P9yl+hp/p3/Wz/Gw/x7/n5/r3/Tw/3y/wC32q/8Av8ot9mv/QL/Ef+XS/NOumsV/lV/s1fq1f59f7DX6j3+Q3+y1+q9/mt/sdfqff5T/2u/0nfo/f6/f5T/1+/5k/4D/3B/0X/pD/0mf4r/xh/7U/4r/xR/23/pj/zh/3J/xJ/70/5X/wp/0Zf9af8+f9j/6C/8lf5L9ZY4wxxhj7l0y83BS/7fnldn6fP8gRv1q5LwBcvb1gxq/7M88oN+T7pd1fxLePAMDTvbs+lLXUqJGYmHhp3XQJQdH5AFmfBGX6+asHl+Kl0A6ehARoC2X/cP79Rffz9E/Gj94KkOtXObFwOb48/ucAmPgH4z/2xOhFFcKzcf+P8ecDFC96OScnXI6XQruf76+0hXL/YP75W/+T+ef8Ihmgza9ycsPl+PL8y8Dj8Awk/GZNxhhjjDHGGGPsF/1F5c5Z159Z3/j8o+vzeHU5Jwdcjv/Z9TljjDHGGGOMMcauvGe793jqsYSEtp3//Ua1/1LWv9xoCv9dI3PjDxveA2Q9ogDgPxwQILMh/8q92PqXbCvp0kvn77tWnPMB/M8o5Z/RuMIHJsYYY4wxxtif7vJJ/28fV1dqQowxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGWDb0V/w7sSu9j4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxtiV9n8CAAD//7wUAB0=")
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000340)=ANY=[@ANYBLOB="f0000000100013070000000000000000fc020000000000000000000000000000fe8000000000000000000000000000100004000000000000000000202c000000", @ANYRES32=0x0], 0xf0}, 0x1, 0xe}, 0x10)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0xffffffff)
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x1)

1.119956133s ago: executing program 2 (id=1311):
syz_mount_image$msdos(&(0x7f0000000200), &(0x7f0000000240)='./file1\x00', 0x0, &(0x7f0000000880)=ANY=[@ANYBLOB='dots,dots,dmask=000000000200000,nodots,discard,nfs=nostale_ro,gid=', @ANYRESDEC=0x0, @ANYBLOB="2c646f733178666c6f70707900000000000000003030ffffffff303030303031373737373737373756c0f39fdb37372c004c0f1208ec0c34b7df4ba1c1e6b76697434db8574db9bcaef6a61a12c3f260bebc7ac5b1b11361119b83f1cf9f686b715b8e587626fd37cea6623dc422c2ddbcefe94ebba429e58c90613e6b598b3b7a2c05de53", @ANYBLOB="2bb809b28a4b035a51df3c09fb90a112a0bd179db0b9fcf01eebfd55bb06b8e9da5035a27a7f1811b1afaeca7bcec905c8676592e22ac5506f7a213152bdc7ed6d4a47095018fd473f8189783d89664e4c8e5454369398a34f689cb9460675be2d0eb8eba0c1090eda03e1a9d1eaabaf6afc073c23dda8a46cf940ab98b7632b3a7f74187d5d5a042950e7409d7a7b2c80e657a7faa65cd24e09464b31882dbbbf23181782c2f662bf87936df4d911b600ea69ed098adb96af284ab076b3675c9c85137252fbc3f676f7a4dd54"], 0x1, 0x2ac, &(0x7f0000000a40)="$eJzs3E1rE10UwPGTSZtJ+zx9WQm68aAbRRhqXKqLKC2IASVtRF0IUzrVkJiUmaBJEczaVT9HcelOEL9A934Ad0WQrrrRkSbT6TR9o2Oa1OT/gzJn5tzbuTOXKecWZjafrr0uLXvWsl0TI61iiDRlW2RairIrEWxTrTgVHpe7GWnK9Zk3Wx/mnz1/mM3lZvOqc9mFWxlVnbz85e27j1e+1v578mnSNGVj+sXmz8z3jQsbFzd/L7wqelr0tFKtqa2L1WrNXiw7ulT0Spbq47Jje44WK57j7ssvl6srKw21K0sT4yuu43lqVxpqSENrVU0Ho6qoZVk6Mb4Tp2WIpE7do7Cez9vZ2Cf89X/srugd183aSREZO/A0FNb7MyIAANBPR9f/Rthmt/43Out/kRPq//dBq8nPXa//kxLW/yWnVf/X3IbaL+1itP7HseLV/8bZDAZ/I9GM7Nzbl3Ld7Njhnaj/AQAAAAAAAAAAAAAAAAAAAAD4F2z7/pTv+1M7W0NE/GDfFJFkZP+QrkP1bv2gis6/H/kxgwk+Zv4xACIv7qVFfjTrhXoh0dq283MPcrMz2hJ58W+rXi8kw/zNdl7350dlPMhnDs2n5NrVdn4nd/9RLppfqxfGZOnYkTe7dQsAAAAAABh4loamw4NpCdf3lqWmdOZb6/d21Nz7/0DH+n5ELo307joAAAAAAMDRvMZqyS6XHfeUwbe0yOl7rSbjnKvXgUi87rd9syvDSIrICW3y8yL9v1EHAlOObnMj+CDzORlq7CB18uycZXCna7/QT+w+wqPBH4OOpwAAAADAYNlbD/R7JAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADK9efLqs39cIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnBd/AgAA//+uXLhG")
statfs(&(0x7f00000005c0)='./file1\x00', &(0x7f0000000600)=""/117)

1.101840823s ago: executing program 3 (id=1312):
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_SET(r0, 0x4b72, &(0x7f0000000080)={0x0, 0x3000000, 0x10, 0x19, 0x100, &(0x7f00000000c0)="387ed7626d850509a2d6c1aa38f15cd00f85c263cb226db671261fff7ce9c555f189afae3530db6dd493f28fd988721b9ae21b3e3b4523ae2594f47d8f62b480c4160b1f90ac9c41fae6ab12ac4c113fef588684ef495689092883b902a41cd75387ef6f7bc7d460d5e665f398ff95596dc94ec97003a3db08e500c2fb07e11aa4031a61c51caf7a65a2b613bda33f3eaeae635d7cd81761e74c38a7695800a15516eb337056e02335f9a7d10aa2eaf7beb7e1f7a1e850ecb3421143c5c4ded0f083a0c524dcf320827266819b6a952db5bc96141b26c54db857edbcbbc81c7af7aadf50bc549974b6401a19cdb130282b955592efa94242065a4c8d695a2cdd9ada350defd58c775b92d348305774d3a256c7520b285d8da0dbf5e20d604413ed2ddf9bcbf881caf811852806175d63892a15234fbcd7a88a2a0aea45d19148f0e7dada7d6d0d77881387fdeaa02863be90b88dfff412bff40c31c6415c54ae3335e54a49d315851feffe30d999c36def4df7df747695ef060000001bbe1b649f42f310859122c0d2c1e558dc6586958a28374f386ecf369274e43003a09b5159ea515eb44521901ef0d00baa91c10a8e44a76aac3468a15bd3d45ad389977467f306f9bcde071b30769795eed2f1580414d168f557cd90040c4bd2a3d6bc509254a12cece59181fcb5bad8c24bd9f8f78d17ab01831325501e80d899e9252f99d3a2666343392fda115048e4f4dd9f45657f8224fc78eb1168fe0527fac33466aadf48f16994d29a47778566e0f3945b2bf36b6eecc7fa18914beb66ac9e519bd3330000000000000009a3237aebbe3bed781e39d5a0fb0cdc60e196f2261305feb596b5b66ab89d2d6333f699b16db68986ab3eee7b199fefb5f79ffb2d1050e46982af1c14a88dd9b647ba812f56a8404755c73e74bb90e64bab9647c70ed5afca1c3d87907d14df8aa9df6f40a80ace2bb8a2aad3b0c66915927db4173181943d88c0c76d5969e2043db5bd77fd60ba0f012139929ccfec965c1f769785a4d23332d71f0875e3146afef5b20cc306d3ecee65944fe9829e0ad0c3f6bb2fdc1bc31152538db50f47dc38ba908a0d808687e478a609fe0daa0000000000000000e7f2e98597e27f3e1dba9c3c16e9fab3bda6ed33cb1c75513e2264b69d4794ded98eff9aa53d22eb77c9d93169c04ab2490bf28106f770e07eb7a9e8fd4e71929f918b98c4cbfcb11a90139264a9ee807c973167f493760278df0cc34be9e8f86f948d9a62e63ad6ca9d174d2465380b1a00ddc42915e4f3a5db640600000095a3d63904c9ecd1c313c08e29b814bd8fed1ab6d2846c73345962895d289ac77152cac2e04c93a5470774975b42091f218dd1e68a15f8226577bf9481ae0555db64a717eb23a811356d00000000ddffffff00"})

718.901709ms ago: executing program 1 (id=1313):
setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0)
io_uring_setup(0x6c27, 0x0)
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x400)
ioctl$DRM_IOCTL_WAIT_VBLANK(r0, 0xc018643a, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20040, 0x0)
r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000600)=[@text64={0x40, &(0x7f0000000640)="430fc73f0f2390b9800000c00f3235010000000f300f20d835080000000f22d8c4e18173f53866baf80cb83879e487ef66bafc0cec66b88e008ec02d1aa80000460f1c460041ae", 0x47}], 0x1, 0x74, 0x0, 0x0)
getsockopt$sock_buf(0xffffffffffffffff, 0x1, 0x0, 0x0, &(0x7f0000000240))
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0, 0x1, 0x2}, 0x28)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0)
r4 = syz_open_dev$dri(&(0x7f0000000100), 0x0, 0x0)
ioctl$DRM_IOCTL_GET_CAP(r4, 0xc010640c, &(0x7f0000000000)={0x14})
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f00000003c0)={&(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000180), &(0x7f0000000280)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000380)=[0x0, 0x0], 0x6, 0x0, 0x7, 0x2})
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce)
r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8)
mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)

665.074ms ago: executing program 2 (id=1315):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x6)
openat$vmci(0xffffffffffffff9c, 0x0, 0x2, 0x0)
syz_mount_image$hfsplus(&(0x7f0000000980), &(0x7f0000000a80)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x2000010, &(0x7f00000009c0)=ANY=[@ANYRES8=0x0, @ANYRES8, @ANYBLOB="4a3a9f8c2aab73255ecca15a5ad5b0b10a818868cc63e509dca434325eec52c449bc0f78c4d4996b7c34f8c4027731d8084daf83fa32ac4f26093d06abe1c066b64b56d81577ccc09ee10fa7258f8c9a08a6fa6f21d52366469e697011812e7133138514e15b9fe1f64a7d3062ee9a77ca0a5d9f6af20321dc3f0f0577b860b69773048ec9a9a6d40e94d2f4aca5a132897494efd6232446f0d416f1a75c1e7e1e233ad655fc58f85c"], 0xff, 0x6de, &(0x7f0000000180)="$eJzs3c9vHGcZB/DvrNeON1TBaZM2QkVYiVSQIhInVgrhgkEI5VChqhx6thKnsbpJqsRFaYUgBQQnJA79AwqSbxwQEvegcOFSbr36WAmJS8QhqpAWzezsete7ju0kXifw+UTjed9533nnmWd+eddZbYD/W5dOp3kvRS6dfuNOWd9YX2xvrC8eqpvbScpyI2l2ZyluJMX9ZKlsLwamDMxHfLx68a3PHmx83q0166nqP9Vfb3ZXIY/Zxt16ynw93vzYNad3NX53rCq8vJDkcj0fNrPbsYY6lkk7Vc/hwHVG3N3L6tte78Czr/d0KrrPzRFzyeH6yVz9TlDfHRqTi3B/7OkuBwAAAM+pT28edAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw/Km//7+op0Y9z3yK3vf/z/SW1eVn0NKue97b1zgAAAAAAAAAYDK+9jAPcydHevVOUf3N/2RVOZYvOsmX8n5uZyW3ciZ3spy1rOVWziWZGxho5s7y2tqtc/01S+PXPD92zfOT2mMAAAAAAAAA+J/0i7Q2//4PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADPgiKZ6s6q6Vg9z1wazWy25W7yjyQzBx3vHhTjFt6bfBwAAADwRGYfY50vP8zD3MmRXr1TVK/5X65eL8/m/dzIWlazlnZWcqV+DV2+6m9srC+2N9YXr5dTWR8e93v/2lMYM/UIU1Vt3JZPVD1auZrVasmZXC6S/3Q6nUZ326eSE714BuIa8FEZU/Hd2i4ja9ZpLff8d9u9i/BUDL8V0XhEz9ZmcEk/Iwt1bOWaR7sZKKo3apKtmdjx6DSHanPVqNP9LZ1Lo//Oz7F9yPnhel7uz6/3Ned71c9EI1UmzqfRP1IvPzoTydf/8se3r7VvvHvt6u3Tz84u7WBqm+Vbz4nFgUy88lxnornH/gtVJo7365fyw/w4pzOfN3Mrq/lJlrOWlXTq9uX6fC5/zj06U0tDtTd3imSmPi7dY7abmObzg6q0nJPVukeymiI3cyUreb36dz7n8q1cyIVcHDjCx7eNu9q36qpvbL3qe0f6r2ODP/WNulDe3X6zeZdbetQeb3d2Pi3de3+Z16MDee2e9Q/6vY4OXAcLA1l6sZed6bGDP869sfmVulBu45c7PCcma67ORHkB9Z4Svehe6maiWT2LRs/z33fK9dK+0elcW35vm/Hvbqm/Vs/L02r9qzv17hl/KJ6u8nx5MbP1nWT47CjbXurfZQbaOpvncrdt+Ilbrne8aiuK3pX6o9ysToDRK3Wm/h1udKTzVdsrY9sWq7YTA21Dv2/lZtq5MoH8AfA4/v52vziXwzOtf7Y+bX3S+lXrWuuN2e8f+vahV2cy/bfp7zQXpl5rvFr8OZ/kZ5uv/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgMd3+4MP311ut1dujS80tm9aXup9cU27vdLK1j7bjXxo/IBF/YU+O8TzTBbSHG2aLfMyuGS6m6gJR9jaGsZIofPzZOIZ632J4Pg+vy0LzZEzalxhaWjJn0YH/GiPERa7uy72sdDIZDdaXsXjmg7ohgRMzNm16++dvf3Bh99cvb78zso7KzemL1y4uHDxwuuLZ6+utlcWuj8POkpgP2w+9A86EgAAAAAAAAAAAGC3xn0w4OQLO31oZFef8fA/CwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICn4tLpNO+lyLmFMwtlfWN9sV1OvfJmz2aSRiMpfpoU95OldKfMDQxX5A/30xmznY9XL7712YONzzfHanb7J416vr1Htya5W0+ZTzJVz5/A0HiXn3i84t+9fSgT9kWn01l6svjg6fhvAAAA///1I/PD")
syz_mount_image$hfs(&(0x7f0000000000), &(0x7f0000000680)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x100cc9a, &(0x7f0000000080)=ANY=[@ANYRES32=0x0], 0x1, 0x2bd, &(0x7f0000000780)="$eJzs3UFrE08Yx/Hf7KZp/v+WurYVQTxVBU+lrRcRRJG8Ay+eRG1SKIYKWkG9WD0XDx579y34IjyJZ8GbJ19AwcPKzG6a2Wx2k7Yka+r3Aw3b3Znd58lsducJhBWAf9a95o9PN37aPyOFCqW6pEBSQ6pJuqCLjZc7u9u7nXarbEeh62H/jJKeJtdmc6edLmW22X6uRyqy/9U0762r5/bVOEGyyGl8P3aXkDf/7DFxHMcD1gfSrD/aZ2Xk96oOoGLmUIearToKAEDV3Ow/mfiHUjifztGDQLqW3vbt9t79f3pvoL/jRNVxVMrd/19poVt5xcaO7zm3qVfvuTLNbg+6VWLpToPBq+vptjATwLCq0sUS/Le13Wmvbj7rtAK9152U12zZvbayB/ejfZff9cqA2rTESLkfeeudWHMuhxmbw0ZB/EunP6IzU7jFf2NiyXwxX81DE+lALTf+Vi02dpjcSEV9I5XEv6Zske5xWUZJq4Isz7vel7KFfC5LP9JQfWH46uk+a37yUS/Okl6LfVkk2a0P6bU0sNfGkF7L/b16Z3Nxz3EzH8wDs6Jf+qzm0fjb9z5MLvXDP5m2jWuZnhml+dRcy8jdT9JP3d7lgS0Lrh4Yi3090U0tvHj95unjTqf9nIXRFrrX2b8lnhMtdE+CiR89dAsfJVWR+/7q7S2btlujdIo71oMqn2moEbvXTnP07n3n5MFXcE3CxPUG/ZgdB08FMX0C9/W/q/+8emXNTdbsS1RSjQwtor09rhfUBovu9f/iCi7DuK8e5ooruFFrrivXpasFR2we5HYbpXFOtbvqfoVjmvqmR978HwAAAAAAAAAAAAAAAAAAAFPhdD9viOPezxsaKmpcdY4AAAAAAAAAAAAAAAAAAAAAAEy7/PN/dWsCz//NyDz/976S/7LP/wUwBn8CAAD///0feS4=")
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
writev(0xffffffffffffffff, &(0x7f0000000140)=[{&(0x7f0000001200)="10", 0x69000}], 0x1)

658.51498ms ago: executing program 3 (id=1317):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, &(0x7f0000000000)=ANY=[@ANYBLOB="18010000000040000000000080000100850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000500)={&(0x7f0000000280)='netlink_extack\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000004c0)=ANY=[@ANYBLOB="2c0000006800010003001000fdffff7f00000000000000000c00020001000000150000000600030003"], 0x2c}, 0x1, 0x0, 0x0, 0x4008018}, 0x4000080)

384.082664ms ago: executing program 0 (id=1318):
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000000000)='./file1\x00', 0x810, &(0x7f0000000d00)={[{@treelog}, {@nobarrier}, {@max_inline}, {@space_cache}, {@nodatasum}, {@acl}, {@flushoncommit}, {@ref_verify}, {@ref_verify}, {@noenospc_debug}, {@user_subvol_rm}, {@noinode_cache}, {@commit={'commit', 0x3d, 0x4027}}, {@nobarrier}, {@max_inline={'max_inline', 0x3d, [0x6b, 0x36, 0x38, 0x35, 0x38, 0x25]}}]}, 0x1, 0x50f3, &(0x7f000000a2c0)="$eJzs3U+IVWUfB/Dnzp1x5lVw7isEtsoikGrh4CYioqtMUFF0y8VgBE4tgnThJEi0EMQW/Vt4S4paSK6kFsksjKA2LqQwArehYS7cKAaSi3Yac8957pz7HO+5d0ZtTD8fmTnnOb/zPOe5l7O43+uccwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACEEF74/bNDVfVT16bPnJtp7jywZebyvul1p0OodbbX8vqOrc++8ua2HS9OxA6zL2fLRqPfkFnX81ljVc/GhX69P6+HEMaSAer58pk1pVGLq3vKA1a6fnH30U17mxuPH27Xr146e7L80lkwsdITWCn5eXVh8Vxqdn6PJHt024VTr9Zzimb90xPuX3kRAMCSTLU6i+7H0fwjbre9P60n7WbSbift+AmhXWwsRzbuqn7z3JDWV2iezSwqjPedZ1LP3/9uu5X2T9pJ1FjCPHt3zSPNRL95ziX1lZonAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJ3kkbdHH6qqn7o2febcTHPngS0zl/dNrzsdQqOzvZaVa6vfP9z869utxw78uPmr4xeef6ye94vL0cLO4be48sRkCG8UKhfisBfXhtDqLXSa4cty4a3OynOxAAAAwN3k/s7vkW47i4NjPe1aJ03WOv+iLCxev7j76Ka9zY3HD7frVy+dPbn88Vp9xmvecLxuu7H4UysE4xh/0/EW63HXPaVxqqUjpnn+8fNTf1f1L+X/RnX+j++c/A8AAMDNkP/TcaoNyv/fvfbHJ1X9S/l/Q88hS/k/zjjm/5GwvPwPAAAAd7Lbnf+bpXGqDcr/4y+NfV3Vv5T/p4bL/6PFaceNv8YJ75oMYWrQ1AEAAIA+4v+7L361EPN69s1BmtefevTguarxSvm/OVz+H7ulrwoAAAC4GUe+2P5wVb2U/1vD5f/x2zprAAAAYCne+XDig6p6Kf/PDpf/V+fL/MqHrNNP8a8QDk2GMLGwMpcVfg7tp7sFAAAA4BaJOf3PT3f+ULVfKf/PVd//P97pIF7/33P/v9L1/4VCdte/J90YAAAAgHtR+Xr+eHv87MkF/Z6/P+z1/w/87+CrVccv5f/9w+X/enF5K5//BwAAAMvwX3v+3/bSONUG3f//vo/e/aWqfyn/t4fL/3G5pvjyTtRq2fvz3mQI6xdW8rsJfhMPtyspzI8VCh2tpMe22CMvzI8XCh1zSY/NkyE8uLCyPyn8PxbaSeHK2rxwJCmcjoX8fOgWjiWFE/FM+3xtPt208H0s5BdYzMcrKNZ0L4lIelzt12OhcMMeZ7sHBwAAuKfE8Jxn2bHeZkij7Hxt0A6rB+0wMmiH+qAdRpMd0h37bQ+zvYW4vX1m49Ke/39kuPwf34pV2aLf9f8hXv+fP9ewe/3/bCw0ksJ8LLTSOwa04jGysPtxPEajlfe4sr5bAAAAgLta/F6gvsLzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP5h715j5KruA4CffY734fVCUoXQKNkkNY6beL22gUQtVdaUqhEpzbqhoCqi2NhrsnjBjm1KjEJkbCIaIShtkJIPRRhFUc0HqBWISAoIFymOUHlEVEUBBAqtIQoipSQRaYIUqtl7z+ydc3cefqzx0t9P8s6Z+Z/nnYfn3HvnXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/h4Feu+dtm8Ud/e96zL1w8fsWetRe/et15pz4ZwsTM4x1ZuKP/xtvHf373uffseWD1HfcdPv+jvXm5PB4Gqn868zs3xFoPLw7h/o4QutPAisEs0JPfH4z1vW8whFPCbKBWYrI/K5E2HL7fF8K+MBuoVfW9vhAGC4ELn3rk4Zuridv6QlgaQqikbTxfydroSwNn9GaB/jSwtTsL/OqtTC3w3c4sAMcsvhlqL/oDE/UZhucu1+D113PcOvb2SofXFRPDjfP9bO08d6qgN31g4pietlJ1zIvS2+Ogd9sCeLeVtvOtnrbiF6n8G8pbs6FK6Nw0uXnD1dM74yOdYXS0q1FN8/Q8P/P6lzYeSXrBvA5jB4aPy+vwlieW3t21/ILH71ux9OX9H9v7yrF280eFTVpMz7dKyF9zC+Z5jMZ9niyAt1/pW9KIL10hhM2f/73PNIuX5v/Dzef/8eUcbzvrcsda3xzK5ubxkcGYeG0om5sDAADAgrEQ9ppuHX3oE83qK83/R9o7/h8P+eeT+Wy0B0MYn0nsXRLCaTOPZ4G7YnOXLQnhgzOpifrA2iRwMIT3ziSW16pKSiyKJUaSwE+G8sB4EjgUAxNJ4FsxcGsSuCEGDiSBjTFwMAmcGwNhqn4cvz+Uj6PtQF8MrM824oF4FsIvhmJrybZ6rlYVAADAcZLPDnvq7xbOdTjWDHF6eaCvVYZ4BnbDDJWkhnQGW5tWNayhu1UNna1qqI17d/Phl2ruaFVz6TSMjvoMt//ybz4bmijN/8eaz/8rc3Sko3T8P4R1M39j7s48Ml2Lr5+oywAAAAAcg4H/ffGbzeKl+f94e+f/x30iXYXM4bG4G2LLkhDG6gNZtX9YDmRHvQfyAAAAACwEtePxtWPhU/ltdop2Op8u5584wvzxwP/4nPl7Dz64vll/S/P/ifbO/++vv806cSj24mtLQlhUCPwg9rIamDESAz/+ZH0gH/+huAFuilXlJybUqropllgfA2NJYF+jEj+slTitPpA/WbXG99bGMZWXKAQAAADghIu7A+Jx+Xj+/4d+s/qaZuVK8//1R3b+/8w8uHR6//RACCu7Q+hKfxjwWH+2MGAMDHbkiYf6s7q60qqu7w/hnOrA0qpezNf/707XGHyqL6sqBk770P7Xz6gmvtkXwspi4OnP3XlWNbEzCdQa/8u+ED5QHW3a+HcWZY33pI1/fVEI7y8EalVdtiiEamO9aVWPVPLrGKRV/XMlhHcVArWqzq6EsCsAsEDF/0o3FR/csevaLRumpye3z2Mi7sPvC5unpidHN26d3lRp0KdNSZ/rljG6vjymdq9881y+RNFF964bbCdd+53gWLGtfD9+6cTB/H78LtQzM87VPXV316RD/siHy02EwjepRkPunOch9xcrmX0SS/XH/L1hICy6esfk9tEvbti5c/uq7G+72Vdnf+NhpmxbrUq3Vf9cfWvj5dFwtazE0W6rZcVKVu68ctvKHbuuXTF15YbLJy+fvGrV2avHzhxbM/bxM1dWRzWW/W0x1GVzVZ0M9a072xzXcRzq6d2FSk7Ep4aEhMRCS2wdWNb0/+TS/H9b8/l//NSJn/z5+gyNjv8Px8P82eOzh/nXx8C+do//Dzc6ml87MWAkCeyOgd0O8wMAAPDOECf5cW9m3Cv90+XfeblZudL8f3d7v/8/Tuv/15auP7/RMv/LY4mxRuv/p8v819b/391o/f90mf/a+v/73ob1/6+uBZJN8gvr/wMAAO8EJ279/5bL+6cXCChlaLm8f3qBgFKGlsv4t3uBgCNe///5//yr/w5NlOb/t7Y3/7dwPwAAAJw8vvxn1/xOs3hp/r+vvfn/iV//LzQ6/3+kUWCi0cKA1v8DAABggWq0/t/wjf2XNitXmv8faG/+H0+76KzLHWt9cyhb0y6ka9q9NlT7yQAAAAAsDJ1hdLSnzbx1K6OuPfo2n8mXAm2WLnrxTw4f2fn/B9ub/9f9LuOWJ5be3bX8gsffvG/F0pf3f2zvK7PH/wEAAID50+5+CQAAAAAAAAAAAAAA4O334n/sWdMsXvr9f1g383ij3//H6/7F3xe8uy53rLX1+n/5/Qs/fc+umSULHxsK4cPFwJY9W04J+bX5lxUDD1+y/D3VxJ60xIMvnPtSNXFpGvjUilPfqCbOSQLr4yKJ700D8aqKbyxOAnF5xX9PA3F7HEgDvXngq4uzcXSk2+qng9m26ki31bODISwpBGrb6v7BrI2OdIC3JYHaAL+QBuIA/zwPdKa9umcg61UMDMaidwxkvQIA4KQVvwX2hM1T05Nj8St8vD29u/42qluy7PpytR1tNv9cvjTZRfeuG2wn3ZV+F5291nhPqFSHsKr0dbWYpWNmlMenlhab7t0NhtxqtbfOBuVSR7rpehuPqC8b0ejGrdObeloOfE3rLKu7W2ZZVZrsFLN0zmzSNmppoy9tjKjNbdNGl+P9zjA62pXk+oMYHA51Wr0i2v29fnGdv0avgmKeqw7v/VWz+krz/+H25v+V4rjeyC8GsDteWe/vlljmHwAAAObXV9f++hvx32dvfPTpZnlL8/+R9ub/cQ9Wfig429txMF7/f++SEGYurT+cBe6KzV22JIQPzqQmYonsgvrnxxJjWeCuuMNkeSyxfqK+qkUxcCAJ/GQoDxxMAodiIN9LsT/ku3L+fiiEs2ZS6+pLbIslhpPAZ2JgJAmMxsBYElgcA+NJ4NXFeWAiCfxbDISp+m117+J8WwEAAByJfJ7VU383pPO8A92tMnS0ytDfKkNnqwyVVhkajSLe/3bM0JOcvNJRyNST1tqX1FLKEC+Gf8T9KmUIP6zPmRYsNR3PP6idb9BRn+GBT3RXQhOl+f9Ye/P//vrbrPVDcf4/e/2/LPCD2L2vxVPHR2Lgx5+sD+Q7Bg7Fye5Ntaom8hL5pP2mWGI8BkaSwLYYGE8C69flgX3vqQ/kM+1a43trjU/lJQoBAAAAOOHiDoK4mybO/+/Y8ZWBZuVK8//x9ub/sb2BYmM3xFoPLw7h/o7Z3tQCKwazQNyPMRh/Hv++wRBOKezgqJWY7M9K9CYNh+/3Zb9Q702r+l5f9uODeP/Cpx55+OZq4ra+EJYW9r7U2ni+krXRlwbO6M0C/Wlga3cWiHt+aoHvdmYBOGa1vYLxBZWf6lIzPHe5Bq+/d8o1QdPhlfaBzpFvrt9czZfSDtd8n2rNkT1tTfffctyU3h4HvdsW4rtt2Lut+EUq/4by1myoEjo3TW7ecPX0zvhI8ZesJfP0PBd/pdpO+ji8DncffW9bq6QdGEs+PsbmLjf367AjVnfLE0vv7lp+weP3rVj68v6P7X2l7W40EH8o/Mh1/zr4o8LmnW+VkL/mFtznyYTPk4X438CIpy2EsO7Vr9/ULF6a/0+0N//vTm5n/DpuzB1LQvhIYeM+Fjf/Hy/JPgcLgexT8l3lQHbI/b+GGn5yAgAAwPFW291R218wld9mJ4Sn8+Ry/okjzB/3V4zPmb/dfvf/9SVLm8VL8//1zef/i5JuOv7v+D/zxPH/OZ3su6IXpQ/sPqZd0aXqmBeO/8/pZH+3Of4/J8f/Hf+fi+P/LTj+P6eT/WkrfUva5ktXCOHlP3ro2Wbx0vx/W3vzf+v/zb1oX239v/WN1v/b1mj9v93W/wMAAOZVg4Xm0nleafW+UoZ09b5ShpYLBLZcYtD6f0e8/t9Lpz//m9BEaf6/u735f3w5DBRbXyjr/42sa1DVrTGwzcKAAAAAnIwa7SAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg7fXAP/zPpmbxR3973rMvXDx+xZ61F7963XmnPhnC1MzjHVm4o//G28d/fve59+x5YPUd9x0+/6OVvFxPfvu7dbljrW8OhbCv8MhgTLw2VL0zG7jw0/fs6q4mHhsK4cPFwJY9W06pJr41FMKyYuDhS5a/p5rYk5Z48IVzX6omLk0Dn1px6hvVxDl5oCPt7j8uzrrbkXb35sUhLCkEat29YnF9VbU2/jQPdKZt/NNg1kYMDMai3xjM2oiB6VhialEIK7tD6EqrerSSVdWVVvUvlayqrrSqL1dCOCeE0J1W9UJvVlV3OvIne7OqYuC0D+1//YxqYl9vCCuLgac/d+dZ1cQXkkCt8b/oDeED1ZdM2vi3e7LGe9LGb+sJ4f0hhN60xC+7sxK9aYkXu0N4VyFQa/zz3SHsCrwjxA+fuk+0Hbuu3bJhenpy+zwmevO2+sLmqenJ0Y1bpzdVkj410lFIv3X90Y/9ude/tLF6e9G96wbbSXfn5Xpmury6p+7umpO997Ff/cVKZp+PUv0xf28YCIuu3jG5ffSLG3bu3L4q+9tu9tXZ3648mm2rVQtlWy0rVrJy55XbVu7Yde2KqSs3XD55+eRVq85ePXbm2Jqxj5+5sjqqsezv8RjqnSd+qKd3Fyo5ER8AEhISCy3RWffpNnayf5CXvujPdrQnVGY+oEvTimKWjplRHo9Brz3KER/N95SWI1pVmjiUsqyeI8v19VnWlCYTs7X0ZVlmvteVJofFxjpnNmm83xlGR7sabYfh+rvFzfuzY9i8z+Sbrt00AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP/HDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFXbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwA8cCAAAAAML8rcPo2QAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgEsBAAD//+erI4o=")
mkdir(&(0x7f0000000000)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000080)='ramfs\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@metacopy_on}]})
r0 = open(&(0x7f0000000040)='./file0\x00', 0x400, 0x43)
mknodat$loop(r0, &(0x7f00000002c0)='./file1\x00', 0x4, 0x0)
chdir(&(0x7f00000003c0)='./bus\x00')
linkat(r0, &(0x7f0000000100)='./file1\x00', r0, 0x0, 0x400)
renameat2(0xffffffffffffff9c, &(0x7f0000000a00)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000600)='./file1\x00', 0x2)
rename(&(0x7f0000000500)='./file1\x00', &(0x7f0000000c00)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')

263.864886ms ago: executing program 3 (id=1319):
r0 = syz_open_dev$video4linux(&(0x7f00000001c0), 0x7ffd, 0x400)
ioctl$EXT4_IOC_PRECACHE_EXTENTS(r0, 0x6612)

128.920738ms ago: executing program 2 (id=1320):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000080)={0xc, 0x0, <r1=>0x0})
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_mount_image$hfsplus(&(0x7f0000000040), &(0x7f0000000640)='./file0\x00', 0x2000003, &(0x7f0000000540)=ANY=[@ANYBLOB="6e6f6465636f6d706f7365008000000000000042000fc32c6e6f636172726965722c6e6f6465636e6d706f736500a580263e005a80c976898113cb9f4680642ce86dd3b5d3ba4a739e6654e4a1277ef2dd52ea98c5ea630da0c29cd73f8b9f4fd077e97f3ec1acc1ac91b93eec369217142e5897"], 0x1, 0x5f8, &(0x7f0000000c80)="$eJzs3U9rHOcdB/DvrK21VgV77dhJXAoVKYRSU1t/nFSFQtM0LaKEEuglEHIQtRQLr50gbYqSQ1FLX0FfQUpRDzn10FNpIYee+xZUciz05IsuRWFmZ7Vre6PIka1dJZ8PzD7PM8/M8+fnmWFmhJkAX1vLb2ZqO0WWr72+VZZ3dxY7uzuLd/v5JOeSNJLpJEW5+m9JPk2201tytV8xlD7i7Znm/Y/furrWK03XS7V9cdh+R7OdC2cOCo0k7eO2V8+tbGfh2O0NZjib5FKdwtjt9/1nZPUxz0sAYJIVyZlR69vJTH2zXj4H9O6Ke/fYp9r2uAcAAAAAJ+DCXvaylfPjHgcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACcJvX3/4t6afTzsyn63/9v1utS50+1T8Y9AAAAAAAAAAB4Ar69l71s5Xy/vF9Uf/N/oSpcrn6/kfezmdVs5Hq2spJuutnIfJL2UEPNrZVud2P+CHsujNxz4WTmCwAAAAAAAABfUb/P8uDv/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAmK5EwvSXE2udzPt9M4m2Q6SbPcbjv5Rz9/mn0y7gEAAADACbiwl71s5Xy/vF9Uz/zPVs/903k/99LNerrpZDW3qncBvaf+xu7OYmd3Z/FuuTza7k/+91jDqFpM793D6J7nqi2uHOyxnJ/nV7mW2byRjaznN1lJN6uZzWtVbiVF2vXbi3Z/nKPH+8oDpTe+aKzPVyNpZS3r1diu59d5N53cSqOaQ7XN4T3+roxO8ePaEWN0q07LGf2iTidDu4rI1EFE5urYl9G4eHgkHvM4ebin+TQO3kFdfgoxn6nTMtavTXTMF4aOvmcPj0Ty4p//eP92596d22ub1yZnSl/Sw5FYHIrEc1+rSDTraPSuoo93tXyh2vd81vPLvJtbWc3LuZmlLOSl3Mx8fpiXhuJ65QjnWuPxzrXvfLfOTCX5WZ1OhjKuF4fiOnyla1d1w2sGUbr05K9IZ79ZZ8qD9dWJuyJdfOja3I/EM4dH4k/75e9m596djdsr7x2xvxfrtIzATycqEuXxcqn8x6pKDx4dZd0zI+vmq7rLB3WNR+quHNR90ZnarO/hHmmptVDVPTeyl8Wq7vmhulF3OQBMvJnvzTRb/239u/VR6w+t263Xp189t3TuW81M/evs38/8tfGXxo+K5KP8dvD8DwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfHmbH3x4Z6XTWd2QOcnMKyfTVyNjn+lTyfx/f39/Aobx9DP972gNV7WSHLZX/3tYx+x9jBcl4ETc6N5978bmBx9+f/3uyjur76zeu7n0g8WXb84vLd1YW++szvV+xz1KAOBJGtz0j3skAAAAAAAAAAAAAADA5zmJ/8w87jkCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABfbctvZmo7Rebnrs+V5d2dxU659PODLaeTFGXmn0k+TbbTW9Ieaq74vH7enmne//itq2uDtqb72xeH7Xc0D4yl8dCYjtvewrHbG8xwNsmlOoWx+ywAAP//3Jv7Zw==")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6)
mbind(&(0x7f0000a45000/0x1000)=nil, 0x1000, 0x2, 0x0, 0x3, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
r5 = socket$inet_sctp(0x2, 0x1, 0x84)
r6 = syz_init_net_socket$ax25(0x3, 0x3, 0x7)
connect$ax25(r6, &(0x7f0000000180)={{0x3, @default, 0x3}, [@bcast, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, @bcast, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x3}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x2}, @null, @default]}, 0x48)
setsockopt$IP_VS_SO_SET_ADD(r5, 0x0, 0x482, &(0x7f0000000040)={0x84, @multicast2, 0x15, 0x3, 'sh\x00', 0x1, 0x4, 0x6d}, 0x2c)
r7 = socket$inet_sctp(0x2, 0x1, 0x84)
setsockopt$IP_VS_SO_SET_ADDDEST(r7, 0x0, 0x487, &(0x7f0000000000)={{0x84, @rand_addr=0x64010100, 0x4e20, 0x3, 'lc\x00', 0x8, 0x323b, 0x55}, {@remote, 0x4e23, 0x2000, 0x0, 0x12d5c, 0x12d5c}}, 0x44)
setsockopt$IP_VS_SO_SET_FLUSH(r5, 0x0, 0x485, 0x0, 0x0)
syz_io_uring_setup(0x10d, 0x0, 0x0, 0x0)
ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000240)={0x48, 0x2, r1})

0s ago: executing program 3 (id=1321):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100"/13], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
syz_usb_control_io$hid(0xffffffffffffffff, &(0x7f00000006c0)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6)
bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x18, &(0x7f0000000080)={0x0, &(0x7f0000000440)=""/30, &(0x7f0000000380), 0x0, 0x1}, 0x38)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r1 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x2000000f5, 0x2)
ioctl$vim2m_VIDIOC_S_CTRL(r1, 0xc008561c, &(0x7f0000000300)={0xf0f002, 0x1})

kernel console output (not intermixed with test programs):

ssd optimizations
[  406.313608][ T9283] BTRFS info (device loop2): allowing degraded mounts
[  406.320466][ T9283] BTRFS info (device loop2): using free space tree
[  406.594632][ T5794] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  407.027565][ T9318] netlink: 88 bytes leftover after parsing attributes in process `syz.3.818'.
[  409.960563][ T9338] loop0: detected capacity change from 0 to 512
[  409.995986][ T9338] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  410.027794][ T9338] EXT4-fs (loop0): 1 truncate cleaned up
[  410.039790][ T9338] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  410.810968][ T9350] netlink: 88 bytes leftover after parsing attributes in process `syz.3.828'.
[  410.890145][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  411.326563][ T9354] loop0: detected capacity change from 0 to 40427
[  411.373915][ T9354] F2FS-fs (loop0): invalid crc value
[  411.416795][ T9354] F2FS-fs (loop0): Found nat_bits in checkpoint
[  411.470001][ T9354] F2FS-fs (loop0): Start checkpoint disabled!
[  411.493735][ T9354] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e6
[  411.632293][ T9354] netlink: 8 bytes leftover after parsing attributes in process `syz.0.829'.
[  411.653307][   T28] audit: type=1804 audit(1752294998.881:152): pid=9354 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.829" name="/newroot/200/file0/file0" dev="loop0" ino=10 res=1 errno=0
[  411.723681][ T9342] loop2: detected capacity change from 0 to 32768
[  411.783066][ T9342] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.825 (9342)
[  411.960687][ T9342] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  412.401976][ T9365] loop1: detected capacity change from 0 to 32768
[  412.428877][ T9342] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  412.460122][ T9342] BTRFS info (device loop2): setting nodatasum
[  412.495812][ T9342] BTRFS info (device loop2): force zlib compression, level 3
[  412.512984][ T9365] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  412.532945][ T2940] kworker/u4:8: attempt to access beyond end of device
[  412.532945][ T2940] loop0: rw=1, sector=45096, nr_sectors = 8 limit=40427
[  412.549714][ T9342] BTRFS info (device loop2): metadata ratio 1
[  412.568534][ T9342] BTRFS info (device loop2): enabling ssd optimizations
[  412.577342][ T9342] BTRFS info (device loop2): allowing degraded mounts
[  412.585251][ T2940] kworker/u4:8: attempt to access beyond end of device
[  412.585251][ T2940] loop0: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  412.601388][ T9342] BTRFS info (device loop2): using free space tree
[  412.613076][ T2940] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  412.624151][ T2940] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  412.856721][ T5787] ocfs2: Unmounting device (7,1) on (node local)
[  413.050856][ T5794] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  413.363480][   T28] audit: type=1326 audit(1752295000.361:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9351 comm="syz.3.830" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0b4358e929 code=0x0
[  414.320919][ T9386] loop1: detected capacity change from 0 to 32768
[  414.332405][ T9386] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.834 (9386)
[  414.367676][ T9386] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  414.389243][ T9386] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  414.404870][ T9386] BTRFS info (device loop1): turning off barriers
[  414.412134][ T9386] BTRFS error (device loop1): unrecognized mount option 'max_inline='
[  414.431615][ T9386] BTRFS error (device loop1): open_ctree failed: -22
[  414.521819][ T7400] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by udevd (7400)
[  414.869065][ T9408] netlink: 'syz.1.838': attribute type 1 has an invalid length.
[  414.898798][ T9408] netlink: 'syz.1.838': attribute type 4 has an invalid length.
[  414.918039][ T9408] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.838'.
[  414.949010][ T9411] netlink: 'syz.1.838': attribute type 1 has an invalid length.
[  415.012615][ T9414] netlink: 88 bytes leftover after parsing attributes in process `syz.3.840'.
[  415.023548][ T9411] netlink: 'syz.1.838': attribute type 4 has an invalid length.
[  415.031333][ T9403] loop0: detected capacity change from 0 to 32768
[  415.099088][ T9403] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  415.103488][ T9411] netlink: 9462 bytes leftover after parsing attributes in process `syz.1.838'.
[  415.138735][ T9403] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  415.179889][ T9403] BTRFS info (device loop0): turning off barriers
[  415.195476][ T9403] BTRFS error (device loop0): unrecognized mount option 'max_inline='
[  415.238805][ T9403] BTRFS error (device loop0): open_ctree failed: -22
[  415.405964][ T9403] overlayfs: missing 'lowerdir'
[  415.413796][ T6209] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by udevd (6209)
[  415.775630][ T9426] blktrace: Concurrent blktraces are not allowed on sg0
[  416.707997][ T9429] loop2: detected capacity change from 0 to 40427
[  416.757728][ T9429] F2FS-fs (loop2): invalid crc value
[  416.863084][ T9429] F2FS-fs (loop2): Found nat_bits in checkpoint
[  416.905026][ T9429] F2FS-fs (loop2): Start checkpoint disabled!
[  416.932013][ T9429] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  417.258511][ T9438] input: syz0 as /devices/virtual/input/input17
[  418.149841][ T9431] loop0: detected capacity change from 0 to 32768
[  418.200459][ T9431] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  418.297477][ T9431] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  418.324964][ T9431] BTRFS info (device loop0): setting nodatasum
[  418.331207][ T9431] BTRFS info (device loop0): force zlib compression, level 3
[  418.373657][ T9431] BTRFS info (device loop0): metadata ratio 1
[  418.379799][ T9431] BTRFS info (device loop0): enabling ssd optimizations
[  418.412810][ T9431] BTRFS info (device loop0): allowing degraded mounts
[  418.422952][ T9431] BTRFS info (device loop0): using free space tree
[  418.698741][   T28] audit: type=1326 audit(1752295005.751:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9432 comm="syz.3.845" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0b4358e929 code=0x0
[  418.798885][ T2940] kworker/u4:8: attempt to access beyond end of device
[  418.798885][ T2940] loop2: rw=1, sector=45096, nr_sectors = 8 limit=40427
[  418.845040][ T2940] kworker/u4:8: attempt to access beyond end of device
[  418.845040][ T2940] loop2: rw=2049, sector=40960, nr_sectors = 40 limit=40427
[  418.899279][ T2940] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  418.924455][ T2940] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  418.931435][ T2940] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  418.943038][ T2940] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  418.988453][ T2940] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  419.094211][ T5784] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  419.127765][ T9435] loop1: detected capacity change from 0 to 32768
[  419.160037][ T9435] BTRFS warning: duplicate device /dev/loop1 devid 1 generation 8 scanned by syz.1.846 (9435)
[  419.493249][ T7400] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by udevd (7400)
[  420.216020][ T9473] loop2: detected capacity change from 0 to 4096
[  420.292915][ T9473] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  420.407493][   T28] audit: type=1800 audit(1752295007.641:155): pid=9473 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.847" name="file1" dev="loop2" ino=15 res=0 errno=0
[  420.836210][ T5794] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  421.222028][ T9489] blktrace: Concurrent blktraces are not allowed on sg0
[  421.891004][ T9486] netlink: 8 bytes leftover after parsing attributes in process `syz.0.855'.
[  421.907223][ T9476] loop3: detected capacity change from 0 to 32768
[  421.965635][ T9476] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  421.993002][ T9476] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  422.027796][ T9476] BTRFS info (device loop3): turning off barriers
[  422.044784][ T9476] BTRFS error (device loop3): unrecognized mount option 'max_inline='
[  422.244580][ T9476] BTRFS error (device loop3): open_ctree failed: -22
[  423.069745][   T28] audit: type=1326 audit(1752295009.591:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9492 comm="syz.2.856" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff00338e929 code=0x0
[  423.103677][ T9499] loop1: detected capacity change from 0 to 4096
[  423.172268][ T9476] overlayfs: missing 'lowerdir'
[  423.243162][ T7400] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by udevd (7400)
[  423.243674][ T9502] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  423.404808][ T9499] netlink: 88 bytes leftover after parsing attributes in process `syz.1.857'.
[  423.414007][ T9499] netlink: 16 bytes leftover after parsing attributes in process `syz.1.857'.
[  423.436212][ T9499] NILFS (loop1): DAT doesn't have a block to manage vblocknr = 524288
[  423.444539][ T9499] NILFS error (device loop1): nilfs_bmap_truncate: broken bmap (inode number=15)
[  423.618242][ T9499] Remounting filesystem read-only
[  423.623594][ T9499] NILFS (loop1): error -5 truncating bmap (ino=15)
[  424.283665][ T5787] NILFS (loop1): discard dirty page: offset=8192, ino=6
[  424.290683][ T5787] NILFS (loop1): discard dirty block: blocknr=25, size=4096
[  424.358336][ T5787] NILFS (loop1): disposed unprocessed dirty file(s) when detaching log writer
[  424.569753][ T9515] loop3: detected capacity change from 0 to 1024
[  424.589778][ T9515] EXT4-fs: Ignoring removed bh option
[  424.650740][ T9515] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  424.760028][ T9515] EXT4-fs error (device loop3): ext4_mb_mark_diskspace_used:4036: comm syz.3.863: Allocating blocks 465-513 which overlap fs metadata
[  424.820606][ T9515] EXT4-fs (loop3): Remounting filesystem read-only
[  424.842349][ T9513] EXT4-fs (loop3): pa ffff888079d05cb0: logic 256, phys. 369, len 9
[  424.936469][ T5783] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  424.989038][ T9501] loop2: detected capacity change from 0 to 32768
[  425.042746][ T9501] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  426.054339][ T9538] loop0: detected capacity change from 0 to 8
[  426.105622][ T9501] XFS (loop2): Ending clean mount
[  426.127603][ T9501] XFS (loop2): Quotacheck needed: Please wait.
[  426.141949][ T9538] MTD: Attempt to mount non-MTD device "/dev/loop0"
[  426.230914][ T7400] udevd[7400]: incorrect cramfs checksum on /dev/loop0
[  426.253235][ T9538] cramfs: Error -3 while decompressing!
[  426.260765][ T9538] cramfs: ffffffff96fdb6c8(26)->ffff888077531000(4096)
[  426.308907][ T9501] XFS (loop2): Quotacheck: Done.
[  426.348925][ T7400] udevd[7400]: incorrect cramfs checksum on /dev/loop0
[  426.393756][ T9538] cramfs: Error -5 while decompressing!
[  426.399416][ T9538] cramfs: ffffffff96fdb6e2(26)->ffff888075c93000(4096)
[  426.462185][ T5794] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  426.479094][ T9538] cramfs: Error -3 while decompressing!
[  426.486051][ T9538] cramfs: ffffffff96fdb6fc(16)->ffff888077530000(4096)
[  426.497661][ T9538] cramfs: Error -3 while decompressing!
[  426.503457][ T9538] cramfs: ffffffff96fdb6c8(26)->ffff888077531000(4096)
[  426.510579][   T28] audit: type=1800 audit(1752295013.741:157): pid=9538 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.866" name="file2" dev="loop0" ino=348 res=0 errno=0
[  426.556113][ T7400] udevd[7400]: incorrect cramfs checksum on /dev/loop0
[  426.949988][ T9550] loop0: detected capacity change from 0 to 4096
[  427.000317][ T9553] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  427.162700][ T9554] netlink: 88 bytes leftover after parsing attributes in process `syz.0.870'.
[  427.172159][ T9554] netlink: 16 bytes leftover after parsing attributes in process `syz.0.870'.
[  427.191476][ T9554] NILFS (loop0): DAT doesn't have a block to manage vblocknr = 524288
[  427.200024][ T9554] NILFS error (device loop0): nilfs_bmap_truncate: broken bmap (inode number=15)
[  427.312687][ T9554] Remounting filesystem read-only
[  427.318173][ T9554] NILFS (loop0): error -5 truncating bmap (ino=15)
[  427.947503][ T5784] NILFS (loop0): discard dirty page: offset=8192, ino=6
[  427.954888][ T5784] NILFS (loop0): discard dirty block: blocknr=25, size=4096
[  427.962600][ T5784] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer
[  428.369812][ T9570] loop0: detected capacity change from 0 to 1024
[  428.419732][ T9570] EXT4-fs: Ignoring removed bh option
[  428.438560][ T9568] loop2: detected capacity change from 0 to 8
[  428.690451][ T9568] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  428.708110][ T9570] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  428.991901][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  430.108393][ T9578] loop3: detected capacity change from 0 to 32768
[  430.240784][ T9578] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  431.269049][ T9578] XFS (loop3): Ending clean mount
[  431.401310][ T9610] loop0: detected capacity change from 0 to 256
[  431.518016][ T5783] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  431.530691][ T9610] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  431.901385][ T9617] netlink: 100 bytes leftover after parsing attributes in process `syz.2.881'.
[  431.970989][ T9590] loop1: detected capacity change from 0 to 32768
[  432.156111][ T9590] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  432.655128][ T9590] XFS (loop1): Ending clean mount
[  432.684823][ T9590] XFS (loop1): Quotacheck needed: Please wait.
[  433.022201][ T9590] XFS (loop1): Quotacheck: Done.
[  433.110385][ T5787] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  433.216606][ T9639] loop2: detected capacity change from 0 to 32768
[  433.225086][ T9639] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 scanned by syz.2.884 (9639)
[  433.283600][ T9639] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  433.350856][ T9639] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm
[  433.415796][ T9639] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  433.450304][ T9639] BTRFS info (device loop2): use zstd compression, level 3
[  433.471767][ T9639] BTRFS info (device loop2): using free space tree
[  433.615828][ T9639] BTRFS info (device loop2): enabling ssd optimizations
[  433.622896][ T9639] BTRFS info (device loop2): auto enabling async discard
[  433.785378][   T28] audit: type=1800 audit(1752295021.021:158): pid=9639 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.884" name="file1" dev="loop2" ino=260 res=0 errno=0
[  433.902138][ T5794] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  434.227173][ T7400] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 9 /dev/loop2 scanned by udevd (7400)
[  434.960689][ T9667] loop1: detected capacity change from 0 to 32768
[  435.030376][ T9667] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  435.093591][ T9667] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  435.102371][ T9667] BTRFS info (device loop1): setting nodatasum
[  435.149293][ T9667] BTRFS info (device loop1): force zlib compression, level 3
[  435.175472][ T9667] BTRFS info (device loop1): metadata ratio 1
[  435.203621][ T9667] BTRFS info (device loop1): enabling ssd optimizations
[  435.230106][ T9667] BTRFS info (device loop1): allowing degraded mounts
[  435.263454][ T9667] BTRFS info (device loop1): using free space tree
[  436.399026][   T28] audit: type=1326 audit(1752295022.941:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9690 comm="syz.2.891" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff00338e929 code=0x0
[  436.519380][ T9671] loop3: detected capacity change from 0 to 32768
[  436.587375][ T5787] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  436.603987][ T9671] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  436.788627][ T9671] XFS (loop3): Ending clean mount
[  436.861941][ T9713] netlink: 'syz.0.895': attribute type 1 has an invalid length.
[  436.929809][ T9713] netlink: 16150 bytes leftover after parsing attributes in process `syz.0.895'.
[  436.942088][ T6209] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 9 /dev/loop1 scanned by udevd (6209)
[  437.022059][ T9715] netlink: 'syz.0.895': attribute type 1 has an invalid length.
[  437.054937][ T5783] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  437.062520][ T9715] netlink: 16150 bytes leftover after parsing attributes in process `syz.0.895'.
[  437.157791][ T9716] loop2: detected capacity change from 0 to 4096
[  437.233569][ T9721] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  437.370819][ T9722] netlink: 88 bytes leftover after parsing attributes in process `syz.2.896'.
[  437.380032][ T9722] netlink: 16 bytes leftover after parsing attributes in process `syz.2.896'.
[  437.422598][ T9722] NILFS (loop2): DAT doesn't have a block to manage vblocknr = 524288
[  437.430904][ T9722] NILFS error (device loop2): nilfs_bmap_truncate: broken bmap (inode number=15)
[  437.596414][ T9722] Remounting filesystem read-only
[  437.601759][ T9722] NILFS (loop2): error -5 truncating bmap (ino=15)
[  438.383639][ T5794] NILFS (loop2): discard dirty page: offset=8192, ino=6
[  438.390846][ T5794] NILFS (loop2): discard dirty block: blocknr=25, size=4096
[  438.413649][ T5794] NILFS (loop2): disposed unprocessed dirty file(s) when detaching log writer
[  439.009932][ T9725] loop0: detected capacity change from 0 to 32768
[  439.034968][ T9725] BTRFS error: device /dev/loop0 already registered with a higher generation, found 8 expect 9
[  439.110821][ T9725] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  439.164801][ T7400] BTRFS error: device /dev/loop0 already registered with a higher generation, found 8 expect 9
[  440.079706][ T9738] netlink: 100 bytes leftover after parsing attributes in process `syz.0.901'.
[  441.159512][ T9753] loop1: detected capacity change from 0 to 256
[  441.226753][ T9753] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  441.884613][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[  441.891271][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[  442.239304][ T9761] loop1: detected capacity change from 0 to 2048
[  442.310307][ T9761] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000900 r/w without journal. Quota mode: none.
[  442.490406][ T9754] loop3: detected capacity change from 0 to 32768
[  442.520336][ T9754] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  442.551589][ T5787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000900.
[  442.662637][ T9754] XFS (loop3): Ending clean mount
[  442.845125][ T5783] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  442.854092][ T9757] loop2: detected capacity change from 0 to 32768
[  442.946039][ T9757] ocfs2: Mounting device (7,2) on (node local, slot 0) with writeback data mode.
[  443.073452][ T9757] (syz.2.909,9757,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: rec_len % 4 != 0 - offset=312, inode=13845347915746889, rec_len=25793, name_len=214
[  443.366293][ T5794] ocfs2: Unmounting device (7,2) on (node local)
[  443.610713][ T9777] loop1: detected capacity change from 0 to 32768
[  443.696061][ T9777] XFS (loop1): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  443.963459][ T9777] XFS (loop1): Ending clean mount
[  444.058478][ T9777] XFS (loop1): Quotacheck needed: Please wait.
[  444.110383][ T9781] loop0: detected capacity change from 0 to 32768
[  444.213019][   T28] audit: type=1800 audit(1752295031.421:160): pid=9781 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.914" name="file1" dev="loop0" ino=4 res=0 errno=0
[  444.262086][ T9777] XFS (loop1): Quotacheck: Done.
[  444.321752][ T9807] loop3: detected capacity change from 0 to 256
[  444.451352][ T9807] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  444.475380][ T5787] XFS (loop1): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  444.739265][ T9812] loop2: detected capacity change from 0 to 2048
[  444.837896][ T9812] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  444.972016][ T9812] vlan2: entered promiscuous mode
[  445.057658][ T9805] jfs: Unrecognized mount option "ÿÿ0xffffffffffffffff)«;0ß}u¯jf°5Œ#X‰Î*„زïJ!¢|šñ;fWÿ ~]X®©À
[  445.057658][ T9805] " or missing value
[  445.252870][ T5794] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  445.559839][ T9814] loop3: detected capacity change from 0 to 32768
[  445.600464][ T9814] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  445.713835][ T9814] XFS (loop3): Ending clean mount
[  445.860012][ T9818] loop1: detected capacity change from 0 to 32768
[  445.869172][ T5783] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  445.968589][ T9818] syz.1.919: attempt to access beyond end of device
[  445.968589][ T9818] loop1: rw=1, sector=4680032, nr_sectors = 8 limit=32768
[  445.990974][ T9818] metapage_write_end_io: I/O error
[  446.026028][ T9818] blkno = 8ed2c, nblocks = 1
[  446.036606][ T9818] ERROR: (device loop1): dbUpdatePMap: blocks are outside the map
[  446.036606][ T9818] 
[  446.090981][ T9818] ERROR: (device loop1): remounting filesystem as read-only
[  446.278168][  T112] blkno = 8ed2c, nblocks = 4
[  446.282844][  T112] ERROR: (device loop1): dbUpdatePMap: blocks are outside the map
[  446.282844][  T112] 
[  446.324559][ T5787] syz-executor: attempt to access beyond end of device
[  446.324559][ T5787] loop1: rw=1, sector=4680032, nr_sectors = 8 limit=32768
[  446.353552][ T5787] metapage_write_end_io: I/O error
[  446.359646][ T5787] JFS: metapage_get_blocks failed
[  446.383448][ T5787] JFS: metapage_get_blocks failed
[  446.388653][ T5787] JFS: metapage_get_blocks failed
[  446.403631][ T5787] JFS: metapage_get_blocks failed
[  446.623203][ T9843] loop3: detected capacity change from 0 to 256
[  447.084843][ T9843] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  447.766068][ T9847] loop0: detected capacity change from 0 to 1024
[  447.944559][ T9847] EXT4-fs: Ignoring removed bh option
[  448.002483][ T9847] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  448.151817][   T28] audit: type=1326 audit(1752295035.381:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9849 comm="syz.1.927" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7f4ab8e929 code=0x0
[  448.198372][ T9847] EXT4-fs error (device loop0): ext4_mb_mark_diskspace_used:4036: comm syz.0.930: Allocating blocks 497-513 which overlap fs metadata
[  448.243489][ T9847] EXT4-fs (loop0): Remounting filesystem read-only
[  448.250428][   T28] audit: type=1800 audit(1752295035.431:162): pid=9847 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.930" name="bus" dev="loop0" ino=18 res=0 errno=0
[  448.280486][ T9846] EXT4-fs (loop0): pa ffff888079d05bc8: logic 0, phys. 257, len 16
[  448.337251][ T9841] loop2: detected capacity change from 0 to 40427
[  448.347923][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  448.419554][ T9841] F2FS-fs (loop2): invalid crc value
[  448.458052][ T9841] F2FS-fs (loop2): Found nat_bits in checkpoint
[  448.563268][ T9860] loop0: detected capacity change from 0 to 512
[  448.612183][ T9860] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  448.797032][ T9860] EXT4-fs (loop0): 1 truncate cleaned up
[  448.814493][ T9860] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  448.843700][ T9841] F2FS-fs (loop2): Start checkpoint disabled!
[  448.896434][ T9841] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  448.983962][ T9841] netlink: 8 bytes leftover after parsing attributes in process `syz.2.928'.
[  449.187836][   T28] audit: type=1804 audit(1752295036.421:163): pid=9841 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.928" name="/newroot/214/file0/file0" dev="loop2" ino=10 res=1 errno=0
[  449.275093][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  449.316305][ T9851] loop3: detected capacity change from 0 to 32768
[  449.364737][ T9851] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 9
[  449.443186][ T9851] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  449.753120][  T991] kworker/u4:5: attempt to access beyond end of device
[  449.753120][  T991] loop2: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  449.769568][ T5789] BTRFS error: device /dev/loop3 already registered with a higher generation, found 8 expect 9
[  449.828547][  T991] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  449.886710][  T991] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  451.506657][ T9882] loop0: detected capacity change from 0 to 256
[  451.564935][ T9882] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  451.861226][ T9890] loop2: detected capacity change from 0 to 4096
[  451.902486][ T9890] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  451.974838][ T9895] loop1: detected capacity change from 0 to 512
[  451.997404][ T9895] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  452.030596][   T28] audit: type=1800 audit(1752295039.261:164): pid=9890 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.934" name="file1" dev="loop2" ino=15 res=0 errno=0
[  452.075094][ T9895] EXT4-fs (loop1): 1 truncate cleaned up
[  452.082309][ T9895] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  452.240119][ T5794] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  452.515890][ T9900] loop3: detected capacity change from 0 to 32768
[  452.979370][ T9900] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  453.286882][ T9900] XFS (loop3): Ending clean mount
[  453.317835][ T5787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  453.391874][ T9914] x_tables: duplicate underflow at hook 1
[  453.574360][   T28] audit: type=1800 audit(1752295040.721:165): pid=9914 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.945" name="file1" dev="loop3" ino=9286 res=0 errno=0
[  454.485184][ T9918] loop2: detected capacity change from 0 to 8
[  454.623158][ T9918] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  455.068236][ T5789] udevd[5789]: incorrect cramfs checksum on /dev/loop2
[  455.319251][ T9918] cramfs: Error -3 while decompressing!
[  455.427809][ T9918] cramfs: ffffffff96fdf6c8(26)->ffff88805b705000(4096)
[  455.652731][ T9918] cramfs: Error -5 while decompressing!
[  455.765209][ T9918] cramfs: ffffffff96fdf6e2(26)->ffff88806c775000(4096)
[  455.772171][ T9918] cramfs: Error -3 while decompressing!
[  455.897987][ T5789] udevd[5789]: incorrect cramfs checksum on /dev/loop2
[  455.910854][ T9918] cramfs: ffffffff96fdf6fc(16)->ffff88805b6f2000(4096)
[  455.918582][ T9918] cramfs: Error -3 while decompressing!
[  455.924349][ T9918] cramfs: ffffffff96fdf6c8(26)->ffff88805b705000(4096)
[  455.931559][   T28] audit: type=1800 audit(1752295043.161:166): pid=9918 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.947" name="file2" dev="loop2" ino=348 res=0 errno=0
[  456.788807][ T9932] loop0: detected capacity change from 0 to 1024
[  456.849412][ T9932] EXT4-fs: Ignoring removed bh option
[  456.910460][ T9932] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  456.986893][ T5783] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  457.218156][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  457.368527][ T9928] loop2: detected capacity change from 0 to 32768
[  457.413826][ T9928] BTRFS error: device /dev/loop2 already registered with a higher generation, found 8 expect 9
[  457.510461][ T9928] overlayfs: missing 'lowerdir'
[  457.615697][ T6209] BTRFS error: device /dev/loop2 already registered with a higher generation, found 8 expect 9
[  457.681224][ T9944] loop3: detected capacity change from 0 to 256
[  457.738517][ T9944] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  458.243543][ T9951] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  459.074080][ T9955] loop0: detected capacity change from 0 to 8
[  459.082047][ T9955] MTD: Attempt to mount non-MTD device "/dev/loop0"
[  459.174290][ T9955] cramfs: Error -3 while decompressing!
[  459.179913][ T9955] cramfs: ffffffff96fdb6c8(26)->ffff88805516e000(4096)
[  459.217415][ T7400] udevd[7400]: incorrect cramfs checksum on /dev/loop0
[  459.259239][ T9955] cramfs: Error -5 while decompressing!
[  459.305775][ T9955] cramfs: ffffffff96fdb6e2(26)->ffff88805ad42000(4096)
[  459.315920][ T9955] cramfs: Error -3 while decompressing!
[  459.321909][ T9955] cramfs: ffffffff96fdb6fc(16)->ffff88805a9be000(4096)
[  459.334379][ T7400] udevd[7400]: incorrect cramfs checksum on /dev/loop0
[  459.372075][ T9955] cramfs: Error -3 while decompressing!
[  459.385756][ T9955] cramfs: ffffffff96fdb6c8(26)->ffff88805516e000(4096)
[  459.423521][   T28] audit: type=1800 audit(1752295046.651:167): pid=9955 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.957" name="file2" dev="loop0" ino=348 res=0 errno=0
[  459.465739][ T9961] netlink: 8 bytes leftover after parsing attributes in process `syz.3.956'.
[  459.679029][ T9964] loop0: detected capacity change from 0 to 1764
[  459.707302][ T9961] syz.3.956 (9961) used greatest stack depth: 17960 bytes left
[  460.427809][ T9971] blktrace: Concurrent blktraces are not allowed on sg0
[  460.902997][ T9960] loop2: detected capacity change from 0 to 40427
[  460.960617][ T9960] F2FS-fs (loop2): invalid crc value
[  460.998212][ T9960] F2FS-fs (loop2): Found nat_bits in checkpoint
[  461.105924][ T9960] F2FS-fs (loop2): Start checkpoint disabled!
[  461.118018][ T9960] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  461.132588][ T9979] loop0: detected capacity change from 0 to 256
[  461.199174][ T9979] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  461.234077][ T9960] netlink: 8 bytes leftover after parsing attributes in process `syz.2.958'.
[  461.313455][   T28] audit: type=1804 audit(1752295048.531:168): pid=9960 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.958" name="/newroot/220/file0/file0" dev="loop2" ino=10 res=1 errno=0
[  461.668326][   T38] kworker/u4:2: attempt to access beyond end of device
[  461.668326][   T38] loop2: rw=1, sector=45096, nr_sectors = 8 limit=40427
[  461.753040][ T9923] kworker/u4:7: attempt to access beyond end of device
[  461.753040][ T9923] loop2: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  461.770681][ T9923] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  461.778161][ T9923] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  462.655192][ T9992] loop3: detected capacity change from 0 to 8
[  462.673186][ T9992] MTD: Attempt to mount non-MTD device "/dev/loop3"
[  462.717786][ T7400] udevd[7400]: incorrect cramfs checksum on /dev/loop3
[  462.730660][ T9992] cramfs: Error -3 while decompressing!
[  462.748715][ T9992] cramfs: ffffffff96fdf6c8(26)->ffff88806c69d000(4096)
[  462.767143][ T9992] cramfs: Error -5 while decompressing!
[  462.793414][ T9992] cramfs: ffffffff96fdf6e2(26)->ffff88806c69a000(4096)
[  462.804836][ T7400] udevd[7400]: incorrect cramfs checksum on /dev/loop3
[  462.821497][ T9992] cramfs: Error -3 while decompressing!
[  462.831587][ T9992] cramfs: ffffffff96fdf6fc(16)->ffff88806c69c000(4096)
[  462.852024][ T9992] cramfs: Error -3 while decompressing!
[  462.867938][ T9992] cramfs: ffffffff96fdf6c8(26)->ffff88806c69d000(4096)
[  462.878245][   T28] audit: type=1800 audit(1752295050.111:169): pid=9992 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.969" name="file2" dev="loop3" ino=348 res=0 errno=0
[  463.198621][ T9985] loop0: detected capacity change from 0 to 32768
[  463.217095][ T9998] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  463.237312][ T9985] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  463.325573][T10006] loop2: detected capacity change from 0 to 256
[  463.356627][T10006] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  463.388196][ T9985] XFS (loop0): Ending clean mount
[  463.397365][T10006] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512
[  463.433541][T10006] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found
[  463.441260][T10006] UDF-fs: Scanning with blocksize 512 failed
[  463.494727][T10006] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  463.520886][ T5784] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  463.567716][T10006] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found!
[  463.610698][T10006] UDF-fs: error (device loop2): udf_process_sequence: Primary Volume Descriptor not found!
[  463.668799][T10006] UDF-fs: Scanning with blocksize 1024 failed
[  463.688247][T10006] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  463.731635][T10006] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512
[  463.759313][T10006] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found
[  463.776771][T10006] UDF-fs: Scanning with blocksize 2048 failed
[  463.793258][T10006] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  463.820078][T10006] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=512, location=512
[  463.842865][T10006] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found
[  463.874831][T10006] UDF-fs: Scanning with blocksize 4096 failed
[  463.880964][T10006] UDF-fs: warning (device loop2): udf_fill_super: No partition found (1)
[  465.611953][T10021] blktrace: Concurrent blktraces are not allowed on sg0
[  467.038425][T10010] loop3: detected capacity change from 0 to 32768
[  467.533865][T10032] loop1: detected capacity change from 0 to 32768
[  467.614649][T10032] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  468.537042][ T5787] ocfs2: Unmounting device (7,1) on (node local)
[  468.562741][T10040] netlink: 'syz.0.981': attribute type 1 has an invalid length.
[  468.584245][T10040] netlink: 16150 bytes leftover after parsing attributes in process `syz.0.981'.
[  468.667303][T10043] netlink: 'syz.0.981': attribute type 1 has an invalid length.
[  468.683400][T10043] netlink: 16150 bytes leftover after parsing attributes in process `syz.0.981'.
[  468.758236][T10042] netlink: 44 bytes leftover after parsing attributes in process `syz.1.982'.
[  468.915996][T10042] netlink: 88 bytes leftover after parsing attributes in process `syz.1.982'.
[  469.268203][T10052] loop0: detected capacity change from 0 to 2048
[  469.500873][T10052] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  469.757746][T10063] blktrace: Concurrent blktraces are not allowed on sg0
[  470.298903][T10052] vlan2: entered promiscuous mode
[  470.514088][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  471.777038][T10078] loop2: detected capacity change from 0 to 128
[  471.845118][T10078] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  471.877702][T10077] loop1: detected capacity change from 0 to 40427
[  471.891393][T10077] F2FS-fs (loop1): invalid crc value
[  471.911199][T10077] F2FS-fs (loop1): Found nat_bits in checkpoint
[  471.946113][T10082] netlink: 'syz.0.994': attribute type 1 has an invalid length.
[  471.948752][T10078] ext4 filesystem being mounted at /227/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  471.975947][T10077] F2FS-fs (loop1): Start checkpoint disabled!
[  471.982679][T10082] netlink: 16150 bytes leftover after parsing attributes in process `syz.0.994'.
[  472.027265][T10078] netlink: 52 bytes leftover after parsing attributes in process `syz.2.993'.
[  472.045816][T10082] netlink: 'syz.0.994': attribute type 1 has an invalid length.
[  472.054013][T10077] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  472.070871][T10082] netlink: 16150 bytes leftover after parsing attributes in process `syz.0.994'.
[  472.188901][T10077] netlink: 8 bytes leftover after parsing attributes in process `syz.1.992'.
[  472.217167][   T28] audit: type=1804 audit(1752295059.451:170): pid=10077 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.992" name="/newroot/258/file0/file0" dev="loop1" ino=10 res=1 errno=0
[  472.261528][ T5794] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  472.440164][T10086] netlink: 44 bytes leftover after parsing attributes in process `syz.2.995'.
[  472.486900][T10086] netlink: 88 bytes leftover after parsing attributes in process `syz.2.995'.
[  472.507776][   T11] kworker/u4:0: attempt to access beyond end of device
[  472.507776][   T11] loop1: rw=1, sector=45096, nr_sectors = 8 limit=40427
[  472.526324][   T38] kworker/u4:2: attempt to access beyond end of device
[  472.526324][   T38] loop1: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  472.689128][   T38] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  472.700425][   T38] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  472.865660][T10091] blktrace: Concurrent blktraces are not allowed on sg0
[  473.955044][T10100] loop2: detected capacity change from 0 to 4096
[  474.032595][T10104] loop1: detected capacity change from 0 to 1764
[  475.650816][T10106] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  475.824306][T10107] netlink: 88 bytes leftover after parsing attributes in process `syz.2.1000'.
[  475.833501][T10107] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1000'.
[  475.855654][T10107] NILFS (loop2): DAT doesn't have a block to manage vblocknr = 524288
[  475.864102][T10107] NILFS error (device loop2): nilfs_bmap_truncate: broken bmap (inode number=15)
[  476.559144][T10107] Remounting filesystem read-only
[  476.564418][T10107] NILFS (loop2): error -5 truncating bmap (ino=15)
[  477.019302][ T5794] NILFS (loop2): discard dirty page: offset=8192, ino=6
[  477.026475][ T5794] NILFS (loop2): discard dirty block: blocknr=25, size=4096
[  477.034378][ T5794] NILFS (loop2): disposed unprocessed dirty file(s) when detaching log writer
[  477.646291][T10114] loop1: detected capacity change from 0 to 40427
[  477.657417][T10114] F2FS-fs (loop1): invalid crc value
[  477.675643][T10114] F2FS-fs (loop1): Found nat_bits in checkpoint
[  477.854267][T10114] F2FS-fs (loop1): Start checkpoint disabled!
[  477.905172][T10114] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  478.335427][T10114] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1005'.
[  478.373503][   T28] audit: type=1804 audit(1752295065.591:171): pid=10114 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1005" name="/newroot/260/file0/file0" dev="loop1" ino=10 res=1 errno=0
[  478.534782][T10125] netlink: 'syz.3.1006': attribute type 1 has an invalid length.
[  478.542587][T10125] netlink: 16150 bytes leftover after parsing attributes in process `syz.3.1006'.
[  478.560477][T10112] loop0: detected capacity change from 0 to 32768
[  478.579885][T10125] netlink: 'syz.3.1006': attribute type 1 has an invalid length.
[  478.597921][T10125] netlink: 16150 bytes leftover after parsing attributes in process `syz.3.1006'.
[  478.658999][   T11] kworker/u4:0: attempt to access beyond end of device
[  478.658999][   T11] loop1: rw=1, sector=45096, nr_sectors = 8 limit=40427
[  478.771891][   T38] kworker/u4:2: attempt to access beyond end of device
[  478.771891][   T38] loop1: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  478.820819][   T38] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  478.828159][   T38] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  479.108218][T10131] blktrace: Concurrent blktraces are not allowed on sg0
[  479.161511][T10112] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode.
[  479.647367][ T5784] ocfs2: Unmounting device (7,0) on (node local)
[  479.919622][T10136] loop2: detected capacity change from 0 to 4096
[  480.003544][T10137] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  480.151279][T10138] netlink: 88 bytes leftover after parsing attributes in process `syz.2.1012'.
[  480.161166][T10138] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1012'.
[  480.237283][T10138] NILFS (loop2): DAT doesn't have a block to manage vblocknr = 524288
[  480.245771][T10138] NILFS error (device loop2): nilfs_bmap_truncate: broken bmap (inode number=15)
[  480.417130][T10138] Remounting filesystem read-only
[  480.422446][T10138] NILFS (loop2): error -5 truncating bmap (ino=15)
[  482.023926][ T5794] NILFS (loop2): discard dirty page: offset=8192, ino=6
[  482.038132][ T5794] NILFS (loop2): discard dirty block: blocknr=25, size=4096
[  482.082319][ T5794] NILFS (loop2): disposed unprocessed dirty file(s) when detaching log writer
[  482.109134][T10145] loop0: detected capacity change from 0 to 2048
[  482.154522][T10145] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  482.417422][T10145] vlan2: entered promiscuous mode
[  482.605059][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  482.823134][T10159] loop2: detected capacity change from 0 to 1024
[  482.972255][T10163] loop3: detected capacity change from 0 to 4096
[  483.077744][T10167] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  483.829544][ T4108] hfsplus: b-tree write err: -5, ino 4
[  484.145395][T10175] UBIFS error (pid: 10175): cannot open "ubifs", error -22
[  485.930742][T10182] loop3: detected capacity change from 0 to 2048
[  486.026079][T10182] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  486.180713][T10182] vlan2: entered promiscuous mode
[  486.470920][ T5783] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  487.388854][T10195] loop1: detected capacity change from 0 to 40427
[  487.390902][T10197] loop2: detected capacity change from 0 to 256
[  487.400123][T10195] F2FS-fs (loop1): invalid crc value
[  487.427437][T10195] F2FS-fs (loop1): Found nat_bits in checkpoint
[  487.477520][T10195] F2FS-fs (loop1): Start checkpoint disabled!
[  487.497535][T10197] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  487.511831][T10195] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  487.588946][T10195] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1029'.
[  487.642829][   T28] audit: type=1804 audit(1752295074.871:172): pid=10195 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1029" name="/newroot/264/file0/file0" dev="loop1" ino=10 res=1 errno=0
[  487.828637][T10191] loop0: detected capacity change from 0 to 32768
[  487.905135][T10191] BTRFS error: device /dev/loop0 already registered with a higher generation, found 8 expect 9
[  487.977539][   T11] kworker/u4:0: attempt to access beyond end of device
[  487.977539][   T11] loop1: rw=1, sector=45096, nr_sectors = 8 limit=40427
[  488.050467][   T48] kworker/u4:3: attempt to access beyond end of device
[  488.050467][   T48] loop1: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  488.114034][   T48] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  488.120999][   T48] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  488.170507][ T5789] I/O error, dev loop0, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  489.913630][T10211] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1034'.
[  489.922525][T10211] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1034'.
[  490.069574][T10214] loop2: detected capacity change from 0 to 4096
[  490.076910][T10211] netlink: 88 bytes leftover after parsing attributes in process `syz.3.1034'.
[  490.185067][T10214] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  490.501357][T10220] loop3: detected capacity change from 0 to 2048
[  490.587774][ T5794] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  490.656404][T10220] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  491.040808][T10227] loop1: detected capacity change from 0 to 32768
[  491.127676][T10227] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  491.140808][T10218] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  491.186111][T10220] vlan2: entered promiscuous mode
[  491.306347][T10231] loop2: detected capacity change from 0 to 512
[  491.336809][T10231] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  491.429815][ T5787] ocfs2: Unmounting device (7,1) on (node local)
[  491.455495][ T5783] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  491.500561][T10231] EXT4-fs (loop2): 1 truncate cleaned up
[  491.549396][T10231] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  491.901576][T10235] loop1: detected capacity change from 0 to 40427
[  491.947883][T10235] F2FS-fs (loop1): invalid crc value
[  492.117889][T10235] F2FS-fs (loop1): Found nat_bits in checkpoint
[  492.163685][T10235] F2FS-fs (loop1): Start checkpoint disabled!
[  492.181267][T10235] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  492.254582][T10235] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1039'.
[  492.355210][   T28] audit: type=1804 audit(1752295079.541:173): pid=10235 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1039" name="/newroot/266/file0/file0" dev="loop1" ino=10 res=1 errno=0
[  492.701114][   T11] kworker/u4:0: attempt to access beyond end of device
[  492.701114][   T11] loop1: rw=1, sector=45096, nr_sectors = 8 limit=40427
[  492.755148][   T11] kworker/u4:0: attempt to access beyond end of device
[  492.755148][   T11] loop1: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  492.807711][   T11] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  492.831968][   T11] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  492.876562][T10216] loop0: detected capacity change from 0 to 65536
[  492.956783][T10216] XFS (loop0): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  493.169322][T10216] XFS (loop0): Ending clean mount
[  493.218986][T10216] XFS (loop0): Quotacheck needed: Please wait.
[  493.275893][   T23] XFS (loop0): Metadata CRC error detected at xfs_inobt_read_verify+0x42/0xd0, xfs_inobt block 0x8008 
[  493.329028][   T23] XFS (loop0): Unmount and run xfs_repair
[  493.355031][   T23] XFS (loop0): First 128 bytes of corrupted metadata buffer:
[  493.381674][   T23] 00000000: 49 41 42 33 00 00 00 00 d3 00 ff ff ff ff ff ff  IAB3............
[  493.413785][   T23] 00000010: 00 00 00 00 00 00 80 08 00 00 00 00 00 00 00 00  ................
[  493.465211][   T23] 00000020: 9b 73 48 e5 2f a0 41 a5 95 26 c5 3a 67 8b 01 f3  .sH./.A..&.:g...
[  493.486286][   T23] 00000030: 00 00 00 01 e5 03 51 91 00 00 00 00 00 00 00 00  ......Q.........
[  493.533023][   T23] 00000040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  493.558325][   T23] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  493.589184][   T23] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  493.634060][   T23] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  493.666892][ T9923] XFS (loop0): metadata I/O error in "xfs_btree_read_buf_block+0x1d7/0x2d0" at daddr 0x8008 len 2 error 74
[  493.786993][T10216] XFS (loop0): Quotacheck: Unsuccessful (Error -117): Disabling quotas.
[  493.900264][ T5784] XFS (loop0): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  494.308139][ T5794] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  494.542885][T10261] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1045'.
[  494.577755][T10261] netlink: 88 bytes leftover after parsing attributes in process `syz.2.1045'.
[  494.724360][T10263] loop3: detected capacity change from 0 to 4096
[  494.755108][T10263] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  495.527834][T10270] loop0: detected capacity change from 0 to 1024
[  495.660638][T10269] loop2: detected capacity change from 0 to 32768
[  495.802536][   T11] hfsplus: b-tree write err: -5, ino 4
[  495.824585][T10269] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  495.868882][ T5783] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  496.093073][ T5794] ocfs2: Unmounting device (7,2) on (node local)
[  496.337818][T10288] loop2: detected capacity change from 0 to 64
[  496.362603][   T28] audit: type=1800 audit(1752295083.591:174): pid=10288 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1051" name="file1" dev="loop2" ino=18 res=0 errno=0
[  496.820122][T10293] syz.2.1051: attempt to access beyond end of device
[  496.820122][T10293] loop2: rw=34817, sector=18, nr_sectors = 400 limit=64
[  496.838659][T10293] syz.2.1051: attempt to access beyond end of device
[  496.838659][T10293] loop2: rw=34817, sector=420, nr_sectors = 20 limit=64
[  496.879731][T10293] syz.2.1051: attempt to access beyond end of device
[  496.879731][T10293] loop2: rw=34817, sector=441, nr_sectors = 64 limit=64
[  497.110531][T10295] loop1: detected capacity change from 0 to 1764
[  498.413979][T10304] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1055'.
[  498.458958][T10304] netlink: 88 bytes leftover after parsing attributes in process `syz.3.1055'.
[  498.470003][T10284] loop0: detected capacity change from 0 to 32768
[  498.503158][T10284] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode.
[  498.599174][T10313] loop1: detected capacity change from 0 to 4096
[  498.625526][T10313] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  498.733723][ T5784] ocfs2: Unmounting device (7,0) on (node local)
[  498.912589][ T5787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  500.075883][T10321] loop3: detected capacity change from 0 to 32768
[  500.337077][T10321] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  500.514977][T10329] loop1: detected capacity change from 0 to 1024
[  500.933879][ T5783] ocfs2: Unmounting device (7,3) on (node local)
[  501.042286][   T38] hfsplus: b-tree write err: -5, ino 4
[  502.220510][T10342] loop3: detected capacity change from 0 to 1024
[  502.262871][T10342] EXT4-fs: Ignoring removed bh option
[  502.390381][T10348] UBIFS error (pid: 10348): cannot open "ubifs", error -22
[  502.598248][T10342] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  502.913913][T10351] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1067'.
[  502.939590][T10351] netlink: 88 bytes leftover after parsing attributes in process `syz.2.1067'.
[  503.279465][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[  503.370874][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[  503.481814][ T5783] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  503.491550][T10353] loop0: detected capacity change from 0 to 4096
[  503.541917][T10353] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  503.599495][   T28] audit: type=1800 audit(1752295090.831:175): pid=10353 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1069" name="file1" dev="loop0" ino=15 res=0 errno=0
[  503.732878][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  503.837829][T10363] loop3: detected capacity change from 0 to 2048
[  503.910435][T10363] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  504.028042][T10363] vlan2: entered promiscuous mode
[  504.136627][T10375] loop1: detected capacity change from 0 to 1024
[  504.148057][T10375] EXT4-fs: Ignoring removed nomblk_io_submit option
[  504.168066][ T5783] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  504.170426][T10375] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (16), stripe is disabled
[  504.192490][T10375] JBD2: no valid journal superblock found
[  504.198678][T10375] EXT4-fs (loop1): Could not load journal inode
[  504.243709][ T5775] usb 1-1: new high-speed USB device number 12 using dummy_hcd
[  504.416473][T10379] netlink: 88 bytes leftover after parsing attributes in process `syz.1.1078'.
[  504.446671][ T5775] usb 1-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad
[  504.483794][ T5775] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  504.518956][ T5775] usb 1-1: config 0 descriptor??
[  504.534902][ T5775] gspca_main: spca508-2.14.0 probing 8086:0110
[  504.674537][T10385] loop1: detected capacity change from 0 to 1024
[  504.692061][T10385] EXT4-fs: Ignoring removed bh option
[  504.729241][T10385] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  504.739377][ T5775] gspca_spca508: reg_read err -32
[  504.757714][ T5775] gspca_spca508: reg_read err -32
[  504.763608][ T5775] gspca_spca508: reg_read err -32
[  504.773055][ T5775] gspca_spca508: reg_read err -32
[  504.800084][ T5775] gspca_spca508: reg_read err -32
[  504.816790][ T5775] gspca_spca508: reg write: error -71
[  504.826341][ T5775] spca508: probe of 1-1:0.0 failed with error -71
[  504.853457][ T5775] usb 1-1: USB disconnect, device number 12
[  504.925071][ T5787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  505.084539][T10389] loop2: detected capacity change from 0 to 4096
[  505.106944][T10391] loop1: detected capacity change from 0 to 512
[  505.139772][T10389] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  505.162743][T10391] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  505.225621][T10377] loop3: detected capacity change from 0 to 40427
[  505.261785][T10377] F2FS-fs (loop3): invalid crc value
[  505.275365][T10391] EXT4-fs (loop1): 1 truncate cleaned up
[  505.283123][   T28] audit: type=1800 audit(1752295092.511:176): pid=10389 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1082" name="file1" dev="loop2" ino=15 res=0 errno=0
[  505.303669][    C0] vkms_vblank_simulate: vblank timer overrun
[  505.319299][T10391] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  505.333208][T10377] F2FS-fs (loop3): Found nat_bits in checkpoint
[  505.612359][ T5794] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  506.042634][T10377] F2FS-fs (loop3): Start checkpoint disabled!
[  506.094709][T10377] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  506.141789][ T5787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  506.241267][T10377] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1077'.
[  506.323393][   T28] audit: type=1804 audit(1752295093.551:177): pid=10377 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1077" name="/newroot/279/file0/file0" dev="loop3" ino=10 res=1 errno=0
[  506.333789][T10405] loop0: detected capacity change from 0 to 2048
[  506.422218][T10405] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  506.586815][T10405] vlan2: entered promiscuous mode
[  506.649671][T10410] netlink: 88 bytes leftover after parsing attributes in process `syz.2.1088'.
[  506.665085][ T9923] kworker/u4:7: attempt to access beyond end of device
[  506.665085][ T9923] loop3: rw=1, sector=45096, nr_sectors = 8 limit=40427
[  506.689893][ T9923] kworker/u4:7: attempt to access beyond end of device
[  506.689893][ T9923] loop3: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  506.712758][ T9923] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  506.722657][ T9923] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  506.849371][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  507.077154][T10415] loop0: detected capacity change from 0 to 1024
[  507.104636][T10415] EXT4-fs: Ignoring removed bh option
[  507.130177][T10417] loop1: detected capacity change from 0 to 256
[  507.160682][T10415] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  507.173435][ T5831] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  507.212405][T10417] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  507.363578][ T5831] usb 3-1: Using ep0 maxpacket: 8
[  507.376053][ T5831] usb 3-1: New USB device found, idVendor=13d8, idProduct=0001, bcdDevice=30.62
[  507.391292][ T5831] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  507.393122][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  507.400911][ T5831] usb 3-1: Product: syz
[  507.413976][ T5831] usb 3-1: Manufacturer: syz
[  507.418797][ T5831] usb 3-1: SerialNumber: syz
[  507.427016][ T5831] usb 3-1: config 0 descriptor??
[  507.454595][ T5831] usb 3-1: selecting invalid altsetting 3
[  507.472024][ T5831] comedi comedi5: could not set alternate setting 3 in high speed
[  507.494418][ T5831] usbdux 3-1:0.0: driver 'usbdux' failed to auto-configure device.
[  507.524847][ T5831] usbdux: probe of 3-1:0.0 failed with error -22
[  507.671642][T10427] loop0: detected capacity change from 0 to 4096
[  507.709222][ T5831] usb 3-1: USB disconnect, device number 16
[  507.712483][T10427] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  507.775150][   T28] audit: type=1800 audit(1752295095.001:178): pid=10427 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1092" name="file1" dev="loop0" ino=15 res=0 errno=0
[  507.778577][T10433] netlink: 'syz.1.1095': attribute type 1 has an invalid length.
[  507.803971][T10433] netlink: 16134 bytes leftover after parsing attributes in process `syz.1.1095'.
[  507.818701][T10433] netlink: 'syz.1.1095': attribute type 1 has an invalid length.
[  507.826788][T10433] netlink: 16134 bytes leftover after parsing attributes in process `syz.1.1095'.
[  507.921875][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  508.055910][T10437] netlink: 88 bytes leftover after parsing attributes in process `syz.0.1097'.
[  508.407860][T10441] loop3: detected capacity change from 0 to 2048
[  508.496800][T10441] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  508.919889][T10446] loop2: detected capacity change from 0 to 1024
[  509.068943][T10446] EXT4-fs: Ignoring removed bh option
[  509.135493][T10441] vlan2: entered promiscuous mode
[  509.149428][T10446] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  509.311759][T10435] loop1: detected capacity change from 0 to 40427
[  509.345882][T10435] F2FS-fs (loop1): invalid crc value
[  509.362930][T10451] loop0: detected capacity change from 0 to 256
[  509.372224][ T5794] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  509.382714][T10435] F2FS-fs (loop1): Found nat_bits in checkpoint
[  509.451134][T10451] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  509.466288][T10435] F2FS-fs (loop1): Start checkpoint disabled!
[  509.490115][T10435] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  509.533913][ T5783] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  509.598799][T10435] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1096'.
[  509.749904][   T28] audit: type=1804 audit(1752295096.981:179): pid=10435 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1096" name="/newroot/289/file0/file0" dev="loop1" ino=10 res=1 errno=0
[  509.924517][T10459] loop2: detected capacity change from 0 to 1764
[  509.932562][T10463] netlink: 'syz.0.1105': attribute type 1 has an invalid length.
[  509.963459][T10463] netlink: 16134 bytes leftover after parsing attributes in process `syz.0.1105'.
[  510.010324][T10464] netlink: 'syz.0.1105': attribute type 1 has an invalid length.
[  510.103451][T10464] netlink: 16134 bytes leftover after parsing attributes in process `syz.0.1105'.
[  510.246470][   T48] kworker/u4:3: attempt to access beyond end of device
[  510.246470][   T48] loop1: rw=1, sector=45096, nr_sectors = 8 limit=40427
[  510.261144][   T48] kworker/u4:3: attempt to access beyond end of device
[  510.261144][   T48] loop1: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  510.275361][   T48] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  510.283363][   T48] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  510.956027][T10471] netlink: 88 bytes leftover after parsing attributes in process `syz.0.1108'.
[  511.170343][T10476] loop3: detected capacity change from 0 to 1024
[  511.211022][T10476] EXT4-fs: Ignoring removed bh option
[  511.259689][T10476] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  511.530816][ T5783] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  511.586409][T10483] loop1: detected capacity change from 0 to 256
[  511.742292][T10487] loop3: detected capacity change from 0 to 256
[  511.758874][T10483] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x89cb6648, utbl_chksum : 0xe619d30d)
[  511.788194][T10487] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  512.051351][T10490] loop3: detected capacity change from 0 to 1024
[  512.197741][T10490] hfsplus: xattr searching failed
[  512.204023][   T28] audit: type=1800 audit(1752295099.441:180): pid=10490 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1114" name="file1" dev="loop3" ino=2 res=0 errno=0
[  512.308475][T10491] hfsplus: xattr searching failed
[  512.882979][T10473] loop2: detected capacity change from 0 to 32768
[  513.036442][T10473] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  513.125196][T10477] loop0: detected capacity change from 0 to 32768
[  513.142755][T10477] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 scanned by syz.0.1111 (10477)
[  513.218748][T10477] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  513.269930][T10477] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[  513.303425][T10477] BTRFS info (device loop0): force clearing of disk cache
[  513.310699][T10477] BTRFS info (device loop0): enabling auto defrag
[  513.320611][T10477] BTRFS info (device loop0): max_inline at 0
[  513.349803][T10477] BTRFS info (device loop0): enabling disk space caching
[  513.394716][T10477] BTRFS info (device loop0): disk space caching is enabled
[  513.480871][T10473] XFS (loop2): Ending clean mount
[  513.518062][T10473] XFS (loop2): Quotacheck needed: Please wait.
[  513.563512][T10477] BTRFS info (device loop0): enabling ssd optimizations
[  513.589339][T10477] BTRFS info (device loop0): rebuilding free space tree
[  513.627734][T10477] BTRFS info (device loop0): disabling free space tree
[  513.645472][T10477] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  513.665330][T10473] XFS (loop2): Quotacheck: Done.
[  513.674565][T10477] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  513.778864][   T28] audit: type=1804 audit(1752295101.011:181): pid=10473 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1109" name="/newroot/261/file0/bus" dev="loop2" ino=9291 res=1 errno=0
[  513.860369][   T28] audit: type=1804 audit(1752295101.041:182): pid=10473 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.1109" name="/newroot/261/file0/bus" dev="loop2" ino=9291 res=1 errno=0
[  514.016672][T10524] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  514.693047][ T5784] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  514.866685][T10509] loop3: detected capacity change from 0 to 40427
[  514.912250][T10509] F2FS-fs (loop3): invalid crc value
[  514.939971][T10509] F2FS-fs (loop3): Found nat_bits in checkpoint
[  515.032523][T10473] XFS (loop2): User initiated shutdown received.
[  515.067161][T10527] loop1: detected capacity change from 0 to 4096
[  515.073973][T10473] XFS (loop2): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x105/0x150 (fs/xfs/xfs_fsops.c:491).  Shutting down filesystem.
[  515.105858][T10509] F2FS-fs (loop3): Start checkpoint disabled!
[  515.113386][T10473] XFS (loop2): Please unmount the filesystem and rectify the problem(s)
[  515.157698][T10509] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  515.196497][T10530] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  515.224197][ T5794] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  515.567377][T10532] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1115'.
[  515.723666][T10531] netlink: 88 bytes leftover after parsing attributes in process `syz.1.1119'.
[  515.732670][T10531] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1119'.
[  515.940432][T10538] loop2: detected capacity change from 0 to 1024
[  515.948208][T10538] EXT4-fs: Ignoring removed bh option
[  515.999713][T10531] NILFS (loop1): DAT doesn't have a block to manage vblocknr = 524288
[  516.008487][T10531] NILFS error (device loop1): nilfs_bmap_truncate: broken bmap (inode number=15)
[  516.102643][T10531] Remounting filesystem read-only
[  516.107944][T10531] NILFS (loop1): error -5 truncating bmap (ino=15)
[  516.153653][   T28] audit: type=1804 audit(1752295103.271:183): pid=10539 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1115" name="/newroot/288/file0/file0" dev="loop3" ino=10 res=1 errno=0
[  516.246177][T10538] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  516.475672][ T5787] NILFS (loop1): discard dirty page: offset=8192, ino=6
[  516.483134][ T5787] NILFS (loop1): discard dirty block: blocknr=25, size=4096
[  516.494668][ T5787] NILFS (loop1): disposed unprocessed dirty file(s) when detaching log writer
[  516.550479][ T5794] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  516.628942][T10548] loop0: detected capacity change from 0 to 256
[  516.690367][T10548] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  516.760932][   T38] kworker/u4:2: attempt to access beyond end of device
[  516.760932][   T38] loop3: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  516.778679][   T38] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  516.817104][   T38] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  517.026085][T10558] loop0: detected capacity change from 0 to 1024
[  517.112486][T10558] hfsplus: xattr searching failed
[  517.162919][   T28] audit: type=1800 audit(1752295104.351:184): pid=10558 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1124" name="file1" dev="loop0" ino=2 res=0 errno=0
[  517.786712][T10567] loop1: detected capacity change from 0 to 32768
[  517.798997][T10563] hfsplus: xattr searching failed
[  517.840996][T10567] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  518.454363][ T5787] ocfs2: Unmounting device (7,1) on (node local)
[  519.353422][ T5831] usb 1-1: new high-speed USB device number 13 using dummy_hcd
[  520.003508][ T5831] usb 1-1: Using ep0 maxpacket: 8
[  520.015059][ T5831] usb 1-1: New USB device found, idVendor=13d8, idProduct=0001, bcdDevice=30.62
[  520.034343][ T5831] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  520.047448][ T5831] usb 1-1: Product: syz
[  520.051671][ T5831] usb 1-1: Manufacturer: syz
[  520.108823][ T5831] usb 1-1: SerialNumber: syz
[  520.150338][ T5831] usb 1-1: config 0 descriptor??
[  520.190124][ T5831] usb 1-1: selecting invalid altsetting 3
[  520.203341][ T5831] comedi comedi5: could not set alternate setting 3 in high speed
[  520.220815][T10575] loop1: detected capacity change from 0 to 32768
[  520.232001][ T5831] usbdux 1-1:0.0: driver 'usbdux' failed to auto-configure device.
[  520.310739][T10575] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  520.344023][ T5831] usbdux: probe of 1-1:0.0 failed with error -22
[  520.351630][T10575] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  520.375432][T10602] loop3: detected capacity change from 0 to 1024
[  520.421839][T10575] BTRFS info (device loop1): turning off barriers
[  520.427645][T10602] EXT4-fs: Ignoring removed bh option
[  520.460842][T10575] BTRFS error (device loop1): unrecognized mount option 'max_inline='
[  520.492945][   T27] usb 1-1: USB disconnect, device number 13
[  520.554829][T10602] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  520.571915][T10575] BTRFS error (device loop1): open_ctree failed: -22
[  520.635706][ T5789] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by udevd (5789)
[  520.767046][T10575] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  520.813539][T10575] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  520.854405][ T5783] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  521.172705][T10620] loop3: detected capacity change from 0 to 256
[  521.689949][T10620] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  522.095396][T10628] netlink: 'syz.3.1137': attribute type 1 has an invalid length.
[  522.103256][T10628] netlink: 'syz.3.1137': attribute type 4 has an invalid length.
[  522.173492][T10631] comedi comedi2: board detection failed
[  522.178372][T10628] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.1137'.
[  522.230393][T10632] netlink: 'syz.3.1137': attribute type 1 has an invalid length.
[  522.253438][T10632] netlink: 'syz.3.1137': attribute type 4 has an invalid length.
[  522.269089][T10600] loop2: detected capacity change from 0 to 40427
[  522.272913][T10632] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.1137'.
[  522.325961][T10600] F2FS-fs (loop2): invalid crc value
[  522.342115][T10600] F2FS-fs (loop2): Found nat_bits in checkpoint
[  522.493114][T10600] F2FS-fs (loop2): Start checkpoint disabled!
[  522.521255][T10600] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  523.717865][T10600] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1131'.
[  524.329772][   T28] audit: type=1804 audit(1752295111.561:185): pid=10600 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1131" name="/newroot/266/file0/file0" dev="loop2" ino=10 res=1 errno=0
[  524.407841][T10652] loop0: detected capacity change from 0 to 2048
[  524.482899][T10652] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  524.574769][ T2940] kworker/u4:8: attempt to access beyond end of device
[  524.574769][ T2940] loop2: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  524.631955][ T2940] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  524.635275][T10652] vlan2: entered promiscuous mode
[  524.640123][ T2940] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  524.968065][T10662] loop3: detected capacity change from 0 to 512
[  524.970875][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  524.995121][T10662] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  525.084377][T10662] EXT4-fs (loop3): 1 truncate cleaned up
[  525.108017][T10662] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  525.140104][T10650] loop1: detected capacity change from 0 to 32768
[  525.193793][T10650] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  525.500682][T10650] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  525.579840][T10650] BTRFS info (device loop1): turning off barriers
[  525.799047][T10650] BTRFS error (device loop1): unrecognized mount option 'max_inline='
[  526.166806][T10650] BTRFS error (device loop1): open_ctree failed: -22
[  526.260509][T10671] netlink: 'syz.0.1149': attribute type 1 has an invalid length.
[  526.265379][T10650] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  526.268968][T10671] netlink: 'syz.0.1149': attribute type 4 has an invalid length.
[  526.285644][T10671] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.1149'.
[  526.298661][T10671] netlink: 'syz.0.1149': attribute type 1 has an invalid length.
[  526.306688][T10671] netlink: 'syz.0.1149': attribute type 4 has an invalid length.
[  526.316215][T10671] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.1149'.
[  526.329212][T10650] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  526.457238][ T7400] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by udevd (7400)
[  526.489193][ T5783] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  526.693468][   T23] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  526.885593][   T23] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  526.906741][   T23] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  526.931702][   T23] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66
[  526.951053][   T23] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9
[  526.976911][   T23] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024
[  527.000797][   T23] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  527.021283][   T23] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  527.047879][   T23] usb 1-1: Product: syz
[  527.059310][   T23] usb 1-1: Manufacturer: syz
[  527.081065][   T23] cdc_wdm 1-1:1.0: skipping garbage
[  527.098245][   T23] cdc_wdm 1-1:1.0: skipping garbage
[  527.129985][   T23] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device
[  527.143657][   T23] cdc_wdm 1-1:1.0: Unknown control protocol
[  527.386319][T10681] loop3: detected capacity change from 0 to 40427
[  527.420044][T10681] F2FS-fs (loop3): invalid crc value
[  527.422840][    C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[  527.430259][T10681] F2FS-fs (loop3): Found nat_bits in checkpoint
[  527.432329][    C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[  527.453507][    C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[  527.460174][    C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[  527.473589][    C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[  527.480286][    C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[  527.487038][   T23] usb 1-1: USB disconnect, device number 14
[  527.493524][    C1] cdc_wdm 1-1:1.0: nonzero urb status received: -71
[  527.500169][    C1] cdc_wdm 1-1:1.0: wdm_int_callback - 0 bytes
[  527.506403][    C1] cdc_wdm 1-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  527.625731][T10681] F2FS-fs (loop3): Start checkpoint disabled!
[  527.640097][T10681] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  527.863949][T10681] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1153'.
[  527.914372][   T28] audit: type=1804 audit(1752295115.151:186): pid=10681 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1153" name="/newroot/297/file0/file0" dev="loop3" ino=10 res=1 errno=0
[  528.254624][ T1073] kworker/u4:6: attempt to access beyond end of device
[  528.254624][ T1073] loop3: rw=1, sector=45096, nr_sectors = 8 limit=40427
[  528.290818][ T1073] kworker/u4:6: attempt to access beyond end of device
[  528.290818][ T1073] loop3: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  528.323388][ T1073] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  528.331012][ T1073] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  528.497775][T10705] loop0: detected capacity change from 0 to 512
[  528.539204][T10705] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  528.575736][T10705] EXT4-fs (loop0): 1 truncate cleaned up
[  528.582851][T10705] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  529.391033][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  529.578888][T10711] netlink: 'syz.3.1158': attribute type 1 has an invalid length.
[  529.599865][T10711] netlink: 'syz.3.1158': attribute type 4 has an invalid length.
[  529.618814][T10711] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.1158'.
[  529.631516][T10703] loop1: detected capacity change from 0 to 32768
[  529.645607][T10711] netlink: 'syz.3.1158': attribute type 1 has an invalid length.
[  529.681098][T10703] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  529.706348][T10711] netlink: 'syz.3.1158': attribute type 4 has an invalid length.
[  529.717058][T10703] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  529.728750][T10711] netlink: 9462 bytes leftover after parsing attributes in process `syz.3.1158'.
[  529.740661][T10703] BTRFS info (device loop1): turning off barriers
[  529.753624][T10703] BTRFS error (device loop1): unrecognized mount option 'max_inline='
[  529.770804][T10703] BTRFS error (device loop1): open_ctree failed: -22
[  529.845712][T10703] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore
[  529.873585][T10703] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent
[  529.955600][ T7400] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by udevd (7400)
[  530.375050][T10726] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  530.582000][T10725] loop3: detected capacity change from 0 to 40427
[  530.600671][T10725] F2FS-fs (loop3): invalid crc value
[  530.621391][T10725] F2FS-fs (loop3): Found nat_bits in checkpoint
[  530.675286][T10725] F2FS-fs (loop3): Start checkpoint disabled!
[  530.689714][T10725] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  530.750934][T10725] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1167'.
[  530.812345][   T28] audit: type=1804 audit(1752295118.041:187): pid=10725 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1167" name="/newroot/300/file0/file0" dev="loop3" ino=10 res=1 errno=0
[  531.091561][   T38] kworker/u4:2: attempt to access beyond end of device
[  531.091561][   T38] loop3: rw=1, sector=45096, nr_sectors = 8 limit=40427
[  531.106559][   T38] kworker/u4:2: attempt to access beyond end of device
[  531.106559][   T38] loop3: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  531.138962][   T38] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  531.147633][   T38] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  531.891285][T10740] loop0: detected capacity change from 0 to 32768
[  532.103717][T10740] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  532.626162][ T5784] ocfs2: Unmounting device (7,0) on (node local)
[  532.814126][T10749] netlink: 'syz.0.1173': attribute type 1 has an invalid length.
[  532.842346][T10749] netlink: 'syz.0.1173': attribute type 4 has an invalid length.
[  532.854350][T10750] loop3: detected capacity change from 0 to 2048
[  532.863175][T10749] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.1173'.
[  532.915863][T10753] netlink: 'syz.0.1173': attribute type 1 has an invalid length.
[  532.934416][T10753] netlink: 'syz.0.1173': attribute type 4 has an invalid length.
[  532.942749][T10753] netlink: 9462 bytes leftover after parsing attributes in process `syz.0.1173'.
[  532.981373][T10750] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  533.147873][T10750] vlan2: entered promiscuous mode
[  533.216940][T10757] loop0: detected capacity change from 0 to 256
[  533.345745][T10757] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  533.390638][T10746] loop1: detected capacity change from 0 to 32768
[  533.450559][T10746] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  533.467585][ T5783] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  533.485215][T10746] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  533.506770][T10746] BTRFS info (device loop1): turning off barriers
[  533.513941][T10746] BTRFS error (device loop1): unrecognized mount option 'max_inline='
[  533.564666][T10746] BTRFS error (device loop1): open_ctree failed: -22
[  533.670133][T10746] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  533.773889][ T6209] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by udevd (6209)
[  534.239624][T10771] loop2: detected capacity change from 0 to 40427
[  534.282488][T10771] F2FS-fs (loop2): invalid crc value
[  534.316885][T10771] F2FS-fs (loop2): Found nat_bits in checkpoint
[  534.397174][T10771] F2FS-fs (loop2): Start checkpoint disabled!
[  534.739518][T10771] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  534.915368][T10771] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1180'.
[  534.936880][   T28] audit: type=1804 audit(1752295122.171:188): pid=10771 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1180" name="/newroot/274/file0/file0" dev="loop2" ino=10 res=1 errno=0
[  535.300134][ T2940] kworker/u4:8: attempt to access beyond end of device
[  535.300134][ T2940] loop2: rw=1, sector=45096, nr_sectors = 8 limit=40427
[  535.344339][ T2940] kworker/u4:8: attempt to access beyond end of device
[  535.344339][ T2940] loop2: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  535.397017][ T2940] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  535.416999][ T2940] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  535.460821][T10787] loop1: detected capacity change from 0 to 512
[  535.513679][T10787] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  535.576501][T10787] EXT4-fs (loop1): 1 truncate cleaned up
[  535.595209][T10787] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  536.488119][ T5787] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  536.521389][T10794] netlink: 'syz.2.1184': attribute type 1 has an invalid length.
[  536.528376][T10793] loop0: detected capacity change from 0 to 2048
[  536.594945][T10794] netlink: 'syz.2.1184': attribute type 4 has an invalid length.
[  536.602752][T10794] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.1184'.
[  536.619301][T10793] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  536.644994][T10795] netlink: 'syz.2.1184': attribute type 1 has an invalid length.
[  536.661618][T10795] netlink: 'syz.2.1184': attribute type 4 has an invalid length.
[  536.687195][T10795] netlink: 9462 bytes leftover after parsing attributes in process `syz.2.1184'.
[  536.708987][T10799] loop1: detected capacity change from 0 to 256
[  536.737351][T10793] vlan2: entered promiscuous mode
[  536.785794][T10799] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  536.962854][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  538.315270][T10817] loop1: detected capacity change from 0 to 32768
[  538.378360][T10810] loop3: detected capacity change from 0 to 32768
[  538.380572][T10821] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  538.406323][T10810] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  538.417432][T10810] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  538.426308][T10810] BTRFS info (device loop3): turning off barriers
[  538.432819][T10810] BTRFS info (device loop3): max_inline at 0
[  538.438979][T10810] BTRFS info (device loop3): setting nodatasum
[  538.445235][T10810] BTRFS info (device loop3): enabling auto defrag
[  538.451707][T10810] BTRFS info (device loop3): disabling free space tree
[  538.458659][T10810] BTRFS info (device loop3): doing ref verification
[  538.465341][T10810] BTRFS info (device loop3): enabling ssd optimizations
[  538.472320][T10810] BTRFS info (device loop3): force clearing of disk cache
[  538.479659][T10810] BTRFS info (device loop3): turning on flush-on-commit
[  538.486747][T10810] BTRFS info (device loop3): not using ssd optimizations
[  538.493986][T10810] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_LZO (0x8)
[  538.503228][T10810] BTRFS info (device loop3): use lzo compression, level 0
[  538.518423][T10817] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  538.674610][T10830] loop2: detected capacity change from 0 to 1024
[  538.839396][ T5787] ocfs2: Unmounting device (7,1) on (node local)
[  538.842336][T10830] hfsplus: xattr searching failed
[  538.848386][T10810] BTRFS info (device loop3): auto enabling async discard
[  538.862318][T10830] hfsplus: xattr searching failed
[  538.878226][   T28] audit: type=1800 audit(1752295126.081:189): pid=10830 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1193" name="file1" dev="loop2" ino=2 res=0 errno=0
[  538.900868][T10810] BTRFS info (device loop3): rebuilding free space tree
[  538.943830][T10810] BTRFS info (device loop3): disabling free space tree
[  538.950821][T10810] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  538.961584][T10810] BTRFS info (device loop3): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  538.991367][T10810] BTRFS info (device loop3): checking UUID tree
[  539.035776][ T4108] BTRFS warning (device loop3): checksum verify failed on logical 5308416 mirror 1 wanted 0xe1d58233 found 0xb0b78aaf level 0
[  539.147436][T10810] BTRFS: error (device loop3) in btrfs_fill_super:1172: errno=-5 IO failure
[  539.160093][T10810] BTRFS error (device loop3: state E): commit super ret -30
[  539.955249][T10811] loop0: detected capacity change from 0 to 32768
[  540.014572][T10811] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 scanned by syz.0.1189 (10811)
[  540.030157][T10811] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  540.040548][T10811] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  540.049511][T10811] BTRFS info (device loop0): turning off barriers
[  540.069523][T10811] BTRFS error (device loop0): unrecognized mount option 'max_inline='
[  540.095305][T10811] BTRFS error (device loop0): open_ctree failed: -22
[  540.136876][ T6209] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 10 /dev/loop3 scanned by udevd (6209)
[  540.219841][T10811] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  540.240821][T10852] loop2: detected capacity change from 0 to 512
[  540.303122][T10852] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  540.307205][ T5800] BTRFS error: device /dev/loop0 already registered with a higher generation, found 8 expect 10
[  540.391713][T10848] vlan2: entered promiscuous mode
[  540.435191][T10852] EXT4-fs (loop2): 1 truncate cleaned up
[  540.442290][T10852] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  541.646419][ T5794] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  543.690636][T10881] loop3: detected capacity change from 0 to 1024
[  543.737335][T10881] hfsplus: xattr searching failed
[  543.763998][T10881] hfsplus: xattr searching failed
[  543.803508][   T28] audit: type=1800 audit(1752295130.971:190): pid=10881 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1205" name="file1" dev="loop3" ino=2 res=0 errno=0
[  544.133952][T10877] loop2: detected capacity change from 0 to 32768
[  544.153382][T10877] BTRFS error: device /dev/loop2 already registered with a higher generation, found 8 expect 10
[  544.203687][  T787] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  544.219864][ T7400] I/O error, dev loop2, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  544.410666][  T787] usb 4-1: config 127 has an invalid interface number: 4 but max is 0
[  544.427835][  T787] usb 4-1: config 127 has no interface number 0
[  544.443428][  T787] usb 4-1: New USB device found, idVendor=07c4, idProduct=a109, bcdDevice= 8.a3
[  544.460396][  T787] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  544.467478][T10877] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  544.711111][  T787] usb 4-1: string descriptor 0 read error: -71
[  544.724855][  T787] ums-datafab 4-1:127.4: USB Mass Storage device detected
[  544.779867][T10890] loop0: detected capacity change from 0 to 2048
[  544.827575][  T787] ums-sddr55 4-1:127.4: USB Mass Storage device detected
[  544.854388][T10890] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  544.952928][  T787] usb 4-1: USB disconnect, device number 16
[  545.049317][T10890] vlan2: entered promiscuous mode
[  545.084647][T10886] loop1: detected capacity change from 0 to 32768
[  545.116774][T10886] BTRFS error: device /dev/loop1 already registered with a higher generation, found 8 expect 10
[  545.161012][T10886] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  545.279398][ T7400] BTRFS error: device /dev/loop1 already registered with a higher generation, found 8 expect 10
[  545.294555][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  545.653055][T10904] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  545.698106][T10888] loop2: detected capacity change from 0 to 32768
[  545.761471][T10888] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  545.820430][T10888] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  546.061183][T10909] blktrace: Concurrent blktraces are not allowed on sg0
[  546.624260][T10888] gfs2: fsid=syz:syz.0: journal 0 mapped with 1 extents in 0ms
[  546.677077][ T5775] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  546.691523][ T5775] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  546.788554][T10913] loop3: detected capacity change from 0 to 2048
[  546.814145][T10913] EXT4-fs: Ignoring removed nobh option
[  546.844784][ T5775] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 153ms
[  546.881511][ T5775] gfs2: fsid=syz:syz.0: jid=0: Done
[  546.894032][T10888] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  546.934194][T10913] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  547.012165][T10913] ext4 filesystem being mounted at /310/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  549.372580][T10935] loop0: detected capacity change from 0 to 2048
[  549.481113][T10935] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  549.503154][T10925] loop1: detected capacity change from 0 to 32768
[  549.677104][T10925] BTRFS error: device /dev/loop1 already registered with a higher generation, found 8 expect 10
[  549.800551][T10935] vlan2: entered promiscuous mode
[  549.834496][ T6209] I/O error, dev loop1, sector 32640 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  550.091830][T10925] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  550.129913][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  550.374502][ T5783] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  550.663544][ T5860] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  552.574301][T10957] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  552.583069][ T5860] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  552.623023][ T5860] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  552.672040][ T5860] usb 2-1: config 0 descriptor??
[  552.734492][ T5860] cp210x 2-1:0.0: cp210x converter detected
[  552.789482][T10959] loop3: detected capacity change from 0 to 1024
[  552.805106][T10959] EXT4-fs: Ignoring removed nomblk_io_submit option
[  552.932368][T10959] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  553.040028][T10945] loop0: detected capacity change from 0 to 32768
[  553.089774][T10945] BTRFS error: device /dev/loop0 already registered with a higher generation, found 8 expect 10
[  553.139188][ T5860] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32
[  553.723446][T10945] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  553.764519][    T8] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  553.775605][ T5860] usb 2-1: cp210x converter now attached to ttyUSB0
[  553.924458][ T6209] BTRFS error: device /dev/loop0 already registered with a higher generation, found 8 expect 10
[  553.948855][ T5783] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  553.974840][    T8] usb 3-1: Using ep0 maxpacket: 16
[  553.999022][    T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  554.019294][    T8] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0
[  554.057196][    T8] usb 3-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47
[  554.092618][    T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  554.113388][    T8] usb 3-1: Product: syz
[  554.117686][    T8] usb 3-1: Manufacturer: syz
[  554.122321][    T8] usb 3-1: SerialNumber: syz
[  554.160601][    T8] usb 3-1: config 0 descriptor??
[  554.185256][    T8] mcba_usb 3-1:0.0: Can't find endpoints
[  555.198640][ T5860] usb 3-1: USB disconnect, device number 17
[  555.270521][T10976] loop3: detected capacity change from 0 to 2048
[  555.344791][T10976] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  555.381382][    T8] usb 2-1: USB disconnect, device number 7
[  555.423072][    T8] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  555.434932][T10976] vlan2: entered promiscuous mode
[  555.437063][    T8] cp210x 2-1:0.0: device disconnected
[  555.621808][T10970] loop0: detected capacity change from 0 to 32768
[  555.682292][T10970] ocfs2: Mounting device (7,0) on (node local, slot 0) with writeback data mode.
[  555.739478][ T5783] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  555.956069][T10986] loop2: detected capacity change from 0 to 4096
[  556.041678][T10989] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  556.080563][ T5784] ocfs2: Unmounting device (7,0) on (node local)
[  556.108453][T10986] netlink: 88 bytes leftover after parsing attributes in process `syz.2.1232'.
[  556.117582][T10986] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1232'.
[  556.130038][T10986] NILFS (loop2): DAT doesn't have a block to manage vblocknr = 524288
[  556.138324][T10986] NILFS error (device loop2): nilfs_bmap_truncate: broken bmap (inode number=15)
[  556.170844][T10986] Remounting filesystem read-only
[  556.175952][T10986] NILFS (loop2): error -5 truncating bmap (ino=15)
[  556.340142][ T5794] NILFS (loop2): discard dirty page: offset=8192, ino=6
[  556.356730][ T5794] NILFS (loop2): discard dirty block: blocknr=25, size=4096
[  556.386124][ T5794] NILFS (loop2): disposed unprocessed dirty file(s) when detaching log writer
[  558.137532][T10984] loop1: detected capacity change from 0 to 32768
[  558.151800][T10984] BTRFS error: device /dev/loop1 already registered with a higher generation, found 8 expect 10
[  558.178123][T10984] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  558.474313][ T7400] BTRFS error: device /dev/loop1 already registered with a higher generation, found 8 expect 10
[  558.528913][T11013] loop0: detected capacity change from 0 to 512
[  558.578040][T11013] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  558.689935][T11013] EXT4-fs (loop0): 1 truncate cleaned up
[  558.726630][T11013] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  558.793467][ T5860] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  559.082045][T11003] loop3: detected capacity change from 0 to 32768
[  559.103447][ T5860] usb 2-1: Using ep0 maxpacket: 32
[  559.393526][ T5860] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  559.435312][T11003] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  559.453980][ T5860] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  559.479811][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  559.483414][ T5860] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  559.510166][T11003] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  559.521840][ T5860] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  559.530278][T11003] BTRFS info (device loop3): turning off barriers
[  559.543429][T11003] BTRFS error (device loop3): unrecognized mount option 'max_inline='
[  559.565740][ T5860] usb 2-1: config 0 descriptor??
[  559.606966][T11003] BTRFS error (device loop3): open_ctree failed: -22
[  559.707844][T11003] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  559.775815][ T7400] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by udevd (7400)
[  560.181637][T11033] usb usb1: usbfs: process 11033 (syz.3.1241) did not claim interface 0 before use
[  560.238895][ T5860] savu 0003:1E7D:2D5A.0006: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.1-1/input0
[  560.748391][   T27] usb 2-1: USB disconnect, device number 8
[  561.139981][T11038] fido_id[11038]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  561.564477][T11052] loop0: detected capacity change from 0 to 1024
[  561.620061][T11052] hfsplus: xattr searching failed
[  561.648629][T11045] loop3: detected capacity change from 0 to 4096
[  561.655292][   T28] audit: type=1800 audit(1752295148.861:191): pid=11052 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1245" name="file1" dev="loop0" ino=2 res=0 errno=0
[  561.727671][T11056] hfsplus: xattr searching failed
[  561.737470][T11057] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  561.778505][T11045] netlink: 88 bytes leftover after parsing attributes in process `syz.3.1243'.
[  561.787580][T11045] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1243'.
[  561.798414][T11045] NILFS (loop3): DAT doesn't have a block to manage vblocknr = 524288
[  561.807702][T11045] NILFS error (device loop3): nilfs_bmap_truncate: broken bmap (inode number=15)
[  561.829149][T11045] Remounting filesystem read-only
[  561.834276][T11045] NILFS (loop3): error -5 truncating bmap (ino=15)
[  562.059451][ T5783] NILFS (loop3): discard dirty page: offset=8192, ino=6
[  562.085621][ T5783] NILFS (loop3): discard dirty block: blocknr=25, size=4096
[  562.118329][ T5783] NILFS (loop3): disposed unprocessed dirty file(s) when detaching log writer
[  562.204569][T11062] loop0: detected capacity change from 0 to 512
[  562.215452][T11062] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  562.240085][T11062] EXT4-fs (loop0): 1 truncate cleaned up
[  562.255018][T11062] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  562.578259][T11067] loop3: detected capacity change from 0 to 22
[  562.631237][T11067] MTD: Attempt to mount non-MTD device "/dev/loop3"
[  563.013363][T11067] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  563.177003][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  563.988172][ T5831] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  564.031764][T11055] loop1: detected capacity change from 0 to 32768
[  564.056428][T11055] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  564.069556][T11055] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  564.082444][T11055] BTRFS info (device loop1): turning off barriers
[  564.096143][T11055] BTRFS error (device loop1): unrecognized mount option 'max_inline='
[  564.150484][T11055] BTRFS error (device loop1): open_ctree failed: -22
[  564.152766][T11081] loop3: detected capacity change from 0 to 4096
[  564.200819][ T5831] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  564.214555][ T5831] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  564.250711][T11055] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  564.269215][ T5831] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00
[  564.281416][ T7400] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by udevd (7400)
[  564.299919][ T5831] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  564.317349][ T5831] usb 1-1: config 0 descriptor??
[  564.443719][  T787] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  564.664120][  T787] usb 3-1: Using ep0 maxpacket: 32
[  564.675727][  T787] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  564.703408][  T787] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  564.718804][ T1289] ieee802154 phy0 wpan0: encryption failed: -22
[  564.733378][ T1289] ieee802154 phy1 wpan1: encryption failed: -22
[  564.746325][  T787] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  564.756009][  T787] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  564.772802][  T787] usb 3-1: config 0 descriptor??
[  564.951273][T11088] loop1: detected capacity change from 0 to 4096
[  565.031700][T11089] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  565.088819][T11088] netlink: 88 bytes leftover after parsing attributes in process `syz.1.1256'.
[  565.098056][T11088] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1256'.
[  565.139493][T11088] NILFS (loop1): DAT doesn't have a block to manage vblocknr = 524288
[  565.147831][T11088] NILFS error (device loop1): nilfs_bmap_truncate: broken bmap (inode number=15)
[  565.165955][T11088] Remounting filesystem read-only
[  565.171112][T11088] NILFS (loop1): error -5 truncating bmap (ino=15)
[  565.231922][ T5831] uclogic 0003:256C:006D.0007: failed retrieving Huion firmware version: -71
[  565.280516][  T787] savu 0003:1E7D:2D5A.0008: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.2-1/input0
[  565.297530][ T5831] uclogic 0003:256C:006D.0007: failed probing parameters: -71
[  565.325250][ T5831] uclogic: probe of 0003:256C:006D.0007 failed with error -71
[  565.405383][ T5831] usb 1-1: USB disconnect, device number 15
[  565.458365][ T5787] NILFS (loop1): discard dirty page: offset=8192, ino=6
[  565.497139][ T5787] NILFS (loop1): discard dirty block: blocknr=25, size=4096
[  565.536635][ T5787] NILFS (loop1): disposed unprocessed dirty file(s) when detaching log writer
[  565.545661][  T787] usb 3-1: USB disconnect, device number 18
[  565.749652][T11081] ntfs3: loop3: failed to convert "0080" to cp857
[  565.769362][T11081] ntfs3: loop3: failed to convert name for inode 1e.
[  566.004634][T11101] loop0: detected capacity change from 0 to 1024
[  566.067752][T11101] hfsplus: xattr searching failed
[  566.078775][   T28] audit: type=1800 audit(1752295153.301:192): pid=11101 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1259" name="file1" dev="loop0" ino=2 res=0 errno=0
[  566.096025][T11101] hfsplus: xattr searching failed
[  568.654802][T11130] loop2: detected capacity change from 0 to 4096
[  568.675383][T11138] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1267'.
[  568.799679][T11139] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  568.898313][T11130] netlink: 88 bytes leftover after parsing attributes in process `syz.2.1266'.
[  568.907382][T11130] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1266'.
[  568.929643][T11130] NILFS (loop2): DAT doesn't have a block to manage vblocknr = 524288
[  568.937943][T11130] NILFS error (device loop2): nilfs_bmap_truncate: broken bmap (inode number=15)
[  568.973668][T11130] Remounting filesystem read-only
[  568.978773][T11130] NILFS (loop2): error -5 truncating bmap (ino=15)
[  569.063993][ T5775] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  569.314701][T11147] loop3: detected capacity change from 0 to 40427
[  569.356063][T11147] F2FS-fs (loop3): build fault injection attr: rate: 771, type: 0x7ffff
[  569.373806][T11147] F2FS-fs (loop3): invalid crc value
[  569.400142][T11147] F2FS-fs (loop3): Found nat_bits in checkpoint
[  569.471105][T11147] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  569.503998][ T5794] NILFS (loop2): discard dirty page: offset=8192, ino=6
[  569.511483][ T5794] NILFS (loop2): discard dirty block: blocknr=25, size=4096
[  569.523877][ T5775] usb 2-1: Using ep0 maxpacket: 32
[  569.530053][ T5794] NILFS (loop2): disposed unprocessed dirty file(s) when detaching log writer
[  569.693558][ T5775] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  569.773382][ T5775] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  569.849873][ T5775] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  569.876326][ T5775] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  569.958285][T11157] syz.3.1269: attempt to access beyond end of device
[  569.958285][T11157] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  570.146349][ T5775] usb 2-1: config 0 descriptor??
[  570.443835][ T5783] syz-executor: attempt to access beyond end of device
[  570.443835][ T5783] loop3: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  570.461412][ T5783] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  570.683974][ T5775] savu 0003:1E7D:2D5A.0009: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.1-1/input0
[  570.949841][ T5775] usb 2-1: USB disconnect, device number 9
[  571.189944][T11175] loop2: detected capacity change from 0 to 1024
[  571.257088][T11175] hfsplus: xattr searching failed
[  571.257730][T11178] loop3: detected capacity change from 0 to 256
[  571.262821][   T28] audit: type=1800 audit(1752295158.491:193): pid=11175 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1274" name="file1" dev="loop2" ino=2 res=0 errno=0
[  571.292801][T11178] exFAT-fs (loop3): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  571.357176][T11180] hfsplus: xattr searching failed
[  572.125003][T11184] loop2: detected capacity change from 0 to 2048
[  572.285851][T11184] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  572.447878][T11184] vlan2: entered promiscuous mode
[  572.614085][T11191] EXT4-fs error (device loop2): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  572.687626][T11196] blktrace: Concurrent blktraces are not allowed on sg0
[  572.773718][   T27] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  573.072147][   T27] usb 1-1: Using ep0 maxpacket: 32
[  573.114059][   T27] usb 1-1: config 0 has an invalid interface number: 132 but max is 0
[  573.122299][   T27] usb 1-1: config 0 has no interface number 0
[  573.155153][   T27] usb 1-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  573.207187][   T27] usb 1-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  573.237033][   T27] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  573.261305][ T5794] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  573.277781][   T27] usb 1-1: Product: syz
[  573.302480][   T27] usb 1-1: Manufacturer: syz
[  573.312868][   T27] usb 1-1: SerialNumber: syz
[  573.355829][   T27] usb 1-1: config 0 descriptor??
[  573.393899][   T27] em28xx 1-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  573.420763][   T27] em28xx 1-1:0.132: Video interface 132 found:
[  573.878458][T11202] loop2: detected capacity change from 0 to 40427
[  573.878633][T11204] loop3: detected capacity change from 0 to 2048
[  573.916623][T11202] F2FS-fs (loop2): invalid crc value
[  573.934386][T11202] F2FS-fs (loop2): Found nat_bits in checkpoint
[  573.941103][T11204] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  573.993168][   T27] em28xx 1-1:0.132: unknown em28xx chip ID (39)
[  574.000069][T11202] F2FS-fs (loop2): Start checkpoint disabled!
[  574.010034][T11202] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  574.107788][T11202] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1279'.
[  574.142540][   T28] audit: type=1804 audit(1752295161.371:194): pid=11202 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1279" name="/newroot/300/file0/file0" dev="loop2" ino=10 res=1 errno=0
[  574.378847][   T27] em28xx 1-1:0.132: failed to trigger read from i2c address 0xa0 (error=-5)
[  574.418273][   T27] em28xx 1-1:0.132: board has no eeprom
[  574.498374][   T12] kworker/u4:1: attempt to access beyond end of device
[  574.498374][   T12] loop2: rw=1, sector=45096, nr_sectors = 8 limit=40427
[  574.513583][   T27] em28xx 1-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  574.545587][ T2940] kworker/u4:8: attempt to access beyond end of device
[  574.545587][ T2940] loop2: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  574.564991][   T27] em28xx 1-1:0.132: analog set to bulk mode.
[  574.580088][ T5775] em28xx 1-1:0.132: Registering V4L2 extension
[  574.599246][   T27] usb 1-1: USB disconnect, device number 16
[  574.630533][   T27] em28xx 1-1:0.132: Disconnecting em28xx
[  574.637017][ T2940] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  574.664674][ T2940] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  575.002347][ T5775] em28xx 1-1:0.132: Config register raw data: 0xffffffed
[  575.028177][ T5775] em28xx 1-1:0.132: AC97 chip type couldn't be determined
[  575.056174][ T5775] em28xx 1-1:0.132: No AC97 audio processor
[  575.099301][ T5775] usb 1-1: Decoder not found
[  575.112589][ T5775] em28xx 1-1:0.132: failed to create media graph
[  575.119837][ T5775] em28xx 1-1:0.132: V4L2 device video103 deregistered
[  575.143629][ T5775] em28xx 1-1:0.132: Remote control support is not available for this card.
[  575.177632][   T27] em28xx 1-1:0.132: Closing input extension
[  575.474505][   T27] em28xx 1-1:0.132: Freeing device
[  576.532373][T11218] loop0: detected capacity change from 0 to 32768
[  576.621107][T11218] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  576.859544][ T5784] ocfs2: Unmounting device (7,0) on (node local)
[  576.903727][  T787] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  577.230293][T11230] loop0: detected capacity change from 0 to 256
[  577.287388][T11230] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  577.304265][  T787] usb 2-1: Using ep0 maxpacket: 32
[  577.324228][  T787] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  577.353725][  T787] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  577.375586][  T787] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  577.385367][  T787] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  577.424205][  T787] usb 2-1: config 0 descriptor??
[  578.039640][T11238] blktrace: Concurrent blktraces are not allowed on sg0
[  578.590104][  T787] savu 0003:1E7D:2D5A.000A: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.1-1/input0
[  578.683491][ T5775] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  578.840817][T11241] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  578.944978][ T5831] usb 2-1: USB disconnect, device number 10
[  579.059948][T11247] fido_id[11247]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[  579.143435][ T5775] usb 1-1: Using ep0 maxpacket: 16
[  579.170695][ T5775] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  579.194919][ T5775] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0
[  579.514576][T11253] loop2: detected capacity change from 0 to 40427
[  579.566428][T11253] F2FS-fs (loop2): build fault injection attr: rate: 771, type: 0x7ffff
[  579.579066][T11253] F2FS-fs (loop2): invalid crc value
[  579.600700][ T5775] usb 1-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47
[  579.630389][T11253] F2FS-fs (loop2): Found nat_bits in checkpoint
[  579.630487][ T5775] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  579.685254][ T5775] usb 1-1: Product: syz
[  579.689727][ T5775] usb 1-1: Manufacturer: syz
[  579.709483][T11253] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  579.734690][ T5775] usb 1-1: SerialNumber: syz
[  579.748159][ T5775] usb 1-1: config 0 descriptor??
[  579.765936][ T5775] mcba_usb 1-1:0.0: Can't find endpoints
[  580.535324][T11263] syz.2.1292: attempt to access beyond end of device
[  580.535324][T11263] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  580.811771][T11266] loop1: detected capacity change from 0 to 32768
[  580.885875][T11266] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  580.907467][ T5794] syz-executor: attempt to access beyond end of device
[  580.907467][ T5794] loop2: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  580.956185][   T23] usb 1-1: USB disconnect, device number 17
[  580.988628][ T5794] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  581.266421][T11272] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.1297'.
[  581.286860][ T5787] ocfs2: Unmounting device (7,1) on (node local)
[  581.485437][T11272] netlink: 16186 bytes leftover after parsing attributes in process `syz.0.1297'.
[  581.740048][T11279] loop0: detected capacity change from 0 to 512
[  581.810429][T11279] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  581.979666][T11279] EXT4-fs (loop0): 1 truncate cleaned up
[  582.029075][T11279] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  582.909141][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  582.922278][T11287] loop2: detected capacity change from 0 to 256
[  582.978505][T11287] exFAT-fs (loop2): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  583.135203][T11291] xt_addrtype: ipv6 PROHIBIT (THROW, NAT ..) matching not supported
[  583.566655][T11294] loop2: detected capacity change from 0 to 2048
[  583.574302][T11294] EXT4-fs: Ignoring removed nobh option
[  583.646728][T11294] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  583.662755][T11294] ext4 filesystem being mounted at /307/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  583.737946][T11305] loop0: detected capacity change from 0 to 1024
[  583.783074][T11305] hfsplus: xattr searching failed
[  583.796803][   T28] audit: type=1800 audit(1752295171.021:195): pid=11305 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1304" name="file1" dev="loop0" ino=2 res=0 errno=0
[  584.067990][T11308] hfsplus: xattr searching failed
[  584.539862][T11309] fs-verity: sha512 using implementation "sha512-avx2"
[  585.126499][ T5860] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  585.189274][T11304] loop1: detected capacity change from 0 to 32768
[  585.200793][T11304] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 8 /dev/loop1 scanned by syz.1.1303 (11304)
[  585.241081][T11304] BTRFS info (device loop1): first mount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  585.252422][T11304] BTRFS info (device loop1): using xxhash64 (xxhash64-generic) checksum algorithm
[  585.262780][T11304] BTRFS info (device loop1): force zlib compression, level 3
[  585.271008][T11304] BTRFS info (device loop1): force clearing of disk cache
[  585.289270][T11304] BTRFS info (device loop1): setting nodatasum
[  585.296320][T11304] BTRFS info (device loop1): doing ref verification
[  585.308994][T11304] BTRFS info (device loop1): allowing degraded mounts
[  585.316666][T11304] BTRFS info (device loop1): enabling disk space caching
[  585.326063][T11304] BTRFS info (device loop1): disk space caching is enabled
[  585.333947][ T5860] usb 4-1: Using ep0 maxpacket: 16
[  585.371739][ T5860] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0
[  585.391949][T11304] BTRFS info (device loop1): enabling ssd optimizations
[  585.400902][T11304] BTRFS info (device loop1): auto enabling async discard
[  585.412632][ T5860] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0
[  585.434163][T11304] BTRFS info (device loop1): rebuilding free space tree
[  585.444032][ T5860] usb 4-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47
[  585.463404][ T5860] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  585.487508][T11304] BTRFS info (device loop1): disabling free space tree
[  585.490102][ T5860] usb 4-1: Product: syz
[  585.503165][T11304] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  585.509087][ T5860] usb 4-1: Manufacturer: syz
[  585.534477][T11304] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  585.543702][ T5860] usb 4-1: SerialNumber: syz
[  585.581844][ T5860] usb 4-1: config 0 descriptor??
[  585.608543][ T5860] mcba_usb 4-1:0.0: Can't find endpoints
[  585.716458][   T28] audit: type=1800 audit(1752295172.941:196): pid=11304 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1303" name="bus" dev="overlay" ino=260 res=0 errno=0
[  585.852313][ T5787] BTRFS info (device loop1): last unmount of filesystem e417788f-7a09-42b2-9266-8ddc5d5d35d2
[  585.935554][ T5860] usb 4-1: USB disconnect, device number 17
[  586.041594][T11335] loop0: detected capacity change from 0 to 2048
[  586.316741][T11335] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  586.347895][T11335] vlan2: entered promiscuous mode
[  587.278950][ T7400] BTRFS: device fsid e417788f-7a09-42b2-9266-8ddc5d5d35d2 devid 1 transid 11 /dev/loop1 scanned by udevd (7400)
[  587.288167][ T5794] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  587.353762][T11340] EXT4-fs error (device loop0): ext4_mb_generate_buddy:1220: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  587.471512][ T5784] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  587.842528][T11347] blktrace: Concurrent blktraces are not allowed on sg0
[  588.689168][T11351] loop2: detected capacity change from 0 to 128
[  588.738934][T11356] loop1: detected capacity change from 0 to 256
[  588.764860][T11356] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x5441951d, utbl_chksum : 0xe619d30d)
[  588.854509][T11355] loop0: detected capacity change from 0 to 4096
[  588.914275][T11358] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  589.022358][T11355] netlink: 88 bytes leftover after parsing attributes in process `syz.0.1309'.
[  589.031466][T11355] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1309'.
[  589.064249][T11355] NILFS (loop0): DAT doesn't have a block to manage vblocknr = 524288
[  589.073526][T11355] NILFS error (device loop0): nilfs_bmap_truncate: broken bmap (inode number=15)
[  589.102234][T11355] Remounting filesystem read-only
[  589.107498][T11355] NILFS (loop0): error -5 truncating bmap (ino=15)
[  589.252613][T11367] loop2: detected capacity change from 0 to 1024
[  589.360215][ T5784] NILFS (loop0): discard dirty page: offset=8192, ino=6
[  589.387308][ T5784] NILFS (loop0): discard dirty block: blocknr=25, size=4096
[  589.395846][ T5784] NILFS (loop0): disposed unprocessed dirty file(s) when detaching log writer
[  589.798855][T11373] loop2: detected capacity change from 0 to 1024
[  589.830895][T11373] hfsplus: bad catalog folder entry
[  590.171492][T11377] ax25_connect(): syz.2.1320 uses autobind, please contact jreuter@yaina.de
[  590.214209][T11377] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  590.617641][T11372] ------------[ cut here ]------------
[  590.623722][T11372] refcount_t: decrement hit 0; leaking memory.
[  590.630576][T11372] WARNING: CPU: 0 PID: 11372 at lib/refcount.c:31 refcount_warn_saturate+0x147/0x1b0
[  590.640305][T11372] Modules linked in:
[  590.644294][T11372] CPU: 0 PID: 11372 Comm: syz.2.1320 Not tainted 6.6.97-syzkaller #0
[  590.652418][T11372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  590.662580][T11372] RIP: 0010:refcount_warn_saturate+0x147/0x1b0
[  590.668924][T11372] Code: 0a 01 48 c7 c7 e0 1f fc 8a e8 95 74 30 fd 0f 0b eb a8 e8 2c 10 66 fd c6 05 4b b3 15 0a 01 48 c7 c7 00 21 fc 8a e8 79 74 30 fd <0f> 0b eb 8c e8 10 10 66 fd c6 05 2c b3 15 0a 01 48 c7 c7 e0 1f fc
[  590.688786][T11372] RSP: 0018:ffffc90003b17b48 EFLAGS: 00010246
[  590.695001][T11372] RAX: b59b9201bacc5e00 RBX: 0000000000000004 RCX: ffff88802965da00
[  590.703034][T11372] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[  590.711060][T11372] RBP: ffffc90003b17ca0 R08: ffffc90003b17747 R09: 1ffff92000762ee8
[  590.719434][T11372] R10: dffffc0000000000 R11: fffff52000762ee9 R12: ffff88807cf065b8
[  590.727502][T11372] R13: dffffc0000000000 R14: ffff88807cf065fc R15: 0000000000000001
[  590.735580][T11372] FS:  000055557272d500(0000) GS:ffff8880b8e00000(0000) knlGS:0000000000000000
[  590.744613][T11372] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  590.751224][T11372] CR2: 0000001b2d706ff8 CR3: 000000001b28d000 CR4: 00000000003526f0
[  590.759283][T11372] Call Trace:
[  590.762572][T11372]  <TASK>
[  590.765544][T11372]  ref_tracker_free+0x698/0x7d0
[  590.770436][T11372]  ? _raw_spin_unlock_irqrestore+0x86/0x110
[  590.776380][T11372]  ? refcount_inc+0x70/0x70
[  590.780896][T11372]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  590.786881][T11372]  ? _raw_spin_unlock+0x40/0x40
[  590.791743][T11372]  ? skb_queue_purge_reason+0x6c/0x1c0
[  590.797329][T11372]  ? skb_dequeue+0x10e/0x140
[  590.801956][T11372]  ? ax25_destroy_socket+0x541/0x5b0
[  590.807286][T11372]  ax25_release+0x356/0x930
[  590.811813][T11372]  sock_close+0xbd/0x230
[  590.816161][T11372]  ? sock_mmap+0xa0/0xa0
[  590.820460][T11372]  __fput+0x234/0x970
[  590.824491][T11372]  task_work_run+0x1ce/0x250
[  590.829099][T11372]  ? task_work_cancel+0x240/0x240
[  590.834207][T11372]  ? exit_to_user_mode_loop+0x3b/0x110
[  590.839718][T11372]  exit_to_user_mode_loop+0xe6/0x110
[  590.845098][T11372]  exit_to_user_mode_prepare+0xb1/0x140
[  590.850669][T11372]  syscall_exit_to_user_mode+0x1a/0x50
[  590.856200][T11372]  do_syscall_64+0x61/0xb0
[  590.860627][T11372]  ? clear_bhb_loop+0x40/0x90
[  590.865353][T11372]  ? clear_bhb_loop+0x40/0x90
[  590.870069][T11372]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  590.876015][T11372] RIP: 0033:0x7ff00338e929
[  590.880448][T11372] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  590.900146][T11372] RSP: 002b:00007ffde71262a8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  590.908628][T11372] RAX: 0000000000000000 RBX: 00007ff0035b7ba0 RCX: 00007ff00338e929
[  590.916636][T11372] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  590.924646][T11372] RBP: 00007ff0035b7ba0 R08: 0000000000019204 R09: 0000001ae712659f
[  590.932621][T11372] R10: 00007ff0035b7ac0 R11: 0000000000000246 R12: 00000000000902ba
[  590.940637][T11372] R13: 00007ff0035b6160 R14: ffffffffffffffff R15: 00007ffde71263c0
[  590.948650][T11372]  </TASK>
[  590.951674][T11372] Kernel panic - not syncing: kernel: panic_on_warn set ...
[  590.958972][T11372] CPU: 0 PID: 11372 Comm: syz.2.1320 Not tainted 6.6.97-syzkaller #0
[  590.967035][T11372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  590.977097][T11372] Call Trace:
[  590.980378][T11372]  <TASK>
[  590.983322][T11372]  dump_stack_lvl+0x16c/0x230
[  590.988009][T11372]  ? show_regs_print_info+0x20/0x20
[  590.993220][T11372]  ? load_image+0x3b0/0x3b0
[  590.997746][T11372]  panic+0x2c0/0x710
[  591.001646][T11372]  ? bpf_jit_dump+0xd0/0xd0
[  591.006169][T11372]  __warn+0x2e0/0x470
[  591.010150][T11372]  ? refcount_warn_saturate+0x147/0x1b0
[  591.015701][T11372]  ? refcount_warn_saturate+0x147/0x1b0
[  591.021262][T11372]  report_bug+0x2be/0x4f0
[  591.025602][T11372]  ? refcount_warn_saturate+0x147/0x1b0
[  591.031151][T11372]  ? refcount_warn_saturate+0x147/0x1b0
[  591.036703][T11372]  ? refcount_warn_saturate+0x149/0x1b0
[  591.042249][T11372]  handle_bug+0xcf/0x120
[  591.046502][T11372]  exc_invalid_op+0x1a/0x50
[  591.051007][T11372]  asm_exc_invalid_op+0x1a/0x20
[  591.055866][T11372] RIP: 0010:refcount_warn_saturate+0x147/0x1b0
[  591.062025][T11372] Code: 0a 01 48 c7 c7 e0 1f fc 8a e8 95 74 30 fd 0f 0b eb a8 e8 2c 10 66 fd c6 05 4b b3 15 0a 01 48 c7 c7 00 21 fc 8a e8 79 74 30 fd <0f> 0b eb 8c e8 10 10 66 fd c6 05 2c b3 15 0a 01 48 c7 c7 e0 1f fc
[  591.081666][T11372] RSP: 0018:ffffc90003b17b48 EFLAGS: 00010246
[  591.087739][T11372] RAX: b59b9201bacc5e00 RBX: 0000000000000004 RCX: ffff88802965da00
[  591.095714][T11372] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000002
[  591.103686][T11372] RBP: ffffc90003b17ca0 R08: ffffc90003b17747 R09: 1ffff92000762ee8
[  591.111749][T11372] R10: dffffc0000000000 R11: fffff52000762ee9 R12: ffff88807cf065b8
[  591.119723][T11372] R13: dffffc0000000000 R14: ffff88807cf065fc R15: 0000000000000001
[  591.127709][T11372]  ? refcount_warn_saturate+0x147/0x1b0
[  591.133271][T11372]  ref_tracker_free+0x698/0x7d0
[  591.138141][T11372]  ? _raw_spin_unlock_irqrestore+0x86/0x110
[  591.144049][T11372]  ? refcount_inc+0x70/0x70
[  591.148557][T11372]  ? _raw_spin_unlock_irqrestore+0xae/0x110
[  591.154458][T11372]  ? _raw_spin_unlock+0x40/0x40
[  591.159309][T11372]  ? skb_queue_purge_reason+0x6c/0x1c0
[  591.164768][T11372]  ? skb_dequeue+0x10e/0x140
[  591.169363][T11372]  ? ax25_destroy_socket+0x541/0x5b0
[  591.174654][T11372]  ax25_release+0x356/0x930
[  591.179166][T11372]  sock_close+0xbd/0x230
[  591.183412][T11372]  ? sock_mmap+0xa0/0xa0
[  591.187652][T11372]  __fput+0x234/0x970
[  591.191642][T11372]  task_work_run+0x1ce/0x250
[  591.196254][T11372]  ? task_work_cancel+0x240/0x240
[  591.201297][T11372]  ? exit_to_user_mode_loop+0x3b/0x110
[  591.206771][T11372]  exit_to_user_mode_loop+0xe6/0x110
[  591.212245][T11372]  exit_to_user_mode_prepare+0xb1/0x140
[  591.217802][T11372]  syscall_exit_to_user_mode+0x1a/0x50
[  591.223277][T11372]  do_syscall_64+0x61/0xb0
[  591.227714][T11372]  ? clear_bhb_loop+0x40/0x90
[  591.232480][T11372]  ? clear_bhb_loop+0x40/0x90
[  591.237159][T11372]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  591.243056][T11372] RIP: 0033:0x7ff00338e929
[  591.247477][T11372] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  591.267107][T11372] RSP: 002b:00007ffde71262a8 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4
[  591.275522][T11372] RAX: 0000000000000000 RBX: 00007ff0035b7ba0 RCX: 00007ff00338e929
[  591.283495][T11372] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003
[  591.291464][T11372] RBP: 00007ff0035b7ba0 R08: 0000000000019204 R09: 0000001ae712659f
[  591.299449][T11372] R10: 00007ff0035b7ac0 R11: 0000000000000246 R12: 00000000000902ba
[  591.307463][T11372] R13: 00007ff0035b6160 R14: ffffffffffffffff R15: 00007ffde71263c0
[  591.315633][T11372]  </TASK>
[  591.319052][T11372] Kernel Offset: disabled
[  591.323495][T11372] Rebooting in 86400 seconds..