last executing test programs: 1m19.568860859s ago: executing program 3 (id=322): r0 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000080)="8907040400", 0x5) munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='xfrm0\x00', 0x10) connect$inet(r0, &(0x7f0000000100)={0x2, 0x4622, @initdev={0xac, 0x1e, 0xfc, 0x0}}, 0x10) sendmmsg$inet(r0, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10, 0x0}}], 0x68000, 0x0) 1m19.560600687s ago: executing program 3 (id=323): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000610000001801"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.dequeue\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x6, 0xc, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000002cf5741000000000000000000000008500000061"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x27, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f000000a300)) ioctl$SIOCSIFHWADDR(r0, 0x8b19, &(0x7f0000000000)={'wlan0\x00', @random="7cf1e97c9e4f"}) 1m19.532719942s ago: executing program 3 (id=324): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001100)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff4070000000000000400000000000e1ff95000000000000002ba76bb3019c1341056bd8174b79603123751c4e345c652fbc1626cca2a2ad75806150ae0209e62751ee00aa19ce670d25010000020000040000009fc404000000c788b277beee1cbf9b0a4def23d410f6accd3641110bec4e90a6341965dac05c04683712a0b09ec39e9ef8f6e396ad200e011ea665c45a3449abe802f5ab3e89cf40b8580218ce740068720000074e468eea3fcfcf498278a315f5b87e1c26433a8acd715f5888b2007f00000000000000000100000000000000010015d60605000053350000000034a70c2ab40c7cf5691db43a5c00000000000000f030007ce2c6f800000000000000e75a89faff01218087560cce39bf405f1e846c1242000000000040cad326ad7add65873d9f87463ad6f7c2e8ee1a39244960b318778f2a047f6d5bef5d7d617da7a6520655a805608df4d431623c850af895abba14f6fbd7fb5e2a431ab9142f3a06d55740a43088696daaed74b9c5c29647d2f950a959cf050000008600a62e96b7cb8e52cbdc2ba9d580609e31c30879d6fce424c2208af6c3784a1975fa657de38a3a32e4fd67ce446adb431d07db79241aca1dd9ba02453bbb5ee8babe1745e645f091231b986e952afdac972f342c6f184777d05d988d6edc71df0100000013a38300cabf2b554380ad215c789bef4cc574109b8df8d9a9db669557b3809d8c396d2c0361629d1822f722ec23812770d72cd00100000078a75dea785be550dbb420287e0789b8c7044f563a1f68d4efe895fdbc463f747c08f4010586903500000000000000e800000000000000000000000000000000000000003ddf4aa4b1c8b8a0ae6fb5425f1d581961471cdb51f8940290e99ccff4123f955267fe4a75c11448741f064fc7ce7e62ee4df874e086287547d4099aeec9f1538ee25a2a5ccf4a9b604e88e12ff25184d4e3c6f7f623559435b2c505fb711300000000040000000000000000000000000000e67ccc02148a4fc43021cce9f24f4b2f9492c32e7a92a557ac2b44b84e88bbf7a49789906d923e4916f390ab7edcd3f5b9fe14446dd446a52131c464f2c08efb46d934615c8631b7c42efd029406000000433f5c899119ec0c0acef5385c5a2720caeb68f1e9c05b0591d89467ded84da092dea262e51811e2d7fa515722516bd5ef6c8c4966e5937562a5648a696ad3a042a7097ddefe0671a5767014b09ddbf69b78f977fb145890f5bf41ba92b8c4c8b14f0d4a880ef4518bb32879d326497e21e041254f06bd7f3a067e147e82e841dba3867da8bfbc101d3960e07d282f483e7b49991be06b950ccd48f4e49833f3c4a02bbd06c84680549f9eb16682ecb722e8ffaca907a3eaaebfc8e0a47c0076d7cc9d32b3cc96aa751d890881c3c33bd91f6ecf45ab3f12f816318346f9b883427b9190024edc1eddd68f34ce3bfedb5fe5d7beae4d3ca561e37570587783f9673e7ab17f5a09efc1114777d2707d2996961203aedff1c52108d9c0d51dc30209872ec602af42eb29d54a37be0fdfdcd74c2d859a566ee5c30677173a2592a4617ae08bec07422d52d2ba7271550a5c20e3a8d1c8c8fd3025ff00607b2249ae9a18391e01b21b36169790b8e96f7955754b6b01a75165d3573d1dec5cf1b08b6115b43203a5654cce2277eb4c02ef4817b4cb989ac178895810eff7b697f2dc9b308aa2460e3cb85cdc4833571a62bf310700000000000000cc7f923284230ada8c756096a66119d4b6b2f159585c3cf8e7bfdd619e294b1d21cd491b8cfd4a253856e485fe29c6ad177a9fb078ca905782b9ed3c30675b89a784bb8031cac0de95178a5acff029a0f0fe972df22b20afe95fba722056f94ab15f1cf605c33df627311f1b614684d77549"], &(0x7f0000000140)='GPL\x00'}, 0x48) r1 = socket$kcm(0x11, 0x200000000000002, 0x300) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000001f80)=r0, 0x4) r2 = socket$kcm(0x10, 0x2, 0x0) bpf$ENABLE_STATS(0x20, 0x0, 0x0) write$cgroup_subtree(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="33fe"], 0xfe33) 1m19.476644321s ago: executing program 3 (id=326): mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x100) mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0) chroot(&(0x7f0000000100)='./file0\x00') mount(0x0, &(0x7f0000000d40)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x40, 0x0) mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x2a05004, 0x0) pivot_root(&(0x7f0000000140)='./file0/../file0\x00', &(0x7f0000000180)='./file0/../file0\x00') 1m19.437040634s ago: executing program 3 (id=327): bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000080)={0x1b, 0x0, 0x0, 0x5, 0x0, 0x1, 0xd8, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x5, 0x2}, 0x50) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010040000000000002034400000008000300", @ANYRES32=r3, @ANYBLOB="08002600851600000a00180000000000000000001c005a8018000180140002"], 0x4c}}, 0x0) 1m19.118986751s ago: executing program 3 (id=331): r0 = socket$inet6(0xa, 0x2, 0x0) close(0x3) r1 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000280)={@mcast1, 0x800, 0x0, 0x3, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4) sendmsg$inet6(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0xa, 0x4e21, 0x80000, @dev={0xfe, 0x80, '\x00', 0x13}, 0x40}, 0x1c, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='$\x00\x00\x00\x00\x00\x00\x00)\x00\x00\x002\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 '], 0x28}, 0x440e4) 1m19.022400142s ago: executing program 32 (id=331): r0 = socket$inet6(0xa, 0x2, 0x0) close(0x3) r1 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000280)={@mcast1, 0x800, 0x0, 0x3, 0x1}, 0x20) setsockopt$inet6_int(r0, 0x29, 0x1000000000021, &(0x7f0000000040)=0x5, 0x4) sendmsg$inet6(r1, &(0x7f00000000c0)={&(0x7f0000000000)={0xa, 0x4e21, 0x80000, @dev={0xfe, 0x80, '\x00', 0x13}, 0x40}, 0x1c, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB='$\x00\x00\x00\x00\x00\x00\x00)\x00\x00\x002\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 '], 0x28}, 0x440e4) 11.18416417s ago: executing program 5 (id=884): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff5653f, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=@newtfilter={0x3c, 0x2c, 0xd3f, 0x70bd25, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0xfffd, 0x4}, {0x0, 0x9}, {0xf, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_CT_STATE={0x6, 0x5b, 0xb}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x20048054) 10.908725686s ago: executing program 5 (id=886): write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0x8, 0x8, 0x80, 0x2, 0x3, 0x80, 0x20000006, 0x4d, 0x6, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x40, 0x0, 0x5, 0x4, 0x0, 0x8000050, 0x3c5b, 0x1, 0x24, 0xd, 0x2, 0x4, 0xffffffff, 0xe661, 0x0, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x243, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x8f, 0x6, 0x6, 0x0, 0x5, 0x4, 0x8, 0x3ff, 0x80, 0x0, 0x5, 0x3, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x5, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2bb, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea1, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x4, 0x1, 0x1ff, 0x5, 0x1000005, 0x5f31, 0xd, 0x4e0, 0x2, 0x4, 0xb, 0x4, 0x9, 0x8, 0x9, 0x6, 0x4b, 0x8000, 0x1, 0xfe000000, 0x8, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x0, 0xbc45, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0xb29, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x3038, 0x3e7, 0xb, 0x5, 0x4, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2954bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x938, 0x6, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0xffff, 0xa620, 0x1, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x4, 0x9, 0x7ff, 0xfffff000, 0x10000, 0x3, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x8, 0x3, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0x89, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c) r0 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x22, 0xf, {[@global=@item_012={0x0, 0x1, 0x5}, @main=@item_4={0x3, 0x0, 0x9, "1088c20b"}, @global=@item_012={0x1, 0x1, 0x9, "f5"}, @global=@item_012={0x1, 0x1, 0x7, "84"}, @main=@item_4={0x3, 0x0, 0x8, "9e3ce079"}]}}, 0x0}, 0x0) syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 8.717600447s ago: executing program 5 (id=909): r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_STATION(r1, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)={0x50, r2, 0x1, 0x70bd28, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_PEER_AID={0x6, 0xb5, 0x29b}, @NL80211_ATTR_STA_SUPPORT_P2P_PS={0x5, 0xe4, 0x1}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_STA_CAPABILITY={0x6, 0xab, 0x5}, @NL80211_ATTR_STA_SUPPORTED_OPER_CLASSES={0x6, 0xbe, "c29f"}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6, 0x12, 0xfff9}]}, 0x50}, 0x1, 0x0, 0x0, 0x10}, 0x4004004) 8.625925309s ago: executing program 5 (id=911): syz_mount_image$ext4(&(0x7f00000001c0)='ext4\x00', &(0x7f0000000200)='./bus\x00', 0x1400c, &(0x7f0000000580)={[{@nomblk_io_submit}, {@journal_dev={'journal_dev', 0x3d, 0x3f2}}, {@noload}]}, 0x3, 0x482, &(0x7f0000001240)="$eJzs3M9rHFUcAPDvTLJpY6qJtf5q/RGtYhFNmrZqDx5UFDxUEBTU45LEUptWaSLYEjD1UE8ignfx6L/gSS8ingSvepdCkV5sPa3Mzkyym2w22XQ3W93PB7b9vvmR974783bfzNvdAAbWZPZPErEvIn6PiPG82LzBZP7fjevLszevL88mUau99VdS3+7v68uz5ablfmONhUjiUIt6Fy9eOltdWJi/UJSnl859NL148dKzZ85VT8+fnj9/7OTJE8dnXnj+2HNdyXMs0iJ6/b2v3jj1RVP+6/Loksl2K5+s1bpcXX/d2RAP97EddGaoOF6Vev8fj6GGozcer322Wvi0Tw0EeqZWq9XGNl+9UgP+x5JoLuvyMCjKN/ry+rfVdfBLPRt99N+1l/MLoCzvG8UjXzO8esegsu76tpsmI+LdlX++yR7Rm/sQAABNfsjGP89ko53l2WzssTb+SOO+hu3uKuaGJiLi7ojYHxH3xPk4EBH3RtS3vT8iHuiw/oZJkvowc+P4J7264+S2IRv/vVjMbTWP/8rRX0wM1UsX80JUkvfPLMwfLZ6TI1HZk5Vn2tTx46u/fbnZusbxX/bI6i/HgkU7rg7vad5nrrpU3XnGza5djjg43Cr/ZHUmIImIByPiYKs/kG5dx5mnv3tos3Vb599GFyaaat9GPJUf/5VYl38paT8/Ob03FuaPTpdnxUa//Hrlzc3qX5f/3ugk/y7Ijv8dLc//1fwnksb52sXO67jyx+ebXtNMVoqgg/N/pbpUHUnerscjxbJPqktLF2YiRpJTeaMblx9b27csl9tn+R853Lr/74+1Z+JQRGQn8cMR8UhEPFocu8ci4vGIONwm/59feeKD9ctGy/xv5fzvgiz/uY6O/1owEs1L0hbbZMHQ2Z++b6p0Yi0s8r/Z/vXvRD06UizZzuvfxla0Dm71+QMAAID/gjQi9kWSTq3GaTo1lX+G/0A+9Z35+Pxc/h2Biaik5Z2u8Yb7oTPFZX1evhwR+UcLyvXHI63fN/56aLRenpr9cGGur5kDY5v0/8yfQ/1uHdBzvrAFg0v/h8HVtv9Xdq8dwO7b0P/b9vk9PW0LsLtavP+P9qMdwO5rNf73ez8wGNb1f9N+MEDc/4fBpf/D4NL/YSAtjsbWX5JvG5R/aYe7bxWMR+y8hRGx0uX2bDuISh8q3cUg0p5XMdLbU6tnQbKzNidxOzS+oe9s4Z02PxwOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwu/g3AAD//0C6yvY=") mkdir(&(0x7f00000008c0)='./bus\x00', 0x0) mkdirat(0xffffffffffffff9c, 0x0, 0x1c0) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000180)={[{@upperdir={'upperdir', 0x3d, './file0'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@workdir={'workdir', 0x3d, './bus'}}]}) r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000002180)='./file0\x00', 0x0, 0xab) ioctl$FS_IOC_GETFLAGS(r0, 0x80086601, 0x0) 8.17239283s ago: executing program 5 (id=918): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000000000207d1e5a2d00000000000109022400010000000009040000010300000009210000000122080009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000940)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="002208000000a20100c3"], 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f00000002c0), 0x0, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) ioctl$HIDIOCGREPORTINFO(r1, 0xc00c4809, &(0x7f0000000000)={0x3, 0x100, 0x4}) 7.678261773s ago: executing program 5 (id=924): openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) write$cgroup_devices(r0, &(0x7f0000000000)=ANY=[], 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90) getdents(r1, 0x0, 0x0) 7.575450603s ago: executing program 33 (id=924): openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) write$cgroup_devices(r0, &(0x7f0000000000)=ANY=[], 0x9) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r0, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x90) getdents(r1, 0x0, 0x0) 3.989937531s ago: executing program 6 (id=926): syz_mount_image$vfat(&(0x7f00000000c0), &(0x7f0000001240)='./file0\x00', 0x10, &(0x7f0000000380)=ANY=[@ANYBLOB="00e789da34e04a1ffbc2f05cefeb4ee6d5ae1071124b2c2fb684f5c7ac05000100c7880f67e775c748f6381a3e01e7f93330b30b90bbb4d2b697899a16f2df4fa2a8f06ac2c5352ddcae2b83672ef3d9f532e55f4e798924ac6332751e737383f6890d2dcfcbdbd41940a64c7b4374674e7bb6dd0d1b8d3d62f6d77b0282e166e2ce4c353d2d4d315a81146bf46a1508ef0d2ddc7d0b447fe17b85b292d13cea2256a16cab12d75a852bc680da7ea837480feb2e0500001e0000000000003bc18c52d0351cd285197b0641569048b5b416ba1c570000000000100083794afff0a9eed63b1226b100000000000000001be52a22e8ec8bf2c0c7d99770415863f50aa18bcb66061a29bc55105f3482ed752f882d224a386b51836c1b437036b677156e22e174ff516dbab0b2cdf52bee43c4ffffffffffffffffd9487b866aa339b98df63b4bf3e97f02d6f1e7e65f968dd90841506355d9ac40f1b434c8a9b5bd91a70c53a5aadbebd9ed9d0a55bd47a967163e0c02753f8895bfbf1b41b5490667c241068d59983ae1d0f03e650f5357425284b76d793e25a2558fa437e38b8200000000630000000000000000000000000000000000000000000000e911000000000066e073c14bb74617079e0b6ecfc830db14244567fd8f4e4e5903eaf983786e28295783f130b95dc37f59a658000e88047db7783ce8a9cba6c255902cfb83946ea3f5f7a8cee911b2b37ae4b01e65ea86d5ea7ae17b2a9bc250c9b8fc9fbc04617939bdd13457954172d18701768f8a461bee740f2d82ae566d2e30a93ad2b201a6d16a93c75a950cc437e7f25d3aadddb8edd028d84490b6bafd636aa4fb482a8a4b3987dafe58e742448c4b36b02790090198145dee53323bbb9050554f8cace210a5bc5c768f83e99019f7c00ff9ca679768dbba3f7d21c545c99c2f6688f7030fe37121d625d1f81018feb74c9d48eebdf1702550b097271ab9bd38c62f4b31fd9482c05ba0f6bf0a992995", @ANYRES8=0x0], 0x1, 0x11ed, &(0x7f0000002480)="$eJzs3E2rG1UYB/Cn19rWW++LWqstiAfd6GZo7sKNLgySgjSgtI3QCsLUO9GQMQmZcCEiVldu/Rzi0p0g7nRzN34Gd3fjsgtxxKT2tiXiG2no5ffb5IFz/uQcZjhwhjlz8NqXH/W7VdbNJ7F27FisjSLSrRQp1uJPn8XLr/7w43NXrl2/1Gy3W5dTuti82nglpbT5/HfvfvL1C99PTr/zzea3J2N/+72DX3Z+3j+7f+7gt6sf9qrUq9JgOEl5ujEcTvIbZZF2e1U/S+ntssirIvUGVTG+p71bDkejacoHuxvro3FRVSkfTFO/mKbJME3G05R/kPcGKcuytLEe/B+dr27VdR1R14/Giajrun4s1uN0PB4bsRlbsR1PxJPxVJyJp+NsPBPPxrlZr1WPGwAAAAAAAAAAAAAAAAAAAI4W5/8BAAAAAAAAAAAAAAAAAABg9a5cu36p2W63Lqd0KqL8Yq+z15n/ztub3ehF63bnX2N2+n9uXl98s926kGa24/Py5u38zb3OI4f5MopozD4nsDDfmOfTvfmTsX53fie24szi/M7C/Kl46cW78llsxU/vxzDK2I0/sof5TxspvfFW+778+Vk/AAAAOAqydMfC/XuW/VX7PH9nf30htv7m+cB9++vjcf74audORDX9uJ+XZTFeWnEilv4Xiv9aZA/gBlA8lMU/Wj5eX/oCxVIdXvRVjwQAAAAAAAAAAIB/40G8TrjqOQIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwOztwLAAAAAAgzN86jY4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4KsAAAD//+MW03s=") accept$alg(0xffffffffffffffff, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0, 0x1) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) getdents64(r0, &(0x7f0000000000)=""/48, 0x30) ioctl$VFAT_IOCTL_READDIR_BOTH(r0, 0x82307201, &(0x7f0000000f80)=[{0x0, 0x0, 0x100}, {0x0, 0x0, 0x100}]) 3.532680792s ago: executing program 6 (id=927): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000180)=@file={0x0, './bus\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = epoll_create1(0x0) poll(&(0x7f0000000140)=[{r2, 0x8}, {r1, 0x2cfc08c20dafc34e}], 0x2, 0x8000007) 3.094244266s ago: executing program 2 (id=934): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=@ipv6_newroute={0x44, 0x18, 0x1, 0x70bd2c, 0x0, {0xa, 0x0, 0x0, 0x0, 0x0, 0x2, 0xff}, [@RTA_OIF={0x8, 0x4, r2}, @RTA_ENCAP_TYPE={0x6, 0x15, 0x7}, @RTA_ENCAP={0x18, 0x16, 0x0, 0x1, @SEG6_IPTUNNEL_SRH={0x14, 0x1, {{0x1, {0x4, 0x0, 0x4, 0x0, 0x80, 0x30, 0xb9}}}}}]}, 0x44}}, 0x0) sendmmsg$inet(r0, &(0x7f0000005200)=[{{0x0, 0x4b, &(0x7f0000000000), 0x1}}], 0x1, 0x0) 2.793390667s ago: executing program 2 (id=940): read$FUSE(0xffffffffffffffff, 0x0, 0x0) syz_mount_image$ext4(&(0x7f0000000580)='ext4\x00', &(0x7f0000000040)='./bus\x00', 0x1208002, &(0x7f0000000100)={[{@grpquota}, {@delalloc}, {@resuid}, {@debug}, {@dioread_nolock}, {}, {@nomblk_io_submit}, {@noauto_da_alloc}]}, 0x1, 0x5d8, &(0x7f00000005c0)="$eJzs3c9vFFUcAPDvbH/QUrSFGBUP0sQYSJSWFjDEeICrIQ3+iBcvVloQKdDQGi2aUBK8mBgvxph48iD+F0rkyklPHrx4MiREDUcT18x2pnTb2ZYubacyn0+y9M17O7w33X773r6+NxtAZQ2m/9Qi9kbEdBLRn8wvlnVGVji48Lx7f39yOn0kUa+/8WcSSZaXPz/JvvZlJ/dExM8/JbGnY2W9M3NXzo9PTU1ezo6HZy9MD8/MXTl47sL42cmzkxdHXxo9dvTI0WMjh9q6rqsFeSevv/9h/2djb3/3zT/JyPe/jSVxPF7Nnrj0OjbKYAw2vifJyqK+YxtdWUk6sp+TpS9x0llig1iX/PXrioinoj864v6L1x+fvlZq44BNVU8i6kBFJeIfKiofB+Tv7Ze/D66VMioBtsLdEwsTACvjv3NhbjB6GnMDO+8lsXRaJ4mI9mbmmu2KiNu3xq6fuTV2PTZpHg4oNn8tIp4uiv+kEf8D0RMDjfivNcV/Oi44lX1N819vs/7lU8XiH7bOQvz3rBr/0SL+31kS/++2Wf/g/eR7vU3x39vuJQEAAAAAAEBl3TwRES8W/f2/trj+JwrW//RFxPENqH9w2fHKv//X7mxANUCBuyciXilc/1vLV/8OdGSpxxrrAbqSM+emJg9FxOMRcSC6dqTHI6vUcfDzPV+3KhvM1v/lj7T+29lawKwddzp3NJ8zMT47/rDXDUTcvRbxTOH632Sx/08K+v/098H0A9ax5/kbp1qVrR3/wGapfxuxv7D/v3/XimT1+3MMN8YDw/moYKVnP/7ih1b1txv/bjEBDy/t/3euHv8DydL79cysv47Dc531VmXtjv+7kzcbt5zpzvI+Gp+dvTwS0Z2c7Ehzm/JH199meBTl8ZDHSxr/B55bff6vaPzfGxHzy/7v5K/mPcW5J//t+71Ve4z/oTxp/E+sq/9ff2L0xsCPrep/sP7/SKOvP5DlmP+DBV/lYdrdnF8Qjp1FRVvdXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4FNQiYlcktaHFdK02NBTRFxFPxM7a1KWZ2RfOXPrg4kRa1vj8/1r+Sb/9C8dJ/vn/A0uOR5cdH46I3RHxZUdv43jo9KWpibIvHgAAAAAAAAAAAAAAAAAAALaJvhb7/1N/dJTdOmDTdZbdAKA0BfH/SxntALae/h+qS/xDdYl/qC7xD9Ul/qG6xD9Ul/iH6hL/AAAAAADwSNm97+avSUTMv9zbeKS6s7KuUlsGbLZa2Q0ASuMWP1Bdlv5AdXmPDyRrlPe0PGmtM1czffohTgYAAAAAAAAAAACAytm/1/5/qCr7/6G67P+H6sr3/+8ruR3A1vMeH4g1dvIX7v9f8ywAAAAAAAAAAAAAYCPNzF05Pz41NXlZ4q3t0YytTNTr9avpT8F2ac//PJEvhd8u7VmWyPf6PdhZ5f1OAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmv0XAAD//xYSJMU=") mkdir(&(0x7f0000000080)='./bus\x00', 0x3) r0 = open(&(0x7f0000000000)='./bus\x00', 0x40000, 0x0) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r0, 0x800c6613, &(0x7f00000000c0)=@v1={0x0, @aes128, 0x1, @desc2}) ioctl$FS_IOC_GET_ENCRYPTION_NONCE(r0, 0x8010661b, &(0x7f00000001c0)) 2.717381832s ago: executing program 4 (id=941): ioctl$VT_RESIZEX(0xffffffffffffffff, 0x560a, &(0x7f0000000000)={0xfffd, 0x800, 0xd, 0x7, 0x4602, 0x1}) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) 2.457758681s ago: executing program 4 (id=942): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000380)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r2, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000003340)=@newtfilter={0x40, 0x2c, 0xd27, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r2, {0xfffa, 0x7}, {}, {0x8, 0x4}}, [@filter_kind_options=@f_bpf={{0x8}, {0x14, 0x2, [@TCA_BPF_FLAGS={0x8, 0x8, 0x4}, @TCA_BPF_FD={0x8}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x50}, 0x0) 2.150004241s ago: executing program 4 (id=945): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f00000002c0)=0x7, 0x4) syz_emit_ethernet(0x4a, &(0x7f0000000080)={@local, @remote, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, '\x00', 0x14, 0x6, 0x0, @dev={0xfe, 0x80, '\x00', 0x1d}, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2, 0x11, 0x0, 0x2}}}}}}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000500)={@local, @local, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "101040", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0xc2, 0x0, 0x0, 0x9}}}}}}}, 0x0) 1.976767347s ago: executing program 2 (id=947): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000740)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x4010000, {{@in=@dev={0xac, 0x14, 0x14, 0x30}, @in=@dev={0xac, 0x14, 0x14, 0x1a}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x20}, {0x8, 0x10, 0x100000002, 0x0, 0xfff, 0xffffffffffffb473, 0xffffffffffffffff}, {0x1000000000, 0x2000000000000000, 0x2, 0xffffffffffffffff}, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x3}}, 0xb8}}, 0x4004) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, {0x0, 0x0, 0x200000000000000}}}, 0xb8}}, 0x2c000010) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="c40000001b000100feffffff00004000e000000200"/48, @ANYRES32], 0xc4}, 0x1, 0x0, 0x0, 0x40100}, 0x2c000010) 1.922983996s ago: executing program 4 (id=948): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(des3_ede)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x80800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}], 0x1}], 0x1, 0x48020) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}], 0x1}, 0x0) 1.797346162s ago: executing program 4 (id=949): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) poll(&(0x7f00000002c0)=[{r1, 0x2}], 0x1, 0xfa) r2 = dup2(r0, r1) mkdir(&(0x7f00000020c0)='./file0\x00', 0xce) mount$9p_fd(0x0, &(0x7f0000000280)='./file0\x00', &(0x7f0000000240), 0x10880, &(0x7f00000004c0)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r0}}) pselect6(0x40, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x800}, 0x0, &(0x7f0000000240)={0x1f, 0x0, 0x0, 0x2, 0x0, 0x1, 0x40, 0x4}, 0x0, 0x0) 1.712291855s ago: executing program 0 (id=950): unshare(0x6020400) getsockopt$inet_sctp_SCTP_LOCAL_AUTH_CHUNKS(0xffffffffffffffff, 0x84, 0x1b, &(0x7f0000000000)={0x0, 0x50, "0299e7f318e7286524add0ed0733b19689671836f0b3e28a0f2873c92e26ce1ff7ef16b83a1cee56498ea01fcbdd7435240c6a5b3373d4c530d69da6d873331595793f063bf1b3ae492ffa216a0c5c40"}, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$IPT_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0xc08, 0x3, 0x1e8, 0xc, 0x5002004a, 0xb, 0x310, 0xea02, 0x3d0, 0x3c8, 0x3c8, 0x3d0, 0x3c8, 0x3, 0x0, {[{{@ip={@rand_addr, @local, 0x0, 0x0, 'erspan0\x00', 'ip6tnl0\x00'}, 0x0, 0x70, 0xb8}, @unspec=@CT0={0x48, 'CT\x00', 0x0, {0x0, 0x0, 0x0, 0x0, 'pptp\x00'}}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@NFQUEUE2={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28, '\x00', 0x4}}}}, 0x248) 1.5836131s ago: executing program 0 (id=951): r0 = openat$ashmem(0xffffffffffffff9c, &(0x7f0000000500), 0x14b040, 0x0) ioctl$ASHMEM_SET_SIZE(r0, 0x40087703, 0xfffffff3) mmap(&(0x7f0000701000/0x1000)=nil, 0x1000, 0x3000000, 0x12, r0, 0xa6959000) ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000000540)='\x00\x00\x03\x01\x00\x00\x00\x1f\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x02\x00g\x00\x00\x00\x80\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-\xac\x99\xb8\xd2\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc4\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b^:4\xeb\xd37\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0HdO\xb9\xa2\x1d\x13\x8fCha\xb3\x95wl},\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xf6<\xbfB\xe7\x80Z\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9\x13f=\xbd\x03\xe8\xbex:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\x13\xba\x00|g]7\xdc\xe9=\"\xe4\xb3\x0f\xc6\x8f\x85fGGV&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xd0d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xbay\xa0s<\x92k\vJTRW\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146\'Z\x83H\xabF\x18<\x86h\x01=\x03\\\xc4\t\x8e/\x12\a\xdf\xe7zU\xcc\x02\x0e\xc1?\xeau\xb4\x84\x1b\xdaR-\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd\x92\xd0}ur\xaag\xdb&@\x00\x00\x00rT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\xd7c\t(\xf2\x93\x8d\\\x91\xef\xab(Jck\xdf\xa3 \x16\x9bH=\x01\x7f\x02\x1dF3\x7f\xd15\xa8\xd2\x94\xa7\xe9\xbd\xdc\x16\xe1Z\x9c\xe3\xeb9\x8f\xfdC\x0e\xd3]\xb5\xfdB\\\xd2\xfe\xf6H\x8ai}kDM\xbd\xfcJ{T{@i/\xb7x\xef\x1f\xf0t\xf5\xaf\xb21F\x01\xe0\x86\xde\x88\xb8\x8f \xfc\xcd\xba\xea\x16\xc1J\xb7\xe3\x04m\x0e\xaf\xd6X\xba\x8a\xdb\xeda\x83.H\xe3\x86\x03\t\xcb\xdc\x80\xee\x0ec\x12\x8a\x92\x11\xb6\xcc#\x10\xec\xfd\xbb\xd3\\\xc8\x88\x04,\'\x14\xbf\x84\x16\xb3\x8f,6\xc6D\xae\xa1\xf9\xe7@\xac\xaa\x104\x8b\x8eQ8\x11\xa7|\x87\xe2\xccrj%\xc4r&\r\a\xa7\xda\xf5\'V\x89\xe6\xa4\x05\xde\xf5\xaa@\xec\xe2\xf6\xb5x\xa1w\n\xda\xf2\xd67\xc6%\x0f[sF\xb6\xaeS>\xe9^\xd4\xf03\xe9.\xc4\xd5\xe0\r\xa1Q\xa8\xf2\xa2`zs\'k\xd4pV\xab&%\xf8\x8a\x80\x9d\"\xf3\xcc\xd2i\xc8\xd8\xc6\xbeD\xda\x86?\xf9\x13\xe5L`R\xe8Vq\xa3\nD\x9f\xe4M\xe6\xab\xdd!=%\x06z$\x99\';O\xfc\xf0u\x83\v\x83\a8\xfe<\x9e\xa8\xfe\xca`D\x91\x81!QT$\x05T\x85\xd6\xe9!\xb9wfL\x12\xa8\xb0\xb0\x86\xc2\xa1\xf7\x05i\xf5\xf0\r\xe7h\xdaD\xcb\xd4\x87\x84\xe5\xc7r;.\xf0\xed\x17\x83Nn\xb7\x0f!u}J)\xa1\xa1\x16\xc5`Z,\xa3\xcf\xfdy\aH\x06\x14l\x92x\xdbB=\xcc\xcdf\xe5\x04=HQ\xeaE-v\x02\x0eY\x8e\xbf\xec\x16\xc4G\xea\x8bS\x8e\xd5f\xdcj\xe1\x86\xf9s\x90\xe5\xf9\x89\xc0\xf3\xcd;r4j]\x9b\xdf\xf5\xe9\x82\xe1\xdb\x11\xb3\b\xa2Y\xdb\\\xc1H\xc3\xcf\xb1W\xe9(\xee\x18\xca\xda\xf5p,\x16\xbc\x17\xfe\xd8\n\xe1\xa1&=+)\xf9Vd\x11\xf6hX\xbe\x85O=\xe2\x9f~I\xc4\"\xa9\xd9\x19\xa2\\\xb8>f\xe2Jh+u\x90\x13\x94\x12\xc8X\xd7\xb4\xf1JS0FN\xa0\xda\xb6ez`\x9a\xea\xcf^\xa5\x17{\v\xe8n\xe9 \xc0/D\t\x7f\xd8\xad\xf2e\xff\x8b\x16p\x0f\xe4\x1a/\xe1\x96\xd2\xae\x94\x0e5\xb0b+\xac\x14\xaa\xb0\xb7\xa5.\x15\x8a\xca\xb5~=D-\x90\xc1\xbf\x05\xb9\xd5\x86\xeb\xd2#\xda\xc132\'\xfc!%\x94\x1f\xbfL)\xc2c\xa8\xef\x152\x8d\xef\xde\xbe\xab\xf5g\x80\x02G>\xf5\x04a-\xff\x06X+\xc1\xd3\xb1\xcdn\x15p\xdf\xd8.\x89\x95{\xb6+:`\x9c\xcf2\x01\x1d1\xf7\xe6\x7f\x1f\xf5\xb0\xb9\t2\x14\x81\x99\xb8@7y\xb4\xce\xf1]\a\x03y\xc5F\xfa\xae\xd1Ov7\xa7\xc1\xb2.~B\xe8@G\xd1\xd9R~\x1b\xf7\xa8\x86\xa7\xc1\b\x9ej\x01\xf4\xb7\xd2\x0e\xc2\x15S\x19\xd7\xd4\xe6\xaf!\xf8_\x8aEOp@>4\xd7\xcf\x11\xe0;\x99}QmE\xdd\xa69)Q\x9e\xb9\'\x97\x9b\xe7\xa4?Ed\x9c\x7fE\xba5\x90\xc07\x96S\x9d\xe1\x84\xfa\x1a\xd6\x9a\x15\xd1o \xc0\xd28\x01\xa7\x99\x85q\xbd\x80\x00\x00\x00\x00\x00\x00\x00H\x0f\xbbT\xd5\xb3\xf4\xcd<\x8a\x01\x19\xd0|B\f0\xf8i\xd3\x1bJke\t\x8b7Q\x1dQ&\x96H\x05\xec\x80\xf0\xab\x8f\x94{\x9d+\xefs\x1c\xfck\xf7q\x10\xf6\x16\xbc\xe7\x93\x0f\x7f\xcd\xa7b\xbe\x88\xcc\xb6^\x93\xa9P\xf3\xa3\xe4Az=\xe0+Q\x9e\xb5\x01\xb3\xc1\xa8P0+\xc9\xa1\xdbU~J$\xa4\x03\x11\x1aa~\x9du\x8f\x8d\xbcI\x85k\xa0\xae\xf6\xa0\x94r\xfb\xe3\xaa\xd4\xf0\x99\x06\xe1i\x1f\xfa\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\\\xb2/R\xedI2e5\x88(\xc0+^\xe7G\x17\x03^\xd7g\xb9n\x8c2\xb3\x12\x91\x86b\t\xd0R\x01\xda$Y\x85\x02&\x95FC\xc8\xd9\x00\x00\x00\xb6u\xbb\n{\x90\xfd>\xd0-\xfa\xa9\xfd{\x95E\r\x81j\x12\xb7\xd0k\xc2\xdc\xcdK\xc1\xe6\xf7\xb8@\xe0D') ioctl$ASHMEM_SET_NAME(r0, 0x40087707, &(0x7f0000000040)='\x00\x00\x03\x06\x00\x00\x00\x05\x00x\x92\x12\xac\x06^\xbewV\xf3\"\xc4\x04\xbb\x0642\x9c\x1a\xd1\xcb{\xb0\xd6\x1e\x00gQ\xca\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x15\x9a\x9f\xf0:\xfd$\xad\xbb\x9a|c\xfc\"\xee\xc4\x93Q\x82\x16\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f_D\xbdt/\'\xf6\xc3\x8c\xb8\vS\x80\xad\xf8\xbf\xa2\xa0\x99\xc2\x16=\xcc\xb0\x1b7\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\xa9\x96\xf8/0Xd\xcf\xb9\xa2\x1d\x13\x8fC\xd2&\xd8\x9d\x8b\xe0E\xd2\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xf6<\xbfB\xe7\x80\x1a\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\x13Y\x86\xd8\xbfH\xc6\x9c\x8cs4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\xa9]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8Co\xb3\xd8\x82\x92\xba+\x99PXB\xdc\xbay\xa0s<\x92k\vJTRW\xc26\x06\x10\x92\xc7\xa55\x9fZ\xff*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaQj\x81\xc8\xf8\x146%Z\x83H\xabF\x18<\x86h\x01=\x03i\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84x\x00\x00X\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd\x92\xd0}ur\xaag\xdb&e$\f\rrT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\x05\xfa\x99\x15\x87\x14\x13$\t\xa8?\xee\x94W\x8e\xe1\xcc\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\x82\x8f\xc0\xab\xe3a\x99\x17\x85\x9a\x05\xb1\x12K\\\xf2\xd5\b^[D~~\x84\\\xe4\x00') ioctl$ASHMEM_SET_NAME(r0, 0x40087708, &(0x7f0000001580)='\x00\x100\x00\x00\x00\x00\x0642\x9c\x1aQ\xcb{\xb0\xd6\x1e\x00gQ\xca\x0eU\xf7\'\x8c\xc1\xc6\xbb\xc5\x1c\xf7\xaf\x95\x83=\t7\x96\x1a\xad\xd0\xd0\xee\x9c\x962\bu\xba\xfc\xae\xc2\x19\xeb\x91\xc9\t\xbc\xc1\xcb\xba\xe3\x8e\xf6\x89\xc2\'\xdfn(Q=v-<\r\x87\xa3\xd1?$\x8b\x17Bn\x17h\x1b\xac\xfc\x82\x1c\xf4\xd0\xf5\xd5\x80\xc0\xb4a \x9a\x9f\xfc\"\xee\xc4\x93Q\x82,\xbf\xe3c\x8d \x0f\xb1\xe9\xf2o \x00\x00\x00\x00\x00\x00\x00H\xaf\t\x18\xc8\x1b\x1e\xbe\xd8>\xec\x9f~\xa7\xf7\xafdd\xf1\xdbjE\x01\xd1sD\x89\x94&\\U\f\x18\x99]\xaba\xe93\x01\xa23\xc9hP1\xdc-\'\xd0\x9e}\x89\xff\x8c\xec^\x84\x19\x9f_D\xbdt/\'\xf6\xc3\x8c\xb8\vS\x80\xad\xff\xbf\xa2\xa0\xba\xcf|7\x99\xc2\x16=\xcc\xb0\x1b^:4\xeb\xd37\xe3-\'\x02\x16\xf5\xe6\x93\x02E\n\xe8\x00\x00\x8c\xed\x11\xf7\xf2J\xf6\x90A@\x01\x13\xc7`g\xcb\xd7\xdb\x1e\xb2\xc9\xfd\xf7\x00\x00\x00\x000Hd\xcf\xb9\xa2\x1d\x13\x8fC\xd2&\xd8\x9d\x8b\xe0E\xd2\xc6\x1a\xf3\xa8\x0e\xba\xecOv$\xc8\"\a\xd7T\xfb\xfc\xfauT\xf8\x9e\x86\xef.\xc9\x91\xbfB\xe7\x80\x1a\a\t+x_B=\xe7\xa5\x89\xfb\xa2\xc6\x97\xeb\xdecY{\x0e\xc2\x00\x00\x00\x00\x00\x00\x00\a\xf4\x88\x06\xe3\xcb\xc8\xe0\xcc\vE\x18\"\x87\xa0\xa9:\xceY\xf0\xa2\xe0\x9d\x8c\x8e\x11\xb7\x98\xa5\xda$\x94D\xb4\xf2>\x01\x00+\xfa\xa9 \xe1\x13Y\x86\xd8\t\x00\x00\x00\x8cs4\r\xcd\xd1\x83JT\xf9\xa2\x83?\xb3\x0f\xc6&\x1d\xa3\xc4\xc3\xd2\xfd\xad\xa35o\xe8\xcd^/\xd8\xf4[n\x9fJ\xf4\n\x92c\xaa\xddT&L<+\x19R\a\xfc\xf2\x17\xb8$\x89]\xc2\\\xda<\xc8d.w\x9c\xaf4\xbb\xe8CoB\xdc\xc26\x06\x10\x92\xc7\xa55\x9f\x04\x00*ir\x1e\xe8\a\x00\x00\x00\x00\x00\x00\x00\x88\x19\xf7\xdd\xa8\xef\xa0\x98\xcd\x81\x10>\xc7{\x84\xb9\xc0B\xe1\t\x00\xbaAj\x81\xc8\xf8\x146%Z\x83H\xabF\x18<\x86h\x01=\x03\xae\xc4\t\x8e/\x12\a\xdf\xe7zU\x1d\x15\x0e\xc1?\xeau\xb4\x84\x1b\xdaR-\xf4\xe9\x1f\xcd\x05\x0fz_\x8d,^\xde\xfd\xd1\xbed\xed\xa1\xf5\xc6(p\xb4;\x0e\x18\xf7/A\xfd\x92\xd0}ur\xaag\xdb&e$\f\rrT\xd8\x88~\x13\xc22t\xf6\xf4Fs\xc1\xedo\x92\xae\r\x05\xfa\x99\x15\x87\x14\x13$\t\x01\x00\x00\x00\x00\x00\x00\x00\xc3U\x84\xc6]:\x9a|W\xec\x84\x18\bb\x82\x8f\xc0\xab\xe3a\x99\x17\x85\f\x03\xbb\x14\xa7\xda\x19M\xa3!\x95\xa0\x9a\x05\x06\x00\x00\x00\xf2\xd5\b^[D~\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00f\x8a\x9b\xe2\xa7k9\xd9`=}\t\x82\nw!y\x91\xbeM\xdck=\xcc\xef\x16vt\x1d\x1c\xa3\xee\x13\x16\xdbb0\b`/c\x9f\x8c\xee\xb1\x1a\xcf\x8ba\x11Oh\xc7\xb8\x8e#\xeeAh\xd9\x15\xc6\xe7>\x95\xe2\xdaQ\x0e\xc0E\xdd\xc3^7Y\xd2\xf0\xf7DZ\x12\xce\xba\vI$[v\x00\x830p\xd4\xbf\xa3\xf28\xab\xd4e\xc9z\xfb\xfc\xeb\x04\xff\x98\xda\x01.gT\xcb7!W\x98\xc4\xa5\xb4\xc3\xd8\x94\xe6\xd7\x9e\xed\x1f\xafBF\xd6\xbfu5=.\x92\xc8-\xcc~6Y\xa7K\xd5=v\xdctJ\xba\x17\x18\xc8x\x95\xd8\xb2\xd6\x10)\xcfs\xaf\xf5E\x18\xa2*\x82\tU\xd3\xf7Y\x1d\x175\x04X2\xa3K\xab\x14\xec\xc9\x9c?\xa9\xc4\xc7\xe3{\xbfA\x16\xfcY\nR\x93\xb3\xcd\x0fg\xf6L3\xe87\x8aX\x82Y\x95\v\xbf%\xef\x83\x02\xc1\xd5c}\x18(\x13\x9e\xe7\xb2$\xee\xc4\x94\x00\xf6S9\xb7\xbcu\xb9\xad\xc6$=D\xb9\x82\x15yM\xa8\xf1N\xaeB\xf8.q\x90\x8a\xb57_\x98\x7f\xf2b\xbd\x97\xfc\xefN\xc6\xad\x99IJW\'\xd6m\xf0[WO\xf3\xd0\x9e\xda\xbd8\xd5FVA>\xa8p\vp*\xd1\xd9\v\xa3\xb2\x1b)E/\xbb\x90\xcct_K\x8d\xa3\xd2\xad,y\xa7\x8b\xa3\xb8\x86\xa9Q~\x1f\xbf\xa3(,\x912gq=nv\xe1\xb5\fy\x8e\x87m\xd6\x1f\xcbt\xe1\v\xd1\xcbc\x9f\xadc&\x9b\xa56\xebn\xf1{\xf9fb@\x90\x06Gx\xb2\x1a\xac\x117\x9dj.a\xeb3\xfeh\xc2\x12s7\xb9\x7f\xa9s\xd1]\f\xee\xbey#w\xeb\xbf\x80(\xbb\xbf/\xb4\xb5!`\bK\xff(\xa0\xeb\xaf\xd5n\xb0\x7fad\"\xc4P\xd6\xcduQw\x1cA\xc7\xc4k\x0f}\t\xb6\xf8\x88\xd9\xef\xb6\x9aP}\x04\xc3\x1b\xcc\x96\xe7~\b\x12\xb8\xe8\xfe\xbf\xdf3\xb7\xe4\x88\xb9\xa3\xba#\x19\x00'/1199) 1.58297524s ago: executing program 2 (id=952): r0 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r0, 0xc06864a1, &(0x7f00000003c0)={0x0, 0x0, r1, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r0, 0xc06864ce, &(0x7f0000000440)={r2, 0x0, 0x0, 0x0, 0x0, [0x0], [0x0, 0xfffffffc], [0x80, 0x0, 0x0, 0xffffffff]}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r0, 0xc00c642d, &(0x7f0000000200)={r3, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r0, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r4}) 1.473316338s ago: executing program 0 (id=953): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000ec0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001040)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x10) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000680)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x130}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x6c}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000e40)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a4c0000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a3100000000200003801c0000800c00018006000100000000000c00044000499f6a"], 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) 1.447232143s ago: executing program 2 (id=954): syz_mount_image$jfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x4000, &(0x7f0000000140)=ANY=[@ANYBLOB="696f636861727365743d6d616363726f617469616e2c646973636172643d3078303030303030303030303030303030332c6e6f646973636172642c6572726f72733d636f6e74696e75652c696f636861727365743d6d6163637972696c6c69632c0067add4ceeca11a757cb8702b1b4a0ff322839e69b507d7478e0706b00408dc59283f5cf8e6972cdb3f50680fc9602ed27c1f6b47a91f941f154ae205d34a9b7a7c67efa0c0e2a70251d664fce12a0000800100000000b7672c4e1566a61a0ade4b6c9d78151053d9fb31fd2cfc77f269f873e14e5fe3c46c0acbb22d40391ae31d2025dcd947adf76739ae4ecbe39b131cab48d99bd1b630040b37e2b09d7816e0b93981de1147532cf2f46d4d4904f68fb43cd165b9", @ANYRES16=0x0, @ANYRES16], 0x1, 0x6246, &(0x7f0000006740)="$eJzs3c2OHFfZB/Cn+ms+/MaxsojyWghNEgMJIf4MxhAgyQIWbFggb5GtySSycADZBjmRhceaDQsuAoTEEhBLVlxAFmzZcQFYspGArFKoPOeMa5pu99jOdPXM+f2kcdVTp2r6lP5d092uqj4BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMT3vvuDM1VEXPp5WnAs4v+iH9GLWGnqtYhYWTuW1x9ExAvxoDmej4jhUkSVG5+NeCMiPj4ace/+rfVm0dk99uM7f/zbb3945Pt//f3w1L//dKP/5rT1bt781b/+fPvJ9xcAAABKVNd1XaWP+cfT5/te150CAOYiv/7XSV6uXrh6c8H6o1arD3w9XLD+qOdRt9WT3W4XEbHZ3qZ5z+B0PAAcMJvxSdddoEPyL9ogIo503QlgoVVdd4B9ce/+rfUq5Vu1Xw/WttvztSC78t+sdu7vmDadZfwak3k9v7aiH89N6c/KnPqwSHL+vfH8L223j9J6+53/vEzLf7R961Nxcv798fzHHJ78exPzL1XOf/BY+fflDwAAAAAACyz///+xjs//Lj39ruzJo87/rs2pDwAAAAAAAADwWXva8f92VMb/AwAAgEXVfFZv/Prow2XTvoutWX6xinhmbH2gMOlmmdWu+wEAAAAAAAAAAAAAJRlsX8N7sYoYRsQzq6t1XTc/beP143ra7Q+60vcfStb1H3kAANj28dGxe/mriOWIuJi+62+4urpa18srq/VqvbKU38+Olpbrldbn2jxtli2N9vCGeDCqm1+23Nqubdbn5Vnt47+veaxR3d9Dx+ajw8ABICK2X43ueUU6ZOr62ej6XQ4Hg+P/8HH8sxddP08BAACA/VfXdV2lr/M+ns7597ruFAAwF/n1f/y8gFqtVqvV6sNXt9WT3W4XEbHZ3qZ5z2A4fgA4YDbjk667QIfkX7RBRLzQdSeAhVZ13QH2xb37t9arlG/Vfj1I47vna0F25b9ZPdgubz9pOsv4NSbzen5tRT+em9Kf5+fUh0WS8++N539pu32U1tvv/OdlWv7Nfh7roD9dy/n3x/Mfc3jy703Mv1Q5/8Fj5d+XPwAAAAAALLD8///HFur87+hJd2emR53/Xdu3RwUAAAAAAACA/XXv/q31fN9rPv//uQnruf/zcMr5V/IvUs4/3f+/c+HNK2Pr9Vvzd995mP8/799a/92Nf/x/nu41/6U8U6VnVpWeEVV6pGqQpk+4Y1NsDfuj5pGGVa8/SNf81MP34kpcjY04vWvdXjoeHraf2dXe9HT4oL3ub7ef3dU+2GnP25/b1T5MVzrVK7n9ZKzHT+JqvPugvWlbmrH/yzPa6xntOf++479IOf9B66fJfzW1V2PTxt07vf857tvTSY/z9pXP//L0/u/OTFtxZ+LyZv9emntvYvsvzpFR/Oz6xrWTNy/fuHHtTKTJrqVnI00+Yzn/YfrJ+b/y8nZ7/rvfPl7v3hk9dv6LYisGO8/ttib/l1vzzf6+Oue+dSHnP0o/Of93U/vk4/8g59+fmv9rHfQHAAAAAAAAAAAAAAAAHqWu6we3iL4dEefT/T9d3ZsJAMxXfv2vk7x8XnX/Sbf/w+796Kr/avWc62rB+jPX+tN6sfqjXsj6PwvWn4Wr2+rJ3moXEfGX9jbNe4ZfTPplAMAi+zQi/t51J+iM/AuWv++vmZ7oujPAXF3/8KMfXb56dePa9a57AgAAAAAAAAA8qTz+51pr/OcTdV3fHltv1/iv78Ta047/OcgzOwOMThmouv/4+/QoW71Rv9cabvzFmDb+93Bn7lHjfw9mPN5wRvtoRvvSjPblGe0Tb/Royfm/2Brv/EREHB8bfr2E8V/Hx7wvQc7/pdbzucn/S2PrtfOvf3OQ8+/tyv/UjQ9+eur6hx+9fuWDy+9vvL/x43Nnzpw+d/78hQsXTr135erG6e1/O+zx/sr557GvXQdalpx/zlz+Zcn5fyHV8i9Lzv+LqZZ/WXL++f2e/MuS88+ffeRflpz/q6mWf1ly/l9OtfzLkvN/LdXyL0vO/yupln9Zcv6vp1r+Zcn5n0y1/MuS8z+V6j3mv7Lf/WI+cv75DJfjvyw5/3xlg/zLkvM/m2r5lyXnfy7V8i9Lzv+NVMu/LDn/r6Za/mXJ+Z9PtfzLkvP/WqrlX5ac/4VUy78sOf+vp1r+Zcn5fyPV8i9Lzv/NVMu/LDn/b6Za/mXJ+X8r1fIvS87/26mWf1ly/m+lWv5lefj9/2lmOcaXmDFjpriZrv8yAQAAAAAAAAAAAADj5nE5cdf7CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwH/ZgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRX27i1Grru+A/iZvXnjQGIgpE5qwsYxwTib7PoSX2hdTLg23EpCKPSC7XrXZsE3vHYJNKodBUokjIoq2oaHtoBQm5cKq+KBVoDygFpVqkTaB/qCqFB5iKqAAlJVWgFbzZz//78zs7Mzu97x+sw5n48U/7wzZ+acOXNmdr/efOcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADN7nzD7KdqWZbVarX8gk1Z9qL6vGFiU+OS117f7QMAAADW7ueNP1+4OV1waAU3alrmn+749lcXFhYWsvcN/+no5xYW0hUTWTa6Icsa10VXvv/+WvMywRPZeG2o6euhHqsf7nH9SI/rR3tcP9bj+g09rh/vcf2SHbDEDVkt3dm2xl835bs0uyUbbVy3rcOtnqhtGKrvu3TbrNa4zcLo8WwuO5nNZtMty+fL1hrLf/3O+rremsV1DTWta0v9CPnxY8fiNtTCPt7Wsq7F+4x++Pps4ic/fuzYX59//rZOs+duaLm/fDu3b61v5yfCJfm21rINaZ/E7Rxq2s4tHZ6T4ZbtrDVuV/97+3a+sMLtHF7czHXV/pyPZ0ONvz/b2E8jtazDftoSLvvpXVmWXVrc7PZllqwrG8o2tlwytPj8jOdHZP0+6ofSS7ORVR2nd67gOK3PmW2tx2n7ayI+/3eG240ssw3NT9MPHx9ret5/tnA1x2lUf9TLvVbaj8F+v1aKcgzG4+LZxoN+suMxuC08/sfuXv4Y7HjsdDgG0+NuOga39joGh8aGG9ucnoRa4zaLx+DOluWHG2uqNeZzd3c/BqfOnzo7Nf+xj987d+roidkTs6d379w5vXvv3v37908dnzs5O53/eZV7u/g2ZkPpNbA17Lv4Gnh127LNh+rCF8eWvP9e7etwvMvrcFPbsv1+HY60P7ja+rwglx7T+WvjPfWdPn55KFvmNdZ4fnas/XWYHnfT63Ck6XXY8XtKh9fhyApeh/Vlzu5Y2c8sI03/ddqG5b8XrO0Y3NR0DLb/PNJ+DPb755GiHIPj4bj47o7lvxdsCdv75ORqfx4ZXnIMpocb3nvql6Sf98f3N0an4/L2+hU3jmUX5mfP3ffo0fPnz+3MwlgXL2s6VtqP141NjylbcrwOrfp4PTR3x5O3d7h8U9hX4/fW/xhf9rmqL7Pnvu7PVeO7W+f92XLpriyMPlvv/dnpu3l9f45l2ee/9fhD33js829Ydn/W8+Ynptb+s3jKpU3vv6PLvP/G3P+LfH3prp4YHh3JX7/Dae+Mtrwftz5VI433rlpj3S9Mrez9eDT8t97vx7d0eT/e3LZsv9+PR9sfXHw/rvX61461aX8+x8NxcnK6+/txfZnNu1Z7TI50fT++K8xa2P+vCUkh5aKmY2e54zata2RkNDyukbiG1uN0d8vyoyGb1df19K6rO06335Xf13B6dIvW6zidaFu238dp+rev5Y7TWq9/fbs67c/neDgubtnd/TitL/PMnrW/d94Q/9r03jnW6xgcHR6rb/NoOggb7/fZwg3xGLwvO5adyU5mM41rxxrHU62xrsn7V3YMjoX/1vu9cnOXY3B727L9PgbT97Hljr3ayNIH3wftz+d4OC6eur/7MVhf5o37+vuz6/ZwSVqm6WfX9n9fW+7fvG5v203X6lgZCdv5rX3d/222vszJ/avNmd330z3hkhs77Kf21+9yr6mZbH320+awnc/vX34/1benvsznDqzweDqUZdnFjzzw7Nb6U5//fuXvLnznqy2/d+n0O52LH3ngRy8+/o+r2X4ABt8v8rEx/17X9Juplfz+HwAAABgIMfcPhZnI/wAAAFAaMffH/ys8kf8BAACgNGLuHwkzqUj+3/zG5+d+cTFLzfyFIF6fdsOD+XKx4zodvp5YWFS//IEvz/73P1xc2bqHsiz72YN/0HH5zQ/G7cpNhO288qbWy5f46r0rWveRRy6m9Tb3178Q7j8+npUeBp0quNNZln395s801jPx/suN+cyDRxrzoUtPPlFf5oUD+dfx9s+9LF/+L0L599Dxoy23fy7shx+EOf22zvsj3u4rl1+zZd97F9cXb1fbelPjYT/1gfx+4+fkfPaJfPm4n5fb/m98+umv1Jd/9FWdt//iUOftfzrc75fD/N9X5Ms3Pwf1r+PtPhm2P64v3u6+L32z4/Zf+VS+/Nk358sdCTOuf3v4etubn59r3l+P1o62PK7sLflycf3T3/njxvXx/uL9t2//+OHLLfuj/fh45t/y+5lqWz5eHtcT/X3b+uv303x8xvU//UdHWvZzr/Vfeei5V9Tvt33997Qtd/YjOxrrX7y/1k9s+stPfqbj+uL2HPrbsy2P59C7w+s4rP+pD4TjMVz/f1fy+2v/dIUj7259/4nLf2HTxZbHE731J/n6r7zuRGNuGL9h440vevFNl15Z33dZ9uyG/P56rf/EX51p2f4v3prvj3h97Oi3r385cf3nPjp5+sz8hbmZtFcfu7nx2Tlvz7cnbu/N4b21/evDZ85/cPbcxPTEdJZNlPcj9K7al8L8UT4udV96Yck76I5HwvN5+59/fePd//rpePm/vye//PLb8u9brw7LfTZcvik8f6tb/1JP3Xlr4/VdeyZs4cLSzwteiy3b/mv/ihYMj7/954J4vJ99+Qcb+6F+XeP7Rnxdr3H7vzeT38/Xwn5dCJ/MvPXWxfU1Lx8/G+Hyw/nrfc37L7zNxef1b8Lz/Y4f5Pcftys+3u+Fn2O+ubn1/S4eH1+7ONR+/41P8bgU3k+yS/n1cam4vy+/cGvHzYufQ5Jduq3x9Z+k+7ltVQ9zOfMfm586OXf6wqNT52fnz0/Nf+zjh0+duXD6/OHGZ3ke/lCv2y++P21svD/NzO7dkzXerc7k4xq73tt/9pFjM/um756ZPX70wvHzj5ydPXfi2Pz8sdmZ+buPHj8++9Fet5+bObhz14Hd+3ZNnpibObj/wIHdBybnTp+pb0a+UT3snf7w5Olzhxs3mT+458DO++/fMz156szM7MF909OTF3rdvvG9abJ+69+fPDd78uj5uVOzk/NzH589uPPA3r27en4a4Kmzx+cnps5dOD11YX723FT+WCbONy6uf+/rdXvKaf4/8p9n29XyD+LL3nXP3vT5rHVffnzZu8oXafsA0efDZ9H880vO7l/J1zH3j4aZVCT/AwAAQBXE3D8WZiL/AwAAQGnE3L8hzET+BwAAgNKIuX88zKQi+b90/f/NF1e0fv3/vvT/Fy7q/+v/D2L//+Gi9f/z9wv9//5Ya/9e/z/Q/9f/1//X/9f/pw+K1v+Puf+GLKtk/gcAAIAqiLl/Y5iJ/A8AAAClEXP/jWEm8j8AAACURsz9LwozqUj+1//X/3f+f/1//f/O69f/H0z6/93p//eg/z+VVav/f6mf26//r//PUkXr/8fc/+Iwk4rkfwAAAKiCmPtvCjOR/wEAAKA0Yu6/OcxE/gcAAIDSiLl/U5hJRfK//r/+v/6//r/+f+f16/8PJv3/7vT/e9D/d/5//X/9f/qqaP3/mPtfEmZSkfwPAAAAVRBz/0vDTOR/AAAAKJ6Rq7tZzP0vCzNZkv+vcgUAAADAdRdz/y1ZWxG8Ir//1//X/y9+/39Duk7/X/8/K2T/fzjT/y8O/f/u9P970P/X/9f/1/+nr4rW/2/k/mw8e3mYSUXyPwAAAFRBzP23hpnI/wAAAFAaMff/UpiJ/A8AAAClEXP/5jCTiuR//X/9/+L3/53/X/+/6P1/5/8vEv3/7vT/e9D/1//X/9f/p6+K1v+Puf+2MJOK5H8AAACogpj7bw8zkf8BAACgNGLu/+UwE/kfAAAASiPm/i1hJhXJ//r/Be//x+ao/r/+v/6//r/+/4ro/3en/9+D/r/+v/6//j99VbT+f8z9rwgzqUj+BwAAgCqIuf+OMBP5HwAAAEoj5v5XhpnI/wAAAFAaMfdPhJlUJP/r/xe8/5/34Mec/1//X/9f/1//f2X0/7vT/+9B/1//vy/9/4WLHfr/G3rdXv+fMipa/z/m/jvDTCqS/wEAAKAKYu7fGmYi/wMAAEBpxNx/V5iJ/A8AAAClEXP/tjCTiuR//f+B6P9n+v/6//r/+v/6/yuj/9+d/n8P+v/6/87/r/9PXxWt/x9z/6vCTCqS/wEAAKAKYu6/O8xE/gcAAIDSiLn/1WEm8j8AAACURsz928NMKpL/9f/1//X/9f/1/zuvX/9/MK21f1//UUD/X/9f/1//X/9f/5/+KFr/P+b+14SZVCT/AwAAQBXE3L8jzET+BwAAgNKIuf+eMBP5HwAAAEoj5v7JMJOK5H/9f/1//X/9f/3/zuvX/x9Mzv/fnf5/D/r/+v/6//r/9FXR+v8x998bZlKR/A8AAABVEHP/fWEm8j8AAACURsz9U2Em8j8AAACURsz902EmFcn/+v/6//r/+v+r6v+/cvF+9f9z+v/Fov/fnf5/DyXp/4+u6kEvut79+bW63tvfn/7/qP4/pVK0/n/M/TvDTCqS/wEAAKAKYu7fFWYi/wMAAEBpxNy/O8xE/gcAAIDSiLl/T5hJRfK//r/+v/6//r/z/3dev/7/YNL/767//f/4EPX/i9T/v1rXuz8/6Nvv/P/6/yxVtP5/zP33h5lUJP8DAABAFcTcvzfMRP4HAACA0oi5f1+YifwPAAAApRFz//4wk4rkf/1//f/r2f/Pskv6//r/+v/6/32l/9+d8//3oP+v/6//r//PGj38h81fFa3/H3P/gTCTiuR/AAAAqIKY+18bZiL/AwAAQGnE3P8rYSbyPwAAAJRGzP2/GmZSkfyv/9/SPa8/XP1/5//X/9f/b9D/H0z6/93p//eg/6//r/+v/09fLdv/D9F7vfv/MfcfDDOpSP4HAACAKoi5/9fCTOR/AAAAKI2Y+18XZiL/AwAAQGnE3H8ozKQi+V//f/DO/x/rM/r/+v/6/+Xq/4/F+9X/X5M19O8bT63+f6D/r/+v/6//r/9PHxTt/P8x978+zKQi+R8AAACqIOb+B8JM5H8AAAAojZj73xBmIv8DAABAacTc/8Ywk4rkf/3/wev/O/+//r/+f65s/X/n/+8P5//vTv+/B/1//X/9f/1/+qpo/f+Y+98UZlKR/A8AAABVEHP/m8NM5H8AAAAojZj73xJmIv8DAABAacTc/9Ywk4rk/3Xv/zcVhfX/9f/1//X/9f/1//tt7f3/n4U9rf+v/6//r/+v/6//z1oVrf8fc/+vh5lUJP8DAABAFcTc/2CYifwPAAAApRFz/9vCTOR/AAAAKI2Y+98eZlKR/O/8//r/+v/6//r/ndev/z+YnP+/uwHr///8pnC5/n9O/7/Y27/a/v9I29fXpP///eX6/wsb2m+v/8+1ULT+f8z97wgzqUj+BwAAgCqIuf+dYSbyPwAAAJRGzP3vCjOR/wEAAKA0Yu7/jTCTiuR//f/6diy2l/X/y9r/H9L/1//X/68I/f/uBqz/Pwjn/x/W/1+k/+/8//r/tCta/z/m/neHmVQk/wMAAEAVxNz/UJiJ/A8AAAClEXP/w2Em8j8AAACURsz97wkzqUj+1/93/v9q9P+d/z/T/9f/rwj9/+70/3tw/n/9/6L1//9T/5/BVrT+f8z9j4SZVCT/AwAAQBXE3P/eMBP5HwAAAEoj5v7fDDOR/wEAAKA0Yu5/X5hJRfK//v+g9P8nBrT//7j+/zXs/99xU76c/r/+P4v0/7vT/+9B/1//v2j9f+f/Z8AVrf8fc//7w0xWnv/HV7wkAAAAcF3E3P9bYSYV+f0/AAAAVEHM/b8dZiL/AwAAQGnE3P87YSYVyf/6/4PS/3f+/0z/3/n/2x6P/r/+fyfr1/+P7zz6//r/+v+R/r/+v/4/7YrW/4+5/3fDTCqS/wEAAKAKYu7/QJiJ/A8AAAADodP/k90u5v7DYSbyPwAAAJRGzP1Hwkwqkv/1//X/9f8L2v//s63/8t1vv/PITv1//X/9/1VZ1/P/11/8zv+v/6//n+j/6//r/9OuaP3/mPuPhplUJP8DAABAFcTc/3thJvI/AAAAlEbM/cfCTOR/AAAAKI2Y+2fCTCqS//X/9f/1/wva/x/g8//H/aH/36pv/f/4pqv/31Hev09H0bXt/793sSeu/7/a/v9Yx0v1//X/B3n79f/1/1mqaP3/mPtnw0wqkv8BAACgCkLuHzqez8Ur5H8AAAAojZj7T4SZyP8AAABQGjH3fzDMpCL5X/9f/1//X//f+f87r79b/7824vz/RZX69z9tvFD0/9sUp//fmf6//v8gb7/+v/4/SxWt/x9z/1yYSUXyPwAAAFRBzP0fCjOR/wEAAKA0Yu7/cJiJ/A8AAAClEXP/yTCTiuR//X/9f/1//X/9/87rL+z5//X/u1pr/17/P9D/r3b//3/0//X/9f/pj6L1/2PuPxVm8v/s3UeTZfV5x/Hb9uDpKbzwzgtvXOWlXwILe22/AC+88cZVLi9wwDbODMY5YCEJZQmBckABBAIkgXIAJSSUQRLKOaCERqJGRffzPNPh9LndM7dvn/P/fz6LeUx7mntFTc3wm54vp5P9DwAAAD3I3X9l3GL/AwAAQDNy9/9Z3GL/AwAAQDNy9/953NLJ/tf/X0r/f6FS1v/vfv+T6P9/R/9/0Ovr//X/LdP/j9P/L6H/9/x//b/+n5WaWv+fu/8v4pZO9j8AAAD0IHf/X8Yt9j8AAAA0I3f/VXGL/Q8AAADNyN3/V3FLJ/t/T/+/seiz/8+M1/P/W+r/Pf//wNfX/+v/W7be/v/aJ3/m0//r//X/Qf9/qP7/9EGfr/+nRVPr/3P3/3Xc0sn+BwAAgB7k7v+buMX+BwAAgGbk7r86brH/AQAAoBm5+/82bulk/6/u+f9ntj4+0/6/6P/1/1sf0P/r//X/s+X5/+N66v+veujyKx+78zfuOsrr6//1/57/f7T+f+d/zED/z5Cp9f+5+/8ubulk/wMAAEAPcvf/fdxi/wMAAEAzcvf/Q9xi/wMAAEAzcvf/Y9zSyf5fXf8/6+f/F/2//n/rA/p//b/+f7b0/+N66v8v5vX1//p//b/n/7NaU+v/c/f/U9zSyf4HAACAHuTu/+e4xf4HAACAZuTuvyZusf8BAACgGbn7z8Ytnex//f/x9/9P6P/1/3H1//p//f/x0/+P0/8vof/X/+v/9f+s1NT6/9z918Ytnex/AAAA6EHu/n+JW+x/AAAAaEbu/uviFvsfAAAAmpG7/1/jlk72v/7f8//1//p//f/w6+v/50n/P07/v4T+/1L7+cv0//p//T87HbH/Pzfy0/ZK+v/c/f8Wt3Sy/wEAAKAHufv/PW6x/wEAAKAZufv/I26x/wEAAKAZufv/M27pZP/r//X/+n/9/0X3//t/6G3R/w/T/6+H/n/cZPr/jVODH9b/z77/9/x//b/+n12m9vz/3P3/Fbd0sv8BAACgB7n7/ztuGdn/R/7NfAAAAOBE5e7/n7jF1/8BAABg9rI6y93/v3FLJ/tf/6//1//r/z3/f/j1x/r/u3a8P/3/tOj/x02m/z+A/l//P+f3r//X/7Pf1Pr/3P3/F7d0sv8BAACgB7n7r49b7H8AAABoRu7+/49b7H8AAABoRu7+p8Qtnez/4f7/wv9f/384+v/d71//P/zjY1X9f/4d9f+j/f/vev5/n/T/49bf/5/W/+/+++v/j9FJv//G+/8zyz5f/8+QqfX/uftviFs62f8AAADQg9z9T41b7H8AAABoRu7+p8Ut9j8AAAA0I3f/0+OWTva/5//r//X/8+v/Pf9/20k+/3+x9v7/lP7/kPT/4zz/fwn9v/5f/+/5/6zU1Pr/3P03xi2d7H8AAADowY2PL7Z2/zMWC/sfAAAA5mjnnx3Y+wdKQ+7+Z8Yt9j8AAAA0I3f/s+KWTva//l//r//X/+v/h19/Wv2/5/8flv5/3Fz6/zP6/8G3N9P+/1Rj/f9NB33+FPr/a/T/TMyu/v/eCx8/qf4/d/+z45ZO9j8AAAD0IHf/c+IW+x8AAACakbv/uXGL/Q8AAADNyN3/vLilk/1/7P3/mYNfW/+v/9f/6//1//r/VdP/j5tL/+/5/031/57/7/n/+v+OXej/d/98eFL9f+7+58ctnex/AAAA6EHu/hfELfY/AAAANCN3/01xi/0PAAAAzcjd/8K4pZP97/n/+n/9v/5f/z/8+vr/edL/j9P/L6H/1//r//X/rNSu5//vcFL9f+7+m+OWTvY/AAAA9CB3/y1xi/0PAAAAzcjd/6K4xf4HAACAZuTuf3Hc0sn+1/8fb/+fH9f/6/8X+n/9v/5/Lbrt/zeGfiXa74D+/4E/Ofv7uz+i/9f/6//1//p/VmAS/f/5C/92mbv/JXFLJ/sfAAAAepC7/6Vxi/0PAAAAzcjd/7K4xf4HAACAZuTuf3nccsT9/2srfVfro//3/H/9v/5f/z/8+vr/eeq2/z8kz/9fQv+v/9f/6/9ZqUn0/zv+Onf/K+IWX/8HAACAZuTuf2XcYv8DAABAM3L3vypusf8BAACgGbn7Xx23dLL/9f/6f/2//l//P/z6R+//t38kbi6G6f/XQ/8/Tv+/hP5f/6//1/+zUlPr/3P33xq3dLL/AQAAoAe5+18Tt9j/AAAA0Izc/a+NW+x/AAAAaEbu/tfFLZ3sf/2//l//r//X/w+/vuf/z5P+f5z+f7FY3DbyBob6//On9f/6f/2//p+LNLX+P3f/6+OWTvY/AAAA9CB3/21xi/0PAAAAzcjdf3vcYv8DAABAM3L3vyFu6WT/6//1//p//b/+f/j19f/zpP8fp/9fwvP/9f/6f/0/KzW1/j93/x1xSyf7HwAAAHqQu//OuMX+BwAAgGbk7n9j3GL/AwAAQDNy998Vt3Sy//X/+n/9v/7/WPr/s/r/vfT/63F8/f9C/6//1/8vof/X/+v/2Wtd/f+5+Pl+Wf+fu//uuKWT/Q8AAAA9yN1/T9xi/wMAAEAzcve/KW6x/wEAAKAZufvfHLd0sv/1//p//b/+3/P/h19f/z9Pnv8/Tv+/hP5f/6//1/+zUuvq/w/q/ff+de7+t8Qtnex/AAAA6EHu/nvjFvsfAAAAmpG7/764xf4HAACAZuTuf2vc0sn+1//r/3f3/4uF/l//r//ftob+f3Oh/185/f84/f8S+v82+/9fWjTU/5858PP1/0zR1Pr/3P1vi1s62f8AAADQg9z9b49b7H8AAABoRu7+d8Qt9j8AAAA0I3f/O+OWlvb/Ewenb/Pv/0/v+UT9/2KxePhqz//X/4+8vv5/Mv1//VPV/6+O/n+c/n8J/X+b/b/n/+v/OTFT6/9z978rbmlp/wMAAEDncve/O26x/wEAAKAZufvfE7fY/wAAANCM3P3vjVs62f/z7//3fqL+f3FJz//X/299QP+v/9f/z9al9vc3b8avafp//b/+f7Cf3zjg33sW+n/9v/6fAVPr/3P3vy9u6WT/AwAAQA9y998ft9j/AAAA0Izc/Q/ELfY/AAAANCN3//vjlk72v/5f/6//n2f/v6n/1//r/wdN5fn/V1zxew/q//X/Lfb/Y/T/+n/9P3tNrf/P3f+BuKWT/Q8AAAA9yN3/wbjF/gcAAIBm5O7/UNxi/wMAAEAzcvd/OG7pZP/v7/8vW2wXqtuG+v9o1PT/O+j/d79//f/wjw/P/9f/6/+P31T6/2k8/3//r076/yX0//r/dfX/v7n/8/X/tGhq/X/u/gfjlk72PwAAAPQgd/9H4hb7HwAAAJqRu/+jcYv9DwAAAM3I3f9Q3NLJ/vf8f/2//l//r/8ffn39/zzp/8fp/5fQ/196P58/q+r/5/v8/1/W/7M6U+v/c/d/LG7ZGn6/9asX+T8TAAAAmJDc/R+PWzr5+j8AAAD0IHf/J+IW+x8AAACakbv/k3FLJ/tf/6//1//r//X/w6+v/58n/f84/f8S/fT/m0MfPOl+/lKd9Ptvpv/3/H9WaGr9f+7+T8Utnex/AAAAaNvjW9/m7v903GL/AwAAQDNy938mbrH/AQAAoBm5+x+OWzrZ//p//X/7/f8f6f/3vL7+f+39/3V36//XRv+fv6IP0/8v0U//P+ik+/m5v3/9v/6f/abW/+fufyRu6WT/AwAAQA9y9382brH/AQAAoBm5+z8Xt9j/AAAA0Izc/Z+PWzrZ//r/vvr/jUWP/b/n/+v/T7z/36L/X4/59P+3nBr6qOf/6//1//N9//p//T/7Ta3/z93/6MapLvc/AAAAzNUf/PafPnLY7/vo1rebiy/ELfY/AAAANCN3/xfjFvsfAAAAmpG7/0txSyf7X//fV//f5/P/9f/6f/1/T+bT/w/T/+v/9f/zff/6f/0/+02t/8/d/+W4ZcfwG/wP9AAAAAAn51eO9t1z938lbunk6/8AAADQg9z9X41b9u3/84f8U+0AAADA1OTu/1rc0snX//X/E+//F8fU/8f30/9v0//r/4deX/8/T/r/cZfY/5/f0P/r/0fo//X/+n/2mlr/n7v/njsWXe5/AAAAaNSu31H4+ta3m4tvxC32PwAAADQjd/834xb7HwAAAJqRu/9bcUsn+1//P/H+/6Ke/3+m/i/P/++8/79+c/D19f/6/5bp/8d5/v8S+n/9v/5f/89KHaH/3xqkx93/5+7/dtzSyf4HAACAHuTu/07cYv8DAABAM3L3fzdusf8BAACgGbn7vxe3dLL/9f8n0P/fcHqxONb+/xDP/9f/99H/H/D67fT/v3752fv/8I9vv1X/zwXr7P/zx4L+X/+v/9+m/9f/6//Za2rP/8/d//24pZP9DwAAAD3I3f9Y3GL/AwAAQDNy9/8gbnly/993Uu8KAAAAWKXc/T+MWzr5+r/+v8Xn/8+z/89/1ifQ/5+dX/+fTXHv/b/n/+v/9/P8/3H6/yX0//p//b/+n5WaWv+fu/9HcUsn+x8AAAB6kLv/x3FL7v+NI//WPQAAADAxuft/Erf4+j8AAAA0I3f/43FLJ/t/jv3/uT3vcfcn6v8XM+3/k+f/X/g8z//fpv/X/x+F/n+c/n8J/b/+X/+v/2elptb/5+7/adzSyf4HAACAHuTuPxe32P8AAADQjNz9P4tb7H8AAABoRu7+n8ctnez/Ofb/nv+v/9f/6/8X+n/9/wH0/+P0/0vo//X/+n/9Pys1tf4/d/8vAgAA///bQndU") r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x143041, 0x0) pwritev2(r0, &(0x7f00000001c0)=[{&(0x7f0000000080)="ff", 0x1}], 0x1, 0x1800, 0xfffffff7, 0x0) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x9000) syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000280)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0, &(0x7f0000000180)={[{@grpid}, {@mblk_io_submit}, {@nodioread_nolock}, {@test_dummy_encryption}, {@inode_readahead_blks}, {@nodelalloc}, {@minixdf}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x40}}]}, 0x4, 0xbaf, &(0x7f00000017c0)="$eJzs3M1rXFUbAPDn3ny2zftO+vIi1k0jIi2o07SSYotgKxU3LgTdCg3ppIRMP0giNWkWE/0HRF0LbgS1KF3YdTcKbt1o3VpcCEVioyCikTsfSWxmkrSd5Ibk94Mz95w5d+Z5nrlM7j0wNwHsWgPZQxpxICLOJhGF+vNpRHRXe70Rldp+C/OzI7/Pz44ksbj42i9JJBFxd352pPFeSX27rz7ojYhvX0zif++sjjs5PTM+XC6XJurjI1MXLh+ZnJ55ZuzC8PnS+dLFo8efGzo2dHzwxFDbav3jx1M3fnv85Z8qf37617Vf3/84iVPRV59bWUe7DMTA0meyUmdEDLc7WE466vWsrDPpXOdF6SYnBQBAS+mKa7hHohAdsXzxVoivvss1OQAAAKAtFjsiFgEAAIAdLrH+BwAAgB2u8TuAu/OzI42W7y8Sttad0xHRX6t/od5qM51RqW57oysi9t5NYuVtrUntZQ9tICJu/3Dii6zFJt2HvJbKXEQ82uz4J9X6+6t3ca+uP42IwTbEH7hnvN3qf7q7df2n2hA/7/oB2J1unq6dyFaf/9Kl659ocv7rbHLuehB5n/8a138Lq67/luvvaHH99+oGY1z95MMrreay+p+/8dLnjZbFz7YPVdR9uDMX8Vhns/qTpfqTFvWf3WCMwt9XSq3m8q5/8aOIQ9G8/oZk7f9PdGR0rFwarD02jTH3zdBnreLnXX92/Pe2qH+94395gzHeOHPmequ59etPf+5OXq/2uuvPvDU8NTVxNKI7eWX188fqN7S30Nin8R5Z/YefWPv736z+LESl/jlka4G5+jYbv31PzBeuXf1yrfqztV+ex//cAx7/dzcY48mv3zvcam7l+jdrWfzbSW0tDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANaUT0RZIWl/ppWixG7IuI/8fetHxpcuqp0UtvXjyXzUX0R1c6OlYuDUZEoTZOsvHRan95fOye8bMRsT8iPijsqY6LI5fK5/IuHgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgCX7IqIvkrQYEWlELBTStFjMOysAAACg7frzTgAAAADYdNb/AAAAsPNZ/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALDJ9h+8eSuJiMrJPdWW6a7PdeWaGbDZ0rwTAHLTkXcCQG46804AyM19rvFdLsAOlKwz39typqftuQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACwfR06cPNWEhGVk3uqLdNdn+tq+oqDW5gdsJnSvBMActOx1mTn1uUBbD1fcdi9mq/xgd0kWWe+d3mfyr9nejYtJwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC2n75qS9JiRKTVfpoWixH/iYj+6EpGx8qlwYj4b0R8X+jqycY9eScNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA201Oz4wPl8ulCR0dnXw7yfZIo9bJ+y8TAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB5mJyeGR8ul0sTk3lnAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAORtcnpmfLhcLk1soHP9fnZe0cm7RgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8vNPAAAA///5ZQ4Q") openat(0xffffffffffffff9c, 0x0, 0x80500, 0x0) 1.312446387s ago: executing program 0 (id=955): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000a40)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff5653f, 0x70bd2d, 0x25dfdbfc, {0x0, 0x0, 0x0, r2, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x81}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000200)=@newtfilter={0x3c, 0x2c, 0xd3f, 0x70bd25, 0x25dfdbfb, {0x0, 0x0, 0x0, r2, {0xfffd, 0x4}, {0x0, 0x9}, {0xf, 0x9}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_CT_STATE={0x6, 0x5b, 0xb}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x1}, 0x20048054) 1.168536719s ago: executing program 1 (id=956): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=@bridge_newvlan={0x24, 0x70, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r3}, [@BRIDGE_VLANDB_ENTRY={0xc, 0x2, 0x0, 0x1, @BRIDGE_VLANDB_ENTRY_STATE={0x5, 0x3, 0x4}}]}, 0x24}, 0x1, 0x0, 0x0, 0x20040000}, 0x20040014) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)=ANY=[@ANYBLOB="280100002f00010000000000fcdbdf250801f2800c00180008ac0f000010000014000100fc00000000000000000000000000000008004400", @ANYRES32=0x0, @ANYBLOB="d90062802400328008004100b20000000800ca00ac1e000108003d00fcffffff0400c58004008a800800a18004000f80c073bf8f025953f538087c2947af34d793a12e66cd988ba2df542272ddf8f3b0634ff9883b7914bc9c92aafa8bb7b0c0552ff62f4a9716d08229fbc0558c09235f84d6771d08666d8b337ac75c741e4e77f4a9bc443c6a07af22469f8689554aa0e81e897ed6146a5b6cb1adf5cecbe76fb07a1c2610d17b8d3c80cfe639ce824597e338c1bb6a7d118257e8e8ac7e1f1c03054e4ec9bce7dfd5f3620229ab929fb9ebb5658776ab26000000100002800c0001"], 0x128}], 0x1, 0x0, 0x0, 0x1}, 0x0) 1.154408486s ago: executing program 6 (id=957): socket$rds(0x15, 0x5, 0x0) r0 = socket(0x40000000015, 0x5, 0x0) connect$inet(r0, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) bind$inet(r0, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x0, 0x0, 0x0) getsockopt(r0, 0x200000000114, 0x271e, 0x0, &(0x7f0000000040)) 1.097527665s ago: executing program 0 (id=958): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0xe, 0x4, 0x8, 0x8}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x0, 0x10, &(0x7f0000000180)=ANY=[@ANYRESHEX=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x94) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000340)='cpuset.cpus\x00', 0x2, 0x0) write$cgroup_subtree(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='1-6:5'], 0x31) 967.91167ms ago: executing program 6 (id=959): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000001680)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x40001}, 0x4040850) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000009c0)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a4c000000030a0fdb00000000000000000a0020050900030073797a30000000000900010073797a31000000001400048008000240e7b140bb08000140000000030a000700726f75746500000014000000110001"], 0x74}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) r1 = socket$kcm(0xa, 0x922000000003, 0x11) setsockopt$sock_attach_bpf(r1, 0x29, 0x24, &(0x7f0000000080), 0x4) sendmsg$kcm(r1, &(0x7f0000000000)={&(0x7f00000007c0)=@l2tp6={0xa, 0x0, 0x8, @mcast1, 0x3, 0xffffffff}, 0x80, &(0x7f0000001880)=[{&(0x7f0000000600)="f4000900062b2c25fe80000000000000dc8b850f238466cc00007a000000ad6f911b51430437121d2ba7", 0x2a}], 0x1}, 0x0) 880.615872ms ago: executing program 0 (id=960): syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000600)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6469725f726573765f6c6576656c3d30303030303030303030303030303030303030332c726573765f6c6576656c3d30303030303030303030303030303030303030362c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c636f686572656e63793d66756c6c2c6e6f61636c2c004c98065b85e5b137d63b2211c62c402045083da9bddc3b0d88d44ecd24ba5288d428197284f332858b83349af2c7646f1e07e91120d7f23ce20389bbc031d81d654f1ca08f61c92d90e6ea478843c1ad942c7c257f9ff5348dd038e947775991ad90f8861dada21d5fa2de7042b5e2cbbcd1ada2b568e375812eb0bc448e68eda4c70cf1d5adf566142ed45924fe72a1eb1a914faf754b9d94bf0fdc1f98c708bd89940b5ef96e328240c39559b35bc83c15c15104f3b3fe1945f0278c34e2399dadcd9776ac659afcbb239569140ab408ad87f15b353941"], 0x1, 0x442a, &(0x7f0000004480)="$eJzs3c9vVNUeAPBzb/seLQ94LY8FLzFxEkk0apqWlVoSSymUFioGhRg3w7QdoDrtkHZqXLCoOxJXJi6MC6KJu65IF27xT3DjEtckunBjQkKsmZk7be/tTDrWTivk80nonXt+z3znnjl3cTlxonJ7bik3t5QrLOTKMzeXTuc+KZeW54sh3icH3T/t6UScxP7gXDl34b3rp0P4Yfanx+vr6+uhqjs0NbTl9e+/3Z3ZemyIM3Wq7TZvba98GEI4sW1cVV0hhA++DyEKIZxN0kaTY28I4Vio512/+/mN3B6N5sGj4pn806l7a8OnJlfvr7V+71EIX5f+//qt+V9e6hr++dU96h4AAAAAAAAAAAAAAAAAgGfc+NUr194dHAoPo9C9Gm1/Xnc8ObZ6PnZ9z7zY1nifJKX/7vsGAAAAAAAAAAAAAAAAAACAf5LN5/9z0fEmz/+PJceRFvXX3+78GOmciXeujJ0fHEr2f4+25b+RJP16tiv0N9n3Pbv/+9lM/eb7v2/vZ7ca42v02xeieCB1HscDAyF8m2z8fjI6HJfKS5XXbpaXF2b3bBjPrHT867v3p6KTbOjfbvxHM+13fv///237NlXPb+zdV+y5lo5/V8ty330WtRX/c5l6+xF/di8d/+5aWu/WAiP1CaAa/y+6d47/WKb9TsX/WAghF1XHmkvNANU1TDW91XqFtHT8/1VLS02dyQfZ6vp/kon/+Uz7BzX/r2R/iGgqHf9/19J6UiU2r//+eOfr/0Km/YOIf3X8K37/25KO/6F6YneqSO2TbHf+H8+036n4X4uTcR6LUt+A1aie3ur/qyMtHf+ebfmb939xW+u/i5n6+3X/1+i3cf/XmP5fier3fzSXjn9vy3LtXv8TmXqdnv9Haus/disd/8O1tPTaua/2t934T2ba71T8a6uSnkb8N+eTPw7V07+x/mtLOv7/qSfGW0us1P7W1n/Rzuv/S5n2D2L9Vx3/StzZXp8X6fgfaVmuGv8f2/j9v5yp1/n4hzBorb9r6fgfbVmudv337Bz/qUy9Tsf/5U42DgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAMGE2OfSGKB1LncTwwEMK55PxkOBxNF2bz06XyzMdLIYwl6blwPLpVKk8XSvm5hfJsMV8olcozIZxP8k+EnmipVK7k5wt3Lmy01RvdLhYWK9PFQiWEMJ6kvxCONtqanqvMF+6EEC5u5P03Li/euV1YyM/OLb41ODg4GCY2xtAfFT+tFBcq9d7ruSFMbtTti7YMrpZ9aWMsR6KPysuLC4VSLf3yljql8kyhtKXOVJL3ZeiPKovLCzOFSjFfKt9q9HeQRpLj2MTV969eHtqWfyOqH0f3d1gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/EUPh9/8KoTQXT+LQwi5KHkRJf9SHjwqnsk/nbq3NnxqcvX+2uNmZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiTHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzSP0oDQRQH4DdjoaXHsFp2O9sVRbRwRfAEegwPo0fxEt7BIkXaFCGQzELYP7BNUn1f82B+zLwH8wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACWe3zr3l/rJiLF1fYy4vfz7/84fy71+276/sUZZuR0nl66+4e6Kf+eRvltOVq1eZ9u1l8fMVF7P4M9Ge7TwbjP0Ny+zc3X972OlKuIaEt+k3KuqmVvAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOzYgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCwAAAAAI87eOom8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4FcAAAD//0OnJ0Q=") syz_mount_image$fuse(0x0, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x800, 0x0, 0x0, 0x0, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x88040, 0x6) fcntl$setlease(r0, 0x400, 0x0) linkat(0xffffffffffffff9c, &(0x7f00000006c0)='./file1\x00', 0xffffffffffffff9c, &(0x7f0000000100)='./file7\x00', 0x1000) unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x0) 807.494018ms ago: executing program 4 (id=961): syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x200841f, &(0x7f0000000f40)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000000000000003b814e50a959736d65720f73ecea54b5e5be45ace9a88f723cb005aeff24212c651baef614d442ae89412ad3dcd0b7586d02002a6d6d65cacd4fc5002207ce994dda65c4b1d23a9bd5ba0f4ce5c2b5a5718c6aa918080002223d2753a5cac974110144cd0a1e368652324a41b31e1eb3b32dccbdf8f68bd96a45a75427a5f789d267fd92f6a5540200b81d5b9fa9b40fe4d7fbd50a6afc3a989c6d60045663c59cbdc4c700000000bc7f6b22df0193acf5912afdcc1c061835177068c40f757dd123d2600b1c544f1525aa8d00000000000000000000002e8b5c733d362417bb7f527c0bfebec112d57fc69fabb9b31ef97b2147930ff60cdf666c25244218b1f1a6010000000100000020563b835d0e8e9a09070ef1691fcb2f37bda5d4e3d9d7a2d0ac82b45a53001057f321acc45d5e065a461de90100000077d200000000000040b78f0dd3836f5ab2f6a1a5b798bb7752f192c6b48e568973a59cd9c74bd9a14721856c5499cd8f93f8beaa9cf76718ce7244c8426803000000005c000208886b313bd01a22d576e414011a4f0a897515329f86d4585fa0ea17068f8af349696da4a2b3e24310ca52ec51bc23b57897cb55a2d513e6a00765ee3f58b471c54dd57f0af584afe4a21f92b515d7f2fa6fbb273ca0f751e684584320534667aea39ad7222c8ef531f514939177a47395e94c1723abb3fd44fd64fde4b45cc2f55f4ae05ff48648a4c998257856bcdcf2fa02010000001f54fb936570450e91c8d55abad76a7b7a000016f81ec9da9ccc1191c211632266d907e4d9b23496ae19bac24dc23c43f514f1b4af19988bbe61ee29a368a999435d6872d01b79c7821e875859dfbf3c57e4f1fb0be46cb5f7a0fa13516c0926d19dd2d5862085e1e4cb8279be17cba17ee4d06ad97b4ca282e73ea142b01b4a742fa11c0927ba811dd60903d575db449d775021b542db617086b3ed42e6e60fe043cff79b0c067c584bbf82657974c3736912b4b522052b9467d0da116ccc1652d861a420f09aaf67d3e9f6160100000001000000ae6335ad9896abd3cc00413638cb9bc62ab8054325d72e9144cf4f88702f586507e3147198e0bc4060a7c8f4dce73b653177ecf8228e6e6fae02510000000000000000000000000000f43739fdd2d24e50e0233acfe1c8639070fe00f40b0d01f8a0a35fcfe3ea10faf9c24b8488ed4ed83fb06a9a7c57442ede9e1fc2853b8f4d2241cff61d0125b7750e3fdae6a4ab9c776a191ed8098a780ea2bbaa64978cd3a6458fcc6b949bcbca0dceb7361f66e46731eba4f3aed335e7c8c541e82453218a19d39489e1525466ac93759787e767f601931d94c9c426489b741a6bc8abf475e4bf859e1ce7f7227069e9f51e25fa3d1b18dc335680a1af464a1dd697db85e2b27b90f6bd7cf1b6bc0bcd8ba552ced3d3cfbf9c9bc04f65b6f83cb40173b4bdc393d47e5da95b63a40ac18daf11e8d0706b47795fbe2b56d0ea7ffc5a59ede88621a08b25ca6ebe041317b62373a60951af33eb7954a9731aaa125add0913ed2435a207439e9122512d77096747a4b404459cebc8faff8f7a31758e630c75a1ff90402754d339dc21cf6b8e04e1aedf14df0b4aaf0e03194df3eb41ba066bc343b323a3162d7e7ba687633c2faa8f28b42364b72e3a457476fd6b2a54e670ba798172c44c4390f73fdab743a4cac88b2bd0545b8483f2e2f9846b138a4d8a3332978da70e9050417087c5ae034a735e8b448dd97014043159cbaacebfc912cf05f608e6214c04099fa311b747c37af702d134fb8eec487cfaea91150d1980464ff31cf86e3f3b950b204f6f67810c0826e4e5467c1588de9016bc627fb4662ac5fc8e38f19ec065550e5f9b16f72a91144a2e52ba9f2c6a7e2afbabc533ac731bb7ec51b8c585c2749469da331006ca4d49e136189d21ae50455834b2e75efd81c9d6352e5a814cf002f294475dab27a10d87516e405eff30", @ANYRES16], 0x1, 0x5540, &(0x7f0000007a00)="$eJzs3EtvG2UXAOB3nCb9ev0ixIJdR6qQEqm24lwq2AVoxUWkirgsWIFjO5Zb2xPFjhOyQoIlYsE/QSCxYslvYMGaHWIBYocEmospoVxa7MRJ+zzS+My8Mz7znpGV6MxYDsATaz7++ccoXA0XQggzIYTLUcjWo2LJrOfhmRDCtRBC6Q9LVIz/PjAXQrgYQriaJs9zRsWuT28Mr6/98NpPX31z/tylz778dnpVA9P2bAihu5Ov73fzmLTyeLcYrw3bWeyuDouY7+jeK7aTPO43t7IM+7XRcbUsrrTy45OdvX4atzu1ehpb7e1sfKeXn7A/bI3yZG+4W9vNthvNrSy2+0kWW4f5vA4Os79tpVEtO40i3/tZ+jAYjGI+3jxo5vXs3MtivTcoxvO8SaN5kMZhEYvThXrSaWTz2PrPl/nUe73d2zuIh83dfjvpxWuV6nOV6s1ydTdpNAfN1XKt27i5Gi+0Oulh5UGz1l1vJUmr06zUk+5ivNCq18vVarxwq7nVrvXiarWyUlkqry0Wazfil++8HXca8UIaX2z39ubanX68nezG+TsW4+XKyvOL8fVq/ObGZrz5xu3bG5tvvXvrnTsvbLz6UnHQA9OKF5aXlpfL1aXycnXxFNSf/t99yPoH49T/UTHpR6g/Gu/ywD/zAQN4ZA/0/0H/Dxy/s97/pw77eR8/dv+ftlT6/3/vf0vj9/9j9b+ntf8/w/XDWPT/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABPrO9mP38lW5nPty8V41eKoaeK7SiEUAoh/PoXZsLckZwzRZ7Zvzl+9k9z+DoKWYb0HOeL5WIIYb1Yfvn/cV8FAAAAeHx98cG1T/JuPX+Zn/aEOEn5TZvS5fcmlC8KIczOfz+hbKX05ekJJcs+3+fCwYSyZTew/jehZPktt3OTyvZQZkbhwyv3B7OCojyUTnQ6AADAiZg5Ek62CwEAAOAkfTztCTAdURg9yhw9C86+eX//0eaFI/sAAACAMyia9gQAAACAY5f1/37/DwAAAB5v+e//AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+xcz+3iQNRHICfDQb2nxat9r6t7A3KSAk55hgoIE1QAmkhDVADuaWECCLsEZIjkCIxjhX0fZLHGTv6zQxweWPJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQpedqPX+8//dwac5uf5k8qwEAAABO2Vbref3HtOn/SNd/pUt/Ur+IiDIiTtXugxi1Mgcppzrz/9W7OTxF1AmHMcbp+B4R/9Px+rvrTwEAAACu12a5mjXVetNM+54Qn6nZtCl/3mTKKyKimr5kSisPzd9MYfXvexh3mdLqDaxJprBmy214+t4o1yBtg9YprWSyqL/Euld2My4AANCndiVwpgoBAADgCtz2PQH6URyb43PGcXNKDwS/tXoAAADAF1T0PQEAAACgc3X97/1/AAAAcN2a9/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQpW21nm+Wq9m5+4sP5uz2l8m3IgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4Y3/eUSAEwiAM9q7vTOb+h5UGDY1NqkD4+BuDAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICL/XlJgRAIgiiYM/530vc/rCToGUSIgIZHFbVoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICLnfvnjaOIAgD+bu/28gcQxiAXBhQkCmiIfQkJKaEAWRR8BCTLOQfDhUDigkQWyA1UyHUaBCVCSCDT5TukjqU0oUvhwkjUoN3bvWwSQ06R2V3i30+anbfn1cybvZPl51kbAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDS7jvxUlLE3ewwM47L127tbaxk/c4DfebG1u35rGVx51ETffP2wSffbi9XT07MVU6+qj8ZAAAADoduWd9HxJ10eynrk5m8/k/La7Ka//tnxnFZzz9Y9+/sbRwtvjRf1v+//Xr3hclEM+N5skFX10bDxYdT6f1HS2y9Zx95RS+/8/nvXrr5G5K8v/n8bprfz863N2++28/DI3VkCwA8jpNlXwTlz0NZP2gyMQAOjV6l8C7r/+5MszkBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1GF3M54q405EzPfuxZmdvY2V/fobW7fny3b2+vWt6pjZEGlErK6NhmmNa2m7K1evfbI8Gg0v1x+ciIjmZi+CD6e4JuLfryk+ntHcKv456LQjjUaDpHh/2pLPQQblZ+/gR27oGxIAAE+stGhZXX8n3V7KXuvMRvz1w/31/2uVOKas/+9+dPZWda5q/T+obYXtt7B+8bOFK1evvbF2cfnC8MLw0zdPDd4anD535sy5hexeLS6sRjJcbDpNAAAA/sf6RavW/8nsw/v/xytxTFn/f/7d4MvqXF31/77ubfo1nQkAAMBh1J9Ez73y5x+dfa7o9PvxxfL6+uXB+Dg5PzU+1pruYzpStGr9351tOisAAACgDrubnfv2/89X4phy///pH1/8uTpmNyKORVyKiOHJlUuj8/Utp9Xq+EPlfKJ+0ysFAACgKceKVt3/T/Pn/5PJIw9JRLz+6jgu/9fVNPV/972vf6rOVX3+/3R9S2ylZG58P/J+LqI313RGAAAAPMmOFi0r9n9Pt5c+/uX4B33P/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADU7e8AAAD//+iyNKQ=") syz_mount_image$msdos(&(0x7f0000000180), &(0x7f0000000000)='.\x00', 0x18424bc, &(0x7f00000003c0)=ANY=[], 0x0, 0x0, &(0x7f0000000000)) r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) fallocate(r0, 0x0, 0x0, 0x1000f4) r1 = openat(0xffffffffffffff9c, &(0x7f0000004400)='./bus\x00', 0x6b142, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, &(0x7f0000000140)={r1, 0x0, 0x100000000000000}) 789.928344ms ago: executing program 6 (id=962): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000700)=ANY=[@ANYBLOB="12010000000000408c0d220000000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000240)={0x2c, &(0x7f0000000980)=ANY=[@ANYBLOB="00000001000000090090"], 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_connect(0x2, 0x24, 0x0, 0x0) r1 = syz_open_dev$evdev(&(0x7f0000000100), 0x4, 0x0) ioctl$EVIOCGKEYCODE_V2(r1, 0x80284504, &(0x7f0000000040)=""/185) 535.652755ms ago: executing program 1 (id=963): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000740)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x4010000, {{@in=@dev={0xac, 0x14, 0x14, 0x30}, @in=@dev={0xac, 0x14, 0x14, 0x1a}, 0x0, 0x0, 0x0, 0x0, 0xa, 0x20}, {0x8, 0x10, 0x100000002, 0x0, 0xfff, 0xffffffffffffb473, 0xffffffffffffffff}, {0x1000000000, 0x2000000000000000, 0x2, 0xffffffffffffffff}, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x3}}, 0xb8}}, 0x4004) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffb}, {0x0, 0x0, 0x200000000000000}}}, 0xb8}}, 0x2c000010) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=ANY=[@ANYBLOB="c40000001b000100feffffff00004000e000000200"/48, @ANYRES32], 0xc4}, 0x1, 0x0, 0x0, 0x40100}, 0x2c000010) 406.610849ms ago: executing program 1 (id=964): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r1, &(0x7f0000000100), 0x12) r2 = openat$cgroup_int(r0, &(0x7f0000000080)='cpuset.memory_spread_page\x00', 0x2, 0x0) write$cgroup_int(r2, &(0x7f00000000c0)=0xd, 0x12) 242.246807ms ago: executing program 1 (id=965): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x8, 0xc, 0x3, 0x1}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000140), 0x5, r0}, 0x38) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r1, &(0x7f0000000080)=ANY=[], 0x10448) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x19, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x5, 0xffffffffffffffff, 0x4}, 0x38) 136.190186ms ago: executing program 1 (id=966): syz_genetlink_get_family_id$tipc2(&(0x7f0000000100), 0xffffffffffffffff) sendmsg$TIPC_NL_MEDIA_GET(0xffffffffffffffff, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200}, 0xc, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) ioctl$USBDEVFS_DROP_PRIVILEGES(0xffffffffffffffff, 0x4004551e, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000000)={@broadcast, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "120008", 0x10, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x8, 0x0, 0x2}}}}}}, 0x0) syz_emit_ethernet(0x7a, &(0x7f0000000180)={@link_local, @dev, @val={@void}, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x40, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x500, {0x0, 0x6, "508359", 0x0, 0x0, 0x0, @private1, @private1, [@hopopts={0x3a}, @routing]}}}}}}}, 0x0) 142.26µs ago: executing program 1 (id=967): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000800, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) syz_emit_ethernet(0x3a, &(0x7f0000000180)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x2c, 0x67, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x6, 0xc2, 0x0, 0x0, 0x0, {[@sack_perm={0x4, 0x2}]}}}}}}}, 0x0) syz_emit_ethernet(0x76, &(0x7f0000000640)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x68, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x15, 0x4, 0x0, 0x0, 0x0, {[@mptcp=@capable={0x1e, 0xc}, @mptcp=@syn={0x1e, 0xc}, @sack={0x5, 0x16, [0x0, 0x0, 0x0, 0x0, 0x0]}, @md5sig={0x13, 0x12, "a4bcbcee95c6179191d2675112a6689b"}]}}}}}}}, 0x0) 0s ago: executing program 2 (id=968): setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x20, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) write$tun(r0, &(0x7f0000000240)={@val={0x8, 0x800}, @val={0x7, 0x0, 0x0, 0x300, 0x14}, @ipv4=@tcp={{0x5, 0x4, 0x0, 0x3c, 0x8016, 0x0, 0x0, 0x0, 0x2f, 0x0, @empty, @broadcast}, {{0xa200, 0x22eb, 0x41424344, 0x41424344, 0x0, 0x0, 0x1}}}}, 0xfdef) kernel console output (not intermixed with test programs): s on: batadv_slave_1 [ 98.289859][ T5498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.316494][ T5498] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 98.328454][ T5498] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 98.348925][ T4328] XFS (loop1): Unmounting Filesystem [ 98.368170][ T5498] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.411891][ T4400] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 98.428106][ T5697] loop2: detected capacity change from 0 to 64 [ 98.436731][ T4400] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 98.452463][ T5498] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.472743][ T5498] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.487071][ T5498] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.506037][ T5498] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.634310][ T4227] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 98.737577][ T5703] netlink: 20 bytes leftover after parsing attributes in process `syz.0.383'. [ 98.888576][ T4400] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.925637][ T4400] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.957811][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 98.991075][ T5716] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 99.032224][ T5716] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 99.061764][ T744] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.078052][ T744] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.110293][ T744] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 99.386853][ T5733] loop5: detected capacity change from 0 to 4096 [ 99.462026][ T5507] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 99.509959][ T5733] EXT4-fs (loop5): Test dummy encryption mode enabled [ 99.592207][ T5733] EXT4-fs (loop5): mounted filesystem without journal. Opts: inode_readahead_blks=0x0000000008000000,noauto_da_alloc,dioread_nolock,test_dummy_encryption,nobarrier,nodelalloc,minixdf,debug_want_extra_isize=0x0000000000000040,,errors=continue. Quota mode: writeback. [ 99.720306][ T5507] usb 3-1: Using ep0 maxpacket: 16 [ 99.781901][ T5709] loop4: detected capacity change from 0 to 40427 [ 99.810149][ T5126] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 99.821619][ T5709] F2FS-fs (loop4): Invalid SB checksum offset: 0 [ 99.835836][ T5709] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock [ 99.844307][ T5751] Invalid argument reading file caps for ./file0 [ 99.847743][ T5709] F2FS-fs (loop4): invalid crc value [ 99.885543][ T5507] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 99.889721][ T5709] F2FS-fs (loop4): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 99.923117][ T5507] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 99.968314][ T5507] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 99.989215][ T5507] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.005391][ T4552] net_ratelimit: 8 callbacks suppressed [ 100.005406][ T4552] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 100.012543][ T5507] usb 3-1: config 0 descriptor?? [ 100.036749][ T5760] loop5: detected capacity change from 0 to 64 [ 100.056204][ T5709] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0 [ 100.070341][ T5126] usb 1-1: Using ep0 maxpacket: 8 [ 100.076937][ T5709] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 100.132578][ T5709] attempt to access beyond end of device [ 100.132578][ T5709] loop4: rw=10241, want=53256, limit=40427 [ 100.230332][ T5126] usb 1-1: unable to get BOS descriptor or descriptor too short [ 100.301088][ T1346] Bluetooth: hci1: command 0x0419 tx timeout [ 100.320144][ T5126] usb 1-1: config 57 has an invalid interface number: 229 but max is 0 [ 100.328536][ T5126] usb 1-1: config 57 has no interface number 0 [ 100.364615][ T5126] usb 1-1: config 57 interface 229 has no altsetting 0 [ 100.522935][ T5507] HID 045e:07da: Invalid code 65791 type 1 [ 100.527026][ T5778] loop1: detected capacity change from 0 to 128 [ 100.537337][ T5507] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.0004/input/input12 [ 100.557251][ T5126] usb 1-1: New USB device found, idVendor=0979, idProduct=0270, bcdDevice=dd.eb [ 100.576712][ T5126] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 100.596627][ T5126] usb 1-1: Product: syz [ 100.604811][ T5507] microsoft 0003:045E:07DA.0004: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 100.613249][ T5126] usb 1-1: Manufacturer: syz [ 100.658104][ T5778] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 100.663467][ T5126] usb 1-1: SerialNumber: syz [ 100.776432][ T5778] ext4 filesystem being mounted at /48/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 100.799894][ T5787] fuse: Bad value for 'fd' [ 100.807980][ T5507] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 101.001200][ T5797] loop4: detected capacity change from 0 to 1024 [ 101.025144][ T5126] gspca_main: jeilinj-2.14.0 probing 0979:0270 [ 101.081433][ T5797] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 101.094151][ T5126] usb 1-1: USB disconnect, device number 6 [ 101.109329][ T5797] ext4 filesystem being mounted at /85/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 101.138824][ T5797] EXT4-fs error (device loop4): ext4_free_blocks:6234: comm syz.4.401: Freeing blocks not in datazone - block = 0, count = 16 [ 101.160506][ T1346] usb 6-1: new full-speed USB device number 2 using dummy_hcd [ 101.266558][ T9] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm kworker/u4:0: bg 0: block 112: padding at end of block bitmap is not set [ 101.294658][ T9] EXT4-fs (loop4): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28 [ 101.309498][ T9] EXT4-fs (loop4): This should not happen!! Data will be lost [ 101.309498][ T9] [ 101.319499][ T9] EXT4-fs (loop4): Total free blocks count 0 [ 101.325628][ T9] EXT4-fs (loop4): Free/Dirty block details [ 101.333332][ T9] EXT4-fs (loop4): free_blocks=16 [ 101.338433][ T9] EXT4-fs (loop4): dirty_blocks=16 [ 101.344858][ T9] EXT4-fs (loop4): Block reservation details [ 101.351446][ T9] EXT4-fs (loop4): i_reserved_data_blocks=1 [ 101.369913][ T5507] usb 3-1: USB disconnect, device number 6 [ 101.424559][ T5815] loop1: detected capacity change from 0 to 1024 [ 101.485684][ T5817] loop4: detected capacity change from 0 to 1024 [ 101.553075][ T5815] EXT4-fs (loop1): Ignoring removed nomblk_io_submit option [ 101.590515][ T1346] usb 6-1: config 4 has an invalid interface number: 118 but max is 0 [ 101.601365][ T5817] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 101.639059][ T5815] EXT4-fs (loop1): mounted filesystem without journal. Opts: minixdf,bsddf,barrier=0x0000000000000009,commit=0x0000000000000005,debug_want_extra_isize=0x0000000000000080,lazytime,nodelalloc,noblock_validity,nomblk_io_submit,,errors=continue. Quota mode: none. [ 101.674081][ T5823] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0x205ab87c, utbl_chksum : 0xe619d30d) [ 101.698121][ T1346] usb 6-1: config 4 has no interface number 0 [ 101.724842][ T1346] usb 6-1: config 4 interface 118 has no altsetting 0 [ 101.803430][ T26] audit: type=1800 audit(1772117536.582:9): pid=5823 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.407" name="file1" dev="loop0" ino=1048612 res=0 errno=0 [ 101.840295][ T1346] usb 6-1: New USB device found, idVendor=16c0, idProduct=05df, bcdDevice=b0.71 [ 101.852260][ T1346] usb 6-1: New USB device strings: Mfr=0, Product=13, SerialNumber=0 [ 101.887436][ T1346] usb 6-1: Product: syz [ 101.953743][ T4227] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 102.152336][ T5854] set_capacity_and_notify: 1 callbacks suppressed [ 102.152351][ T5854] loop4: detected capacity change from 0 to 128 [ 102.240782][ T4231] usb 6-1: USB disconnect, device number 2 [ 102.330597][ T5854] EXT4-fs (loop4): mounted filesystem without journal. Opts: nodioread_nolock,noblock_validity,,errors=continue. Quota mode: none. [ 102.370957][ T5854] ext4 filesystem being mounted at /89/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 102.550089][ T4552] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 102.686610][ T5877] 9pnet: p9_errstr2errno: server reported unknown error @ [ 102.811939][ T4552] usb 2-1: Using ep0 maxpacket: 32 [ 102.875303][ T5881] kvm: apic: phys broadcast and lowest prio [ 102.882006][ T5881] Disabled LAPIC found during irq injection [ 102.930354][ T4552] usb 2-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7 [ 102.955051][ T4552] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 102.984653][ T4552] usb 2-1: config 0 descriptor?? [ 103.020478][ T5126] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 103.028646][ T4227] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 103.042097][ T4552] gspca_main: sunplus-2.14.0 probing 041e:400b [ 103.142560][ T4231] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 103.350292][ T4227] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 103.420056][ T4231] usb 6-1: Using ep0 maxpacket: 8 [ 103.550285][ T4231] usb 6-1: config 0 has an invalid interface number: 101 but max is 0 [ 103.562608][ T4231] usb 6-1: config 0 has no interface number 0 [ 103.568830][ T4231] usb 6-1: too many endpoints for config 0 interface 101 altsetting 61: 48, using maximum allowed: 30 [ 103.580498][ T4231] usb 6-1: config 0 interface 101 altsetting 61 has 0 endpoint descriptors, different from the interface descriptor's value: 48 [ 103.593981][ T4231] usb 6-1: config 0 interface 101 has no altsetting 0 [ 103.640174][ T4227] usb 1-1: Using ep0 maxpacket: 8 [ 103.780282][ T4227] usb 1-1: unable to get BOS descriptor or descriptor too short [ 103.788190][ T4231] usb 6-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 103.797448][ T4227] usb 1-1: no configurations [ 103.802203][ T4231] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 103.810349][ T4227] usb 1-1: can't read configurations, error -22 [ 103.816721][ T4231] usb 6-1: Product: syz [ 103.822882][ T4231] usb 6-1: Manufacturer: syz [ 103.827487][ T4231] usb 6-1: SerialNumber: syz [ 103.838435][ T4231] usb 6-1: config 0 descriptor?? [ 104.071172][ T1346] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 104.083917][ T5912] loop4: detected capacity change from 0 to 4096 [ 104.151597][ T4231] gspca_main: se401-2.14.0 probing 047d:5003 [ 104.175362][ T5912] ntfs3: loop4: failed to convert name for inode 1e. [ 104.239020][ T5917] netlink: 'syz.4.431': attribute type 1 has an invalid length. [ 104.265239][ T5917] 8021q: adding VLAN 0 to HW filter on device bond1 [ 104.317744][ T5917] bond1: (slave geneve2): making interface the new active one [ 104.340170][ T4552] gspca_sunplus: reg_w_riv err -71 [ 104.343432][ T5925] loop2: detected capacity change from 0 to 512 [ 104.345415][ T4552] sunplus: probe of 2-1:0.0 failed with error -71 [ 104.378813][ T4552] usb 2-1: USB disconnect, device number 5 [ 104.380661][ T5917] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 104.399177][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready [ 104.423729][ T5925] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 104.578518][ T5925] EXT4-fs warning (device loop2): ext4_expand_extra_isize_ea:2807: Unable to expand inode 15. Delete some EAs or run e2fsck. [ 104.606773][ T5932] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 104.663507][ T5929] loop4: detected capacity change from 0 to 32768 [ 104.676968][ T5932] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 104.686664][ T5925] EXT4-fs (loop2): 1 truncate cleaned up [ 104.691013][ T5932] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 104.697894][ T5925] EXT4-fs (loop2): mounted filesystem without journal. Opts: max_batch_time=0x0000000000000004,jqfmt=vfsold,debug_want_extra_isize=0x000000000000006a,user_xattr,errors=remount-ro,nombcache,. Quota mode: none. [ 104.701057][ T5932] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 104.740161][ T4231] usb 6-1: reset high-speed USB device number 3 using dummy_hcd [ 104.766494][ T5929] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 scanned by syz.4.436 (5929) [ 104.834626][ T5929] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm [ 104.844015][ T5929] BTRFS info (device loop4): turning on sync discard [ 104.851744][ T5929] BTRFS info (device loop4): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 104.861895][ T5929] BTRFS info (device loop4): use zstd compression, level 3 [ 104.869421][ T5929] BTRFS warning (device loop4): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 104.880125][ T5929] BTRFS info (device loop4): trying to use backup root at mount time [ 104.889698][ T5929] BTRFS info (device loop4): enabling auto defrag [ 104.896909][ T5929] BTRFS info (device loop4): using free space tree [ 104.903631][ T5929] BTRFS info (device loop4): has skinny extents [ 104.994922][ T5940] loop1: detected capacity change from 0 to 2048 [ 105.100597][ T1346] net_ratelimit: 29 callbacks suppressed [ 105.100610][ T1346] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 105.121867][ T5940] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 105.157816][ T26] audit: type=1800 audit(1772117539.932:10): pid=5940 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.440" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 105.185267][ T4552] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 105.246864][ T4274] BTRFS warning (device loop4): checksum verify failed on 5337088 wanted 0xe63dbdda found 0xc926492d level 0 [ 105.280188][ T4227] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 105.293268][ T5929] BTRFS warning (device loop4): failed to read root (objectid=2): -5 [ 105.310985][ T4274] BTRFS warning (device loop4): checksum verify failed on 5324800 wanted 0x9f73850b found 0x80379423 level 0 [ 105.333346][ T26] audit: type=1800 audit(1772117540.112:11): pid=5963 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.440" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 105.390208][ T5929] BTRFS warning (device loop4): couldn't read tree root [ 105.396486][ T5942] loop2: detected capacity change from 0 to 32768 [ 105.398222][ T5929] BTRFS error (device loop4): parent transid verify failed on 5255168 wanted 5 found 7 [ 105.414054][ T5929] BTRFS warning (device loop4): couldn't read tree root [ 105.435194][ T5929] BTRFS info (device loop4): enabling ssd optimizations [ 105.444448][ T5929] BTRFS info (device loop4): clearing free space tree [ 105.451909][ T5929] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 105.465546][ T5929] BTRFS info (device loop4): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 105.524270][ T5929] BTRFS info (device loop4): creating free space tree [ 105.533045][ T5929] BTRFS info (device loop4): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 105.542798][ T5929] BTRFS info (device loop4): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 105.557160][ T4227] usb 1-1: Using ep0 maxpacket: 32 [ 105.584430][ T5929] BTRFS info (device loop4): checking UUID tree [ 105.600139][ T5942] XFS (loop2): Mounting V5 Filesystem [ 105.650230][ T4231] gspca_se401: read req failed req 0x06 error -71 [ 105.657378][ T4231] se401: probe of 6-1:0.101 failed with error -71 [ 105.700311][ T4227] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 105.708523][ T4227] usb 1-1: config 0 has no interface number 0 [ 105.785463][ T4231] usb 6-1: USB disconnect, device number 3 [ 105.793865][ T5942] XFS (loop2): Ending clean mount [ 105.796858][ T4227] usb 1-1: config 0 interface 184 has no altsetting 0 [ 105.879482][ T26] audit: type=1804 audit(1772117540.652:12): pid=5942 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.439" name="/newroot/95/file1/file1" dev="loop2" ino=4422 res=1 errno=0 [ 105.977086][ T4198] XFS (loop2): Unmounting Filesystem [ 106.077583][ T4227] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 106.100903][ T4227] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 106.108949][ T4227] usb 1-1: Product: syz [ 106.113961][ T4227] usb 1-1: Manufacturer: syz [ 106.118580][ T4227] usb 1-1: SerialNumber: syz [ 106.170817][ T4227] usb 1-1: config 0 descriptor?? [ 106.194213][ T4231] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 106.242060][ T4227] smsc75xx v1.0.0 [ 106.274331][ T4552] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 106.655793][ T6006] loop2: detected capacity change from 0 to 1024 [ 106.741432][ T6006] EXT4-fs (loop2): mounted filesystem without journal. Opts: nouid32,nodioread_nolock,noquota,delalloc,journal_dev=0x0000000000000009,commit=0x0000000000000000,,errors=continue. Quota mode: none. [ 106.766002][ T6006] ext4 filesystem being mounted at /96/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 106.797595][ T5998] loop4: detected capacity change from 0 to 32768 [ 106.852082][ T26] audit: type=1800 audit(1772117541.632:13): pid=6006 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.444" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 106.879316][ T6006] EXT4-fs error (device loop2): ext4_map_blocks:739: inode #15: comm syz.2.444: lblock 0 mapped to illegal pblock 0 (length 6) [ 106.883013][ T4231] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 106.940255][ T5998] XFS (loop4): Mounting V5 Filesystem [ 106.946757][ T6021] EXT4-fs error (device loop2): ext4_free_blocks:6234: comm syz.2.444: Freeing blocks not in datazone - block = 1, count = 5 [ 107.024813][ T6025] 9pnet: p9_errstr2errno: server reported unknown error  [ 107.059451][ T5998] XFS (loop4): Starting recovery (logdev: internal) [ 107.156777][ T5998] XFS (loop4): Ending recovery (logdev: internal) [ 107.240194][ T4231] usb 6-1: Using ep0 maxpacket: 16 [ 107.248382][ T4196] XFS (loop4): Unmounting Filesystem [ 107.265263][ T5842] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 107.403317][ T4231] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 107.407544][ T6030] loop2: detected capacity change from 0 to 40427 [ 107.419915][ T4231] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 107.431661][ T1346] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 107.439709][ T4231] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 107.448607][ T6030] F2FS-fs (loop2): Invalid SB checksum offset: 0 [ 107.453971][ T4231] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 107.465801][ T6030] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock [ 107.481521][ T4231] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 107.485983][ T6030] F2FS-fs (loop2): invalid crc value [ 107.496638][ T4231] usb 6-1: config 0 descriptor?? [ 107.542398][ T6030] F2FS-fs (loop2): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437) [ 107.560435][ T4227] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -71 [ 107.584867][ T4227] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 107.616165][ T6030] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0 [ 107.628322][ T6030] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5 [ 107.630204][ T4227] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 107.666230][ T4227] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 107.705362][ T1346] usb 2-1: Using ep0 maxpacket: 8 [ 107.711025][ T4227] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset [ 107.732350][ T4227] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 107.752830][ T6030] attempt to access beyond end of device [ 107.752830][ T6030] loop2: rw=2049, want=53264, limit=40427 [ 107.765569][ T4227] smsc75xx: probe of 1-1:0.184 failed with error -71 [ 107.777507][ T6030] attempt to access beyond end of device [ 107.777507][ T6030] loop2: rw=2049, want=53360, limit=40427 [ 107.781232][ T4227] usb 1-1: USB disconnect, device number 9 [ 107.807541][ T6030] attempt to access beyond end of device [ 107.807541][ T6030] loop2: rw=2049, want=53376, limit=40427 [ 107.836007][ T6040] loop4: detected capacity change from 0 to 64 [ 107.857408][ T4198] attempt to access beyond end of device [ 107.857408][ T4198] loop2: rw=2049, want=45104, limit=40427 [ 107.869086][ T1346] usb 2-1: config 2 has an invalid interface number: 31 but max is 0 [ 107.879950][ T1346] usb 2-1: config 2 has no interface number 0 [ 107.886315][ T1346] usb 2-1: config 2 interface 31 has no altsetting 0 [ 107.918550][ T6040] hfs: unable to locate alternate MDB [ 107.928566][ T6040] hfs: continuing without an alternate MDB [ 107.979000][ T6040] netlink: 24 bytes leftover after parsing attributes in process `syz.4.456'. [ 108.012929][ T4231] HID 045e:07da: Invalid code 65791 type 1 [ 108.035137][ T4231] input: HID 045e:07da as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:045E:07DA.0005/input/input13 [ 108.065938][ T4231] microsoft 0003:045E:07DA.0005: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0 [ 108.090366][ T1346] usb 2-1: New USB device found, idVendor=1a86, idProduct=e092, bcdDevice=53.3f [ 108.099438][ T1346] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 108.161058][ T1346] usb 2-1: Product: syz [ 108.165264][ T1346] usb 2-1: Manufacturer: syz [ 108.169878][ T1346] usb 2-1: SerialNumber: syz [ 108.278101][ T5127] usb 6-1: USB disconnect, device number 4 [ 108.310523][ T4231] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 108.340687][ T6050] fido_id[6050]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 108.426678][ T6056] loop2: detected capacity change from 0 to 4096 [ 108.813024][ T5127] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 108.882268][ T6066] netlink: 104 bytes leftover after parsing attributes in process `syz.2.465'. [ 108.973928][ T6071] loop5: detected capacity change from 0 to 1024 [ 109.070224][ T5127] usb 1-1: Using ep0 maxpacket: 32 [ 109.110416][ T1346] ch9200: probe of 2-1:2.31 failed with error -22 [ 109.128471][ T1346] usb 2-1: USB disconnect, device number 6 [ 109.144249][ T6071] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 109.190293][ T5127] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 109.201457][ T5127] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 109.211391][ T5127] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2ced, bcdDevice= 0.00 [ 109.225507][ T5127] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 109.235698][ T5127] usb 1-1: config 0 descriptor?? [ 109.342051][ T4227] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 109.350317][ T4227] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 109.390295][ T5842] usb 5-1: new full-speed USB device number 5 using dummy_hcd [ 109.479729][ T6091] loop1: detected capacity change from 0 to 128 [ 109.546362][ T6091] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 109.582999][ T6091] EXT4-fs (loop1): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 109.598310][ T6094] loop5: detected capacity change from 0 to 4096 [ 109.600200][ T6091] ext2 filesystem being mounted at /64/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 109.701896][ T5127] kone 0003:1E7D:2CED.0006: unknown main item tag 0x0 [ 109.737089][ T5127] kone 0003:1E7D:2CED.0006: unknown main item tag 0x0 [ 109.780271][ T5842] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 109.781119][ T5127] kone 0003:1E7D:2CED.0006: unexpected long global item [ 109.795026][ T5842] usb 5-1: config 1 has no interface number 0 [ 109.834419][ T5127] kone 0003:1E7D:2CED.0006: parse failed [ 109.836723][ T5842] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 109.842457][ T5127] kone: probe of 0003:1E7D:2CED.0006 failed with error -22 [ 109.887179][ T5842] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 109.922235][ T5842] usb 5-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 109.951234][ T5842] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 109.983080][ T5842] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 59360, setting to 64 [ 110.017377][ T4227] usb 1-1: USB disconnect, device number 10 [ 110.194974][ T5842] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 110.222780][ T5842] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 110.237016][ T5842] usb 5-1: Product: syz [ 110.242475][ T5842] usb 5-1: Manufacturer: syz [ 110.254586][ T5842] usb 5-1: SerialNumber: syz [ 110.303637][ T6080] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 110.382457][ T4231] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 110.460804][ T6110] loop2: detected capacity change from 0 to 128 [ 110.528385][ T6080] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 110.538504][ T6080] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 110.553432][ T6110] FAT-fs (loop2): bogus number of reserved sectors [ 110.565639][ T6110] FAT-fs (loop2): This doesn't look like a DOS 1.x volume; DOS 2.x BPB is non-zero [ 110.576401][ T6110] FAT-fs (loop2): Can't find a valid FAT filesystem [ 110.663109][ T6116] loop2: detected capacity change from 0 to 2048 [ 110.686860][ T6116] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000) [ 110.770234][ T4231] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 110.778323][ T6080] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 111.110102][ T7] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 111.127317][ T6124] loop1: detected capacity change from 0 to 32768 [ 111.156666][ T6124] XFS (loop1): Mounting V5 Filesystem [ 111.162282][ T4231] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 111.176815][ T4231] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 111.189436][ T4231] usb 1-1: New USB device found, idVendor=056a, idProduct=032f, bcdDevice= 0.00 [ 111.199816][ T4231] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 111.209316][ T6080] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 111.218441][ T6080] raw-gadget.1 gadget: fail, usb_ep_enable returned -22 [ 111.233617][ T4231] usb 1-1: config 0 descriptor?? [ 111.240344][ T6124] XFS (loop1): Ending clean mount [ 111.241446][ T5842] cdc_ncm 5-1:1.1: bind() failure [ 111.265192][ T6124] XFS (loop1): Quotacheck needed: Please wait. [ 111.323570][ T6124] XFS (loop1): Quotacheck: Done. [ 111.370092][ T7] usb 3-1: Using ep0 maxpacket: 16 [ 111.410521][ T4328] XFS (loop1): Unmounting Filesystem [ 111.428879][ T4227] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 111.462372][ T4227] usb 5-1: USB disconnect, device number 5 [ 111.513427][ T7] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 111.524443][ T7] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 111.537164][ T7] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 111.550363][ T7] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 111.559650][ T7] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 111.570798][ T7] usb 3-1: config 0 descriptor?? [ 111.712483][ T4231] wacom 0003:056A:032F.0007: unknown main item tag 0x0 [ 111.719408][ T4231] wacom 0003:056A:032F.0007: unknown main item tag 0x0 [ 111.726509][ T4231] wacom 0003:056A:032F.0007: unknown main item tag 0x0 [ 111.734876][ T4231] wacom 0003:056A:032F.0007: hidraw0: USB HID v0.00 Device [HID 056a:032f] on usb-dummy_hcd.0-1/input0 [ 111.915591][ T5127] usb 1-1: USB disconnect, device number 11 [ 112.042589][ T7] microsoft 0003:045E:07DA.0008: unknown main item tag 0x0 [ 112.060291][ T7] microsoft 0003:045E:07DA.0008: ignoring exceeding usage max [ 112.084578][ T7] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.0008/input/input17 [ 112.106311][ T6139] kvm: apic: phys broadcast and lowest prio [ 112.109358][ T6142] loop4: detected capacity change from 0 to 4096 [ 112.112492][ T6139] Disabled LAPIC found during irq injection [ 112.126600][ T6145] binder_alloc: binder_alloc_mmap_handler: 6144 200000ffc000-200001000000 already mapped failed -16 [ 112.150603][ T6145] uffd: Set unprivileged_userfaultfd sysctl knob to 1 if kernel faults must be handled without obtaining CAP_SYS_PTRACE capability [ 112.167976][ T7] microsoft 0003:045E:07DA.0008: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 112.326439][ T4231] usb 3-1: USB disconnect, device number 7 [ 112.363239][ T6150] netlink: 16 bytes leftover after parsing attributes in process `syz.1.493'. [ 112.390476][ T5127] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 112.475470][ T5842] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 112.931282][ T6177] loop0: detected capacity change from 0 to 512 [ 112.977557][ T6183] overlayfs: refusing to follow metacopy origin for (/file1) [ 113.000156][ T6177] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode [ 113.133036][ T6177] EXT4-fs (loop0): 1 truncate cleaned up [ 113.138789][ T6177] EXT4-fs (loop0): mounted filesystem without journal. Opts: max_batch_time=0x0000000000000004,jqfmt=vfsold,debug_want_extra_isize=0x000000000000006a,user_xattr,errors=remount-ro,nombcache,. Quota mode: none. [ 113.273346][ T6202] netlink: 'syz.1.507': attribute type 25 has an invalid length. [ 113.283279][ T6202] netlink: 4 bytes leftover after parsing attributes in process `syz.1.507'. [ 113.296231][ T6202] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 113.305276][ T6202] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 113.314049][ T6202] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 113.322876][ T6202] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 113.334033][ T6202] netlink: 'syz.1.507': attribute type 25 has an invalid length. [ 113.342100][ T6202] netlink: 4 bytes leftover after parsing attributes in process `syz.1.507'. [ 113.517525][ T4227] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 113.616899][ T6218] tipc: Started in network mode [ 113.630170][ T6218] tipc: Node identity 2, cluster identity 4711 [ 113.653829][ T6218] tipc: Node number set to 2 [ 113.820208][ T6224] loop0: detected capacity change from 0 to 4096 [ 114.223573][ T6253] loop4: detected capacity change from 0 to 512 [ 114.261445][ T6255] netlink: 12 bytes leftover after parsing attributes in process `syz.1.521'. [ 114.304791][ T6253] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode [ 114.399440][ T6253] EXT4-fs (loop4): 1 truncate cleaned up [ 114.405322][ T6253] EXT4-fs (loop4): mounted filesystem without journal. Opts: max_batch_time=0x0000000000000004,jqfmt=vfsold,debug_want_extra_isize=0x000000000000006a,user_xattr,errors=remount-ro,nombcache,. Quota mode: none. [ 114.547712][ T4231] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 114.549722][ T6220] loop5: detected capacity change from 0 to 40427 [ 114.586647][ T6220] F2FS-fs (loop5): Invalid log_blocksize (268), supports only 12 [ 114.639654][ T6220] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 114.751041][ T6220] F2FS-fs (loop5): invalid crc value [ 114.782094][ T4552] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 114.804045][ T6220] F2FS-fs (loop5): Found nat_bits in checkpoint [ 114.914184][ T6220] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 114.931247][ T6220] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5 [ 115.134904][ T6244] loop2: detected capacity change from 0 to 32768 [ 115.154726][ T6284] loop4: detected capacity change from 0 to 128 [ 115.252417][ T6284] EXT4-fs (loop4): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,barrier=0x0000000000000de2,,errors=continue. Quota mode: none. [ 115.289776][ T6284] ext4 filesystem being mounted at /113/file0 supports timestamps until 2038-01-19 (0x7fffffff) [ 115.303235][ T26] audit: type=1800 audit(1772117550.082:14): pid=6244 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.519" name="file1" dev="loop2" ino=4 res=0 errno=0 [ 115.427990][ T5127] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 115.436889][ T4552] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 115.509820][ T6284] overlayfs: upper fs needs to support d_type. [ 115.526580][ T6297] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 115.568184][ T6297] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 115.607522][ T4227] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 115.615679][ T4227] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 115.626709][ T6297] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 115.638541][ T6297] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 115.682670][ T6297] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 115.752292][ T6297] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 115.984508][ T6320] loop0: detected capacity change from 0 to 512 [ 116.125052][ T6320] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobarrier,acl,,errors=continue. Quota mode: none. [ 116.276112][ T26] audit: type=1800 audit(1772117551.052:15): pid=6320 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.534" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 116.406542][ T6329] EXT4-fs error (device loop0): ext4_validate_block_bitmap:420: comm syz.0.534: bg 0: bad block bitmap checksum [ 116.497592][ T6322] loop4: detected capacity change from 0 to 32768 [ 117.298941][ T6357] loop0: detected capacity change from 0 to 128 [ 117.313791][ T6359] netlink: 104 bytes leftover after parsing attributes in process `syz.2.541'. [ 117.323513][ T6359] netlink: 104 bytes leftover after parsing attributes in process `syz.2.541'. [ 117.335315][ T6359] netlink: 104 bytes leftover after parsing attributes in process `syz.2.541'. [ 117.539194][ T6369] loop4: detected capacity change from 0 to 1024 [ 117.626602][ T4236] attempt to access beyond end of device [ 117.626602][ T4236] loop0: rw=1, want=1041, limit=128 [ 117.716881][ T26] audit: type=1800 audit(1772117552.492:16): pid=6369 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.537" name="file1" dev="loop4" ino=20 res=0 errno=0 [ 117.809288][ T154] hfsplus: b-tree write err: -5, ino 4 [ 117.862354][ T6375] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 117.895105][ T6375] ext4 filesystem being mounted at /118/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 118.271466][ T6398] set_capacity_and_notify: 2 callbacks suppressed [ 118.271481][ T6398] loop2: detected capacity change from 0 to 128 [ 118.324762][ T6398] FAT-fs (loop2): Invalid FSINFO signature: 0x41615200, 0x61417272 (sector = 1) [ 118.374302][ T6398] FAT-fs (loop2): error, invalid FAT chain (i_pos 548, last_block 8) [ 118.430369][ T6398] FAT-fs (loop2): Filesystem has been set read-only [ 118.463923][ T6398] FAT-fs (loop2): error, corrupted file size (i_pos 548, 522) [ 118.597093][ T6302] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 118.686456][ T6412] loop5: detected capacity change from 0 to 256 [ 118.734186][ T6384] loop4: detected capacity change from 0 to 32768 [ 118.826423][ T6419] loop2: detected capacity change from 0 to 512 [ 118.899357][ T6419] FAT-fs (loop2): FAT read failed (blocknr 128) [ 118.934720][ T6384] XFS (loop4): Mounting V5 Filesystem [ 119.070250][ T4552] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 119.284964][ T6384] XFS (loop4): Ending clean mount [ 119.301651][ T6384] XFS (loop4): Quotacheck needed: Please wait. [ 119.327231][ T6431] loop2: detected capacity change from 0 to 512 [ 119.445486][ T6431] EXT4-fs (loop2): mounted filesystem without journal. Opts: max_dir_size_kb=0x0000000000001000,nodiscard,quota,,errors=continue. Quota mode: writeback. [ 119.480418][ T4552] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 119.527955][ T4552] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 119.547158][ T6431] ext4 filesystem being mounted at /122/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 119.638779][ T6384] XFS (loop4): Quotacheck: Done. [ 119.661348][ T6431] EXT4-fs error (device loop2): ext4_do_update_inode:5222: inode #2: comm syz.2.558: corrupted inode contents [ 119.676880][ T6426] loop5: detected capacity change from 0 to 131072 [ 119.713972][ T6431] EXT4-fs error (device loop2): ext4_dirty_inode:6058: inode #2: comm syz.2.558: mark_inode_dirty error [ 119.739481][ T6426] F2FS-fs (loop5): Wrong CP boundary, start(512) end(1536) blocks(0) [ 119.747768][ T6426] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock [ 119.757168][ T6426] F2FS-fs (loop5): invalid crc value [ 119.770405][ T4552] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 119.788957][ T6426] F2FS-fs (loop5): Found nat_bits in checkpoint [ 119.802249][ T4552] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 119.835277][ T6431] EXT4-fs error (device loop2): ext4_do_update_inode:5222: inode #2: comm syz.2.558: corrupted inode contents [ 119.845171][ T4552] usb 2-1: Product: syz [ 119.847743][ T6426] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0 [ 119.858249][ T6426] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4 [ 119.866919][ T6431] EXT4-fs error (device loop2): __ext4_ext_dirty:183: inode #2: comm syz.2.558: mark_inode_dirty error [ 119.892075][ T4552] usb 2-1: Manufacturer: syz [ 119.919132][ T4552] usb 2-1: SerialNumber: syz [ 119.983447][ T4196] XFS (loop4): Unmounting Filesystem [ 120.002174][ T4552] cdc_mbim 2-1:1.0: skipping garbage [ 120.057288][ T6437] loop0: detected capacity change from 0 to 32768 [ 120.075841][ T6437] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop0 scanned by syz.0.560 (6437) [ 120.216961][ T6417] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 120.245770][ T6437] BTRFS info (device loop0): using blake2b (blake2b-256-generic) checksum algorithm [ 120.300111][ T6437] BTRFS info (device loop0): max_inline at 93 [ 120.306223][ T6437] BTRFS info (device loop0): using free space tree [ 120.322735][ T6437] BTRFS info (device loop0): has skinny extents [ 120.607047][ T6465] loop4: detected capacity change from 0 to 2048 [ 120.614902][ T6437] BTRFS info (device loop0): enabling ssd optimizations [ 120.672514][ T6465] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000) [ 120.882232][ T6417] raw-gadget.0 gadget: fail, usb_ep_enable returned -22 [ 120.924536][ T6469] loop5: detected capacity change from 0 to 1024 [ 120.950494][ T4552] cdc_mbim 2-1:1.0: cdc-wdm0: USB WDM device [ 120.979794][ T4552] cdc_mbim 2-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.1-1, CDC MBIM, 06:79:ca:c7:03:82 [ 120.993997][ T6469] EXT4-fs (loop5): Ignoring removed orlov option [ 121.020292][ T5842] net_ratelimit: 25 callbacks suppressed [ 121.020308][ T5842] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 121.152239][ T6469] EXT4-fs (loop5): mounted filesystem without journal. Opts: block_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,norecovery,,errors=continue. Quota mode: none. [ 121.199645][ T6476] netlink: 208644 bytes leftover after parsing attributes in process `syz.2.566'. [ 121.378872][ T6478] usb 2-1: USB disconnect, device number 7 [ 121.385739][ T6478] cdc_mbim 2-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.1-1, CDC MBIM [ 121.441266][ T6484] netlink: 56 bytes leftover after parsing attributes in process `syz.2.567'. [ 121.472426][ T6484] IPv6: sit1: Disabled Multicast RS [ 121.510439][ T4895] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 121.623087][ T6489] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 121.692214][ T6495] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 121.995282][ T6471] loop4: detected capacity change from 0 to 32768 [ 122.066042][ T6516] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 122.074264][ T4227] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 122.095861][ T6516] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 122.116016][ T6516] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 122.150118][ T6516] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 122.167902][ T6516] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 122.182845][ T6528] netlink: 28 bytes leftover after parsing attributes in process `syz.5.578'. [ 122.201693][ T6528] netlink: 116 bytes leftover after parsing attributes in process `syz.5.578'. [ 122.237194][ T6514] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 122.273048][ T6471] jfs_rename did not expect dtDelete to return rc = -116 [ 122.304594][ T6471] ERROR: (device loop4): jfs_rename: [ 122.304594][ T6471] [ 122.331263][ T6471] ERROR: (device loop4): remounting filesystem as read-only [ 123.100903][ T6478] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 123.242982][ T6569] EXT4-fs (loop1): mounted filesystem without journal. Opts: grpquota,nogrpid,quota,,errors=continue. Quota mode: writeback. [ 123.256380][ T6569] ext4 filesystem being mounted at /90/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 123.443275][ T6580] set_capacity_and_notify: 1 callbacks suppressed [ 123.443301][ T6580] loop2: detected capacity change from 0 to 8 [ 123.477800][ T6582] loop1: detected capacity change from 0 to 512 [ 123.549323][ T6576] loop4: detected capacity change from 0 to 4096 [ 123.555880][ T6579] loop0: detected capacity change from 0 to 4096 [ 123.555921][ T6582] EXT4-fs (loop1): mounted filesystem without journal. Opts: nouid32,nogrpid,quota,nojournal_checksum,,errors=continue. Quota mode: writeback. [ 123.696060][ T6582] ext4 filesystem being mounted at /91/bus supports timestamps until 2038-01-19 (0x7fffffff) [ 123.775672][ T6589] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 124.109492][ T6597] loop4: detected capacity change from 0 to 2048 [ 124.139905][ T6599] netlink: 'syz.2.598': attribute type 5 has an invalid length. [ 124.158551][ T6597] UDF-fs: error (device loop4): udf_process_sequence: Primary Volume Descriptor not found! [ 124.840091][ T4227] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 124.958544][ T6614] loop2: detected capacity change from 0 to 256 [ 125.100523][ T4227] usb 5-1: Using ep0 maxpacket: 16 [ 125.208672][ T6623] loop2: detected capacity change from 0 to 4096 [ 125.221194][ T4227] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 125.248597][ T4227] usb 5-1: New USB device found, idVendor=041e, idProduct=3100, bcdDevice= 0.00 [ 125.259082][ T4227] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 125.275966][ T4227] usb 5-1: config 0 descriptor?? [ 125.284716][ T6624] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 125.754922][ T4227] input: HID 041e:3100 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:041E:3100.0009/input/input18 [ 125.836544][ T4227] creative-sb0540 0003:041E:3100.0009: input,hidraw0: USB HID v0.00 Device [HID 041e:3100] on usb-dummy_hcd.4-1/input0 [ 125.963765][ T4231] usb 5-1: USB disconnect, device number 6 [ 126.103949][ T6567] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 126.200312][ T6478] net_ratelimit: 3 callbacks suppressed [ 126.200329][ T6478] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 126.255131][ T6632] loop5: detected capacity change from 0 to 8 [ 126.618914][ T6634] loop0: detected capacity change from 0 to 4096 [ 127.165246][ T1346] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 127.165714][ T6638] netlink: 9275 bytes leftover after parsing attributes in process `syz.4.626'. [ 127.397118][ T6628] loop2: detected capacity change from 0 to 262144 [ 127.399157][ T6642] netlink: 56 bytes leftover after parsing attributes in process `syz.1.611'. [ 127.443684][ T6642] IPv6: sit1: Disabled Multicast RS [ 127.494984][ T6628] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop2 scanned by syz.2.622 (6628) [ 127.526587][ T6628] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm [ 127.535984][ T6628] BTRFS info (device loop2): using free space tree [ 127.542688][ T6628] BTRFS info (device loop2): has skinny extents [ 127.548955][ T6628] BTRFS info (device loop2): flagging fs with big metadata feature [ 127.960977][ T6628] BTRFS info (device loop2): enabling ssd optimizations [ 128.120557][ T6689] netlink: 4 bytes leftover after parsing attributes in process `syz.0.624'. [ 128.223841][ T1346] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 128.403065][ T4176] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 10 /dev/loop2 scanned by udevd (4176) [ 128.455490][ T6698] rdma_rxe: rxe_register_device failed with error -23 [ 128.492830][ T6698] rdma_rxe: failed to add lo [ 128.510013][ T6700] siw: device registration error -23 [ 128.829086][ T6710] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 128.847871][ T6710] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 128.866104][ T6709] 9pnet: p9_errstr2errno: server reported unknown error ave_1 [ 128.896314][ T6710] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 128.939140][ T6710] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 128.970262][ T6716] loop4: detected capacity change from 0 to 512 [ 129.050175][ T6710] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 129.058447][ T6710] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 129.097985][ T6716] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobarrier,acl,,errors=continue. Quota mode: none. [ 129.113266][ T6710] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 129.143962][ T6714] loop2: detected capacity change from 0 to 4096 [ 129.171523][ T26] audit: type=1800 audit(1772117563.952:17): pid=6716 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.637" name="file1" dev="loop4" ino=15 res=0 errno=0 [ 129.324415][ T6724] EXT4-fs error (device loop4): ext4_validate_block_bitmap:420: comm syz.4.637: bg 0: bad block bitmap checksum [ 129.350464][ T6725] NILFS (loop2): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 129.402886][ T26] audit: type=1800 audit(1772117564.182:18): pid=6714 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.636" name="file1" dev="loop2" ino=15 res=0 errno=0 [ 129.696732][ T6718] loop5: detected capacity change from 0 to 32768 [ 129.818744][ T6718] XFS (loop5): Mounting V5 Filesystem [ 129.944578][ T6718] XFS (loop5): Ending clean mount [ 129.975972][ T6751] overlayfs: invalid origin (000000790065726c6179000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000) [ 130.009727][ T6718] XFS (loop5): Quotacheck needed: Please wait. [ 130.124633][ T6718] XFS (loop5): Quotacheck: Done. [ 130.286116][ T5498] XFS (loop5): Unmounting Filesystem [ 130.436798][ T6762] llcp: llcp_sock_recvmsg: Recv datagram failed state 5 -11 0 [ 130.521828][ T6767] loop0: detected capacity change from 0 to 64 [ 130.540073][ T1346] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 130.907254][ T1346] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 130.946556][ T1346] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 130.989403][ T1346] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 131.023629][ T1346] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 131.039877][ T1346] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 131.133063][ T6769] loop5: detected capacity change from 0 to 32768 [ 131.174325][ T1346] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 131.199318][ T6763] loop2: detected capacity change from 0 to 32768 [ 131.206557][ T6769] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 scanned by syz.5.647 (6769) [ 131.224339][ T1346] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 131.264208][ T1346] usb 2-1: Product: syz [ 131.288519][ T1346] usb 2-1: Manufacturer: syz [ 131.289910][ T6765] loop4: detected capacity change from 0 to 32768 [ 131.338613][ T6769] BTRFS info (device loop5): using crc32c (crc32c-intel) checksum algorithm [ 131.347531][ T6769] BTRFS info (device loop5): turning on sync discard [ 131.354275][ T6769] BTRFS info (device loop5): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 131.361046][ T1346] cdc_wdm 2-1:1.0: skipping garbage [ 131.363727][ T6769] BTRFS info (device loop5): use zstd compression, level 3 [ 131.376948][ T6769] BTRFS warning (device loop5): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 131.377593][ T1346] cdc_wdm 2-1:1.0: skipping garbage [ 131.387589][ T6769] BTRFS info (device loop5): trying to use backup root at mount time [ 131.387620][ T6769] BTRFS info (device loop5): enabling auto defrag [ 131.387682][ T6769] BTRFS info (device loop5): using free space tree [ 131.414086][ T6769] BTRFS info (device loop5): has skinny extents [ 131.424564][ T1346] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 131.461915][ T1346] cdc_wdm 2-1:1.0: Unknown control protocol [ 131.531664][ T6765] XFS (loop4): Mounting V5 Filesystem [ 131.540910][ T6763] XFS (loop2): Mounting V5 Filesystem [ 131.547320][ T4231] net_ratelimit: 72 callbacks suppressed [ 131.547335][ T4231] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 131.659038][ T4231] usb 2-1: USB disconnect, device number 8 [ 131.665727][ T6759] cdc_wdm 2-1:1.0: Tx URB error: -19 [ 131.671760][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 131.671821][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 131.671839][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 131.698691][ T6765] XFS (loop4): Ending clean mount [ 131.704456][ T26] audit: type=1326 audit(1772117566.482:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6803 comm="syz.0.658" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fb1efc94799 code=0x0 [ 131.729637][ T6765] XFS (loop4): Quotacheck needed: Please wait. [ 131.826638][ T4236] BTRFS warning (device loop5): checksum verify failed on 5337088 wanted 0xe63dbdda found 0xc926492d level 0 [ 131.835831][ T6763] XFS (loop2): Starting recovery (logdev: internal) [ 131.851494][ T6765] XFS (loop4): Quotacheck: Done. [ 131.856748][ T6769] BTRFS warning (device loop5): failed to read root (objectid=2): -5 [ 131.865355][ T4236] BTRFS warning (device loop5): checksum verify failed on 5324800 wanted 0x9f73850b found 0x80379423 level 0 [ 131.892252][ T6763] XFS (loop2): Ending recovery (logdev: internal) [ 131.898838][ T6769] BTRFS warning (device loop5): couldn't read tree root [ 131.906594][ T6769] BTRFS error (device loop5): parent transid verify failed on 5255168 wanted 5 found 7 [ 131.916478][ T6769] BTRFS warning (device loop5): couldn't read tree root [ 131.933184][ T6769] BTRFS info (device loop5): enabling ssd optimizations [ 131.940880][ T6769] BTRFS info (device loop5): clearing free space tree [ 131.947756][ T6769] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 131.957531][ T6769] BTRFS info (device loop5): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 131.987276][ T6769] BTRFS info (device loop5): creating free space tree [ 131.995005][ T6769] BTRFS info (device loop5): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 132.004655][ T6769] BTRFS info (device loop5): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 132.019524][ T6769] BTRFS info (device loop5): checking UUID tree [ 132.030393][ T4196] XFS (loop4): Unmounting Filesystem [ 132.185800][ T4198] XFS (loop2): Unmounting Filesystem [ 132.332323][ T4895] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 132.684483][ T1346] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 132.702165][ T1420] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.708504][ T1420] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.924350][ T4230] infiniband syz2: ib_query_port failed (-19) [ 132.968970][ T6832] loop5: detected capacity change from 0 to 256 [ 133.235750][ T4400] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.251209][ T6824] loop0: detected capacity change from 0 to 32768 [ 133.334493][ T6824] jfs_rename did not expect dtDelete to return rc = -116 [ 133.346016][ T6824] ERROR: (device loop0): jfs_rename: [ 133.346016][ T6824] [ 133.354023][ T1346] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 133.355845][ T4400] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.385248][ T6824] ERROR: (device loop0): remounting filesystem as read-only [ 133.516745][ T4400] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.627146][ T4400] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 133.686826][ T6854] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 133.730671][ T6854] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 133.740408][ T4227] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 133.784769][ T6854] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 133.808066][ T6855] lo speed is unknown, defaulting to 1000 [ 133.814840][ T6858] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 133.823713][ T6858] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 134.199150][ T6862] loop2: detected capacity change from 0 to 32768 [ 134.244357][ T6862] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 scanned by syz.2.675 (6862) [ 134.266056][ T6862] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm [ 134.274874][ T6862] BTRFS info (device loop2): turning on sync discard [ 134.282031][ T6862] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_ZSTD (0x10) [ 134.291484][ T6862] BTRFS info (device loop2): use zstd compression, level 3 [ 134.298703][ T6862] BTRFS warning (device loop2): 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead [ 134.309382][ T6862] BTRFS info (device loop2): trying to use backup root at mount time [ 134.320080][ T6862] BTRFS info (device loop2): enabling auto defrag [ 134.326563][ T6862] BTRFS info (device loop2): using free space tree [ 134.333304][ T6862] BTRFS info (device loop2): has skinny extents [ 134.413078][ T6872] loop5: detected capacity change from 0 to 128 [ 134.465401][ T6875] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 134.485028][ T6852] loop1: detected capacity change from 0 to 32768 [ 134.555586][ T6872] EXT4-fs (loop5): mounting ext2 file system using the ext4 subsystem [ 134.639321][ T6872] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 134.651082][ T6872] ext2 filesystem being mounted at /49/file1 supports timestamps until 2038-01-19 (0x7fffffff) [ 134.666011][ T6852] XFS (loop1): Mounting V5 Filesystem [ 134.756985][ T1244] BTRFS warning (device loop2): checksum verify failed on 5337088 wanted 0xe63dbdda found 0xc926492d level 0 [ 134.871226][ T6862] BTRFS warning (device loop2): failed to read root (objectid=2): -5 [ 134.879680][ T1244] BTRFS warning (device loop2): checksum verify failed on 5324800 wanted 0x9f73850b found 0x80379423 level 0 [ 134.894124][ T6862] BTRFS warning (device loop2): couldn't read tree root [ 134.901826][ T6862] BTRFS error (device loop2): parent transid verify failed on 5255168 wanted 5 found 7 [ 134.911621][ T6862] BTRFS warning (device loop2): couldn't read tree root [ 134.956131][ T6862] BTRFS info (device loop2): enabling ssd optimizations [ 134.963738][ T6862] BTRFS info (device loop2): clearing free space tree [ 134.971139][ T6862] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 134.980934][ T6862] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 135.000067][ T6862] BTRFS info (device loop2): creating free space tree [ 135.002322][ T6852] XFS (loop1): Ending clean mount [ 135.007727][ T6862] BTRFS info (device loop2): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 135.022576][ T6862] BTRFS info (device loop2): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 135.068781][ T6862] BTRFS info (device loop2): checking UUID tree [ 135.128807][ T6852] XFS (loop1): Quotacheck needed: Please wait. [ 135.172537][ T6855] chnl_net:caif_netlink_parms(): no params data found [ 135.306128][ T6852] XFS (loop1): Quotacheck: Done. [ 135.523764][ T6855] bridge0: port 1(bridge_slave_0) entered blocking state [ 135.560204][ T6855] bridge0: port 1(bridge_slave_0) entered disabled state [ 135.605480][ T6855] device bridge_slave_0 entered promiscuous mode [ 135.657513][ T6855] bridge0: port 2(bridge_slave_1) entered blocking state [ 135.709400][ T6855] bridge0: port 2(bridge_slave_1) entered disabled state [ 135.747975][ T6855] device bridge_slave_1 entered promiscuous mode [ 135.765272][ T6932] loop0: detected capacity change from 0 to 128 [ 135.772422][ T6919] loop5: detected capacity change from 0 to 32768 [ 135.820177][ T5842] Bluetooth: hci3: command 0x0409 tx timeout [ 135.839874][ T6855] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 135.872847][ T6932] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 135.887532][ T6919] jfs_rename did not expect dtDelete to return rc = -116 [ 135.920124][ T6932] hpfs: filesystem error: improperly stopped [ 135.926157][ T6932] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 135.936259][ T6919] ERROR: (device loop5): jfs_rename: [ 135.936259][ T6919] [ 135.943954][ T6855] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 135.964432][ T4328] XFS (loop1): Unmounting Filesystem [ 136.001574][ T6932] hpfs: You really don't want any checks? You are crazy... [ 136.052951][ T6932] hpfs: Code page index out of array [ 136.063162][ T6932] hpfs: code page support is disabled [ 136.068750][ T6932] hpfs: hpfs_map_4sectors(): unaligned read [ 136.086618][ T6855] team0: Port device team_slave_0 added [ 136.093493][ T6919] ERROR: (device loop5): remounting filesystem as read-only [ 136.102088][ T6932] hpfs: hpfs_map_4sectors(): unaligned read [ 136.103509][ T6855] team0: Port device team_slave_1 added [ 136.149540][ T6932] hpfs: filesystem error: unable to find root dir [ 136.238021][ T6932] hpfs: hpfs_map_4sectors(): unaligned read [ 136.254660][ T6855] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 136.266197][ T6855] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 136.336178][ T6855] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 136.374455][ T6855] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 136.410051][ T6855] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 136.552419][ T6855] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 136.860867][ T4231] net_ratelimit: 644 callbacks suppressed [ 136.860883][ T4231] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 136.890318][ T6855] device hsr_slave_0 entered promiscuous mode [ 136.913222][ T6855] device hsr_slave_1 entered promiscuous mode [ 136.940683][ T6855] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 136.950236][ T6855] Cannot create hsr debugfs directory [ 137.130128][ T1346] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 137.275170][ T4400] device hsr_slave_0 left promiscuous mode [ 137.281842][ T4400] device hsr_slave_1 left promiscuous mode [ 137.300286][ T4400] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 137.318459][ T4400] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 137.339460][ T4400] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 137.359082][ T4400] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 137.364390][ T5842] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 137.374463][ T4400] device bridge_slave_1 left promiscuous mode [ 137.380213][ T1346] usb 6-1: Using ep0 maxpacket: 32 [ 137.382889][ T4400] bridge0: port 2(bridge_slave_1) entered disabled state [ 137.404480][ T4400] device bridge_slave_0 left promiscuous mode [ 137.420323][ T4400] bridge0: port 1(bridge_slave_0) entered disabled state [ 137.444726][ T4400] rdma_rxe: ignoring netdev event = 10 for lo [ 137.461611][ T4400] device veth1_vlan left promiscuous mode [ 137.467456][ T4400] device veth0_vlan left promiscuous mode [ 137.504265][ T1346] usb 6-1: config 0 has an invalid interface number: 12 but max is 0 [ 137.519484][ T1346] usb 6-1: config 0 has no interface number 0 [ 137.532175][ T1346] usb 6-1: config 0 interface 12 has no altsetting 0 [ 137.584737][ T4400] infiniband sz1: set down [ 137.590741][ T4400] bond1 (unregistering): (slave geneve2): Releasing active interface [ 137.606071][ T4400] bond1 (unregistering): Released all slaves [ 137.690416][ T1346] usb 6-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 137.709820][ T1346] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 137.728802][ T1346] usb 6-1: Product: syz [ 137.733962][ T1346] usb 6-1: Manufacturer: syz [ 137.736167][ T4400] team0 (unregistering): Port device team_slave_1 removed [ 137.738572][ T1346] usb 6-1: SerialNumber: syz [ 137.744784][ T1346] usb 6-1: config 0 descriptor?? [ 137.756091][ T5842] usb 2-1: config 220 has an invalid interface number: 76 but max is 2 [ 137.770914][ T5842] usb 2-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 137.780342][ T5842] usb 2-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 137.788027][ T4400] team0 (unregistering): Port device team_slave_0 removed [ 137.790794][ T5842] usb 2-1: config 220 has no interface number 2 [ 137.804887][ T5842] usb 2-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 137.821363][ T5842] usb 2-1: config 220 interface 0 has no altsetting 0 [ 137.828257][ T5842] usb 2-1: config 220 interface 76 has no altsetting 0 [ 137.855386][ T5842] usb 2-1: config 220 interface 1 has no altsetting 0 [ 137.879386][ T4400] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 137.903559][ T4231] Bluetooth: hci3: command 0x041b tx timeout [ 137.920465][ T4227] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 137.960299][ T4400] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 138.030308][ T5842] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 138.039382][ T5842] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 138.067750][ T5842] usb 2-1: Product: syz [ 138.080063][ T5842] usb 2-1: Manufacturer: syz [ 138.084745][ T5842] usb 2-1: SerialNumber: syz [ 138.164271][ T4400] bond0 (unregistering): Released all slaves [ 138.235780][ T144] smc: removing ib device sz1 [ 138.256833][ T4895] lo speed is unknown, defaulting to 1000 [ 138.521198][ T5842] usb 2-1: Found UVC 7.01 device syz (8086:0b07) [ 138.527582][ T5842] usb 2-1: No valid video chain found. [ 138.543705][ T5842] usb 2-1: selecting invalid altsetting 0 [ 138.685776][ T5842] usb 2-1: selecting invalid altsetting 0 [ 138.691759][ T5842] usbtest: probe of 2-1:220.1 failed with error -22 [ 138.740728][ T5842] usb 2-1: USB disconnect, device number 9 [ 138.747791][ T6979] loop0: detected capacity change from 0 to 32768 [ 138.940437][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 138.951987][ T6979] XFS (loop0): Mounting V5 Filesystem [ 139.080756][ T7003] loop1: detected capacity change from 0 to 4096 [ 139.090118][ T7002] loop2: detected capacity change from 0 to 512 [ 139.167675][ T7002] EXT4-fs (loop2): Ignoring removed orlov option [ 139.180217][ T7002] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 139.243259][ T7007] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 139.267512][ T26] audit: type=1800 audit(1772117574.042:20): pid=7003 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.696" name="file1" dev="loop1" ino=15 res=0 errno=0 [ 139.297014][ T6979] XFS (loop0): Starting recovery (logdev: internal) [ 139.311931][ T7002] EXT4-fs (loop2): 1 truncate cleaned up [ 139.315179][ T6855] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 139.317608][ T7002] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,orlov,debug_want_extra_isize=0x0000000000000064,barrier,jqfmt=vfsold,quota,. Quota mode: writeback. [ 139.342366][ T1346] f81534 6-1:0.12: f81534_get_register: reg: 1003 failed: -71 [ 139.345233][ T6855] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 139.349868][ T1346] f81534 6-1:0.12: f81534_find_config_idx: read failed: -71 [ 139.423143][ T4225] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 139.442452][ T1346] f81534 6-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 139.463320][ T1346] f81534: probe of 6-1:0.12 failed with error -71 [ 139.467244][ T6979] XFS (loop0): Ending recovery (logdev: internal) [ 139.507341][ T6855] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 139.551970][ T6855] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 139.560706][ T1346] usb 6-1: USB disconnect, device number 5 [ 139.770143][ T4225] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 139.877281][ T4184] XFS (loop0): Unmounting Filesystem [ 139.999351][ T6855] 8021q: adding VLAN 0 to HW filter on device bond0 [ 140.040605][ T24] Bluetooth: hci3: command 0x040f tx timeout [ 140.046902][ T5842] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 140.068888][ T6906] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 140.106185][ T6906] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 140.141788][ T6855] 8021q: adding VLAN 0 to HW filter on device team0 [ 140.193935][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 140.194408][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 140.194735][ T4274] bridge0: port 1(bridge_slave_0) entered blocking state [ 140.200548][ T4274] bridge0: port 1(bridge_slave_0) entered forwarding state [ 140.213371][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 140.224496][ T1244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 140.225085][ T1244] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 140.225511][ T1244] bridge0: port 2(bridge_slave_1) entered blocking state [ 140.225548][ T1244] bridge0: port 2(bridge_slave_1) entered forwarding state [ 140.238989][ T1244] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 140.243075][ T1244] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 140.266960][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 140.320154][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 140.342488][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 140.343242][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 140.344512][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 140.345142][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 140.348684][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 140.368800][ T6855] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 140.369646][ T6855] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 140.373937][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 140.374526][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 140.767276][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 140.767406][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 140.809383][ T6855] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 141.109235][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 141.521783][ T6906] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 141.540665][ T6906] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 141.616126][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 141.623917][ T4173] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 141.666908][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 141.693281][ T6855] device veth0_vlan entered promiscuous mode [ 141.710545][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 141.721873][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 141.765552][ T6855] device veth1_vlan entered promiscuous mode [ 141.843213][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 141.851973][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 141.891015][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 141.917908][ T4236] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 141.927355][ T4173] usb 1-1: Using ep0 maxpacket: 32 [ 141.953015][ T6855] device veth0_macvtap entered promiscuous mode [ 141.974685][ T6855] device veth1_macvtap entered promiscuous mode [ 141.995064][ T7065] loop5: detected capacity change from 0 to 32768 [ 142.036238][ T6855] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 142.059266][ T6855] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.063344][ T5842] Bluetooth: hci3: command 0x0419 tx timeout [ 142.090086][ T4173] usb 1-1: config 0 has an invalid interface number: 12 but max is 0 [ 142.098213][ T4173] usb 1-1: config 0 has no interface number 0 [ 142.115924][ T4173] usb 1-1: config 0 interface 12 has no altsetting 0 [ 142.130468][ T26] audit: type=1800 audit(1772117576.912:21): pid=7065 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.712" name="file1" dev="loop5" ino=4 res=0 errno=0 [ 142.140668][ T5842] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 142.157021][ T6855] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 142.181778][ T24] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 142.200026][ T6855] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.210720][ T7070] loop1: detected capacity change from 0 to 32768 [ 142.217722][ T6855] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 142.254557][ T6855] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.285142][ T6855] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 142.305788][ T6855] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.331722][ T6855] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 142.334696][ T7070] XFS (loop1): Mounting V5 Filesystem [ 142.351165][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 142.361652][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 142.370155][ T4173] usb 1-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 142.379234][ T4173] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 142.406939][ T4173] usb 1-1: Product: syz [ 142.411198][ T4173] usb 1-1: Manufacturer: syz [ 142.415802][ T4173] usb 1-1: SerialNumber: syz [ 142.420222][ T24] usb 3-1: Using ep0 maxpacket: 16 [ 142.427861][ T4173] usb 1-1: config 0 descriptor?? [ 142.434348][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 142.443697][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 142.457437][ T6855] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 142.468447][ T4225] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 142.478420][ T6855] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.489260][ T6855] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 142.500026][ T6855] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.509836][ T6855] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 142.524699][ T6855] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.541283][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 142.554719][ T6855] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 142.565195][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 142.600240][ T24] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 142.633697][ T24] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 142.644414][ T7070] XFS (loop1): Starting recovery (logdev: internal) [ 142.662888][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 142.663171][ T6855] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 142.684640][ T24] usb 3-1: config 0 descriptor?? [ 142.718671][ T7070] XFS (loop1): Ending recovery (logdev: internal) [ 142.727489][ T6855] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 142.751836][ T6855] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 142.767751][ T6855] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 142.786735][ T6855] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 142.834913][ T6855] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 142.857321][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 142.890202][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 142.938443][ T4328] XFS (loop1): Unmounting Filesystem [ 142.980365][ T7119] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 143.151226][ T1244] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 143.162963][ T24] HID 045e:07da: Invalid code 65791 type 1 [ 143.165986][ T1244] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 143.184909][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 143.203232][ T24] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.000A/input/input19 [ 143.217698][ T4236] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 143.245037][ T4236] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 143.246690][ T24] microsoft 0003:045E:07DA.000A: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 143.267677][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 143.338298][ T1346] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 143.628619][ T1346] usb 3-1: USB disconnect, device number 8 [ 143.822990][ T7147] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 143.863253][ T7147] overlayfs: "xino" feature enabled using 3 upper inode bits. [ 144.000186][ T4173] f81534 1-1:0.12: f81534_get_register: reg: 1003 failed: -71 [ 144.007723][ T4173] f81534 1-1:0.12: f81534_find_config_idx: read failed: -71 [ 144.035245][ T4173] f81534 1-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 144.064580][ T4173] f81534: probe of 1-1:0.12 failed with error -71 [ 144.112006][ T4173] usb 1-1: USB disconnect, device number 12 [ 144.383862][ T1346] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 144.906958][ T7191] loop1: detected capacity change from 0 to 4096 [ 144.913515][ T4895] usb 1-1: new full-speed USB device number 13 using dummy_hcd [ 144.960125][ T1346] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 144.996166][ T7191] ntfs3: loop1: Different NTFS' sector size (1024) and media sector size (512) [ 145.210167][ T1346] usb 5-1: Using ep0 maxpacket: 16 [ 145.224164][ T7167] loop2: detected capacity change from 0 to 32768 [ 145.242578][ T7177] loop5: detected capacity change from 0 to 32768 [ 145.289780][ T7177] XFS (loop5): Mounting V5 Filesystem [ 145.330216][ T1346] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 145.341605][ T1346] usb 5-1: config 0 interface 0 has no altsetting 0 [ 145.370575][ T4895] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 145.423918][ T24] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 145.448493][ T4895] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 145.491517][ T7177] XFS (loop5): Starting recovery (logdev: internal) [ 145.500365][ T1346] usb 5-1: New USB device found, idVendor=15c2, idProduct=0041, bcdDevice=1f.20 [ 145.511348][ T1346] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 145.519378][ T1346] usb 5-1: Product: syz [ 145.524130][ T1346] usb 5-1: Manufacturer: syz [ 145.524250][ T4895] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 145.528734][ T1346] usb 5-1: SerialNumber: syz [ 145.555872][ T1346] usb 5-1: config 0 descriptor?? [ 145.591562][ T4895] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 145.605851][ T4895] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 145.624268][ T4896] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 145.634632][ T7167] XFS (loop2): Mounting V5 Filesystem [ 145.637128][ T7177] XFS (loop5): Ending recovery (logdev: internal) [ 145.641394][ T4895] usb 1-1: config 0 descriptor?? [ 145.680768][ T7167] XFS (loop2): Ending clean mount [ 145.693835][ T7167] XFS (loop2): Quotacheck needed: Please wait. [ 145.760468][ T7167] XFS (loop2): Quotacheck: Done. [ 145.764517][ T5498] XFS (loop5): Unmounting Filesystem [ 145.844776][ T1346] input: iMON Panel, Knob and Mouse(15c2:0041) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input20 [ 145.879881][ T4198] XFS (loop2): Unmounting Filesystem [ 145.905693][ T4225] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 146.139184][ T4895] plantronics 0003:047F:FFFF.000B: No inputs registered, leaving [ 146.153262][ T4895] plantronics 0003:047F:FFFF.000B: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 146.170020][ T4225] usb 2-1: Using ep0 maxpacket: 16 [ 146.170047][ T1346] rc_core: IR keymap rc-imon-pad not found [ 146.218181][ T1346] Registered IR keymap rc-empty [ 146.228981][ T7221] loop5: detected capacity change from 0 to 512 [ 146.230339][ T1346] imon 5-1:0.0: Looks like you're trying to use an IR protocol this device does not support [ 146.274864][ T1346] imon 5-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 146.307658][ T7221] EXT4-fs (loop5): 1 truncate cleaned up [ 146.313984][ T7221] EXT4-fs (loop5): mounted filesystem without journal. Opts: init_itable,,errors=continue. Quota mode: none. [ 146.326796][ T4225] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 146.340642][ T1346] rc rc0: iMON Remote (15c2:0041) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 146.355999][ T4225] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 146.361687][ T1346] input: iMON Remote (15c2:0041) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input21 [ 146.378239][ T26] audit: type=1800 audit(1772117581.162:22): pid=7221 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.745" name="file0" dev="loop5" ino=13 res=0 errno=0 [ 146.392233][ T1346] imon 5-1:0.0: iMON device (15c2:0041, intf0) on usb<5:7> initialized [ 146.405729][ T4225] usb 2-1: New USB device found, idVendor=05ac, idProduct=024b, bcdDevice= 0.00 [ 146.448565][ T7221] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm syz.5.745: bg 0: block 465: padding at end of block bitmap is not set [ 146.460304][ T1346] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 146.473770][ T4225] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 146.485803][ T4231] usb 1-1: USB disconnect, device number 13 [ 146.494942][ T7221] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6194: Corrupt filesystem [ 146.510627][ T7221] EXT4-fs error (device loop5): ext4_free_branches:1030: inode #13: comm syz.5.745: invalid indirect mapped block 234881024 (level 0) [ 146.543390][ T4225] usb 2-1: config 0 descriptor?? [ 146.810623][ T4231] usb 5-1: USB disconnect, device number 7 [ 147.051168][ T4225] apple 0003:05AC:024B.000C: fixing up MacBook JIS keyboard report descriptor [ 147.069886][ T7229] loop0: detected capacity change from 0 to 1024 [ 147.071369][ T4225] apple 0003:05AC:024B.000C: unknown global tag 0xe [ 147.087240][ T4225] apple 0003:05AC:024B.000C: item 0 1 1 14 parsing failed [ 147.096185][ T4225] apple 0003:05AC:024B.000C: parse failed [ 147.102430][ T4225] apple: probe of 0003:05AC:024B.000C failed with error -22 [ 147.123816][ T7231] loop5: detected capacity change from 0 to 128 [ 147.175381][ T7229] EXT4-fs (loop0): Ignoring removed orlov option [ 147.219367][ T7229] EXT4-fs (loop0): mounted filesystem without journal. Opts: block_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,norecovery,,errors=continue. Quota mode: none. [ 147.222692][ T7231] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 147.301001][ T4895] usb 2-1: USB disconnect, device number 10 [ 147.308494][ T7231] ext4 filesystem being mounted at /67/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff) [ 147.553124][ T1346] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 147.697914][ T7253] 9pnet: p9_errstr2errno: server reported unknown error @L 00000000000000000005 [ 147.707831][ T4895] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 147.941506][ T4227] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 147.964083][ T7263] loop1: detected capacity change from 0 to 1024 [ 147.990453][ T24] usb 6-1: new full-speed USB device number 6 using dummy_hcd [ 148.015583][ T7263] EXT4-fs (loop1): Ignoring removed orlov option [ 148.049245][ T7263] EXT4-fs (loop1): mounted filesystem without journal. Opts: block_validity,bsddf,sysvgroups,norecovery,debug_want_extra_isize=0x0000000000000080,orlov,nogrpid,noauto_da_alloc,norecovery,,errors=continue. Quota mode: none. [ 148.360262][ T4227] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 148.375051][ T4227] usb 3-1: config 0 has no interface number 0 [ 148.381862][ T24] usb 6-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 148.397529][ T4227] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 148.409109][ T24] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 148.433725][ T24] usb 6-1: config 0 descriptor?? [ 148.438884][ T4227] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 148.452309][ T4227] usb 3-1: New USB device found, idVendor=04d9, idProduct=a055, bcdDevice= 0.18 [ 148.459779][ T7259] loop4: detected capacity change from 0 to 131072 [ 148.465000][ T4227] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 148.478445][ T4227] usb 3-1: config 0 descriptor?? [ 148.519578][ T7259] F2FS-fs (loop4): invalid crc value [ 148.548431][ T7259] F2FS-fs (loop4): Found nat_bits in checkpoint [ 148.589311][ T7259] F2FS-fs (loop4): Cannot turn on quotas: -2 on 2 [ 148.597572][ T7259] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4 [ 148.630254][ T1346] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 148.700803][ T4225] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 148.720141][ T4895] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 148.749437][ T4895] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 148.759520][ T4895] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 148.773184][ T4895] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 148.783756][ T4895] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 148.799514][ T4895] usb 1-1: config 0 descriptor?? [ 148.981508][ T4227] input: HID 04d9:a055 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.1/0003:04D9:A055.000D/input/input22 [ 149.074010][ T4227] holtek_kbd 0003:04D9:A055.000D: input,hidraw0: USB HID v0.00 Keyboard [HID 04d9:a055] on usb-dummy_hcd.2-1/input1 [ 149.203298][ T4227] usb 3-1: USB disconnect, device number 9 [ 149.285815][ T4895] plantronics 0003:047F:FFFF.000E: No inputs registered, leaving [ 149.298382][ T4895] plantronics 0003:047F:FFFF.000E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 149.340712][ T4895] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 149.660253][ T5842] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 149.761762][ T7276] loop1: detected capacity change from 0 to 256 [ 149.780474][ T24] usb 6-1: Cannot set autoneg [ 149.789254][ T24] MOSCHIP usb-ethernet driver: probe of 6-1:0.0 failed with error -71 [ 149.811716][ T7276] exFAT-fs (loop1): failed to load upcase table (idx : 0x00011d5f, chksum : 0x09863542, utbl_chksum : 0x000cd30d) [ 149.826383][ T24] usb 6-1: USB disconnect, device number 6 [ 149.865389][ T7274] ODEBUG: Out of memory. ODEBUG disabled [ 149.948370][ T7276] exFAT-fs (loop1): error, tried to truncate zeroed cluster. [ 149.957756][ T7276] exFAT-fs (loop1): Filesystem has been set read-only [ 149.969722][ T7276] exFAT-fs (loop1): error, tried to truncate zeroed cluster. [ 150.020049][ T4895] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 150.271212][ T7284] loop1: detected capacity change from 0 to 40427 [ 150.339759][ T7284] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 150.347705][ T7284] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 150.360286][ T7284] F2FS-fs (loop1): invalid crc value [ 150.373540][ T7284] F2FS-fs (loop1): Found nat_bits in checkpoint [ 150.402112][ T4895] usb 3-1: Using ep0 maxpacket: 16 [ 150.435709][ T7284] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0 [ 150.442979][ T7284] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 150.560292][ T4895] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 150.590074][ T4895] usb 3-1: config 0 interface 0 has no altsetting 0 [ 150.622167][ C1] plantronics 0003:047F:FFFF.000E: usb_submit_urb(ctrl) failed: -1 [ 150.700215][ T1346] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog [ 150.795279][ T4895] usb 3-1: New USB device found, idVendor=15c2, idProduct=0041, bcdDevice=1f.20 [ 150.830067][ T4895] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 150.858203][ T4895] usb 3-1: Product: syz [ 150.884942][ T4895] usb 3-1: Manufacturer: syz [ 150.889585][ T4895] usb 3-1: SerialNumber: syz [ 150.937203][ T4895] usb 3-1: config 0 descriptor?? [ 151.202798][ T4895] input: iMON Panel, Knob and Mouse(15c2:0041) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input23 [ 151.295751][ T7299] loop5: detected capacity change from 0 to 32768 [ 151.395015][ T7299] XFS (loop5): Mounting V5 Filesystem [ 151.467633][ T5842] usb 1-1: USB disconnect, device number 14 [ 151.518338][ T7299] XFS (loop5): Ending clean mount [ 151.551234][ T5498] XFS (loop5): Unmounting Filesystem [ 151.660935][ T4895] rc_core: IR keymap rc-imon-pad not found [ 151.673205][ T4895] Registered IR keymap rc-empty [ 151.678149][ T4895] imon 3-1:0.0: Looks like you're trying to use an IR protocol this device does not support [ 151.730428][ T4895] imon 3-1:0.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 151.832015][ T4895] rc rc0: iMON Remote (15c2:0041) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 151.843663][ T4895] input: iMON Remote (15c2:0041) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input24 [ 151.881310][ T4895] imon 3-1:0.0: iMON device (15c2:0041, intf0) on usb<3:10> initialized [ 152.202597][ T4895] usb 3-1: USB disconnect, device number 10 [ 152.210089][ C0] imon 3-1:0.0: imon usb_rx_callback_intf0: status(-71) [ 152.997230][ T7404] mac80211_hwsim hwsim13 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33) [ 153.034419][ T7407] loop4: detected capacity change from 0 to 512 [ 153.065298][ T7409] loop5: detected capacity change from 0 to 256 [ 153.121947][ T7409] exFAT-fs (loop5): failed to load upcase table (idx : 0x00011d5f, chksum : 0x09863542, utbl_chksum : 0x000cd30d) [ 153.209088][ T7398] loop2: detected capacity change from 0 to 32768 [ 153.271522][ T7398] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 scanned by syz.2.806 (7398) [ 153.317363][ T7409] exFAT-fs (loop5): error, tried to truncate zeroed cluster. [ 153.371868][ T7409] exFAT-fs (loop5): Filesystem has been set read-only [ 153.388384][ T7398] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm [ 153.420386][ T7409] exFAT-fs (loop5): error, tried to truncate zeroed cluster. [ 153.427875][ T7398] BTRFS info (device loop2): force clearing of disk cache [ 153.450163][ T7398] BTRFS info (device loop2): metadata ratio 0 [ 153.476207][ T7398] BTRFS info (device loop2): enabling ssd optimizations [ 153.505832][ T7398] BTRFS info (device loop2): using spread ssd allocation scheme [ 153.530108][ T7398] BTRFS info (device loop2): using free space tree [ 153.533500][ T7416] loop0: detected capacity change from 0 to 2048 [ 153.536694][ T7398] BTRFS info (device loop2): has skinny extents [ 153.605180][ T7416] NILFS (loop0): broken superblock, retrying with spare superblock (blocksize = 1024) [ 153.682835][ T7416] NILFS (loop0): mounting unchecked fs [ 153.695919][ T7411] loop1: detected capacity change from 0 to 40427 [ 153.717349][ T4176] udevd[4176]: incorrect nilfs2 checksum on /dev/loop0 [ 153.756306][ T7398] BTRFS info (device loop2): clearing free space tree [ 153.779169][ T7416] NILFS (loop0): recovery complete [ 153.789879][ T7411] F2FS-fs (loop1): Invalid log_blocksize (268), supports only 12 [ 153.817914][ T7398] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 153.818099][ T7411] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock [ 153.835623][ T7398] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 153.861384][ T7398] BTRFS info (device loop2): creating free space tree [ 153.871538][ T7398] BTRFS info (device loop2): setting compat-ro feature flag for FREE_SPACE_TREE (0x1) [ 153.878581][ T7437] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 153.881482][ T7398] BTRFS info (device loop2): setting compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2) [ 153.971304][ T26] audit: type=1800 audit(1772117588.752:23): pid=7438 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.815" name="file1" dev="loop0" ino=15 res=0 errno=0 [ 154.019479][ T7411] F2FS-fs (loop1): Found nat_bits in checkpoint [ 154.202241][ T7411] F2FS-fs (loop1): recover fsync data on readonly fs [ 154.233251][ T7411] F2FS-fs (loop1): Try to recover 1th superblock, ret: -30 [ 154.256507][ T7411] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5 [ 154.510242][ T7411] F2FS-fs (loop1): Try to recover all the superblocks, ret: 0 [ 154.554146][ T7456] overlayfs: failed to decode file handle (len=6, type=251, flags=0, err=-22) [ 154.669398][ T7423] loop5: detected capacity change from 0 to 32768 [ 155.069648][ T7469] netlink: 'syz.0.825': attribute type 12 has an invalid length. [ 155.081243][ T7469] netlink: 'syz.0.825': attribute type 29 has an invalid length. [ 155.088998][ T7469] netlink: 148 bytes leftover after parsing attributes in process `syz.0.825'. [ 155.119471][ T7469] netlink: 59 bytes leftover after parsing attributes in process `syz.0.825'. [ 155.240120][ T7475] device pim6reg1 entered promiscuous mode [ 155.479829][ T7489] loop2: detected capacity change from 0 to 512 [ 155.512972][ T7489] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 155.552843][ T7493] loop4: detected capacity change from 0 to 128 [ 155.560316][ T7489] EXT4-fs (loop2): inline encryption not supported [ 155.567686][ T7489] EXT4-fs (loop2): Test dummy encryption mode enabled [ 155.624924][ T7495] loop5: detected capacity change from 0 to 512 [ 155.631780][ T7489] EXT4-fs (loop2): Ignoring removed mblk_io_submit option [ 155.643383][ T7493] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only [ 155.661125][ T7493] hpfs: filesystem error: improperly stopped [ 155.688744][ T7489] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode [ 155.718582][ T7493] hpfs: filesystem error: warning: spare dnodes used, try chkdsk [ 155.727047][ T7493] hpfs: You really don't want any checks? You are crazy... [ 155.734798][ T7493] hpfs: hpfs_map_sector(): read error [ 155.743132][ T7493] hpfs: code page support is disabled [ 155.744220][ T6906] wlan1: Trigger new scan to find an IBSS to join [ 155.748882][ T7493] hpfs: hpfs_map_4sectors(): unaligned read [ 155.761260][ T7493] hpfs: hpfs_map_4sectors(): unaligned read [ 155.768600][ T7493] hpfs: filesystem error: unable to find root dir [ 155.770290][ T7495] EXT4-fs error (device loop5): ext4_xattr_inode_iget:401: comm syz.5.826: inode #1: comm syz.5.826: iget: illegal inode # [ 155.788989][ T26] audit: type=1326 audit(1772117590.572:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7501 comm="syz.1.837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc901dd2799 code=0x7ffc0000 [ 155.813897][ T7489] EXT4-fs (loop2): 1 truncate cleaned up [ 155.819571][ T7489] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,mblk_io_submit,inlinecrypt,test_dummy_encryption=v1,barrier,mblk_io_submit,nogrpid,. Quota mode: none. [ 155.875639][ T26] audit: type=1326 audit(1772117590.572:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7501 comm="syz.1.837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc901dd2799 code=0x7ffc0000 [ 155.898229][ T26] audit: type=1326 audit(1772117590.572:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7501 comm="syz.1.837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc901dd2799 code=0x7ffc0000 [ 155.920324][ C0] vkms_vblank_simulate: vblank timer overrun [ 155.922911][ T7495] EXT4-fs error (device loop5): ext4_xattr_inode_iget:406: comm syz.5.826: error while reading EA inode 1 err=-117 [ 155.927099][ T26] audit: type=1326 audit(1772117590.572:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7501 comm="syz.1.837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7fc901dd2799 code=0x7ffc0000 [ 155.961856][ T26] audit: type=1326 audit(1772117590.572:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7501 comm="syz.1.837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc901dd2799 code=0x7ffc0000 [ 155.984056][ T26] audit: type=1326 audit(1772117590.572:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7501 comm="syz.1.837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc901dd2799 code=0x7ffc0000 [ 156.006110][ C0] vkms_vblank_simulate: vblank timer overrun [ 156.012733][ T26] audit: type=1326 audit(1772117590.572:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7501 comm="syz.1.837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc901dd2799 code=0x7ffc0000 [ 156.034906][ T26] audit: type=1326 audit(1772117590.572:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7501 comm="syz.1.837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fc901dd2799 code=0x7ffc0000 [ 156.056952][ C0] vkms_vblank_simulate: vblank timer overrun [ 156.065332][ T7495] EXT4-fs (loop5): 1 orphan inode deleted [ 156.071253][ T7495] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 156.104672][ T26] audit: type=1326 audit(1772117590.572:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7501 comm="syz.1.837" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc901dd2799 code=0x7ffc0000 [ 156.577928][ T7532] nf_conntrack: default automatic helper assignment has been turned off for security reasons and CT-based firewall rule not found. Use the iptables CT target to attach helpers instead. [ 156.739405][ T7540] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 156.755781][ T7540] device batadv_slave_0 entered promiscuous mode [ 156.958331][ T7552] loop1: detected capacity change from 0 to 512 [ 157.026126][ T7552] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem [ 157.056903][ T7552] EXT4-fs (loop1): bad block size 16384 [ 157.318306][ T7562] NILFS (loop1): broken superblock, retrying with spare superblock (blocksize = 1024) [ 157.345709][ T7562] NILFS (loop1): mounting unchecked fs [ 157.350966][ T4176] udevd[4176]: incorrect nilfs2 checksum on /dev/loop1 [ 157.409811][ T7562] NILFS (loop1): recovery complete [ 157.426275][ T7567] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds [ 157.531664][ T7568] exFAT-fs (loop2): failed to load upcase table (idx : 0x00011f1c, chksum : 0x850fc7e5, utbl_chksum : 0xe619d30d) [ 157.589650][ T7568] exFAT-fs (loop2): error, exfat_zeroed_cluster: out of range(sect:224 len:8) [ 157.611666][ T7568] exFAT-fs (loop2): Filesystem has been set read-only [ 157.665996][ T7556] XFS (loop5): Mounting V5 Filesystem [ 157.762260][ T7577] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(3) [ 157.769527][ T7577] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 157.810264][ T7556] XFS (loop5): Ending clean mount [ 157.827340][ T7556] XFS (loop5): Quotacheck needed: Please wait. [ 157.829374][ T7577] vhci_hcd vhci_hcd.0: Device attached [ 157.942550][ T7556] XFS (loop5): Quotacheck: Done. [ 157.970050][ T5842] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 158.006097][ T5498] XFS (loop5): Unmounting Filesystem [ 158.116991][ T4228] usb 33-1: new low-speed USB device number 2 using vhci_hcd [ 158.190290][ T1346] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 158.330387][ T5842] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 158.353345][ T5842] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 158.480243][ T5842] usb 1-1: New USB device found, idVendor=2040, idProduct=2000, bcdDevice=65.72 [ 158.495092][ T5842] usb 1-1: New USB device strings: Mfr=151, Product=0, SerialNumber=0 [ 158.520144][ T5842] usb 1-1: Manufacturer: syz [ 158.558497][ T5842] usb 1-1: config 0 descriptor?? [ 158.593622][ T1346] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 158.622283][ T1346] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 158.639126][ T7612] set_capacity_and_notify: 3 callbacks suppressed [ 158.639140][ T7612] loop5: detected capacity change from 0 to 4096 [ 158.658247][ T1346] usb 3-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 158.668024][ T1346] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.695418][ T7612] ntfs3: loop5: Different NTFS' sector size (1024) and media sector size (512) [ 158.713832][ T1346] usb 3-1: config 0 descriptor?? [ 158.730465][ T4227] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 158.837274][ T24] usb 1-1: USB disconnect, device number 15 [ 158.843970][ T7581] usb 33-1: recv xbuf, 0 [ 158.857888][ T4274] vhci_hcd: stop threads [ 158.869522][ T4274] vhci_hcd: release socket [ 158.892846][ T4274] vhci_hcd: disconnect device [ 158.940306][ T4228] vhci_hcd: vhci_device speed not set [ 159.095456][ T4227] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 159.114536][ T4227] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 159.196807][ T1346] cm6533_jd 0003:0D8C:0022.000F: unknown main item tag 0x0 [ 159.215053][ T1346] cm6533_jd 0003:0D8C:0022.000F: unknown main item tag 0x0 [ 159.222819][ T4227] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 159.243614][ T4227] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 159.254045][ T1346] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0D8C:0022.000F/input/input25 [ 159.265724][ T4227] usb 5-1: SerialNumber: syz [ 159.289111][ T1346] cm6533_jd 0003:0D8C:0022.000F: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.2-1/input0 [ 159.431919][ T4230] usb 3-1: USB disconnect, device number 11 [ 159.537133][ T7628] netlink: 'syz.1.883': attribute type 1 has an invalid length. [ 159.551584][ T7628] netlink: 'syz.1.883': attribute type 2 has an invalid length. [ 159.567597][ T4227] usb 5-1: 0:2 : does not exist [ 159.609793][ T4227] usb 5-1: USB disconnect, device number 8 [ 159.842325][ T4176] udevd[4176]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 160.050122][ T1346] usb 6-1: new full-speed USB device number 7 using dummy_hcd [ 160.329172][ T7632] loop1: detected capacity change from 0 to 131072 [ 160.382477][ T7632] F2FS-fs (loop1): invalid crc value [ 160.420139][ T1346] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 160.443330][ T1346] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 160.446721][ T7632] F2FS-fs (loop1): Found nat_bits in checkpoint [ 160.486977][ T7632] F2FS-fs (loop1): Cannot turn on quotas: -2 on 2 [ 160.497799][ T7632] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4 [ 160.504758][ T1346] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 160.584960][ T1346] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 160.608290][ T1346] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 160.657639][ T1346] usb 6-1: config 0 descriptor?? [ 160.808834][ T4400] wlan1: Trigger new scan to find an IBSS to join [ 161.113411][ T7661] loop0: detected capacity change from 0 to 8 [ 161.142157][ T1346] plantronics 0003:047F:FFFF.0010: No inputs registered, leaving [ 161.173898][ T1346] plantronics 0003:047F:FFFF.0010: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 161.350426][ T7666] loop1: detected capacity change from 0 to 256 [ 161.384748][ T7668] "syz.2.899" (7668) uses obsolete ecb(arc4) skcipher [ 161.462516][ T5842] usb 6-1: USB disconnect, device number 7 [ 161.480762][ T7666] exfat: Deprecated parameter 'utf8' [ 161.511911][ T7666] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe3865569, utbl_chksum : 0xe619d30d) [ 161.782751][ T4400] wlan1: Creating new IBSS network, BSSID ba:2b:fd:dd:70:86 [ 162.158444][ T7696] loop5: detected capacity change from 0 to 512 [ 162.264711][ T7696] EXT4-fs (loop5): Ignoring removed nomblk_io_submit option [ 162.301058][ T7696] EXT4-fs (loop5): encrypted files will use data=ordered instead of data journaling mode [ 162.331090][ T5842] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 162.370277][ T7696] EXT4-fs error (device loop5): ext4_orphan_get:1426: comm syz.5.911: bad orphan inode 131083 [ 162.393073][ T7696] EXT4-fs (loop5): mounted filesystem without journal. Opts: nomblk_io_submit,journal_dev=0x00000000000003f2,noload,,errors=continue. Quota mode: none. [ 162.443342][ T7696] overlayfs: upper fs needs to support d_type. [ 162.488709][ T7713] netlink: 20 bytes leftover after parsing attributes in process `syz.4.916'. [ 162.546380][ T5498] EXT4-fs error (device loop5): ext4_readdir:263: inode #2: block 13: comm syz-executor: path /97/bus: bad entry in directory: rec_len is smaller than minimal - offset=24, inode=11, rec_len=8, size=1024 fake=0 [ 162.700483][ T5842] usb 2-1: New USB device found, idVendor=8086, idProduct=0110, bcdDevice=bf.ad [ 162.720102][ T5842] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 162.735093][ T5842] usb 2-1: config 0 descriptor?? [ 162.756621][ T7722] netlink: 132 bytes leftover after parsing attributes in process `syz.0.919'. [ 162.787512][ T5842] gspca_main: spca508-2.14.0 probing 8086:0110 [ 163.000234][ T5842] gspca_spca508: reg_read err -32 [ 163.012129][ T4400] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.040558][ T5842] gspca_spca508: reg_read err -32 [ 163.086481][ T5842] gspca_spca508: reg_read err -32 [ 163.117325][ T4400] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.130185][ T5842] gspca_spca508: reg_read err -32 [ 163.188429][ T4400] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.270332][ T4400] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.393222][ T5842] gspca_spca508: reg write: error -71 [ 163.398721][ T5842] spca508: probe of 2-1:0.0 failed with error -71 [ 163.422766][ T5842] usb 2-1: USB disconnect, device number 11 [ 163.597119][ T7747] chnl_net:caif_netlink_parms(): no params data found [ 163.665267][ T7747] bridge0: port 1(bridge_slave_0) entered blocking state [ 163.674167][ T7747] bridge0: port 1(bridge_slave_0) entered disabled state [ 163.682301][ T7747] device bridge_slave_0 entered promiscuous mode [ 163.696622][ T7747] bridge0: port 2(bridge_slave_1) entered blocking state [ 163.704119][ T7747] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.712834][ T7747] device bridge_slave_1 entered promiscuous mode [ 163.748285][ T7747] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 163.760580][ T7747] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 163.794862][ T7747] team0: Port device team_slave_0 added [ 163.805208][ T7747] team0: Port device team_slave_1 added [ 163.837877][ T7747] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 163.845488][ T7747] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 163.871539][ T7747] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 163.906536][ T7747] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 163.919771][ T7747] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 163.947206][ T7747] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 163.985562][ T7747] device hsr_slave_0 entered promiscuous mode [ 163.992348][ T7747] device hsr_slave_1 entered promiscuous mode [ 163.998843][ T7747] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 164.007901][ T7747] Cannot create hsr debugfs directory [ 164.140875][ T7747] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 164.158480][ T7747] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 164.168354][ T7747] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 164.178527][ T7747] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 164.308373][ T7747] 8021q: adding VLAN 0 to HW filter on device bond0 [ 164.325991][ T4400] device hsr_slave_0 left promiscuous mode [ 164.333933][ T4400] device hsr_slave_1 left promiscuous mode [ 164.341226][ T4400] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 164.348721][ T4400] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 164.358558][ T4400] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 164.366194][ T4400] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 164.380579][ T4400] device bridge_slave_1 left promiscuous mode [ 164.386803][ T4400] bridge0: port 2(bridge_slave_1) entered disabled state [ 164.402519][ T4400] device bridge_slave_0 left promiscuous mode [ 164.408773][ T4400] bridge0: port 1(bridge_slave_0) entered disabled state [ 164.424613][ T4400] device veth1_macvtap left promiscuous mode [ 164.431519][ T4400] device veth0_macvtap left promiscuous mode [ 164.437553][ T4400] device veth1_vlan left promiscuous mode [ 164.444335][ T4400] device veth0_vlan left promiscuous mode [ 164.579840][ T4400] team0 (unregistering): Port device team_slave_1 removed [ 164.597060][ T4400] team0 (unregistering): Port device team_slave_0 removed [ 164.608197][ T4400] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 164.622607][ T4400] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 164.682919][ T4400] bond0 (unregistering): Released all slaves [ 164.767191][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 164.775147][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 164.785642][ T7747] 8021q: adding VLAN 0 to HW filter on device team0 [ 164.798584][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 164.809128][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 164.817960][ T144] bridge0: port 1(bridge_slave_0) entered blocking state [ 164.825085][ T144] bridge0: port 1(bridge_slave_0) entered forwarding state [ 164.846352][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 164.855255][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 164.879368][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 164.895641][ T144] bridge0: port 2(bridge_slave_1) entered blocking state [ 164.902808][ T144] bridge0: port 2(bridge_slave_1) entered forwarding state [ 164.917686][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 164.958044][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 164.985850][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 165.013198][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 165.022311][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 165.031177][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 165.045993][ T7747] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 165.056737][ T7747] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 165.069318][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 165.078392][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 165.087199][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 165.096226][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 165.105063][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 165.135458][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 165.315616][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 165.331646][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 165.344909][ T7747] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 165.420251][ T5842] Bluetooth: hci1: command 0x0409 tx timeout [ 165.632284][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 165.650746][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 165.706089][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 165.728079][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 165.736986][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 165.760677][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 165.773298][ T7747] device veth0_vlan entered promiscuous mode [ 165.819249][ T7747] device veth1_vlan entered promiscuous mode [ 165.850365][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 165.858938][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 165.877663][ T7747] device veth0_macvtap entered promiscuous mode [ 165.889290][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 165.915214][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 165.924116][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 165.940971][ T7747] device veth1_macvtap entered promiscuous mode [ 165.967687][ T7747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 165.979344][ T7747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 165.999983][ T7747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 166.019986][ T7747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 166.029838][ T7747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 166.047553][ T7747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 166.059086][ T7747] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 166.083330][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 166.101915][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 166.122340][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 166.160947][ T7747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 166.172995][ T7747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 166.183111][ T7747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 166.210071][ T7747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 166.219931][ T7747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 166.241619][ T7747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 166.270007][ T7747] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 166.289993][ T7747] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 166.311088][ T7747] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 166.325034][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 166.343252][ T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 166.359808][ T7747] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 166.376666][ T7747] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 166.401084][ T7747] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 166.409809][ T7747] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 166.563378][ T9] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 166.593699][ T9] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 166.605710][ T144] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready [ 166.636451][ T4274] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 166.645144][ T4274] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 166.653884][ T4274] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready [ 166.919830][ T7848] loop0: detected capacity change from 0 to 4096 [ 167.010400][ T7850] loop6: detected capacity change from 0 to 8192 [ 167.223499][ T6906] ntfs3: loop0: ntfs3_write_inode r=5 failed, -22. [ 167.248124][ T4184] ntfs3: loop0: ntfs_evict_inode r=5 failed, -22. [ 167.286271][ T4184] ntfs3: loop0: Mark volume as dirty due to NTFS errors [ 167.429639][ T7871] netlink: 28 bytes leftover after parsing attributes in process `syz.1.930'. [ 167.483262][ T7874] loop0: detected capacity change from 0 to 128 [ 167.500884][ T5842] Bluetooth: hci1: command 0x041b tx timeout [ 167.541527][ T7874] EXT4-fs (loop0): VFS: Found ext4 filesystem with invalid superblock checksum. Run e2fsck? [ 167.574059][ T4176] udevd[4176]: incorrect ext4 checksum on /dev/loop0 [ 167.645905][ T7874] netlink: 16 bytes leftover after parsing attributes in process `syz.0.931'. [ 167.715881][ T7881] loop4: detected capacity change from 0 to 512 [ 167.733635][ T7882] netlink: 'syz.2.934': attribute type 1 has an invalid length. [ 167.766736][ T7882] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 167.774606][ T7882] IPv6: NLM_F_CREATE should be set when creating new route [ 167.824751][ T7887] netlink: 'syz.2.934': attribute type 1 has an invalid length. [ 167.832982][ T7887] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 167.841501][ T7881] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none. [ 167.915564][ T7888] netlink: 8 bytes leftover after parsing attributes in process `syz.0.935'. [ 168.006047][ T7888] netlink: 12 bytes leftover after parsing attributes in process `syz.0.935'. [ 168.054392][ T7888] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 168.057409][ T7892] loop2: detected capacity change from 0 to 1024 [ 168.063813][ T7888] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 168.078441][ T7888] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 168.087239][ T7888] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 168.165857][ T7888] netlink: 8 bytes leftover after parsing attributes in process `syz.0.935'. [ 168.211871][ T7892] EXT4-fs (loop2): Ignoring removed nomblk_io_submit option [ 168.220697][ T7888] netlink: 12 bytes leftover after parsing attributes in process `syz.0.935'. [ 168.280049][ T7892] EXT4-fs (loop2): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE [ 168.314937][ T7892] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003] [ 168.340221][ T7892] System zones: 0-1, 3-36 [ 168.363590][ T7877] loop1: detected capacity change from 0 to 32768 [ 168.397863][ T7892] EXT4-fs (loop2): mounted filesystem without journal. Opts: grpquota,delalloc,resuid=0x0000000000000000,debug,dioread_nolock,bsddf,nomblk_io_submit,noauto_da_alloc,,errors=continue. Quota mode: writeback. [ 168.526435][ T7877] (syz.1.932,7877,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 168.677388][ T7877] (syz.1.932,7877,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC. [ 168.683755][ T7913] TCP: request_sock_TCPv6: Possible SYN flooding on port 20002. Sending cookies. Check SNMP counters. [ 168.984412][ T7877] JBD2: Ignoring recovery information on journal [ 169.081110][ T7926] netlink: 4 bytes leftover after parsing attributes in process `syz.2.947'. [ 169.105376][ T7877] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode. [ 169.583622][ T5842] Bluetooth: hci1: command 0x040f tx timeout [ 169.746336][ T4328] ocfs2: Unmounting device (7,1) on (node local) [ 169.969799][ T7941] loop2: detected capacity change from 0 to 32768 [ 170.030150][ T7941] [ 170.030150][ T7941] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 170.030150][ T7941] [ 170.125047][ T7941] ERROR: (device loop2): xtSearch: XT_GETPAGE: xtree page corrupt [ 170.125047][ T7941] [ 170.200059][ T7941] xtLookup: xtSearch returned -5 [ 170.248887][ T7941] ERROR: (device loop2): xtSearch: XT_GETPAGE: xtree page corrupt [ 170.248887][ T7941] [ 170.265974][ T7975] netlink: 4 bytes leftover after parsing attributes in process `syz.1.963'. [ 170.302073][ T7941] ERROR: (device loop2): xtSearch: XT_GETPAGE: xtree page corrupt [ 170.302073][ T7941] [ 170.305547][ T4895] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 170.368042][ T7941] xtLookup: xtSearch returned -5 [ 170.449558][ T7941] ERROR: (device loop2): xtTruncate: XT_GETPAGE: xtree page corrupt [ 170.449558][ T7941] [ 170.620208][ T4227] Bluetooth: hci4: command 0x0406 tx timeout [ 170.635601][ T4227] Bluetooth: hci0: command 0x0406 tx timeout [ 170.667872][ T7962] loop0: detected capacity change from 0 to 32768 [ 170.695581][ T4400] [ 170.695581][ T4400] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 170.695581][ T4400] [ 170.750195][ T4400] [ 170.750195][ T4400] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 170.750195][ T4400] [ 170.770216][ T4895] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 170.778742][ T7966] loop4: detected capacity change from 0 to 40427 [ 170.785885][ T4895] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 170.818462][ T4198] [ 170.818462][ T4198] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 170.818462][ T4198] [ 170.842582][ T276] [ 170.842582][ T276] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 170.842582][ T276] [ 170.870251][ T7966] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12 [ 170.870674][ T4198] [ 170.870674][ T4198] ... Log Wrap ... Log Wrap ... Log Wrap ... [ 170.870674][ T4198] [ 170.891383][ T7966] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock [ 170.903544][ T7962] JBD2: Ignoring recovery information on journal [ 170.909205][ T276] ================================================================== [ 170.918669][ T276] BUG: KASAN: use-after-free in txEnd+0x329/0x520 [ 170.925107][ T276] Write of size 8 at addr ffff8880244b5040 by task jfsCommit/276 [ 170.932831][ T276] [ 170.935178][ T276] CPU: 0 PID: 276 Comm: jfsCommit Not tainted syzkaller #0 [ 170.942481][ T276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 170.952557][ T276] Call Trace: [ 170.955847][ T276] [ 170.958786][ T276] dump_stack_lvl+0x188/0x250 [ 170.963481][ T276] ? show_regs_print_info+0x20/0x20 [ 170.968691][ T276] ? _printk+0xda/0x130 [ 170.972858][ T276] ? txEnd+0x329/0x520 [ 170.976942][ T276] ? load_image+0x400/0x400 [ 170.981450][ T276] ? _raw_spin_lock_irqsave+0xbc/0x100 [ 170.986926][ T276] print_address_description+0x60/0x2d0 [ 170.992483][ T276] ? txEnd+0x329/0x520 [ 170.996559][ T276] kasan_report+0xdf/0x130 [ 171.000986][ T276] ? txEnd+0x329/0x520 [ 171.005073][ T276] kasan_check_range+0x235/0x290 [ 171.010036][ T276] txEnd+0x329/0x520 [ 171.013953][ T276] jfs_lazycommit+0x5b8/0xb40 [ 171.018640][ T276] ? txFreelock+0x5a0/0x5a0 [ 171.023148][ T276] ? _raw_spin_unlock_irqrestore+0x82/0x120 [ 171.029097][ T276] ? sched_dynamic_update+0x210/0x210 [ 171.034487][ T276] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 171.040391][ T276] ? __kthread_parkme+0x157/0x1b0 [ 171.045424][ T276] kthread+0x436/0x520 [ 171.049496][ T276] ? txFreelock+0x5a0/0x5a0 [ 171.051735][ T7966] F2FS-fs (loop4): Found nat_bits in checkpoint [ 171.054002][ T276] ? kthread_blkcg+0xd0/0xd0 [ 171.054030][ T276] ret_from_fork+0x1f/0x30 [ 171.054065][ T276] [ 171.072254][ T276] [ 171.074573][ T276] Allocated by task 7941: [ 171.078895][ T276] __kasan_kmalloc+0xb5/0xf0 [ 171.083487][ T276] lmLogOpen+0x2c0/0xf90 [ 171.087731][ T276] jfs_mount_rw+0xf8/0x5c0 [ 171.092152][ T276] jfs_fill_super+0x5c1/0xb00 [ 171.096945][ T276] mount_bdev+0x287/0x3c0 [ 171.097022][ T7966] F2FS-fs (loop4): recover fsync data on readonly fs [ 171.101278][ T276] legacy_get_tree+0xe6/0x180 [ 171.101297][ T276] vfs_get_tree+0x88/0x270 [ 171.101310][ T276] do_new_mount+0x24a/0xa40 [ 171.101323][ T276] __se_sys_mount+0x2e3/0x3d0 [ 171.101335][ T276] do_syscall_64+0x4c/0xa0 [ 171.101349][ T276] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 171.101364][ T276] [ 171.101368][ T276] Freed by task 4198: [ 171.101376][ T276] kasan_set_track+0x4b/0x70 [ 171.101389][ T276] kasan_set_free_info+0x1f/0x40 [ 171.101403][ T276] ____kasan_slab_free+0xd5/0x110 [ 171.101417][ T276] slab_free_freelist_hook+0xea/0x170 [ 171.101430][ T276] kfree+0xef/0x2a0 [ 171.101443][ T276] lmLogClose+0x293/0x520 [ 171.101457][ T276] jfs_umount+0x28f/0x360 [ 171.101468][ T276] jfs_put_super+0x88/0x190 [ 171.101480][ T276] generic_shutdown_super+0x130/0x300 [ 171.101494][ T276] kill_block_super+0x7c/0xe0 [ 171.101506][ T276] deactivate_locked_super+0x93/0xf0 [ 171.101519][ T276] cleanup_mnt+0x42d/0x4e0 [ 171.101533][ T276] task_work_run+0x125/0x1a0 [ 171.101549][ T276] exit_to_user_mode_loop+0x10f/0x130 [ 171.101564][ T276] exit_to_user_mode_prepare+0xee/0x180 [ 171.101577][ T276] syscall_exit_to_user_mode+0x16/0x40 [ 171.101593][ T276] do_syscall_64+0x58/0xa0 [ 171.101606][ T276] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 171.101620][ T276] [ 171.101624][ T276] Last potentially related work creation: [ 171.101629][ T276] kasan_save_stack+0x35/0x60 [ 171.101643][ T276] kasan_record_aux_stack+0xb8/0x100 [ 171.101659][ T276] call_rcu+0x189/0x950 [ 171.101673][ T276] sctp_association_free+0x69d/0x7e0 [ 171.101689][ T276] sctp_do_sm+0x3725/0x55f0 [ 171.101701][ T276] sctp_assoc_bh_rcv+0x3ee/0x630 [ 171.101715][ T276] sctp_backlog_rcv+0x15f/0x3c0 [ 171.101729][ T276] __release_sock+0x1e1/0x450 [ 171.101743][ T276] release_sock+0x5b/0x1b0 [ 171.101756][ T276] sctp_wait_for_connect+0x38b/0x680 [ 171.101771][ T276] sctp_sendmsg_to_asoc+0x17bd/0x1d90 [ 171.101785][ T276] sctp_sendmsg+0x196a/0x2900 [ 171.101799][ T276] __sys_sendto+0x46d/0x620 [ 171.101815][ T276] __x64_sys_sendto+0xda/0xf0 [ 171.101830][ T276] do_syscall_64+0x4c/0xa0 [ 171.101844][ T276] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 171.101859][ T276] [ 171.101862][ T276] The buggy address belongs to the object at ffff8880244b5000 [ 171.101862][ T276] which belongs to the cache kmalloc-1k of size 1024 [ 171.101876][ T276] The buggy address is located 64 bytes inside of [ 171.101876][ T276] 1024-byte region [ffff8880244b5000, ffff8880244b5400) [ 171.101892][ T276] The buggy address belongs to the page: [ 171.121364][ T7966] F2FS-fs (loop4): Try to recover 1th superblock, ret: -30 [ 171.122109][ T276] page:ffffea0000912c00 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff8880244b7800 pfn:0x244b0 [ 171.126850][ T7966] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5 [ 171.131175][ T276] head:ffffea0000912c00 order:3 compound_mapcount:0 compound_pincount:0 [ 171.131191][ T276] flags: 0xfff00000010200(slab|head|node=0|zone=1|lastcpupid=0x7ff) [ 171.131224][ T276] raw: 00fff00000010200 ffffea0000895c08 ffffea0001ebe608 ffff888016c41dc0 [ 171.131237][ T276] raw: ffff8880244b7800 000000000010000d 00000001ffffffff 0000000000000000 [ 171.131245][ T276] page dumped because: kasan: bad access detected [ 171.131258][ T276] page_owner tracks the page as allocated [ 171.131263][ T276] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2a20(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 20, ts 47581511014, free_ts 36808286715 [ 171.131285][ T276] get_page_from_freelist+0x1bbd/0x1ca0 [ 171.131307][ T276] __alloc_pages+0x1ee/0x480 [ 171.131322][ T276] new_slab+0xc0/0x4b0 [ 171.131337][ T276] ___slab_alloc+0x80a/0xdd0 [ 171.131349][ T276] __kmalloc_node_track_caller+0x1fc/0x3a0 [ 171.234169][ T7966] F2FS-fs (loop4): Try to recover all the superblocks, ret: 0 [ 171.239262][ T276] __alloc_skb+0x22c/0x750 [ 171.239288][ T276] __tcp_send_ack+0x9d/0x5d0 [ 171.239305][ T276] tcp_rcv_established+0x12dc/0x1ce0 [ 171.239320][ T276] tcp_v4_do_rcv+0x44b/0x9b0 [ 171.255262][ T7962] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode. [ 171.258733][ T276] tcp_v4_rcv+0x26d8/0x2d10 [ 171.258757][ T276] ip_protocol_deliver_rcu+0x3ad/0x770 [ 171.511568][ T276] ip_local_deliver_finish+0x1d5/0x320 [ 171.517037][ T276] NF_HOOK+0x303/0x390 [ 171.521105][ T276] ip_sublist_rcv+0xa33/0xd30 [ 171.525780][ T276] ip_list_rcv+0x3ee/0x440 [ 171.530182][ T276] __netif_receive_skb_list_core+0x57f/0x750 [ 171.536171][ T276] page last free stack trace: [ 171.540837][ T276] free_unref_page_prepare+0x637/0x6c0 [ 171.546304][ T276] free_unref_page+0x8f/0x2a0 [ 171.550969][ T276] skb_release_data+0x3b1/0x800 [ 171.555815][ T276] __kfree_skb+0x4c/0x60 [ 171.560044][ T276] tcp_recvmsg_locked+0x14e1/0x27f0 [ 171.565235][ T276] tcp_recvmsg+0x232/0x770 [ 171.569635][ T276] inet_recvmsg+0x146/0x200 [ 171.574142][ T276] sock_read_iter+0x2b8/0x380 [ 171.578814][ T276] vfs_read+0x759/0xd60 [ 171.582971][ T276] ksys_read+0x152/0x260 [ 171.587217][ T276] do_syscall_64+0x4c/0xa0 [ 171.591621][ T276] entry_SYSCALL_64_after_hwframe+0x66/0xd0 [ 171.597515][ T276] [ 171.599822][ T276] Memory state around the buggy address: [ 171.605433][ T276] ffff8880244b4f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 171.613479][ T276] ffff8880244b4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 171.621528][ T276] >ffff8880244b5000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 171.629596][ T276] ^ [ 171.635731][ T276] ffff8880244b5080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 171.643778][ T276] ffff8880244b5100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 171.651820][ T276] ================================================================== [ 171.659875][ T276] Disabling lock debugging due to kernel taint [ 171.660236][ T5842] Bluetooth: hci1: command 0x0419 tx timeout [ 171.685269][ T4895] usb 7-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 171.694505][ T4895] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 171.699518][ T4184] ocfs2: Unmounting device (7,0) on (node local) [ 171.711054][ T4895] usb 7-1: config 0 descriptor?? [ 171.801791][ T276] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 171.809017][ T276] CPU: 0 PID: 276 Comm: jfsCommit Tainted: G B syzkaller #0 [ 171.817605][ T276] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 171.827835][ T276] Call Trace: [ 171.831125][ T276] [ 171.834057][ T276] dump_stack_lvl+0x188/0x250 [ 171.838743][ T276] ? show_regs_print_info+0x20/0x20 [ 171.843951][ T276] ? load_image+0x400/0x400 [ 171.848463][ T276] panic+0x2e5/0x810 [ 171.852358][ T276] ? asm_sysvec_apic_timer_interrupt+0x16/0x20 [ 171.858515][ T276] ? bpf_jit_dump+0xd0/0xd0 [ 171.863028][ T276] ? _raw_spin_unlock_irqrestore+0x10d/0x120 [ 171.869013][ T276] ? _raw_spin_unlock+0x40/0x40 [ 171.873867][ T276] ? txEnd+0x329/0x520 [ 171.877946][ T276] check_panic_on_warn+0x80/0xa0 [ 171.882890][ T276] ? txEnd+0x329/0x520 [ 171.886974][ T276] end_report+0x6d/0xf0 [ 171.891138][ T276] kasan_report+0x102/0x130 [ 171.895656][ T276] ? txEnd+0x329/0x520 [ 171.899744][ T276] kasan_check_range+0x235/0x290 [ 171.904699][ T276] txEnd+0x329/0x520 [ 171.908605][ T276] jfs_lazycommit+0x5b8/0xb40 [ 171.913286][ T276] ? txFreelock+0x5a0/0x5a0 [ 171.917781][ T276] ? _raw_spin_unlock_irqrestore+0x82/0x120 [ 171.923671][ T276] ? sched_dynamic_update+0x210/0x210 [ 171.929032][ T276] ? _raw_spin_unlock_irqrestore+0xc1/0x120 [ 171.934927][ T276] ? __kthread_parkme+0x157/0x1b0 [ 171.939963][ T276] kthread+0x436/0x520 [ 171.944038][ T276] ? txFreelock+0x5a0/0x5a0 [ 171.948540][ T276] ? kthread_blkcg+0xd0/0xd0 [ 171.953118][ T276] ret_from_fork+0x1f/0x30 [ 171.957527][ T276] [ 171.961014][ T276] Kernel Offset: disabled [ 171.965329][ T276] Rebooting in 86400 seconds..