last executing test programs:

1m45.927294568s ago: executing program 3 (id=433):
r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
r3 = syz_io_uring_setup(0x6148, &(0x7f0000000340)={0x0, 0x13ea, 0x2, 0x2, 0x3c6}, &(0x7f0000000040), &(0x7f0000000140))
io_uring_enter(r3, 0x2241, 0x1b86, 0x1, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'hsr0\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c00000010000104000002000000000000000000", @ANYRES32=0x0, @ANYBLOB="03800000000000001c0012800b0001006970766c616e00000c000280060001000200000008000500", @ANYRES32=r5, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r5], 0x4c}, 0x1, 0x0, 0x0, 0x20004885}, 0x4054)
r6 = dup2(r2, r1)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x12, &(0x7f0000000940)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [@ldst={0x0, 0x0, 0x4, 0x6, 0x4, 0xfffffffffffffffe, 0xffffffffffffffff}, @map_idx_val={0x18, 0x1, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0xcc51}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000580)='GPL\x00', 0x5, 0x4f, &(0x7f0000000780)=""/79, 0x41000, 0x14, '\x00', r5, @sched_cls=0x2e, 0xffffffffffffffff, 0x8, &(0x7f0000000440)={0x2, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, r2, 0x1, &(0x7f0000000680)=[r6, r6, r6, 0xffffffffffffffff], &(0x7f0000000600)=[{0x2, 0x4, 0xa, 0x4}], 0x10, 0x34e1}, 0x94)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='io.stat\x00', 0x26e1, 0x0)
r8 = socket$kcm(0x2, 0x2, 0x0)
setsockopt$sock_attach_bpf(r8, 0x1, 0xf, &(0x7f00000002c0), 0x161)
sendmsg$inet(r8, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0)
setsockopt$sock_attach_bpf(r8, 0x1, 0x31, &(0x7f0000000640)=r7, 0x4)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x4000)
setsockopt$llc_int(r0, 0x10c, 0x2, &(0x7f0000008680)=0x1000, 0x4)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c000000100005ff04000000000000000000004a", @ANYRESOCT=r0, @ANYBLOB="0000000000000000140012800b000100", @ANYRES32], 0x3c}, 0x1, 0x0, 0x0, 0x40000c1}, 0x0)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000700), r6)
sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0x44, r10, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_COVERAGE_CLASS={0x5, 0x59, 0x80}, @NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8, 0x61, 0xe0}, @NL80211_ATTR_TXQ_QUANTUM={0x8, 0x10c, 0x66}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x4}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x4}, @NL80211_ATTR_WIPHY_ANTENNA_RX={0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x44010}, 0x4000000)

1m42.64168113s ago: executing program 3 (id=441):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000480)={'bridge0\x00', <r2=>0x0})
setsockopt$inet_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x0, 0x2a, 0x0, 0x0)
r3 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x4, {{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x7, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x2, 0x200000000000}, 0x0, 0x0, 0x1, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@rand_addr=' \x01\x00', 0x2, 0x2b}, 0xa, @in6=@empty, 0x0, 0x4}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0)
ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f0000001040)={'sit0\x00', &(0x7f0000001000)={'syztnl1\x00', r2, 0x0, 0xa000, 0x3, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x68, 0x0, 0x0, 0x4, 0x0, @remote, @private=0xa010102}}}})

1m42.332591608s ago: executing program 3 (id=445):
r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
r3 = syz_io_uring_setup(0x6148, &(0x7f0000000340)={0x0, 0x13ea, 0x2, 0x2, 0x3c6}, &(0x7f0000000040), &(0x7f0000000140))
io_uring_enter(r3, 0x2241, 0x1b86, 0x1, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'hsr0\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c00000010000104000002000000000000000000", @ANYRES32=0x0, @ANYBLOB="03800000000000001c0012800b0001006970766c616e00000c000280060001000200000008000500", @ANYRES32=r5, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r5], 0x4c}, 0x1, 0x0, 0x0, 0x20004885}, 0x4054)
r6 = dup2(r2, r1)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x12, &(0x7f0000000940)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [@ldst={0x0, 0x0, 0x4, 0x6, 0x4, 0xfffffffffffffffe, 0xffffffffffffffff}, @map_idx_val={0x18, 0x1, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0xcc51}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000580)='GPL\x00', 0x5, 0x4f, &(0x7f0000000780)=""/79, 0x41000, 0x14, '\x00', r5, @sched_cls=0x2e, 0xffffffffffffffff, 0x8, &(0x7f0000000440)={0x2, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, r2, 0x2, &(0x7f0000000680), &(0x7f0000000600)=[{0xfffffffd, 0x2, 0xe, 0xb}, {0x2, 0x4, 0xa, 0x4}], 0x10, 0x34e1}, 0x94)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='io.stat\x00', 0x26e1, 0x0)
r8 = socket$kcm(0x2, 0x2, 0x0)
setsockopt$sock_attach_bpf(r8, 0x1, 0xf, &(0x7f00000002c0), 0x161)
sendmsg$inet(r8, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0)
setsockopt$sock_attach_bpf(r8, 0x1, 0x31, &(0x7f0000000640)=r7, 0x4)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x4000)
setsockopt$llc_int(r0, 0x10c, 0x2, &(0x7f0000008680)=0x1000, 0x4)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c000000100005ff04000000000000000000004a", @ANYRESOCT=r0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32], 0x3c}, 0x1, 0x0, 0x0, 0x40000c1}, 0x0)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000700), r6)
sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0x44, r10, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_COVERAGE_CLASS={0x5, 0x59, 0x80}, @NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8, 0x61, 0xe0}, @NL80211_ATTR_TXQ_QUANTUM={0x8, 0x10c, 0x66}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x4}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x4}, @NL80211_ATTR_WIPHY_ANTENNA_RX={0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x44010}, 0x4000000)

1m41.185958685s ago: executing program 3 (id=447):
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f00000001c0)='./file0\x00', 0x2048c5, &(0x7f0000000400), 0x0, 0x2a1, &(0x7f0000000840)="$eJzs3UFrE1sYxvGnSdukKW2yKBfuhYsvutHN0MZPEKQFMaDURtSFMLUTDRmTkomRiNju3Po5iktXCuoX6Made3FTBMFNF2KkScamNWBaW6ea/w/CnJxz3pkzOTPhnYFMtq4/vVcuBk7RrSuWNMWkdW1LmZ1S10h3GWuXx9VrXecmP7/7/+qNm5dy+fz8otlCbul81symT7168OjZ6Tf1yWvPp18mtJm5tfUp+37zn81/t74uhWuvSq4tV6t1d9n3bKUUlB2zK77nBp6VKoFXq1tPe9Gvrq42za2sTKVWa14QmFtpWtlrWr1q9VrT3DtuqWKO49hUSsMmfuCIwsbiops7lsEgChP9Kmu1nJvo21jY+B2DAgAAJ0tU+f/dUmClwCrVPfl9mP9LYf4f0wHyf2mo8/+DI/8fBjv5f6p7/u5F/g8AAAAAAAAAAAAAAAAAAAAAwJ9gu9VKt1qtdLgMXwlJSUnh+6jHiePB/A+3nh/uJSX/SaPQKHSWnfZcUSX58jQ7Jn1pHw9dnfLCxfz8rLVl9Npf68avNQpxJcL4UKZ//Fwn3nrj1zSmVO/2s0prpn98tk98ozCus2daie6WPTlK6+1tVeVrpX1c78Y/njO7cDm/L36i3Q8AAAAAgL+BY9/9cP3ebncsfGzIvvZO5e79AaV/cn9g3/X1qP4bjW6/AQAAAAAYJkHzYdn1fa82BIXw/w+OZIXRf3TJQTuPSurWvDgpczFIISbpsOHxX5vlj5L21MxEPt1HUfhwv3MGDNI5ym8lAAAAAMchTPpHoh4IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABDbNCHh4X9D/PssZ7NxaPZSwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBk+BYAAP//lOkWvQ==")
r0 = syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00')
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f00000002c0)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1233c06, 0x0)
mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x11080, 0x0)
mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0)
read$FUSE(r0, &(0x7f0000000b00)={0x2020}, 0x2020)

1m41.041094733s ago: executing program 3 (id=448):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e22, 0x9, @loopback, 0x6}, 0x1c)
connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e22, 0x23, @loopback, 0x23}, 0x1c)
sendmmsg$inet6(r0, &(0x7f00000000c0)=[{{0x0, 0x0, &(0x7f0000003640)=[{&(0x7f0000000680)='A7', 0x2}], 0x1}}], 0x1, 0x4000001)
r1 = dup(r0)
syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), r1)
sendmsg$nl_route_sched(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000340)=@delqdisc={0x24, 0x25, 0x100, 0x70bd2c, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0xffe0, 0xfff1}, {0xf, 0xfff3}, {0xfffe, 0xfff1}}}, 0xfe7f}, 0x1, 0x0, 0x0, 0x20000001}, 0x480d1)

1m39.847998503s ago: executing program 3 (id=453):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x300000a, 0x12, r0, 0x852ac000)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000000c0)=0x86, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x40000, &(0x7f0000000180)={0xa, 0x4e20, 0x8001, @loopback, 0x627bcafb}, 0x1c)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f0000000040)=0x8, 0x4)
setsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f0000000200)=0xb, 0x4)
recvmmsg(r0, &(0x7f0000000140)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000fc0)=""/4110, 0x100e}, 0x7fffeffe}], 0x1, 0x2002, 0x0)

1m39.114095255s ago: executing program 32 (id=453):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x300000a, 0x12, r0, 0x852ac000)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f00000000c0)=0x86, 0x4)
sendto$inet6(r0, 0x0, 0x0, 0x40000, &(0x7f0000000180)={0xa, 0x4e20, 0x8001, @loopback, 0x627bcafb}, 0x1c)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f0000000040)=0x8, 0x4)
setsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f0000000200)=0xb, 0x4)
recvmmsg(r0, &(0x7f0000000140)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000fc0)=""/4110, 0x100e}, 0x7fffeffe}], 0x1, 0x2002, 0x0)

38.033209254s ago: executing program 2 (id=610):
syz_mount_image$reiserfs(&(0x7f0000000140), &(0x7f0000001140)='./file6\x00', 0x98, &(0x7f0000000280), 0x1, 0x10ef, &(0x7f00000022c0)="$eJzs2DGLE0EYBuB3dg/kqshcvx5oYSHHHfEPXKGQxsLaLljZmUrJz/HnyFX2R3pTBOyVTQwJEhDJYuB4Hlh252Vmvp1yvgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEDvLPlekosmqdusSVKSrrubLJJ02/zx17ZJydv3k9mrj+PXs8209FmT0q9aj+vN01rHdVxv6suL22d19unzh3avZEmX+9V8ev5mOehR+trtoDsCAADAw/DzaKMT1wcAAAD+ZrBGAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAA6vajSVKSrrubLJJ0p/0tAAAA4EglTd6NDuWbNsDOi3wblZRHu+RH6edc58uB9QAAAMC/KXv38ec5z5O9/DJnubrajH+/srxN2iTXf+xzv5pP18/lfFr+5wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgF/swLEAAAAAgDB/6zQ6NgAAAAAAAAAAAAAAAGCqAAAA//9TGNII")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file0\x00', 0x103a42, 0x100)
fsetxattr$trusted_overlay_opaque(r0, &(0x7f0000000180), 0x0, 0x0, 0x1)
truncate(&(0x7f0000000080)='./file0\x00', 0x3a6800)
openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0xc4042, 0xb9cbbe05c791f09e)
write$uinput_user_dev(r0, &(0x7f0000002dc0)={'syz1\x00', {0x0, 0x3, 0x1000, 0x101}, 0x19, [0xf, 0x7, 0x3, 0x0, 0xd, 0x8, 0x9b, 0x3ff, 0x8f, 0xff, 0x6, 0x3, 0x5f0, 0x4, 0x8, 0x9, 0x4, 0x3ff, 0x101, 0x400, 0x8, 0x2, 0xe, 0x800, 0x8, 0xfffffffb, 0x7, 0x2, 0x0, 0x9, 0x6, 0x1ff, 0x8, 0x0, 0x5, 0x3, 0x9, 0x5, 0x2, 0x9, 0x40, 0x8, 0x1, 0x2f, 0x3ff, 0x0, 0xb, 0x3, 0x6, 0x7, 0x5, 0xb, 0xfffffffe, 0x1, 0x9, 0x9, 0xe5c5, 0xb, 0x4, 0x7, 0x100, 0x24, 0x2, 0x3], [0x3ff, 0x0, 0xa, 0x5, 0x8, 0x0, 0x6, 0xed92, 0x888, 0x0, 0x7f, 0x118758c6, 0xfff, 0x8, 0x4, 0x4, 0x5, 0x0, 0x9, 0x2f, 0x3, 0x10001, 0xf6, 0x0, 0x7, 0xc, 0x3f, 0x1ff, 0x8, 0x9, 0x0, 0xff, 0x0, 0x8, 0x4, 0x4, 0x6, 0x0, 0x6, 0x9, 0x3ff, 0xe, 0x8, 0x10000, 0x6, 0x0, 0x1ff, 0x8, 0x0, 0x7fffffff, 0xfff, 0xe81, 0x6, 0x7e22, 0x7fffffff, 0x1, 0x10000, 0x44, 0x52d, 0x5, 0x3, 0xfffff001, 0x9, 0x24d], [0x8, 0x1, 0x78da, 0x8000, 0xffffff7f, 0x67c, 0x98f5, 0x0, 0x10, 0xc1c, 0x4, 0x4db83704, 0x8, 0x6, 0xc7a, 0x5, 0xf978, 0x7ffffffc, 0x3, 0x5, 0x0, 0x9, 0xb6c, 0x8000, 0x1, 0x6, 0x1000, 0x4, 0x200, 0x5, 0x0, 0x7, 0x8f98, 0x0, 0x8000, 0x80000000, 0x4, 0x0, 0xa6b0, 0x6, 0xa221, 0x7fffffff, 0x2, 0x4, 0x10001, 0x45b, 0x8, 0x3e85daf5, 0x404, 0xffff8000, 0x423, 0xbf3, 0x94, 0x3, 0x4, 0x2, 0x4, 0x1, 0x5, 0x1, 0x1, 0x1, 0x5, 0x6], [0x9, 0x4, 0xffff8001, 0x4, 0x81, 0x1, 0x1, 0x0, 0x8, 0x6, 0xb, 0x1, 0x4, 0x9b4, 0x9, 0x3, 0x4, 0x9, 0x260d, 0xfffffffb, 0xc, 0xff, 0x7, 0x3, 0x2, 0x7fffffff, 0x1, 0x9, 0x3, 0x5, 0xffffffff, 0xa7bd, 0x9, 0x9, 0x1, 0x25562d28, 0x3ff, 0x9, 0x39, 0x8, 0x6, 0xa7d7, 0x6, 0x5, 0x0, 0x40f, 0xff, 0x2, 0x800, 0xffffffff, 0xa9, 0x20009, 0x3, 0x6, 0xfc9a, 0x3, 0x10001, 0x9, 0x5, 0x800, 0x7, 0x3859, 0x2, 0x1]}, 0x45c)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='memory.swap.current\x00', 0x275a, 0x0)

36.646749305s ago: executing program 2 (id=615):
ioctl$KVM_CREATE_DEVICE(0xffffffffffffffff, 0xc00caee0, &(0x7f0000000100)={0x6})
openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000000780)={0x0, 0x4, 0x0, [0x806f, 0x0, 0x2d5, 0x2, 0x6], [0x6, 0x7, 0x1, 0x9, 0x8002, 0x0, 0x5, 0x2, 0x0, 0x802, 0x9, 0x200000100, 0x3, 0xfffffffffffffff4, 0x4a, 0x5, 0x100, 0xd, 0xdd, 0x5, 0x1, 0x2a9, 0x3, 0xc39, 0x7, 0x8, 0x100000000, 0x2, 0xa51, 0x8, 0x401, 0x800000000000001, 0x7, 0xfffffffffffffffb, 0x81, 0x100, 0x5, 0x931, 0x101, 0x3, 0xf, 0x8000000000000000, 0x7, 0x1, 0x8, 0x8, 0x6aa, 0x102, 0x1, 0x83, 0x538a, 0x9, 0xfffffffffffffffb, 0x4, 0x3, 0x8000000000000000, 0x5, 0x8, 0x80008000, 0x8000000000000000, 0x4, 0xfffffffffffffffc, 0xfffffffffffffffd, 0x5bc, 0x1, 0x0, 0x4, 0x8000, 0xc9, 0x7, 0x6, 0x9, 0x82c, 0x8000, 0xe000000000000, 0xe4, 0x11, 0x0, 0x8, 0x26, 0xffffffffffffffff, 0x2, 0xbfa, 0x8000000000000000, 0x2000000009, 0x8, 0x0, 0x6, 0x6, 0x7, 0x100000002, 0x4, 0x4, 0x7, 0x7, 0x7, 0x9, 0x1, 0x16d, 0x6, 0x68d, 0xffffffffffff43b0, 0x8, 0x50000000000000, 0xe, 0x0, 0x0, 0x1300000003, 0x5, 0x7, 0x406, 0x3, 0x6, 0x5, 0x0, 0x3, 0x40, 0x7fffffff, 0x7, 0x3, 0x1]})
prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000080)={&(0x7f0000ff7000/0x1000)=nil, &(0x7f0000ff1000/0xf000)=nil, &(0x7f0000ff1000/0x2000)=nil, &(0x7f0000ff5000/0x3000)=nil, &(0x7f0000ff8000/0x4000)=nil, &(0x7f0000ff8000/0x3000)=nil, &(0x7f0000ffd000/0x3000)=nil, &(0x7f0000ffb000/0x3000)=nil, &(0x7f0000ff5000/0x1000)=nil, &(0x7f0000ffa000/0x1000)=nil, &(0x7f0000ffa000/0x2000)=nil, 0x0}, 0x68)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x24004045)
r0 = io_uring_setup(0x899, &(0x7f0000000040)={0x0, 0x3cb1, 0x1c080, 0xa, 0x20002f7})
io_uring_enter(r0, 0x2219, 0x7721, 0x16, 0x0, 0x0)

35.970122034s ago: executing program 2 (id=618):
r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
r3 = syz_io_uring_setup(0x6148, &(0x7f0000000340)={0x0, 0x13ea, 0x2, 0x2, 0x3c6}, &(0x7f0000000040), &(0x7f0000000140))
io_uring_enter(r3, 0x2241, 0x1b86, 0x1, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'hsr0\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c00000010000104000002000000000000000000", @ANYRES32=0x0, @ANYBLOB="03800000000000001c0012800b0001006970766c616e00000c000280060001000200000008000500", @ANYRES32=r5, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r5], 0x4c}, 0x1, 0x0, 0x0, 0x20004885}, 0x4054)
r6 = dup2(r2, r1)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x12, &(0x7f0000000940)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [@ldst={0x0, 0x0, 0x4, 0x6, 0x4, 0xfffffffffffffffe, 0xffffffffffffffff}, @map_idx_val={0x18, 0x1, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0xcc51}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000580)='GPL\x00', 0x5, 0x4f, &(0x7f0000000780)=""/79, 0x41000, 0x14, '\x00', r5, @sched_cls=0x2e, 0xffffffffffffffff, 0x8, &(0x7f0000000440)={0x2, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, r2, 0x1, &(0x7f0000000680)=[r6, r6, r6, 0xffffffffffffffff], &(0x7f0000000600)=[{0x2, 0x4, 0xa, 0x4}], 0x10, 0x34e1}, 0x94)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='io.stat\x00', 0x26e1, 0x0)
r8 = socket$kcm(0x2, 0x2, 0x0)
setsockopt$sock_attach_bpf(r8, 0x1, 0xf, &(0x7f00000002c0), 0x161)
sendmsg$inet(r8, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0)
setsockopt$sock_attach_bpf(r8, 0x1, 0x31, &(0x7f0000000640)=r7, 0x4)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x4000)
setsockopt$llc_int(r0, 0x10c, 0x2, &(0x7f0000008680)=0x1000, 0x4)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c000000100005ff04000000000000000000004a", @ANYBLOB="0000000000000000140012800b000100626174616476000004000280", @ANYRES32], 0x3c}, 0x1, 0x0, 0x0, 0x40000c1}, 0x0)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000700), r6)
sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0x44, r10, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_COVERAGE_CLASS={0x5, 0x59, 0x80}, @NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8, 0x61, 0xe0}, @NL80211_ATTR_TXQ_QUANTUM={0x8, 0x10c, 0x66}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x4}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x4}, @NL80211_ATTR_WIPHY_ANTENNA_RX={0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x44010}, 0x4000000)

35.889011739s ago: executing program 0 (id=619):
r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
r3 = syz_io_uring_setup(0x6148, &(0x7f0000000340)={0x0, 0x13ea, 0x2, 0x2, 0x3c6}, &(0x7f0000000040), &(0x7f0000000140))
io_uring_enter(r3, 0x2241, 0x1b86, 0x1, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'hsr0\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c00000010000104000002000000000000000000", @ANYRES32=0x0, @ANYBLOB="03800000000000001c0012800b0001006970766c616e00000c000280060001000200000008000500", @ANYRES32=r5, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r5], 0x4c}, 0x1, 0x0, 0x0, 0x20004885}, 0x4054)
r6 = dup2(r2, r1)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x11, &(0x7f0000000940)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [@map_idx_val={0x18, 0x1, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0xcc51}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000580)='GPL\x00', 0x5, 0x4f, &(0x7f0000000780)=""/79, 0x41000, 0x14, '\x00', r5, @sched_cls=0x2e, 0xffffffffffffffff, 0x8, &(0x7f0000000440)={0x2, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, r2, 0x2, &(0x7f0000000680)=[r6, r6, r6, 0xffffffffffffffff], &(0x7f0000000600)=[{0xfffffffd, 0x2, 0xe, 0xb}, {0x2, 0x4, 0xa, 0x4}], 0x10, 0x34e1}, 0x94)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='io.stat\x00', 0x26e1, 0x0)
r8 = socket$kcm(0x2, 0x2, 0x0)
setsockopt$sock_attach_bpf(r8, 0x1, 0xf, &(0x7f00000002c0), 0x161)
sendmsg$inet(r8, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0)
setsockopt$sock_attach_bpf(r8, 0x1, 0x31, &(0x7f0000000640)=r7, 0x4)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x4000)
setsockopt$llc_int(r0, 0x10c, 0x2, &(0x7f0000008680)=0x1000, 0x4)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c000000100005ff04000000000000000000004a", @ANYRESOCT=r0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32], 0x3c}, 0x1, 0x0, 0x0, 0x40000c1}, 0x0)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000700), r6)
sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0x44, r10, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_COVERAGE_CLASS={0x5, 0x59, 0x80}, @NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8, 0x61, 0xe0}, @NL80211_ATTR_TXQ_QUANTUM={0x8, 0x10c, 0x66}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x4}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x4}, @NL80211_ATTR_WIPHY_ANTENNA_RX={0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x44010}, 0x4000000)

34.198325657s ago: executing program 2 (id=621):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000340)='./file0/file0\x00', 0x0, 0x89101a, 0x0)
mount$bind(0x0, &(0x7f0000000140)='./file0/file0\x00', 0x0, 0x80000, 0x0)
mount$bind(&(0x7f0000000100)='./file0\x00', &(0x7f0000000280)='./file0/../file0\x00', 0x0, 0x1adc51, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000440)='./file0/../file0\x00', 0x0, 0x2125099, 0x0)

33.727583005s ago: executing program 2 (id=622):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000c00000/0x400000)=nil)
r3 = syz_kvm_add_vcpu$x86(r2, &(0x7f0000000080)={0x0, &(0x7f0000000140)=[@rdmsr={0x66, 0x18, {0x40000096}}], 0x18})
ioctl$KVM_SET_CPUID2(r3, 0x4008ae90, &(0x7f0000000000)={0x1, 0x0, [{0x40000001, 0x4, 0x2, 0x31237648, 0x6, 0x2, 0x80}]})
ioctl$KVM_CAP_HYPERV_ENFORCE_CPUID(r3, 0x4068aea3, &(0x7f00000000c0)={0xc7, 0x0, 0x1})
ioctl$KVM_RUN(r3, 0xae80, 0x0)

33.726755435s ago: executing program 0 (id=623):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee1, 0x0, 0x2, 0xbfdffffc}, &(0x7f0000000000)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3})
io_uring_enter(r1, 0x47f6, 0x0, 0x2, 0x0, 0x0)
ioctl$sock_SIOCADDDLCI(r0, 0x5452, &(0x7f0000000100)={'veth1\x00'})
ioctl$TIOCSTI(r0, 0x5412, &(0x7f0000000080)=0x7)

33.335638218s ago: executing program 2 (id=625):
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)=0x7)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040301, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x1000000000000, 0x0}}, 0xfdbc)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r2, 0xc0884113, &(0x7f0000000080)={0x1, 0x7, 0x0, 0x8, 0x8000, 0x0, 0x1, 0x0, 0xfffffffffffffffc, 0x1, 0xfffffffe, 0x2})
ioctl$SNDCTL_DSP_GETOSPACE(r1, 0x8010500c, &(0x7f0000000200))

32.94582233s ago: executing program 33 (id=625):
r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000040)=0x7)
r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040301, 0x0)
r2 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65)
write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x1000000000000, 0x0}}, 0xfdbc)
ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r2, 0xc0884113, &(0x7f0000000080)={0x1, 0x7, 0x0, 0x8, 0x8000, 0x0, 0x1, 0x0, 0xfffffffffffffffc, 0x1, 0xfffffffe, 0x2})
ioctl$SNDCTL_DSP_GETOSPACE(r1, 0x8010500c, &(0x7f0000000200))

32.932932041s ago: executing program 0 (id=627):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x5, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = socket$inet_tcp(0x2, 0x1, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'syz_tun\x00', <r2=>0x0})
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000002c0)={0x6, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r3, r2, 0x25, 0x0, @void}, 0x10)
syz_emit_ethernet(0x2a, &(0x7f0000000000)={@link_local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x80, 0x0, 0x0, 0x1, 0x0, @private, @broadcast}, @echo_reply={0xe0}}}}}, 0x0)

32.661259817s ago: executing program 0 (id=628):
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f00000008c0)='./file0\x00', 0x1008490, &(0x7f0000000a40)={[{@grpid}, {@grpquota}]}, 0x4, 0x4eb, &(0x7f0000000a80)="$eJzs3c9vVFsdAPDvnXZoKQMFZaFGBRFFQ5j+ABqCC2GjMYTESFy5gNoOTdMZpum0SCuLsnRvIokr/RPcuTBh5cKdO925wYUJKnkv9CVvMS/3zqUd2g7te7Qd6Hw+ye2955xhvufMcM6Ze2B6AuhZZyNiNSKORMS9iBjO85P8iButI33cq5ePp9ZePp5Kotm8878kK0/zou3PpI7lzzkYET/7ccQvk61xG8src5PVamUhT48s1uZHGssrl2YLec74xNjE6LXLV8f3rK1nan968aPZWz//y5+/8fzvq9//dVqt0m+OZ2Xt7dhLraYXo9SW1x8Rt/YjWJf0539/+PCkve1LEXEu6//D0Ze9mwDAYdZsDkdzuD0NABx26f1/KZJCOV8LKEWhUC631vBOx1ChWm8sXhyuLz2YjmwN62QUC/dnq5XRfK3wZBSTND2WXW+kxzelL0fEqYj47cDRLF2eqlenu/nBBwB62LFN8//HA635HwA45Aa7XQEA4MCZ/wGg95j/AaD3fI7537cDAeCQcP8PAL3H/A8AvWfH+f/JwdQDADgQP719Oz2aa/nvv55+uLz0g9LDS9OVxly5tjRVnqovzJdn6vWZaqU81Wzu9HzVen1+7Mp6srG8crdWX3qweHe2NjlTuVsp7nN7AICdnTrz7J9JRKxeP5od0baXg7kaDrdCtysAdE1ftysAdI3v80Dv2sU9vmUAOOS22aL3DR3/i9BTm7/Ch+rCV63/Q6+y/g+964ut//9wz+sBHDzr/9C7ms3Env8A0GOs8QPv9O//AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0KNK2ZEUytle4Kvpz0K5HHE8Ik5GMbk/W62MRsSJiPjHQHEgTY91u9IAwDsq/CfJ9/+6MHy+tLn0SPLJQHaOiF/9/s7vHk0uLi6Mpfn/X89ffJrnjx/pRgMAgHY3tma15un83HYj/+rl46nXx0FW8cXN1uaiady1/GiV9Ed/dh6MYkQMfZTk6Zb080rfHsRffRIRX9lo/6O2CKVsDaS18+nm+Gns4/sQf+P13xy/8Eb8QlaWnovZa/HlPagL9JpnN1vjZN730i6W979CnM3O2/f/wWyEenevx7+1LeNfYX3869sSP8n6/Nn19Ntr8uLKX3+yJbM53Cp7EvG1/u3iJ+vxkw7j7/ldtvFfX//muU5lzT9EXIjt47fUsmF2ZLE2P9JYXrk0W5ucqcxUHoyPT4xNjF67fHV8JFujbv3823Yx/nv94olO8dP2D3WIP7hD+7+zy/b/8dN7v/jWW+J/79vbv/+n3xI/nRO/u8v4k0M3Om7fncaf7tD+nd7/i7uM//zfK9O7fCgAcAAayytzk9VqZWGHi/Sz5k6PcfFhXsRqxHtQDRfv1UW3RyZgv210+m7XBAAAAAAAAAAAAAAA6KSxvDI3EPv7daJutxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDD67MAAAD//w/PzvM=")
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff}, 0x0)
r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x404, &(0x7f0000002140)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}})
read$FUSE(r1, &(0x7f00000021c0)={0x2020}, 0x2020)
r2 = dup(r1)
mount$9p_fd(0x0, &(0x7f0000000300)='./file0\x00', &(0x7f0000004380), 0x181c800, &(0x7f0000000280)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r2}, 0x2c, {[], [], 0x6b}})

32.233885242s ago: executing program 0 (id=630):
r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
r3 = syz_io_uring_setup(0x6148, &(0x7f0000000340)={0x0, 0x13ea, 0x2, 0x2, 0x3c6}, &(0x7f0000000040), &(0x7f0000000140))
io_uring_enter(r3, 0x2241, 0x1b86, 0x1, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'hsr0\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c00000010000104000002000000000000000000", @ANYRES32=0x0, @ANYBLOB="03800000000000001c0012800b0001006970766c616e00000c000280060001000200000008000500", @ANYRES32=r5, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r5], 0x4c}, 0x1, 0x0, 0x0, 0x20004885}, 0x4054)
r6 = dup2(r2, r1)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x12, &(0x7f0000000940)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [@ldst={0x0, 0x0, 0x4, 0x6, 0x4, 0xfffffffffffffffe, 0xffffffffffffffff}, @map_idx_val={0x18, 0x1, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0xcc51}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000580)='GPL\x00', 0x5, 0x4f, &(0x7f0000000780)=""/79, 0x41000, 0x14, '\x00', r5, @sched_cls=0x2e, 0xffffffffffffffff, 0x8, &(0x7f0000000440)={0x2, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, r2, 0x1, &(0x7f0000000680)=[r6, r6, r6, 0xffffffffffffffff], &(0x7f0000000600)=[{0x2, 0x4, 0xa, 0x4}], 0x10, 0x34e1}, 0x94)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='io.stat\x00', 0x26e1, 0x0)
r8 = socket$kcm(0x2, 0x2, 0x0)
setsockopt$sock_attach_bpf(r8, 0x1, 0xf, &(0x7f00000002c0), 0x161)
sendmsg$inet(r8, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0)
setsockopt$sock_attach_bpf(r8, 0x1, 0x31, &(0x7f0000000640)=r7, 0x4)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x4000)
setsockopt$llc_int(r0, 0x10c, 0x2, &(0x7f0000008680)=0x1000, 0x4)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYRESOCT=r0, @ANYBLOB="0000000000000000140012800b000100626174616476000004000280", @ANYRES32], 0x3c}, 0x1, 0x0, 0x0, 0x40000c1}, 0x0)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000700), r6)
sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0x44, r10, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_COVERAGE_CLASS={0x5, 0x59, 0x80}, @NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8, 0x61, 0xe0}, @NL80211_ATTR_TXQ_QUANTUM={0x8, 0x10c, 0x66}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x4}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x4}, @NL80211_ATTR_WIPHY_ANTENNA_RX={0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x44010}, 0x4000000)

30.948479647s ago: executing program 0 (id=633):
r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
r3 = syz_io_uring_setup(0x6148, &(0x7f0000000340)={0x0, 0x13ea, 0x2, 0x2, 0x3c6}, &(0x7f0000000040), &(0x7f0000000140))
io_uring_enter(r3, 0x2241, 0x1b86, 0x1, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'hsr0\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c00000010000104000002000000000000000000", @ANYRES32=0x0, @ANYBLOB="03800000000000001c0012800b0001006970766c616e00000c000280060001000200000008000500", @ANYRES32=r5, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r5], 0x4c}, 0x1, 0x0, 0x0, 0x20004885}, 0x4054)
r6 = dup2(r2, r1)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x12, &(0x7f0000000940)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [@ldst={0x0, 0x0, 0x4, 0x6, 0x4, 0xfffffffffffffffe, 0xffffffffffffffff}, @map_idx_val={0x18, 0x1, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0xcc51}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000580)='GPL\x00', 0x5, 0x4f, &(0x7f0000000780)=""/79, 0x41000, 0x14, '\x00', r5, @sched_cls=0x2e, 0xffffffffffffffff, 0x8, &(0x7f0000000440)={0x2, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, r2, 0x1, &(0x7f0000000680)=[r6, r6, r6, 0xffffffffffffffff], &(0x7f0000000600)=[{0x2, 0x4, 0xa, 0x4}], 0x10, 0x34e1}, 0x94)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='io.stat\x00', 0x26e1, 0x0)
r8 = socket$kcm(0x2, 0x2, 0x0)
setsockopt$sock_attach_bpf(r8, 0x1, 0xf, &(0x7f00000002c0), 0x161)
sendmsg$inet(r8, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0)
setsockopt$sock_attach_bpf(r8, 0x1, 0x31, &(0x7f0000000640)=r7, 0x4)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x4000)
setsockopt$llc_int(r0, 0x10c, 0x2, &(0x7f0000008680)=0x1000, 0x4)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c000000100005ff04000000000000000000004a", @ANYRESOCT=r0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32], 0x3c}, 0x1, 0x0, 0x0, 0x40000c1}, 0x0)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000700), r6)
sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0x44, r10, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_COVERAGE_CLASS={0x5, 0x59, 0x80}, @NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8, 0x61, 0xe0}, @NL80211_ATTR_TXQ_QUANTUM={0x8, 0x10c, 0x66}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x4}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x4}, @NL80211_ATTR_WIPHY_ANTENNA_RX={0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x44010}, 0x4000000)

29.872699879s ago: executing program 34 (id=633):
r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
r3 = syz_io_uring_setup(0x6148, &(0x7f0000000340)={0x0, 0x13ea, 0x2, 0x2, 0x3c6}, &(0x7f0000000040), &(0x7f0000000140))
io_uring_enter(r3, 0x2241, 0x1b86, 0x1, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'hsr0\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c00000010000104000002000000000000000000", @ANYRES32=0x0, @ANYBLOB="03800000000000001c0012800b0001006970766c616e00000c000280060001000200000008000500", @ANYRES32=r5, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r5], 0x4c}, 0x1, 0x0, 0x0, 0x20004885}, 0x4054)
r6 = dup2(r2, r1)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x12, &(0x7f0000000940)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [@ldst={0x0, 0x0, 0x4, 0x6, 0x4, 0xfffffffffffffffe, 0xffffffffffffffff}, @map_idx_val={0x18, 0x1, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0xcc51}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000580)='GPL\x00', 0x5, 0x4f, &(0x7f0000000780)=""/79, 0x41000, 0x14, '\x00', r5, @sched_cls=0x2e, 0xffffffffffffffff, 0x8, &(0x7f0000000440)={0x2, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, r2, 0x1, &(0x7f0000000680)=[r6, r6, r6, 0xffffffffffffffff], &(0x7f0000000600)=[{0x2, 0x4, 0xa, 0x4}], 0x10, 0x34e1}, 0x94)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='io.stat\x00', 0x26e1, 0x0)
r8 = socket$kcm(0x2, 0x2, 0x0)
setsockopt$sock_attach_bpf(r8, 0x1, 0xf, &(0x7f00000002c0), 0x161)
sendmsg$inet(r8, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0)
setsockopt$sock_attach_bpf(r8, 0x1, 0x31, &(0x7f0000000640)=r7, 0x4)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x4000)
setsockopt$llc_int(r0, 0x10c, 0x2, &(0x7f0000008680)=0x1000, 0x4)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c000000100005ff04000000000000000000004a", @ANYRESOCT=r0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32], 0x3c}, 0x1, 0x0, 0x0, 0x40000c1}, 0x0)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000700), r6)
sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0x44, r10, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_COVERAGE_CLASS={0x5, 0x59, 0x80}, @NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8, 0x61, 0xe0}, @NL80211_ATTR_TXQ_QUANTUM={0x8, 0x10c, 0x66}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x4}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x4}, @NL80211_ATTR_WIPHY_ANTENNA_RX={0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x44010}, 0x4000000)

21.528601896s ago: executing program 1 (id=656):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]})
syz_genetlink_get_family_id$batadv(&(0x7f0000000400), 0xffffffffffffffff)
r1 = socket(0x1e, 0x1, 0x0)
connect$tipc(r1, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10)
write$binfmt_misc(r1, &(0x7f0000000400), 0x2000011a)
recvmmsg(r1, &(0x7f0000003280)=[{{0x0, 0x0, &(0x7f00000004c0)=[{&(0x7f0000000440)=""/68, 0x44}], 0x1, 0x0, 0x18}, 0x3}, {{0x0, 0x0, 0x0}, 0x9}], 0x2, 0x10140, 0x0)
close_range(r0, 0xffffffffffffffff, 0x200000000000000)

21.268953811s ago: executing program 1 (id=657):
ioctl$BTRFS_IOC_SCRUB_PROGRESS(0xffffffffffffffff, 0xc400941d, &(0x7f0000000280)={0x0, 0x5, 0x2, 0x1})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x10, 0x2, 0xb6, '\x00', 0x2})
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f00000004c0)={0x1, 0x0, [{0x40000070, 0x0, 0x6}]})

20.964728008s ago: executing program 1 (id=659):
r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
r3 = syz_io_uring_setup(0x6148, &(0x7f0000000340)={0x0, 0x13ea, 0x2, 0x2, 0x3c6}, &(0x7f0000000040), &(0x7f0000000140))
io_uring_enter(r3, 0x2241, 0x1b86, 0x1, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'hsr0\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c00000010000104000002000000000000000000", @ANYRES32=0x0, @ANYBLOB="03800000000000001c0012800b0001006970766c616e00000c000280060001000200000008000500", @ANYRES32=r5, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r5], 0x4c}, 0x1, 0x0, 0x0, 0x20004885}, 0x4054)
r6 = dup2(r2, r1)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x12, &(0x7f0000000940)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [@ldst={0x0, 0x0, 0x4, 0x6, 0x4, 0xfffffffffffffffe, 0xffffffffffffffff}, @map_idx_val={0x18, 0x1, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0xcc51}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000580)='GPL\x00', 0x5, 0x4f, &(0x7f0000000780)=""/79, 0x41000, 0x14, '\x00', r5, @sched_cls=0x2e, 0xffffffffffffffff, 0x8, &(0x7f0000000440)={0x2, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, r2, 0x1, &(0x7f0000000680)=[r6, r6, r6, 0xffffffffffffffff], &(0x7f0000000600)=[{0x2, 0x4, 0xa, 0x4}], 0x10, 0x34e1}, 0x94)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='io.stat\x00', 0x26e1, 0x0)
r8 = socket$kcm(0x2, 0x2, 0x0)
setsockopt$sock_attach_bpf(r8, 0x1, 0xf, &(0x7f00000002c0), 0x161)
sendmsg$inet(r8, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0)
setsockopt$sock_attach_bpf(r8, 0x1, 0x31, &(0x7f0000000640)=r7, 0x4)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x4000)
setsockopt$llc_int(r0, 0x10c, 0x2, &(0x7f0000008680)=0x1000, 0x4)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRESOCT=r0, @ANYBLOB="0000000000000000140012800b000100626174616476000004000280", @ANYRES32], 0x3c}, 0x1, 0x0, 0x0, 0x40000c1}, 0x0)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000700), r6)
sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0x44, r10, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_COVERAGE_CLASS={0x5, 0x59, 0x80}, @NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8, 0x61, 0xe0}, @NL80211_ATTR_TXQ_QUANTUM={0x8, 0x10c, 0x66}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x4}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x4}, @NL80211_ATTR_WIPHY_ANTENNA_RX={0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x44010}, 0x4000000)

19.504256343s ago: executing program 1 (id=661):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./file1\x00', 0x1010012, &(0x7f0000000080)={[{@nobh}, {@bsdgroups}, {@data_err_ignore}]}, 0x3, 0x4cd, &(0x7f0000000c80)="$eJzs3M9vFGUfAPDvbHdpgZfXioiCKAU0Nia2UFA4eMHExIMmRjzIsWkrQRYwtAchREpi8Ezi3Xg03jTxqkfjyT8ADx5MDAkxXABPa2Z3pt3ur+7CtqXs55Ns+zwzz8zzPDPzzD77PDsbwMAaS/8kEf+LiFsR8VQtujLBWO3f/btXZx7cvToTi5XKqX+Sarp7aTyTb7c9i4wXIgpfJg07rJm/fOXcdLk8dymLTy6c/2xy/vKV18+enz4zd2buwtSJE8eOHjn+5tQbvVeqRX5pve7t/eLivj3vnr75/kwxXz6S/a+vR1vF3oox1mHdK73t6rG3oy6cNB+na+taGLo2kl3WpbT9Xy0fPL3RBQLWTaVSqQy3X71YaXS9aQmwaSWx0SUANkb+Rp9+/s1f69T1eCzcOVn7AJTW+372qq0pRiFLU2r4fNtPYxHx8eK/36Sv6DQO8ecaFQAAGDi/nMx7go39v0Lsrkv3/2wOZTQino6InRHxTETsiohnI6ppn4uI5xszSCIqHfLf1RBfzv/HbBahcPuRK9lB2v97K5vbWtn/y3t/MTqUxXZE5B3mucPZMRmP0vAnZ8tzR9rsf8sq+df3/9JXmn/eF8zKcbvYMEA3O70w/XC1bXbnesTeYmP9k2J64vJpnCQi9kTE3h72O1oXPvvad/uWIqWV6Vavf1WlxZRez/NxrVS+jXi1dv4XY8X5X84x6Tw/OTkS5bnDk+lVcLhlHr/9fuODdvmvWv+f/mrc5J3jP5961GovSc//trrrP/L52+X6jyYRydJ87XxEZai3PG788VV1v2OHmtc97PW/JfmoGs7b1+fTCwuXjkRsSd5rXj61vG0ez9On9R8/1Lr978y2SY/ECxGRXsQvRsRLEbE/K/uBiDgYES2qtuTXt1/+tN26Lq//NZPWf7bl/W/F+V+er+8ykG+cLhk6d+DWgzY3j+7O/7FqaDxb0vr+l6y4RXRb0kc7egAAALA5FKL63f/CxFK4UJiYqI0B7YpthfLF+YX9EXFhtvaMwGiUCvlIV208uJTk45+jdfGphvjRbNz466Gt1fjEzMXy7EZXHgbc9mqbT5raf+rvHsd5gU2oD/NowCa1WvvffXOdCgKsO+//MLjq2v9imySLvikDTybv/zC4WrX/a/F9x2cX3DNg86toyzDQtH8YXMX4cClcfey55dO2wJPI+z8MpF6f6+8tUBluvWokWvxiwMjaFGNri7w2JJD2rPq4w1JEdJd468NkkXcB2//CQ6G3HQ5H86qh6LRV0sPvOOSB9KismvjM7r5f/PlvovT7svlhuZ2WujzdfQpsyO0IAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACg7/4LAAD///QJ1ng=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file2\x00', 0x143042, 0x20)
open(&(0x7f0000000200)='./bus\x00', 0x14507e, 0x1)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x1c10, 0x0)
r1 = open(&(0x7f0000000400)='./bus\x00', 0xc40, 0x0)
ioctl$BLKROSET(r1, 0x125d, &(0x7f0000000080)=0x3f)
write$FUSE_STATX(r0, &(0x7f0000000140)={0x130, 0x0, 0x0, {0x4e06f502, 0x1, 0x0, '\x00', {0x1, 0xcf47, 0x6, 0xfffffff7, 0x0, 0x0, 0xa000, '\x00', 0x6, 0x0, 0x3, 0xfffffffffffffeff, {0xa, 0x8}, {0x10001, 0x5}, {0x8, 0xfffffffa}, {0x6ad0, 0x2}, 0x81, 0x8, 0x9, 0x7}}}, 0x130)

18.959748175s ago: executing program 1 (id=663):
syz_mount_image$nilfs2(&(0x7f0000000a40), &(0x7f0000000180)='./file0\x00', 0x0, &(0x7f0000000200)=ANY=[@ANYRES32=0x0], 0xfe, 0xa46, &(0x7f00000014c0)="$eJzs3U2MW0cdAPCx9yNNkxKnJHRJS5tQaMtHd5vNEj4iaKrmQtRUHJAqVVyiNC0RaUCkErSq1CQnbrSqwpUPcSqHChASvaCoJy6VaCQuPRUOHIiCVIkDFJJF653x2v/YPHuzWa/Xv580O543Y8887/Pz83tvZhIwturNvwsLM7WULr71+pG/P/C3rUtLHm2VaDT/TralplJKtZyeDK/3/sRyfO2Dl090i2tpvvm3pNOTV1vP3ZZSOpf2pkupkfZcvPzaO/NPHDt/9MK+d984dOXWrD0AAIyXb1w6tLD7L3+6e+eHb957OG1pLS/H542c3p6P+w/nA/9y/F9PnelaW2g3HcpN5lAP5Sa6lGuvZyqUm+xR/3R43ake5bZU1D/RtqzbesMoK9txI9Xqsx3pen12dvk3eWr+rp+uzZ45dfrZs0NqKLDm/nlfSmmvIKx9eGUDtEH4/2Fxx7D3QADL4vXCG5yLZxZuTuvVJvur/+pj9e7PhzWw3tu/+ker/l+et8dh7WzWramsV/kcbc/peB0h3r806Oe/vF68HjHVZzt7XUcYlesLvdo5sc7tWK1e7Y/bxWb11RyX9+FrIb/98xP/p6PyPwa6+5fz/4IwtmFx2DsgYMOK980tZiU/3tcX87dU5N9Wkb+1M/+VmH97xfO3VeTDOPvtCz9Or9ZWfufH3/SDng8r59nuyPFHBmxPPB85aP3xvt9B3Wz98X5i2Mh+f/ypk1965unLy/f/11rb//W8ve/N6Ub+bF3KBcr5wnhevXXvf6OznnqPcneG9tzRpXzz8a7OcrVdK6+T2vYzS2VP3d6WN9P5vB292ntPZ7lGKLc1h9tCe8PxSet4pDyvHH+U/Wp5vybD+k6F9ZgO7Sj7lZ05ju2A1SjbY6/7/8v2OZOmas+eOn3ykZwu2+kfJ6a2LC3fv87tBm5ev/1/ZlJn/5/treVT9fb9wo6V5bX2/UIjLJ/vsfxATpfvuW9PbG0unz3x3dPPrPXKw5g7++JL3zl++vTJ73vggQcetB4Me88E3GpzLzz/vbmzL7708Knnjz938rmTZw4cPHhgfv7glw8szDWP6+faj+6BzWTlS3/YLQEAAAAAAAAAAAD69YOjRy7/+e0vvrfc/3+l/1/p/1/u/C39/38U+v/HfvKlH3zpB7izS36zTBhgdTqUm8rho6G9u0I9u8PzPpbj1jx+uf9/qS6O61rac1dYHsfvLeXCcAI3jJcyHcYg6Zwv8Hz6ZE5fyPEvEgxRbWv3xTmuGt+6bOtlfArjUoym8n8rW0MZx6T0/+41rlPZ/+9chzay9tajO+Gw1xHo7h/rN/73r1qVboBxjwVBSGlx0SwewMYw7Pk/y3nPEp/5w9dvWwql2NXHOveXcfxSuBkbff7JzVv/N4dcf+qs/3Bal/k/W/Pf9b3/CzPmNVZX779/euW9tmrTnn7rj+tfxoHeNVj9H+b6y9o8mPqrf/Hnof54QahP/wn1395n/Tesfxm3esDN4r+5/vK2PXR/v/Uvt7hW76wwnjcu1//ieePiWlj/MrbnwOu/yokar+f6YZyNyjyzgxqV+X97ifdhfCGny46w3OcQ5zsZtP3l/oryPbA7vH6t4vttVfP/bqBTTuM+/+9Xclz1eSjz/5btsdElXc/pS/n14nu7Wfc1MKreN/+vIDRDa+62DdCW9QqLi4u39oRWhaFWztDf/2H/FBh2/cN+/6vE+X/jMXyc/zfmx/l/Y36c/zfmx/n1Yn6c/ze+n3H+35h/V3jdOD/wTEX+xyvy91Tk312Rf09F/icq8vdV5N9bkX9fRf6dFfn3V+R/qiL/0xX5D7Tn11YKlPyHKp7/mYr8za70RxnX9YdxFvvn+fzD+CjXf3p9/ndV5AOj6ydv7n/86d98q7Hc/3+6dT6kXNc7nNNT+efVD3M6XvdObemlvLdz+q8hf6Of74BxEsfPiN/vD1bkA6Or3Ofl8w1jqNZ9xJ54va3XuFW9jvMZLZ/N8edy/PkcP5zj2RzP5Xh/jufXqX3cGo//+neHXq2t/N7fEfL7vZ889geK40Qd6LM98fzAoPezx3H8BnWz9a+yOxgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMDQ1Jt/FxZmaildfOv1I08dOzW3tOTRVolG8+9kW2qq9byUHsnxRI5/lh9c++DlE+3x9RzX0nyqpVpreXryaqumbSmlc2lvupQaac/Fy6+9M//EsfNHL+x7941DV27dOwAAAACb3/8CAAD//6RUDq0=")
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002a82, 0x0)
r1 = dup(r0)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x130)
mmap(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x27ffff7, 0x4012011, r2, 0x0)
truncate(&(0x7f00000002c0)='./file1\x00', 0x42d9)
read$FUSE(r1, &(0x7f00000025c0)={0x2020}, 0x2020)

18.381144219s ago: executing program 1 (id=665):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=@newtfilter={0x7c, 0x2c, 0xd27, 0x70bd1f, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x4, 0xa}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x4c, 0x2, [@TCA_FLOWER_ACT={0x48, 0x3, [@m_bpf={0x44, 0x1, 0x0, 0x0, {{0x8}, {0x1c, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x9, 0x9, 0x20000000, 0x9}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0x7c}, 0x1, 0x0, 0x0, 0x8848}, 0x80)

17.954154634s ago: executing program 35 (id=665):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101})
r1 = socket(0x400000000010, 0x3, 0x0)
r2 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x42}}}]}, 0x38}}, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=@newtfilter={0x7c, 0x2c, 0xd27, 0x70bd1f, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x4, 0xa}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x4c, 0x2, [@TCA_FLOWER_ACT={0x48, 0x3, [@m_bpf={0x44, 0x1, 0x0, 0x0, {{0x8}, {0x1c, 0x2, 0x0, 0x1, [@TCA_ACT_BPF_PARMS={0x18, 0x2, {0x9, 0x9, 0x20000000, 0x9}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0x7c}, 0x1, 0x0, 0x0, 0x8848}, 0x80)

9.382451283s ago: executing program 4 (id=678):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000001c0)=[@text16={0x10, 0x0}], 0x1, 0x4, 0x0, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000040)="f7790066baa00066b86b4266ef66ba4200430faa66ef0fdcc5bb0000c4e2b1ba8c88d9000000666666440f38826b4178420766420f38816ee3b8010000000f01d9c4033b21820f47a753fd", 0x4c}], 0x45, 0x64, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

8.311894475s ago: executing program 4 (id=680):
r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
r3 = syz_io_uring_setup(0x6148, &(0x7f0000000340)={0x0, 0x13ea, 0x2, 0x2, 0x3c6}, &(0x7f0000000040), &(0x7f0000000140))
io_uring_enter(r3, 0x2241, 0x1b86, 0x1, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'hsr0\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c00000010000104000002000000000000000000", @ANYRES32=0x0, @ANYBLOB="03800000000000001c0012800b0001006970766c616e00000c000280060001000200000008000500", @ANYRES32=r5, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r5], 0x4c}, 0x1, 0x0, 0x0, 0x20004885}, 0x4054)
r6 = dup2(r2, r1)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x12, &(0x7f0000000940)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [@ldst={0x0, 0x0, 0x4, 0x6, 0x4, 0xfffffffffffffffe, 0xffffffffffffffff}, @map_idx_val={0x18, 0x1, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0xcc51}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000580)='GPL\x00', 0x5, 0x4f, &(0x7f0000000780)=""/79, 0x41000, 0x14, '\x00', r5, @sched_cls=0x2e, 0xffffffffffffffff, 0x8, &(0x7f0000000440)={0x2, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, r2, 0x1, &(0x7f0000000680)=[r6, r6, r6, 0xffffffffffffffff], &(0x7f0000000600)=[{0x2, 0x4, 0xa, 0x4}], 0x10, 0x34e1}, 0x94)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='io.stat\x00', 0x26e1, 0x0)
r8 = socket$kcm(0x2, 0x2, 0x0)
setsockopt$sock_attach_bpf(r8, 0x1, 0xf, &(0x7f00000002c0), 0x161)
sendmsg$inet(r8, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0)
setsockopt$sock_attach_bpf(r8, 0x1, 0x31, &(0x7f0000000640)=r7, 0x4)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x4000)
setsockopt$llc_int(r0, 0x10c, 0x2, &(0x7f0000008680)=0x1000, 0x4)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c000000100005ff0400", @ANYRESOCT=r0, @ANYBLOB="0000000000000000140012800b000100626174616476000004000280", @ANYRES32], 0x3c}, 0x1, 0x0, 0x0, 0x40000c1}, 0x0)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000700), r6)
sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0x44, r10, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_COVERAGE_CLASS={0x5, 0x59, 0x80}, @NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8, 0x61, 0xe0}, @NL80211_ATTR_TXQ_QUANTUM={0x8, 0x10c, 0x66}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x4}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x4}, @NL80211_ATTR_WIPHY_ANTENNA_RX={0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x44010}, 0x4000000)

8.296384797s ago: executing program 5 (id=681):
syz_mount_image$hfsplus(&(0x7f00000000c0), &(0x7f0000000300)='./file1\x00', 0x414, &(0x7f0000000340)=ANY=[], 0x1, 0x67d, &(0x7f0000000780)="$eJzs3c1vXFfdB/DvnUzsTNonddOkzYMq1WokQFgkfpELZkNACHlRQVUWrK3EaayM02K7lVsh6vC67aJ/QFl4g1ghsY9UWLCBXXfI7CohsekGsxo013fG4/FLxm3jccrnE905595zz7m/87tz77xY0QT4nzU/kfqDFJmfeHm9vb61OdPc2pxZ7tSTjCbZSOpJakmKf7darQ+TG0nRHaboK/d5f2nu1Y8+2fp4Z61eLeX+taP69an22+jbvNHZNp7kTFV+BnvGu/mZxyu6kd9IcrUqYejOJmnt8ZO/PNlt6dE4qPe5E4kReLSKndfNVK/HXWPJ+epCb78P6Lzy1k4+wsGMDrhf/zsIAAAAeNwM8hn4qe1sZ724cALhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwBfCxu7v/xfVUuvUx1N0fv9/pNqWqn66vHC83R88qjgAAAAAAAAA4ET8o3x8YTvbWc+FztZWUf7N/8Vy5VL5+ETezGoWs5JrWc9C1rKWlUwlGesZbmR9YW1tZWqAntMH9px+SLijVdn4POYOAAAAAAAAAF84P8/87t//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgNCiSMztFivs9m8dSqyc5l2SkvWEj+Vun/jh7MOwAAAAA4AQ8tZ3trOdCZ71V5FKSZ8vvAM7lzdzLWpaylmYWc6v8XmDnU39ta3OmubU5s7z1w4PG/c6/jhVGOWJ2vns4+MhXyj0auf1Wp8/NvJ5mbqVW9my7UsazOdPZY3nvQe63Yyq+XRkwsltV2Z75e1W5z7vHmuxhjvllyliZkbO5naUyR5NVbO1sPF1lorvs7XrMs9N/pKnUusFe6jtS3yQ+Vc7PV2V7Pr8+LOdD0Z+J6Z5n37NH5zz5yh9//+PJqn56pjSYM1XZKh8b+zMx05OJ5wbJxJ3mvbt3bq9OPG6Z2GeyzMTl7vp8vp8fZSLjeSUrWcpbWchaFjOe75W1herkFz2X/CGZurFn7ZWHRTJSPUN3TtbxYnqx7HshS/lBXs+tLOal8t90pvKNzGY2cz1n+PLRZ7i86muHXPWt/zsw+KtfrSqNJL+pygMd2vCotPP6dE9ee++5Y2Vb75bdLF0cIEvHvDfWv1RV2sf4RVWeDv2ZmOrJxDNHZ+K35W1ltXnv7sqdhTcGO9zF93qO+6tTdUttP18utk9Wubb32dFue6a75958tdsudfvV9rVd7raVV2pRP/RKHanew+0fabpse+7Atpmy7UpPW6Pbdq37fguAU+/8186PNP7Z+Gvjg8YvG3caL5/77ug3R58fydk/nf1WffLMl2vPF3/IB/nZ7ud/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAADg01t9+527C83m4kpfpdVqvXtI00lX6g8JdV8l439/ot2hs6WVblPn58xOcBb//2Qy9BwOvfKfVqtVbSkO2ed3fz41iWpVTkXqhlQZ3j0JOBnX15bfuL769jtfX1peeG3xtcV7c7Ozc5Nzsy/NXL+91Fyc3HkcdpTAo7D7oj/sSAAAAAAAAAAAAIBBncR/Jxj2HAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDH2/xE6g9SZGry2mR7fWtzptleOvXdPetJakmKnybFh8mN7CwZ6xmuOOw47y/NvfrRJ1sf745V7+xfO6rfYDaqJeNJzuyU9z+v8W5W5ZGKo6ZQdGfYTtjVTuJg2P4bAAD//8o1Bh8=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x15)
pwrite64(r0, &(0x7f0000000140)='2', 0xfdef, 0xe7c)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15)
read$FUSE(r0, &(0x7f0000000880)={0x2020}, 0xeffd)

7.262142877s ago: executing program 5 (id=682):
r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
r3 = syz_io_uring_setup(0x6148, &(0x7f0000000340)={0x0, 0x13ea, 0x2, 0x2, 0x3c6}, &(0x7f0000000040), &(0x7f0000000140))
io_uring_enter(r3, 0x2241, 0x1b86, 0x1, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'hsr0\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c00000010000104000002000000000000000000", @ANYRES32=0x0, @ANYBLOB="03800000000000001c0012800b0001006970766c616e00000c000280060001000200000008000500", @ANYRES32=r5, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r5], 0x4c}, 0x1, 0x0, 0x0, 0x20004885}, 0x4054)
r6 = dup2(r2, r1)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x12, &(0x7f0000000940)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [@ldst={0x0, 0x0, 0x4, 0x6, 0x4, 0xfffffffffffffffe, 0xffffffffffffffff}, @map_idx_val={0x18, 0x1, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0xcc51}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000580)='GPL\x00', 0x5, 0x0, 0x0, 0x41000, 0x14, '\x00', r5, @sched_cls=0x2e, 0xffffffffffffffff, 0x8, &(0x7f0000000440)={0x2, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, r2, 0x2, &(0x7f0000000680)=[r6, r6, r6, 0xffffffffffffffff], &(0x7f0000000600)=[{0xfffffffd, 0x2, 0xe, 0xb}, {0x2, 0x4, 0xa, 0x4}], 0x10, 0x34e1}, 0x94)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='io.stat\x00', 0x26e1, 0x0)
r8 = socket$kcm(0x2, 0x2, 0x0)
setsockopt$sock_attach_bpf(r8, 0x1, 0xf, &(0x7f00000002c0), 0x161)
sendmsg$inet(r8, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0)
setsockopt$sock_attach_bpf(r8, 0x1, 0x31, &(0x7f0000000640)=r7, 0x4)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x4000)
setsockopt$llc_int(r0, 0x10c, 0x2, &(0x7f0000008680)=0x1000, 0x4)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c000000100005ff04000000000000000000004a", @ANYRESOCT=r0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32], 0x3c}, 0x1, 0x0, 0x0, 0x40000c1}, 0x0)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000700), r6)
sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0x44, r10, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_COVERAGE_CLASS={0x5, 0x59, 0x80}, @NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8, 0x61, 0xe0}, @NL80211_ATTR_TXQ_QUANTUM={0x8, 0x10c, 0x66}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x4}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x4}, @NL80211_ATTR_WIPHY_ANTENNA_RX={0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x44010}, 0x4000000)

7.086508497s ago: executing program 4 (id=683):
syz_mount_image$udf(&(0x7f0000000140), &(0x7f0000000080)='./file0\x00', 0x1000882, &(0x7f0000000180)=ANY=[@ANYRES8=0x0, @ANYRES16, @ANYRESDEC, @ANYRES32, @ANYRES8=0x0, @ANYRESHEX=0x0, @ANYRESHEX=0x0, @ANYRESDEC, @ANYBLOB="1cbb2cdd171d492deb3acb4b50f57fe03514acd1d4c838e2c6f896f7131908927bb900ea7fd140c59552b18fd7fa112f3255fd02c04423cea65c50f3f1131a9644733abcb0218bbfab259417ec021df71f9bd9568e390396358819c94ed2351551a96eeff9b964e5f961027ae3a3a71b49c7364d5ebe1d6525c6437993d4082972d57be58928184da45cbf987f0a13f648dc9a6621c8392b2f1fedc71c9d812425a68ba4edb0552df5b8e44af9249846923776c821deddd2f02d473b436ba514df04522dddad1cb5e75766d125d5eafcc652fbd3deaac0bf7eaf7ed8a586d36bffdb2f61bced8a3fd75f66c8eca0de326c41a8993c3ef39131"], 0x0, 0xc36, &(0x7f0000000b40)="$eJzs3U9sHNd9B/DfGy5F0m4rJk5Uu42LTVukMmO5sqSYilW4q5pmG0CWiVDMLQBX5EpdmCIJkmpkN22YXnroIUBR9JATgdYokKKB0RRFj2zrAsnFh8KnnogWNoKiB7YIkFOwxcy+FVf/LMkkJcr+fGzqOzv73sx7M+MZWdCbFwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAxO+8cvb48+lhtwIAeJDOT3/1+AnPfwD4RLng//8BAAAAAAAAAAAAAOCgS1HEE5Fi+fx2mq0+dw2fay9evTYzMXn7aiOpqjlQlS9/hp8/cfLUl14YP93LD6+/156K16YvnK2/vHRleaW1utqar88stueW5lv3vIXd1r/ZWHUA6ldevzp/6dJq/cRzJ2/4+troB0OPHxk9M/7Msad7ZWcmJien+8rUBj/y3m9xpxEeh6KIY5Hi2e//ODUjoojdH4u7XDv7baTqxFjViZmJyaojC+3m4lr55VTvQBQR9b5Kjd4xegDnYlcaEetl88sGj5Xdm15urjQvLrTqU82VtfZae2lxKnVbW/anHkWcThEbEbE1dOvmBqOIWqT47uHtdDEiBnrH4YvVwOA7t6PYxz7eg7Kd9cGIjeIROGcH2FAU8Wqk+Mk7RcyVxyz/xBciXi3zHyPeKvOliFReGKci3q+uo5GH3HL2Qi2K+LPy/J/ZTvPV/aB3Xzn3tfpXFi8t9ZXt3Vce+efDg3TA703DUUSzuuNvp4/+mx0AAAAAAAAAAAAAAAAA9tpIFPFUpHjl3/+gGlcc1bj0w2fGf3f05/vHjD95l+2UZZ+LiPXi3sbkHspDiKfSVEoPeSzxJ9lwFPFHefzftx92YwAAAAAAAAAAAAAAAAAAAD7RingvUrz47tG0Ef1zircXL9cvNC8udGeF7c3925szvdPpdOqpm42csznXc27k3My5lTOKXD9nI+dszvWcGzk3c27ljIFcP2cj52zO9ZwbOTdzbuWMWq6fs5FzNud6zo2cmzm3csYBmbsXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODjpIgifhYpvvON7RQpIhoRs9HNzaFeGQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgYRpKRfwgUtR/r3F9XS0iUvVv19Hyl1PROFTmp6MxXuZL0Tibs1llrfHth9B+dmcwFfGjSDE0/Pb1E57P/2D30/XLIN765s6nX6p1c6D35egHQ48fOXxmfPJXnrzTcrpdA8bOtRevXqvPTExOTvetruW9f7pv3Wjeb7E3XSciVt948/XmwkJrxcInY6HWXajFnm55JGJvN7h3C7XuQr5fxUNvzx0WGgejGTsLUd37b3vP5mOjfP6/Hyl+893/6D3we8//n+t+uv6Ej5/+8c7z/8WbN7RPz/8n+ta9mH83MliLGF67sjx4JGJ49Y03j7WvNC+3LrcWTx0//uXx8S+fPD54KGL4Unuh1be060MFAAAAAAAAAAAAAAAA8GClIn47UjR/tJ3qEXGtGq81emb8mWNPD8RANd7qhnFbr01fOFt/eenK8kprdbU1X59ZbM8tzbfudXfD1XCvmYnJfenMXY3sc/tHhl9eWn5jpX3599du+/1jw2cvrq6tNOdu/3WMRBHR6F8zVjV4ZmKyavRCu7lYVZ3ao4GZg6mI/4wUc6fq6fN5XR7/V8Z7g31l+8f/r/etr5b3afzfp27aT0pF/DRS/MafPxmfr9r5WNxyzHK5v44UY6c/l8vFobJcrw3d9wp0RwaWZf83Uvz9z24s2+v7Eztln7+/o3vwlef/cKT4wZ9+L341r7vx/Q874z/7z/9jN29on87/Z/rWPXbD+wp23XXy+T8WKV564u34tbzuw97/UUSn0/lWxNFc+Pr7Ofbp/H+2b91odPf763vXfQAAAAAAAAAAgEfWYCribyLF05O19EJedy9//2/+5g3t09//+sW+dfMPaL6iXR9UAAAAADggBlMR70WKy2tvXx9D3Tf++8bxn7+1M/f6RLrp2+rP+X6hem/AXv75X7/RvN/Z3XcbAAAAAAAAAAAAAAAAAAAADpSUinghz6c+e5f51DcjxSv//Wwul46U5XrzwI9Wvw6fX1o8dnZhYWmuuda8uNCqTy8351pl3c9Eiu2/+lyuW1Tzq/fmm+/O8T7c6c3FvhIpJv+2V7Y7F3tvbvLufODdudjLsp+KFP/1dzeW7c1j/dmdsifKsn8ZKb7+T7cve2Sn7Mmy7PcixQ+/Xu+Vfaws23s/avedpMO1WGg9N7e0cMurUAEAAAAAAAAAAAAAAAAAAOB+DaYi/iRS/M+VjVjPw/7z/P+9GfhrvbJvfbNvvv+bXKvm+R+t5v+/0/JHmf9/dM96CgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAj44URbwZKZbPb6fNofJz1/C59uLVazMTk7evNpKqmgNV+fJn+PkTJ0996YXx07388Pp77al4bfrC2frLS1eWV1qrq635+sxie25pvnXPW9ht/Z1D1zVWHYD6ldevzl+6tFo/8dzJG76+NvrB0ONHRs+MP3Ps6V7ZmYnJyem+MrXB+9j7fTVux6Eo4i8ixbPf/3H656GIInZ/LO5y7ey3kaoTY1UnZiYmq44stJuLa+WXU70DUUTU+yo1esfoAZyLXWlErJfNLxs8VnZverm50ry40KpPNVfW2mvtpcWp1G1t2Z96FHE6RWxExNbQrZsbjCJejxTfPbyd/mUoYqB3HL54fvqrx0/cuR3FXnWo85Fqle2sD0ZsFI/AOTvAhqKIf4gUP3nnaPzrUEQtuj/xhYhX+wu+FJHKC+NUxPu3uY54NNWiiP8rz/+Z7fTOUHk/6N1Xzn2t/pXFS0t9ZXv3lYP0fOjc/7U4sge7vXcH/N40HEX8sLrjb6d/8981AAAAAAAAAAAAAAAAwAFSxC9HihffPZqq8cHXxxS3Fy/XLzQvLnSH9fXG/tUj/rDMTqfTqaduNnLO5lzPuZFzM+dWzihy/ZyNnLM513Nu5NzMuZUzBnL9nI2csznXc27k3My5lTNqVXQ6nW9169dy/ZzrOTdqEUVZP3/eyhkHZOweAAAAAAAAAAAAAAAAAADw8VJU/6T4zje2UzWXaiNiNrq5aT7Qj73/DwAA///ofv/D")
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f0000000140)='./bus\x00')
r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents(r0, &(0x7f0000001fc0)=""/184, 0x20002078)

6.061206296s ago: executing program 5 (id=684):
prlimit64(0x0, 0xe, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, 0x0)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000180)='./bus\x00', 0x8, &(0x7f0000000300)=ANY=[@ANYBLOB='errors=continue,discard_unit=section,alloc_mode=default,active_logs=6,acl,fault_injection=00000000000000001262,acl,noacl,compress_cache,background_gc=off,nobarrier,compress_cache,mode=lfs,errors=remount-ro,nocheckpoint_merge,mode=fragment:segment,inline_dmntry,\x00'], 0x1, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_service_bytes_recursive\x00', 0x275a, 0x0)
write$nbd(r0, &(0x7f0000000040)={0x67446698, 0x0, 0x3, 0x3, 0x2}, 0x10)
write$binfmt_script(r0, &(0x7f0000000100), 0xfffffd9d)

5.841178769s ago: executing program 4 (id=685):
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x8, &(0x7f00000059c0)=ANY=[], 0x5, 0x5505, &(0x7f0000000340)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x183341, 0x0)
ioctl$F2FS_IOC_START_ATOMIC_WRITE(r0, 0xf501, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./file1\x00', 0x42, 0x1fe)
r2 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101842, 0x11)
pwritev2(r2, &(0x7f0000000000)=[{&(0x7f0000000240)=';', 0x1}], 0x1, 0x800fff, 0xc, 0x4)
fallocate(r1, 0x20, 0x4000, 0x8000)

5.243381684s ago: executing program 6 (id=634):
r0 = openat$kvm(0xffffff9c, &(0x7f00000001c0), 0x841, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = syz_mount_image$btrfs(&(0x7f0000000200), &(0x7f0000005600)='./file0\x00', 0x800, &(0x7f0000000740), 0x0, 0x559e, &(0x7f0000005680)="$eJzs3X9sVeX9B/BzWwoN+C39jhUYfxAgBoMkyJYtjqB4MQa24eKlgsKcCEQlBivYRDcYqUWSZcaghU4EF5GQaDJjscM/FMywy7CMZfzY5hZjs4JSaZZsAzVrHDG69N77XO49l9tembNOXy/SnvPcz3me+9yT88d9X/qcGwEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAURUcSc9+d0f3i0ZE1X77/Hz+e+OjGn4zfvX/roVvu23T/gjMjbto5a1nf+mlN8zdsbDjS/PS+ObdGUSLdL5Htf9u136q/88bbvlsdBly+MLOtrS31lJmuJzON4QUP9vcr/FkRRVFVbIDK7PbV7E5FwQC53cbiAQf0Tuui6O7J8ya1dT01bklyYU/xS6df9VBPYKhkr6ue89dSMv27InZErp136SUKLtFM//gF96m8CADgY5mZSm9yb0ezb3Fz7eZ4PdZOxtotsXZ4h9CS37gYmXGHl5rnpHh9iOaZzESFESXnGatnz3+unYr3j7VjUeNjzLPw0GykqS41z7Wx+lDNEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOCzZOzxo2tWtD2y575fdtQceff9OVc+8KWOw22LT4y8eunKHWum/HTWsr7105rmb9jYcKT56X1zbo2i2nS/RKZ74kTL5b9NjZ3fvXfcG427n6vpq8yOG7bD8g6OXg87s0ZH0cq8Sk8Y9q81UZQqLKSb0Y7iwl3pnW+HAgAAAJ8nX0n/rsi1M3GwqqCdSKfJRPpfkAmL77Quiu6ePG9SW9dT45YkF/Zc/HipEuMlLzherl17/ieRF4xD/I2Pd74eDm0sGmdg8RHjef7SMWPefmty/eSvT5v7xA3PjOru+r8nZ2xJ/bGu5oUrru+tf/a6ovxfO3D+D2dO/gcAAOA/If/HxxnYYPn/jqVTt7z+i2Grft3a8MTB+h1/bv3OMzsXneq54Ud9L09N3v7o1UX5f1LBUxbl/zDjkP8roovL/wAAAPBZ9t/O/8micQY2WP5vONM3+wcHX6vr+PucxXt+9dAVi8+e/tv8U7t3DV9zR8v6uoeuLMr/M8vL/8Pypx0e/F2Y8OrRUTSz/JMKAAAAFAj/737+o4WQ1zOfHMTz+rX/vKp5380ffPMbD97zpzff/s2xA7MnrdteN/PgyzfVf1j5ve3dRfk/WV7+r/p0Xi4AAABQhuePrpw773jPucfPvtB18vDu3pMznjyzrqnvdOslLatXbTr2WlH+T5WX/0cMzcsBAAAALuDeO59bsfnVl/oe2H/X2Ck9FVc1XpK4ZduOqU0TPuq8tPfy7VuL8v/y8vL/yOw2u/Ih06kz/BVC6+goqu7fWZspHIparskVAAAAgE9IyOlbP1ixbOzOsb3jj59+rObQG4dn/2Vt55yN13RXdW/uXNZ4WdH9AkJiL3X//3Cng7D+v+D+f0Xr//MKmbv+zXZjAAAAAL6Iitfzh9vjZ765oNT375e7/n9J3cQTiba33lv11XMHzo1ZsP/7129aV9/be8+El37/wz9M/6i6KP83l5f/K/O3n+T3/wEAAMBF+F/7/r+lReMMbLD7/zdV9DWsWrd3+uota7csTCw7UH3qwdV731+w5l9Tb36+qea6A0X5v6W8/B+2o/JfXkc4P5tGR9H4/p3s3QR/Hqa7OlZor8orZE58rMeNoUe20D4ir5C2Ntbja6OjaHL/TnOs8P+h0BIrnK3JFnbFCsdCIXs95Ap7YoWOcKVtq8lON154MRSyCyzawwqKUbklEbEe75Xq0V+4YI+u3JMDAAB8oYTwnM2yVYXNKB5l2xODHTBysAMqBjugcrADhsUOiB9Y6vFoeWEhPH575yMbNjVMSb7y8NzHfvbms40T9j1+WV3v5g9f2XbvxJ3TW6YW5f9d5eX/cCqGZzal1v9HYf1/9nsNc+v/l4dCbazQHgqp+B0DUuE5MmH34fActalsj7PjcwUAAAD4XAufC1QO8TwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/s3evcdJVd0JAj/d9INumqaNE9GMk3TUgGakaWwNw+AoaoxGRZpZddxkNBBoEGmE8FgFURtQZxziZ3ztrJnoCAoiu+qHGFeDwUhcxIw6iWLiA/Cxjq7r+h6VGM2E/XTfOkXVrS67EFDa+X7/6DpVv/O89eg69946FwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/xjuPfjlk4YunP0PHzace8nqqqmL/kfH6Mv+cNW3vvjUPy5b9G9h/i9GnLll3kEXHjd/wbR/6Vi++ogzQmjtKleWFC977oqvPtS613HP3jFw48wbb63fUpWpNxMP/Tr/lGfuXBxbfbF/CHeXhVCRDgypSwKVmft1sb5960LYI2wLZEu01SYl0g2HB2pCWBK2BbJVra4JoS4ncMqG+++7vDNxTU0IXwkhVKfbeKY6aaMmHRhUlQRq04HpFUngt1sT2cBPypMA7LD4Zsi+6Fe15mdo6L5ckddf5U7r2KcrPbw+MdFQPN/rR+3iTuWoSj/QukNPW0F17BIFb4+13m294N1WsJ2v8LTlfpHKfEPZui1UHcontk0aP6d9dnykPDQ19SlW0y56np9+e/6E7Un3mtdh7EDDTnkdXvrYiun9lo2+9OrNvxqz4ayaA3a0m0/lbNLc9K5WHTKvuV7zPEajfJ70grdfwbekRl+6Qghbzz17xtfnTDz7iD63PLnu1QcfrNty9pwFvzhz4nmLLj55w7/Pf6lg/t/w0fP/+HKOt+V5uWOrH9Ync/P4SF1MvFmfzM0BAACg1+gNe01Xnv/6X73+/bWtMxed/u23Dj73w71afz3i/gFVB7yxrqn1/I2ff6Vg/t9Y2vH/eMi/Lne0a0MY1ZVYNCCEvbseTwIrY3e+OyCEL3elWvMDR6UCa0PYpytxULaqVIm+sURjKvByfSYwKhVYHwOtqcDyGLgiFbg4BlalAhNiYG0qcHQMhCn54/hqfWYcJQdqYmBcshFXxbMQ3qmPraW21aZsVQAAADtJZnZYmX8351yHHc0Qp5eranrKEM/ALpqhOlVDegabnVYVraGipxrKe6ohO+6Ojx5+Qc1lPdVccBpGWX6GG9f85X2LXjzsC2P3mvj5xUMvmPKz8eGst++uerx5yYtv7XvEzesK5v/NHz3/r+6mI2UFx/9DGNv1N+Yuz0Tas/FxrXkZAAAAgB1w0R//xR61Lw85oGHT+2X3zl/7xKMrfrl5j1NOf3/c8a//8PCaxnsL5v+jSjv/P+4T6ZOTOTwSd0NMHRBCc34gqXZkYSA56t0vEwAAAIDeIHs8PnssfErmNjlFOz2fLszfup3544H/Ud3m//09/7P2jq3/+mLZBd89d0TNgKX/9GrHhBNOPvqW47/1zj4VB/yyvGD+31ra+f+1+bdJJ9bHXlw9IIS+OYEHYy87A10aY+D5I/MDmfGvjxtgcawqc2JCtqrFscS4GGhOBZYUK/FotsTe+YHMk5VtfFF2HFMyJXICAAAA8ImLuwPicfl4/n/LGSNO++vvzfrbha88eN7qCy75q+Ed80eedP/THzbMvXJp2PTmEQXz/3Hbd/5/1zy44PT+9n4hDK0IoU/6hwGP1CYLA8ZAXVkmcW9tUlefdFULa0MY2TmwdFUvZNb/r0ivMfh4TVJVDOy93y1vD+pMLKsJYWhu4IlvLz2sMzEnFcg2flpNCF/qHG268bv6Jo1Xphu/tm8IX8wJZKua0DeEzsaq0lX9r+rMdQzSVa2qDmHPnEC2quHVIcwNAPRW8X/pxNwHZ82dN3V8e3vbzF2YiDvxa8KkKe1tTROmt0+sLtKniak+561jtKBwTKVe+mZTZo2ixSsnV5aSzv5QsDm3rcyO/IIzBzP345ehyq5xHlKZd7clPeQD9y9sIuR8lSo25PJdPOTa3Eq2PYkF9cf8VaFf6DtnVtvMpvPGz549c1jyt9TshyR/43GmZFsNS2+r2u76VsLLo+hyWSkfd1sNyq1k6OxpM4bOmjtvyJRp4ye3TW47p+XQP2sZMXz410YM7RxUc/K3h5EO6q7m1Ei3Li1xWDtxpF+oyKnkk/jQkJCQ6G2J/f7L5odH77n+nOt/9tqPz+/3zdPu3fvImT889KqpD1Xve/ji24ccWDD/n/HR8//4qRM/+DPrMxQ7/t8QD/Mnj287zD8uBpaUevy/odjR/OyJAY2pQEcMdDjMDwAAwGdD3B0Z92bGndKbb1m/buOSlrk/aHin5dY17Utvuum+U39y58ATvjQ47LXhuhM+VzD/7yjt9/87af3/7NL1JxRb5v+gWKK52Pr/6WX+s+v/dxRb/z+9zH92/f8ln8L6/3OygdQmecf6/wAAwGfBJ7f+f4/L+6cvEFCQocfl/dMXCCjI0OMy/qVeIGC71/9f8+Bff6Wq35g7/qTlN/WXvPZ39xzWeuS6zTP/5Etb10+877qxt6wpmP9fUdr838L9AAAAsPv4z5ddU3H02Xff0bJu6sZxbw5+98m3lgzq80HF0Q+3j3xh4Bu3nlcw/19S2vz/k1//LxQ7/7+xWKC12MKA1v8DAACglyq2/t89Q1sa/zCm/x+eHvab5Q/ePPqnj/z898v3+/mJPyvfZ8Gxz8+8bFLB/H9VafP/eNpFeV7u2JsP65M17UJ6Tbs367M/GQAAAIDeoTw0NVWWmDdvYdSjPn6bT2eWAv2odK7vvXLt2ZtfmH7c46ev+7uaEwbvOWHaBasa/2b4gXd+ftQley7ddGrB/H9tafP/vN9lXPrYiun9lo2+9MOrN/9qzIazag7YdvwfAAAA2HVK3S8BAAAAAAAAAAAAAAB8+s7tWHzhI8uOfe+bt//F/kcseXXwbXcd+Lsh/V664qoHJq1648zJXy/4/X8Y21Wu2O//43X/4u8L/igvd2y15/X/MvdPOfH2uV1LFj5SH8L+uYGpC6fuETLX5h+cG7jvjIMGdiYWpkusefbolzoT30kHjh/yuS2dicNTgXFxkcR90oF4VcUt/VOBuLzi4+lA3B6r0oGqTOCy/sk4ytLb6pW6ZFuVpbfVxroQBuQEstvq7rqkjbL0AK9JBbID/F46EAd4ciZQnu7V7f2SXsVAXSx6Q7+kVwAA7Lbit8DKMGlKe1tz/Aofb79QkX8b5S1ZtqCw2rISm9+UWZps8crJlaWk+6S/i2671nhlqO4cwrCCr6u5Wcq6Rrlzaulh0/1RkSH3tNpbeZFyadu76aqKj6gmGVHThOntEyt7HHhLz1kOqegxy7CCyU5ulvKuTVpCLSX0pYQRlbhtSuhyvF8empr6pHL9eQw2hDw9vSJK/b1+7jp/xV4FuXluO/TKt758zE+f++CfP/9E/2+cVnP7rO+/e+KvX7//wEOOuG5C05otBfP/htLm/9W549qSuRhAR7yy3sgBIYwrcUQAAADw2XfbRbfecfr09a9MWlvx5GOPTS0fc3rl1vl3zp93ycZ7Fx9/2cErdjR+2Fm//f5vBu//b89e9dJPR+7zwA03/58nD3v8z3//8I8eeqduZZ+x7xXM/xtLm//HPViZQ8HJ3o618fr/iwaE0HVp/YYksDIO97sDQvhyV6o1lkguqH9CLNGcBFbGHSYHxRLjWvOr6hsDq1KBl+szgbWpwPoYyOyluCVkduVcWR/CYV2psfklZsQSDanAmBhoTAWaYqA5FegfA6NSgdf6ZwKtqcDDMRCm5G+rH/fPbCsAAIDtkZlnVebfDel53qqKnjKU9ZShtqcM5T1lqO4pQ7FRxPt3xAyVqZNXynIyVaZrrUnVUpAhXgx/u/tVkCE8mp8zXbCg6Xj+QfZ8g7L8DFf+4NlT1w+e/tDqzcd8beBt/zhkz4Obp9e9t+CGp3475pzrnv/TQQXz/+bS5v+1+bdJ6+vj/H/b9f+SwIOxe1fHU8cbY+D5I/MDmR0D6+Nkd3G2qtZMicykfXEsMSoGGlOBGTEwKhUYNzYTWDIwP5CZaWcbX5RtfEqmRE4AAAAAPnFxB0HcTRPn/zce9YOr3x8wccuyeTPvH9vyxMmjv3H1XT+6d/9ld767YvCAce99p2D+P6q0+X9sr19uYxfH3rzYP4S7y7b1JhsYUpcE4n6Muvjz+H3rQtgjZwdHtkRbbVKiKtVweKAm+YV6Vbqq1TXJGgPx/ikb7r/v8s7ENTUhfCVn70u2jWeqkzZq0oFBVUmgNh2YXpEE4p6fbOAn5UkAdlh2r2B8QWVOdclq6L5ckdffZ+WaoOnhFewD7SZfd7+52lWq0w9k9qlmbd/TVlAdu0TB22Otd1tvfLc1eLflfpHKfEPZui1UHcontk0aP6d9dnwk95esBXbR85z7K9VS0jvhddjx8Xvbs+p0B5pTHx/N3Zfr/nVYFqu79LEV0/stG33p1Zt/NWbDWTUHlNyNIuIPhX+05X9XPpWzeXe16pB5zfW6z5NWnye98d9Ao6cthHDZ9cfsu+TdX+/33A3Pnbqu7Maxr/7lrHs2Lf+bysNHrXv/yaGjLy+Y/7eWNv+vSN12+V3cmLMGhHBgzsZ9JG7+YwYkn4M5geRTcs/CQHLI/V/ri35yAgAAwM6W3d2R3V8wJXObnBCenicX5m/dzvxxf8WobvOX2u9j121cedLQN6474G8vOPGNv7/28Kceuv6ysnXL//vYD1avuXzxe08UzP/HffT8v2+qm47/O/7PLuL4f7d2913RfdMPdOzQruiC6tglHP/v1u7+bnP8v1uO/zv+3x3H/3vg+H+3dvenreBb0gxfujonwdff+fPfTbzpg7mN+x180lPPHDrxun+6quXuu0555b+de9601761uWD+P6O0+b/1/7pftC+7/t+4Yuv/zSi2/l+H9f8AAIBdqshCc+l5XsHqfQUZ0qv3FWTocYHAHpcYtP7fdq//t3Dkv1904Q+fb7n2nTvHXb5m07Fnvvr0utXPzFpx3Lnnv9V6112tBfP/jtLm//Hl0C+39d6y/l/j2CJVXREDMywMCAAAwO6o2A4CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPl2HnvbO+5d8/R/aBv1ixc1/f+v/+7/P1q594JvfuGn4L6f86RllazZcM+LMLfMOuvC4+Qum/UvH8tVHnBHClK5yZUnxsueu+OpDrXsd9+wdAzfOvPHW+i3VmXorM7d/nJc7tvphfQhLch6pi4k36zvvbAuccuLtcys6E4/Uh7B/bmDqwql7dCaW14cwODdw3xkHDexMLEyXWPPs0S91Jr6TDhw/5HNbOhOHZwJl6e5e1z/pblm6u5f3D2FATiDb3bP751eVbeO4TKA83caKuqSNGKiLRa+tS9qIgfZYYkrfEIZWhNAnXdU/VydV9UlXdU91UlWfdFUXVYcwMoRQka7quaqkqor0yB+tSqqKgb33u+XtQZ2JpVUhDM0NPPHtpYd1JmamAtnG/1NVCF/qfMmkG/9xZdJ4Zbrx/1oZwhdDCFXpEu9VJCWq0iVeqAhhz5zAto1YEcLcwGdD/PSZmPvgrLnzpo5vb2+buQsTVZm2asKkKe1tTROmt0+sTvWpmLKc9NYFH3/sm96eP6HzdvHKyZWlpCsy5Sq7unxIZd7dlt2997FftbmVbHs+CuqP+atCv9B3zqy2mU3njZ89e+aw5G+p2Q9J/vbJRJNtNay3bKtBuZUMnT1txtBZc+cNmTJt/OS2yW3ntBz6Zy0jhg//2oihnYNqTv7ujJEu/eRH+oWKnEo+ife/hIREb0uU5326Ne/un+MFX/S3dbQyVHd9QBdMK3KzlHWNcmcM+qiPOeKP8zWlxxENK5g4FGQ5pOcsLQWTiW1ZapIsXV/rCiaHuTWVd23SeL88NDX1KbYdGvLv5m7e13dg8z6d2XSlpgEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+P/swIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCwAAAAAIMzfOoyeDQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAA//8fSxmR")
ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(r1, 0x4008941a, &(0x7f0000000080)=0x2)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
ioctl$BTRFS_IOC_SEND(r1, 0x40489426, &(0x7f00000000c0)={{}, 0x0, 0x0, 0x0, 0x0, 0xfffffffe})

3.743699062s ago: executing program 4 (id=686):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$inet6(0xa, 0x2, 0x0)
r1 = socket(0x10, 0x803, 0x0)
syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r1)
getsockname$packet(r1, &(0x7f0000000180)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x437, 0x0, 0x2, {0x0, 0x0, 0x0, r2, 0x50483}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @bridge={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_BR_MCAST_IGMP_VERSION={0x5, 0x2b, 0x3}]}}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x4000000)
sendmmsg$inet(r0, &(0x7f0000000880)=[{{&(0x7f0000000040)={0x2, 0x4e1c, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r2, @empty, @multicast1}}}], 0x20}}], 0x1, 0x4880)

3.181251475s ago: executing program 5 (id=687):
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f00000004c0)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f0000000140)='./bus\x00', &(0x7f0000000000), 0x0, &(0x7f0000000180)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]})
chdir(&(0x7f00000000c0)='./bus\x00')
mknodat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x800, 0x103)
renameat2(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0xffffffffffffff9c, &(0x7f0000000480)='./file7\x00', 0x5)

3.149360457s ago: executing program 6 (id=688):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1)
ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{0x81b7000, 0xdddd0000, 0xe, 0xf1, 0x5, 0xfd, 0xd4, 0xd4, 0x0, 0x4, 0x7, 0x5}, {0x5000, 0xd000, 0x9, 0x9, 0x8, 0x3, 0x6, 0x8, 0x5, 0xf, 0x3, 0xca}, {0xeeee0000, 0xe6e50002, 0xb, 0xfd, 0x2, 0x7, 0x4, 0x1, 0x81, 0x0, 0x6, 0x7}, {0x7f778000, 0x2000, 0x8, 0xfb, 0x3, 0x46, 0x5, 0xd, 0x6, 0x3, 0x8, 0x1}, {0x100000, 0x0, 0x9, 0x1, 0x3, 0x9, 0x7, 0x6, 0x5, 0x4, 0x2e, 0x4b}, {0x2, 0xd000, 0x0, 0x6, 0x3, 0x6a, 0x1, 0xff, 0x4, 0x80, 0x1, 0xfc}, {0x100000, 0x4000, 0xf, 0x9d, 0x3, 0x0, 0x0, 0xeb, 0x5, 0x6, 0x0, 0xf8}, {0xeeef0000, 0x8000000, 0xd, 0x5, 0x28, 0x7, 0xa, 0x9, 0x54, 0xc, 0x2, 0x7}, {0xeeef0000, 0x5}, {0x2, 0x89}, 0x40010000, 0x0, 0xeeee8000, 0x320, 0x6, 0x2000, 0xe6e70c00, [0x3, 0x401, 0x7, 0xc5]})
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
ioctl$KVM_SET_SREGS2(r2, 0x4140aecd, &(0x7f0000000140)={{0xffff0000, 0x1000, 0xf000, 0x9, 0x80, 0xb, 0x81, 0xff, 0x0, 0x84, 0x0, 0xb}, {0x6002, 0x0, 0x10, 0x3, 0x3, 0x6, 0x6, 0x6, 0x1, 0x4, 0x0, 0x11}, {0x5000, 0x7fffffe, 0x4, 0x4, 0x10, 0x81, 0x4, 0x13, 0x5, 0x4, 0x92, 0x80}, {0xeeee0000, 0x4, 0xe, 0x7, 0x1, 0x40, 0x2, 0x0, 0xfd, 0x29, 0x9, 0x8}, {0x80a0000, 0xdddd0000, 0x9, 0x9, 0x80, 0xa, 0xfd, 0xf1, 0x2, 0x6e, 0x2, 0x8}, {0xf000, 0xdddd1000, 0x9, 0x2, 0xaa, 0x2, 0x5, 0x5, 0x1, 0xe, 0x6, 0x3}, {0xeeee8000, 0x10000, 0xb, 0x0, 0xcd, 0x6, 0x5, 0x26, 0x8, 0xcd, 0xff, 0x6}, {0x1, 0xf000, 0xd, 0xe, 0x13, 0x40, 0xff, 0xfd, 0x1, 0x1, 0xf, 0xa}, {0x100000, 0x5}, {0xeeef0000, 0xff81}, 0x80000003, 0x0, 0xd000, 0x1a1, 0x4, 0xd01, 0xeeee8000, 0x0, [0xb, 0x2, 0x0, 0x2003]})

2.062300369s ago: executing program 4 (id=689):
syz_mount_image$reiserfs(&(0x7f0000000180), &(0x7f0000000280)='./file0\x00', 0x1000098, &(0x7f00000002c0), 0xfe, 0x1103, &(0x7f0000000300)="$eJzs2LFqFEEYB/D/7J6ChZxM+iWghYIEw/kCKRSusbCxsTus7LxKucfJG/gakso+5gFSBOyV3fU0AUHxDg+O3w+W3e/Pznwz5UwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgN0luJzlokrrOmiQl6bqz+UWSbp3f+9Q2KXn5Zr589m72fDn+lj5rUvpRQ12P79c6q7N6XJ8enDyoy/cf3rbXWpZ0Ob9aLe68uNzqVvre7VZnBAAAgP3wbWPTYZ67O+sPAAAA/MlWLxMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANlTXH02SknTd2fwiSbfbZQEAAAAbKmnyevq7fLwG+OVxPk/LkCf5cprk61A8yek4/tFftPv46kZ5698XDgAAAHumXDuPP8zk57m8zw4zydHRWP945fIkaYeT+U3nV6vF8ByuFuV/bgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPjODhwLAAAAAAjzt06jYwMAAAAAAAAAAAAAAAAAAKYKAAD//xIs078=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x121042, 0x2)
pwrite64(r0, &(0x7f0000000140)='2', 0x1, 0x8000c61)
ioctl$SNDRV_CTL_IOCTL_POWER_STATE(0xffffffffffffffff, 0x800455d1, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0)
pwrite64(r1, &(0x7f0000000000)='2', 0x1, 0x4fed0)
mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x8000, 0x1)

1.533052321s ago: executing program 5 (id=690):
r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
r3 = syz_io_uring_setup(0x6148, &(0x7f0000000340)={0x0, 0x13ea, 0x2, 0x2, 0x3c6}, &(0x7f0000000040), &(0x7f0000000140))
io_uring_enter(r3, 0x2241, 0x1b86, 0x1, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'hsr0\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c00000010000104000002000000000000000000", @ANYRES32=0x0, @ANYBLOB="03800000000000001c0012800b0001006970766c616e00000c000280060001000200000008000500", @ANYRES32=r5, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r5], 0x4c}, 0x1, 0x0, 0x0, 0x20004885}, 0x4054)
r6 = dup2(r2, r1)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x12, &(0x7f0000000940)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [@ldst={0x0, 0x0, 0x4, 0x6, 0x4, 0xfffffffffffffffe, 0xffffffffffffffff}, @map_idx_val={0x18, 0x1, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0xcc51}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000580)='GPL\x00', 0x5, 0x4f, &(0x7f0000000780)=""/79, 0x41000, 0x14, '\x00', r5, @sched_cls=0x2e, 0xffffffffffffffff, 0x8, &(0x7f0000000440)={0x2, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, r2, 0x1, &(0x7f0000000680)=[r6, r6, r6, 0xffffffffffffffff], &(0x7f0000000600)=[{0x2, 0x4, 0xa, 0x4}], 0x10, 0x34e1}, 0x94)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff})
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='io.stat\x00', 0x26e1, 0x0)
r8 = socket$kcm(0x2, 0x2, 0x0)
setsockopt$sock_attach_bpf(r8, 0x1, 0xf, &(0x7f00000002c0), 0x161)
sendmsg$inet(r8, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0)
setsockopt$sock_attach_bpf(r8, 0x1, 0x31, &(0x7f0000000640)=r7, 0x4)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x4000)
setsockopt$llc_int(r0, 0x10c, 0x2, &(0x7f0000008680)=0x1000, 0x4)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c000000100005ff0400", @ANYRESOCT=r0, @ANYBLOB="0000000000000000140012800b000100626174616476000004000280", @ANYRES32], 0x3c}, 0x1, 0x0, 0x0, 0x40000c1}, 0x0)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000700), r6)
sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0x44, r10, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_COVERAGE_CLASS={0x5, 0x59, 0x80}, @NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8, 0x61, 0xe0}, @NL80211_ATTR_TXQ_QUANTUM={0x8, 0x10c, 0x66}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x4}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x4}, @NL80211_ATTR_WIPHY_ANTENNA_RX={0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x44010}, 0x4000000)

934.252135ms ago: executing program 6 (id=691):
r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x1)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0)
r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102)
writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2)
r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x11, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f00000000c0)='syzkaller\x00', 0x8, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2}, 0x94)
r3 = syz_io_uring_setup(0x6148, &(0x7f0000000340)={0x0, 0x13ea, 0x2, 0x2, 0x3c6}, &(0x7f0000000040), &(0x7f0000000140))
io_uring_enter(r3, 0x2241, 0x1b86, 0x1, 0x0, 0x0)
socketpair$unix(0x1, 0x2, 0x0, 0x0)
r4 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000040)={'hsr0\x00', <r5=>0x0})
sendmsg$nl_route(r4, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000300)=ANY=[@ANYBLOB="4c00000010000104000002000000000000000000", @ANYRES32=0x0, @ANYBLOB="03800000000000001c0012800b0001006970766c616e00000c000280060001000200000008000500", @ANYRES32=r5, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r5], 0x4c}, 0x1, 0x0, 0x0, 0x20004885}, 0x4054)
r6 = dup2(r2, r1)
bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x3, 0x12, &(0x7f0000000940)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8001, 0x0, 0x0, 0x0, 0x8}, {{0x18, 0x1, 0x1, 0x0, r6}}, {}, [@ldst={0x0, 0x0, 0x4, 0x6, 0x4, 0xfffffffffffffffe, 0xffffffffffffffff}, @map_idx_val={0x18, 0x1, 0x6, 0x0, 0x5, 0x0, 0x0, 0x0, 0xcc51}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000580)='GPL\x00', 0x5, 0x4f, &(0x7f0000000780)=""/79, 0x41000, 0x14, '\x00', r5, @sched_cls=0x2e, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, r2, 0x2, &(0x7f0000000680)=[r6, r6, r6, 0xffffffffffffffff], &(0x7f0000000600)=[{0xfffffffd, 0x2, 0xe, 0xb}, {0x2, 0x4, 0xa, 0x4}], 0x10, 0x34e1}, 0x94)
r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='io.stat\x00', 0x26e1, 0x0)
r8 = socket$kcm(0x2, 0x2, 0x0)
setsockopt$sock_attach_bpf(r8, 0x1, 0xf, &(0x7f00000002c0), 0x161)
sendmsg$inet(r8, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x0)
setsockopt$sock_attach_bpf(r8, 0x1, 0x31, &(0x7f0000000640)=r7, 0x4)
open_by_handle_at(0xffffffffffffffff, 0x0, 0x4000)
setsockopt$llc_int(r0, 0x10c, 0x2, &(0x7f0000008680)=0x1000, 0x4)
r9 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c000000100005ff04000000000000000000004a", @ANYRESOCT=r0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32], 0x3c}, 0x1, 0x0, 0x0, 0x40000c1}, 0x0)
r10 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000700), r6)
sendmsg$NL80211_CMD_SET_WIPHY(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f00000000c0)={&(0x7f0000000140)={0x44, r10, 0x200, 0x70bd26, 0x25dfdbfc, {}, [@NL80211_ATTR_WIPHY_COVERAGE_CLASS={0x5, 0x59, 0x80}, @NL80211_ATTR_WIPHY_TX_POWER_SETTING={0x8, 0x61, 0xe0}, @NL80211_ATTR_TXQ_QUANTUM={0x8, 0x10c, 0x66}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x4}, @NL80211_ATTR_WIPHY_RETRY_SHORT={0x5, 0x3d, 0x4}, @NL80211_ATTR_WIPHY_ANTENNA_RX={0x8}]}, 0x44}, 0x1, 0x0, 0x0, 0x44010}, 0x4000000)

0s ago: executing program 5 (id=692):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r0, 0x84, 0x72, &(0x7f0000000240)={0x0, 0x20, 0x30}, 0xc)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000180)="1a", 0x1, 0x0, &(0x7f0000000200)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000000080)='|', 0x1, 0x0, 0x0, 0x0)
setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000140)={0x0, 0x2}, 0x8)
writev(r0, &(0x7f0000001300)=[{&(0x7f0000000100)='^', 0x34000}], 0x1)

kernel console output (not intermixed with test programs):

ength.
[  105.033898][ T6106] netlink: 28 bytes leftover after parsing attributes in process `syz.0.69'.
[  105.476407][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  107.464805][ T6145] netlink: 'syz.0.81': attribute type 49 has an invalid length.
[  107.482315][ T6145] netlink: 28 bytes leftover after parsing attributes in process `syz.0.81'.
[  108.624729][ T5774] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[  108.804634][ T5828] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  108.810091][ T5774] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32
[  108.825934][ T5774] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config
[  108.840117][ T5774] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66
[  108.853493][ T5774] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9
[  108.869427][ T5774] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024
[  108.884430][ T5774] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40
[  108.898931][ T5774] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0
[  108.909611][ T5774] usb 4-1: Product: syz
[  108.913911][ T5774] usb 4-1: Manufacturer: syz
[  108.928563][ T5774] cdc_wdm 4-1:1.0: skipping garbage
[  108.937413][ T5774] cdc_wdm 4-1:1.0: skipping garbage
[  108.956454][ T5774] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device
[  108.963287][ T5774] cdc_wdm 4-1:1.0: Unknown control protocol
[  109.009134][ T5828] usb 2-1: Using ep0 maxpacket: 8
[  109.028718][ T6166] loop2: detected capacity change from 0 to 32768
[  109.045313][ T5828] usb 2-1: New USB device found, idVendor=093b, idProduct=a104, bcdDevice= 0.01
[  109.059503][ T5828] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  109.069167][ T5828] usb 2-1: Product: syz
[  109.073404][ T5828] usb 2-1: Manufacturer: syz
[  109.078879][ T5828] usb 2-1: SerialNumber: syz
[  109.097894][ T5828] usb 2-1: config 0 descriptor??
[  109.118227][ T5828] go7007: probe of 2-1:0.0 failed with error -12
[  109.131455][ T6166] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  109.195830][    C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  109.202837][    C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  109.211040][    C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  109.217718][    C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  109.224965][    C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  109.231639][    C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  109.238853][    C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  109.245528][    C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  109.253250][    C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  109.259903][    C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  109.266270][    C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  109.272933][    C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  109.279470][ T5774] usb 4-1: USB disconnect, device number 3
[  109.285438][    C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71
[  109.285460][    C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes
[  109.285476][    C1] cdc_wdm 4-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19
[  109.350590][ T5862] usb 2-1: USB disconnect, device number 3
[  109.362739][ T6166] XFS (loop2): Ending clean mount
[  109.408816][ T6166] XFS (loop2): Quotacheck needed: Please wait.
[  109.483447][ T6166] XFS (loop2): Quotacheck: Done.
[  109.703835][ T5771] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  111.026289][ T6194] netlink: 16 bytes leftover after parsing attributes in process `syz.0.92'.
[  111.046199][ T6194] netlink: 28 bytes leftover after parsing attributes in process `syz.0.92'.
[  113.139367][ T6214] loop1: detected capacity change from 0 to 1024
[  113.297033][ T6214] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  113.379707][ T6214] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1231: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4278190105 free clusters
[  113.400424][ T6214] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 2 with error 28
[  113.421603][ T6214] EXT4-fs (loop1): This should not happen!! Data will be lost
[  113.421603][ T6214] 
[  113.438585][ T6214] EXT4-fs (loop1): Total free blocks count 0
[  113.446509][ T6214] EXT4-fs (loop1): Free/Dirty block details
[  113.453548][ T6214] EXT4-fs (loop1): free_blocks=68451041280
[  113.463664][ T6214] EXT4-fs (loop1): dirty_blocks=16
[  113.471927][ T6214] EXT4-fs (loop1): Block reservation details
[  113.493410][ T6214] EXT4-fs (loop1): i_reserved_data_blocks=1
[  113.541547][ T6214] syz.1.99 (6214) used greatest stack depth: 20784 bytes left
[  113.601759][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  114.358244][ T6234] loop0: detected capacity change from 0 to 4096
[  114.378657][ T6234] ntfs3: loop0: Different NTFS sector size (1024) and media sector size (512).
[  114.562600][ T6242] netdevsim netdevsim0 netdevsim0: entered allmulticast mode
[  114.578425][ T6242] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  114.701455][ T6242] ntfs3: loop0: ino=1e, "file1" ntfs_sync_inode failed, -22.
[  114.709346][ T6242] ntfs3: loop0: Mark volume as dirty due to NTFS errors
[  115.520132][ T6241] loop3: detected capacity change from 0 to 4096
[  115.527152][   T32] ntfs3: loop0: ino=1e, ntfs3_write_inode failed, -22.
[  115.711540][ T6241] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  115.887573][ T6241] ntfs3: loop3: Failed to load $Extend (-22).
[  115.893791][ T6241] ntfs3: loop3: Failed to initialize $Extend.
[  117.808006][ T6295] capability: warning: `syz.1.126' uses deprecated v2 capabilities in a way that may be insecure
[  117.853065][ T6295] overlayfs: failed to create directory ./bus/work (errno: 13); mounting read-only
[  117.879509][ T6297] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  117.898662][ T6295] overlayfs: fs on '.' does not support file handles, falling back to index=off,nfs_export=off.
[  119.518722][ T6307] loop0: detected capacity change from 0 to 40427
[  119.562515][ T6307] F2FS-fs (loop0): Found nat_bits in checkpoint
[  119.704765][ T6307] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  119.790396][ T6333] loop1: detected capacity change from 0 to 1024
[  119.834750][ T6335] syz.3.140 uses obsolete (PF_INET,SOCK_PACKET)
[  119.889475][ T6307] syz.0.131: attempt to access beyond end of device
[  119.889475][ T6307] loop0: rw=2049, sector=53248, nr_sectors = 136 limit=40427
[  120.064961][ T5768] syz-executor: attempt to access beyond end of device
[  120.064961][ T5768] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  120.115697][ T5768] F2FS-fs (loop0): Stopped filesystem due to reason: 3
[  120.557040][ T6349] netlink: 16 bytes leftover after parsing attributes in process `syz.3.144'.
[  120.575292][ T6349] netlink: 28 bytes leftover after parsing attributes in process `syz.3.144'.
[  121.323275][ T6348] loop1: detected capacity change from 0 to 4096
[  121.385262][ T6348] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512).
[  121.548422][ T6325] loop2: detected capacity change from 0 to 32768
[  121.628579][ T6325] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  121.637668][ T6325] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  121.928452][ T6325] gfs2: fsid=syz:syz.0: journal 0 mapped with 9 extents in 0ms
[  122.028493][  T787] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  122.048298][  T787] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  122.199328][  T787] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 151ms
[  122.231151][  T787] gfs2: fsid=syz:syz.0: jid=0: Done
[  122.244005][ T6325] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  123.354045][ T6383] loop0: detected capacity change from 0 to 4096
[  123.598085][ T6383] EXT4-fs (loop0): Test dummy encryption mode enabled
[  123.608887][ T6383] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  123.624972][ T6383] System zones: 0-5
[  123.637604][ T6325] gfs2: fsid=syz:syz.0: found 1 quota changes
[  123.646006][ T6383] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  123.788097][ T5771] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  123.788097][ T5771]   inode = 11 2339
[  123.788097][ T5771]   function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 472
[  123.811343][ T5771] gfs2: fsid=syz:syz.0: G:  s:EX n:2/923 f:qobnN t:EX d:EX/0 a:0 v:0 r:3 m:20 p:1
[  123.825554][ T5771] gfs2: fsid=syz:syz.0:  H: s:EX f:H e:0 p:5771 [syz-executor] gfs2_quota_sync+0x411/0x5a0
[  123.839435][ T5771] gfs2: fsid=syz:syz.0:  I: n:11/2339 t:0 f:0x00 d:0x00000000 s:0 p:0
[  123.841380][ T6383] fs-verity: sha512 using implementation "sha512-avx2"
[  123.858404][ T5771] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  123.882107][ T5771] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  123.892810][ T5771] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  123.907727][ T5771] gfs2: fsid=syz:syz.0: File system withdrawn
[  123.914115][ T5771] CPU: 1 PID: 5771 Comm: syz-executor Not tainted syzkaller #0
[  123.921705][ T5771] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  123.931819][ T5771] Call Trace:
[  123.935160][ T5771]  <TASK>
[  123.938139][ T5771]  dump_stack_lvl+0x18c/0x250
[  123.942865][ T5771]  ? kobject_uevent_env+0x363/0x8b0
[  123.948109][ T5771]  ? show_regs_print_info+0x20/0x20
[  123.953364][ T5771]  ? load_image+0x400/0x400
[  123.957908][ T5771]  ? kobject_uevent_env+0x363/0x8b0
[  123.963164][ T5771]  gfs2_withdraw+0xb24/0x13d0
[  123.967933][ T5771]  ? gfs2_lm+0x240/0x240
[  123.972227][ T5771]  ? preempt_schedule+0xc0/0xd0
[  123.977142][ T5771]  ? gfs2_consist_inode_i+0xf5/0x110
[  123.982478][ T5771]  gfs2_inode_refresh+0xb89/0x1000
[  123.987635][ T5771]  ? gfs2_inode_metasync+0xf0/0xf0
[  123.992789][ T5771]  ? gfs2_glock_nq+0xd4f/0x1420
[  123.997688][ T5771]  gfs2_instantiate+0x162/0x220
[  124.002589][ T5771]  gfs2_glock_wait+0x1d4/0x2a0
[  124.007400][ T5771]  do_sync+0x4c6/0xe50
[  124.011510][ T5771]  ? gfs2_quota_sync+0x411/0x5a0
[  124.016488][ T5771]  ? bh_get+0x760/0x760
[  124.020687][ T5771]  ? __lock_acquire+0x7d40/0x7d40
[  124.025778][ T5771]  ? do_raw_spin_lock+0x11f/0x2c0
[  124.030848][ T5771]  ? gfs2_quota_sync+0x411/0x5a0
[  124.035820][ T5771]  ? do_raw_spin_unlock+0x121/0x230
[  124.041067][ T5771]  gfs2_quota_sync+0x411/0x5a0
[  124.045895][ T5771]  gfs2_sync_fs+0x4c/0xb0
[  124.050260][ T5771]  sync_filesystem+0xea/0x220
[  124.054978][ T5771]  generic_shutdown_super+0x6f/0x2b0
[  124.060298][ T5771]  kill_block_super+0x44/0x90
[  124.065030][ T5771]  deactivate_locked_super+0x97/0x100
[  124.070455][ T5771]  cleanup_mnt+0x43b/0x4d0
[  124.074918][ T5771]  task_work_run+0x1d4/0x260
[  124.079556][ T5771]  ? task_work_cancel+0x220/0x220
[  124.084625][ T5771]  ? exit_to_user_mode_loop+0x3b/0x110
[  124.090129][ T5771]  exit_to_user_mode_loop+0xe6/0x110
[  124.095458][ T5771]  exit_to_user_mode_prepare+0xee/0x180
[  124.101050][ T5771]  syscall_exit_to_user_mode+0x1a/0x50
[  124.106545][ T5771]  do_syscall_64+0x61/0xa0
[  124.111005][ T5771]  ? clear_bhb_loop+0x40/0x90
[  124.115717][ T5771]  ? clear_bhb_loop+0x40/0x90
[  124.120445][ T5771]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  124.126369][ T5771] RIP: 0033:0x7fd90479bf17
[  124.130829][ T5771] Code: a2 c7 05 7c 96 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  124.150500][ T5771] RSP: 002b:00007ffc706fa7f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  124.158952][ T5771] RAX: 0000000000000000 RBX: 00007fd90480471f RCX: 00007fd90479bf17
[  124.166959][ T5771] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffc706fa8b0
[  124.174964][ T5771] RBP: 00007ffc706fa8b0 R08: 00007ffc706fb8b0 R09: 00000000ffffffff
[  124.182970][ T5771] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffc706fb940
[  124.190978][ T5771] R13: 00007fd90480471f R14: 000000000001d278 R15: 00007ffc706fb980
[  124.199009][ T5771]  </TASK>
[  124.355626][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  124.488509][ T6399] gretap1: entered allmulticast mode
[  126.851483][ T6423] loop2: detected capacity change from 0 to 1024
[  126.891581][ T6423] EXT4-fs: Ignoring removed bh option
[  126.918008][ T6423] EXT4-fs (loop2): stripe (5) is not aligned with cluster size (16), stripe is disabled
[  126.968127][ T6423] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  127.270375][ T5771] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  127.346595][ T6433] pim6reg1: entered promiscuous mode
[  127.351954][ T6433] pim6reg1: entered allmulticast mode
[  128.247050][ T6444] loop1: detected capacity change from 0 to 32768
[  128.269568][ T6442] loop3: detected capacity change from 0 to 32768
[  128.294839][ T6444] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  128.310138][ T6442] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.168 (6442)
[  128.415638][ T6444] XFS (loop1): Ending clean mount
[  128.416058][ T6442] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  128.433216][ T6444] XFS (loop1): Quotacheck needed: Please wait.
[  128.442546][ T6442] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  128.451589][ T6442] BTRFS info (device loop3): using free space tree
[  128.538813][ T6444] XFS (loop1): Quotacheck: Done.
[  128.586730][ T6442] BTRFS info (device loop3): enabling ssd optimizations
[  128.599452][ T6442] BTRFS info (device loop3): auto enabling async discard
[  128.783280][ T5769] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  128.957285][ T6462] loop0: detected capacity change from 0 to 32768
[  129.095263][ T6462] jfs_readdir called with invalid offset!
[  129.130858][ T5770] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  129.590443][ T6487] loop2: detected capacity change from 0 to 32768
[  129.691804][ T6487] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  129.828182][ T6504] loop1: detected capacity change from 0 to 4096
[  129.863055][ T6504] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512).
[  129.878583][ T6487] XFS (loop2): Ending clean mount
[  130.728907][ T5771] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  130.817258][ T6518] netlink: 8 bytes leftover after parsing attributes in process `syz.0.180'.
[  130.836136][ T6518] netlink: 28 bytes leftover after parsing attributes in process `syz.0.180'.
[  132.197258][   T28] audit: type=1800 audit(1769279920.478:4): pid=6514 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.179" name="file1" dev="loop1" ino=30 res=0 errno=0
[  132.227892][ T6514] ntfs3: loop1: ino=1e, "file1" ntfs_sync_inode failed, -22.
[  132.524757][ T6559] ntfs3: loop1: ino=1e, ntfs3_write_inode failed, -22.
[  132.842816][ T6580] process 'syz.0.185' launched './file2' with NULL argv: empty string added
[  133.112774][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  133.119955][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[  133.645290][ T6603] loop1: detected capacity change from 0 to 4096
[  133.664265][ T6603] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512).
[  134.009167][ T6611] ntfs3: loop1: ino=1e, "file1" ntfs_sync_inode failed, -22.
[  134.814912][ T6594] loop3: detected capacity change from 0 to 32768
[  134.836456][ T4328] ntfs3: loop1: ino=1e, ntfs3_write_inode failed, -22.
[  134.922666][ T6594] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  135.035597][ T6594] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  135.244804][ T6594] gfs2: fsid=syz:syz.0: journal 0 mapped with 5 extents in 0ms
[  135.554764][  T967] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  135.758303][  T967] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  136.200283][  T967] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 441ms
[  136.223774][  T967] gfs2: fsid=syz:syz.0: jid=0: Done
[  136.236829][ T6594] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  136.261281][ T6594] gfs2: fsid=syz:syz.0: can't create logd thread: -4
[  136.784330][ T6686] loop3: detected capacity change from 0 to 64
[  136.903829][ T6686] Trying to free block not in datazone
[  138.560679][ T6724] netlink: 8 bytes leftover after parsing attributes in process `syz.0.213'.
[  138.579587][ T6724] netlink: 28 bytes leftover after parsing attributes in process `syz.0.213'.
[  140.986913][ T6733] loop3: detected capacity change from 0 to 512
[  141.016648][ T6733] EXT4-fs: Ignoring removed i_version option
[  141.094423][ T6733] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  141.304371][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  141.394623][  T787] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  141.580896][  T787] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  141.661872][  T787] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  141.755155][  T787] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  141.890445][  T787] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  142.171576][ T6738] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  142.370313][  T787] usb 3-1: Quirk or no altest; falling back to MIDI 1.0
[  142.598017][  T787] usb 3-1: USB disconnect, device number 2
[  142.703259][ T6747] loop3: detected capacity change from 0 to 512
[  142.773441][ T6747] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  142.827583][ T6747] ext4 filesystem being mounted at /52/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  142.936328][   T28] audit: type=1800 audit(1769279931.218:5): pid=6747 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.220" name="file2" dev="loop3" ino=16 res=0 errno=0
[  143.003418][ T6747] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  145.197046][ T6772] netlink: 8 bytes leftover after parsing attributes in process `syz.1.226'.
[  145.215752][ T6772] netlink: 28 bytes leftover after parsing attributes in process `syz.1.226'.
[  146.957876][ T6783] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  147.021022][ T6783] netlink: 'syz.0.230': attribute type 1 has an invalid length.
[  148.995270][ T6798] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  149.197662][ T6805] loop2: detected capacity change from 0 to 128
[  149.286721][ T6805] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  149.308221][ T6805] ext4 filesystem being mounted at /57/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  149.425709][ T6805] syz.2.237 (pid 6805) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[  149.883550][ T6814] netlink: 4 bytes leftover after parsing attributes in process `syz.3.238'.
[  149.901459][ T6814] netlink: 28 bytes leftover after parsing attributes in process `syz.3.238'.
[  150.145598][ T6805] fscrypt: Adiantum using implementation "adiantum(xchacha12-simd,aes-aesni,nhpoly1305-avx2)"
[  150.377047][ T6803] loop0: detected capacity change from 0 to 32768
[  150.633675][ T6803] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  150.660575][ T5771] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  150.892127][ T6803] XFS (loop0): Ending clean mount
[  151.044547][   T28] audit: type=1804 audit(1769279939.308:6): pid=6803 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.236" name="/newroot/54/file1/file1" dev="loop0" ino=4422 res=1 errno=0
[  151.152358][ T5768] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  151.258245][ T5773] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  151.269980][ T5773] Bluetooth: hci3: Injecting HCI hardware error event
[  151.279599][ T5084] Bluetooth: hci3: hardware error 0x00
[  151.625585][ T6836] loop1: detected capacity change from 0 to 8192
[  151.684042][ T6836] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  151.775398][ T6838] kvm: Disabled LAPIC found during irq injection
[  151.805373][ T6841] loop0: detected capacity change from 0 to 47
[  151.829836][ T6841] =======================================================
[  151.829836][ T6841] WARNING: The mand mount option has been deprecated and
[  151.829836][ T6841]          and is ignored by this kernel. Remove the mand
[  151.829836][ T6841]          option from the mount to silence this warning.
[  151.829836][ T6841] =======================================================
[  152.154990][ T5857] usb 2-1: new low-speed USB device number 4 using dummy_hcd
[  152.352947][ T5857] usb 2-1: config 9 has an invalid interface number: 1 but max is 0
[  152.371564][ T5857] usb 2-1: config 9 has no interface number 0
[  152.390071][ T5857] usb 2-1: config 9 interface 1 has no altsetting 0
[  152.409984][ T5857] usb 2-1: string descriptor 0 read error: -22
[  152.430707][ T5857] usb 2-1: New USB device found, idVendor=2040, idProduct=b140, bcdDevice=75.36
[  152.449006][ T5857] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  152.501498][ T5857] cx231xx 2-1:9.1: New device   @ 1.5 Mbps (2040:b140) with 1 interfaces
[  152.524802][ T5857] cx231xx 2-1:9.1: Not found matching IAD interface
[  152.697647][ T6860] netlink: 8 bytes leftover after parsing attributes in process `syz.2.251'.
[  152.724894][ T6860] netlink: 4 bytes leftover after parsing attributes in process `syz.2.251'.
[  152.753328][ T6860] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  152.763053][ T6860] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  152.772202][ T6860] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  152.781438][ T6860] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  152.796869][ T6860] netlink: 8 bytes leftover after parsing attributes in process `syz.2.251'.
[  152.806001][ T6860] netlink: 4 bytes leftover after parsing attributes in process `syz.2.251'.
[  153.094972][ T6836] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 1052)
[  153.104132][ T6836] FAT-fs (loop1): Filesystem has been set read-only
[  153.147243][ T6836] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 1052)
[  153.187991][ T6836] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 1052)
[  153.345776][  T967] usb 2-1: USB disconnect, device number 4
[  153.494929][ T5084] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  153.567058][ T6866] loop3: detected capacity change from 0 to 32768
[  153.593520][ T6877] A link change request failed with some changes committed already. Interface veth0_macvtap may have been left with an inconsistent configuration, please check.
[  154.159942][ T5769] FAT-fs (loop1): error, fat_get_cluster: invalid cluster chain (i_pos 1052)
[  154.411104][ T6887] syzkaller1: entered promiscuous mode
[  154.426933][ T6887] syzkaller1: entered allmulticast mode
[  155.187819][ T6924] netlink: 4 bytes leftover after parsing attributes in process `syz.2.267'.
[  155.204301][ T6924] netlink: 28 bytes leftover after parsing attributes in process `syz.2.267'.
[  156.015830][ T6934] loop0: detected capacity change from 0 to 4096
[  156.040336][ T6934] ntfs3: loop0: Different NTFS sector size (1024) and media sector size (512).
[  156.532889][ T6941] ntfs3: loop0: ino=1e, "file1" ntfs_sync_inode failed, -22.
[  157.363591][ T4328] ntfs3: loop0: ino=1e, "file1" ntfs3_write_inode failed, -22.
[  158.155556][ T7010] netlink: 32 bytes leftover after parsing attributes in process `syz.0.279'.
[  158.189740][ T6946] loop1: detected capacity change from 0 to 32768
[  158.220789][ T6946] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.272 (6946)
[  158.270460][ T6946] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  158.304116][ T6946] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  158.339025][ T6946] BTRFS info (device loop1): setting nodatasum
[  158.349701][ T6946] BTRFS info (device loop1): force zlib compression, level 3
[  158.370284][ T6946] BTRFS info (device loop1): metadata ratio 4
[  158.384087][ T6946] BTRFS info (device loop1): enabling ssd optimizations
[  158.403608][ T6946] BTRFS info (device loop1): allowing degraded mounts
[  158.424128][ T6946] BTRFS info (device loop1): using free space tree
[  158.578423][ T6946] BTRFS info (device loop1): auto enabling async discard
[  158.886670][ T7038] netlink: 'syz.0.282': attribute type 3 has an invalid length.
[  158.912584][ T7038] netlink: 'syz.0.282': attribute type 3 has an invalid length.
[  158.947766][ T7038] netlink: 'syz.0.282': attribute type 3 has an invalid length.
[  158.961436][ T7038] netlink: 'syz.0.282': attribute type 3 has an invalid length.
[  158.974171][ T7038] netlink: 'syz.0.282': attribute type 3 has an invalid length.
[  158.988186][ T7038] netlink: 'syz.0.282': attribute type 3 has an invalid length.
[  159.138812][ T7038] netlink: 'syz.0.282': attribute type 3 has an invalid length.
[  159.296768][ T7038] netlink: 'syz.0.282': attribute type 3 has an invalid length.
[  159.318408][ T7038] netlink: 'syz.0.282': attribute type 3 has an invalid length.
[  159.328725][ T7038] netlink: 'syz.0.282': attribute type 3 has an invalid length.
[  159.355445][ T7043] netlink: 28 bytes leftover after parsing attributes in process `syz.2.283'.
[  160.065767][ T5769] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  160.321474][ T7048] loop0: detected capacity change from 0 to 4096
[  160.340024][ T7048] ntfs3: loop0: Different NTFS sector size (1024) and media sector size (512).
[  161.594680][ T7066] ntfs3: loop0: ino=1e, "file1" ntfs_sync_inode failed, -22.
[  162.315830][ T6574] ntfs3: loop0: ino=1e, ntfs3_write_inode failed, -22.
[  162.943092][   T28] audit: type=1326 audit(1769279951.218:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7118 comm="syz.3.293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae0179acb9 code=0x7ffc0000
[  162.975518][   T28] audit: type=1326 audit(1769279951.218:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7118 comm="syz.3.293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae0179acb9 code=0x7ffc0000
[  163.001902][   T28] audit: type=1326 audit(1769279951.248:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7118 comm="syz.3.293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae0179acb9 code=0x7ffc0000
[  163.029831][   T28] audit: type=1326 audit(1769279951.248:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7118 comm="syz.3.293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae0179acb9 code=0x7ffc0000
[  163.051942][    C1] vkms_vblank_simulate: vblank timer overrun
[  163.059918][   T28] audit: type=1326 audit(1769279951.248:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7118 comm="syz.3.293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fae0179acb9 code=0x7ffc0000
[  163.083868][   T28] audit: type=1326 audit(1769279951.248:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7118 comm="syz.3.293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae0179acb9 code=0x7ffc0000
[  163.106878][   T28] audit: type=1326 audit(1769279951.248:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7118 comm="syz.3.293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae0179acb9 code=0x7ffc0000
[  163.129741][   T28] audit: type=1326 audit(1769279951.248:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7118 comm="syz.3.293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae0179acb9 code=0x7ffc0000
[  163.151929][    C1] vkms_vblank_simulate: vblank timer overrun
[  163.200528][   T28] audit: type=1326 audit(1769279951.248:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7118 comm="syz.3.293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fae0179acb9 code=0x7ffc0000
[  163.287285][   T28] audit: type=1326 audit(1769279951.248:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7118 comm="syz.3.293" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fae0179acb9 code=0x7ffc0000
[  163.503466][ T7124] netlink: 28 bytes leftover after parsing attributes in process `syz.2.294'.
[  166.651142][ T7172] netlink: 28 bytes leftover after parsing attributes in process `syz.0.306'.
[  171.056587][ T7203] pim6reg1: entered promiscuous mode
[  171.071891][ T7203] pim6reg1: entered allmulticast mode
[  171.425764][ T6551] Bluetooth: hci4: Frame reassembly failed (-84)
[  171.863430][ T7211] loop0: detected capacity change from 0 to 32768
[  171.876415][ T7213] loop1: detected capacity change from 0 to 32768
[  171.953942][ T7213] debugfs: Directory 'B1DE653C5FFC4D88B33B244AAB9EB3E9' with parent 'ocfs2' already present!
[  171.993489][ T7213] JBD2: Ignoring recovery information on journal
[  172.011867][ T7211] JBD2: Ignoring recovery information on journal
[  172.055157][ T7215] loop3: detected capacity change from 0 to 32768
[  172.089666][ T7215] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  172.102251][ T7213] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  172.230043][ T7211] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  172.369110][ T7215] XFS (loop3): Ending clean mount
[  172.414262][ T7215] XFS (loop3): Quotacheck needed: Please wait.
[  172.428427][ T5769] ocfs2: Unmounting device (7,1) on (node local)
[  172.483004][  T967] XFS (loop3): Metadata CRC error detected at xfs_agfl_read_verify+0x18d/0x250, xfs_agfl block 0x3 
[  172.522620][  T967] XFS (loop3): Unmount and run xfs_repair
[  172.552609][  T967] XFS (loop3): First 128 bytes of corrupted metadata buffer:
[  172.576683][  T967] 00000000: 58 41 46 ff 07 00 00 00 bf dc 47 fc 10 d8 4e ed  XAF.......G...N.
[  172.591334][  T967] 00000010: a5 62 11 a8 31 b3 f7 91 00 00 00 00 00 00 00 00  .b..1...........
[  172.608453][  T967] 00000020: a5 3b c8 8a ff ff ff ff 00 00 00 07 00 00 00 08  .;..............
[  172.630849][  T967] 00000030: 00 00 00 09 00 00 00 0a 00 00 00 0b 00 00 00 0c  ................
[  172.645258][  T967] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  172.654758][  T967] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  172.668582][  T967] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  172.678821][  T967] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  172.691429][ T7211] syz.0.319 (7211) used greatest stack depth: 20528 bytes left
[  172.704414][ T6654] XFS (loop3): metadata I/O error in "xfs_alloc_read_agfl+0x21e/0x3d0" at daddr 0x3 len 1 error 74
[  172.737995][ T7215] XFS (loop3): Quotacheck: Unsuccessful (Error -117): Disabling quotas.
[  172.836153][ T7215] XFS (loop3): Metadata CRC error detected at xfs_agfl_read_verify+0x18d/0x250, xfs_agfl block 0x3 
[  172.858245][ T5768] ocfs2: Unmounting device (7,0) on (node local)
[  172.894703][ T7215] XFS (loop3): Unmount and run xfs_repair
[  172.902039][ T7215] XFS (loop3): First 128 bytes of corrupted metadata buffer:
[  172.955981][ T7215] 00000000: 58 41 46 ff 07 00 00 00 bf dc 47 fc 10 d8 4e ed  XAF.......G...N.
[  172.979800][ T7215] 00000010: a5 62 11 a8 31 b3 f7 91 00 00 00 00 00 00 00 00  .b..1...........
[  173.011065][ T7215] 00000020: a5 3b c8 8a ff ff ff ff 00 00 00 07 00 00 00 08  .;..............
[  173.047778][ T7215] 00000030: 00 00 00 09 00 00 00 0a 00 00 00 0b 00 00 00 0c  ................
[  173.084715][ T7215] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  173.128050][ T7215] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  173.155113][ T7215] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  173.276450][ T7215] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  173.378761][ T7215] XFS (loop3): metadata I/O error in "xfs_alloc_read_agfl+0x21e/0x3d0" at daddr 0x3 len 1 error 74
[  173.414973][ T5084] Bluetooth: hci4: Opcode 0x1003 failed: -110
[  173.427166][ T5773] Bluetooth: hci4: command 0x1003 tx timeout
[  173.438963][ T7215] XFS (loop3): Metadata I/O Error (0x1) detected at xfs_trans_read_buf_map+0x519/0x8b0 (fs/xfs/xfs_trans_buf.c:296).  Shutting down filesystem.
[  173.458721][ T7215] XFS (loop3): Please unmount the filesystem and rectify the problem(s)
[  174.151070][ T7246] netlink: 28 bytes leftover after parsing attributes in process `syz.0.322'.
[  174.813938][ T5770] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  176.571405][ T7250] loop1: detected capacity change from 0 to 32768
[  176.627513][ T7250] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  176.636489][ T7250] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  176.682728][ T7250] gfs2: fsid=syz:syz.0: journal 0 mapped with 3 extents in 0ms
[  176.693324][  T787] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  176.700578][  T787] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  176.885732][  T787] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 185ms
[  176.914885][  T787] gfs2: fsid=syz:syz.0: jid=0: Done
[  176.928893][ T7250] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  178.648568][ T7271] loop3: detected capacity change from 0 to 4096
[  181.639946][ T7304] netlink: 28 bytes leftover after parsing attributes in process `syz.1.336'.
[  182.658156][ T7312] loop1: detected capacity change from 0 to 4096
[  182.671600][ T7312] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512).
[  186.089504][ T7384] input: syz0 as /devices/virtual/input/input6
[  186.271854][ T7387] loop3: detected capacity change from 0 to 512
[  186.352096][ T7387] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  186.391090][ T7387] ext4 filesystem being mounted at /84/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  186.455040][ T7387] EXT4-fs error (device loop3): ext4_mb_generate_buddy:1231: group 0, block bitmap and bg descriptor inconsistent: 96 vs 65376 free clusters
[  186.654762][ T7401] netlink: 28 bytes leftover after parsing attributes in process `syz.1.348'.
[  187.297687][ T5770] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  187.707924][ T7408] loop1: detected capacity change from 0 to 4096
[  187.738067][ T7408] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512).
[  189.363173][ T7404] loop3: detected capacity change from 0 to 32768
[  190.117821][ T7404] ocfs2: Mounting device (7,3) on (node local, slot 0) with writeback data mode.
[  190.247173][ T7404] (syz.3.352,7404,1):ocfs2_change_extent_flag:5208 ERROR: Owner 17058 tried to clear 1 flags on an extent that didn't have them
[  190.262521][ T7404] (syz.3.352,7404,1):ocfs2_mark_extent_written:5272 ERROR: status = -5
[  190.271108][ T7404] (syz.3.352,7404,1):ocfs2_write_cluster:1163 ERROR: status = -5
[  190.279167][ T7404] (syz.3.352,7404,1):ocfs2_write_cluster_by_desc:1248 ERROR: status = -5
[  190.287790][ T7404] (syz.3.352,7404,1):ocfs2_write_begin_nolock:1820 ERROR: status = -5
[  190.296255][ T7404] (syz.3.352,7404,1):ocfs2_write_begin:1907 ERROR: status = -5
[  190.417053][ T5770] ocfs2: Unmounting device (7,3) on (node local)
[  191.987940][ T7482] netlink: 44 bytes leftover after parsing attributes in process `syz.3.361'.
[  192.005806][ T7482] netlink: 28 bytes leftover after parsing attributes in process `syz.3.361'.
[  193.092951][ T7489] loop3: detected capacity change from 0 to 4096
[  193.110762][ T7465] loop0: detected capacity change from 0 to 32768
[  193.135314][ T7489] ntfs3: loop3: Different NTFS sector size (1024) and media sector size (512).
[  193.203527][ T7465] XFS (loop0): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  193.519661][ T7500] netdevsim netdevsim3 netdevsim0: entered allmulticast mode
[  193.532930][ T7500] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  193.915832][ T7465] XFS (loop0): Ending clean mount
[  194.308200][ T7490] loop1: detected capacity change from 0 to 32768
[  194.346016][ T7465] XFS (loop0): Quotacheck needed: Please wait.
[  194.454637][ T7490] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 scanned by syz.1.362 (7490)
[  194.565753][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  194.572221][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[  194.629341][ T7490] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  194.721881][ T7465] XFS (loop0): Quotacheck: Done.
[  194.734820][ T7490] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  194.743643][ T7490] BTRFS info (device loop1): using free space tree
[  194.771502][ T7487] loop2: detected capacity change from 0 to 32768
[  194.867328][ T5768] XFS (loop0): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  194.889230][ T7487] BTRFS warning: duplicate device /dev/loop2 devid 1 generation 8 scanned by syz.2.363 (7487)
[  195.050246][ T7547] kvm: user requested TSC rate below hardware speed
[  195.059798][ T7547] kvm: user requested TSC rate below hardware speed
[  195.130197][ T7490] BTRFS info (device loop1): enabling ssd optimizations
[  195.148718][ T7490] BTRFS info (device loop1): auto enabling async discard
[  195.262074][ T5895] BTRFS warning: duplicate device /dev/loop2 devid 1 generation 8 scanned by udevd (5895)
[  196.618310][ T5769] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  197.062714][ T7587] loop1: detected capacity change from 0 to 256
[  197.261175][ T7592] netlink: 44 bytes leftover after parsing attributes in process `syz.3.372'.
[  197.267387][ T7592] netlink: 28 bytes leftover after parsing attributes in process `syz.3.372'.
[  198.008444][ T7587] exFAT-fs (loop1): failed to load upcase table (idx : 0x000104d0, chksum : 0x60d18cac, utbl_chksum : 0xe619d30d)
[  198.243443][ T7598] syz_tun: entered allmulticast mode
[  198.261379][ T7597] syz_tun: left allmulticast mode
[  198.524994][ T7605] netlink: 44 bytes leftover after parsing attributes in process `syz.1.379'.
[  198.568111][ T7605] bridge0: port 2(bridge_slave_1) entered disabled state
[  198.577461][ T7605] bridge0: port 1(bridge_slave_0) entered disabled state
[  198.732721][ T7602] loop0: detected capacity change from 0 to 8192
[  198.922210][   T28] kauditd_printk_skb: 64 callbacks suppressed
[  198.922226][   T28] audit: type=1800 audit(1769279987.198:81): pid=7602 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.377" name="file2" dev="loop0" ino=1048596 res=0 errno=0
[  199.018142][ T7602] syz.0.377: attempt to access beyond end of device
[  199.018142][ T7602] loop0: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  199.268987][ T7602] Buffer I/O error on dev loop0, logical block 57847, async page read
[  199.542080][ T7615] syz.0.377: attempt to access beyond end of device
[  199.542080][ T7615] loop0: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  199.597507][ T7615] Buffer I/O error on dev loop0, logical block 57847, async page read
[  199.642751][ T7602] syz.0.377: attempt to access beyond end of device
[  199.642751][ T7602] loop0: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  199.676133][ T7602] Buffer I/O error on dev loop0, logical block 57847, async page read
[  199.736864][ T7602] syz.0.377: attempt to access beyond end of device
[  199.736864][ T7602] loop0: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  199.795098][ T7602] Buffer I/O error on dev loop0, logical block 57847, async page read
[  199.828608][ T7615] syz.0.377: attempt to access beyond end of device
[  199.828608][ T7615] loop0: rw=0, sector=57847, nr_sectors = 1 limit=8192
[  199.895580][ T7615] Buffer I/O error on dev loop0, logical block 57847, async page read
[  200.814972][ T7632] netlink: 44 bytes leftover after parsing attributes in process `syz.3.384'.
[  200.825049][ T7633] netlink: 28 bytes leftover after parsing attributes in process `syz.3.384'.
[  201.308307][ T7640] ntfs3: nullb0: Primary boot signature is not NTFS.
[  201.329569][ T7640] ntfs3: nullb0: try to read out of volume at offset 0x3e7ffffe00
[  201.530692][ T7621] loop1: detected capacity change from 0 to 32768
[  201.615620][ T7621] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  201.789957][ T7621] XFS (loop1): Ending clean mount
[  201.830395][ T7621] XFS (loop1): Quotacheck needed: Please wait.
[  201.868150][ T7660] validate_nla: 43 callbacks suppressed
[  201.868166][ T7660] netlink: 'syz.2.390': attribute type 1 has an invalid length.
[  201.923685][ T7621] XFS (loop1): Quotacheck: Done.
[  201.982066][ T7660] 8021q: adding VLAN 0 to HW filter on device bond1
[  202.033457][ T7663] bridge0: port 2(bridge_slave_1) entered disabled state
[  202.042518][ T7663] bridge0: port 1(bridge_slave_0) entered disabled state
[  202.062474][ T7663] bridge0: entered promiscuous mode
[  202.112584][ T7663] bridge0: port 2(bridge_slave_1) entered blocking state
[  202.119904][ T7663] bridge0: port 2(bridge_slave_1) entered forwarding state
[  202.128164][ T7663] bridge0: port 1(bridge_slave_0) entered blocking state
[  202.135401][ T7663] bridge0: port 1(bridge_slave_0) entered forwarding state
[  202.162633][ T7663] bond1: (slave bridge0): making interface the new active one
[  202.174450][ T7663] bond1: (slave bridge0): Enslaving as an active interface with an up link
[  202.559128][ T7672] loop6: detected capacity change from 0 to 7
[  202.623945][ T7672] Dev loop6: unable to read RDB block 7
[  202.679601][ T7672]  loop6: unable to read partition table
[  202.712879][ T7672] loop6: partition table beyond EOD, truncated
[  202.777381][ T7672] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5)
[  203.159703][ T7621] XFS (loop1): User initiated shutdown received.
[  203.197850][ T7621] XFS (loop1): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x105/0x150 (fs/xfs/xfs_fsops.c:491).  Shutting down filesystem.
[  203.216322][ T7621] XFS (loop1): Please unmount the filesystem and rectify the problem(s)
[  203.253627][ T5769] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  203.544760][ T7683] netlink: 44 bytes leftover after parsing attributes in process `syz.3.396'.
[  203.560616][ T7683] netlink: 28 bytes leftover after parsing attributes in process `syz.3.396'.
[  204.850810][ T7690] loop3: detected capacity change from 0 to 4096
[  204.874852][ T7690] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512).
[  204.972711][ T7690] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  204.996204][ T7690] ntfs3: loop3: Failed to initialize $Extend/$ObjId.
[  205.948761][ T7692] loop0: detected capacity change from 0 to 32768
[  205.989229][ T7692] XFS (loop0): DAX unsupported by block device. Turning off DAX.
[  206.028366][ T7692] XFS (loop0): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  206.165879][ T7692] XFS (loop0): Ending clean mount
[  206.199511][ T7692] XFS (loop0): Quotacheck needed: Please wait.
[  206.299903][ T7692] XFS (loop0): Quotacheck: Done.
[  206.509178][ T7702] loop2: detected capacity change from 0 to 32768
[  206.550766][ T5768] XFS (loop0): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  206.571213][ T7702] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  206.854739][ T5783] Bluetooth: hci0: command 0x0406 tx timeout
[  206.862038][ T5776] Bluetooth: hci1: command 0x0406 tx timeout
[  206.868806][ T5776] Bluetooth: hci2: command 0x0406 tx timeout
[  206.894353][ T7727] netlink: 44 bytes leftover after parsing attributes in process `syz.1.406'.
[  206.914232][ T7727] netlink: 28 bytes leftover after parsing attributes in process `syz.1.406'.
[  207.077676][ T7702] XFS (loop2): Ending clean mount
[  207.603563][ T7729] netlink: 12 bytes leftover after parsing attributes in process `syz.3.407'.
[  207.897044][ T5771] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  209.667543][ T7758] loop0: detected capacity change from 0 to 512
[  209.705693][ T7758] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  209.732554][ T7758] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  209.775835][ T7758] EXT4-fs warning (device loop0): ext4_expand_extra_isize_ea:2852: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  209.806891][ T7758] EXT4-fs (loop0): 1 truncate cleaned up
[  209.825939][ T7758] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  209.951050][ T7758] mmap: syz.0.413 (7758) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  209.995326][ T7750] loop1: detected capacity change from 0 to 32768
[  210.098867][ T7750] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  210.140247][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  210.336447][ T7750] XFS (loop1): Ending clean mount
[  210.374751][ T7750] XFS (loop1): Quotacheck needed: Please wait.
[  210.510044][ T7779] loop2: detected capacity change from 0 to 256
[  210.599798][ T7750] XFS (loop1): Quotacheck: Done.
[  210.690043][ T7785] netlink: 44 bytes leftover after parsing attributes in process `syz.3.416'.
[  210.708753][ T7785] netlink: 28 bytes leftover after parsing attributes in process `syz.3.416'.
[  211.371810][ T7777] loop0: detected capacity change from 0 to 8192
[  211.493395][ T7777] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  211.529123][ T7777] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[  211.616970][ T7777] REISERFS (device loop0): using ordered data mode
[  211.623801][ T7777] reiserfs: using flush barriers
[  211.638294][ T7777] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  211.660044][ T7777] REISERFS (device loop0): checking transaction log (loop0)
[  211.836878][ T5769] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  211.932471][ T7796] loop6: detected capacity change from 0 to 7
[  211.947030][ T7796] Dev loop6: unable to read RDB block 7
[  211.971311][ T7796]  loop6: AHDI p3 p4
[  211.979059][ T7796] loop6: partition table partially beyond EOD, truncated
[  212.001751][ T7796] loop6: p3 start 1869967360 is beyond EOD, truncated
[  212.045524][ T7777] REISERFS (device loop0): Using tea hash to sort names
[  212.069660][ T7777] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  214.130541][ T7823] kvm: emulating exchange as write
[  214.323889][ T7829] netlink: 44 bytes leftover after parsing attributes in process `syz.0.426'.
[  214.341803][ T7829] netlink: 28 bytes leftover after parsing attributes in process `syz.0.426'.
[  215.233294][ T7812] loop3: detected capacity change from 0 to 32768
[  215.246248][ T7834] kvm: user requested TSC rate below hardware speed
[  215.277949][ T7834] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3952632679 (7905265358 ns) > initial count (3639679846 ns). Using initial count to start timer.
[  215.295343][ T7838] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=3406083130 (6812166260 ns) > initial count (5082761854 ns). Using initial count to start timer.
[  215.364289][ T7812] XFS (loop3): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  215.456904][ T7812] XFS (loop3): Ending clean mount
[  215.485466][ T7812] XFS (loop3): Quotacheck needed: Please wait.
[  215.543012][ T7812] XFS (loop3): Quotacheck: Done.
[  215.799079][ T5772] IPVS: starting estimator thread 0...
[  215.826353][ T5770] XFS (loop3): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  215.916971][ T7856] IPVS: using max 19 ests per chain, 45600 per kthread
[  217.047537][ T7873] netlink: 44 bytes leftover after parsing attributes in process `syz.0.436'.
[  217.065346][ T7873] netlink: 28 bytes leftover after parsing attributes in process `syz.0.436'.
[  219.219492][ T7877] loop1: detected capacity change from 0 to 32768
[  219.271563][ T7877] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  219.430339][ T7877] XFS (loop1): Ending clean mount
[  219.452184][ T7877] XFS (loop1): Quotacheck needed: Please wait.
[  219.832314][ T7877] XFS (loop1): Quotacheck: Done.
[  220.399038][ T7882] loop2: detected capacity change from 0 to 32768
[  220.477582][ T7882] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  220.557360][ T7923] loop3: detected capacity change from 0 to 128
[  220.735849][ T5769] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  220.904063][ T7928] netlink: 44 bytes leftover after parsing attributes in process `syz.0.449'.
[  220.923243][ T7928] netlink: 28 bytes leftover after parsing attributes in process `syz.0.449'.
[  221.593679][ T7882] XFS (loop2): Ending clean mount
[  221.766535][ T5771] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  222.146509][ T6654] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  222.378949][ T6654] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  222.806185][ T6654] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  223.565383][ T7942] netlink: 28 bytes leftover after parsing attributes in process `syz.1.451'.
[  224.238949][ T6654] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  224.454203][ T7953] netlink: 76 bytes leftover after parsing attributes in process `syz.2.456'.
[  224.607138][ T7958] loop1: detected capacity change from 0 to 4096
[  224.650612][ T7958] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512).
[  224.679560][ T5780] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  224.701022][ T5780] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  224.709648][ T5780] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  224.720991][ T5780] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  224.734423][ T5780] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[  224.742340][ T5780] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  225.706066][ T7970] netlink: 44 bytes leftover after parsing attributes in process `syz.2.458'.
[  225.740068][ T7972] netlink: 28 bytes leftover after parsing attributes in process `syz.2.458'.
[  226.267856][ T7965] loop0: detected capacity change from 0 to 32768
[  226.361724][ T7965] XFS (loop0): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  226.516183][ T7965] XFS (loop0): Ending clean mount
[  226.541472][ T7965] XFS (loop0): Quotacheck needed: Please wait.
[  226.588119][ T7965] XFS (loop0): Quotacheck: Done.
[  226.817632][ T5768] XFS (loop0): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  226.843249][ T7959] chnl_net:caif_netlink_parms(): no params data found
[  226.865832][ T5084] Bluetooth: hci2: command tx timeout
[  227.204170][ T7959] bridge0: port 1(bridge_slave_0) entered blocking state
[  227.214721][ T7959] bridge0: port 1(bridge_slave_0) entered disabled state
[  227.222003][ T7959] bridge_slave_0: entered allmulticast mode
[  227.248112][ T7959] bridge_slave_0: entered promiscuous mode
[  227.262440][ T7959] bridge0: port 2(bridge_slave_1) entered blocking state
[  227.272091][ T7959] bridge0: port 2(bridge_slave_1) entered disabled state
[  227.285519][ T7959] bridge_slave_1: entered allmulticast mode
[  227.293103][ T7959] bridge_slave_1: entered promiscuous mode
[  227.361242][ T6654] hsr_slave_0: left promiscuous mode
[  227.370536][ T6654] hsr_slave_1: left promiscuous mode
[  227.385278][ T6654] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  227.392796][ T6654] batman_adv: batadv0: Removing interface: batadv_slave_0
[  227.409136][ T6654] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  227.421147][ T6654] batman_adv: batadv0: Removing interface: batadv_slave_1
[  227.430657][ T6654] bridge_slave_1: left allmulticast mode
[  227.440773][ T6654] bridge_slave_1: left promiscuous mode
[  227.451491][ T6654] bridge0: port 2(bridge_slave_1) entered disabled state
[  227.470283][ T6654] bridge_slave_0: left allmulticast mode
[  227.482683][ T6654] bridge_slave_0: left promiscuous mode
[  227.492590][ T6654] bridge0: port 1(bridge_slave_0) entered disabled state
[  227.549655][ T6654] veth1_macvtap: left promiscuous mode
[  227.559441][ T6654] veth0_macvtap: left promiscuous mode
[  227.568422][ T6654] veth1_vlan: left promiscuous mode
[  227.574127][ T6654] veth0_vlan: left promiscuous mode
[  228.396982][ T6654] team0 (unregistering): Port device team_slave_1 removed
[  228.449167][ T6654] team0 (unregistering): Port device team_slave_0 removed
[  228.497871][ T6654] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  228.552911][ T6654] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  228.940735][ T5084] Bluetooth: hci2: command tx timeout
[  228.951472][ T6654] bond0 (unregistering): Released all slaves
[  229.053887][ T7959] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  229.089909][ T7959] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  229.132162][ T7959] team0: Port device team_slave_0 added
[  229.143954][ T7959] team0: Port device team_slave_1 added
[  229.197434][ T7959] batman_adv: batadv0: Adding interface: batadv_slave_0
[  229.204427][ T7959] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  229.241783][ T7959] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  229.256473][ T7959] batman_adv: batadv0: Adding interface: batadv_slave_1
[  229.263492][ T7959] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  229.291797][ T7959] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  229.392536][ T7959] hsr_slave_0: entered promiscuous mode
[  229.410022][ T7959] hsr_slave_1: entered promiscuous mode
[  229.428580][ T7959] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  229.444030][ T7959] Cannot create hsr debugfs directory
[  229.726609][ T7959] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  229.746242][ T7959] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  229.761742][ T7959] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  229.778472][ T7959] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  229.904279][ T7959] 8021q: adding VLAN 0 to HW filter on device bond0
[  229.933857][ T7959] 8021q: adding VLAN 0 to HW filter on device team0
[  229.951081][ T6654] bridge0: port 1(bridge_slave_0) entered blocking state
[  229.958293][ T6654] bridge0: port 1(bridge_slave_0) entered forwarding state
[  229.974391][ T6575] bridge0: port 2(bridge_slave_1) entered blocking state
[  229.981692][ T6575] bridge0: port 2(bridge_slave_1) entered forwarding state
[  230.362520][ T7959] 8021q: adding VLAN 0 to HW filter on device batadv0
[  230.751088][ T7959] veth0_vlan: entered promiscuous mode
[  230.778948][ T7959] veth1_vlan: entered promiscuous mode
[  230.816646][ T7959] veth0_macvtap: entered promiscuous mode
[  230.844000][ T7959] veth1_macvtap: entered promiscuous mode
[  230.871366][ T7959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  230.881937][ T7959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  230.899363][ T7959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  230.910176][ T7959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  230.924391][ T7959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  230.939428][ T7959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  230.954035][ T7959] batman_adv: batadv0: Interface activated: batadv_slave_0
[  230.974348][ T7959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  230.985465][ T7959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  230.995812][ T7959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  231.013446][ T7959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.025702][ T5084] Bluetooth: hci2: command tx timeout
[  231.044679][ T7959] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  231.057028][ T7959] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  231.069189][ T7959] batman_adv: batadv0: Interface activated: batadv_slave_1
[  231.084190][ T7959] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  231.093310][ T7959] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  231.103126][ T7959] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  231.112216][ T7959] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  231.238662][ T6575] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  231.254591][ T6575] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  231.304631][ T6650] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  231.313586][ T6650] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  231.446192][ T8075] netlink: 'syz.0.470': attribute type 4 has an invalid length.
[  231.544766][ T8083] netlink: 'syz.0.470': attribute type 4 has an invalid length.
[  232.948665][ T8107] netlink: 44 bytes leftover after parsing attributes in process `syz.4.468'.
[  232.986830][ T8107] netlink: 28 bytes leftover after parsing attributes in process `syz.4.468'.
[  233.094980][ T5084] Bluetooth: hci2: command tx timeout
[  234.478006][ T8130] netlink: 44 bytes leftover after parsing attributes in process `syz.1.474'.
[  234.504092][ T8130] netlink: 9 bytes leftover after parsing attributes in process `syz.1.474'.
[  234.739734][ T8137] loop1: detected capacity change from 0 to 64
[  234.914770][ T8137] loop1: detected capacity change from 64 to 2
[  234.921515][ T8140] syz.1.476: attempt to access beyond end of device
[  234.921515][ T8140] loop1: rw=0, sector=12, nr_sectors = 2 limit=2
[  235.011759][ T8140] Buffer I/O error on dev loop1, logical block 6, async page read
[  235.058423][ T8140] syz.1.476: attempt to access beyond end of device
[  235.058423][ T8140] loop1: rw=2049, sector=46, nr_sectors = 2 limit=2
[  235.117989][ T8140] Buffer I/O error on dev loop1, logical block 23, lost async page write
[  235.168769][ T8140] Unable to read inode block
[  235.269106][ T6654] Unable to read inode block
[  236.567321][ T8168] netlink: 44 bytes leftover after parsing attributes in process `syz.2.482'.
[  236.586325][ T8168] netlink: 28 bytes leftover after parsing attributes in process `syz.2.482'.
[  239.545608][ T1323] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  239.641516][ T8209] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  241.843170][ T8229] netlink: 28 bytes leftover after parsing attributes in process `syz.2.494'.
[  242.546798][ T8259] loop4: detected capacity change from 0 to 4096
[  242.966964][ T8245] loop0: detected capacity change from 0 to 32768
[  243.019381][ T8245] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[  243.045607][ T8245] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[  243.088033][ T8245] gfs2: fsid=syz:syz.0: journal 0 mapped with 9 extents in 0ms
[  243.106318][ T8266] loop1: detected capacity change from 0 to 512
[  243.170672][ T8256] loop2: detected capacity change from 0 to 32768
[  243.175769][  T787] gfs2: fsid=syz:syz.0: jid=0, already locked for use
[  243.194936][ T8266] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  243.205965][ T8256] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 scanned by syz.2.500 (8256)
[  243.218257][  T787] gfs2: fsid=syz:syz.0: jid=0: Looking at journal...
[  243.254790][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  243.279723][ T8256] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  243.334989][ T8256] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm
[  243.395236][ T8266] EXT4-fs (loop1): 1 truncate cleaned up
[  243.522137][ T8256] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  243.539200][ T8266] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  243.573950][ T8256] BTRFS info (device loop2): use zstd compression, level 3
[  243.589829][ T8256] BTRFS info (device loop2): using free space tree
[  243.604814][  T787] gfs2: fsid=syz:syz.0: jid=0: Journal head lookup took 386ms
[  243.655818][  T787] gfs2: fsid=syz:syz.0: jid=0: Done
[  243.807558][ T8245] gfs2: fsid=syz:syz.0: first mount done, others may mount
[  244.226303][ T8256] BTRFS info (device loop2): enabling ssd optimizations
[  244.254593][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  244.264587][ T8256] BTRFS info (device loop2): auto enabling async discard
[  244.349022][   T28] audit: type=1800 audit(1769280032.628:82): pid=8256 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.500" name="bus" dev="loop2" ino=263 res=0 errno=0
[  244.392380][   T28] audit: type=1800 audit(1769280032.658:83): pid=8256 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.500" name="bus" dev="loop2" ino=263 res=0 errno=0
[  244.818544][   T28] audit: type=1804 audit(1769280033.068:84): pid=8308 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.500" name="/newroot/129/file0/bus" dev="loop2" ino=263 res=1 errno=0
[  244.852971][ T8307] syz.2.500 (8307) used greatest stack depth: 20232 bytes left
[  244.874176][ T8245] gfs2: fsid=syz:syz.0: found 1 quota changes
[  244.947776][   T28] audit: type=1800 audit(1769280033.128:85): pid=8307 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.500" name="bus" dev="loop2" ino=263 res=0 errno=0
[  244.984655][ T8298] overlayfs: statfs failed on './file0'
[  245.244292][   T28] audit: type=1800 audit(1769280033.128:86): pid=8308 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.500" name="bus" dev="loop2" ino=263 res=0 errno=0
[  245.478527][ T5768] gfs2: fsid=syz:syz.0: fatal: filesystem consistency error
[  245.478527][ T5768]   inode = 11 2339
[  245.478527][ T5768]   function = gfs2_dinode_in, file = fs/gfs2/glops.c, line = 472
[  245.505016][ T5768] gfs2: fsid=syz:syz.0: G:  s:EX n:2/923 f:qobnN t:EX d:EX/0 a:0 v:0 r:3 m:20 p:1
[  245.552934][ T5771] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  245.555629][ T5768] gfs2: fsid=syz:syz.0:  H: s:EX f:H e:0 p:5768 [syz-executor] gfs2_quota_sync+0x411/0x5a0
[  245.625367][ T5768] gfs2: fsid=syz:syz.0:  I: n:11/2339 t:0 f:0x00 d:0x00000000 s:0 p:0
[  245.633675][ T5768] gfs2: fsid=syz:syz.0: about to withdraw this file system
[  245.663477][ T5768] gfs2: fsid=syz:syz.0: Journal recovery skipped for jid 0 until next mount.
[  245.713191][ T5768] gfs2: fsid=syz:syz.0: Glock dequeues delayed: 0
[  245.752657][ T5768] gfs2: fsid=syz:syz.0: File system withdrawn
[  245.760961][ T8320] loop1: detected capacity change from 0 to 2048
[  245.774962][ T5768] CPU: 1 PID: 5768 Comm: syz-executor Not tainted syzkaller #0
[  245.782572][ T5768] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  245.792648][ T5768] Call Trace:
[  245.795944][ T5768]  <TASK>
[  245.798896][ T5768]  dump_stack_lvl+0x18c/0x250
[  245.803647][ T5768]  ? kobject_uevent_env+0x363/0x8b0
[  245.808878][ T5768]  ? show_regs_print_info+0x20/0x20
[  245.814155][ T5768]  ? load_image+0x400/0x400
[  245.818683][ T5768]  ? kobject_uevent_env+0x363/0x8b0
[  245.823918][ T5768]  gfs2_withdraw+0xb24/0x13d0
[  245.828633][ T5768]  ? gfs2_lm+0x240/0x240
[  245.832910][ T5768]  ? gfs2_consist_inode_i+0xf5/0x110
[  245.838236][ T5768]  gfs2_inode_refresh+0xb89/0x1000
[  245.843382][ T5768]  ? gfs2_inode_metasync+0xf0/0xf0
[  245.848520][ T5768]  ? gfs2_glock_nq+0xd4f/0x1420
[  245.853428][ T5768]  gfs2_instantiate+0x162/0x220
[  245.858305][ T5768]  gfs2_glock_wait+0x1d4/0x2a0
[  245.863094][ T5768]  do_sync+0x4c6/0xe50
[  245.867182][ T5768]  ? gfs2_quota_sync+0x411/0x5a0
[  245.872157][ T5768]  ? bh_get+0x760/0x760
[  245.876331][ T5768]  ? __lock_acquire+0x7d40/0x7d40
[  245.881376][ T5768]  ? do_raw_spin_lock+0x11f/0x2c0
[  245.886439][ T5768]  ? gfs2_quota_sync+0x411/0x5a0
[  245.891400][ T5768]  ? do_raw_spin_unlock+0x121/0x230
[  245.896626][ T5768]  gfs2_quota_sync+0x411/0x5a0
[  245.901418][ T5768]  gfs2_sync_fs+0x4c/0xb0
[  245.905778][ T5768]  sync_filesystem+0xea/0x220
[  245.910476][ T5768]  generic_shutdown_super+0x6f/0x2b0
[  245.915795][ T5768]  kill_block_super+0x44/0x90
[  245.920508][ T5768]  deactivate_locked_super+0x97/0x100
[  245.925902][ T5768]  cleanup_mnt+0x43b/0x4d0
[  245.930353][ T5768]  task_work_run+0x1d4/0x260
[  245.934985][ T5768]  ? task_work_cancel+0x220/0x220
[  245.940050][ T5768]  ? exit_to_user_mode_loop+0x3b/0x110
[  245.945550][ T5768]  exit_to_user_mode_loop+0xe6/0x110
[  245.950863][ T5768]  exit_to_user_mode_prepare+0xee/0x180
[  245.956435][ T5768]  syscall_exit_to_user_mode+0x1a/0x50
[  245.961919][ T5768]  do_syscall_64+0x61/0xa0
[  245.966372][ T5768]  ? clear_bhb_loop+0x40/0x90
[  245.971063][ T5768]  ? clear_bhb_loop+0x40/0x90
[  245.975765][ T5768]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  245.981685][ T5768] RIP: 0033:0x7fe4c659bf17
[  245.986125][ T5768] Code: a2 c7 05 7c 96 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  246.005775][ T5768] RSP: 002b:00007ffff1184c98 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  246.014230][ T5768] RAX: 0000000000000000 RBX: 00007fe4c660471f RCX: 00007fe4c659bf17
[  246.022245][ T5768] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffff1184d50
[  246.030236][ T5768] RBP: 00007ffff1184d50 R08: 00007ffff1185d50 R09: 00000000ffffffff
[  246.038233][ T5768] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffff1185de0
[  246.046223][ T5768] R13: 00007fe4c660471f R14: 0000000000000005 R15: 00007ffff1185e20
[  246.054231][ T5768]  </TASK>
[  246.276518][ T8320] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  246.943129][ T8326] netlink: 28 bytes leftover after parsing attributes in process `syz.4.508'.
[  247.188226][ T6575] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1231: group 0, block bitmap and bg descriptor inconsistent: 25 vs 4128793 free clusters
[  247.219018][ T8339] loop0: detected capacity change from 0 to 128
[  247.237581][ T6575] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  247.254166][ T6575] EXT4-fs (loop1): This should not happen!! Data will be lost
[  247.254166][ T6575] 
[  247.271010][ T6575] EXT4-fs (loop1): Total free blocks count 0
[  247.279943][ T6575] EXT4-fs (loop1): Free/Dirty block details
[  247.294917][ T6575] EXT4-fs (loop1): free_blocks=66060288
[  247.300730][ T6575] EXT4-fs (loop1): dirty_blocks=16
[  247.310087][ T6575] EXT4-fs (loop1): Block reservation details
[  247.328458][ T6575] EXT4-fs (loop1): i_reserved_data_blocks=1
[  247.338522][ T8341] loop4: detected capacity change from 0 to 512
[  247.373455][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  247.400201][ T8341] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  247.503411][ T8341] ext4 filesystem being mounted at /13/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  247.599490][   T28] audit: type=1804 audit(1769280035.878:87): pid=8339 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.0.507" name="/newroot/116/file0/bus" dev="loop0" ino=1048600 res=1 errno=0
[  247.665761][ T8339] Invalid ELF header magic: != ELF
[  247.713565][   T28] audit: type=1800 audit(1769280035.878:88): pid=8339 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.507" name="bus" dev="loop0" ino=1048600 res=0 errno=0
[  247.794206][   T28] audit: type=1804 audit(1769280035.968:89): pid=8339 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.507" name="/newroot/116/file0/bus" dev="loop0" ino=1048600 res=1 errno=0
[  247.877396][ T7959] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  250.613084][ T8391] netlink: 28 bytes leftover after parsing attributes in process `syz.2.519'.
[  250.855966][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  251.379417][ T8375] loop4: detected capacity change from 0 to 40427
[  251.402966][ T8375] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  251.423668][ T8375] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  251.458524][ T8375] F2FS-fs (loop4): invalid crc_offset: 33558524
[  251.498427][ T8375] F2FS-fs (loop4): Found nat_bits in checkpoint
[  251.670252][ T8375] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  251.695079][ T8375] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  251.924319][ T8375] F2FS-fs (loop4): Inconsistent error blkaddr:5663, sit bitmap:0
[  251.953628][ T8375] CPU: 1 PID: 8375 Comm: syz.4.517 Not tainted syzkaller #0
[  251.960991][ T8375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  251.971087][ T8375] Call Trace:
[  251.974428][ T8375]  <TASK>
[  251.977394][ T8375]  dump_stack_lvl+0x18c/0x250
[  251.982131][ T8375]  ? show_regs_print_info+0x20/0x20
[  251.987376][ T8375]  ? __asan_memset+0x22/0x40
[  251.992014][ T8375]  ? f2fs_get_next_page_offset+0x690/0x690
[  251.997864][ T8375]  ? f2fs_lookup_read_extent_cache_block+0x25b/0x460
[  252.004597][ T8375]  ? __lookup_extent_tree+0xba0/0xba0
[  252.010027][ T8375]  f2fs_is_valid_blkaddr+0xe39/0x1580
[  252.015458][ T8375]  f2fs_get_read_data_page+0x3bb/0x5d0
[  252.020975][ T8375]  ? f2fs_reserve_block+0x240/0x240
[  252.026259][ T8375]  ? folio_unlock+0x118/0x2e0
[  252.030995][ T8375]  f2fs_get_new_data_page+0x41a/0x610
[  252.036431][ T8375]  ? lock_page+0x2a0/0x2a0
[  252.040911][ T8375]  ? f2fs_inode_dirtied+0x2d4/0x3c0
[  252.046165][ T8375]  ? __lock_acquire+0x7d40/0x7d40
[  252.051253][ T8375]  ? __rwlock_init+0x150/0x150
[  252.056086][ T8375]  f2fs_add_regular_entry+0x58a/0xbc0
[  252.061542][ T8375]  do_convert_inline_dir+0x6dc/0x1ab0
[  252.066987][ T8375]  ? f2fs_try_convert_inline_dir+0x530/0x530
[  252.073018][ T8375]  ? read_node_page+0x990/0x990
[  252.077913][ T8375]  ? _find_next_zero_bit+0x8e/0x130
[  252.083160][ T8375]  ? f2fs_room_for_filename+0x80/0xb0
[  252.088583][ T8375]  f2fs_add_inline_entry+0x45d/0x7d0
[  252.093923][ T8375]  ? do_convert_inline_dir+0x1ab0/0x1ab0
[  252.099599][ T8375]  ? __mutex_unlock_slowpath+0x1b4/0x6c0
[  252.105295][ T8375]  ? mutex_unlock+0x10/0x10
[  252.109862][ T8375]  ? down_read+0x1ac/0x2e0
[  252.114336][ T8375]  f2fs_add_dentry+0xa5/0x1d0
[  252.119071][ T8375]  f2fs_do_add_link+0x263/0x340
[  252.123978][ T8375]  ? f2fs_add_dentry+0x1d0/0x1d0
[  252.128995][ T8375]  ? f2fs_new_inode+0xda9/0x1030
[  252.133991][ T8375]  ? read_lock_is_recursive+0x20/0x20
[  252.139426][ T8375]  ? f2fs_get_link+0x110/0x110
[  252.144283][ T8375]  ? down_read+0x1ac/0x2e0
[  252.148758][ T8375]  f2fs_create+0x337/0x550
[  252.153230][ T8375]  ? f2fs_lookup+0x780/0x780
[  252.157867][ T8375]  path_openat+0x12a0/0x3230
[  252.162548][ T8375]  ? do_filp_open+0x430/0x430
[  252.167277][ T8375]  ? __virt_addr_valid+0x18c/0x540
[  252.172444][ T8375]  do_filp_open+0x1f5/0x430
[  252.176994][ T8375]  ? vfs_tmpfile+0x490/0x490
[  252.181655][ T8375]  ? _raw_spin_unlock+0x28/0x40
[  252.186553][ T8375]  ? alloc_fd+0x58f/0x630
[  252.190936][ T8375]  do_sys_openat2+0x134/0x1d0
[  252.195684][ T8375]  ? do_sys_open+0xe0/0xe0
[  252.200140][ T8375]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  252.206175][ T8375]  ? lock_chain_count+0x20/0x20
[  252.211072][ T8375]  __x64_sys_creat+0x90/0xb0
[  252.215704][ T8375]  do_syscall_64+0x55/0xa0
[  252.220159][ T8375]  ? clear_bhb_loop+0x40/0x90
[  252.224893][ T8375]  ? clear_bhb_loop+0x40/0x90
[  252.229613][ T8375]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  252.235542][ T8375] RIP: 0033:0x7fe05bb9acb9
[  252.240000][ T8375] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  252.259665][ T8375] RSP: 002b:00007fe05cac2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[  252.268130][ T8375] RAX: ffffffffffffffda RBX: 00007fe05be15fa0 RCX: 00007fe05bb9acb9
[  252.276237][ T8375] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000e00
[  252.284255][ T8375] RBP: 00007fe05bc08bf7 R08: 0000000000000000 R09: 0000000000000000
[  252.292264][ T8375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  252.300278][ T8375] R13: 00007fe05be16038 R14: 00007fe05be15fa0 R15: 00007ffd59488618
[  252.308319][ T8375]  </TASK>
[  252.811739][ T8375] F2FS-fs (loop4): Inconsistent error blkaddr:5663, sit bitmap:0
[  252.819682][ T8375] CPU: 0 PID: 8375 Comm: syz.4.517 Not tainted syzkaller #0
[  252.827043][ T8375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  252.837153][ T8375] Call Trace:
[  252.840475][ T8375]  <TASK>
[  252.843440][ T8375]  dump_stack_lvl+0x18c/0x250
[  252.848180][ T8375]  ? show_regs_print_info+0x20/0x20
[  252.853429][ T8375]  ? filemap_dirty_folio+0xab/0x330
[  252.858679][ T8375]  ? f2fs_dirty_node_folio+0x46e/0x9b0
[  252.864201][ T8375]  f2fs_is_valid_blkaddr+0xe39/0x1580
[  252.869619][ T8375]  f2fs_truncate_data_blocks_range+0x5a6/0xcf0
[  252.875806][ T8375]  ? mapping_evict_folio+0x510/0x510
[  252.881152][ T8375]  f2fs_do_truncate_blocks+0x7ff/0xdc0
[  252.886670][ T8375]  ? dec_valid_block_count+0x480/0x480
[  252.892197][ T8375]  f2fs_truncate_blocks+0x10a/0x300
[  252.897450][ T8375]  do_convert_inline_dir+0xdfa/0x1ab0
[  252.902888][ T8375]  ? f2fs_try_convert_inline_dir+0x530/0x530
[  252.908922][ T8375]  ? read_node_page+0x990/0x990
[  252.913809][ T8375]  ? _find_next_zero_bit+0x8e/0x130
[  252.919039][ T8375]  ? f2fs_room_for_filename+0x80/0xb0
[  252.924446][ T8375]  f2fs_add_inline_entry+0x45d/0x7d0
[  252.929763][ T8375]  ? do_convert_inline_dir+0x1ab0/0x1ab0
[  252.935417][ T8375]  ? __mutex_unlock_slowpath+0x1b4/0x6c0
[  252.941104][ T8375]  ? mutex_unlock+0x10/0x10
[  252.945631][ T8375]  ? down_read+0x1ac/0x2e0
[  252.950067][ T8375]  f2fs_add_dentry+0xa5/0x1d0
[  252.954773][ T8375]  f2fs_do_add_link+0x263/0x340
[  252.959646][ T8375]  ? f2fs_add_dentry+0x1d0/0x1d0
[  252.964636][ T8375]  ? f2fs_new_inode+0xda9/0x1030
[  252.969594][ T8375]  ? read_lock_is_recursive+0x20/0x20
[  252.975011][ T8375]  ? f2fs_get_link+0x110/0x110
[  252.979803][ T8375]  ? down_read+0x1ac/0x2e0
[  252.984256][ T8375]  f2fs_create+0x337/0x550
[  252.988700][ T8375]  ? f2fs_lookup+0x780/0x780
[  252.993320][ T8375]  path_openat+0x12a0/0x3230
[  252.997944][ T8375]  ? do_filp_open+0x430/0x430
[  253.002646][ T8375]  ? __virt_addr_valid+0x18c/0x540
[  253.007783][ T8375]  do_filp_open+0x1f5/0x430
[  253.012305][ T8375]  ? vfs_tmpfile+0x490/0x490
[  253.016940][ T8375]  ? _raw_spin_unlock+0x28/0x40
[  253.021818][ T8375]  ? alloc_fd+0x58f/0x630
[  253.026184][ T8375]  do_sys_openat2+0x134/0x1d0
[  253.030893][ T8375]  ? do_sys_open+0xe0/0xe0
[  253.035339][ T8375]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  253.041360][ T8375]  ? lock_chain_count+0x20/0x20
[  253.046235][ T8375]  __x64_sys_creat+0x90/0xb0
[  253.050845][ T8375]  do_syscall_64+0x55/0xa0
[  253.055299][ T8375]  ? clear_bhb_loop+0x40/0x90
[  253.059990][ T8375]  ? clear_bhb_loop+0x40/0x90
[  253.064686][ T8375]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  253.070594][ T8375] RIP: 0033:0x7fe05bb9acb9
[  253.075036][ T8375] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  253.094672][ T8375] RSP: 002b:00007fe05cac2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000055
[  253.103119][ T8375] RAX: ffffffffffffffda RBX: 00007fe05be15fa0 RCX: 00007fe05bb9acb9
[  253.111108][ T8375] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000e00
[  253.119091][ T8375] RBP: 00007fe05bc08bf7 R08: 0000000000000000 R09: 0000000000000000
[  253.127083][ T8375] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  253.135080][ T8375] R13: 00007fe05be16038 R14: 00007fe05be15fa0 R15: 00007ffd59488618
[  253.143077][ T8375]  </TASK>
[  253.398385][ T8436] loop2: detected capacity change from 0 to 8
[  254.754410][ T8450] netlink: 28 bytes leftover after parsing attributes in process `syz.0.531'.
[  255.563302][ T8462] loop0: detected capacity change from 0 to 8192
[  255.866066][ T8462] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  255.998143][ T8462] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[  256.007612][ T8462] REISERFS (device loop0): using ordered data mode
[  256.014185][ T8462] reiserfs: using flush barriers
[  256.027317][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  256.033730][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[  256.064590][ T8462] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  256.169066][ T8462] REISERFS (device loop0): checking transaction log (loop0)
[  256.463619][ T8459] loop1: detected capacity change from 0 to 32768
[  256.516189][ T8462] REISERFS (device loop0): Using tea hash to sort names
[  256.540445][ T8459] JBD2: Ignoring recovery information on journal
[  256.559212][ T8462] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  256.670077][ T8459] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  258.010652][ T5769] ocfs2: Unmounting device (7,1) on (node local)
[  259.397936][ T8517] netlink: 28 bytes leftover after parsing attributes in process `syz.2.543'.
[  260.219727][ T8530] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[  260.533145][ T8538] loop1: detected capacity change from 0 to 32768
[  260.578819][ T8538] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 scanned by syz.1.547 (8538)
[  260.598360][ T8538] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  260.608725][ T8538] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  260.617688][ T8538] BTRFS info (device loop1): allowing degraded mounts
[  260.624585][ T8538] BTRFS info (device loop1): setting nodatasum
[  260.630809][ T8538] BTRFS info (device loop1): disabling tree log
[  260.637173][ T8538] BTRFS info (device loop1): using free space tree
[  260.872146][ T8538] BTRFS info (device loop1): auto enabling async discard
[  260.910828][   T28] audit: type=1800 audit(1769280049.178:90): pid=8538 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.547" name="file1" dev="loop1" ino=260 res=0 errno=0
[  261.100050][ T5769] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  261.414432][ T8569] loop0: detected capacity change from 0 to 4096
[  261.445570][ T8569] EXT4-fs: Ignoring removed bh option
[  261.633744][ T8569] EXT4-fs (loop0): Test dummy encryption mode enabled
[  261.779248][ T8569] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  262.070593][ T8569] System zones: 0-5
[  262.283323][ T8569] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  262.494682][ T8569] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni"
[  262.779208][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  262.989575][ T8557] loop4: detected capacity change from 0 to 40427
[  263.034681][ T8557] F2FS-fs (loop4): Wrong MAIN_AREA boundary, start(4096) end(12800) block(12288)
[  263.044985][ T8591] loop0: detected capacity change from 0 to 1024
[  263.065092][ T8557] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  263.101202][ T8591] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  263.145158][ T8557] F2FS-fs (loop4): build fault injection attr: rate: 0, type: 0x35f7
[  263.215686][ T8557] F2FS-fs (loop4): build fault injection attr: rate: 690, type: 0x7ffff
[  263.264582][ T8557] F2FS-fs (loop4): Image doesn't support compression
[  263.285955][ T8557] F2FS-fs (loop4): invalid crc value
[  263.314539][ T8557] F2FS-fs (loop4): Found nat_bits in checkpoint
[  263.373239][ T8591] EXT4-fs warning (device loop0): ext4_rename_delete:3778: inode #18: comm syz.0.554: Deleting old file: nlink 2, error=-2
[  263.500562][ T8557] F2FS-fs (loop4): Start checkpoint disabled!
[  263.519856][ T8557] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  263.532058][ T8557] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  263.549806][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  263.669882][ T8557] syz.4.550: attempt to access beyond end of device
[  263.669882][ T8557] loop4: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  263.730801][ T8557] F2FS-fs (loop4): inject page get in f2fs_pagecache_get_page of generic_perform_write+0x2fe/0x5c0
[  263.928115][ T8557] syz.4.550: attempt to access beyond end of device
[  263.928115][ T8557] loop4: rw=2049, sector=45104, nr_sectors = 40 limit=40427
[  263.947983][ T8614] syz.4.550: attempt to access beyond end of device
[  263.947983][ T8614] loop4: rw=2051, sector=45096, nr_sectors = 8 limit=40427
[  264.076675][ T8615] netlink: 28 bytes leftover after parsing attributes in process `syz.1.556'.
[  264.747637][   T28] audit: type=1326 audit(1769280053.028:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8625 comm="syz.2.560" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd90479acb9 code=0x0
[  265.077912][   T43] kworker/u4:3: attempt to access beyond end of device
[  265.077912][   T43] loop4: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  265.289590][   T43] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  265.469872][   T43] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  265.574693][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  267.568891][ T8656] loop0: detected capacity change from 0 to 32768
[  267.594007][ T8656] JBD2: Ignoring recovery information on journal
[  267.638239][ T8656] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  267.723073][ T8656] syz.0.565 (8656) used greatest stack depth: 20208 bytes left
[  267.746505][ T8670] loop2: detected capacity change from 0 to 1024
[  267.949623][ T6656] hfsplus: request for non-existent node 33554434 in B*Tree
[  267.976100][ T6656] hfsplus: request for non-existent node 33554434 in B*Tree
[  267.980597][ T5768] ocfs2: Unmounting device (7,0) on (node local)
[  268.843825][ T8674] loop4: detected capacity change from 0 to 8192
[  269.893050][ T8681] netlink: 28 bytes leftover after parsing attributes in process `syz.0.569'.
[  269.911703][ T8674] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  269.924961][ T8674] REISERFS (device loop4): found reiserfs format "3.5" with non-standard journal
[  269.934227][ T8674] REISERFS (device loop4): using ordered data mode
[  269.940998][ T8674] reiserfs: using flush barriers
[  269.949282][ T8674] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  270.055484][ T8674] REISERFS (device loop4): checking transaction log (loop4)
[  270.081781][ T8674] REISERFS (device loop4): Using r5 hash to sort names
[  270.100897][ T8674] REISERFS (device loop4): using 3.5.x disk format
[  270.147832][ T8674] REISERFS warning (device loop4): jdm-13090 reiserfs_new_inode: ACLs aren't enabled in the fs, but vfs thinks they are!
[  270.214205][ T8674] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  270.312040][ T8674] REISERFS warning: reiserfs-5093 is_leaf: item entry count seems wrong *3.5*[2 4 0(1) DIR], item_len 35, item_location 4061, free_space(entry_count) 2
[  270.339561][ T8674] REISERFS error (device loop4): vs-5150 search_by_key: invalid format found in block 534. Fsck?
[  270.402485][ T8674] REISERFS (device loop4): Remounting filesystem read-only
[  271.026559][ T8710] loop4: detected capacity change from 0 to 256
[  271.275498][ T8710] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  272.060018][ T8721] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  272.107947][ T8724] loop0: detected capacity change from 0 to 256
[  273.641645][ T8738] netlink: 28 bytes leftover after parsing attributes in process `syz.1.579'.
[  273.989100][ T8756] trusted_key: syz.1.583 sent an empty control message without MSG_MORE.
[  275.535256][ T8777] loop4: detected capacity change from 0 to 32768
[  275.582532][ T8777] XFS (loop4): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  275.649092][ T8799] loop2: detected capacity change from 0 to 1024
[  276.712003][ T8777] XFS (loop4): Ending clean mount
[  276.734964][ T8777] XFS (loop4): Quotacheck needed: Please wait.
[  276.927596][ T8818] futex_wake_op: syz.1.592 tries to shift op by 32; fix this program
[  277.586699][ T8812] netlink: 28 bytes leftover after parsing attributes in process `syz.0.591'.
[  277.606728][ T8777] XFS (loop4): Quotacheck: Done.
[  278.489787][ T8828] loop0: detected capacity change from 0 to 256
[  278.587284][ T8828] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  278.750091][ T7959] XFS (loop4): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  278.828113][ T8832] loop2: detected capacity change from 0 to 1024
[  279.329698][ T8840] loop2: detected capacity change from 0 to 64
[  280.453934][ T8855] loop1: detected capacity change from 0 to 65
[  280.494868][ T8855] BFS-fs: bfs_fill_super(): NOTE: filesystem loop1 was created with 512 inodes, the real maximum is 511, mounting anyway
[  282.605218][ T8879] netlink: 28 bytes leftover after parsing attributes in process `syz.2.604'.
[  283.753826][ T8884] loop4: detected capacity change from 0 to 32768
[  283.797955][ T8884] XFS (loop4): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  283.908539][ T8884] XFS (loop4): Ending clean mount
[  283.930931][ T8884] XFS (loop4): Quotacheck needed: Please wait.
[  283.962018][ T8892] loop2: detected capacity change from 0 to 8192
[  284.020470][ T8903] netlink: 44 bytes leftover after parsing attributes in process `syz.0.611'.
[  284.032321][ T8884] XFS (loop4): Quotacheck: Done.
[  284.068456][ T8892] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  284.111250][ T8892] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal
[  284.144641][ T8892] REISERFS (device loop2): using ordered data mode
[  284.174653][ T8892] reiserfs: using flush barriers
[  284.195474][ T8892] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  284.231463][ T8882] loop1: detected capacity change from 0 to 40427
[  284.252907][ T8892] REISERFS (device loop2): checking transaction log (loop2)
[  284.278390][ T8882] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12
[  284.288110][ T8882] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  284.322507][ T8882] F2FS-fs (loop1): invalid crc value
[  284.370916][ T7959] XFS (loop4): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  284.372158][ T8882] F2FS-fs (loop1): Found nat_bits in checkpoint
[  284.520795][ T8907] loop0: detected capacity change from 0 to 8192
[  284.549030][ T8907] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  284.563263][ T8882] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  284.570432][ T8882] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  284.575289][ T8907] REISERFS (device loop0): found reiserfs format "3.6" with non-standard journal
[  284.597386][ T8907] REISERFS (device loop0): using ordered data mode
[  284.604090][ T8907] reiserfs: using flush barriers
[  284.612210][ T8907] REISERFS (device loop0): journal params: device loop0, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  284.634227][ T8907] REISERFS (device loop0): checking transaction log (loop0)
[  284.642368][ T8892] REISERFS (device loop2): Using tea hash to sort names
[  284.675954][ T8892] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  284.690682][   T28] audit: type=1800 audit(1769280072.968:92): pid=8882 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.607" name="file1" dev="loop1" ino=10 res=0 errno=0
[  284.877599][ T8907] REISERFS (device loop0): Using tea hash to sort names
[  284.889952][   T28] audit: type=1800 audit(1769280073.168:93): pid=8892 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.610" name="file1" dev="loop2" ino=8 res=0 errno=0
[  284.896830][ T8907] REISERFS (device loop0): Created .reiserfs_priv - reserved for xattr storage.
[  284.973604][ T8907] REISERFS warning (device loop0): vs-13060 reiserfs_update_sd_size: stat data of object [2 5 0x0 SD] (nlink == 2) not found (pos 4)
[  287.523907][ T8937] netlink: 28 bytes leftover after parsing attributes in process `syz.0.619'.
[  288.470199][ T8954] loop1: detected capacity change from 0 to 2048
[  288.566363][ T8954] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  288.659144][ T8954] EXT4-fs error (device loop1): ext4_mb_generate_buddy:1231: group 0, block bitmap and bg descriptor inconsistent: 25 vs 281 free clusters
[  288.725056][ T8954] EXT4-fs (loop1): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 32 with error 28
[  288.769858][ T8954] EXT4-fs (loop1): This should not happen!! Data will be lost
[  288.769858][ T8954] 
[  288.815261][ T8954] EXT4-fs (loop1): Total free blocks count 0
[  288.822295][ T8954] EXT4-fs (loop1): Free/Dirty block details
[  288.865049][ T8954] EXT4-fs (loop1): free_blocks=4096
[  288.870524][ T8954] EXT4-fs (loop1): dirty_blocks=32
[  288.894554][ T8954] EXT4-fs (loop1): Block reservation details
[  288.908265][ T8954] EXT4-fs (loop1): i_reserved_data_blocks=2
[  288.946117][ T8943] loop4: detected capacity change from 0 to 40427
[  288.978387][ T8943] F2FS-fs (loop4): build fault injection attr: rate: 771, type: 0x7ffff
[  288.999351][ T8943] F2FS-fs (loop4): invalid crc value
[  289.013744][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  289.060661][ T8943] F2FS-fs (loop4): Found nat_bits in checkpoint
[  289.141262][ T8966] loop0: detected capacity change from 0 to 512
[  289.267572][ T8966] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  289.299426][ T8943] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  289.309226][ T8966] ext4 filesystem being mounted at /154/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  289.414981][  T967] usb 2-1: new low-speed USB device number 5 using dummy_hcd
[  289.459052][ T5780] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  289.477410][ T5780] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  289.489386][ T8943] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_page of f2fs_get_read_data_page+0xd7/0x5d0
[  289.503849][ T5780] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  289.521671][ T5780] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  289.532004][ T5780] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  289.541071][ T5780] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  289.640851][ T5768] EXT4-fs error (device loop0): ext4_empty_dir:3139: inode #12: comm syz-executor: Directory hole found for htree leaf block 0
[  289.640864][ T7959] syz-executor: attempt to access beyond end of device
[  289.640864][ T7959] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  289.654384][ T7959] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  289.692442][  T967] usb 2-1: config 0 has an invalid interface number: 1 but max is 0
[  289.700775][  T967] usb 2-1: config 0 has no interface number 0
[  289.707160][  T967] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10
[  289.734721][  T967] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8
[  289.755074][ T5768] EXT4-fs error (device loop0): ext4_empty_dir:3139: inode #12: comm syz-executor: Directory hole found for htree leaf block 0
[  289.787389][ T5768] EXT4-fs error (device loop0): ext4_empty_dir:3139: inode #12: comm syz-executor: Directory hole found for htree leaf block 0
[  289.790609][  T967] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  289.812880][ T5768] EXT4-fs error (device loop0): ext4_empty_dir:3139: inode #12: comm syz-executor: Directory hole found for htree leaf block 0
[  289.826984][ T5768] EXT4-fs error (device loop0): ext4_empty_dir:3139: inode #12: comm syz-executor: Directory hole found for htree leaf block 0
[  289.846919][ T5768] EXT4-fs error (device loop0): ext4_empty_dir:3139: inode #12: comm syz-executor: Directory hole found for htree leaf block 0
[  289.862232][ T5768] EXT4-fs error (device loop0): ext4_empty_dir:3139: inode #12: comm syz-executor: Directory hole found for htree leaf block 0
[  289.865176][  T967] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  289.886301][ T5768] EXT4-fs error (device loop0): ext4_empty_dir:3139: inode #12: comm syz-executor: Directory hole found for htree leaf block 0
[  289.907834][ T5768] EXT4-fs error (device loop0): ext4_empty_dir:3139: inode #12: comm syz-executor: Directory hole found for htree leaf block 0
[  289.928820][ T5768] EXT4-fs error (device loop0): ext4_empty_dir:3139: inode #12: comm syz-executor: Directory hole found for htree leaf block 0
[  289.950793][  T967] usb 2-1: config 0 descriptor??
[  289.988609][ T8968] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  290.026907][  T967] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  290.219471][ T8973] chnl_net:caif_netlink_parms(): no params data found
[  290.246276][ T5772] usb 2-1: USB disconnect, device number 5
[  290.252192][    C1] iowarrior 2-1:0.1: iowarrior_callback - usb_submit_urb failed with result -19
[  290.456960][ T8973] bridge0: port 1(bridge_slave_0) entered blocking state
[  290.464256][ T8973] bridge0: port 1(bridge_slave_0) entered disabled state
[  290.471601][ T8973] bridge_slave_0: entered allmulticast mode
[  290.479010][ T8973] bridge_slave_0: entered promiscuous mode
[  290.489046][ T8973] bridge0: port 2(bridge_slave_1) entered blocking state
[  290.496732][ T8973] bridge0: port 2(bridge_slave_1) entered disabled state
[  290.503983][ T8973] bridge_slave_1: entered allmulticast mode
[  290.511712][ T8973] bridge_slave_1: entered promiscuous mode
[  290.566457][ T5768] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  290.769570][ T8973] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  291.536423][ T8990] netlink: 28 bytes leftover after parsing attributes in process `syz.4.632'.
[  291.622234][ T1323] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  291.648452][ T8973] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  291.664849][ T5780] Bluetooth: hci3: command tx timeout
[  291.770547][ T1323] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  291.843221][ T8973] team0: Port device team_slave_0 added
[  291.883111][ T8973] team0: Port device team_slave_1 added
[  291.980539][ T1323] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  292.077343][ T8973] batman_adv: batadv0: Adding interface: batadv_slave_0
[  292.094498][ T8973] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  292.123100][ T8973] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  292.230381][ T9003] loop1: detected capacity change from 0 to 512
[  292.248140][ T9003] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  292.265971][ T1323] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  292.317532][ T8973] batman_adv: batadv0: Adding interface: batadv_slave_1
[  292.325632][ T8973] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  292.352909][ T8973] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  292.380887][ T9003] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  292.410032][ T9003] ext4 filesystem being mounted at /158/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  292.429960][ T8973] hsr_slave_0: entered promiscuous mode
[  292.441067][ T8973] hsr_slave_1: entered promiscuous mode
[  292.484783][ T9003] EXT4-fs (loop1): shut down requested (2)
[  292.496212][ T8973] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  292.513825][ T8973] Cannot create hsr debugfs directory
[  292.597671][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  292.675265][ T5084] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  292.708165][ T5084] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  292.724638][ T5084] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  292.735185][ T5084] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  292.747548][ T5084] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  292.756459][ T5084] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  293.738806][ T5780] Bluetooth: hci3: command tx timeout
[  293.739189][ T5084] Bluetooth: hci2: Malformed MSFT vendor event: 0x02
[  294.374794][    C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  294.856041][ T5084] Bluetooth: hci0: command tx timeout
[  294.866307][ T9030] netlink: 28 bytes leftover after parsing attributes in process `syz.1.643'.
[  295.507220][ T8973] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  295.581668][ T8973] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  295.638876][ T8973] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  295.675656][ T8973] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  295.815112][ T5084] Bluetooth: hci3: command tx timeout
[  295.976591][ T9010] chnl_net:caif_netlink_parms(): no params data found
[  296.614368][ T9010] bridge0: port 1(bridge_slave_0) entered blocking state
[  296.625014][ T9010] bridge0: port 1(bridge_slave_0) entered disabled state
[  296.633133][ T9010] bridge_slave_0: entered allmulticast mode
[  296.641096][ T9010] bridge_slave_0: entered promiscuous mode
[  296.682204][ T9010] bridge0: port 2(bridge_slave_1) entered blocking state
[  296.693214][ T9010] bridge0: port 2(bridge_slave_1) entered disabled state
[  296.713231][ T9010] bridge_slave_1: entered allmulticast mode
[  297.465699][ T9010] bridge_slave_1: entered promiscuous mode
[  297.497535][ T5084] Bluetooth: hci0: command tx timeout
[  297.716384][ T1323] hsr_slave_0: left promiscuous mode
[  297.722358][ T1323] hsr_slave_1: left promiscuous mode
[  297.741282][ T1323] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  297.748973][ T1323] batman_adv: batadv0: Removing interface: batadv_slave_0
[  297.760096][ T1323] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  297.767755][ T1323] batman_adv: batadv0: Removing interface: batadv_slave_1
[  297.794748][ T1323] bridge_slave_1: left allmulticast mode
[  297.800635][ T1323] bridge_slave_1: left promiscuous mode
[  297.806948][ T1323] bridge0: port 2(bridge_slave_1) entered disabled state
[  297.834769][ T1323] bridge_slave_0: left allmulticast mode
[  297.840487][ T1323] bridge_slave_0: left promiscuous mode
[  297.853314][ T1323] bridge0: port 1(bridge_slave_0) entered disabled state
[  297.889886][ T1323] veth1_macvtap: left promiscuous mode
[  297.895751][ T5084] Bluetooth: hci3: command tx timeout
[  297.901289][ T1323] veth0_macvtap: left promiscuous mode
[  297.907095][ T1323] veth1_vlan: left promiscuous mode
[  297.912472][ T1323] veth0_vlan: left promiscuous mode
[  298.692863][ T1323] team0 (unregistering): Port device team_slave_1 removed
[  298.754349][ T1323] team0 (unregistering): Port device team_slave_0 removed
[  298.804090][ T1323] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  298.871453][ T1323] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  299.305515][ T1323] bond0 (unregistering): Released all slaves
[  299.450914][ T9086] netlink: 28 bytes leftover after parsing attributes in process `syz.4.651'.
[  299.495789][ T9010] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  299.531024][ T9010] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  299.587768][ T5084] Bluetooth: hci0: command tx timeout
[  299.683522][ T9010] team0: Port device team_slave_0 added
[  299.739471][ T9010] team0: Port device team_slave_1 added
[  299.861257][ T9010] batman_adv: batadv0: Adding interface: batadv_slave_0
[  299.924574][ T9010] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  299.995185][ T9010] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  300.006233][ T9101] iommufd_mock iommufd_mock1: Adding to iommu group 0
[  300.025507][ T9010] batman_adv: batadv0: Adding interface: batadv_slave_1
[  300.032523][ T9010] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  300.102312][ T9010] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  300.140039][ T8973] 8021q: adding VLAN 0 to HW filter on device bond0
[  300.286351][ T6575] tipc: Subscription rejected, illegal request
[  300.312485][ T9010] hsr_slave_0: entered promiscuous mode
[  300.321015][ T1323] IPVS: stop unused estimator thread 0...
[  300.349100][ T9010] hsr_slave_1: entered promiscuous mode
[  300.593682][ T8973] 8021q: adding VLAN 0 to HW filter on device team0
[  300.636215][ T6650] bridge0: port 1(bridge_slave_0) entered blocking state
[  300.643482][ T6650] bridge0: port 1(bridge_slave_0) entered forwarding state
[  300.718047][ T6650] bridge0: port 2(bridge_slave_1) entered blocking state
[  300.725312][ T6650] bridge0: port 2(bridge_slave_1) entered forwarding state
[  301.942756][ T5084] Bluetooth: hci0: command tx timeout
[  302.253407][ T9136] loop1: detected capacity change from 0 to 512
[  302.265732][ T9136] EXT4-fs: Ignoring removed nobh option
[  302.274926][ T9132] netlink: 28 bytes leftover after parsing attributes in process `syz.4.660'.
[  302.316071][ T9136] EXT4-fs error (device loop1): ext4_orphan_get:1398: inode #15: comm syz.1.661: iget: bad i_size value: 38620345925642
[  302.342232][ T9136] EXT4-fs error (device loop1): ext4_orphan_get:1403: comm syz.1.661: couldn't read orphan inode 15 (err -117)
[  302.418886][ T9136] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  302.548517][   T28] audit: type=1800 audit(1769280090.828:94): pid=9136 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.661" name="bus" dev="loop1" ino=18 res=0 errno=0
[  302.581401][ T9136] Trying to write to read-only block-device loop1
[  302.684393][ T9010] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  302.716773][ T9010] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  302.747471][ T9010] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  302.791661][ T9010] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  302.829015][ T5769] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  303.118669][ T8973] 8021q: adding VLAN 0 to HW filter on device batadv0
[  303.225412][ T5828] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[  303.259785][ T9010] 8021q: adding VLAN 0 to HW filter on device bond0
[  303.442262][   T43] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  303.459778][ T5828] usb 5-1: Using ep0 maxpacket: 32
[  303.497345][ T5828] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  303.514510][ T5828] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  303.552739][ T5828] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40
[  303.576385][ T9010] 8021q: adding VLAN 0 to HW filter on device team0
[  303.584965][ T5828] usb 5-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0
[  303.593348][ T5828] usb 5-1: Product: syz
[  303.624833][ T5828] usb 5-1: Manufacturer: syz
[  303.643724][ T6557] bridge0: port 1(bridge_slave_0) entered blocking state
[  303.650958][ T6557] bridge0: port 1(bridge_slave_0) entered forwarding state
[  303.659516][ T5828] hub 5-1:4.0: USB hub found
[  303.693708][ T6557] bridge0: port 2(bridge_slave_1) entered blocking state
[  303.700995][ T6557] bridge0: port 2(bridge_slave_1) entered forwarding state
[  303.806240][   T43] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  303.870835][ T5828] hub 5-1:4.0: 2 ports detected
[  303.891567][   T43] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  304.007449][   T43] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  304.290198][ T5828] hub 5-1:4.0: set hub depth failed
[  304.334825][ T5828] usb 5-1: USB disconnect, device number 2
[  304.404135][ T8973] veth0_vlan: entered promiscuous mode
[  304.473341][ T8973] veth1_vlan: entered promiscuous mode
[  304.581468][ T5780] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  304.592938][ T5780] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  304.602428][ T5780] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  304.651447][ T5780] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  304.661032][ T5780] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  304.669520][ T5780] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  304.809262][ T8973] veth0_macvtap: entered promiscuous mode
[  304.943272][ T8973] veth1_macvtap: entered promiscuous mode
[  305.092745][ T9195] loop4: detected capacity change from 0 to 4096
[  305.220503][ T9010] 8021q: adding VLAN 0 to HW filter on device batadv0
[  305.249037][ T8973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  305.280066][ T8973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  305.290302][ T8973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  305.308237][ T8973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  305.319536][ T8973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  305.335132][ T8973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  305.354101][ T8973] batman_adv: batadv0: Interface activated: batadv_slave_0
[  305.490525][ T8973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  305.534652][ T8973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  305.564480][ T8973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  305.581444][ T8973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  305.594469][ T8973] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  305.614651][ T8973] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  305.650948][ T8973] batman_adv: batadv0: Interface activated: batadv_slave_1
[  306.418702][ T8973] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  306.434651][ T8973] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  306.450105][ T8973] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  306.461448][ T8973] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  306.775957][ T5084] Bluetooth: hci1: command tx timeout
[  307.634297][ T9219] netlink: 28 bytes leftover after parsing attributes in process `syz.4.669'.
[  307.779538][ T9182] chnl_net:caif_netlink_parms(): no params data found
[  307.914106][   T43] hsr_slave_0: left promiscuous mode
[  307.923458][   T43] hsr_slave_1: left promiscuous mode
[  307.933827][   T43] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  307.941745][   T43] batman_adv: batadv0: Removing interface: batadv_slave_0
[  307.986215][   T43] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  307.993693][   T43] batman_adv: batadv0: Removing interface: batadv_slave_1
[  308.006180][   T43] bridge_slave_1: left allmulticast mode
[  308.011877][   T43] bridge_slave_1: left promiscuous mode
[  308.018053][   T43] bridge0: port 2(bridge_slave_1) entered disabled state
[  308.028198][   T43] bridge_slave_0: left allmulticast mode
[  308.033889][   T43] bridge_slave_0: left promiscuous mode
[  308.041562][   T43] bridge0: port 1(bridge_slave_0) entered disabled state
[  308.078295][   T43] veth1_macvtap: left promiscuous mode
[  308.083865][   T43] veth0_macvtap: left promiscuous mode
[  308.089739][   T43] veth1_vlan: left promiscuous mode
[  308.095599][   T43] veth0_vlan: left promiscuous mode
[  308.298202][ T9232] loop4: detected capacity change from 0 to 1024
[  308.855585][ T5084] Bluetooth: hci1: command tx timeout
[  309.749233][   T43] team0 (unregistering): Port device team_slave_1 removed
[  309.804151][   T43] team0 (unregistering): Port device team_slave_0 removed
[  309.856855][   T43] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  309.917718][   T43] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  310.314014][   T43] bond0 (unregistering): Released all slaves
[  310.427716][ T6654] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  310.443834][ T6654] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  310.554158][ T9182] bridge0: port 1(bridge_slave_0) entered blocking state
[  310.562558][ T9182] bridge0: port 1(bridge_slave_0) entered disabled state
[  310.591837][ T9182] bridge_slave_0: entered allmulticast mode
[  310.612526][ T9182] bridge_slave_0: entered promiscuous mode
[  310.701759][ T9182] bridge0: port 2(bridge_slave_1) entered blocking state
[  310.715815][ T9182] bridge0: port 2(bridge_slave_1) entered disabled state
[  310.723072][ T9182] bridge_slave_1: entered allmulticast mode
[  310.738180][ T9182] bridge_slave_1: entered promiscuous mode
[  310.825909][ T6654] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  310.879777][ T6654] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  310.935061][ T5084] Bluetooth: hci1: command tx timeout
[  311.594373][ T9182] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  311.640959][ T9182] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  311.668761][ T9246] netlink: 28 bytes leftover after parsing attributes in process `syz.4.675'.
[  311.684819][ T9010] veth0_vlan: entered promiscuous mode
[  311.714080][ T9250] loop5: detected capacity change from 0 to 128
[  311.889675][ T9182] team0: Port device team_slave_0 added
[  311.948286][ T9010] veth1_vlan: entered promiscuous mode
[  311.992681][ T9182] team0: Port device team_slave_1 added
[  312.084382][ T9182] batman_adv: batadv0: Adding interface: batadv_slave_0
[  312.144651][ T9182] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  312.186948][ T9182] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  312.206662][ T9182] batman_adv: batadv0: Adding interface: batadv_slave_1
[  312.214043][ T9182] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  312.254644][ T9182] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  312.297376][ T9260] netlink: 'syz.5.677': attribute type 1 has an invalid length.
[  312.355522][ T9263] netlink: 3 bytes leftover after parsing attributes in process `syz.5.677'.
[  312.381144][ T9263] batadv1: entered promiscuous mode
[  312.390678][ T9263] batadv1: entered allmulticast mode
[  312.561669][ T9182] hsr_slave_0: entered promiscuous mode
[  312.598017][ T9182] hsr_slave_1: entered promiscuous mode
[  312.608644][ T9272] kvm: pic: non byte write
[  312.648982][ T9182] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  312.669947][ T9182] Cannot create hsr debugfs directory
[  312.770577][ T9010] veth0_macvtap: entered promiscuous mode
[  313.021550][ T5084] Bluetooth: hci1: command tx timeout
[  313.264365][ T9010] veth1_macvtap: entered promiscuous mode
[  313.516406][ T9010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  313.667097][ T9010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  313.770031][ T9010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  313.781203][ T9010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  313.791647][ T9010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  313.809238][ T9010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  313.821906][ T9010] batman_adv: batadv0: Interface activated: batadv_slave_0
[  313.843686][ T9291] loop5: detected capacity change from 0 to 1024
[  314.474801][ T9010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  314.493220][ T9010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  314.504208][ T9010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  314.515049][ T9010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  314.525701][ T9010] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  314.544518][ T9010] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  314.558176][ T9010] batman_adv: batadv0: Interface activated: batadv_slave_1
[  314.593268][ T9010] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  314.622348][ T9010] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  314.638727][ T9010] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  314.653765][ T9010] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  315.327318][ T9300] loop4: detected capacity change from 0 to 2048
[  315.467982][ T9301] netlink: 28 bytes leftover after parsing attributes in process `syz.5.682'.
[  315.555723][ T9300] UDF-fs: error (device loop4): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[  315.665827][ T9300] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  315.986160][ T6654] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  315.994052][ T6654] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  316.014597][ T9182] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  316.046336][ T9182] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  316.073264][ T9182] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  316.109444][ T9182] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  316.206754][ T6654] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  316.236529][ T6654] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  316.439681][ T9182] 8021q: adding VLAN 0 to HW filter on device bond0
[  316.539413][ T9182] 8021q: adding VLAN 0 to HW filter on device team0
[  316.578408][ T6650] bridge0: port 1(bridge_slave_0) entered blocking state
[  316.585660][ T6650] bridge0: port 1(bridge_slave_0) entered forwarding state
[  316.610508][   T43] bridge0: port 2(bridge_slave_1) entered blocking state
[  316.617734][   T43] bridge0: port 2(bridge_slave_1) entered forwarding state
[  316.663548][ T9304] loop5: detected capacity change from 0 to 40427
[  316.687053][ T9304] F2FS-fs (loop5): build fault injection attr: rate: 690, type: 0x7ffff
[  316.731170][ T9304] F2FS-fs (loop5): Image doesn't support compression
[  316.795471][ T9304] F2FS-fs (loop5): Image doesn't support compression
[  316.819402][ T9304] F2FS-fs (loop5): invalid crc value
[  316.874353][ T9304] F2FS-fs (loop5): Found nat_bits in checkpoint
[  316.882603][ T9182] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  316.914537][ T9182] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  316.988104][ T9304] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  317.332687][ T9308] loop4: detected capacity change from 0 to 40427
[  317.389099][ T9308] F2FS-fs (loop4): invalid crc value
[  317.425139][ T1280] ieee802154 phy0 wpan0: encryption failed: -22
[  317.431653][ T1280] ieee802154 phy1 wpan1: encryption failed: -22
[  317.462627][ T9308] F2FS-fs (loop4): Found nat_bits in checkpoint
[  317.602859][ T9308] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  317.660248][ T9182] 8021q: adding VLAN 0 to HW filter on device batadv0
[  317.736297][ T9308] syz.4.685: attempt to access beyond end of device
[  317.736297][ T9308] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  317.757920][ T9322] loop6: detected capacity change from 0 to 32768
[  317.830379][ T9322] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop6 scanned by syz.6.634 (9322)
[  317.915745][ T9322] BTRFS info (device loop6): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  317.947926][ T9322] BTRFS info (device loop6): using sha256 (sha256-avx2) checksum algorithm
[  317.957344][ T9322] BTRFS info (device loop6): using free space tree
[  317.968327][ T7959] syz-executor: attempt to access beyond end of device
[  317.968327][ T7959] loop4: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  317.994978][ T7959] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  318.032100][ T9304] syz.5.684: attempt to access beyond end of device
[  318.032100][ T9304] loop5: rw=10241, sector=45096, nr_sectors = 8 limit=40427
[  318.053018][ T9304] F2FS-fs (loop5): inject page get in f2fs_pagecache_get_page of generic_perform_write+0x2fe/0x5c0
[  318.201644][ T9322] BTRFS info (device loop6): enabling ssd optimizations
[  318.241481][ T9322] BTRFS info (device loop6): auto enabling async discard
[  318.520035][ T8973] syz-executor: attempt to access beyond end of device
[  318.520035][ T8973] loop5: rw=2049, sector=45104, nr_sectors = 8 limit=40427
[  318.561362][ T9010] BTRFS info (device loop6): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  318.575022][ T8973] F2FS-fs (loop5): Remounting filesystem read-only
[  318.684155][ T9182] veth0_vlan: entered promiscuous mode
[  318.747077][ T9182] veth1_vlan: entered promiscuous mode
[  318.889554][ T9182] veth0_macvtap: entered promiscuous mode
[  318.940513][ T9182] veth1_macvtap: entered promiscuous mode
[  319.026298][ T9182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  319.063445][ T9182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  319.099366][ T9182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  319.139486][ T9182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  319.184839][ T9182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  319.224466][ T9182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  319.263506][ T9182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  319.314649][ T9182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  319.391829][ T9182] batman_adv: batadv0: Interface activated: batadv_slave_0
[  319.505279][ T9182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  319.530735][ T9182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  319.554543][ T9182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  319.574754][ T9182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  319.594649][ T9182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  319.614499][ T9182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  319.649971][ T9182] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  319.674854][ T9182] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  319.708686][ T9182] batman_adv: batadv0: Interface activated: batadv_slave_1
[  319.766444][ T9182] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  319.795122][ T9182] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  319.829868][ T9182] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  319.849340][ T9182] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  320.088857][ T9389] loop4: detected capacity change from 0 to 8192
[  320.125215][ T9389] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  320.182216][ T1323] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  320.223879][ T9389] REISERFS (device loop4): found reiserfs format "3.6" with non-standard journal
[  320.255784][ T1323] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  320.295985][ T9389] REISERFS (device loop4): using ordered data mode
[  320.302641][ T9389] reiserfs: using flush barriers
[  320.385487][ T9389] REISERFS (device loop4): journal params: device loop4, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  320.414691][ T6654] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  320.422664][ T6654] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  320.430600][ T9389] REISERFS (device loop4): checking transaction log (loop4)
[  321.649915][ T9389] REISERFS (device loop4): Using tea hash to sort names
[  321.764916][ T9389] REISERFS (device loop4): Created .reiserfs_priv - reserved for xattr storage.
[  322.231067][ T9389] 
[  322.233473][ T9389] ======================================================
[  322.240580][ T9389] WARNING: possible circular locking dependency detected
[  322.247650][ T9389] syzkaller #0 Not tainted
[  322.252092][ T9389] ------------------------------------------------------
[  322.259148][ T9389] syz.4.689/9389 is trying to acquire lock:
[  322.265068][ T9389] ffff888054543e90 (&type->i_mutex_dir_key#18/3){+.+.}-{3:3}, at: open_xa_dir+0x146/0x700
[  322.275067][ T9389] 
[  322.275067][ T9389] but task is already holding lock:
[  322.282457][ T9389] ffff888023d80090 (&sbi->lock){+.+.}-{3:3}, at: reiserfs_write_lock_nested+0x60/0xd0
[  322.292104][ T9389] 
[  322.292104][ T9389] which lock already depends on the new lock.
[  322.292104][ T9389] 
[  322.302549][ T9389] 
[  322.302549][ T9389] the existing dependency chain (in reverse order) is:
[  322.311657][ T9389] 
[  322.311657][ T9389] -> #1 (&sbi->lock){+.+.}-{3:3}:
[  322.318987][ T9389]        __mutex_lock+0x136/0xcc0
[  322.324064][ T9389]        reiserfs_write_lock+0x79/0xd0
[  322.329564][ T9389]        reiserfs_mkdir+0x30c/0x920
[  322.334799][ T9389]        open_xa_dir+0x327/0x700
[  322.339782][ T9389]        xattr_lookup+0x22/0x2a0
[  322.344752][ T9389]        reiserfs_xattr_set_handle+0x106/0xd70
[  322.350948][ T9389]        reiserfs_xattr_set+0x46b/0x590
[  322.356528][ T9389]        __vfs_setxattr+0x431/0x470
[  322.361767][ T9389]        __vfs_setxattr_noperm+0x12d/0x5e0
[  322.367618][ T9389]        vfs_setxattr+0x16b/0x2f0
[  322.372676][ T9389]        __se_sys_fsetxattr+0x476/0x510
[  322.378257][ T9389]        do_syscall_64+0x55/0xa0
[  322.383231][ T9389]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  322.389679][ T9389] 
[  322.389679][ T9389] -> #0 (&type->i_mutex_dir_key#18/3){+.+.}-{3:3}:
[  322.398438][ T9389]        __lock_acquire+0x2df1/0x7d40
[  322.403876][ T9389]        lock_acquire+0x19e/0x420
[  322.408942][ T9389]        down_write_nested+0x9e/0x200
[  322.414363][ T9389]        open_xa_dir+0x146/0x700
[  322.419342][ T9389]        reiserfs_for_each_xattr+0x1bd/0x9f0
[  322.425361][ T9389]        reiserfs_delete_xattrs+0x20/0x90
[  322.431103][ T9389]        reiserfs_evict_inode+0x24f/0x4c0
[  322.436834][ T9389]        evict+0x4ca/0x8d0
[  322.441294][ T9389]        reiserfs_create+0x353/0x690
[  322.446643][ T9389]        vfs_create+0x1f4/0x360
[  322.451536][ T9389]        do_mknodat+0x3d0/0x500
[  322.456424][ T9389]        __x64_sys_mknodat+0xa9/0xc0
[  322.461741][ T9389]        do_syscall_64+0x55/0xa0
[  322.466725][ T9389]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  322.473178][ T9389] 
[  322.473178][ T9389] other info that might help us debug this:
[  322.473178][ T9389] 
[  322.483438][ T9389]  Possible unsafe locking scenario:
[  322.483438][ T9389] 
[  322.490918][ T9389]        CPU0                    CPU1
[  322.496365][ T9389]        ----                    ----
[  322.501768][ T9389]   lock(&sbi->lock);
[  322.505798][ T9389]                                lock(&type->i_mutex_dir_key#18/3);
[  322.513829][ T9389]                                lock(&sbi->lock);
[  322.520366][ T9389]   lock(&type->i_mutex_dir_key#18/3);
[  322.525892][ T9389] 
[  322.525892][ T9389]  *** DEADLOCK ***
[  322.525892][ T9389] 
[  322.534082][ T9389] 3 locks held by syz.4.689/9389:
[  322.539145][ T9389]  #0: ffff88802103e418 (sb_writers#27){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[  322.548476][ T9389]  #1: ffff888054544530 (&type->i_mutex_dir_key#18/1){+.+.}-{3:3}, at: filename_create+0x20c/0x480
[  322.559260][ T9389]  #2: ffff888023d80090 (&sbi->lock){+.+.}-{3:3}, at: reiserfs_write_lock_nested+0x60/0xd0
[  322.569330][ T9389] 
[  322.569330][ T9389] stack backtrace:
[  322.575242][ T9389] CPU: 0 PID: 9389 Comm: syz.4.689 Not tainted syzkaller #0
[  322.582592][ T9389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  322.592710][ T9389] Call Trace:
[  322.596020][ T9389]  <TASK>
[  322.598976][ T9389]  dump_stack_lvl+0x18c/0x250
[  322.603699][ T9389]  ? load_image+0x400/0x400
[  322.608272][ T9389]  ? show_regs_print_info+0x20/0x20
[  322.613530][ T9389]  ? print_circular_bug+0x12b/0x1a0
[  322.618793][ T9389]  check_noncircular+0x2fc/0x400
[  322.623777][ T9389]  ? look_up_lock_class+0x75/0x140
[  322.628947][ T9389]  ? print_deadlock_bug+0x5d0/0x5d0
[  322.634208][ T9389]  ? lockdep_lock+0xf5/0x230
[  322.638869][ T9389]  ? _find_first_zero_bit+0xd3/0x100
[  322.644192][ T9389]  __lock_acquire+0x2df1/0x7d40
[  322.649091][ T9389]  ? __lock_acquire+0x1347/0x7d40
[  322.654150][ T9389]  ? reiserfs_write_lock_nested+0x60/0xd0
[  322.659949][ T9389]  ? verify_lock_unused+0x140/0x140
[  322.665200][ T9389]  lock_acquire+0x19e/0x420
[  322.669740][ T9389]  ? open_xa_dir+0x146/0x700
[  322.674368][ T9389]  ? __lock_acquire+0x1347/0x7d40
[  322.679424][ T9389]  ? __might_sleep+0xe0/0xe0
[  322.684044][ T9389]  ? read_lock_is_recursive+0x20/0x20
[  322.689449][ T9389]  ? mark_lock+0x94/0x320
[  322.693813][ T9389]  ? __lock_acquire+0x1347/0x7d40
[  322.698882][ T9389]  down_write_nested+0x9e/0x200
[  322.703772][ T9389]  ? open_xa_dir+0x146/0x700
[  322.708401][ T9389]  ? down_read_non_owner+0x310/0x310
[  322.713724][ T9389]  open_xa_dir+0x146/0x700
[  322.718192][ T9389]  ? listxattr_filler+0x520/0x520
[  322.723257][ T9389]  ? truncate_inode_pages_range+0x40a/0xfb0
[  322.729184][ T9389]  ? reiserfs_for_each_xattr+0xd0/0x9f0
[  322.734769][ T9389]  reiserfs_for_each_xattr+0x1bd/0x9f0
[  322.740285][ T9389]  ? mapping_evict_folio+0x510/0x510
[  322.745606][ T9389]  ? reiserfs_for_each_xattr+0x9f0/0x9f0
[  322.751335][ T9389]  ? reiserfs_delete_xattrs+0x90/0x90
[  322.756727][ T9389]  ? reiserfs_xattr_init+0x6a0/0x6a0
[  322.762310][ T9389]  ? inode_wait_for_writeback+0x1e3/0x230
[  322.768075][ T9389]  ? do_raw_spin_lock+0x11f/0x2c0
[  322.773132][ T9389]  ? dquot_initialize+0x20/0x20
[  322.777988][ T9389]  ? __rwlock_init+0x150/0x150
[  322.782788][ T9389]  reiserfs_delete_xattrs+0x20/0x90
[  322.787999][ T9389]  reiserfs_evict_inode+0x24f/0x4c0
[  322.793286][ T9389]  ? entry_points_to_object+0x260/0x260
[  322.798922][ T9389]  ? do_raw_spin_lock+0x11f/0x2c0
[  322.803953][ T9389]  ? do_raw_spin_unlock+0x121/0x230
[  322.809175][ T9389]  ? entry_points_to_object+0x260/0x260
[  322.814732][ T9389]  evict+0x4ca/0x8d0
[  322.818714][ T9389]  ? proc_nr_inodes+0x230/0x230
[  322.823594][ T9389]  ? do_raw_spin_unlock+0x121/0x230
[  322.828802][ T9389]  ? _raw_spin_unlock+0x28/0x40
[  322.833671][ T9389]  ? iput+0x706/0x920
[  322.837654][ T9389]  reiserfs_create+0x353/0x690
[  322.842471][ T9389]  ? reiserfs_lookup+0x580/0x580
[  322.847446][ T9389]  ? from_kgid+0x16d/0x690
[  322.851881][ T9389]  ? make_vfsuid+0x51/0xb0
[  322.856323][ T9389]  ? generic_permission+0x1f3/0x590
[  322.861568][ T9389]  ? open_xa_dir+0x700/0x700
[  322.866168][ T9389]  ? inode_permission+0xf3/0x480
[  322.871114][ T9389]  ? bpf_lsm_inode_create+0x9/0x10
[  322.876262][ T9389]  ? security_inode_create+0xb7/0x100
[  322.881671][ T9389]  vfs_create+0x1f4/0x360
[  322.886017][ T9389]  do_mknodat+0x3d0/0x500
[  322.890359][ T9389]  ? __check_object_size+0x506/0xa20
[  322.895649][ T9389]  ? do_o_path+0x200/0x200
[  322.900078][ T9389]  ? getname_flags+0x20a/0x500
[  322.904848][ T9389]  __x64_sys_mknodat+0xa9/0xc0
[  322.909624][ T9389]  do_syscall_64+0x55/0xa0
[  322.914062][ T9389]  ? clear_bhb_loop+0x40/0x90
[  322.918756][ T9389]  ? clear_bhb_loop+0x40/0x90
[  322.923457][ T9389]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  322.929351][ T9389] RIP: 0033:0x7fe05bb9acb9
[  322.933768][ T9389] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  322.953387][ T9389] RSP: 002b:00007fe05cac2028 EFLAGS: 00000246 ORIG_RAX: 0000000000000103
[  322.961803][ T9389] RAX: ffffffffffffffda RBX: 00007fe05be15fa0 RCX: 00007fe05bb9acb9
[  322.969780][ T9389] RDX: 0000000000008000 RSI: 0000200000000000 RDI: ffffffffffffff9c
[  322.977747][ T9389] RBP: 00007fe05bc08bf7 R08: 0000000000000000 R09: 0000000000000000
[  322.985742][ T9389] R10: 0000000000000709 R11: 0000000000000246 R12: 0000000000000000
[  322.993711][ T9389] R13: 00007fe05be16038 R14: 00007fe05be15fa0 R15: 00007ffd59488618
[  323.001692][ T9389]  </TASK>
[  323.037978][ T9416] netlink: 28 bytes leftover after parsing attributes in process `syz.6.691'.
[  327.667869][ T6566] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  327.678174][ T6566] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  327.733111][ T6566] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  327.743688][ T6566] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  327.789800][ T6566] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  327.800360][ T6566] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  327.850026][ T6566] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  327.860533][ T6566] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  327.993445][ T6566] tipc: Disabling bearer <udp:syz2>
[  328.001717][ T6566] tipc: Left network mode
[  328.815757][ T6566] hsr_slave_0: left promiscuous mode
[  328.821946][ T6566] hsr_slave_1: left promiscuous mode
[  328.829870][ T6566] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  328.838034][ T6566] batman_adv: batadv0: Removing interface: batadv_slave_0
[  328.846268][ T6566] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  328.853698][ T6566] batman_adv: batadv0: Removing interface: batadv_slave_1
[  328.862580][ T6566] bridge_slave_1: left allmulticast mode
[  328.868341][ T6566] bridge_slave_1: left promiscuous mode
[  328.874044][ T6566] bridge0: port 2(bridge_slave_1) entered disabled state
[  328.882855][ T6566] bridge_slave_0: left allmulticast mode
[  328.888763][ T6566] bridge_slave_0: left promiscuous mode
[  328.894623][ T6566] bridge0: port 1(bridge_slave_0) entered disabled state
[  328.907488][ T6566] veth1_macvtap: left promiscuous mode
[  328.913036][ T6566] veth0_macvtap: left promiscuous mode
[  328.918707][ T6566] veth1_vlan: left promiscuous mode
[  328.923983][ T6566] veth0_vlan: left promiscuous mode
[  329.010467][ T6566] bond1 (unregistering): (slave bridge0): Releasing active interface
[  329.023646][ T6566] bond1 (unregistering): Released all slaves
[  329.177950][ T6566] team0 (unregistering): Port device team_slave_1 removed
[  329.217960][ T6566] team0 (unregistering): Port device team_slave_0 removed
[  329.247702][ T6566] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  329.284539][ T6566] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  329.381215][ T6566] bond0 (unregistering): Released all slaves