0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

[  818.319506][T28868] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready
00:43:09 executing program 4:
pipe2$9p(&(0x7f0000001900), 0x0)
r0 = socket$key(0xf, 0x3, 0x2)
r1 = dup3(r0, 0xffffffffffffffff, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10)
write$FUSE_BMAP(r1, 0x0, 0x0)

00:43:09 executing program 2:
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='ext4_discard_preallocations\x00', r1}, 0x10)
write$cgroup_int(r0, &(0x7f0000000100), 0x1001)
ioctl$SIOCSIFHWADDR(r0, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}})

00:43:09 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
r4 = dup(r3)
write$FUSE_BMAP(r4, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r5, 0x0, 0x2)

00:43:09 executing program 2:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000180)={0x4c, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_COALESCE_TX_MAX_FRAMES_IRQ={0x8}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES={0x8}, @ETHTOOL_A_COALESCE_RX_USECS={0x8}, @ETHTOOL_A_COALESCE_TX_MAX_FRAMES_HIGH={0x8}]}, 0x4c}}, 0x0)

00:43:09 executing program 2:
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000280)={'veth1_to_hsr\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=@newlink={0x50, 0x10, 0x503, 0x0, 0x0, {0x0, 0xcf, 0x0, 0x0, 0x3}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gre={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_LOCAL={0x8, 0x6, @local}, @IFLA_GRE_REMOTE={0x8, 0x7, @multicast1=0xe000030a}]}}}, @IFLA_MTU={0x8}, @IFLA_MASTER={0x8, 0xa, r2}]}, 0x50}}, 0x0)

00:43:09 executing program 4:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000030"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

00:43:09 executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000007000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

[  818.490865][ T4541] scsi host1: usb-storage 2-1:1.0
[  818.504862][T28890] IPv6: ADDRCONF(NETDEV_CHANGE): gre1: link becomes ready
[  819.566781][ T4541] scsi 1:0:0:0: Direct-Access     Sandisk  ImageMate SDDR09 0177 PQ: 0 ANSI: 0
[  819.817338][T24134] usb 2-1: USB disconnect, device number 124
[  819.836288][T28886] sddr09: could not read card info
[  819.841357][  T347] sd 1:0:0:0: [sdb] 0 512-byte logical blocks: (0 B/0 B)
[  819.848221][  T347] sd 1:0:0:0: [sdb] 0-byte physical blocks
[  819.853889][  T347] sd 1:0:0:0: [sdb] Write Protect is off
[  819.859495][  T347] sd 1:0:0:0: [sdb] Asking for cache data failed
[  819.865627][  T347] sd 1:0:0:0: [sdb] Assuming drive cache: write through
[  819.876433][  T347] sd 1:0:0:0: [sdb] Attached SCSI removable disk
[  819.889267][T20695] udevd[20695]: inotify_add_watch(7, /dev/sdb, 10) failed: No such file or directory
00:43:10 executing program 1:
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f0000000180)={[{@errors_remount}, {@sysvgroups}, {@dioread_lock}, {@nolazytime}, {@noauto_da_alloc}, {@resgid}, {@barrier}, {@init_itable_val={'init_itable', 0x3d, 0x100}}, {@usrquota}]}, 0x12, 0x4cb, &(0x7f0000000a00)="$eJzs3VFrW9cdAPD/la3MSZzZ2fawBZaFJSMJWyQ7XhKzhyyDsTyMwLbsPXNs2RjLlrHkJDZhc9gHGIyxFvrUp74U+gEKJR+hFALte2lLS2mT9qEPaVUkXZnElWK7kX1b+/eDk3vOvZL+/xOjo3vuPUgB7FsnIuJKRPRFxNmIGEr359JytdFYaz3u0cO7k42SRL1+/ZMkknRf+7WSdHu49ZQYiIi/XY24mXwzbnVldW6iXC4tpe1ibX6xWF1ZPTc7PzFTmiktjI2NXhy/NH5hfKQn/RyOiMt//OD//3nlT5ff+M3td298dOafjbQG0+NP9qOXWl3PN/8v2vojYmkngmWgL93mM84DAICtaZzj/ygiftk8/x+KvubZKQAAALCX1H8/GI+TiDoAAACwZ+Waa2CTXCFdCzAYuVyh0FrD+5M4lCtXqrVfT1eWF6Zaa2WHI5+bni2XRtK1wsORTxrt0XSNbbt9fkN7LCKORsT/hg4224XJSnkq64sfAAAAsE8c3jD//3yoNf8HAAAA9pjhrBMAAAAAdpz5PwAAAOx95v8AAACwp/3l2rVGqbd//3rq1sryXOXWualSda4wvzxZmKwsLRZmKpWZ5nf2zW/2euVKZfG3sbB8p1grVWvF6srqjfnK8kLtxuxTP4ENAAAA7KKjv7j/ThIRa7872CwNB7JOCtgVyXYe/P7O5QHsvr6sEwAy0591AkBm8lknAGRus+sAXRfvvNn7XAAAgJ1x+mfd7/+7NgB7Wy7dbmsdAADwveb+P+xfeSsAYd/74SbHn//+f72+rYQAAICeG2yWJFdI7wUORi5XKEQcaf4sQD6Zni2XRtL5wdtD+R802qPNZybuGQIAAAAAAAAAAAAAAAAAAAAAAADAFtXrSdQBAACAPS0i92HS/Db//og4Nbjx+sCB5Iuh5jYibr90/YU7E7Xa0mhj/6fr+2svpvvPZ3EFAwAAANioPU9vz+MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJcePbw72S67GffjP0TEcKf4/THQ3A5EPiIOfZZE/xPPSyKirwfx1+5FxE87xU8aacVwmkWn+AczjJ+LiMM9iA/72f3G+HOl0/svFyea287vv/60PK/u419uffzr6zL+HNlijGMPXit2jX8v4lh/5/GnHT/pEv/kFuP/4++rq92O1V+OON3x8yd5KlaxNr9YrK6snpudn5gpzZQWxsZGL45fGr8wPlKcni2X0n87xvjvz1//6ln9P9Ql/vAm/T+1xf5/+eDOwx+3qvlO8c+c7Pz5+7ivc/zG2D8UEb9K643jp9v1tVb9Scdffev4s/o/1aX/m/39z2yx/2f/+u/30movPjIBgOdUXVmdmyiXS0tbrPxrOw9WUfl2lYHvRhr7ubI+RNzMdIACAAB6Zv2k/89ZZwIAAAAAAAAAAAAAAAAAAAD71258ndjGmGvZdBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Jm+DgAA//+79dWi")
r0 = inotify_init()
inotify_add_watch(r0, &(0x7f0000000580)='./file1\x00', 0x40)

00:43:10 executing program 4:
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r0}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='ext4_discard_preallocations\x00', r2}, 0x10)
write$cgroup_int(r1, &(0x7f0000000100), 0x1001)
ioctl$SIOCSIFHWADDR(r1, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}})

00:43:10 executing program 3:
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff}, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = dup3(r1, r0, 0x0)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r3}, 0x10)
write$FUSE_BMAP(r2, 0x0, 0x0)

00:43:10 executing program 0:
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000180)={0x4c, r1, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_COALESCE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_COALESCE_TX_MAX_FRAMES_IRQ={0x8}, @ETHTOOL_A_COALESCE_RX_MAX_FRAMES={0x8}, @ETHTOOL_A_COALESCE_RX_USECS={0x8}, @ETHTOOL_A_COALESCE_TX_MAX_FRAMES_HIGH={0x8}]}, 0x4c}}, 0x0)

00:43:10 executing program 2:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002c80)={0x0, 0x0, 0x0, &(0x7f0000000080)='GPL\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50)
ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0)
socket(0x0, 0x0, 0x0)
io_submit(0x0, 0x0, 0x0)
syz_mount_image$f2fs(&(0x7f0000010580), &(0x7f00000105c0)='./file0\x00', 0x2000800, &(0x7f0000000080)=ANY=[], 0x1, 0x1058c, &(0x7f0000010600)="$eJzs3EtvG1UbB/DHzZve3lIi1As7RkJIiYStOEkrKiQUoBUgNVXEZcEGcOyJ5db2hNhxQtYgseBrdIfYsOATsOF7ICHEBiR2IJBnJqiBLri4cSC/nzT5nzk+8/gcr3w80QRwYs0lP/5QiYtxLiJmIuJCRN6ulEdutYgnI+KpiDj1wFEp+3/rOB0R5yPi4rh4UbNSvvTZ+1/8PNq//fH9579958b97yvTWzUwbc9ERG+raO/2iszaRd4t+xujTp69lVGZxQu9e+V5VuRuupFX2G0cjGvkudwuxmdbO4NxbnYbzXG2O5t5/1a/eMPBqH1QJ7/gbmM7P2+lG3l2Blme7f1iXntl7g+GRZ1WWe+DvHwMhwdZ9Kd7abGerXt5NvvDsr+om7XSvXGOyizfLppZt5XPY+Nvf8zH3u1Of2cvGaXbg07WT67V6s/V6ter9e2slQ7TlWqj17q+ksy3u+Nh1WHa6K22s6zdTWvNrLeQzLebzWq9nszfTDc6jX5Sr9eWa4vVawtl69nklTtvJd1WMj/Olzr9nWGnO0g2s+2kuGIhWaot31hInq4nb6ytJ+uv37q1tv7muzffvvPi2msvl4P+MK1kfmlxaalaX6wu1ResH6bGN0mAv8z+H5gG+3/7/7D/PfHrh3/EN0kAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgBPr69nPX80bc8X5/8v+x8quJyLiakRciYjLEfHLQ8zE6UM1L0VEpWw/bPzs7+bwZSXyCuNrzpTH+YhYLY+fHn/UnwIAAAD8d3361YcfRcyMm/mfF6Y9IY5S+aPN2UnVy3/y+d+kql3Ki+1NqNrlg5ITcSUiZue+m1C1qxFx6sJ7E6r2p8wcirMPRKWIU0c5GwAA4Ggc3glMbPcGAADAsfPJtCfAdOT3a8v/xS/vBZ8porwheO7QGQAAAPAvVJn2BAAAAIBHLt//T/r5f994/h8AAAAcK8Xz/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgF/ZuZvctIEoDuAPqAv9UlHFx1VYVV2y4BA9Qpc9QHKb7DhDJMQ5yC5HiCDCnkhxxCKKxzhBv59kZmzBnwe757EGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2nRXrJc326vrpjn7QzN5fg0AAABwyq5YL8vJuDr/lq7/SJd+RcQ8ImYRMY2IU737ID7XMicR0UvzU+8vXtRwG1EmHD8zTMfXiPiTjoefbf8LAAAAcLm2m8UqYnCcli+/uy6Ic0o3bUa58spbPp9ypU3KsP+Z0qZPkVnMIqIY32dKm0dE//vfTGmvMqgNo2dDrxr656wGAAA4j3onkK17AwAA4N3513UBdKNcr03P4qe14GE1pAXBL7UzAAAA4APqdV0AAAAA0Lqy/7f/HwAAAFy2av8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2rQr1svtZrFqmrM/NPOmL+03rRoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgkf15OYEQCIMw2Lu+cxrMPyxp0Bg8WAXCx994GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgW373l/8TU+NMMvfaWHoeSdZOja1TY+/cOPrDePs1AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxf7cnUAIBEEY7Dv/c1rMPyxp0BhEqIKFjxnmYQEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC+6He//J+YGmeSudPG0vFIsnbV2Lpq7D1oHD0Yb/8GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALnbgQAAAAAAAyP+1EaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwAwcCAAAAAED+r41QVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhR04EAAAAAAA8n9thKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqirswIEAAAAAAJD/ayNUVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVYQcOBAAAAACA/F8boaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqgo7cCAAAAAAAOT/2ghVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV2IEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrA/97YJA2Ech19fEiVukxHSWwnMQEOFYAQ+JCRLnoEBWIiGitZiEVgBJDjXdKbgeZr/r7jiXgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOA1XR6+eIuIIlKXKdJ483N6j4iPSNu2HX3estidj83XPWf7wyTnd0x/y4goo+jjHACA3lXd5lit6+Vf3v+8g7zDvNW8qRfP/DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMCVnftnbSIMAwD+5s+lVicXB10EhbpoTP2XQlahIoirY2hjKaZa0gi2uNRvIPgF3HXq6mdwd3DQSZAOKiK4KJdc27eYIUW9C+3vB8/d0xvePx0Czz1vAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcyPZmOLGTl0IIp6t7eerdl6cLo+6fv709tRP33lRX4zHTIZIQwv3lbudyjnuZdGvrGw/a3W6n9x+TqRznkkgk/yIp+IMJAIBDJ8kires/JFvz6bNSK4RfL/fX/zNRHsas/3+8enYrniuu/xu57XDy1fsrq/W19Y2Lyyvtpc5S52Fjbu7qteaN67ON+uBdSd0bEwAAAP5OLYu4/i+3/uz/H4/yMGb9//j23TPxXBX1/0h7Tb+iVwIAAHC0nTz7/WtpxPNSrRaetPv9XmN43f17dngtYKkHNpVFXP9XWkWvCgAAAMjD9mZpX/9/McrDmP3/9y+qd+IxKyGE6az/f2nhUXcxv+1MtDy+Tlz0HgEAACjWdBZx/z8ZnP8v7x55KIcQLpwb5tnPAI5V/8+cf/0pnis+/38lvy1OpHJz+P8Y3JshVJtFrwgAAIDD7FgWabH/Mdma7/18frPm/D8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPCbHbtHiRiIAgCcn41W4oJgY+MJRDurBQtBvIYoCB7BxgN4B+/gPVKKltayhVjYyptkdNlmwSLx5/tg8l7CkHmZNHkBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGCl+dFXXsdh2uVVf+3x9fos4tNSDC9v7XaMyMshi/6FysOxKwAAAOA/qHN/XxTFc3N/ErGapf6/yXOi57/b6PLczy/3/Tnm3j/GTv3w/rnQtFsnbnpxeXW+P9gT/nybK2dM0s6nfy91eiHV6c3WvEn7Wd627fFaSteHqBYA+I69HPskfw9FPBizMAD+st3Fk0k/ioX+v56NUhcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAoD4CAAD//0nwcQg=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0)
r1 = openat$cgroup_ro(r0, &(0x7f00000000c0)='blkio.bfq.dequeue\x00', 0x275a, 0x0)
ioctl$FITRIM(r1, 0xc0185879, &(0x7f0000000000)={0x0, 0x20000000006})

00:43:11 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
r2 = syz_open_dev$usbfs(&(0x7f0000000000), 0x200, 0x102)
r3 = dup(r2)
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f00000007c0)=@usbdevfs_connect={0x1})

00:43:11 executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000007000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:11 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000030"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

00:43:11 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r2 = dup(0xffffffffffffffff)
write$FUSE_BMAP(r2, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX, @ANYBLOB=',wfdno=', @ANYRESHEX])
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r3, 0x0, 0x2)

00:43:11 executing program 4:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc71b, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0xc}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000000), &(0x7f0000000080)}, 0x20)
syz_usb_control_io(r0, &(0x7f00000002c0)={0x2c, &(0x7f00000001c0)={0x0, 0x0, 0x7, {0x7, 0x0, "47f882f4d1"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

00:43:11 executing program 3:
r0 = syz_usb_connect(0x0, 0x10b, &(0x7f0000000480)=ANY=[@ANYBLOB="05010900b24b6a10e6040300770100000001090224000b010000000904000302ccd4280009050b02000000040009058a02"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'vxcan1\x00'})

00:43:11 executing program 0:
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r0}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='ext4_discard_preallocations\x00', r2}, 0x10)
write$cgroup_int(r1, &(0x7f0000000100), 0x1001)
ioctl$SIOCSIFHWADDR(r1, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}})

00:43:11 executing program 0:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
ioctl$TCSETSW(r0, 0x4b71, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "7e129732d211ee00"})

00:43:11 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x0, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000007000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

[  820.425196][T28908] loop1: detected capacity change from 0 to 512
[  820.443670][T28914] 9pnet: Insufficient options for proto=fd
00:43:11 executing program 0:
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000100)={0x3, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x2, 0x7, 0x0, 0x0, 0x2}, 0x10}, 0x1, 0x7}, 0x0)

00:43:11 executing program 0:
socketpair$tipc(0x1e, 0x0, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:11 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
r2 = syz_open_dev$usbfs(&(0x7f0000000000), 0x200, 0x102)
r3 = dup(r2)
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f00000007c0)=@usbdevfs_connect={0x1})

[  820.530788][T28908] EXT4-fs error (device loop1): mb_free_blocks:1845: group 0, inode 16: block 41:freeing already freed block (bit 41); block bitmap corrupt.
[  820.550629][T28908] EXT4-fs (loop1): Remounting filesystem read-only
[  820.569692][T28908] EXT4-fs (loop1): 1 orphan inode deleted
00:43:11 executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000580)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b000111000000090400000195699b0009058b", @ANYRES32], 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002a20702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000016c0)={0x84, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

[  820.579806][T28908] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,sysvgroups,dioread_lock,nolazytime,noauto_da_alloc,resgid=0x0000000000000000,barrier,init_itable=0x0000000000000100,usrquota,. Quota mode: writeback.
[  820.607000][T28908] ext4 filesystem being mounted at /root/syzkaller-testdir3585454249/syzkaller.QWIcmC/506/file1 supports timestamps until 2038 (0x7fffffff)
[  820.649478][T28908] EXT4-fs error (device loop1): ext4_xattr_block_get:546: inode #15: comm syz-executor.1: corrupted xattr block 19
[  820.661790][T28908] EXT4-fs (loop1): Remounting filesystem read-only
[  820.668715][T28908] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=15
[  820.677685][T28908] EXT4-fs error (device loop1): ext4_xattr_block_get:546: inode #15: comm syz-executor.1: corrupted xattr block 19
[  820.690073][T28908] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=15
[  820.703719][T28908] EXT4-fs error (device loop1): ext4_xattr_block_get:546: inode #15: comm syz-executor.1: corrupted xattr block 19
[  820.715966][T28908] SELinux: inode_doinit_use_xattr:  getxattr returned 117 for dev=loop1 ino=15
[  820.724873][  T329] usb 4-1: new high-speed USB device number 18 using dummy_hcd
00:43:11 executing program 1:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000030"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

[  820.732482][   T30] audit: type=1400 audit(1713055391.399:929): avc:  denied  { watch } for  pid=28907 comm="syz-executor.1" path="/root/syzkaller-testdir3585454249/syzkaller.QWIcmC/506/file1/file1" dev="loop1" ino=15 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
00:43:11 executing program 1:
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r0}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='ext4_discard_preallocations\x00', r2}, 0x10)
write$cgroup_int(r1, &(0x7f0000000100), 0x1001)
ioctl$SIOCSIFHWADDR(r1, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}})

00:43:11 executing program 1:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xe, 0x4, 0x8, 0x6}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000440)='mm_page_alloc\x00'}, 0x10)
r0 = socket$xdp(0x2c, 0x3, 0x0)
setsockopt$XDP_TX_RING(r0, 0x11b, 0x3, &(0x7f00000003c0)=0x800, 0x4)

00:43:11 executing program 1:
gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc))
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r2}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
ioctl$KDSIGACCEPT(r0, 0x5607, 0x38)

[  820.827151][T28901] loop2: detected capacity change from 0 to 131072
[  820.836328][ T4541] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  820.896838][T28901] F2FS-fs (loop2): Unrecognized mount option "GPL" or missing value
[  820.906408][T24746] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[  820.996764][  T329] usb 4-1: Using ep0 maxpacket: 16
[  821.116376][  T329] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 11
[  821.125165][  T329] usb 4-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0
[  821.134922][  T329] usb 4-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0
[  821.144610][  T329] usb 4-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0
[  821.154324][  T329] usb 4-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0
[  821.163992][  T329] usb 4-1: config 1 interface 0 has no altsetting 0
[  821.170598][  T329] usb 4-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77
[  821.179582][  T329] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
00:43:11 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0x8, 0x8}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='tlb_flush\x00', r2}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

[  821.227751][  T329] ums-sddr09 4-1:1.0: USB Mass Storage device detected
[  821.256371][ T4541] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  821.266337][T24746] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11
[  821.267303][ T4541] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  821.278402][T24746] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024
[  821.287943][ T4541] usb 5-1: New USB device found, idVendor=046d, idProduct=c71b, bcdDevice= 0.00
[  821.299007][T24746] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  821.308018][ T4541] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
00:43:12 executing program 2:
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff}, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = dup3(r1, r0, 0x0)
r3 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r3}, 0x10)
write$FUSE_BMAP(r2, 0x0, 0x0)

00:43:12 executing program 2:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
finit_module(r1, 0x0, 0x0)

00:43:12 executing program 2:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000030"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

00:43:12 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0x0, 0x5, 0x2, 0x7, 0x102, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r0}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='ext4_discard_preallocations\x00', r2}, 0x10)
write$cgroup_int(r1, &(0x7f0000000100), 0x1001)
ioctl$SIOCSIFHWADDR(r1, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}})

00:43:12 executing program 2:
r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000080)=@framed={{0xffffffb4, 0x5, 0x0, 0x0, 0x0, 0x71, 0x10, 0x35}, [@ldst={0x5}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x366, 0x10, &(0x7f0000000000), 0x2b2}, 0x39)
r1 = socket$packet(0x11, 0x3, 0x300)
setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000ac0)=r0, 0x4)
r2 = socket(0x840000000002, 0x3, 0xfa)
connect$inet(r2, &(0x7f0000000140)={0x2, 0x0, @remote}, 0x10)
sendmmsg$inet(r2, &(0x7f0000005240), 0x4000095, 0x0)

[  821.316680][T24746] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  821.325295][ T4541] usb 5-1: config 0 descriptor??
[  821.356439][T28941] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[  821.364540][T28959] Invalid ELF header magic: != ELF
00:43:12 executing program 2:
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000002c0)={'macvlan0\x00', <r1=>0x0})
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="400000001000010400"/20, @ANYRES32=r1, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00 \x00?'], 0x40}, 0x1, 0x1100}, 0x0)

[  821.436847][  T329] scsi host1: usb-storage 4-1:1.0
00:43:12 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0x8, 0x8}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='tlb_flush\x00', r2}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:12 executing program 2:
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff}, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = dup3(r1, r0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r3}, 0x10)
write$FUSE_BMAP(r2, 0x0, 0x0)

00:43:12 executing program 2:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
finit_module(r1, 0x0, 0x0)

00:43:12 executing program 2:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bf"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000030"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

00:43:12 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r4 = dup(r3)
write$FUSE_BMAP(r4, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r5, 0x0, 0x2)

00:43:12 executing program 2:
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000040ac054382408b0b0000010902"], 0x0)
syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x458, 0x5015, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, {0x9}}}]}}]}}, 0x0)

[  821.515733][T28977] Invalid ELF header magic: != ELF
00:43:12 executing program 1:
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
mount(&(0x7f0000000040)=ANY=[@ANYBLOB='mtd', @ANYRESHEX=0x0], &(0x7f00000000c0)='./file0\x00', &(0x7f0000001200)='jffs2\x00', 0x0, 0x0)
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f0000001540)='./file0\x00', 0x2000004c, &(0x7f0000000580)=ANY=[@ANYBLOB="686f636861727365743d61736369692c646973636172642c641887507dc7bf80ba291326bb236733516986636172642c7569643d7b66d9ca1896865f06e1070759602a41b4d41ca61cc3ab271de2f67659129d00d0aa41ec", @ANYRESHEX=0x0, @ANYBLOB=',dmask=00000000000000000000152,iocharset=cp864,gid=', @ANYRESOCT, @ANYRESHEX], 0x1, 0x14f7, &(0x7f00000035c0)="$eJzs3HuYjlXbMPB1rrUuxjTpbpLNsM51XtxpsEySZJOQTZIkSZJdQtIkSUJiyC5pSEK2k2QzhGQzjUljv99knzR5pEmSkOzC+g49z/d6nrfnffve7+n7HO875+841nGvc677PO+15pxjrs0f9w89R9VrUb92MyIS/xL460uKECJGCDFMCHGDECIQQlSKrxR/5XgBBSn/2oewP9ej6dd6Bexa4v7nbdz/vI37n7dx//M27n/exv3P27j/eRv3n7G8bPucYjfyyLuDn//nZXz+/x8kt/zkbzaWv7nXfyGF+5+3cf/zNu5/3sb9z9u4/3kb9/9/vlr/yTHuf97G/WcsL7vWz595XNtxrf/+GGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4zlDef8VVoIceU1uNaLYowxxhhjjDHG2J/K57/WK2CMMcYYY4wxxtj/eyCkUEKLQOQT+UWMKCBixXUiTlwvCoobRETcKOLFTaKQuFkUFkVEUVFMJIjiooQwAoUVJEJRUpQSUXGLKC1uFYmijCgrygknyoskcZuoIG4XFcUdopK4U1QWd4kqoqqoJqqLu0UNcY+oKWqJ2uJeUUfUFfVEfXGfaCDuFw3FA6KReFA0Fg+JJuJh0VQ8IpqJR0Vz8ZhoIR4XLcUTopVoLdqItqLd/1X+K6KveFX0E/1FihggBorXxCAxWAwRQ8Uw8boYLt4QI8SbIlWMFKPEW2K0eFuMEe+IsWKcGC/eFRPERDFJTBZTxFSRJt4T08T7Yrr4QMwQM8UsMVukizlirvhQzBPzxQLxkVgoPhaLxGKxRCwVGeITkSmWiSzxqVguPhPZYoVYKVaJ1WKNWCvWifVig9goNonNYovYKraJ7eJzsUPsFLvEbrFH7BX7xBdiv/hSHBBfiRzx9X8x/+y/y+8FAgRIkKBBQz7IBzEQA7EQC3EQBwWhIEQgAvEQD4WgEBSGwlAUikICJEAJKAEICAQEJaEkRCEKpaE0JEIilIWy4MBBEiRBBbgdKkJFqASVoDJUhipQFapCdagONaAG1ISaUBtqQx2oA/WgHtwH98H90BAaQiNoBI2hMTSBJtAUmkIzaAbNoTm0gBbQElpCK2gFbaANtIN20B7aQwfoAJ2gE3SGztAFukAyJENX6ArdoBt0h+7QA3pAT+gJvaA39IZX4BV4FV6F/lBHDoCBMBAGwSAYAkNhKLwOw+ENeAPehFQYCaPgLXgL3oYxcAbGwjgYD+OhhpwIk2AykJwKaZAG02AaTIfpMANmwkyYDekwB+bCXJgH82E+fAQL4WP4GBbDYlgKGZABmbAMsiALlsNZyIYVsBJWwWpYA6thHayHdbARNsFG2AJbYBtsg8/hc9gJO2E37Ia9sBe+gC/gS/gSUiEHcuAgHIRDcAgOw2HIhVw4AkfgKByFY3AMjsNxOAEn4RSchNNwGs7AWTgH5+ACXICL8FLCd833ltmQKuQVWmqZT+aTMTJGxspYGSfjZEFZUEZkRMbLeFlIFpKFZWFZVBaVCTJBlpAlJEqUJENZUpaUURmVpWVpmSgTZVlZVjrpZJJMkhVkBVlRVpSV5J2ysrxLVpFVZUdXXVaXNWQnV1PWkrVlbVlH1pX1ZH1ZXzaQDWRD2VA2ko1kY9lYNpEPy6ZyAAyBR+WVzrSQI6GlHAWtZGvZRraVb8OTsr0cAx1kR9lJPi3HwVjoItu7ZPmc7ConQTf5gpwML8oecir0lC/LXrK37CNfkX1lB9dP9pczYIAcKGfDIDlYDpFD5TyoK690rJ58U6bKkXKUfEsuhbflGPmOHCvHyfHyXTlBTpST5GQ5RU6VafI9OU2+L6fLD+QMOVPOkrNlupwj58oP5Tw5Xy6QH8mF8mO5SC6WS+RSmSE/kZlymcySn8rl8jOZLVfIlXKVXC3XyLVynVwvN8iNcpPcLLfIrXKb3C4/lzvkTrlL7pZ75F65T34h98sv5QH5lcyRX8uD8i/ykPxGHpbfylz5nTwiv5dH5Q/ymPxRHpc/yRPypDwlf5an5S/yjDwrz8nz8oL8VV6Ul+Rl6aVQoKRSSqtA5VP5VYwqoGLVdSpOXa8KqhtURN2o4tVNqpC6WRVWRVRRVUwlqOKqhDIKlVWkQlVSlVJRdYsqrW5ViaqMKqvKKafKqyR1m6qgblcV1R2qkrpTVVZ3qSqqqqqmqqu7VQ11j6qpaqna6l5VR9VV9VR9dZ9qoO5XDdUDqpF6UDVWD6km6mHVVD2imqlHVXP1mGqhHlct1ROqlWqt2qi2qp16UrVXT6kOqqPqpJ5WndUzqot6ViWr51RX9bzqpl5Q3dWLqod6SfVUL6teqrfqoy6py8qrfqq/SlED1ED1mhqkBqshaqgapl5Xw9UbaoR6U6WqkWqUekuNVm+rMeodNVaNU+PVu2qCmqgmqclqipqq0tR7app6X01XH6gZaqaapWardDVHDflbpQX/B/nv/5P8Eb99+ja1XX2udqidapfarfaovWqf2qf2q/3qgDqgclSOOqgOqkPqkDqsDqtclauOqCPqqDqqjqlj6rg6rk6ok+q8+lmdVr+oM+qsOqvOqwvqgrr4t9+B0KClVlrrQOfT+XWMLqBj9XU6Tl+vC+obdETfqOP1TbqQvlkX1kV0UV1MJ+jiuoQ2GrXVpENdUpfSUX2LLq1v1Ym6jC6ry2mny+skfdu/nP9H62un2+n2ur3uoDvoTrqT7qw76y66i07Wybqr7qq76W66u+6ue+geuqfuqXvpXrqP7qP76r66n+6nU3SKHqhf04P0YD1ED9XD9Ot6uB6uR+gROlWn6lF6lB6tR+sxeoweq8fq8Xq8nqAn6El6kp6ip+g0naan6Wl6up6uZ+gZepaepdN1up6r5+p5ep5eoBfohXqhXqQX6SV6ic7QGTpTZ+osnaWX6+U6W6/QK/QqvUqv0Wv0Or1Ob9Ab9Ca9SW/RW3S23q636x16h96ld+k9eo/ep/fp/Xq/PqAP6Bydow/qg/qQPqQP68M6V+fqI/qIPqqP6mP6mD6uj+sT+oQ+pU/p0/q0PqPP6HP6nL6gL+iL+qK+rC9fuewLZCADHeggX5AviAligtggNogL4oKCQcEgEkSC+CA+KBTcHBQOigRFg2JBQlA8KBGYAAMbUBAGJYNSQTS4JSgd3BokBmWCskG5wAXlg6TgtqBCcHtQMbgjqBTcGVQO7gqqBFWDakH14O6gRnBPUDOoFdQO7g3qBHWDekH94L6gQXB/0DB4IGgUPBg0Dh4KmgQPB02DR4JmwaNB8+CxoEXweNAyeCJoFbQO2gRtg3Z/an3vzxR5yvUz/U2KGWAGmtfMIDPYDDFDzTDzuhlu3jAjzJsm1Yw0o8xbZrR524wx75ixZpwZb941E8xEM8lMNlPMVJNm3jPTzPtmuvnAzDAzzSwz26SbOWau+dDMM/PNAvORWWg+NovMYrPELDUZ5hOTaZaZLPOpWW4+M9lmhVlpVpnVZo1Za9aZ9WaD2Wg2mc1mi9lqtpnt5nOzw+w0u8xus8fsNfvMF2a/+dIcMF+ZHPO1OWj+Yg6Zb8xh863JNd+ZI+Z7c9T8YI6ZH81x85M5YU6aU+Znc9r8Ys6Ys+acOW8umF/NRXPJXDb+ysX9ldM7atSYD/NhDMZgLMZiHMZhQSyIEYxgPMZjISyEhbEwFsWimIAJWAJL4BWEhCWxJEYxiqWxNCZiIpbFsujQYRImYQWsgBWxIlbCSlgZK2MVrILVsBrejXfjPXgP1sJaeC/ei3WxLtbH+tgAG2BDbIiNsBE2xsbYBJtgU2yKzbAZNsfm2AJbYEtsia2wFbbBNtgO22F7bI8dsAN2wk7YGTtjF+yCyZiMXbErdsNu2B27Yw/sgT2xJ/bCXtgH+2Bf7Iv9sB+mYAoOxIE4CAfhEByCw3AYDsfhOAJHYCqm4igchaNxNI7BMTgWx+F4fBcn4ESchJNxCk7FNEzDaTgNp+N0nIEzcBbOwnRMx7k4F+fhPFyAC3AhLsRFuAiX4BLMwAzMxEzMwixcjssxG7NxJa7E1bga1+JaXI/rcSNuxM24GbfiVtyO23EH7sBduAv34B7ch/twP+7HA3gAczAHD+JBPISH8DAexlzMxSN4BI/iUTyGx/A4HscTeAJP4Sk8jafxDJ7Bc3gOL+CveBEv4WX0GGOliLXX2Th7vS1ob7AxtoD9+7ioLWYTbHFbwhpb2Bb5hxittYm2jC1ry1lny9ske9vv4iq2qq1mq9u7bQ17j635u7iBvd82tA/YRvZBW9/e9w9xY/uQbWIft03tE7aZbW2b27a2hX3ctrRP2Fa2tW1j29rO9hnbxT5rk+1ztqt9/ndxpl1m19sNdqPdZPfbL+05e94etT/YC/ZX28/2t8Ps63a4fcOOsG/aVDvyd/F4+66dYCfaSXaynWKn/i6eZWfbdDvHzrUf2nl2/u/iDPuJXWiz7CK72C6xS3+Lr6wpy35ql9vPbLZdYVfaVXa1XWPX2nX/ttZVdovdarfZffYLu8PutLvsbrvH7v0tvrKPA/Yrm2O/tkfs9/aQ/cYetsdsrv3ut/jK/o7ZH+1x+5M9YU/aU/Zne9r+Ys/Ys7/t/8ref7aX7GXrrSAgSYo0BZSP8lMMFaBYuo7i6HoqSDdQhG6keLqJCtHNVJiKUFEqRglUnEqQISRLRCGVpFIUpVuoNN1KiVSGylI5clSekug2qkC3U0W6gyrRnVSZ7qIqVJWqUXW6m2rQPVSTalFtupfqUF2qR/XpPmpA91NDeoAa0YPUmB6iJvQwNaVHqBk9Ss3pMWpBj1NLeoJaUWtqQ22pHT1J7ekp6kAdqRM9TZ3pGepCz1IyPUdd6XnqRi9Qd3qRetBL1JNepl7Um/rQK9SXXqV+1J9SaAANpNdoEA2mITSUhtHrNJzeoBH0JqXSSBpFb9FoepvG0Ds0lsbReHqXJtBEmkSTaQpNpTR6j6bR+zSdPqAZNJNm0WxKpzk0lz6keTSfFtBHtJA+pkW0mJbQUsqgTyiTllEWfUrL6TPKphW0klbRalpDa2kdracNtJE20WbaQltpG22nz2kH7aRdtJv20F7aR1/QfvqSDtBXlENf00H6Cx2ib+gwfUu59B0doe/pKP1Ax+hHOk4/0Qk6SafoZzpNv9AZOkvn6DxdoF/pIl2iy+RJhBDKUIU6DMJ8Yf4wJiwQxobXhXHh9WHB8IYwEt4Yxoc3hYXCm8PCYZGwaFgsTAiLhyVCE2JoQwrDsGRYKoyGt4Slw1vDxLBMWDYsF7qwfJgU3hZWCG8PK4Z3hJXCO8PK4V1hlbBq+PiD1cO7wxrhPWHNsFZYO7w3rBPWDeuF9cP7wgbh/WHD8IGwUfhgWDF8KGwSPhw2DR8Jm4WPhs3Dx8IW4eNhy/CJsFXYOmwTtg3bhU+G7cOnwg5hx7BT+HTYOXwm7BI+GyaHz4Vdw+f/8HhKOCAcGL4WvhZ6/4BaEl0azYh+Es2MLotmRT+NLo9+Fs2OroiujK6Kro6uia6Nrouuj26Iboxuim6ObolujW6Lel8/v3DgpFNOu8Dlc/ldjCvgYt11Ls5d7wq6G1zE3eji3U2ukLvZFXZFXFFXzCW44q6EMw6ddeRCV9KVclF3iyvtbnWJrowr68o558q7JNfWtXPtXHv3lOvgOrpO7mn3tHvGPeOedc+651xX97zr5l5w3d2Lrod7yb3kXna9XG/Xx73i+rpXXT/X36W4FDfQDXSD3CA3xA1xw9wwN9wNdyPcCJfqUt0oN8qNdqPdGDfGjXVj3Xg33k1wE9wkN8lNcVNcmktz09w0N91NdzPcDDfLzXLpLt3NdXPdPDfPLXAL3MLEhW6RW+SWuCUuw2W4TJfpslyWW+6Wu2yX7Va6lW61W+3WurVuvVvvNrqNbrPb7La6rW672+52uB1ul9vl9rg9bp/b5/a7/e6AO+ByXI476A66Q+6QO+y+dbnuO3fEfe+Ouh/cMfejO+5+cifcSXfK/exOu1/cGXfWnXPn3QX3q7voLrnLzru0yHuRaZH3I9MjH0RmRGZGZkVmR9IjcyJzIx9G5kXmRxZEPoosjHwcWRRZHFkSWRrJiHwSyYwsi2RFPo0sj3wWyY6siKyMrIqsjqyJeF98R+hL+lI+6m/xpf2tPtGX8WV9Oe98eZ/kb/MV/O2+or/DV/J3+sr+Ll/FV/XV/BO+lW/t2/i2vp1/0rf3T/kOvqPv5J/2nf0zvot/1if753xX/7zv5l/w3f2Lvod/yff0L/tevrfv41/xff2rvp/v71P8AD/Qv+YH+cF+iB/qh/nX/XD/hh/h3/SpfqQf5d/yo/3bfox/x4/14/x4/66f4Cf6SX6yn+Kn+jT/np/m3/fT/Qd+hp/pZ/nZPt3P8XP9h36en+8X+I/8Qv+xX+QX+yV+qc/wn/hMv8xn+U/9cv+Zz/Yr/Eq/yq/2a/xav86v9xv8Rr/Jb/Zb/Fa/zW/3n/sdfqff5Xf7PX6v3+e/8Pv9l/6A/8rn+K/9Qf8Xf8h/4w/7b32u/84f8d/7o/4Hf8z/6I/7n/wJf9Kf8j/70/4Xf8af9ef8eX/B/+ov+kv+svf+Wj9JZ4wxxhj770D9wfEB/+Rn8m/jioFCiOt3Fsv99zU3F/7rfLBM6BwRQjzXv+ej/3vUqZOSkvK392YrEZRaLISIXM3PJ67GK0Qn8YxIFh1FhX+6vsGy9wX6g/rRO4WI/bucGHE1vlr/9v+g/pNPj8+sHJ6L/0/qLxYisdTVnALiany1fsX/oH6R9n+w/gLfpAnR4e9y4sTV+Gr9JPGUeF4k/8M7GWOMMcYYY4yxvxosq3X/o/vnK/fnCfpqTn5xNf6j+3PGGGOMMcYYY4xdey/27vPsk8nJHbvzhCc84cm/Ta71fybGGGOMMcbYn+3qRf+1XgljjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMZZ3/f/4OrFrvUfGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGPsWvtfAQAA//9itDg8")
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000008000000000000001000000940000000fad413ec50000000f00000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='netlink_extack\x00', r0}, 0x10)
r1 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000001800092100000000000000001c1400"/28], 0x1c}}, 0x0)
chdir(&(0x7f0000000140)='./file0\x00')
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d032, 0xffffffffffffffff, 0x0)
r2 = userfaultfd(0x80001)
r3 = socket(0x840000000002, 0x3, 0x100)
setsockopt$inet_MCAST_JOIN_GROUP(r3, 0x0, 0x3, 0x0, 0x0)
ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
ioctl$UFFDIO_CONTINUE(r2, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})

[  821.720191][T28985] loop1: detected capacity change from 0 to 256
[  821.766630][T28985] exfat: Unknown parameter 'hocharset'
00:43:12 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0x8, 0x8}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='tlb_flush\x00', r2}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:12 executing program 1:
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f0000000180)={[{@errors_remount}, {@sysvgroups}, {@dioread_lock}, {@nolazytime}, {@noauto_da_alloc}, {@resgid}, {@barrier}, {@init_itable_val={'init_itable', 0x3d, 0x100}}, {@usrquota}]}, 0x12, 0x4cb, &(0x7f0000000a00)="$eJzs3VFrW9cdAPD/la3MSZzZ2fawBZaFJSMJWyQ7XhKzhyyDsTyMwLbsPXNs2RjLlrHkJDZhc9gHGIyxFvrUp74U+gEKJR+hFALte2lLS2mT9qEPaVUkXZnElWK7kX1b+/eDk3vOvZL+/xOjo3vuPUgB7FsnIuJKRPRFxNmIGEr359JytdFYaz3u0cO7k42SRL1+/ZMkknRf+7WSdHu49ZQYiIi/XY24mXwzbnVldW6iXC4tpe1ibX6xWF1ZPTc7PzFTmiktjI2NXhy/NH5hfKQn/RyOiMt//OD//3nlT5ff+M3td298dOafjbQG0+NP9qOXWl3PN/8v2vojYmkngmWgL93mM84DAICtaZzj/ygiftk8/x+KvubZKQAAALCX1H8/GI+TiDoAAACwZ+Waa2CTXCFdCzAYuVyh0FrD+5M4lCtXqrVfT1eWF6Zaa2WHI5+bni2XRtK1wsORTxrt0XSNbbt9fkN7LCKORsT/hg4224XJSnkq64sfAAAAsE8c3jD//3yoNf8HAAAA9pjhrBMAAAAAdpz5PwAAAOx95v8AAACwp/3l2rVGqbd//3rq1sryXOXWualSda4wvzxZmKwsLRZmKpWZ5nf2zW/2euVKZfG3sbB8p1grVWvF6srqjfnK8kLtxuxTP4ENAAAA7KKjv7j/ThIRa7872CwNB7JOCtgVyXYe/P7O5QHsvr6sEwAy0591AkBm8lknAGRus+sAXRfvvNn7XAAAgJ1x+mfd7/+7NgB7Wy7dbmsdAADwveb+P+xfeSsAYd/74SbHn//+f72+rYQAAICeG2yWJFdI7wUORi5XKEQcaf4sQD6Zni2XRtL5wdtD+R802qPNZybuGQIAAAAAAAAAAAAAAAAAAAAAAADAFtXrSdQBAACAPS0i92HS/Db//og4Nbjx+sCB5Iuh5jYibr90/YU7E7Xa0mhj/6fr+2svpvvPZ3EFAwAAANioPU9vz+MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJcePbw72S67GffjP0TEcKf4/THQ3A5EPiIOfZZE/xPPSyKirwfx1+5FxE87xU8aacVwmkWn+AczjJ+LiMM9iA/72f3G+HOl0/svFyea287vv/60PK/u419uffzr6zL+HNlijGMPXit2jX8v4lh/5/GnHT/pEv/kFuP/4++rq92O1V+OON3x8yd5KlaxNr9YrK6snpudn5gpzZQWxsZGL45fGr8wPlKcni2X0n87xvjvz1//6ln9P9Ql/vAm/T+1xf5/+eDOwx+3qvlO8c+c7Pz5+7ivc/zG2D8UEb9K643jp9v1tVb9Scdffev4s/o/1aX/m/39z2yx/2f/+u/30movPjIBgOdUXVmdmyiXS0tbrPxrOw9WUfl2lYHvRhr7ubI+RNzMdIACAAB6Zv2k/89ZZwIAAAAAAAAAAAAAAAAAAAD71258ndjGmGvZdBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Jm+DgAA//+79dWi")
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000580)='./file1\x00', 0x40)

[  821.807619][ T4541] logitech-djreceiver 0003:046D:C71B.0132: item fetching failed at offset 5/7
[  821.816441][ T4541] logitech-djreceiver 0003:046D:C71B.0132: logi_dj_probe: parse failed
[  821.824482][ T4541] logitech-djreceiver: probe of 0003:046D:C71B.0132 failed with error -22
[  821.836346][T23898] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  821.882074][T28991] loop1: detected capacity change from 0 to 512
[  821.937793][T28991] EXT4-fs error (device loop1): mb_free_blocks:1845: group 0, inode 16: block 41:freeing already freed block (bit 41); block bitmap corrupt.
[  821.952220][T28991] EXT4-fs (loop1): Remounting filesystem read-only
[  821.958758][T28991] EXT4-fs (loop1): 1 orphan inode deleted
[  821.964356][T28991] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,sysvgroups,dioread_lock,nolazytime,noauto_da_alloc,resgid=0x0000000000000000,barrier,init_itable=0x0000000000000100,usrquota,. Quota mode: writeback.
00:43:12 executing program 1:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
finit_module(r1, 0x0, 0x0)

[  821.986272][T28991] ext4 filesystem being mounted at /root/syzkaller-testdir3585454249/syzkaller.QWIcmC/513/file1 supports timestamps until 2038 (0x7fffffff)
[  822.008970][T24134] usb 5-1: USB disconnect, device number 20
00:43:12 executing program 1:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bf"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000030"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

00:43:12 executing program 1:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='mm_page_alloc\x00', r0}, 0x10)
openat$uhid(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)

[  822.063903][T28996] Invalid ELF header magic: != ELF
[  822.196338][T23898] usb 3-1: config 0 has no interfaces?
[  822.266371][T24746] aiptek 1-1:17.0: Aiptek using 400 ms programming speed
[  822.277195][T23898] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  822.286031][T23898] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  822.298450][T24746] input: Aiptek as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:17.0/input/input359
[  822.312294][T23898] usb 3-1: Manufacturer: syz
[  822.318624][T23898] usb 3-1: config 0 descriptor??
00:43:13 executing program 4:
r0 = syz_open_dev$tty20(0xc, 0x4, 0x1)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f0000000180)=@framed={{}, [@call={0x85, 0x0, 0x0, 0xd0}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={0x0, r1}, 0x10)
ioctl$TCSETSW(r0, 0x4b4b, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "7e129732d211ee00"})

[  822.446604][T23898] scsi 1:0:0:0: Direct-Access     Sandisk  ImageMate SDDR09 0177 PQ: 0 ANSI: 0
[  822.468509][ T4541] usb 1-1: USB disconnect, device number 25
[  822.557035][T28983] UDC core: couldn't find an available UDC or it's busy: -16
[  822.564224][T28983] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  822.571950][T24134] usb 3-1: USB disconnect, device number 22
[  822.707673][  T329] usb 4-1: USB disconnect, device number 18
[  822.726316][T28966] sddr09: could not read card info
[  822.731313][T20619] sd 1:0:0:0: [sdb] 0 512-byte logical blocks: (0 B/0 B)
[  822.738319][T20619] sd 1:0:0:0: [sdb] 0-byte physical blocks
[  822.743979][T20619] sd 1:0:0:0: [sdb] Write Protect is off
[  822.749537][T20619] sd 1:0:0:0: [sdb] Asking for cache data failed
[  822.755672][T20619] sd 1:0:0:0: [sdb] Assuming drive cache: write through
[  822.764327][T20619] sd 1:0:0:0: [sdb] Attached SCSI removable disk
[  822.778185][T20695] udevd[20695]: inotify_add_watch(7, /dev/sdb, 10) failed: No such file or directory
00:43:13 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bf"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000030"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

00:43:13 executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
r2 = syz_open_dev$usbfs(&(0x7f0000000000), 0x200, 0x102)
r3 = dup(r2)
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f00000007c0)=@usbdevfs_connect={0x1})

00:43:13 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r4 = dup(r3)
write$FUSE_BMAP(r4, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r5, 0x0, 0x2)

00:43:13 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x0, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000007000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:13 executing program 2:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
finit_module(r1, 0x0, 0x0)

00:43:13 executing program 4:
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = creat(&(0x7f0000000300)='./bus\x00', 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000000000066000000004b64ffec850000006d000000c50000000500000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
io_setup(0x800, &(0x7f0000000040)=<r2=>0x0)
io_getevents(r2, 0x6, 0x6, &(0x7f0000000140)=[{}, {}, {}, {}, {}, {}], 0x0)
io_submit(r2, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, r0, 0x0}])
io_destroy(r2)

00:43:13 executing program 1:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc71b, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0xc}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000000), &(0x7f0000000080)}, 0x20)
syz_usb_control_io(r0, &(0x7f00000002c0)={0x2c, &(0x7f00000001c0)={0x0, 0x0, 0x7, {0x7, 0x0, "47f882f4d1"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

00:43:13 executing program 0:
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x2, 0x4, 0x7fe2, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3, &(0x7f0000000440)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r0}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:13 executing program 3:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:13 executing program 2:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000700000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_service_time\x00', 0x275a, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1c916, &(0x7f0000000180)=ANY=[@ANYBLOB='nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=', @ANYRESHEX=0xee01, @ANYBLOB=',jqfmt=vfsold,noauto_da_alloc,resgid=', @ANYRESDEC=r1, @ANYBLOB="3200ff97274c68d17b7c16f8461797323c26897387cd742fcba8abebd00606fa2ce467cd74", @ANYRES32=r0], 0x1b, 0x4da, &(0x7f0000000a40)="$eJzs3d1rW+cZAPDnHFtZPpzZYbvIAsvCkmGHLZIdL4kZLNtgbFeBbdnF7jLPlo2xbBlLTmITNof9AYMR2kKvetWbQv+AQsldb0tLoL0vbWkpbdJe9KKNir7SxJH8QWQrWL8fHOs9H/LzvBJ6dd73vOgE0LNORcT5iHhYqVTORsRgY3vaWO4eiYj1+nEP7t+aqi5JVCpXP08iaWyrHj/y2P9sPCUORsTf/hzxr+TpuKXVtfnJQiG/3FjPlReWcqXVtXNzC5Oz+dn84vj42MWJSxMXJkY7Us+BiLj8x49f+N+rf7r85q9ufHDt05F/V9P6bWN/sx6dVq96pvZaNPVHxPJuBOuCvkZ9Mt1OBACAbWme5/88Is7GYPTVzuYAAACA/aTyu4H4JomoAAAAAPtWWpsbm6TZxjyAgUjTbLY+h/fHcTgtFEvlX84UVxan63NohyKTzswV8qONucJDkUmq62O18vfr5zesj0fEsYi4M3iotp6dKhamuz34AQAAAD3iyIb+/1eD9f4/AAAAsM8MdTsBAAAAYNfp/wMAAMD+16L//49u5AEAAADsir9cuVJdKs37X09fX12ZL14/N50vzWcXVqayU8XlpexssThb+82+ha3+X6FYXPp1LK7czJXzpXKutLp2baG4sli+NvfELbABAACAPXTsZ3ffTyJi/TeHakvVgW4nBeyJ/p0c/NHu5QHsvb5uJwB0zY6+/4F9JdPtBICuS7bY33byztudzwUAANgdwz9pff0/2XJsYD3doxSBXWL8D3qX6//Qu1z/h96Vib7QkYfetvvX/yuVHSUEAAB03EBtSdJsRG0cYCDSNJuNOFq7LUAmmZkr5Ecj4ocR8d5g5gfV9bHaM5Mt+wwAAAAAAAAAAAAAAAAAAAAAAAAAQF2lkkQFAAAA2Nci0k+Sxv2/hgfPDGwcHziQfD1Ye4yIGy9fffHmZLm8PFbd/sWj7eWXGtvPd2MEAwAAANio2U9v9uMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJMe3L811Vz2Mu5nf4iIoVbx++Ng7fFgZCLi8JdJ9D/2vCQi+joQf/12RBxvFT+pphVDjSxaxT/UxfhpRBzpQHzoZXer7c/vW33+0jhVe2z9+btYa6GeXfv2L33U/vW1aX+ObjPGiXuv59rGvx1xor91+9OMn7SJf3qb8f/597W1dvsqr0QMt/z+SZ6IlSsvLOVKq2vn5hYmZ/Oz+cXx8bGLE5cmLkyM5mbmCvnG3xYRDsT/f/rGw83qfzjutG1/N6v/mW3W/9t7N+//qF7MtIo/crr1+3+8Tfy08d33i0a5un+4WV6vlx938rV3Tka8+1a7+k+3ef23ev9Htln/s3/974fbPBQA2AOl1bX5yUIhv9zThWd6NaqnRc9FLRR2WvjP85HGc1nobrsEAAB03tN94Cd14ho7AAAAAAAAAAAAAAAAAAAAsLm9/HW9pvXuVBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYFPfBQAA//9z7Ner")
r2 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)

00:43:13 executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x0, 0x2, 0x7, 0x102, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r0}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='ext4_discard_preallocations\x00', r2}, 0x10)
write$cgroup_int(r1, &(0x7f0000000100), 0x1001)
ioctl$SIOCSIFHWADDR(r1, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}})

[  823.255242][T29012] Invalid ELF header magic: != ELF
00:43:13 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r4, 0x0, 0x2)

00:43:13 executing program 3:
sched_setscheduler(0x0, 0x0, 0x0)
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000580)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0xe, 0x4, 0x8, 0x80008}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="a800000000010104000000000000000002000000240001801400018008000100e000000108000200ac1e01010c00028005000100000009002400028014000180080001000000010908000200ac1e00010c000280050001000000000044000f800800014000000006080003400000002b080003400000000808100240000000400800014000000000fb0001400000000708000140000044f1080003400000"], 0xa8}}, 0x0)

[  823.289410][T29024] loop2: detected capacity change from 0 to 512
[  823.304942][T29024] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled
[  823.314646][T29024] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  823.329865][T29024] [EXT4 FS bs=4096, gc=1, bpg=3008, ipg=32, mo=4015e018, mo2=0000]
00:43:14 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x0, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000007000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:14 executing program 2:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000030"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

[  823.339893][T29024] EXT4-fs (loop2): 1 truncate cleaned up
[  823.345393][T29024] EXT4-fs (loop2): mounted filesystem without journal. Opts: nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=0x000000000000ee01,jqfmt=vfsold,noauto_da_alloc,resgid=000000000000000000052,errors=continue. Quota mode: writeback.
[  823.369185][  T347] Quota error (device loop2): free_dqentry: Quota structure has offset to other block (1) than it should (5)
[  823.372714][T29024] EXT4-fs (loop2): re-mounted. Opts: (null). Quota mode: writeback.
00:43:14 executing program 0:
r0 = syz_usb_connect(0x0, 0x10b, &(0x7f0000000480)=ANY=[@ANYBLOB="05010900b24b6a10e6040300770100000001090224000b010000000904000302ccd4280009050b02000000040009058a02"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'vxcan1\x00'})

00:43:14 executing program 4:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:14 executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x2, 0x4, 0x7fe2, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3, &(0x7f0000000440)=@framed, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r0}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:14 executing program 4:
r0 = inotify_init()
inotify_add_watch(r0, &(0x7f0000000580)='./file1\x00', 0x40)

00:43:14 executing program 2:
syz_mount_image$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x20080, 0x0, 0x1, 0x0, &(0x7f0000000000))
mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='tracefs\x00', 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x2002}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10)
mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x2200c30, &(0x7f0000000380)={[{@gid}]})

[  823.451739][T29039] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.3'.
00:43:14 executing program 4:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000700000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_service_time\x00', 0x275a, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1c916, &(0x7f0000000180)=ANY=[@ANYBLOB='nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=', @ANYRESHEX=0xee01, @ANYBLOB=',jqfmt=vfsold,noauto_da_alloc,resgid=', @ANYRESDEC=r1, @ANYBLOB="3200ff97274c68d17b7c16f8461797323c26897387cd742fcba8abebd00606fa2ce467cd74", @ANYRES32=r0], 0x1b, 0x4da, &(0x7f0000000a40)="$eJzs3d1rW+cZAPDnHFtZPpzZYbvIAsvCkmGHLZIdL4kZLNtgbFeBbdnF7jLPlo2xbBlLTmITNof9AYMR2kKvetWbQv+AQsldb0tLoL0vbWkpbdJe9KKNir7SxJH8QWQrWL8fHOs9H/LzvBJ6dd73vOgE0LNORcT5iHhYqVTORsRgY3vaWO4eiYj1+nEP7t+aqi5JVCpXP08iaWyrHj/y2P9sPCUORsTf/hzxr+TpuKXVtfnJQiG/3FjPlReWcqXVtXNzC5Oz+dn84vj42MWJSxMXJkY7Us+BiLj8x49f+N+rf7r85q9ufHDt05F/V9P6bWN/sx6dVq96pvZaNPVHxPJuBOuCvkZ9Mt1OBACAbWme5/88Is7GYPTVzuYAAACA/aTyu4H4JomoAAAAAPtWWpsbm6TZxjyAgUjTbLY+h/fHcTgtFEvlX84UVxan63NohyKTzswV8qONucJDkUmq62O18vfr5zesj0fEsYi4M3iotp6dKhamuz34AQAAAD3iyIb+/1eD9f4/AAAAsM8MdTsBAAAAYNfp/wMAAMD+16L//49u5AEAAADsir9cuVJdKs37X09fX12ZL14/N50vzWcXVqayU8XlpexssThb+82+ha3+X6FYXPp1LK7czJXzpXKutLp2baG4sli+NvfELbABAACAPXTsZ3ffTyJi/TeHakvVgW4nBeyJ/p0c/NHu5QHsvb5uJwB0zY6+/4F9JdPtBICuS7bY33byztudzwUAANgdwz9pff0/2XJsYD3doxSBXWL8D3qX6//Qu1z/h96Vib7QkYfetvvX/yuVHSUEAAB03EBtSdJsRG0cYCDSNJuNOFq7LUAmmZkr5Ecj4ocR8d5g5gfV9bHaM5Mt+wwAAAAAAAAAAAAAAAAAAAAAAAAAQF2lkkQFAAAA2Nci0k+Sxv2/hgfPDGwcHziQfD1Ye4yIGy9fffHmZLm8PFbd/sWj7eWXGtvPd2MEAwAAANio2U9v9uMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJMe3L811Vz2Mu5nf4iIoVbx++Ng7fFgZCLi8JdJ9D/2vCQi+joQf/12RBxvFT+pphVDjSxaxT/UxfhpRBzpQHzoZXer7c/vW33+0jhVe2z9+btYa6GeXfv2L33U/vW1aX+ObjPGiXuv59rGvx1xor91+9OMn7SJf3qb8f/597W1dvsqr0QMt/z+SZ6IlSsvLOVKq2vn5hYmZ/Oz+cXx8bGLE5cmLkyM5mbmCvnG3xYRDsT/f/rGw83qfzjutG1/N6v/mW3W/9t7N+//qF7MtIo/crr1+3+8Tfy08d33i0a5un+4WV6vlx938rV3Tka8+1a7+k+3ef23ev9Htln/s3/974fbPBQA2AOl1bX5yUIhv9zThWd6NaqnRc9FLRR2WvjP85HGc1nobrsEAAB03tN94Cd14ho7AAAAAAAAAAAAAAAAAAAAsLm9/HW9pvXuVBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYFPfBQAA//9z7Ner")
r2 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)

[  823.499541][   T30] audit: type=1400 audit(1713055394.159:930): avc:  denied  { mount } for  pid=29049 comm="syz-executor.2" name="/" dev="tracefs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
[  823.516310][ T4541] usb 2-1: new high-speed USB device number 125 using dummy_hcd
00:43:14 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000007000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

[  823.544913][T29052] loop4: detected capacity change from 0 to 512
[  823.554240][   T30] audit: type=1400 audit(1713055394.199:931): avc:  denied  { remount } for  pid=29049 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
00:43:14 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0x8, 0x8}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r1], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='tlb_flush\x00', r2}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

[  823.582460][   T30] audit: type=1400 audit(1713055394.239:932): avc:  denied  { unmount } for  pid=28601 comm="syz-executor.2" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tracefs_t tclass=filesystem permissive=1
00:43:14 executing program 2:
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff}, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = dup3(r1, r0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r3}, 0x10)
write$FUSE_BMAP(r2, 0x0, 0x0)

00:43:14 executing program 2:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000280)='task_newtask\x00', r1}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:14 executing program 2:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000030"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

[  823.656741][T29052] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled
[  823.670894][T29052] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  823.696362][T24134] usb 1-1: new high-speed USB device number 26 using dummy_hcd
00:43:14 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000000), 0x200, 0x102)
r2 = dup(r1)
ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f00000007c0)=@usbdevfs_connect={0x1})

[  823.719271][T29052] [EXT4 FS bs=4096, gc=1, bpg=3008, ipg=32, mo=4015e018, mo2=0000]
[  823.733143][T29052] EXT4-fs (loop4): 1 truncate cleaned up
[  823.746317][T29052] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=0x000000000000ee01,jqfmt=vfsold,noauto_da_alloc,resgid=000000000000000000052,errors=continue. Quota mode: writeback.
00:43:14 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x5, 0x8, 0x1}, 0x48)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000940)={r0, &(0x7f0000000780)="d9", &(0x7f0000000900)=@udp=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000300)='kfree\x00', r2}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = memfd_create(&(0x7f0000000580)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\x91\xfdy\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7U\x00\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0`\xaa8\xc7\xc8\x9d\xfdA\b\x10\x92(c\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n\x8f~\xd0\xe2y-l\xef_\xb0\x93=\xabQ\xf7 \x1d\xa1\xce\x8b\xac \xe8\x88\xdc\x02\xd7\x04\x9b\x9aL\x9f([4\x81\xf6\xb6\xdf\x16J\xab\xecC\xfe{\xfd\x8a\xa3Eo\tCv\xad\x18\xe9\xd8]B6{\xf0(\xaeW;)\x9f\x9cR\xae\x12G\xd8\xa4\a\x00\x00\x00\x00\x00\x00\x00\x94\xb6\xe8\x885\x92#\x8dE \x86[N\xa7\xd03\xa8\xb4,\x85p\xbd\x88\x02\x1d\xf3\xd5X\xa0\xa9M\xca\xc7\x8b\x8cu\xf0\x00\x00\x00\x00\x00i\xc7\xe7\xbc\xd2\x1e\xf99|\x93\xc7\x7flk\xd2\xa0\xe9\x99`\xff\xf6\xfb\xc4\x9a[\x05\\\x96<\x92\xea}\xec\xac\x17\x9f7\xc0\xa1P\xd0\xf2\x8f\xdc\xf2\xb0\vV\xf7%4_\xba\x81\x95cLW\xfcw\xe0\x97wS\x15\xe4F\xb3\x8a\x9f\b\f\x10z\x14>\x03\xf9\xb0\x95\xbd\xaaF\x02\x86.\xbf\x85\xcfo)G\xb1m\xa8\x01H\x1fO\x9d\x9a\x1b\xfd\xaaf\x96\x92\x96\x1b\xfd\x8e\x10\x8a\x9e:\xa5\x14\xb0`\x82\xd8k\xfd\xd2XNh\xd3\xa3\x03\xb1\x10d)\x11.\xe8~\x8c\x19x\x8f\x82Y\xb9\xc8W\xd1\xa8\xa6b9\xbc\x1a\xff\xc5\xdcObsvRc\x13gb\xa4\x0e~\xbb\r\xb7!\x19\x17\xd56\xec\xb5\xe3\xd2\xa3\x17i\x1c?\xcb\x85\xbe\x13\xa13\x05\x8c\xa6Z\x87\xe0\x91]Bp\xd1\xabg\xd9p\xa9)n\xc5t\x8a\xcb\x1e\xec\x92\xdco\xc1\xe2\x12\xd3\xd1\x19\b&%\xf8a&9\x1b?\f\xd8\xa8\x1a\xc8q\x17\xc2]N\x9c\x80\xb1\x13\xb3\xd6\x01\xad\xc26\x13\x93\xd0\x80$\xc8\x05\x91\x9b\xa8\x02\xc3\x87\xc9\x86^\xb8\x7f\xec\\n\x05\xbf\xd7\x15\xce\xff\x00\xe7\xd9\xc5\r\x00\x02\x00\x00\x00\x00\x00\x00\x15\xd2\xd4~\x88\x19der\xa9B\x91m=\xcd\xf7\x9f\xaa\xe7\x9f\x11\x19\xf8\xe6\x16\x7f\xa8W\xf3\xbf\xcbq\x9d\x14#\xb0}\xb4#\x10\xa3\xc8\xff\xc3\x06\xe9^7\x86\x85\xd4:\x8dQd&E\xf4F\xc7l&\x19\xe6\x95\xec\xa1\n\x9cx\x8d\xf2\xec|\xccYR\xaeZ\xd2\x84\xed0\x00\x00\x00\x00\x00\x00\x00', 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = dup(r3)
pwritev2(r4, 0x0, 0x0, 0x0, 0x0, 0x0)

[  823.774920][T29052] EXT4-fs (loop4): re-mounted. Opts: (null). Quota mode: writeback.
[  823.775265][T20619] Quota error (device loop4): free_dqentry: Quota structure has offset to other block (1) than it should (5)
00:43:14 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x5, 0x0, 0x7, 0x102, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r0}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='ext4_discard_preallocations\x00', r2}, 0x10)
write$cgroup_int(r1, &(0x7f0000000100), 0x1001)
ioctl$SIOCSIFHWADDR(r1, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}})

00:43:14 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0x8, 0x8}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r1], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='tlb_flush\x00', r2}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:14 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r4, 0x0, 0x2)

00:43:14 executing program 4:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:14 executing program 4:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:14 executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x2, 0x4, 0x7fe2, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r0}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

[  823.906486][ T4541] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  823.918375][ T4541] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  823.928350][ T4541] usb 2-1: New USB device found, idVendor=046d, idProduct=c71b, bcdDevice= 0.00
[  823.937350][ T4541] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  823.946114][ T4541] usb 2-1: config 0 descriptor??
[  823.950992][T24134] usb 1-1: Using ep0 maxpacket: 16
00:43:14 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x5, 0x8, 0x1}, 0x48)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000940)={r0, &(0x7f0000000780)="d9", &(0x7f0000000900)=@udp=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000300)='kfree\x00', r2}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = memfd_create(&(0x7f0000000580)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\x91\xfdy\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7U\x00\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0`\xaa8\xc7\xc8\x9d\xfdA\b\x10\x92(c\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n\x8f~\xd0\xe2y-l\xef_\xb0\x93=\xabQ\xf7 \x1d\xa1\xce\x8b\xac \xe8\x88\xdc\x02\xd7\x04\x9b\x9aL\x9f([4\x81\xf6\xb6\xdf\x16J\xab\xecC\xfe{\xfd\x8a\xa3Eo\tCv\xad\x18\xe9\xd8]B6{\xf0(\xaeW;)\x9f\x9cR\xae\x12G\xd8\xa4\a\x00\x00\x00\x00\x00\x00\x00\x94\xb6\xe8\x885\x92#\x8dE \x86[N\xa7\xd03\xa8\xb4,\x85p\xbd\x88\x02\x1d\xf3\xd5X\xa0\xa9M\xca\xc7\x8b\x8cu\xf0\x00\x00\x00\x00\x00i\xc7\xe7\xbc\xd2\x1e\xf99|\x93\xc7\x7flk\xd2\xa0\xe9\x99`\xff\xf6\xfb\xc4\x9a[\x05\\\x96<\x92\xea}\xec\xac\x17\x9f7\xc0\xa1P\xd0\xf2\x8f\xdc\xf2\xb0\vV\xf7%4_\xba\x81\x95cLW\xfcw\xe0\x97wS\x15\xe4F\xb3\x8a\x9f\b\f\x10z\x14>\x03\xf9\xb0\x95\xbd\xaaF\x02\x86.\xbf\x85\xcfo)G\xb1m\xa8\x01H\x1fO\x9d\x9a\x1b\xfd\xaaf\x96\x92\x96\x1b\xfd\x8e\x10\x8a\x9e:\xa5\x14\xb0`\x82\xd8k\xfd\xd2XNh\xd3\xa3\x03\xb1\x10d)\x11.\xe8~\x8c\x19x\x8f\x82Y\xb9\xc8W\xd1\xa8\xa6b9\xbc\x1a\xff\xc5\xdcObsvRc\x13gb\xa4\x0e~\xbb\r\xb7!\x19\x17\xd56\xec\xb5\xe3\xd2\xa3\x17i\x1c?\xcb\x85\xbe\x13\xa13\x05\x8c\xa6Z\x87\xe0\x91]Bp\xd1\xabg\xd9p\xa9)n\xc5t\x8a\xcb\x1e\xec\x92\xdco\xc1\xe2\x12\xd3\xd1\x19\b&%\xf8a&9\x1b?\f\xd8\xa8\x1a\xc8q\x17\xc2]N\x9c\x80\xb1\x13\xb3\xd6\x01\xad\xc26\x13\x93\xd0\x80$\xc8\x05\x91\x9b\xa8\x02\xc3\x87\xc9\x86^\xb8\x7f\xec\\n\x05\xbf\xd7\x15\xce\xff\x00\xe7\xd9\xc5\r\x00\x02\x00\x00\x00\x00\x00\x00\x15\xd2\xd4~\x88\x19der\xa9B\x91m=\xcd\xf7\x9f\xaa\xe7\x9f\x11\x19\xf8\xe6\x16\x7f\xa8W\xf3\xbf\xcbq\x9d\x14#\xb0}\xb4#\x10\xa3\xc8\xff\xc3\x06\xe9^7\x86\x85\xd4:\x8dQd&E\xf4F\xc7l&\x19\xe6\x95\xec\xa1\n\x9cx\x8d\xf2\xec|\xccYR\xaeZ\xd2\x84\xed0\x00\x00\x00\x00\x00\x00\x00', 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r4 = dup(r3)
pwritev2(r4, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:14 executing program 4:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000700000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_service_time\x00', 0x275a, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1c916, &(0x7f0000000180)=ANY=[@ANYBLOB='nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=', @ANYRESHEX=0xee01, @ANYBLOB=',jqfmt=vfsold,noauto_da_alloc,resgid=', @ANYRESDEC=r1, @ANYBLOB="3200ff97274c68d17b7c16f8461797323c26897387cd742fcba8abebd00606fa2ce467cd74", @ANYRES32=r0], 0x1b, 0x4da, &(0x7f0000000a40)="$eJzs3d1rW+cZAPDnHFtZPpzZYbvIAsvCkmGHLZIdL4kZLNtgbFeBbdnF7jLPlo2xbBlLTmITNof9AYMR2kKvetWbQv+AQsldb0tLoL0vbWkpbdJe9KKNir7SxJH8QWQrWL8fHOs9H/LzvBJ6dd73vOgE0LNORcT5iHhYqVTORsRgY3vaWO4eiYj1+nEP7t+aqi5JVCpXP08iaWyrHj/y2P9sPCUORsTf/hzxr+TpuKXVtfnJQiG/3FjPlReWcqXVtXNzC5Oz+dn84vj42MWJSxMXJkY7Us+BiLj8x49f+N+rf7r85q9ufHDt05F/V9P6bWN/sx6dVq96pvZaNPVHxPJuBOuCvkZ9Mt1OBACAbWme5/88Is7GYPTVzuYAAACA/aTyu4H4JomoAAAAAPtWWpsbm6TZxjyAgUjTbLY+h/fHcTgtFEvlX84UVxan63NohyKTzswV8qONucJDkUmq62O18vfr5zesj0fEsYi4M3iotp6dKhamuz34AQAAAD3iyIb+/1eD9f4/AAAAsM8MdTsBAAAAYNfp/wMAAMD+16L//49u5AEAAADsir9cuVJdKs37X09fX12ZL14/N50vzWcXVqayU8XlpexssThb+82+ha3+X6FYXPp1LK7czJXzpXKutLp2baG4sli+NvfELbABAACAPXTsZ3ffTyJi/TeHakvVgW4nBeyJ/p0c/NHu5QHsvb5uJwB0zY6+/4F9JdPtBICuS7bY33byztudzwUAANgdwz9pff0/2XJsYD3doxSBXWL8D3qX6//Qu1z/h96Vib7QkYfetvvX/yuVHSUEAAB03EBtSdJsRG0cYCDSNJuNOFq7LUAmmZkr5Ecj4ocR8d5g5gfV9bHaM5Mt+wwAAAAAAAAAAAAAAAAAAAAAAAAAQF2lkkQFAAAA2Nci0k+Sxv2/hgfPDGwcHziQfD1Ye4yIGy9fffHmZLm8PFbd/sWj7eWXGtvPd2MEAwAAANio2U9v9uMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJMe3L811Vz2Mu5nf4iIoVbx++Ng7fFgZCLi8JdJ9D/2vCQi+joQf/12RBxvFT+pphVDjSxaxT/UxfhpRBzpQHzoZXer7c/vW33+0jhVe2z9+btYa6GeXfv2L33U/vW1aX+ObjPGiXuv59rGvx1xor91+9OMn7SJf3qb8f/597W1dvsqr0QMt/z+SZ6IlSsvLOVKq2vn5hYmZ/Oz+cXx8bGLE5cmLkyM5mbmCvnG3xYRDsT/f/rGw83qfzjutG1/N6v/mW3W/9t7N+//qF7MtIo/crr1+3+8Tfy08d33i0a5un+4WV6vlx938rV3Tka8+1a7+k+3ef23ev9Htln/s3/974fbPBQA2AOl1bX5yUIhv9zThWd6NaqnRc9FLRR2WvjP85HGc1nobrsEAAB03tN94Cd14ho7AAAAAAAAAAAAAAAAAAAAsLm9/HW9pvXuVBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYFPfBQAA//9z7Ner")
r2 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)

[  824.015828][T29091] loop4: detected capacity change from 0 to 512
[  824.066343][T24134] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 11
[  824.075184][T24134] usb 1-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0
[  824.084868][T24134] usb 1-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0
[  824.087495][T29091] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled
[  824.095535][T24134] usb 1-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0
[  824.104662][T29091] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  824.113798][T24134] usb 1-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0
[  824.132029][T24134] usb 1-1: config 1 interface 0 has no altsetting 0
[  824.137170][T29091] [EXT4 FS bs=4096, gc=1, bpg=3008, ipg=32, mo=4015e018, mo2=0000]
[  824.138437][T24134] usb 1-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77
[  824.155134][T24134] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
00:43:14 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0x8, 0x8}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='tlb_flush\x00', r2}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

[  824.155143][T29091] EXT4-fs (loop4): 1 truncate cleaned up
[  824.155159][T29091] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=0x000000000000ee01,jqfmt=vfsold,noauto_da_alloc,resgid=000000000000000000052,errors=continue. Quota mode: writeback.
[  824.179094][T20619] Quota error (device loop4): free_dqentry: Quota structure has offset to other block (1) than it should (5)
00:43:14 executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00'}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r1, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r2 = dup(r1)
write$FUSE_BMAP(r2, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r2, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r0, @ANYBLOB=',wfdno=', @ANYRESHEX=r1])
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
r3 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r3, 0x0, 0x2)

[  824.211106][T24134] ums-sddr09 1-1:1.0: USB Mass Storage device detected
[  824.223302][T29091] EXT4-fs (loop4): re-mounted. Opts: (null). Quota mode: writeback.
[  824.427273][ T4541] logitech-djreceiver 0003:046D:C71B.0133: item fetching failed at offset 5/7
[  824.436030][ T4541] logitech-djreceiver 0003:046D:C71B.0133: logi_dj_probe: parse failed
[  824.444511][ T4541] logitech-djreceiver: probe of 0003:046D:C71B.0133 failed with error -22
[  824.452899][T24134] scsi host1: usb-storage 1-1:1.0
[  824.628718][T24134] usb 2-1: USB disconnect, device number 125
00:43:15 executing program 1:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
finit_module(0xffffffffffffffff, 0x0, 0x0)

00:43:15 executing program 3:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:15 executing program 4:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, 0x0, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:15 executing program 2:
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f0000000180)={[{@errors_remount}, {@sysvgroups}, {@dioread_lock}, {@nolazytime}, {@noauto_da_alloc}, {@resgid}, {@barrier}, {@init_itable_val={'init_itable', 0x3d, 0x100}}, {@usrquota}]}, 0x12, 0x4cb, &(0x7f0000000a00)="$eJzs3VFrW9cdAPD/la3MSZzZ2fawBZaFJSMJWyQ7XhKzhyyDsTyMwLbsPXNs2RjLlrHkJDZhc9gHGIyxFvrUp74U+gEKJR+hFALte2lLS2mT9qEPaVUkXZnElWK7kX1b+/eDk3vOvZL+/xOjo3vuPUgB7FsnIuJKRPRFxNmIGEr359JytdFYaz3u0cO7k42SRL1+/ZMkknRf+7WSdHu49ZQYiIi/XY24mXwzbnVldW6iXC4tpe1ibX6xWF1ZPTc7PzFTmiktjI2NXhy/NH5hfKQn/RyOiMt//OD//3nlT5ff+M3td298dOafjbQG0+NP9qOXWl3PN/8v2vojYmkngmWgL93mM84DAICtaZzj/ygiftk8/x+KvubZKQAAALCX1H8/GI+TiDoAAACwZ+Waa2CTXCFdCzAYuVyh0FrD+5M4lCtXqrVfT1eWF6Zaa2WHI5+bni2XRtK1wsORTxrt0XSNbbt9fkN7LCKORsT/hg4224XJSnkq64sfAAAAsE8c3jD//3yoNf8HAAAA9pjhrBMAAAAAdpz5PwAAAOx95v8AAACwp/3l2rVGqbd//3rq1sryXOXWualSda4wvzxZmKwsLRZmKpWZ5nf2zW/2euVKZfG3sbB8p1grVWvF6srqjfnK8kLtxuxTP4ENAAAA7KKjv7j/ThIRa7872CwNB7JOCtgVyXYe/P7O5QHsvr6sEwAy0591AkBm8lknAGRus+sAXRfvvNn7XAAAgJ1x+mfd7/+7NgB7Wy7dbmsdAADwveb+P+xfeSsAYd/74SbHn//+f72+rYQAAICeG2yWJFdI7wUORi5XKEQcaf4sQD6Zni2XRtL5wdtD+R802qPNZybuGQIAAAAAAAAAAAAAAAAAAAAAAADAFtXrSdQBAACAPS0i92HS/Db//og4Nbjx+sCB5Iuh5jYibr90/YU7E7Xa0mhj/6fr+2svpvvPZ3EFAwAAANioPU9vz+MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJcePbw72S67GffjP0TEcKf4/THQ3A5EPiIOfZZE/xPPSyKirwfx1+5FxE87xU8aacVwmkWn+AczjJ+LiMM9iA/72f3G+HOl0/svFyea287vv/60PK/u419uffzr6zL+HNlijGMPXit2jX8v4lh/5/GnHT/pEv/kFuP/4++rq92O1V+OON3x8yd5KlaxNr9YrK6snpudn5gpzZQWxsZGL45fGr8wPlKcni2X0n87xvjvz1//6ln9P9Ql/vAm/T+1xf5/+eDOwx+3qvlO8c+c7Pz5+7ivc/zG2D8UEb9K643jp9v1tVb9Scdffev4s/o/1aX/m/39z2yx/2f/+u/30movPjIBgOdUXVmdmyiXS0tbrPxrOw9WUfl2lYHvRhr7ubI+RNzMdIACAAB6Zv2k/89ZZwIAAAAAAAAAAAAAAAAAAAD71258ndjGmGvZdBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Jm+DgAA//+79dWi")
inotify_init()
inotify_add_watch(0xffffffffffffffff, &(0x7f0000000580)='./file1\x00', 0x40)

00:43:15 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000030"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

00:43:15 executing program 4:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000700000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_service_time\x00', 0x275a, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1c916, &(0x7f0000000180)=ANY=[@ANYBLOB='nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=', @ANYRESHEX=0xee01, @ANYBLOB=',jqfmt=vfsold,noauto_da_alloc,resgid=', @ANYRESDEC=r1, @ANYBLOB="3200ff97274c68d17b7c16f8461797323c26897387cd742fcba8abebd00606fa2ce467cd74", @ANYRES32=r0], 0x1b, 0x4da, &(0x7f0000000a40)="$eJzs3d1rW+cZAPDnHFtZPpzZYbvIAsvCkmGHLZIdL4kZLNtgbFeBbdnF7jLPlo2xbBlLTmITNof9AYMR2kKvetWbQv+AQsldb0tLoL0vbWkpbdJe9KKNir7SxJH8QWQrWL8fHOs9H/LzvBJ6dd73vOgE0LNORcT5iHhYqVTORsRgY3vaWO4eiYj1+nEP7t+aqi5JVCpXP08iaWyrHj/y2P9sPCUORsTf/hzxr+TpuKXVtfnJQiG/3FjPlReWcqXVtXNzC5Oz+dn84vj42MWJSxMXJkY7Us+BiLj8x49f+N+rf7r85q9ufHDt05F/V9P6bWN/sx6dVq96pvZaNPVHxPJuBOuCvkZ9Mt1OBACAbWme5/88Is7GYPTVzuYAAACA/aTyu4H4JomoAAAAAPtWWpsbm6TZxjyAgUjTbLY+h/fHcTgtFEvlX84UVxan63NohyKTzswV8qONucJDkUmq62O18vfr5zesj0fEsYi4M3iotp6dKhamuz34AQAAAD3iyIb+/1eD9f4/AAAAsM8MdTsBAAAAYNfp/wMAAMD+16L//49u5AEAAADsir9cuVJdKs37X09fX12ZL14/N50vzWcXVqayU8XlpexssThb+82+ha3+X6FYXPp1LK7czJXzpXKutLp2baG4sli+NvfELbABAACAPXTsZ3ffTyJi/TeHakvVgW4nBeyJ/p0c/NHu5QHsvb5uJwB0zY6+/4F9JdPtBICuS7bY33byztudzwUAANgdwz9pff0/2XJsYD3doxSBXWL8D3qX6//Qu1z/h96Vib7QkYfetvvX/yuVHSUEAAB03EBtSdJsRG0cYCDSNJuNOFq7LUAmmZkr5Ecj4ocR8d5g5gfV9bHaM5Mt+wwAAAAAAAAAAAAAAAAAAAAAAAAAQF2lkkQFAAAA2Nci0k+Sxv2/hgfPDGwcHziQfD1Ye4yIGy9fffHmZLm8PFbd/sWj7eWXGtvPd2MEAwAAANio2U9v9uMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJMe3L811Vz2Mu5nf4iIoVbx++Ng7fFgZCLi8JdJ9D/2vCQi+joQf/12RBxvFT+pphVDjSxaxT/UxfhpRBzpQHzoZXer7c/vW33+0jhVe2z9+btYa6GeXfv2L33U/vW1aX+ObjPGiXuv59rGvx1xor91+9OMn7SJf3qb8f/597W1dvsqr0QMt/z+SZ6IlSsvLOVKq2vn5hYmZ/Oz+cXx8bGLE5cmLkyM5mbmCvnG3xYRDsT/f/rGw83qfzjutG1/N6v/mW3W/9t7N+//qF7MtIo/crr1+3+8Tfy08d33i0a5un+4WV6vlx938rV3Tka8+1a7+k+3ef23ev9Htln/s3/974fbPBQA2AOl1bX5yUIhv9zThWd6NaqnRc9FLRR2WvjP85HGc1nobrsEAAB03tN94Cd14ho7AAAAAAAAAAAAAAAAAAAAsLm9/HW9pvXuVBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYFPfBQAA//9z7Ner")
r2 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)

00:43:15 executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x5, 0x2, 0x0, 0x102, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r0}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='ext4_discard_preallocations\x00', r2}, 0x10)
write$cgroup_int(r1, &(0x7f0000000100), 0x1001)
ioctl$SIOCSIFHWADDR(r1, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}})

00:43:15 executing program 3:
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x203, 0x8401)
ioctl$USBDEVFS_DROP_PRIVILEGES(r0, 0x4004551e, &(0x7f0000000340))
ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x5514, 0x0)

[  825.147156][T29110] loop2: detected capacity change from 0 to 512
[  825.184855][T29115] loop4: detected capacity change from 0 to 512
00:43:15 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0x8, 0x8}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='tlb_flush\x00', r2}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

[  825.185466][T29121] usb usb5: usbfs: interface 0 claimed by hub while 'syz-executor.3' resets device
[  825.247869][T29115] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled
[  825.257131][T29115] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  825.258494][T29110] EXT4-fs error (device loop2): mb_free_blocks:1845: group 0, inode 16: block 41:freeing already freed block (bit 41); block bitmap corrupt.
[  825.280232][T29110] EXT4-fs (loop2): Remounting filesystem read-only
[  825.286754][T29110] EXT4-fs (loop2): 1 orphan inode deleted
[  825.292324][T29110] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,sysvgroups,dioread_lock,nolazytime,noauto_da_alloc,resgid=0x0000000000000000,barrier,init_itable=0x0000000000000100,usrquota,. Quota mode: writeback.
[  825.292623][T29115] [EXT4 FS bs=4096, gc=1, bpg=3008, ipg=32, mo=4015e018, mo2=0000]
[  825.314332][T29110] ext4 filesystem being mounted at /root/syzkaller-testdir2748994247/syzkaller.wUf9DB/49/file1 supports timestamps until 2038 (0x7fffffff)
[  825.336048][T29115] EXT4-fs (loop4): 1 truncate cleaned up
[  825.344166][T29115] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=0x000000000000ee01,jqfmt=vfsold,noauto_da_alloc,resgid=000000000000000000052,errors=continue. Quota mode: writeback.
[  825.347909][  T347] Quota error (device loop4): free_dqentry: Quota structure has offset to other block (1) than it should (5)
[  825.391258][T29115] EXT4-fs (loop4): re-mounted. Opts: (null). Quota mode: writeback.
[  825.496602][ T4541] scsi 1:0:0:0: Direct-Access     Sandisk  ImageMate SDDR09 0177 PQ: 0 ANSI: 0
[  825.737363][  T820] usb 1-1: USB disconnect, device number 26
[  825.756286][T29102] sddr09: could not read card info
[  825.761300][ T2745] sd 1:0:0:0: [sdb] 0 512-byte logical blocks: (0 B/0 B)
[  825.768145][ T2745] sd 1:0:0:0: [sdb] 0-byte physical blocks
[  825.773764][ T2745] sd 1:0:0:0: [sdb] Write Protect is off
[  825.779270][ T2745] sd 1:0:0:0: [sdb] Asking for cache data failed
[  825.785353][ T2745] sd 1:0:0:0: [sdb] Assuming drive cache: write through
[  825.793964][ T2745] sd 1:0:0:0: [sdb] Attached SCSI removable disk
[  825.807445][T20696] udevd[20696]: inotify_add_watch(7, /dev/sdb, 10) failed: No such file or directory
00:43:16 executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000030"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

00:43:16 executing program 3:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc71b, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0xc}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000000), &(0x7f0000000080)}, 0x20)
syz_usb_control_io(r0, &(0x7f00000002c0)={0x2c, &(0x7f00000001c0)={0x0, 0x0, 0x7, {0x7, 0x0, "47f882f4d1"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

00:43:16 executing program 1:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:16 executing program 2:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040), 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:16 executing program 4:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
r0 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
finit_module(r0, 0x0, 0x0)

00:43:16 executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x5, 0x2, 0x0, 0x102, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r0}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='ext4_discard_preallocations\x00', r2}, 0x10)
write$cgroup_int(r1, &(0x7f0000000100), 0x1001)
ioctl$SIOCSIFHWADDR(r1, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}})

00:43:16 executing program 2:
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x203, 0x8401)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x5514, 0x0)

00:43:16 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0x8, 0x8}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='tlb_flush\x00', r2}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

[  826.253938][T29139] Invalid ELF header magic: != ELF
00:43:16 executing program 4:
sched_setscheduler(0x0, 0x0, 0x0)
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000580)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0xe, 0x4, 0x8, 0x80008}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="a800000000010104000000000000000002000000240001801400018008000100e000000108000200ac1e01010c00028005000100000009002400028014000180080001000000010908000200ac1e00010c000280050001000000000044000f800800014000000006080003400000002b080003400000000808100240000000400800014000000000fb0001400000000708000140000044f1080003400000000308"], 0xa8}}, 0x0)

00:43:16 executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={0x0, r1}, 0x10)
r2 = syz_open_dev$usbfs(&(0x7f0000000000), 0x200, 0x102)
r3 = dup(r2)
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f00000007c0)=@usbdevfs_connect={0x1})

00:43:16 executing program 2:
r0 = syz_usb_connect(0x0, 0x10b, &(0x7f0000000480)=ANY=[@ANYBLOB="05010900b24b6a10e6040300770100000001090224000b010000000904000302ccd4280009050b02000000040009058a02"], 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'vxcan1\x00'})

00:43:16 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000280)='task_newtask\x00'}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:17 executing program 0:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040), 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:17 executing program 1:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000030"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

00:43:17 executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x5, 0x2, 0x0, 0x102, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r0}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='ext4_discard_preallocations\x00', r2}, 0x10)
write$cgroup_int(r1, &(0x7f0000000100), 0x1001)
ioctl$SIOCSIFHWADDR(r1, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}})

00:43:17 executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
r0 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
finit_module(r0, 0x0, 0x0)

00:43:17 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0x8, 0x8}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='tlb_flush\x00', r2}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:17 executing program 0:
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x203, 0x8401)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x5514, 0x0)

[  826.389893][T29169] Invalid ELF header magic: != ELF
00:43:17 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={0x0, r1}, 0x10)
r2 = syz_open_dev$usbfs(&(0x7f0000000000), 0x200, 0x102)
r3 = dup(r2)
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f00000007c0)=@usbdevfs_connect={0x1})

00:43:17 executing program 1:
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r0}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:17 executing program 1:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040), 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:17 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000280)='task_newtask\x00'}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:17 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
r0 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
finit_module(r0, 0x0, 0x0)

00:43:17 executing program 0:
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x203, 0x8401)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x5514, 0x0)

00:43:17 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0x8, 0x8}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='tlb_flush\x00', r2}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:17 executing program 1:
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r0}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

[  826.516415][  T820] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  826.530348][T29188] Invalid ELF header magic: != ELF
00:43:17 executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00'}, 0x10)
r1 = syz_open_dev$usbfs(&(0x7f0000000000), 0x200, 0x102)
r2 = dup(r1)
ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f00000007c0)=@usbdevfs_connect={0x1})

00:43:17 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x5, 0x8, 0x1}, 0x48)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000940)={r0, &(0x7f0000000780)="d9", &(0x7f0000000900)=@udp=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000300)='kfree\x00', r2}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
memfd_create(&(0x7f0000000580)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\x91\xfdy\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7U\x00\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0`\xaa8\xc7\xc8\x9d\xfdA\b\x10\x92(c\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n\x8f~\xd0\xe2y-l\xef_\xb0\x93=\xabQ\xf7 \x1d\xa1\xce\x8b\xac \xe8\x88\xdc\x02\xd7\x04\x9b\x9aL\x9f([4\x81\xf6\xb6\xdf\x16J\xab\xecC\xfe{\xfd\x8a\xa3Eo\tCv\xad\x18\xe9\xd8]B6{\xf0(\xaeW;)\x9f\x9cR\xae\x12G\xd8\xa4\a\x00\x00\x00\x00\x00\x00\x00\x94\xb6\xe8\x885\x92#\x8dE \x86[N\xa7\xd03\xa8\xb4,\x85p\xbd\x88\x02\x1d\xf3\xd5X\xa0\xa9M\xca\xc7\x8b\x8cu\xf0\x00\x00\x00\x00\x00i\xc7\xe7\xbc\xd2\x1e\xf99|\x93\xc7\x7flk\xd2\xa0\xe9\x99`\xff\xf6\xfb\xc4\x9a[\x05\\\x96<\x92\xea}\xec\xac\x17\x9f7\xc0\xa1P\xd0\xf2\x8f\xdc\xf2\xb0\vV\xf7%4_\xba\x81\x95cLW\xfcw\xe0\x97wS\x15\xe4F\xb3\x8a\x9f\b\f\x10z\x14>\x03\xf9\xb0\x95\xbd\xaaF\x02\x86.\xbf\x85\xcfo)G\xb1m\xa8\x01H\x1fO\x9d\x9a\x1b\xfd\xaaf\x96\x92\x96\x1b\xfd\x8e\x10\x8a\x9e:\xa5\x14\xb0`\x82\xd8k\xfd\xd2XNh\xd3\xa3\x03\xb1\x10d)\x11.\xe8~\x8c\x19x\x8f\x82Y\xb9\xc8W\xd1\xa8\xa6b9\xbc\x1a\xff\xc5\xdcObsvRc\x13gb\xa4\x0e~\xbb\r\xb7!\x19\x17\xd56\xec\xb5\xe3\xd2\xa3\x17i\x1c?\xcb\x85\xbe\x13\xa13\x05\x8c\xa6Z\x87\xe0\x91]Bp\xd1\xabg\xd9p\xa9)n\xc5t\x8a\xcb\x1e\xec\x92\xdco\xc1\xe2\x12\xd3\xd1\x19\b&%\xf8a&9\x1b?\f\xd8\xa8\x1a\xc8q\x17\xc2]N\x9c\x80\xb1\x13\xb3\xd6\x01\xad\xc26\x13\x93\xd0\x80$\xc8\x05\x91\x9b\xa8\x02\xc3\x87\xc9\x86^\xb8\x7f\xec\\n\x05\xbf\xd7\x15\xce\xff\x00\xe7\xd9\xc5\r\x00\x02\x00\x00\x00\x00\x00\x00\x15\xd2\xd4~\x88\x19der\xa9B\x91m=\xcd\xf7\x9f\xaa\xe7\x9f\x11\x19\xf8\xe6\x16\x7f\xa8W\xf3\xbf\xcbq\x9d\x14#\xb0}\xb4#\x10\xa3\xc8\xff\xc3\x06\xe9^7\x86\x85\xd4:\x8dQd&E\xf4F\xc7l&\x19\xe6\x95\xec\xa1\n\x9cx\x8d\xf2\xec|\xccYR\xaeZ\xd2\x84\xed0\x00\x00\x00\x00\x00\x00\x00', 0x0)
openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0)
pwritev2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:17 executing program 1:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000930000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kfree\x00', r0}, 0x10)
syz_mount_image$f2fs(&(0x7f00000000c0), &(0x7f00000105c0)='./file0\x00', 0x1218058, &(0x7f0000000000)=ANY=[], 0x1, 0x105b9, &(0x7f0000031180)="$eJzs3M1uG1UbB/DHzdum7VtKhfrBjpEQUiJhK07SigoJBWgFSE0V8bFgAzj2xHJre0LsOCFrkFhwG90hNiy4AjbcBxJCbEBiBwJ5ZlI1qIvSmjiQ30+a/M8cHz8+x8rCx5NMAMfWheTXXypxPs5ExExEnIvI25XyyK0U8WxEPBcRJx44KmX//Y5TEXE2Is6Pixc1K+VDX338ze+jvVuf33v5xw+u3/u5Mr1VA9P2QkT0Nov2Tq/IrF3knbK/Merk2VselVk80LtbnmdF7qTreYWdxv64Rp5L7WJ8trk9GOdGt9EcZ7uzkfdv9osXHIza+3XyJ9xpbOXnrXQ9z84gy7O9V8xrt8y9wbCo0yrrfZKXj+FwP4v+dDct1rN5N89mf1j2F3WzVro7zlGZ5ctFM+u28nmsP/bbfOTd6vS3d5NRujXoZP3kaq3+Uq1+rVrfylrpMF2uNnqta8vJXLs7HlYdpo3eSjvL2t201sx688lcu9ms1uvJ3I10vdPoJ/V6bam2UL06X7ZeTN64/V7SbSVz43yt098edrqDZCPbSopnzCeLtaXr88nz9eSd1bVk7e2bN1fX3v3wxvu3X1196/Vy0P60ZvPfiWG6nMwtLiwuVusL1cX6/PFZ//1pTXD98ER8kgT42+z/gWmw/z+4/5+1/z+W+9/jvn54Ij5JAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcW9+f/PrNvHGhOP9/2f9U2fVMRFyJiMsRcSki/niImTh1oObFiKiU7YeNP/mXOXxbibzC+Dmz5XE2IlbK47en/+l3AQAAAP67vvzu088iZsbN/Mcr054Qh6n80ub0pOrlX/n8b1LVLubFdidU7dJ+yYm4HBEnL/w0oWpXIuLEuY8mVO2RzByI0w9EpYgThzkbAADgcBzcCUxs9wYAAMCR88W0J8B05Ndry7/FL68FzxZRXhA8c+AMAAAA+BeqTHsCAAAAwCN73P/Vzff/k77/3w/u/wcAAABHSnH/PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiTnbvHURuI4gD+wHHIp4IiPq5CFaWk4BA5QsocILlNOs4QCXEO0uUIEawYzxZeUazWY7yLfj/JvBkL/jygGg8yAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQp7/1dv17//NX15zjqZsynwYAAAC45FBv12kwbebv8/mP+dTniFhGxCIi5hFxae1exetW5iwiRnl86fn1gx7+RKSE82sm+XgXEV/z8f9T398CAAAA3K79brWJqM7D9PBl6Ia4pnzR5k2pvHTJ51WptFkK+1EobX4fWcQiIurpv0Jpy4gYf/hWKO1Rqlxav32ajJoyvmY3AADAdVStUmz1BgAAwLPzfegGGEbar83/xc97wZOm5G3Bt60ZAAAA8AKNhm4AAAAA6F1a/7v/HwAAANy25v5/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9OlQb9f73WrTNed46uZJbzru2jUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3LE/LycQAmEQBnvXd06D+YclDRqDB6tA+PgbDwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAt/zuL/8npsaZZO61sfQ8kqydGlunxt65cfSH8fZrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuNifuxMIgSAIg33nf06L+YclDRqDCFWw8DHDPCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB80e9++T8xNc4kc6eNpeORZO2qsXXV2HvQOHow3v4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMUOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrADBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRX25942YSCM4/DrS6LEbTJCeiuBGWioEIzAh4RkyTMwAAvRUNFaLAIrgATnms4UPE/z/xVX3AsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBrujx88RYRRaQuU6Tx5uf0HhEfkbZtO/q8ZbE7H5uve872h0nO75j+lhFRRtHHOQAAvau6zbFa18u/vP95B3mHeat5Uy+e+WkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4sm/3rE19YQDAnzQvbf+d/ouDLoJCu2hMfUuhq1ARxMXBsbSxFFMtbQVbXOo3EPwC7jp19TO4OzjoJEgHFRFclDQ37SkGjIr3hvr7wbn3uYfce87JEHjucwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAL9ndjoleXIqI45WDuOPVh4cL/c7vP7081mu3XlRW02d2HlGNiNvL7da5HNcy7NY3t+7Mt9uttb8YjOY4lqDIIGIopiFIgij/3u0F/zABAHDkVLPWyevfVHfmOn2l2YhvTw/n/5NJHAPm/1+ePbqajpXm/43cVjj86hsrq/X1za0zyyvzS62l1t3GzMyFi83Ll6Yb9b13JXVvTAAAAPgztayl+f/I7I/1//+SOAbM/+9fu3Gi0zeW3VOW//d1UPQreiYAAAD/tv9Pfv5Y6tNfqtXiwfzGxlqje9y/nu4eC5jqz908fDmatTT/L88WNDcAAAAgV7vbpYmI2OldL2bnvvX/qYP70vr/6yeV6+kzyxExntX/zy7cay/mspLhl8efkIteIwAAAMUaz1pa/6/u7f+v7H9mJCKmTnXjXu8g+/8nTz9/l46V7v8/n9sKh9NIs/t97J2bEZVm0TMCAADgKBvLWif/f1vdmVv7+vhKzf5/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDv7Ng9SsRAFADgZGejlbgg2Nh4AtHOasFC8B6iIHgEr+AdvIP3SClaWssWYmErb5LRZZsFi8Sf74PJewlD5mWqvAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFhrcfKVp7jMunzSP3t8vTmP+LQSw8tbuxsj8nrIon+h+njsCgAAAPgPUunvq6p6bu7PIk7muf9vypzo+e+2urz086t9f4ml94+xlx7ePxeadevESy+vri8OB/vCn2977Yxp3vl89pLKIczOosn7Wd+27elGTjcHKBYA+JaDEvuk/A9FPBqzMAD+sv3lm2k/qqX+P81HqQsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgUB8BAAD//9U+a/k=")
write$cgroup_subtree(0xffffffffffffffff, 0x0, 0x7ffffffff000)
r1 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0)

00:43:17 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000280)='task_newtask\x00'}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:17 executing program 0:
ioctl$USBDEVFS_DROP_PRIVILEGES(0xffffffffffffffff, 0x4004551e, &(0x7f0000000340))
ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x5514, 0x0)

[  826.596283][  T329] usb 3-1: new high-speed USB device number 23 using dummy_hcd
00:43:17 executing program 0:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
r0 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
finit_module(r0, 0x0, 0x0)

00:43:17 executing program 0:
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r0}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

[  826.687507][T29209] Invalid ELF header magic: != ELF
[  826.856293][  T329] usb 3-1: Using ep0 maxpacket: 16
[  826.886447][  T820] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  826.902597][  T820] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  826.924123][  T820] usb 4-1: New USB device found, idVendor=046d, idProduct=c71b, bcdDevice= 0.00
[  826.939532][  T820] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  826.957899][  T820] usb 4-1: config 0 descriptor??
[  826.976469][  T329] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 11
[  826.988756][  T329] usb 3-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0
[  827.008063][  T329] usb 3-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0
[  827.026282][  T329] usb 3-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0
[  827.045593][  T329] usb 3-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0
[  827.065017][  T329] usb 3-1: config 1 interface 0 has no altsetting 0
[  827.077980][  T329] usb 3-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77
[  827.087080][  T329] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  827.146820][  T329] ums-sddr09 3-1:1.0: USB Mass Storage device detected
[  827.235903][T29202] loop1: detected capacity change from 0 to 131072
[  827.327927][T29202] F2FS-fs (loop1): invalid crc value
[  827.338981][T29202] F2FS-fs (loop1): Found nat_bits in checkpoint
[  827.356806][  T329] scsi host1: usb-storage 3-1:1.0
[  827.368246][T29202] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  827.447253][  T820] logitech-djreceiver 0003:046D:C71B.0134: item fetching failed at offset 5/7
[  827.456015][  T820] logitech-djreceiver 0003:046D:C71B.0134: logi_dj_probe: parse failed
[  827.464636][  T820] logitech-djreceiver: probe of 0003:046D:C71B.0134 failed with error -22
[  827.647406][  T820] usb 4-1: USB disconnect, device number 19
00:43:18 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000700000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_service_time\x00', 0x275a, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1c916, &(0x7f0000000180)=ANY=[@ANYBLOB='nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=', @ANYRESHEX=0xee01, @ANYBLOB=',jqfmt=vfsold,noauto_da_alloc,resgid=', @ANYRESDEC=r1, @ANYBLOB="3200ff97274c68d17b7c16f8461797323c26897387cd742fcba8abebd00606fa2ce467cd74", @ANYRES32=r0], 0x1b, 0x4da, &(0x7f0000000a40)="$eJzs3d1rW+cZAPDnHFtZPpzZYbvIAsvCkmGHLZIdL4kZLNtgbFeBbdnF7jLPlo2xbBlLTmITNof9AYMR2kKvetWbQv+AQsldb0tLoL0vbWkpbdJe9KKNir7SxJH8QWQrWL8fHOs9H/LzvBJ6dd73vOgE0LNORcT5iHhYqVTORsRgY3vaWO4eiYj1+nEP7t+aqi5JVCpXP08iaWyrHj/y2P9sPCUORsTf/hzxr+TpuKXVtfnJQiG/3FjPlReWcqXVtXNzC5Oz+dn84vj42MWJSxMXJkY7Us+BiLj8x49f+N+rf7r85q9ufHDt05F/V9P6bWN/sx6dVq96pvZaNPVHxPJuBOuCvkZ9Mt1OBACAbWme5/88Is7GYPTVzuYAAACA/aTyu4H4JomoAAAAAPtWWpsbm6TZxjyAgUjTbLY+h/fHcTgtFEvlX84UVxan63NohyKTzswV8qONucJDkUmq62O18vfr5zesj0fEsYi4M3iotp6dKhamuz34AQAAAD3iyIb+/1eD9f4/AAAAsM8MdTsBAAAAYNfp/wMAAMD+16L//49u5AEAAADsir9cuVJdKs37X09fX12ZL14/N50vzWcXVqayU8XlpexssThb+82+ha3+X6FYXPp1LK7czJXzpXKutLp2baG4sli+NvfELbABAACAPXTsZ3ffTyJi/TeHakvVgW4nBeyJ/p0c/NHu5QHsvb5uJwB0zY6+/4F9JdPtBICuS7bY33byztudzwUAANgdwz9pff0/2XJsYD3doxSBXWL8D3qX6//Qu1z/h96Vib7QkYfetvvX/yuVHSUEAAB03EBtSdJsRG0cYCDSNJuNOFq7LUAmmZkr5Ecj4ocR8d5g5gfV9bHaM5Mt+wwAAAAAAAAAAAAAAAAAAAAAAAAAQF2lkkQFAAAA2Nci0k+Sxv2/hgfPDGwcHziQfD1Ye4yIGy9fffHmZLm8PFbd/sWj7eWXGtvPd2MEAwAAANio2U9v9uMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJMe3L811Vz2Mu5nf4iIoVbx++Ng7fFgZCLi8JdJ9D/2vCQi+joQf/12RBxvFT+pphVDjSxaxT/UxfhpRBzpQHzoZXer7c/vW33+0jhVe2z9+btYa6GeXfv2L33U/vW1aX+ObjPGiXuv59rGvx1xor91+9OMn7SJf3qb8f/597W1dvsqr0QMt/z+SZ6IlSsvLOVKq2vn5hYmZ/Oz+cXx8bGLE5cmLkyM5mbmCvnG3xYRDsT/f/rGw83qfzjutG1/N6v/mW3W/9t7N+//qF7MtIo/crr1+3+8Tfy08d33i0a5un+4WV6vlx938rV3Tka8+1a7+k+3ef23ev9Htln/s3/974fbPBQA2AOl1bX5yUIhv9zThWd6NaqnRc9FLRR2WvjP85HGc1nobrsEAAB03tN94Cd14ho7AAAAAAAAAAAAAAAAAAAAsLm9/HW9pvXuVBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYFPfBQAA//9z7Ner")
fsconfig$FSCONFIG_CMD_RECONFIGURE(0xffffffffffffffff, 0x7, 0x0, 0x0, 0x0)

00:43:18 executing program 0:
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f0000000180)={[{@errors_remount}, {@sysvgroups}, {@dioread_lock}, {@nolazytime}, {@noauto_da_alloc}, {@resgid}, {@barrier}, {@init_itable_val={'init_itable', 0x3d, 0x100}}, {@usrquota}]}, 0x12, 0x4cb, &(0x7f0000000a00)="$eJzs3VFrW9cdAPD/la3MSZzZ2fawBZaFJSMJWyQ7XhKzhyyDsTyMwLbsPXNs2RjLlrHkJDZhc9gHGIyxFvrUp74U+gEKJR+hFALte2lLS2mT9qEPaVUkXZnElWK7kX1b+/eDk3vOvZL+/xOjo3vuPUgB7FsnIuJKRPRFxNmIGEr359JytdFYaz3u0cO7k42SRL1+/ZMkknRf+7WSdHu49ZQYiIi/XY24mXwzbnVldW6iXC4tpe1ibX6xWF1ZPTc7PzFTmiktjI2NXhy/NH5hfKQn/RyOiMt//OD//3nlT5ff+M3td298dOafjbQG0+NP9qOXWl3PN/8v2vojYmkngmWgL93mM84DAICtaZzj/ygiftk8/x+KvubZKQAAALCX1H8/GI+TiDoAAACwZ+Waa2CTXCFdCzAYuVyh0FrD+5M4lCtXqrVfT1eWF6Zaa2WHI5+bni2XRtK1wsORTxrt0XSNbbt9fkN7LCKORsT/hg4224XJSnkq64sfAAAAsE8c3jD//3yoNf8HAAAA9pjhrBMAAAAAdpz5PwAAAOx95v8AAACwp/3l2rVGqbd//3rq1sryXOXWualSda4wvzxZmKwsLRZmKpWZ5nf2zW/2euVKZfG3sbB8p1grVWvF6srqjfnK8kLtxuxTP4ENAAAA7KKjv7j/ThIRa7872CwNB7JOCtgVyXYe/P7O5QHsvr6sEwAy0591AkBm8lknAGRus+sAXRfvvNn7XAAAgJ1x+mfd7/+7NgB7Wy7dbmsdAADwveb+P+xfeSsAYd/74SbHn//+f72+rYQAAICeG2yWJFdI7wUORi5XKEQcaf4sQD6Zni2XRtL5wdtD+R802qPNZybuGQIAAAAAAAAAAAAAAAAAAAAAAADAFtXrSdQBAACAPS0i92HS/Db//og4Nbjx+sCB5Iuh5jYibr90/YU7E7Xa0mhj/6fr+2svpvvPZ3EFAwAAANioPU9vz+MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJcePbw72S67GffjP0TEcKf4/THQ3A5EPiIOfZZE/xPPSyKirwfx1+5FxE87xU8aacVwmkWn+AczjJ+LiMM9iA/72f3G+HOl0/svFyea287vv/60PK/u419uffzr6zL+HNlijGMPXit2jX8v4lh/5/GnHT/pEv/kFuP/4++rq92O1V+OON3x8yd5KlaxNr9YrK6snpudn5gpzZQWxsZGL45fGr8wPlKcni2X0n87xvjvz1//6ln9P9Ql/vAm/T+1xf5/+eDOwx+3qvlO8c+c7Pz5+7ivc/zG2D8UEb9K643jp9v1tVb9Scdffev4s/o/1aX/m/39z2yx/2f/+u/30movPjIBgOdUXVmdmyiXS0tbrPxrOw9WUfl2lYHvRhr7ubI+RNzMdIACAAB6Zv2k/89ZZwIAAAAAAAAAAAAAAAAAAAD71258ndjGmGvZdBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Jm+DgAA//+79dWi")
r0 = inotify_init()
inotify_add_watch(r0, 0x0, 0x40)

00:43:18 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00'}, 0x10)
r1 = syz_open_dev$usbfs(&(0x7f0000000000), 0x200, 0x102)
r2 = dup(r1)
ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f00000007c0)=@usbdevfs_connect={0x1})

00:43:18 executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x5, 0x8, 0x1}, 0x48)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000940)={r0, &(0x7f0000000780)="d9", &(0x7f0000000900)=@udp=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000300)='kfree\x00', r2}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = memfd_create(&(0x7f0000000580)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\x91\xfdy\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7U\x00\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0`\xaa8\xc7\xc8\x9d\xfdA\b\x10\x92(c\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n\x8f~\xd0\xe2y-l\xef_\xb0\x93=\xabQ\xf7 \x1d\xa1\xce\x8b\xac \xe8\x88\xdc\x02\xd7\x04\x9b\x9aL\x9f([4\x81\xf6\xb6\xdf\x16J\xab\xecC\xfe{\xfd\x8a\xa3Eo\tCv\xad\x18\xe9\xd8]B6{\xf0(\xaeW;)\x9f\x9cR\xae\x12G\xd8\xa4\a\x00\x00\x00\x00\x00\x00\x00\x94\xb6\xe8\x885\x92#\x8dE \x86[N\xa7\xd03\xa8\xb4,\x85p\xbd\x88\x02\x1d\xf3\xd5X\xa0\xa9M\xca\xc7\x8b\x8cu\xf0\x00\x00\x00\x00\x00i\xc7\xe7\xbc\xd2\x1e\xf99|\x93\xc7\x7flk\xd2\xa0\xe9\x99`\xff\xf6\xfb\xc4\x9a[\x05\\\x96<\x92\xea}\xec\xac\x17\x9f7\xc0\xa1P\xd0\xf2\x8f\xdc\xf2\xb0\vV\xf7%4_\xba\x81\x95cLW\xfcw\xe0\x97wS\x15\xe4F\xb3\x8a\x9f\b\f\x10z\x14>\x03\xf9\xb0\x95\xbd\xaaF\x02\x86.\xbf\x85\xcfo)G\xb1m\xa8\x01H\x1fO\x9d\x9a\x1b\xfd\xaaf\x96\x92\x96\x1b\xfd\x8e\x10\x8a\x9e:\xa5\x14\xb0`\x82\xd8k\xfd\xd2XNh\xd3\xa3\x03\xb1\x10d)\x11.\xe8~\x8c\x19x\x8f\x82Y\xb9\xc8W\xd1\xa8\xa6b9\xbc\x1a\xff\xc5\xdcObsvRc\x13gb\xa4\x0e~\xbb\r\xb7!\x19\x17\xd56\xec\xb5\xe3\xd2\xa3\x17i\x1c?\xcb\x85\xbe\x13\xa13\x05\x8c\xa6Z\x87\xe0\x91]Bp\xd1\xabg\xd9p\xa9)n\xc5t\x8a\xcb\x1e\xec\x92\xdco\xc1\xe2\x12\xd3\xd1\x19\b&%\xf8a&9\x1b?\f\xd8\xa8\x1a\xc8q\x17\xc2]N\x9c\x80\xb1\x13\xb3\xd6\x01\xad\xc26\x13\x93\xd0\x80$\xc8\x05\x91\x9b\xa8\x02\xc3\x87\xc9\x86^\xb8\x7f\xec\\n\x05\xbf\xd7\x15\xce\xff\x00\xe7\xd9\xc5\r\x00\x02\x00\x00\x00\x00\x00\x00\x15\xd2\xd4~\x88\x19der\xa9B\x91m=\xcd\xf7\x9f\xaa\xe7\x9f\x11\x19\xf8\xe6\x16\x7f\xa8W\xf3\xbf\xcbq\x9d\x14#\xb0}\xb4#\x10\xa3\xc8\xff\xc3\x06\xe9^7\x86\x85\xd4:\x8dQd&E\xf4F\xc7l&\x19\xe6\x95\xec\xa1\n\x9cx\x8d\xf2\xec|\xccYR\xaeZ\xd2\x84\xed0\x00\x00\x00\x00\x00\x00\x00', 0x0)
r4 = dup(r3)
pwritev2(r4, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:18 executing program 4:
ioctl$USBDEVFS_DROP_PRIVILEGES(0xffffffffffffffff, 0x4004551e, &(0x7f0000000340))
ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x5514, 0x0)

00:43:18 executing program 4:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r4, 0x0, 0x2)

00:43:18 executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x2, 0x4, 0x7fe2, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:18 executing program 1:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:18 executing program 4:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
ioctl$KDSIGACCEPT(r1, 0x5607, 0x38)

[  828.161212][T29223] loop0: detected capacity change from 0 to 512
[  828.178708][T29228] loop3: detected capacity change from 0 to 512
[  828.197727][T29228] EXT4-fs (loop3): Quota format mount options ignored when QUOTA feature is enabled
[  828.209895][T29228] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  828.239757][T29223] EXT4-fs error (device loop0): mb_free_blocks:1845: group 0, inode 16: block 41:freeing already freed block (bit 41); block bitmap corrupt.
[  828.254826][T29223] EXT4-fs (loop0): Remounting filesystem read-only
[  828.261397][T29223] EXT4-fs (loop0): 1 orphan inode deleted
[  828.267219][T29223] EXT4-fs (loop0): mounted filesystem without journal. Opts: errors=remount-ro,sysvgroups,dioread_lock,nolazytime,noauto_da_alloc,resgid=0x0000000000000000,barrier,init_itable=0x0000000000000100,usrquota,. Quota mode: writeback.
[  828.268845][T29228] [EXT4 FS bs=4096, gc=1, bpg=3008, ipg=32, mo=4015e018, mo2=0000]
[  828.289569][T29223] ext4 filesystem being mounted at /root/syzkaller-testdir1588329118/syzkaller.15RdqO/92/file1 supports timestamps until 2038 (0x7fffffff)
[  828.310850][T29228] EXT4-fs (loop3): 1 truncate cleaned up
[  828.316402][T29228] EXT4-fs (loop3): mounted filesystem without journal. Opts: nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=0x000000000000ee01,jqfmt=vfsold,noauto_da_alloc,resgid=000000000000000000052,errors=continue. Quota mode: writeback.
[  828.339617][T20619] Quota error (device loop3): free_dqentry: Quota structure has offset to other block (1) than it should (5)
[  828.372264][T23898] scsi 1:0:0:0: Direct-Access     Sandisk  ImageMate SDDR09 0177 PQ: 0 ANSI: 0
[  828.617098][  T820] usb 3-1: USB disconnect, device number 23
[  828.636299][T29217] sddr09: could not read card info
[  828.641289][  T347] sd 1:0:0:0: [sdb] 0 512-byte logical blocks: (0 B/0 B)
[  828.648368][  T347] sd 1:0:0:0: [sdb] 0-byte physical blocks
[  828.654015][  T347] sd 1:0:0:0: [sdb] Write Protect is off
[  828.659626][  T347] sd 1:0:0:0: [sdb] Asking for cache data failed
[  828.665755][  T347] sd 1:0:0:0: [sdb] Assuming drive cache: write through
[  828.674390][  T347] sd 1:0:0:0: [sdb] Attached SCSI removable disk
[  828.687565][T20696] udevd[20696]: inotify_add_watch(7, /dev/sdb, 10) failed: No such file or directory
00:43:19 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x2, 0x4, 0x7fe2, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:19 executing program 1:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc71b, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0xc}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000000), &(0x7f0000000080)}, 0x20)
syz_usb_control_io(r0, &(0x7f00000002c0)={0x2c, &(0x7f00000001c0)={0x0, 0x0, 0x7, {0x7, 0x0, "47f882f4d1"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

00:43:19 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00'}, 0x10)
r1 = syz_open_dev$usbfs(&(0x7f0000000000), 0x200, 0x102)
r2 = dup(r1)
ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f00000007c0)=@usbdevfs_connect={0x1})

00:43:19 executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x5, 0x8, 0x1}, 0x48)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000940)={r0, &(0x7f0000000780)="d9", &(0x7f0000000900)=@udp=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000300)='kfree\x00', r2}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = dup(0xffffffffffffffff)
pwritev2(r3, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:19 executing program 4:
ioctl$USBDEVFS_DROP_PRIVILEGES(0xffffffffffffffff, 0x4004551e, &(0x7f0000000340))
ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x5514, 0x0)

00:43:19 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r4, 0x0, 0x2)

00:43:19 executing program 4:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:19 executing program 2:
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f0000000180)={[{@errors_remount}, {@sysvgroups}, {@dioread_lock}, {@nolazytime}, {@noauto_da_alloc}, {@resgid}, {@barrier}, {@init_itable_val={'init_itable', 0x3d, 0x100}}, {@usrquota}]}, 0x12, 0x4cb, &(0x7f0000000a00)="$eJzs3VFrW9cdAPD/la3MSZzZ2fawBZaFJSMJWyQ7XhKzhyyDsTyMwLbsPXNs2RjLlrHkJDZhc9gHGIyxFvrUp74U+gEKJR+hFALte2lLS2mT9qEPaVUkXZnElWK7kX1b+/eDk3vOvZL+/xOjo3vuPUgB7FsnIuJKRPRFxNmIGEr359JytdFYaz3u0cO7k42SRL1+/ZMkknRf+7WSdHu49ZQYiIi/XY24mXwzbnVldW6iXC4tpe1ibX6xWF1ZPTc7PzFTmiktjI2NXhy/NH5hfKQn/RyOiMt//OD//3nlT5ff+M3td298dOafjbQG0+NP9qOXWl3PN/8v2vojYmkngmWgL93mM84DAICtaZzj/ygiftk8/x+KvubZKQAAALCX1H8/GI+TiDoAAACwZ+Waa2CTXCFdCzAYuVyh0FrD+5M4lCtXqrVfT1eWF6Zaa2WHI5+bni2XRtK1wsORTxrt0XSNbbt9fkN7LCKORsT/hg4224XJSnkq64sfAAAAsE8c3jD//3yoNf8HAAAA9pjhrBMAAAAAdpz5PwAAAOx95v8AAACwp/3l2rVGqbd//3rq1sryXOXWualSda4wvzxZmKwsLRZmKpWZ5nf2zW/2euVKZfG3sbB8p1grVWvF6srqjfnK8kLtxuxTP4ENAAAA7KKjv7j/ThIRa7872CwNB7JOCtgVyXYe/P7O5QHsvr6sEwAy0591AkBm8lknAGRus+sAXRfvvNn7XAAAgJ1x+mfd7/+7NgB7Wy7dbmsdAADwveb+P+xfeSsAYd/74SbHn//+f72+rYQAAICeG2yWJFdI7wUORi5XKEQcaf4sQD6Zni2XRtL5wdtD+R802qPNZybuGQIAAAAAAAAAAAAAAAAAAAAAAADAFtXrSdQBAACAPS0i92HS/Db//og4Nbjx+sCB5Iuh5jYibr90/YU7E7Xa0mhj/6fr+2svpvvPZ3EFAwAAANioPU9vz+MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJcePbw72S67GffjP0TEcKf4/THQ3A5EPiIOfZZE/xPPSyKirwfx1+5FxE87xU8aacVwmkWn+AczjJ+LiMM9iA/72f3G+HOl0/svFyea287vv/60PK/u419uffzr6zL+HNlijGMPXit2jX8v4lh/5/GnHT/pEv/kFuP/4++rq92O1V+OON3x8yd5KlaxNr9YrK6snpudn5gpzZQWxsZGL45fGr8wPlKcni2X0n87xvjvz1//6ln9P9Ql/vAm/T+1xf5/+eDOwx+3qvlO8c+c7Pz5+7ivc/zG2D8UEb9K643jp9v1tVb9Scdffev4s/o/1aX/m/39z2yx/2f/+u/30movPjIBgOdUXVmdmyiXS0tbrPxrOw9WUfl2lYHvRhr7ubI+RNzMdIACAAB6Zv2k/89ZZwIAAAAAAAAAAAAAAAAAAAD71258ndjGmGvZdBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Jm+DgAA//+79dWi")
r0 = inotify_init()
inotify_add_watch(r0, 0x0, 0x40)

00:43:19 executing program 4:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
ioctl$KDSIGACCEPT(r1, 0x5607, 0x38)

00:43:19 executing program 3:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000280)='task_newtask\x00', r1}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:19 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000700000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_service_time\x00', 0x275a, 0x0)
r1 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0)

00:43:19 executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x5, 0x8, 0x1}, 0x48)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000940)={r0, &(0x7f0000000780)="d9", &(0x7f0000000900)=@udp=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000300)='kfree\x00', r2}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = dup(0xffffffffffffffff)
pwritev2(r3, 0x0, 0x0, 0x0, 0x0, 0x0)

[  829.171430][T29260] loop2: detected capacity change from 0 to 512
[  829.228388][T29260] EXT4-fs error (device loop2): mb_free_blocks:1845: group 0, inode 16: block 41:freeing already freed block (bit 41); block bitmap corrupt.
[  829.243302][T29260] EXT4-fs (loop2): Remounting filesystem read-only
[  829.250101][T29260] EXT4-fs (loop2): 1 orphan inode deleted
[  829.255808][T29260] EXT4-fs (loop2): mounted filesystem without journal. Opts: errors=remount-ro,sysvgroups,dioread_lock,nolazytime,noauto_da_alloc,resgid=0x0000000000000000,barrier,init_itable=0x0000000000000100,usrquota,. Quota mode: writeback.
00:43:19 executing program 4:
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff}, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = dup3(r1, r0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r3}, 0x10)
write$FUSE_BMAP(r2, 0x0, 0x0)

00:43:19 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x2, 0x4, 0x7fe2, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:19 executing program 3:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:19 executing program 4:
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r4 = dup(r3)
write$FUSE_BMAP(r4, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r5, 0x0, 0x2)

00:43:20 executing program 4:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000002d0000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000030"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

00:43:20 executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x5, 0x2, 0x7, 0x102, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='ext4_discard_preallocations\x00', r2}, 0x10)
write$cgroup_int(r1, &(0x7f0000000100), 0x1001)
ioctl$SIOCSIFHWADDR(r1, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}})

[  829.278231][T29260] ext4 filesystem being mounted at /root/syzkaller-testdir2748994247/syzkaller.wUf9DB/54/file1 supports timestamps until 2038 (0x7fffffff)
00:43:20 executing program 2:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
ioctl$KDSIGACCEPT(r1, 0x5607, 0x38)

00:43:20 executing program 3:
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff}, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = dup3(r1, r0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r3}, 0x10)
write$FUSE_BMAP(r2, 0x0, 0x0)

00:43:20 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x5, 0x8, 0x1}, 0x48)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000940)={r0, &(0x7f0000000780)="d9", &(0x7f0000000900)=@udp=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000300)='kfree\x00', r2}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = dup(0xffffffffffffffff)
pwritev2(r3, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:20 executing program 4:
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r4 = dup(r3)
write$FUSE_BMAP(r4, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r5, 0x0, 0x2)

00:43:20 executing program 3:
r0 = syz_open_dev$usbmon(&(0x7f0000000080), 0x0, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0)
ioctl$MON_IOCX_GET(r0, 0x40189206, &(0x7f0000000280)={&(0x7f0000000240), 0x0})
r2 = dup3(r0, r1, 0x0)
read$FUSE(r2, &(0x7f0000000dc0)={0x2020}, 0x2020)

00:43:20 executing program 4:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:20 executing program 3:
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f0000000180)={[{@errors_remount}, {@sysvgroups}, {@dioread_lock}, {@nolazytime}, {@noauto_da_alloc}, {@resgid}, {@barrier}, {@init_itable_val={'init_itable', 0x3d, 0x100}}, {@usrquota}]}, 0x12, 0x4cb, &(0x7f0000000a00)="$eJzs3VFrW9cdAPD/la3MSZzZ2fawBZaFJSMJWyQ7XhKzhyyDsTyMwLbsPXNs2RjLlrHkJDZhc9gHGIyxFvrUp74U+gEKJR+hFALte2lLS2mT9qEPaVUkXZnElWK7kX1b+/eDk3vOvZL+/xOjo3vuPUgB7FsnIuJKRPRFxNmIGEr359JytdFYaz3u0cO7k42SRL1+/ZMkknRf+7WSdHu49ZQYiIi/XY24mXwzbnVldW6iXC4tpe1ibX6xWF1ZPTc7PzFTmiktjI2NXhy/NH5hfKQn/RyOiMt//OD//3nlT5ff+M3td298dOafjbQG0+NP9qOXWl3PN/8v2vojYmkngmWgL93mM84DAICtaZzj/ygiftk8/x+KvubZKQAAALCX1H8/GI+TiDoAAACwZ+Waa2CTXCFdCzAYuVyh0FrD+5M4lCtXqrVfT1eWF6Zaa2WHI5+bni2XRtK1wsORTxrt0XSNbbt9fkN7LCKORsT/hg4224XJSnkq64sfAAAAsE8c3jD//3yoNf8HAAAA9pjhrBMAAAAAdpz5PwAAAOx95v8AAACwp/3l2rVGqbd//3rq1sryXOXWualSda4wvzxZmKwsLRZmKpWZ5nf2zW/2euVKZfG3sbB8p1grVWvF6srqjfnK8kLtxuxTP4ENAAAA7KKjv7j/ThIRa7872CwNB7JOCtgVyXYe/P7O5QHsvr6sEwAy0591AkBm8lknAGRus+sAXRfvvNn7XAAAgJ1x+mfd7/+7NgB7Wy7dbmsdAADwveb+P+xfeSsAYd/74SbHn//+f72+rYQAAICeG2yWJFdI7wUORi5XKEQcaf4sQD6Zni2XRtL5wdtD+R802qPNZybuGQIAAAAAAAAAAAAAAAAAAAAAAADAFtXrSdQBAACAPS0i92HS/Db//og4Nbjx+sCB5Iuh5jYibr90/YU7E7Xa0mhj/6fr+2svpvvPZ3EFAwAAANioPU9vz+MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJcePbw72S67GffjP0TEcKf4/THQ3A5EPiIOfZZE/xPPSyKirwfx1+5FxE87xU8aacVwmkWn+AczjJ+LiMM9iA/72f3G+HOl0/svFyea287vv/60PK/u419uffzr6zL+HNlijGMPXit2jX8v4lh/5/GnHT/pEv/kFuP/4++rq92O1V+OON3x8yd5KlaxNr9YrK6snpudn5gpzZQWxsZGL45fGr8wPlKcni2X0n87xvjvz1//6ln9P9Ql/vAm/T+1xf5/+eDOwx+3qvlO8c+c7Pz5+7ivc/zG2D8UEb9K643jp9v1tVb9Scdffev4s/o/1aX/m/39z2yx/2f/+u/30movPjIBgOdUXVmdmyiXS0tbrPxrOw9WUfl2lYHvRhr7ubI+RNzMdIACAAB6Zv2k/89ZZwIAAAAAAAAAAAAAAAAAAAD71258ndjGmGvZdBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Jm+DgAA//+79dWi")
r0 = inotify_init()
inotify_add_watch(r0, 0x0, 0x40)

00:43:20 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x5, 0x2, 0x7, 0x102, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, 0x0, &(0x7f0000000740), 0x75, r0}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='ext4_discard_preallocations\x00', r2}, 0x10)
write$cgroup_int(r1, &(0x7f0000000100), 0x1001)
ioctl$SIOCSIFHWADDR(r1, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}})

00:43:20 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0x8, 0x8}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b70400000000000085"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='tlb_flush\x00', r2}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:20 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x5, 0x8, 0x1}, 0x48)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000940)={r0, &(0x7f0000000780)="d9", &(0x7f0000000900)=@udp=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000300)='kfree\x00', r2}, 0x10)
r3 = memfd_create(&(0x7f0000000580)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\x91\xfdy\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7U\x00\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0`\xaa8\xc7\xc8\x9d\xfdA\b\x10\x92(c\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n\x8f~\xd0\xe2y-l\xef_\xb0\x93=\xabQ\xf7 \x1d\xa1\xce\x8b\xac \xe8\x88\xdc\x02\xd7\x04\x9b\x9aL\x9f([4\x81\xf6\xb6\xdf\x16J\xab\xecC\xfe{\xfd\x8a\xa3Eo\tCv\xad\x18\xe9\xd8]B6{\xf0(\xaeW;)\x9f\x9cR\xae\x12G\xd8\xa4\a\x00\x00\x00\x00\x00\x00\x00\x94\xb6\xe8\x885\x92#\x8dE \x86[N\xa7\xd03\xa8\xb4,\x85p\xbd\x88\x02\x1d\xf3\xd5X\xa0\xa9M\xca\xc7\x8b\x8cu\xf0\x00\x00\x00\x00\x00i\xc7\xe7\xbc\xd2\x1e\xf99|\x93\xc7\x7flk\xd2\xa0\xe9\x99`\xff\xf6\xfb\xc4\x9a[\x05\\\x96<\x92\xea}\xec\xac\x17\x9f7\xc0\xa1P\xd0\xf2\x8f\xdc\xf2\xb0\vV\xf7%4_\xba\x81\x95cLW\xfcw\xe0\x97wS\x15\xe4F\xb3\x8a\x9f\b\f\x10z\x14>\x03\xf9\xb0\x95\xbd\xaaF\x02\x86.\xbf\x85\xcfo)G\xb1m\xa8\x01H\x1fO\x9d\x9a\x1b\xfd\xaaf\x96\x92\x96\x1b\xfd\x8e\x10\x8a\x9e:\xa5\x14\xb0`\x82\xd8k\xfd\xd2XNh\xd3\xa3\x03\xb1\x10d)\x11.\xe8~\x8c\x19x\x8f\x82Y\xb9\xc8W\xd1\xa8\xa6b9\xbc\x1a\xff\xc5\xdcObsvRc\x13gb\xa4\x0e~\xbb\r\xb7!\x19\x17\xd56\xec\xb5\xe3\xd2\xa3\x17i\x1c?\xcb\x85\xbe\x13\xa13\x05\x8c\xa6Z\x87\xe0\x91]Bp\xd1\xabg\xd9p\xa9)n\xc5t\x8a\xcb\x1e\xec\x92\xdco\xc1\xe2\x12\xd3\xd1\x19\b&%\xf8a&9\x1b?\f\xd8\xa8\x1a\xc8q\x17\xc2]N\x9c\x80\xb1\x13\xb3\xd6\x01\xad\xc26\x13\x93\xd0\x80$\xc8\x05\x91\x9b\xa8\x02\xc3\x87\xc9\x86^\xb8\x7f\xec\\n\x05\xbf\xd7\x15\xce\xff\x00\xe7\xd9\xc5\r\x00\x02\x00\x00\x00\x00\x00\x00\x15\xd2\xd4~\x88\x19der\xa9B\x91m=\xcd\xf7\x9f\xaa\xe7\x9f\x11\x19\xf8\xe6\x16\x7f\xa8W\xf3\xbf\xcbq\x9d\x14#\xb0}\xb4#\x10\xa3\xc8\xff\xc3\x06\xe9^7\x86\x85\xd4:\x8dQd&E\xf4F\xc7l&\x19\xe6\x95\xec\xa1\n\x9cx\x8d\xf2\xec|\xccYR\xaeZ\xd2\x84\xed0\x00\x00\x00\x00\x00\x00\x00', 0x0)
r4 = dup(r3)
pwritev2(r4, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:20 executing program 4:
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff}, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = dup3(r1, r0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r3}, 0x10)
write$FUSE_BMAP(r2, 0x0, 0x0)

[  829.396287][T24746] usb 2-1: new high-speed USB device number 126 using dummy_hcd
[  829.434404][T29296] loop3: detected capacity change from 0 to 512
00:43:20 executing program 2:
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r4 = dup(r3)
write$FUSE_BMAP(r4, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r5, 0x0, 0x2)

[  829.477720][T29296] EXT4-fs error (device loop3): mb_free_blocks:1845: group 0, inode 16: block 41:freeing already freed block (bit 41); block bitmap corrupt.
[  829.496738][T29296] EXT4-fs (loop3): Remounting filesystem read-only
[  829.503301][T29296] EXT4-fs (loop3): 1 orphan inode deleted
00:43:20 executing program 4:
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000010000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r1}, 0x10)
timer_create(0x3, &(0x7f0000000780)={0x0, 0x12}, &(0x7f00009b1ffc))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000040)='./file2\x00', 0x10050, &(0x7f0000000800)={[{@jqfmt_vfsv1}, {@nouid32}, {@jqfmt_vfsold}, {@norecovery}, {@block_validity}, {@dioread_lock}]}, 0x3, 0x546, &(0x7f0000000180)="$eJzs3dFrZFcZAPDv3mR2s7upmaoPtWAttrJbdSdJ47bBh6og+lRQKz4Ja0wmIWSSWZJJuwmLTfFVEES04Is++SL4BwjSF99FKNR3UVGkZvVBoe2VO3Onm0xmkhRncpfk94Oz9557Zu73nQlz5tyZu/cGcGE9GRE3ImIsIp6JiKlie1qU2OuU/HH39+8t5iWJLHvp7SSSYlt3X5eL5bXiaRMR8Y2vRnw3ORp3a2d3baHRqG8W9enWevJOlu3eXF1fWKmv1Dfm5mafm39+/tb8zFD6WY2IF77815/88JdfeeG3n33lT7f/fuN7eVr/zbJXo6cfw9TpeqX9WnSNR8TmKIKVZLzdw45bJecCAMDx8vn+hyPik+35/1SMtWdzAAAAwHmSfWEy3kkiMgAAAODcSiNiMpK0VpzvO1mcsXotIj4aV9NGc6v1meXm9sZS3hZRjUq6vNqoz8RE+9yBalSSvD5bnGPbrT/bU5+LiEcj4sdTV9r12mKzsVT2lx8AAABwQVzrOf7/91Sa1mpF417JyQEAAADDUy07AQAAAGDkHP8DAADA+VfN+tyh66h09JkAAAAAI/C1F1/MS9a9//XSyzvba82Xby7Vt9Zq69uLtcXm5p3aSrO50r5m3/pJ+2s0m3c+Fxvbd6db9a3W9NbO7u315vZG6/bqoVtgAwAAAGfo0U+88cckIvY+f6VdcpeKtkpENnbwweNlZAiMygc6p+cvo8sDOHsHP9+vlJgHcPZM6eHiqpSdAFC6k/4D0MCTd34//FwAAIDRuP6xwb//v71camrAiBW//yenugAIcK6MlZ0AUJrO73/vZR1lZwOcpcpxMwAHBXDupcP5/f+EUwkTAwoAAJRssl2StFYcB0xGmtZqEY+0bwtYSZZXG/WZiPhQRLw1Vbmc12fbz0zM5gEAAAAAAAAAAAAAAAAAAAAAAADglLIsiQwAAAA41yLSv3XvzHV96unJ3u8HLiX/mWovI+KVn73007sLrdbmbL79n+9vb71ebH+2jG8wAAAAgF7d4/TucTwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADNP9/XuL97Msy/bvLZ5l3H98KSKqRfyidFrGY6K9nIhKRFz9VxLjB56XRMTYEOLvvRYRj/WLn+RpRbXI4lD8SxFpRFwZVvz4gPGjE//aEOLDRfZGPv58sd/7L40n28v+77/xovy/Bo9/6fvj39iA8e+RQTutHK4+/uavpwfGfy3i8fH+4083fpLvr0/8p07Zx+98c3d3UFv2i4jr/ca/5HCs6db6nemtnd2bq+sLK/WV+sbc3Oxz88/P35qfmV5ebdSLf/vG+NHHf/Peg9q7R/p/9Zjxt93/Aa//06fs/7tv3t3/SGe15y8Tlfh5lt14qv/f/7F88emj8buffZ8qPgfyev4apq9/q2/8J371hycG5Zb3f2lA/yd6+n+5p/83Ttn/Z77+/T+f8qEAwBnY2tldW2g06ptWDq5E9aFI4+FdyeedpaeRRBL5yluHmhbKT6yz8mrxHltodN9tQ9rz74qDo1EmX9J4BAAAjM6DSX9vS1JOQgAAAAAAAAAAAAAAAAAAAHABnXgZsEFNaUQ82PLtHxxzNbLemHvldBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Fj/CwAA//8GI9aV")

00:43:20 executing program 3:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
ioctl$KDSIGACCEPT(r1, 0x5607, 0x38)

00:43:20 executing program 2:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x0, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

[  829.508993][T29296] EXT4-fs (loop3): mounted filesystem without journal. Opts: errors=remount-ro,sysvgroups,dioread_lock,nolazytime,noauto_da_alloc,resgid=0x0000000000000000,barrier,init_itable=0x0000000000000100,usrquota,. Quota mode: writeback.
[  829.531022][T29296] ext4 filesystem being mounted at /root/syzkaller-testdir3374242587/syzkaller.05ZZ5w/485/file1 supports timestamps until 2038 (0x7fffffff)
[  829.548036][T29315] loop4: detected capacity change from 0 to 512
[  829.599537][T29315] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled
[  829.612328][T29315] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled
[  829.617364][T29315] EXT4-fs (loop4): revision level too high, forcing read-only mode
[  829.630331][T29315] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=e000e118, mo2=0002]
[  829.638270][T29315] System zones: 0-1, 15-15, 18-18, 34-34
[  829.644255][T29315] EXT4-fs (loop4): orphan cleanup on readonly fs
[  829.650886][T29315] Quota error (device loop4): v2_read_header: Failed header read: expected=8 got=0
[  829.660551][T29315] EXT4-fs warning (device loop4): ext4_enable_quotas:6410: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  829.674969][T29315] EXT4-fs (loop4): Cannot turn on quotas: error -22
[  829.681715][T29315] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor.4: bg 0: block 40: padding at end of block bitmap is not set
[  829.696393][T29315] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6150: Corrupt filesystem
[  829.705662][T29315] EXT4-fs (loop4): 1 truncate cleaned up
[  829.711160][T29315] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsv1,nouid32,jqfmt=vfsold,norecovery,block_validity,dioread_lock,,errors=continue. Quota mode: writeback.
[  829.796336][T24746] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  829.807306][T24746] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  829.816932][T24746] usb 2-1: New USB device found, idVendor=046d, idProduct=c71b, bcdDevice= 0.00
[  829.825728][T24746] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  829.834207][T24746] usb 2-1: config 0 descriptor??
[  830.317247][T24746] logitech-djreceiver 0003:046D:C71B.0135: item fetching failed at offset 5/7
[  830.326017][T24746] logitech-djreceiver 0003:046D:C71B.0135: logi_dj_probe: parse failed
[  830.334138][T24746] logitech-djreceiver: probe of 0003:046D:C71B.0135 failed with error -22
[  830.517323][T23898] usb 2-1: USB disconnect, device number 126
00:43:21 executing program 1:
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f0000000180)={[{@errors_remount}, {@sysvgroups}, {@dioread_lock}, {@nolazytime}, {@noauto_da_alloc}, {@resgid}, {@barrier}, {@init_itable_val={'init_itable', 0x3d, 0x100}}, {@usrquota}]}, 0x12, 0x4cb, &(0x7f0000000a00)="$eJzs3VFrW9cdAPD/la3MSZzZ2fawBZaFJSMJWyQ7XhKzhyyDsTyMwLbsPXNs2RjLlrHkJDZhc9gHGIyxFvrUp74U+gEKJR+hFALte2lLS2mT9qEPaVUkXZnElWK7kX1b+/eDk3vOvZL+/xOjo3vuPUgB7FsnIuJKRPRFxNmIGEr359JytdFYaz3u0cO7k42SRL1+/ZMkknRf+7WSdHu49ZQYiIi/XY24mXwzbnVldW6iXC4tpe1ibX6xWF1ZPTc7PzFTmiktjI2NXhy/NH5hfKQn/RyOiMt//OD//3nlT5ff+M3td298dOafjbQG0+NP9qOXWl3PN/8v2vojYmkngmWgL93mM84DAICtaZzj/ygiftk8/x+KvubZKQAAALCX1H8/GI+TiDoAAACwZ+Waa2CTXCFdCzAYuVyh0FrD+5M4lCtXqrVfT1eWF6Zaa2WHI5+bni2XRtK1wsORTxrt0XSNbbt9fkN7LCKORsT/hg4224XJSnkq64sfAAAAsE8c3jD//3yoNf8HAAAA9pjhrBMAAAAAdpz5PwAAAOx95v8AAACwp/3l2rVGqbd//3rq1sryXOXWualSda4wvzxZmKwsLRZmKpWZ5nf2zW/2euVKZfG3sbB8p1grVWvF6srqjfnK8kLtxuxTP4ENAAAA7KKjv7j/ThIRa7872CwNB7JOCtgVyXYe/P7O5QHsvr6sEwAy0591AkBm8lknAGRus+sAXRfvvNn7XAAAgJ1x+mfd7/+7NgB7Wy7dbmsdAADwveb+P+xfeSsAYd/74SbHn//+f72+rYQAAICeG2yWJFdI7wUORi5XKEQcaf4sQD6Zni2XRtL5wdtD+R802qPNZybuGQIAAAAAAAAAAAAAAAAAAAAAAADAFtXrSdQBAACAPS0i92HS/Db//og4Nbjx+sCB5Iuh5jYibr90/YU7E7Xa0mhj/6fr+2svpvvPZ3EFAwAAANioPU9vz+MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJcePbw72S67GffjP0TEcKf4/THQ3A5EPiIOfZZE/xPPSyKirwfx1+5FxE87xU8aacVwmkWn+AczjJ+LiMM9iA/72f3G+HOl0/svFyea287vv/60PK/u419uffzr6zL+HNlijGMPXit2jX8v4lh/5/GnHT/pEv/kFuP/4++rq92O1V+OON3x8yd5KlaxNr9YrK6snpudn5gpzZQWxsZGL45fGr8wPlKcni2X0n87xvjvz1//6ln9P9Ql/vAm/T+1xf5/+eDOwx+3qvlO8c+c7Pz5+7ivc/zG2D8UEb9K643jp9v1tVb9Scdffev4s/o/1aX/m/39z2yx/2f/+u/30movPjIBgOdUXVmdmyiXS0tbrPxrOw9WUfl2lYHvRhr7ubI+RNzMdIACAAB6Zv2k/89ZZwIAAAAAAAAAAAAAAAAAAAD71258ndjGmGvZdBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Jm+DgAA//+79dWi")
r0 = inotify_init()
inotify_add_watch(r0, &(0x7f0000000580)='./file1\x00', 0x0)

00:43:21 executing program 2:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
finit_module(r1, 0x0, 0x0)

00:43:21 executing program 3:
sched_setscheduler(0x0, 0x0, 0x0)
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000580)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0xe, 0x4, 0x8, 0x80008}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="a800000000010104000000000000000002000000240001801400018008000100e000000108000200ac1e01010c00028005000100000009002400028014000180080001000000010908000200ac1e00010c000280050001000000000044000f800800014000000006080003400000002b080003400000000808100240000000400800014000000000fb0001400000000708000140000044f108000340000000030800"], 0xa8}}, 0x0)

00:43:21 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x5, 0x8, 0x1}, 0x48)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000940)={r0, &(0x7f0000000780)="d9", &(0x7f0000000900)=@udp=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000300)='kfree\x00', r2}, 0x10)
r3 = memfd_create(&(0x7f0000000580)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\x91\xfdy\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7U\x00\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0`\xaa8\xc7\xc8\x9d\xfdA\b\x10\x92(c\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n\x8f~\xd0\xe2y-l\xef_\xb0\x93=\xabQ\xf7 \x1d\xa1\xce\x8b\xac \xe8\x88\xdc\x02\xd7\x04\x9b\x9aL\x9f([4\x81\xf6\xb6\xdf\x16J\xab\xecC\xfe{\xfd\x8a\xa3Eo\tCv\xad\x18\xe9\xd8]B6{\xf0(\xaeW;)\x9f\x9cR\xae\x12G\xd8\xa4\a\x00\x00\x00\x00\x00\x00\x00\x94\xb6\xe8\x885\x92#\x8dE \x86[N\xa7\xd03\xa8\xb4,\x85p\xbd\x88\x02\x1d\xf3\xd5X\xa0\xa9M\xca\xc7\x8b\x8cu\xf0\x00\x00\x00\x00\x00i\xc7\xe7\xbc\xd2\x1e\xf99|\x93\xc7\x7flk\xd2\xa0\xe9\x99`\xff\xf6\xfb\xc4\x9a[\x05\\\x96<\x92\xea}\xec\xac\x17\x9f7\xc0\xa1P\xd0\xf2\x8f\xdc\xf2\xb0\vV\xf7%4_\xba\x81\x95cLW\xfcw\xe0\x97wS\x15\xe4F\xb3\x8a\x9f\b\f\x10z\x14>\x03\xf9\xb0\x95\xbd\xaaF\x02\x86.\xbf\x85\xcfo)G\xb1m\xa8\x01H\x1fO\x9d\x9a\x1b\xfd\xaaf\x96\x92\x96\x1b\xfd\x8e\x10\x8a\x9e:\xa5\x14\xb0`\x82\xd8k\xfd\xd2XNh\xd3\xa3\x03\xb1\x10d)\x11.\xe8~\x8c\x19x\x8f\x82Y\xb9\xc8W\xd1\xa8\xa6b9\xbc\x1a\xff\xc5\xdcObsvRc\x13gb\xa4\x0e~\xbb\r\xb7!\x19\x17\xd56\xec\xb5\xe3\xd2\xa3\x17i\x1c?\xcb\x85\xbe\x13\xa13\x05\x8c\xa6Z\x87\xe0\x91]Bp\xd1\xabg\xd9p\xa9)n\xc5t\x8a\xcb\x1e\xec\x92\xdco\xc1\xe2\x12\xd3\xd1\x19\b&%\xf8a&9\x1b?\f\xd8\xa8\x1a\xc8q\x17\xc2]N\x9c\x80\xb1\x13\xb3\xd6\x01\xad\xc26\x13\x93\xd0\x80$\xc8\x05\x91\x9b\xa8\x02\xc3\x87\xc9\x86^\xb8\x7f\xec\\n\x05\xbf\xd7\x15\xce\xff\x00\xe7\xd9\xc5\r\x00\x02\x00\x00\x00\x00\x00\x00\x15\xd2\xd4~\x88\x19der\xa9B\x91m=\xcd\xf7\x9f\xaa\xe7\x9f\x11\x19\xf8\xe6\x16\x7f\xa8W\xf3\xbf\xcbq\x9d\x14#\xb0}\xb4#\x10\xa3\xc8\xff\xc3\x06\xe9^7\x86\x85\xd4:\x8dQd&E\xf4F\xc7l&\x19\xe6\x95\xec\xa1\n\x9cx\x8d\xf2\xec|\xccYR\xaeZ\xd2\x84\xed0\x00\x00\x00\x00\x00\x00\x00', 0x0)
r4 = dup(r3)
pwritev2(r4, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:21 executing program 0:
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff}, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = dup3(r1, r0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r3}, 0x10)
write$FUSE_BMAP(r2, 0x0, 0x0)

00:43:21 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000007000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:21 executing program 4:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000280)='task_newtask\x00', r1}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:21 executing program 0:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x0, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
ioctl$KDSIGACCEPT(r1, 0x5607, 0x38)

[  831.053391][T29328] Invalid ELF header magic: != ELF
00:43:21 executing program 4:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000002d000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000030"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

00:43:21 executing program 2:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0)
writev(r0, 0x0, 0x0)

00:43:21 executing program 4:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc71b, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0xc}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000000), &(0x7f0000000080)}, 0x20)
syz_usb_control_io(r0, &(0x7f00000002c0)={0x2c, &(0x7f00000001c0)={0x0, 0x0, 0x7, {0x7, 0x0, "47f882f4d1"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

00:43:21 executing program 2:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000580)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b000111000000090400000195699b0009058b", @ANYRES32], 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002a20702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000016c0)={0x84, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

[  831.075844][T29337] loop1: detected capacity change from 0 to 512
00:43:21 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000007000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:21 executing program 0:
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff}, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = dup3(r1, r0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r3}, 0x10)
write$FUSE_BMAP(r2, 0x0, 0x0)

[  831.154373][T29337] EXT4-fs error (device loop1): mb_free_blocks:1845: group 0, inode 16: block 41:freeing already freed block (bit 41); block bitmap corrupt.
[  831.171717][T29337] EXT4-fs (loop1): Remounting filesystem read-only
[  831.187358][T29337] EXT4-fs (loop1): 1 orphan inode deleted
00:43:21 executing program 0:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000280)='task_newtask\x00', r1}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:21 executing program 1:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
finit_module(r1, 0x0, 0x0)

00:43:21 executing program 0:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x0, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:21 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x5, 0x2, 0x7, 0x102, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), 0x0, 0x75, r0}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='ext4_discard_preallocations\x00', r2}, 0x10)
write$cgroup_int(r1, &(0x7f0000000100), 0x1001)
ioctl$SIOCSIFHWADDR(r1, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}})

[  831.203114][T29337] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,sysvgroups,dioread_lock,nolazytime,noauto_da_alloc,resgid=0x0000000000000000,barrier,init_itable=0x0000000000000100,usrquota,. Quota mode: writeback.
[  831.225246][T29337] ext4 filesystem being mounted at /root/syzkaller-testdir3585454249/syzkaller.QWIcmC/538/file1 supports timestamps until 2038 (0x7fffffff)
00:43:21 executing program 0:
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x0, 0x8401)
ioctl$USBDEVFS_DROP_PRIVILEGES(r0, 0x4004551e, &(0x7f0000000340))
ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x5514, 0x0)

00:43:22 executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000007000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

[  831.310456][T29365] Invalid ELF header magic: != ELF
00:43:22 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x2, 0x4, 0x7fe2, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:22 executing program 1:
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f0000000180)={[{@errors_remount}, {@sysvgroups}, {@dioread_lock}, {@nolazytime}, {@noauto_da_alloc}, {@resgid}, {@barrier}, {@init_itable_val={'init_itable', 0x3d, 0x100}}, {@usrquota}]}, 0x12, 0x4cb, &(0x7f0000000a00)="$eJzs3VFrW9cdAPD/la3MSZzZ2fawBZaFJSMJWyQ7XhKzhyyDsTyMwLbsPXNs2RjLlrHkJDZhc9gHGIyxFvrUp74U+gEKJR+hFALte2lLS2mT9qEPaVUkXZnElWK7kX1b+/eDk3vOvZL+/xOjo3vuPUgB7FsnIuJKRPRFxNmIGEr359JytdFYaz3u0cO7k42SRL1+/ZMkknRf+7WSdHu49ZQYiIi/XY24mXwzbnVldW6iXC4tpe1ibX6xWF1ZPTc7PzFTmiktjI2NXhy/NH5hfKQn/RyOiMt//OD//3nlT5ff+M3td298dOafjbQG0+NP9qOXWl3PN/8v2vojYmkngmWgL93mM84DAICtaZzj/ygiftk8/x+KvubZKQAAALCX1H8/GI+TiDoAAACwZ+Waa2CTXCFdCzAYuVyh0FrD+5M4lCtXqrVfT1eWF6Zaa2WHI5+bni2XRtK1wsORTxrt0XSNbbt9fkN7LCKORsT/hg4224XJSnkq64sfAAAAsE8c3jD//3yoNf8HAAAA9pjhrBMAAAAAdpz5PwAAAOx95v8AAACwp/3l2rVGqbd//3rq1sryXOXWualSda4wvzxZmKwsLRZmKpWZ5nf2zW/2euVKZfG3sbB8p1grVWvF6srqjfnK8kLtxuxTP4ENAAAA7KKjv7j/ThIRa7872CwNB7JOCtgVyXYe/P7O5QHsvr6sEwAy0591AkBm8lknAGRus+sAXRfvvNn7XAAAgJ1x+mfd7/+7NgB7Wy7dbmsdAADwveb+P+xfeSsAYd/74SbHn//+f72+rYQAAICeG2yWJFdI7wUORi5XKEQcaf4sQD6Zni2XRtL5wdtD+R802qPNZybuGQIAAAAAAAAAAAAAAAAAAAAAAADAFtXrSdQBAACAPS0i92HS/Db//og4Nbjx+sCB5Iuh5jYibr90/YU7E7Xa0mhj/6fr+2svpvvPZ3EFAwAAANioPU9vz+MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJcePbw72S67GffjP0TEcKf4/THQ3A5EPiIOfZZE/xPPSyKirwfx1+5FxE87xU8aacVwmkWn+AczjJ+LiMM9iA/72f3G+HOl0/svFyea287vv/60PK/u419uffzr6zL+HNlijGMPXit2jX8v4lh/5/GnHT/pEv/kFuP/4++rq92O1V+OON3x8yd5KlaxNr9YrK6snpudn5gpzZQWxsZGL45fGr8wPlKcni2X0n87xvjvz1//6ln9P9Ql/vAm/T+1xf5/+eDOwx+3qvlO8c+c7Pz5+7ivc/zG2D8UEb9K643jp9v1tVb9Scdffev4s/o/1aX/m/39z2yx/2f/+u/30movPjIBgOdUXVmdmyiXS0tbrPxrOw9WUfl2lYHvRhr7ubI+RNzMdIACAAB6Zv2k/89ZZwIAAAAAAAAAAAAAAAAAAAD71258ndjGmGvZdBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Jm+DgAA//+79dWi")
r0 = inotify_init()
inotify_add_watch(r0, &(0x7f0000000580)='./file1\x00', 0x0)

00:43:22 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
r2 = syz_open_dev$usbfs(0x0, 0x200, 0x102)
r3 = dup(r2)
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f00000007c0)=@usbdevfs_connect={0x1})

00:43:22 executing program 0:
setreuid(0x0, 0xee01)
r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_VENDOR(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x1c, r0, 0x1, 0x0, 0x0, {{}, {@void, @val={0x8}, @void}}}, 0x1c}}, 0x0)

[  831.386679][  T820] usb 3-1: new high-speed USB device number 24 using dummy_hcd
[  831.402573][T29373] loop1: detected capacity change from 0 to 512
00:43:22 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
dup(0xffffffffffffffff)
r2 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
read$char_usb(r2, 0x0, 0x0)

[  831.429350][T29373] EXT4-fs error (device loop1): mb_free_blocks:1845: group 0, inode 16: block 41:freeing already freed block (bit 41); block bitmap corrupt.
[  831.446443][ T4541] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  831.454980][T29373] EXT4-fs (loop1): Remounting filesystem read-only
[  831.461658][T29373] EXT4-fs (loop1): 1 orphan inode deleted
00:43:22 executing program 1:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x0, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
finit_module(r1, 0x0, 0x0)

00:43:22 executing program 0:
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x0, 0x8401)
ioctl$USBDEVFS_DROP_PRIVILEGES(r0, 0x4004551e, &(0x7f0000000340))
ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x5514, 0x0)

00:43:22 executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000002d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000030"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

00:43:22 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x2, 0x4, 0x7fe2, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

[  831.467526][T29373] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,sysvgroups,dioread_lock,nolazytime,noauto_da_alloc,resgid=0x0000000000000000,barrier,init_itable=0x0000000000000100,usrquota,. Quota mode: writeback.
[  831.489772][T29373] ext4 filesystem being mounted at /root/syzkaller-testdir3585454249/syzkaller.QWIcmC/541/file1 supports timestamps until 2038 (0x7fffffff)
00:43:22 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
r2 = syz_open_dev$usbfs(0x0, 0x200, 0x102)
r3 = dup(r2)
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f00000007c0)=@usbdevfs_connect={0x1})

00:43:22 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x0, 0x2, 0x4, 0x5}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r4 = dup(r3)
write$FUSE_BMAP(r4, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r5, 0x0, 0x2)

00:43:22 executing program 1:
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000500)='./file1\x00', 0x0, &(0x7f0000000180)={[{@errors_remount}, {@sysvgroups}, {@dioread_lock}, {@nolazytime}, {@noauto_da_alloc}, {@resgid}, {@barrier}, {@init_itable_val={'init_itable', 0x3d, 0x100}}, {@usrquota}]}, 0x12, 0x4cb, &(0x7f0000000a00)="$eJzs3VFrW9cdAPD/la3MSZzZ2fawBZaFJSMJWyQ7XhKzhyyDsTyMwLbsPXNs2RjLlrHkJDZhc9gHGIyxFvrUp74U+gEKJR+hFALte2lLS2mT9qEPaVUkXZnElWK7kX1b+/eDk3vOvZL+/xOjo3vuPUgB7FsnIuJKRPRFxNmIGEr359JytdFYaz3u0cO7k42SRL1+/ZMkknRf+7WSdHu49ZQYiIi/XY24mXwzbnVldW6iXC4tpe1ibX6xWF1ZPTc7PzFTmiktjI2NXhy/NH5hfKQn/RyOiMt//OD//3nlT5ff+M3td298dOafjbQG0+NP9qOXWl3PN/8v2vojYmkngmWgL93mM84DAICtaZzj/ygiftk8/x+KvubZKQAAALCX1H8/GI+TiDoAAACwZ+Waa2CTXCFdCzAYuVyh0FrD+5M4lCtXqrVfT1eWF6Zaa2WHI5+bni2XRtK1wsORTxrt0XSNbbt9fkN7LCKORsT/hg4224XJSnkq64sfAAAAsE8c3jD//3yoNf8HAAAA9pjhrBMAAAAAdpz5PwAAAOx95v8AAACwp/3l2rVGqbd//3rq1sryXOXWualSda4wvzxZmKwsLRZmKpWZ5nf2zW/2euVKZfG3sbB8p1grVWvF6srqjfnK8kLtxuxTP4ENAAAA7KKjv7j/ThIRa7872CwNB7JOCtgVyXYe/P7O5QHsvr6sEwAy0591AkBm8lknAGRus+sAXRfvvNn7XAAAgJ1x+mfd7/+7NgB7Wy7dbmsdAADwveb+P+xfeSsAYd/74SbHn//+f72+rYQAAICeG2yWJFdI7wUORi5XKEQcaf4sQD6Zni2XRtL5wdtD+R802qPNZybuGQIAAAAAAAAAAAAAAAAAAAAAAADAFtXrSdQBAACAPS0i92HS/Db//og4Nbjx+sCB5Iuh5jYibr90/YU7E7Xa0mhj/6fr+2svpvvPZ3EFAwAAANioPU9vz+MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJcePbw72S67GffjP0TEcKf4/THQ3A5EPiIOfZZE/xPPSyKirwfx1+5FxE87xU8aacVwmkWn+AczjJ+LiMM9iA/72f3G+HOl0/svFyea287vv/60PK/u419uffzr6zL+HNlijGMPXit2jX8v4lh/5/GnHT/pEv/kFuP/4++rq92O1V+OON3x8yd5KlaxNr9YrK6snpudn5gpzZQWxsZGL45fGr8wPlKcni2X0n87xvjvz1//6ln9P9Ql/vAm/T+1xf5/+eDOwx+3qvlO8c+c7Pz5+7ivc/zG2D8UEb9K643jp9v1tVb9Scdffev4s/o/1aX/m/39z2yx/2f/+u/30movPjIBgOdUXVmdmyiXS0tbrPxrOw9WUfl2lYHvRhr7ubI+RNzMdIACAAB6Zv2k/89ZZwIAAAAAAAAAAAAAAAAAAAD71258ndjGmGvZdBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4Jm+DgAA//+79dWi")
r0 = inotify_init()
inotify_add_watch(r0, &(0x7f0000000580)='./file1\x00', 0x0)

00:43:22 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
dup(0xffffffffffffffff)
r2 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
read$char_usb(r2, 0x0, 0x0)

[  831.545502][T29388] Invalid ELF header magic: != ELF
00:43:22 executing program 0:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x0, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
ioctl$KDSIGACCEPT(r1, 0x5607, 0x38)

[  831.592391][T29396] loop1: detected capacity change from 0 to 512
[  831.637955][T29396] EXT4-fs error (device loop1): mb_free_blocks:1845: group 0, inode 16: block 41:freeing already freed block (bit 41); block bitmap corrupt.
[  831.652512][T29396] EXT4-fs (loop1): Remounting filesystem read-only
[  831.658963][T29396] EXT4-fs (loop1): 1 orphan inode deleted
[  831.664554][T29396] EXT4-fs (loop1): mounted filesystem without journal. Opts: errors=remount-ro,sysvgroups,dioread_lock,nolazytime,noauto_da_alloc,resgid=0x0000000000000000,barrier,init_itable=0x0000000000000100,usrquota,. Quota mode: writeback.
[  831.686950][T29396] ext4 filesystem being mounted at /root/syzkaller-testdir3585454249/syzkaller.QWIcmC/543/file1 supports timestamps until 2038 (0x7fffffff)
[  831.746375][  T820] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11
[  831.760191][  T820] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024
[  831.771474][  T820] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  831.780419][  T820] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  831.806425][ T4541] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  831.806551][T29348] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  831.817241][ T4541] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  831.833885][ T4541] usb 5-1: New USB device found, idVendor=046d, idProduct=c71b, bcdDevice= 0.00
[  831.842759][ T4541] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  831.851023][ T4541] usb 5-1: config 0 descriptor??
00:43:22 executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
r2 = syz_open_dev$usbfs(&(0x7f0000000000), 0x0, 0x102)
r3 = dup(r2)
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f00000007c0)=@usbdevfs_connect={0x1})

00:43:22 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000280)='task_newtask\x00', r0}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:22 executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x2, 0x4, 0x7fe2, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:22 executing program 1:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
finit_module(r1, 0x0, 0x0)

00:43:22 executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x0, 0x2, 0x4, 0x5}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r4 = dup(r3)
write$FUSE_BMAP(r4, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r5, 0x0, 0x2)

00:43:22 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000007000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:22 executing program 1:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
ioctl$KDSIGACCEPT(r1, 0x5607, 0x38)

00:43:22 executing program 0:
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x203, 0x0)
ioctl$USBDEVFS_DROP_PRIVILEGES(r0, 0x4004551e, &(0x7f0000000340))
ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x5514, 0x0)

[  831.918671][T29413] Invalid ELF header magic: != ELF
[  832.327141][ T4541] logitech-djreceiver 0003:046D:C71B.0136: item fetching failed at offset 5/7
[  832.335907][ T4541] logitech-djreceiver 0003:046D:C71B.0136: logi_dj_probe: parse failed
[  832.343930][ T4541] logitech-djreceiver: probe of 0003:046D:C71B.0136 failed with error -22
[  832.528119][  T329] usb 5-1: USB disconnect, device number 21
[  832.726408][  T820] aiptek 3-1:17.0: Aiptek using 400 ms programming speed
[  832.737589][  T820] input: Aiptek as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:17.0/input/input360
[  832.927883][  T820] usb 3-1: USB disconnect, device number 24
00:43:23 executing program 4:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000700000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_service_time\x00', 0x275a, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1c916, &(0x7f0000000180)=ANY=[@ANYBLOB='nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=', @ANYRESHEX=0xee01, @ANYBLOB=',jqfmt=vfsold,noauto_da_alloc,resgid=', @ANYRESDEC=r1, @ANYBLOB="3200ff97274c68d17b7c16f8461797323c26897387cd742fcba8abebd00606fa2ce467cd74", @ANYRES32=r0], 0x1b, 0x4da, &(0x7f0000000a40)="$eJzs3d1rW+cZAPDnHFtZPpzZYbvIAsvCkmGHLZIdL4kZLNtgbFeBbdnF7jLPlo2xbBlLTmITNof9AYMR2kKvetWbQv+AQsldb0tLoL0vbWkpbdJe9KKNir7SxJH8QWQrWL8fHOs9H/LzvBJ6dd73vOgE0LNORcT5iHhYqVTORsRgY3vaWO4eiYj1+nEP7t+aqi5JVCpXP08iaWyrHj/y2P9sPCUORsTf/hzxr+TpuKXVtfnJQiG/3FjPlReWcqXVtXNzC5Oz+dn84vj42MWJSxMXJkY7Us+BiLj8x49f+N+rf7r85q9ufHDt05F/V9P6bWN/sx6dVq96pvZaNPVHxPJuBOuCvkZ9Mt1OBACAbWme5/88Is7GYPTVzuYAAACA/aTyu4H4JomoAAAAAPtWWpsbm6TZxjyAgUjTbLY+h/fHcTgtFEvlX84UVxan63NohyKTzswV8qONucJDkUmq62O18vfr5zesj0fEsYi4M3iotp6dKhamuz34AQAAAD3iyIb+/1eD9f4/AAAAsM8MdTsBAAAAYNfp/wMAAMD+16L//49u5AEAAADsir9cuVJdKs37X09fX12ZL14/N50vzWcXVqayU8XlpexssThb+82+ha3+X6FYXPp1LK7czJXzpXKutLp2baG4sli+NvfELbABAACAPXTsZ3ffTyJi/TeHakvVgW4nBeyJ/p0c/NHu5QHsvb5uJwB0zY6+/4F9JdPtBICuS7bY33byztudzwUAANgdwz9pff0/2XJsYD3doxSBXWL8D3qX6//Qu1z/h96Vib7QkYfetvvX/yuVHSUEAAB03EBtSdJsRG0cYCDSNJuNOFq7LUAmmZkr5Ecj4ocR8d5g5gfV9bHaM5Mt+wwAAAAAAAAAAAAAAAAAAAAAAAAAQF2lkkQFAAAA2Nci0k+Sxv2/hgfPDGwcHziQfD1Ye4yIGy9fffHmZLm8PFbd/sWj7eWXGtvPd2MEAwAAANio2U9v9uMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJMe3L811Vz2Mu5nf4iIoVbx++Ng7fFgZCLi8JdJ9D/2vCQi+joQf/12RBxvFT+pphVDjSxaxT/UxfhpRBzpQHzoZXer7c/vW33+0jhVe2z9+btYa6GeXfv2L33U/vW1aX+ObjPGiXuv59rGvx1xor91+9OMn7SJf3qb8f/597W1dvsqr0QMt/z+SZ6IlSsvLOVKq2vn5hYmZ/Oz+cXx8bGLE5cmLkyM5mbmCvnG3xYRDsT/f/rGw83qfzjutG1/N6v/mW3W/9t7N+//qF7MtIo/crr1+3+8Tfy08d33i0a5un+4WV6vlx938rV3Tka8+1a7+k+3ef23ev9Htln/s3/974fbPBQA2AOl1bX5yUIhv9zThWd6NaqnRc9FLRR2WvjP85HGc1nobrsEAAB03tN94Cd14ho7AAAAAAAAAAAAAAAAAAAAsLm9/HW9pvXuVBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYFPfBQAA//9z7Ner")
r2 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)

[  833.045542][T29423] loop4: detected capacity change from 0 to 512
[  833.126780][T29423] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled
[  833.136062][T29423] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[  833.147187][T29423] [EXT4 FS bs=4096, gc=1, bpg=3008, ipg=32, mo=4015e018, mo2=0000]
[  833.156525][T29423] EXT4-fs (loop4): 1 truncate cleaned up
[  833.162003][T29423] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=0x000000000000ee01,jqfmt=vfsold,noauto_da_alloc,resgid=000000000000000000042,errors=continue. Quota mode: writeback.
[  833.185334][  T351] Quota error (device loop4): free_dqentry: Quota structure has offset to other block (1) than it should (5)
[  833.198045][T29423] EXT4-fs (loop4): re-mounted. Opts: (null). Quota mode: writeback.
00:43:24 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000007000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:24 executing program 3:
sched_setscheduler(0x0, 0x0, 0x0)
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000580)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0xe, 0x4, 0x8, 0x80008}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="a800000000010104000000000000000002000000240001801400018008000100e000000108000200ac1e01010c00028005000100000009002400028014000180080001000000010908000200ac1e00010c000280050001000000000044000f800800014000000006080003400000002b080003400000000808100240000000400800014000000000fb0001400000000708000140000044f108000340000000030800"], 0xa8}}, 0x0)

00:43:24 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
r2 = syz_open_dev$usbfs(&(0x7f0000000000), 0x0, 0x102)
r3 = dup(r2)
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f00000007c0)=@usbdevfs_connect={0x1})

00:43:24 executing program 1:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000030"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

00:43:24 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
finit_module(r1, 0x0, 0x0)

00:43:24 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
dup(0xffffffffffffffff)
read$char_usb(0xffffffffffffffff, 0x0, 0x0)

00:43:24 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x0, 0x4, 0x5}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r4 = dup(r3)
write$FUSE_BMAP(r4, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r5, 0x0, 0x2)

00:43:24 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff, 0x7}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000200), &(0x7f0000000280)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10)
r2 = syz_open_dev$usbfs(&(0x7f0000000040), 0x76, 0x141201)
ioctl$USBDEVFS_REAPURB(r2, 0x4008550c, 0x0)
ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000080)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000000), 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

00:43:24 executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x5, 0x2, 0x7, 0x102, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='ext4_discard_preallocations\x00', r2}, 0x10)
write$cgroup_int(r1, &(0x7f0000000100), 0x1001)
ioctl$SIOCSIFHWADDR(r1, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}})

[  833.457320][T29435] Invalid ELF header magic: != ELF
00:43:24 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0x8, 0x8}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='tlb_flush\x00', r1}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:24 executing program 2:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000580)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b000111000000090400000195699b0009058b", @ANYRES32], 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002a20702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000016c0)={0x84, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

00:43:24 executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x5, 0x8, 0x1}, 0x48)
socket$inet_udp(0x2, 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = memfd_create(&(0x7f0000000580)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\x91\xfdy\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7U\x00\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0`\xaa8\xc7\xc8\x9d\xfdA\b\x10\x92(c\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n\x8f~\xd0\xe2y-l\xef_\xb0\x93=\xabQ\xf7 \x1d\xa1\xce\x8b\xac \xe8\x88\xdc\x02\xd7\x04\x9b\x9aL\x9f([4\x81\xf6\xb6\xdf\x16J\xab\xecC\xfe{\xfd\x8a\xa3Eo\tCv\xad\x18\xe9\xd8]B6{\xf0(\xaeW;)\x9f\x9cR\xae\x12G\xd8\xa4\a\x00\x00\x00\x00\x00\x00\x00\x94\xb6\xe8\x885\x92#\x8dE \x86[N\xa7\xd03\xa8\xb4,\x85p\xbd\x88\x02\x1d\xf3\xd5X\xa0\xa9M\xca\xc7\x8b\x8cu\xf0\x00\x00\x00\x00\x00i\xc7\xe7\xbc\xd2\x1e\xf99|\x93\xc7\x7flk\xd2\xa0\xe9\x99`\xff\xf6\xfb\xc4\x9a[\x05\\\x96<\x92\xea}\xec\xac\x17\x9f7\xc0\xa1P\xd0\xf2\x8f\xdc\xf2\xb0\vV\xf7%4_\xba\x81\x95cLW\xfcw\xe0\x97wS\x15\xe4F\xb3\x8a\x9f\b\f\x10z\x14>\x03\xf9\xb0\x95\xbd\xaaF\x02\x86.\xbf\x85\xcfo)G\xb1m\xa8\x01H\x1fO\x9d\x9a\x1b\xfd\xaaf\x96\x92\x96\x1b\xfd\x8e\x10\x8a\x9e:\xa5\x14\xb0`\x82\xd8k\xfd\xd2XNh\xd3\xa3\x03\xb1\x10d)\x11.\xe8~\x8c\x19x\x8f\x82Y\xb9\xc8W\xd1\xa8\xa6b9\xbc\x1a\xff\xc5\xdcObsvRc\x13gb\xa4\x0e~\xbb\r\xb7!\x19\x17\xd56\xec\xb5\xe3\xd2\xa3\x17i\x1c?\xcb\x85\xbe\x13\xa13\x05\x8c\xa6Z\x87\xe0\x91]Bp\xd1\xabg\xd9p\xa9)n\xc5t\x8a\xcb\x1e\xec\x92\xdco\xc1\xe2\x12\xd3\xd1\x19\b&%\xf8a&9\x1b?\f\xd8\xa8\x1a\xc8q\x17\xc2]N\x9c\x80\xb1\x13\xb3\xd6\x01\xad\xc26\x13\x93\xd0\x80$\xc8\x05\x91\x9b\xa8\x02\xc3\x87\xc9\x86^\xb8\x7f\xec\\n\x05\xbf\xd7\x15\xce\xff\x00\xe7\xd9\xc5\r\x00\x02\x00\x00\x00\x00\x00\x00\x15\xd2\xd4~\x88\x19der\xa9B\x91m=\xcd\xf7\x9f\xaa\xe7\x9f\x11\x19\xf8\xe6\x16\x7f\xa8W\xf3\xbf\xcbq\x9d\x14#\xb0}\xb4#\x10\xa3\xc8\xff\xc3\x06\xe9^7\x86\x85\xd4:\x8dQd&E\xf4F\xc7l&\x19\xe6\x95\xec\xa1\n\x9cx\x8d\xf2\xec|\xccYR\xaeZ\xd2\x84\xed0\x00\x00\x00\x00\x00\x00\x00', 0x0)
r3 = dup(r2)
pwritev2(r3, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:24 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
finit_module(r1, 0x0, 0x0)

00:43:24 executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
r2 = syz_open_dev$usbfs(&(0x7f0000000000), 0x0, 0x102)
r3 = dup(r2)
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f00000007c0)=@usbdevfs_connect={0x1})

00:43:24 executing program 4:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000030"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

00:43:24 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x2, 0x4, 0x7fe2, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={0x0, r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:24 executing program 1:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r2}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
ioctl$KDSIGACCEPT(r1, 0x5607, 0x38)

[  833.560997][T29455] Invalid ELF header magic: != ELF
00:43:24 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x5, 0x2, 0x7, 0x102, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='ext4_discard_preallocations\x00', r2}, 0x10)
write$cgroup_int(r1, &(0x7f0000000100), 0x1001)
ioctl$SIOCSIFHWADDR(r1, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}})

00:43:24 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0x8, 0x8}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='tlb_flush\x00', r1}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:24 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x5, 0x8, 0x1}, 0x48)
socket$inet_udp(0x2, 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = memfd_create(&(0x7f0000000580)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\x91\xfdy\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7U\x00\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0`\xaa8\xc7\xc8\x9d\xfdA\b\x10\x92(c\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n\x8f~\xd0\xe2y-l\xef_\xb0\x93=\xabQ\xf7 \x1d\xa1\xce\x8b\xac \xe8\x88\xdc\x02\xd7\x04\x9b\x9aL\x9f([4\x81\xf6\xb6\xdf\x16J\xab\xecC\xfe{\xfd\x8a\xa3Eo\tCv\xad\x18\xe9\xd8]B6{\xf0(\xaeW;)\x9f\x9cR\xae\x12G\xd8\xa4\a\x00\x00\x00\x00\x00\x00\x00\x94\xb6\xe8\x885\x92#\x8dE \x86[N\xa7\xd03\xa8\xb4,\x85p\xbd\x88\x02\x1d\xf3\xd5X\xa0\xa9M\xca\xc7\x8b\x8cu\xf0\x00\x00\x00\x00\x00i\xc7\xe7\xbc\xd2\x1e\xf99|\x93\xc7\x7flk\xd2\xa0\xe9\x99`\xff\xf6\xfb\xc4\x9a[\x05\\\x96<\x92\xea}\xec\xac\x17\x9f7\xc0\xa1P\xd0\xf2\x8f\xdc\xf2\xb0\vV\xf7%4_\xba\x81\x95cLW\xfcw\xe0\x97wS\x15\xe4F\xb3\x8a\x9f\b\f\x10z\x14>\x03\xf9\xb0\x95\xbd\xaaF\x02\x86.\xbf\x85\xcfo)G\xb1m\xa8\x01H\x1fO\x9d\x9a\x1b\xfd\xaaf\x96\x92\x96\x1b\xfd\x8e\x10\x8a\x9e:\xa5\x14\xb0`\x82\xd8k\xfd\xd2XNh\xd3\xa3\x03\xb1\x10d)\x11.\xe8~\x8c\x19x\x8f\x82Y\xb9\xc8W\xd1\xa8\xa6b9\xbc\x1a\xff\xc5\xdcObsvRc\x13gb\xa4\x0e~\xbb\r\xb7!\x19\x17\xd56\xec\xb5\xe3\xd2\xa3\x17i\x1c?\xcb\x85\xbe\x13\xa13\x05\x8c\xa6Z\x87\xe0\x91]Bp\xd1\xabg\xd9p\xa9)n\xc5t\x8a\xcb\x1e\xec\x92\xdco\xc1\xe2\x12\xd3\xd1\x19\b&%\xf8a&9\x1b?\f\xd8\xa8\x1a\xc8q\x17\xc2]N\x9c\x80\xb1\x13\xb3\xd6\x01\xad\xc26\x13\x93\xd0\x80$\xc8\x05\x91\x9b\xa8\x02\xc3\x87\xc9\x86^\xb8\x7f\xec\\n\x05\xbf\xd7\x15\xce\xff\x00\xe7\xd9\xc5\r\x00\x02\x00\x00\x00\x00\x00\x00\x15\xd2\xd4~\x88\x19der\xa9B\x91m=\xcd\xf7\x9f\xaa\xe7\x9f\x11\x19\xf8\xe6\x16\x7f\xa8W\xf3\xbf\xcbq\x9d\x14#\xb0}\xb4#\x10\xa3\xc8\xff\xc3\x06\xe9^7\x86\x85\xd4:\x8dQd&E\xf4F\xc7l&\x19\xe6\x95\xec\xa1\n\x9cx\x8d\xf2\xec|\xccYR\xaeZ\xd2\x84\xed0\x00\x00\x00\x00\x00\x00\x00', 0x0)
r3 = dup(r2)
pwritev2(r3, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:24 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff, 0x7}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000200), &(0x7f0000000280)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10)
r2 = syz_open_dev$usbfs(&(0x7f0000000040), 0x76, 0x141201)
ioctl$USBDEVFS_REAPURB(r2, 0x4008550c, 0x0)
ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000080)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000000), 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

00:43:24 executing program 0:
bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x0, 0x0, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000280)='task_newtask\x00', r0}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:24 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
r2 = syz_open_dev$usbfs(&(0x7f0000000000), 0x200, 0x0)
r3 = dup(r2)
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f00000007c0)=@usbdevfs_connect={0x1})

00:43:24 executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x2, 0x4, 0x7fe2, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00'}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:24 executing program 0:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000030"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

00:43:24 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x5, 0x2, 0x7, 0x102, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='ext4_discard_preallocations\x00', r2}, 0x10)
write$cgroup_int(r1, &(0x7f0000000100), 0x1001)
ioctl$SIOCSIFHWADDR(r1, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}})

00:43:24 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0x8, 0x8}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='tlb_flush\x00', r1}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:24 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x5, 0x8, 0x1}, 0x48)
socket$inet_udp(0x2, 0x2, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = memfd_create(&(0x7f0000000580)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\x91\xfdy\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7U\x00\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0`\xaa8\xc7\xc8\x9d\xfdA\b\x10\x92(c\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n\x8f~\xd0\xe2y-l\xef_\xb0\x93=\xabQ\xf7 \x1d\xa1\xce\x8b\xac \xe8\x88\xdc\x02\xd7\x04\x9b\x9aL\x9f([4\x81\xf6\xb6\xdf\x16J\xab\xecC\xfe{\xfd\x8a\xa3Eo\tCv\xad\x18\xe9\xd8]B6{\xf0(\xaeW;)\x9f\x9cR\xae\x12G\xd8\xa4\a\x00\x00\x00\x00\x00\x00\x00\x94\xb6\xe8\x885\x92#\x8dE \x86[N\xa7\xd03\xa8\xb4,\x85p\xbd\x88\x02\x1d\xf3\xd5X\xa0\xa9M\xca\xc7\x8b\x8cu\xf0\x00\x00\x00\x00\x00i\xc7\xe7\xbc\xd2\x1e\xf99|\x93\xc7\x7flk\xd2\xa0\xe9\x99`\xff\xf6\xfb\xc4\x9a[\x05\\\x96<\x92\xea}\xec\xac\x17\x9f7\xc0\xa1P\xd0\xf2\x8f\xdc\xf2\xb0\vV\xf7%4_\xba\x81\x95cLW\xfcw\xe0\x97wS\x15\xe4F\xb3\x8a\x9f\b\f\x10z\x14>\x03\xf9\xb0\x95\xbd\xaaF\x02\x86.\xbf\x85\xcfo)G\xb1m\xa8\x01H\x1fO\x9d\x9a\x1b\xfd\xaaf\x96\x92\x96\x1b\xfd\x8e\x10\x8a\x9e:\xa5\x14\xb0`\x82\xd8k\xfd\xd2XNh\xd3\xa3\x03\xb1\x10d)\x11.\xe8~\x8c\x19x\x8f\x82Y\xb9\xc8W\xd1\xa8\xa6b9\xbc\x1a\xff\xc5\xdcObsvRc\x13gb\xa4\x0e~\xbb\r\xb7!\x19\x17\xd56\xec\xb5\xe3\xd2\xa3\x17i\x1c?\xcb\x85\xbe\x13\xa13\x05\x8c\xa6Z\x87\xe0\x91]Bp\xd1\xabg\xd9p\xa9)n\xc5t\x8a\xcb\x1e\xec\x92\xdco\xc1\xe2\x12\xd3\xd1\x19\b&%\xf8a&9\x1b?\f\xd8\xa8\x1a\xc8q\x17\xc2]N\x9c\x80\xb1\x13\xb3\xd6\x01\xad\xc26\x13\x93\xd0\x80$\xc8\x05\x91\x9b\xa8\x02\xc3\x87\xc9\x86^\xb8\x7f\xec\\n\x05\xbf\xd7\x15\xce\xff\x00\xe7\xd9\xc5\r\x00\x02\x00\x00\x00\x00\x00\x00\x15\xd2\xd4~\x88\x19der\xa9B\x91m=\xcd\xf7\x9f\xaa\xe7\x9f\x11\x19\xf8\xe6\x16\x7f\xa8W\xf3\xbf\xcbq\x9d\x14#\xb0}\xb4#\x10\xa3\xc8\xff\xc3\x06\xe9^7\x86\x85\xd4:\x8dQd&E\xf4F\xc7l&\x19\xe6\x95\xec\xa1\n\x9cx\x8d\xf2\xec|\xccYR\xaeZ\xd2\x84\xed0\x00\x00\x00\x00\x00\x00\x00', 0x0)
r3 = dup(r2)
pwritev2(r3, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:24 executing program 0:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r2}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
ioctl$KDSIGACCEPT(r1, 0x5607, 0x38)

00:43:24 executing program 1:
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff}, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = dup3(r1, r0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000072000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r3}, 0x10)
write$FUSE_BMAP(r2, 0x0, 0x0)

00:43:24 executing program 4:
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x203, 0x8401)
ioctl$USBDEVFS_DROP_PRIVILEGES(0xffffffffffffffff, 0x4004551e, &(0x7f0000000340))
ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x5514, 0x0)

00:43:24 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff, 0x7}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000200), &(0x7f0000000280)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10)
r2 = syz_open_dev$usbfs(&(0x7f0000000040), 0x76, 0x141201)
ioctl$USBDEVFS_REAPURB(r2, 0x4008550c, 0x0)

00:43:24 executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x2, 0x4, 0x7fe2, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00'}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

[  833.796316][T23898] usb 3-1: new high-speed USB device number 25 using dummy_hcd
[  834.156380][T23898] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11
[  834.167478][T23898] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024
[  834.178697][T23898] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  834.187655][T23898] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  834.206397][T29449] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
00:43:24 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0x8, 0x8}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='tlb_flush\x00', r1}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:24 executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x5, 0x2, 0x7, 0x102, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r0}, 0x38)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='ext4_discard_preallocations\x00', r2}, 0x10)
write$cgroup_int(r1, &(0x7f0000000100), 0x1001)
ioctl$SIOCSIFHWADDR(r1, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}})

00:43:24 executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={0x0, r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000030"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

00:43:24 executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x5, 0x8, 0x1}, 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000940)={r0, &(0x7f0000000780)="d9", &(0x7f0000000900)=@udp}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = memfd_create(&(0x7f0000000580)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\x91\xfdy\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7U\x00\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0`\xaa8\xc7\xc8\x9d\xfdA\b\x10\x92(c\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n\x8f~\xd0\xe2y-l\xef_\xb0\x93=\xabQ\xf7 \x1d\xa1\xce\x8b\xac \xe8\x88\xdc\x02\xd7\x04\x9b\x9aL\x9f([4\x81\xf6\xb6\xdf\x16J\xab\xecC\xfe{\xfd\x8a\xa3Eo\tCv\xad\x18\xe9\xd8]B6{\xf0(\xaeW;)\x9f\x9cR\xae\x12G\xd8\xa4\a\x00\x00\x00\x00\x00\x00\x00\x94\xb6\xe8\x885\x92#\x8dE \x86[N\xa7\xd03\xa8\xb4,\x85p\xbd\x88\x02\x1d\xf3\xd5X\xa0\xa9M\xca\xc7\x8b\x8cu\xf0\x00\x00\x00\x00\x00i\xc7\xe7\xbc\xd2\x1e\xf99|\x93\xc7\x7flk\xd2\xa0\xe9\x99`\xff\xf6\xfb\xc4\x9a[\x05\\\x96<\x92\xea}\xec\xac\x17\x9f7\xc0\xa1P\xd0\xf2\x8f\xdc\xf2\xb0\vV\xf7%4_\xba\x81\x95cLW\xfcw\xe0\x97wS\x15\xe4F\xb3\x8a\x9f\b\f\x10z\x14>\x03\xf9\xb0\x95\xbd\xaaF\x02\x86.\xbf\x85\xcfo)G\xb1m\xa8\x01H\x1fO\x9d\x9a\x1b\xfd\xaaf\x96\x92\x96\x1b\xfd\x8e\x10\x8a\x9e:\xa5\x14\xb0`\x82\xd8k\xfd\xd2XNh\xd3\xa3\x03\xb1\x10d)\x11.\xe8~\x8c\x19x\x8f\x82Y\xb9\xc8W\xd1\xa8\xa6b9\xbc\x1a\xff\xc5\xdcObsvRc\x13gb\xa4\x0e~\xbb\r\xb7!\x19\x17\xd56\xec\xb5\xe3\xd2\xa3\x17i\x1c?\xcb\x85\xbe\x13\xa13\x05\x8c\xa6Z\x87\xe0\x91]Bp\xd1\xabg\xd9p\xa9)n\xc5t\x8a\xcb\x1e\xec\x92\xdco\xc1\xe2\x12\xd3\xd1\x19\b&%\xf8a&9\x1b?\f\xd8\xa8\x1a\xc8q\x17\xc2]N\x9c\x80\xb1\x13\xb3\xd6\x01\xad\xc26\x13\x93\xd0\x80$\xc8\x05\x91\x9b\xa8\x02\xc3\x87\xc9\x86^\xb8\x7f\xec\\n\x05\xbf\xd7\x15\xce\xff\x00\xe7\xd9\xc5\r\x00\x02\x00\x00\x00\x00\x00\x00\x15\xd2\xd4~\x88\x19der\xa9B\x91m=\xcd\xf7\x9f\xaa\xe7\x9f\x11\x19\xf8\xe6\x16\x7f\xa8W\xf3\xbf\xcbq\x9d\x14#\xb0}\xb4#\x10\xa3\xc8\xff\xc3\x06\xe9^7\x86\x85\xd4:\x8dQd&E\xf4F\xc7l&\x19\xe6\x95\xec\xa1\n\x9cx\x8d\xf2\xec|\xccYR\xaeZ\xd2\x84\xed0\x00\x00\x00\x00\x00\x00\x00', 0x0)
r3 = dup(r2)
pwritev2(r3, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:24 executing program 0:
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x203, 0x8401)
ioctl$USBDEVFS_DROP_PRIVILEGES(r0, 0x4004551e, 0x0)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x5514, 0x0)

00:43:24 executing program 1:
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_service_time\x00', 0x275a, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1c916, &(0x7f0000000180)=ANY=[@ANYBLOB='nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=', @ANYRESHEX=0xee01, @ANYBLOB=',jqfmt=vfsold,noauto_da_alloc,resgid=', @ANYRESDEC=r0, @ANYBLOB="3200ff97274c68d17b7c16f8461797323c26897387cd742fcba8abebd00606fa2ce467cd74", @ANYRES32], 0x1b, 0x4da, &(0x7f0000000a40)="$eJzs3d1rW+cZAPDnHFtZPpzZYbvIAsvCkmGHLZIdL4kZLNtgbFeBbdnF7jLPlo2xbBlLTmITNof9AYMR2kKvetWbQv+AQsldb0tLoL0vbWkpbdJe9KKNir7SxJH8QWQrWL8fHOs9H/LzvBJ6dd73vOgE0LNORcT5iHhYqVTORsRgY3vaWO4eiYj1+nEP7t+aqi5JVCpXP08iaWyrHj/y2P9sPCUORsTf/hzxr+TpuKXVtfnJQiG/3FjPlReWcqXVtXNzC5Oz+dn84vj42MWJSxMXJkY7Us+BiLj8x49f+N+rf7r85q9ufHDt05F/V9P6bWN/sx6dVq96pvZaNPVHxPJuBOuCvkZ9Mt1OBACAbWme5/88Is7GYPTVzuYAAACA/aTyu4H4JomoAAAAAPtWWpsbm6TZxjyAgUjTbLY+h/fHcTgtFEvlX84UVxan63NohyKTzswV8qONucJDkUmq62O18vfr5zesj0fEsYi4M3iotp6dKhamuz34AQAAAD3iyIb+/1eD9f4/AAAAsM8MdTsBAAAAYNfp/wMAAMD+16L//49u5AEAAADsir9cuVJdKs37X09fX12ZL14/N50vzWcXVqayU8XlpexssThb+82+ha3+X6FYXPp1LK7czJXzpXKutLp2baG4sli+NvfELbABAACAPXTsZ3ffTyJi/TeHakvVgW4nBeyJ/p0c/NHu5QHsvb5uJwB0zY6+/4F9JdPtBICuS7bY33byztudzwUAANgdwz9pff0/2XJsYD3doxSBXWL8D3qX6//Qu1z/h96Vib7QkYfetvvX/yuVHSUEAAB03EBtSdJsRG0cYCDSNJuNOFq7LUAmmZkr5Ecj4ocR8d5g5gfV9bHaM5Mt+wwAAAAAAAAAAAAAAAAAAAAAAAAAQF2lkkQFAAAA2Nci0k+Sxv2/hgfPDGwcHziQfD1Ye4yIGy9fffHmZLm8PFbd/sWj7eWXGtvPd2MEAwAAANio2U9v9uMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJMe3L811Vz2Mu5nf4iIoVbx++Ng7fFgZCLi8JdJ9D/2vCQi+joQf/12RBxvFT+pphVDjSxaxT/UxfhpRBzpQHzoZXer7c/vW33+0jhVe2z9+btYa6GeXfv2L33U/vW1aX+ObjPGiXuv59rGvx1xor91+9OMn7SJf3qb8f/597W1dvsqr0QMt/z+SZ6IlSsvLOVKq2vn5hYmZ/Oz+cXx8bGLE5cmLkyM5mbmCvnG3xYRDsT/f/rGw83qfzjutG1/N6v/mW3W/9t7N+//qF7MtIo/crr1+3+8Tfy08d33i0a5un+4WV6vlx938rV3Tka8+1a7+k+3ef23ev9Htln/s3/974fbPBQA2AOl1bX5yUIhv9zThWd6NaqnRc9FLRR2WvjP85HGc1nobrsEAAB03tN94Cd14ho7AAAAAAAAAAAAAAAAAAAAsLm9/HW9pvXuVBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYFPfBQAA//9z7Ner")
r1 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r1, 0x7, 0x0, 0x0, 0x0)

00:43:25 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x2, 0x4, 0x7fe2, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00'}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:25 executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000007000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:25 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0x8, 0x8}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='tlb_flush\x00', r1}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

[  834.339428][T29515] loop1: detected capacity change from 0 to 512
[  834.407001][T29515] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled
[  834.416392][T29515] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  834.437298][T29515] [EXT4 FS bs=4096, gc=1, bpg=3008, ipg=32, mo=4015e018, mo2=0000]
[  834.447093][T29515] EXT4-fs (loop1): 1 truncate cleaned up
[  834.452567][T29515] EXT4-fs (loop1): mounted filesystem without journal. Opts: nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=0x000000000000ee01,jqfmt=vfsold,noauto_da_alloc,resgid=000000000000000000032,errors=continue. Quota mode: writeback.
[  834.477503][  T351] Quota error (device loop1): free_dqentry: Quota structure has offset to other block (1) than it should (5)
[  834.490330][T29515] EXT4-fs (loop1): re-mounted. Opts: (null). Quota mode: writeback.
[  835.116327][T23898] aiptek 3-1:17.0: Aiptek using 400 ms programming speed
[  835.126527][T23898] input: Aiptek as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:17.0/input/input361
[  835.317916][T23898] usb 3-1: USB disconnect, device number 25
00:43:26 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x5, 0x8, 0x1}, 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000940)={r0, &(0x7f0000000780)="d9", &(0x7f0000000900)=@udp}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = memfd_create(&(0x7f0000000580)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\x91\xfdy\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7U\x00\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0`\xaa8\xc7\xc8\x9d\xfdA\b\x10\x92(c\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n\x8f~\xd0\xe2y-l\xef_\xb0\x93=\xabQ\xf7 \x1d\xa1\xce\x8b\xac \xe8\x88\xdc\x02\xd7\x04\x9b\x9aL\x9f([4\x81\xf6\xb6\xdf\x16J\xab\xecC\xfe{\xfd\x8a\xa3Eo\tCv\xad\x18\xe9\xd8]B6{\xf0(\xaeW;)\x9f\x9cR\xae\x12G\xd8\xa4\a\x00\x00\x00\x00\x00\x00\x00\x94\xb6\xe8\x885\x92#\x8dE \x86[N\xa7\xd03\xa8\xb4,\x85p\xbd\x88\x02\x1d\xf3\xd5X\xa0\xa9M\xca\xc7\x8b\x8cu\xf0\x00\x00\x00\x00\x00i\xc7\xe7\xbc\xd2\x1e\xf99|\x93\xc7\x7flk\xd2\xa0\xe9\x99`\xff\xf6\xfb\xc4\x9a[\x05\\\x96<\x92\xea}\xec\xac\x17\x9f7\xc0\xa1P\xd0\xf2\x8f\xdc\xf2\xb0\vV\xf7%4_\xba\x81\x95cLW\xfcw\xe0\x97wS\x15\xe4F\xb3\x8a\x9f\b\f\x10z\x14>\x03\xf9\xb0\x95\xbd\xaaF\x02\x86.\xbf\x85\xcfo)G\xb1m\xa8\x01H\x1fO\x9d\x9a\x1b\xfd\xaaf\x96\x92\x96\x1b\xfd\x8e\x10\x8a\x9e:\xa5\x14\xb0`\x82\xd8k\xfd\xd2XNh\xd3\xa3\x03\xb1\x10d)\x11.\xe8~\x8c\x19x\x8f\x82Y\xb9\xc8W\xd1\xa8\xa6b9\xbc\x1a\xff\xc5\xdcObsvRc\x13gb\xa4\x0e~\xbb\r\xb7!\x19\x17\xd56\xec\xb5\xe3\xd2\xa3\x17i\x1c?\xcb\x85\xbe\x13\xa13\x05\x8c\xa6Z\x87\xe0\x91]Bp\xd1\xabg\xd9p\xa9)n\xc5t\x8a\xcb\x1e\xec\x92\xdco\xc1\xe2\x12\xd3\xd1\x19\b&%\xf8a&9\x1b?\f\xd8\xa8\x1a\xc8q\x17\xc2]N\x9c\x80\xb1\x13\xb3\xd6\x01\xad\xc26\x13\x93\xd0\x80$\xc8\x05\x91\x9b\xa8\x02\xc3\x87\xc9\x86^\xb8\x7f\xec\\n\x05\xbf\xd7\x15\xce\xff\x00\xe7\xd9\xc5\r\x00\x02\x00\x00\x00\x00\x00\x00\x15\xd2\xd4~\x88\x19der\xa9B\x91m=\xcd\xf7\x9f\xaa\xe7\x9f\x11\x19\xf8\xe6\x16\x7f\xa8W\xf3\xbf\xcbq\x9d\x14#\xb0}\xb4#\x10\xa3\xc8\xff\xc3\x06\xe9^7\x86\x85\xd4:\x8dQd&E\xf4F\xc7l&\x19\xe6\x95\xec\xa1\n\x9cx\x8d\xf2\xec|\xccYR\xaeZ\xd2\x84\xed0\x00\x00\x00\x00\x00\x00\x00', 0x0)
r3 = dup(r2)
pwritev2(r3, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:26 executing program 3:
sched_setscheduler(0x0, 0x0, 0x0)
getpid()
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
connect$unix(r0, &(0x7f0000000580)=@abs, 0x6e)
sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r2 = socket$nl_netfilter(0x10, 0x3, 0xc)
r3 = bpf$MAP_CREATE(0x0, &(0x7f0000001a80)=@base={0xe, 0x4, 0x8, 0x80008}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3], &(0x7f0000000280)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sched_switch\x00', r4}, 0x10)
sendmsg$IPCTNL_MSG_CT_NEW(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="a800000000010104000000000000000002000000240001801400018008000100e000000108000200ac1e01010c00028005000100000009002400028014000180080001000000010908000200ac1e00010c000280050001000000000044000f800800014000000006080003400000002b080003400000000808100240000000400800014000000000fb0001400000000708000140000044f108000340000000030800"], 0xa8}}, 0x0)

00:43:26 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x0, 0x5}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r4 = dup(r3)
write$FUSE_BMAP(r4, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r5, 0x0, 0x2)

00:43:26 executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x5, 0x2, 0x7, 0x102, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r0}, 0x38)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='ext4_discard_preallocations\x00', r2}, 0x10)
write$cgroup_int(r1, &(0x7f0000000100), 0x1001)
ioctl$SIOCSIFHWADDR(r1, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}})

00:43:26 executing program 4:
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x203, 0x8401)
ioctl$USBDEVFS_DROP_PRIVILEGES(r0, 0x4004551e, 0x0)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x5514, 0x0)

00:43:26 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x2, 0x4, 0x7fe2, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, 0x0)
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:26 executing program 4:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
ioctl$KDSIGACCEPT(r1, 0x5607, 0x38)

00:43:26 executing program 1:
syz_mount_image$f2fs(&(0x7f00000000c0), &(0x7f00000105c0)='./file0\x00', 0x1218058, &(0x7f0000000000)=ANY=[], 0x1, 0x105b9, &(0x7f0000031180)="$eJzs3M1uG1UbB/DHzdum7VtKhfrBjpEQUiJhK07SigoJBWgFSE0V8bFgAzj2xHJre0LsOCFrkFhwG90hNiy4AjbcBxJCbEBiBwJ5ZlI1qIvSmjiQ30+a/M8cHz8+x8rCx5NMAMfWheTXXypxPs5ExExEnIvI25XyyK0U8WxEPBcRJx44KmX//Y5TEXE2Is6Pixc1K+VDX338ze+jvVuf33v5xw+u3/u5Mr1VA9P2QkT0Nov2Tq/IrF3knbK/Merk2VselVk80LtbnmdF7qTreYWdxv64Rp5L7WJ8trk9GOdGt9EcZ7uzkfdv9osXHIza+3XyJ9xpbOXnrXQ9z84gy7O9V8xrt8y9wbCo0yrrfZKXj+FwP4v+dDct1rN5N89mf1j2F3WzVro7zlGZ5ctFM+u28nmsP/bbfOTd6vS3d5NRujXoZP3kaq3+Uq1+rVrfylrpMF2uNnqta8vJXLs7HlYdpo3eSjvL2t201sx688lcu9ms1uvJ3I10vdPoJ/V6bam2UL06X7ZeTN64/V7SbSVz43yt098edrqDZCPbSopnzCeLtaXr88nz9eSd1bVk7e2bN1fX3v3wxvu3X1196/Vy0P60ZvPfiWG6nMwtLiwuVusL1cX6/PFZ//1pTXD98ER8kgT42+z/gWmw/z+4/5+1/z+W+9/jvn54Ij5JAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcW9+f/PrNvHGhOP9/2f9U2fVMRFyJiMsRcSki/niImTh1oObFiKiU7YeNP/mXOXxbibzC+Dmz5XE2IlbK47en/+l3AQAAAP67vvzu088iZsbN/Mcr054Qh6n80ub0pOrlX/n8b1LVLubFdidU7dJ+yYm4HBEnL/w0oWpXIuLEuY8mVO2RzByI0w9EpYgThzkbAADgcBzcCUxs9wYAAMCR88W0J8B05Ndry7/FL68FzxZRXhA8c+AMAAAA+BeqTHsCAAAAwCN73P/Vzff/k77/3w/u/wcAAABHSnH/PwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiTnbvHURuI4gD+wHHIp4IiPq5CFaWk4BA5QsocILlNOs4QCXEO0uUIEawYzxZeUazWY7yLfj/JvBkL/jygGg8yAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQp7/1dv17//NX15zjqZsynwYAAAC45FBv12kwbebv8/mP+dTniFhGxCIi5hFxae1exetW5iwiRnl86fn1gx7+RKSE82sm+XgXEV/z8f9T398CAAAA3K79brWJqM7D9PBl6Ia4pnzR5k2pvHTJ51WptFkK+1EobX4fWcQiIurpv0Jpy4gYf/hWKO1Rqlxav32ajJoyvmY3AADAdVStUmz1BgAAwLPzfegGGEbar83/xc97wZOm5G3Bt60ZAAAA8AKNhm4AAAAA6F1a/7v/HwAAANy25v5/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9OlQb9f73WrTNed46uZJbzru2jUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA3LE/LycQAmEQBnvXd06D+YclDRqDB6tA+PgbDwMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAt/zuL/8npsaZZO61sfQ8kqydGlunxt65cfSH8fZrAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuNifuxMIgSAIg33nf06L+YclDRqDCFWw8DHDPCwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB80e9++T8xNc4kc6eNpeORZO2qsXXV2HvQOHow3v4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwMUOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUVduBAAAAAAADI/7URqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrADBwIAAAAAQP6vjVBVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVWFHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwIAAAAAAA5P/aCFVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVXYgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCAAAAAAA+b82QlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVRX25942YSCM4/DrS6LEbTJCeiuBGWioEIzAh4RkyTMwAAvRUNFaLAIrgATnms4UPE/z/xVX3AsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMBrujx88RYRRaQuU6Tx5uf0HhEfkbZtO/q8ZbE7H5uve872h0nO75j+lhFRRtHHOQAAvau6zbFa18u/vP95B3mHeat5Uy+e+WkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4sm/3rE19YQDAnzQvbf+d/ouDLoJCu2hMfUuhq1ARxMXBsbSxFFMtbQVbXOo3EPwC7jp19TO4OzjoJEgHFRFclDQ37SkGjIr3hvr7wbn3uYfce87JEHjucwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAL9ndjoleXIqI45WDuOPVh4cL/c7vP7081mu3XlRW02d2HlGNiNvL7da5HNcy7NY3t+7Mt9uttb8YjOY4lqDIIGIopiFIgij/3u0F/zABAHDkVLPWyevfVHfmOn2l2YhvTw/n/5NJHAPm/1+ePbqajpXm/43cVjj86hsrq/X1za0zyyvzS62l1t3GzMyFi83Ll6Yb9b13JXVvTAAAAPgztayl+f/I7I/1//+SOAbM/+9fu3Gi0zeW3VOW//d1UPQreiYAAAD/tv9Pfv5Y6tNfqtXiwfzGxlqje9y/nu4eC5jqz908fDmatTT/L88WNDcAAAAgV7vbpYmI2OldL2bnvvX/qYP70vr/6yeV6+kzyxExntX/zy7cay/mspLhl8efkIteIwAAAMUaz1pa/6/u7f+v7H9mJCKmTnXjXu8g+/8nTz9/l46V7v8/n9sKh9NIs/t97J2bEZVm0TMCAADgKBvLWif/f1vdmVv7+vhKzf5/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDv7Ng9SsRAFADgZGejlbgg2Nh4AtHOasFC8B6iIHgEr+AdvIP3SClaWssWYmErb5LRZZsFi8Sf74PJewlD5mWqvAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFhrcfKVp7jMunzSP3t8vTmP+LQSw8tbuxsj8nrIon+h+njsCgAAAPgPUunvq6p6bu7PIk7muf9vypzo+e+2urz086t9f4ml94+xlx7ePxeadevESy+vri8OB/vCn2977Yxp3vl89pLKIczOosn7Wd+27elGTjcHKBYA+JaDEvuk/A9FPBqzMAD+sv3lm2k/qqX+P81HqQsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABgUB8BAAD//9U+a/k=")
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x5, 0x4, 0xfff, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000040)='kfree\x00', r1}, 0x5e)
r2 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)

00:43:26 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
r2 = syz_open_dev$usbfs(&(0x7f0000000000), 0x200, 0x0)
r3 = dup(r2)
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f00000007c0)=@usbdevfs_connect={0x1})

00:43:26 executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00'}, 0x10)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000030"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

00:43:26 executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000580)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b000111000000090400000195699b0009058b", @ANYRES32], 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002a20702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000008385000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000016c0)={0x84, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

00:43:26 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x0, 0x5}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r4 = dup(r3)
write$FUSE_BMAP(r4, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r5, 0x0, 0x2)

00:43:26 executing program 4:
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x203, 0x8401)
ioctl$USBDEVFS_DROP_PRIVILEGES(r0, 0x4004551e, 0x0)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x5514, 0x0)

00:43:26 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x5, 0x2, 0x7, 0x102, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r0}, 0x38)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='ext4_discard_preallocations\x00', r2}, 0x10)
write$cgroup_int(r1, &(0x7f0000000100), 0x1001)
ioctl$SIOCSIFHWADDR(r1, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}})

00:43:26 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x5, 0x8, 0x1}, 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000940)={r0, &(0x7f0000000780)="d9", &(0x7f0000000900)=@udp}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = memfd_create(&(0x7f0000000580)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\x91\xfdy\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7U\x00\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0`\xaa8\xc7\xc8\x9d\xfdA\b\x10\x92(c\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n\x8f~\xd0\xe2y-l\xef_\xb0\x93=\xabQ\xf7 \x1d\xa1\xce\x8b\xac \xe8\x88\xdc\x02\xd7\x04\x9b\x9aL\x9f([4\x81\xf6\xb6\xdf\x16J\xab\xecC\xfe{\xfd\x8a\xa3Eo\tCv\xad\x18\xe9\xd8]B6{\xf0(\xaeW;)\x9f\x9cR\xae\x12G\xd8\xa4\a\x00\x00\x00\x00\x00\x00\x00\x94\xb6\xe8\x885\x92#\x8dE \x86[N\xa7\xd03\xa8\xb4,\x85p\xbd\x88\x02\x1d\xf3\xd5X\xa0\xa9M\xca\xc7\x8b\x8cu\xf0\x00\x00\x00\x00\x00i\xc7\xe7\xbc\xd2\x1e\xf99|\x93\xc7\x7flk\xd2\xa0\xe9\x99`\xff\xf6\xfb\xc4\x9a[\x05\\\x96<\x92\xea}\xec\xac\x17\x9f7\xc0\xa1P\xd0\xf2\x8f\xdc\xf2\xb0\vV\xf7%4_\xba\x81\x95cLW\xfcw\xe0\x97wS\x15\xe4F\xb3\x8a\x9f\b\f\x10z\x14>\x03\xf9\xb0\x95\xbd\xaaF\x02\x86.\xbf\x85\xcfo)G\xb1m\xa8\x01H\x1fO\x9d\x9a\x1b\xfd\xaaf\x96\x92\x96\x1b\xfd\x8e\x10\x8a\x9e:\xa5\x14\xb0`\x82\xd8k\xfd\xd2XNh\xd3\xa3\x03\xb1\x10d)\x11.\xe8~\x8c\x19x\x8f\x82Y\xb9\xc8W\xd1\xa8\xa6b9\xbc\x1a\xff\xc5\xdcObsvRc\x13gb\xa4\x0e~\xbb\r\xb7!\x19\x17\xd56\xec\xb5\xe3\xd2\xa3\x17i\x1c?\xcb\x85\xbe\x13\xa13\x05\x8c\xa6Z\x87\xe0\x91]Bp\xd1\xabg\xd9p\xa9)n\xc5t\x8a\xcb\x1e\xec\x92\xdco\xc1\xe2\x12\xd3\xd1\x19\b&%\xf8a&9\x1b?\f\xd8\xa8\x1a\xc8q\x17\xc2]N\x9c\x80\xb1\x13\xb3\xd6\x01\xad\xc26\x13\x93\xd0\x80$\xc8\x05\x91\x9b\xa8\x02\xc3\x87\xc9\x86^\xb8\x7f\xec\\n\x05\xbf\xd7\x15\xce\xff\x00\xe7\xd9\xc5\r\x00\x02\x00\x00\x00\x00\x00\x00\x15\xd2\xd4~\x88\x19der\xa9B\x91m=\xcd\xf7\x9f\xaa\xe7\x9f\x11\x19\xf8\xe6\x16\x7f\xa8W\xf3\xbf\xcbq\x9d\x14#\xb0}\xb4#\x10\xa3\xc8\xff\xc3\x06\xe9^7\x86\x85\xd4:\x8dQd&E\xf4F\xc7l&\x19\xe6\x95\xec\xa1\n\x9cx\x8d\xf2\xec|\xccYR\xaeZ\xd2\x84\xed0\x00\x00\x00\x00\x00\x00\x00', 0x0)
r3 = dup(r2)
pwritev2(r3, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:26 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
syz_open_dev$usbfs(&(0x7f0000000000), 0x200, 0x102)
r2 = dup(0xffffffffffffffff)
ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f00000007c0)=@usbdevfs_connect={0x1})

00:43:26 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000007000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:26 executing program 2:
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00'}, 0x10)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000030"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

00:43:26 executing program 4:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
ioctl$KDSIGACCEPT(r1, 0x5607, 0x38)

00:43:26 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x0, 0x5}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r4 = dup(r3)
write$FUSE_BMAP(r4, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r5, 0x0, 0x2)

00:43:26 executing program 2:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:26 executing program 4:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000280)='task_newtask\x00', r1}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:26 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000940)={0xffffffffffffffff, &(0x7f0000000780)="d9", &(0x7f0000000900)=@udp=r0}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = memfd_create(&(0x7f0000000580)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\x91\xfdy\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7U\x00\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0`\xaa8\xc7\xc8\x9d\xfdA\b\x10\x92(c\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n\x8f~\xd0\xe2y-l\xef_\xb0\x93=\xabQ\xf7 \x1d\xa1\xce\x8b\xac \xe8\x88\xdc\x02\xd7\x04\x9b\x9aL\x9f([4\x81\xf6\xb6\xdf\x16J\xab\xecC\xfe{\xfd\x8a\xa3Eo\tCv\xad\x18\xe9\xd8]B6{\xf0(\xaeW;)\x9f\x9cR\xae\x12G\xd8\xa4\a\x00\x00\x00\x00\x00\x00\x00\x94\xb6\xe8\x885\x92#\x8dE \x86[N\xa7\xd03\xa8\xb4,\x85p\xbd\x88\x02\x1d\xf3\xd5X\xa0\xa9M\xca\xc7\x8b\x8cu\xf0\x00\x00\x00\x00\x00i\xc7\xe7\xbc\xd2\x1e\xf99|\x93\xc7\x7flk\xd2\xa0\xe9\x99`\xff\xf6\xfb\xc4\x9a[\x05\\\x96<\x92\xea}\xec\xac\x17\x9f7\xc0\xa1P\xd0\xf2\x8f\xdc\xf2\xb0\vV\xf7%4_\xba\x81\x95cLW\xfcw\xe0\x97wS\x15\xe4F\xb3\x8a\x9f\b\f\x10z\x14>\x03\xf9\xb0\x95\xbd\xaaF\x02\x86.\xbf\x85\xcfo)G\xb1m\xa8\x01H\x1fO\x9d\x9a\x1b\xfd\xaaf\x96\x92\x96\x1b\xfd\x8e\x10\x8a\x9e:\xa5\x14\xb0`\x82\xd8k\xfd\xd2XNh\xd3\xa3\x03\xb1\x10d)\x11.\xe8~\x8c\x19x\x8f\x82Y\xb9\xc8W\xd1\xa8\xa6b9\xbc\x1a\xff\xc5\xdcObsvRc\x13gb\xa4\x0e~\xbb\r\xb7!\x19\x17\xd56\xec\xb5\xe3\xd2\xa3\x17i\x1c?\xcb\x85\xbe\x13\xa13\x05\x8c\xa6Z\x87\xe0\x91]Bp\xd1\xabg\xd9p\xa9)n\xc5t\x8a\xcb\x1e\xec\x92\xdco\xc1\xe2\x12\xd3\xd1\x19\b&%\xf8a&9\x1b?\f\xd8\xa8\x1a\xc8q\x17\xc2]N\x9c\x80\xb1\x13\xb3\xd6\x01\xad\xc26\x13\x93\xd0\x80$\xc8\x05\x91\x9b\xa8\x02\xc3\x87\xc9\x86^\xb8\x7f\xec\\n\x05\xbf\xd7\x15\xce\xff\x00\xe7\xd9\xc5\r\x00\x02\x00\x00\x00\x00\x00\x00\x15\xd2\xd4~\x88\x19der\xa9B\x91m=\xcd\xf7\x9f\xaa\xe7\x9f\x11\x19\xf8\xe6\x16\x7f\xa8W\xf3\xbf\xcbq\x9d\x14#\xb0}\xb4#\x10\xa3\xc8\xff\xc3\x06\xe9^7\x86\x85\xd4:\x8dQd&E\xf4F\xc7l&\x19\xe6\x95\xec\xa1\n\x9cx\x8d\xf2\xec|\xccYR\xaeZ\xd2\x84\xed0\x00\x00\x00\x00\x00\x00\x00', 0x0)
r3 = dup(r2)
pwritev2(r3, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:26 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
syz_open_dev$usbfs(&(0x7f0000000000), 0x200, 0x102)
r2 = dup(0xffffffffffffffff)
ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f00000007c0)=@usbdevfs_connect={0x1})

00:43:26 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
read$char_usb(r1, 0x0, 0x0)

00:43:26 executing program 2:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
finit_module(r1, 0x0, 0x0)

00:43:26 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r4 = dup(r3)
write$FUSE_BMAP(r4, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r5, 0x0, 0x2)

[  836.186319][   T20] usb 1-1: new high-speed USB device number 27 using dummy_hcd
00:43:26 executing program 2:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r2}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
ioctl$KDSIGACCEPT(r1, 0x5607, 0x38)

00:43:26 executing program 4:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

[  836.228966][T29585] Invalid ELF header magic: != ELF
00:43:26 executing program 4:
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x203, 0x8401)
ioctl$USBDEVFS_DROP_PRIVILEGES(r0, 0x4004551e, &(0x7f0000000340))
ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x5514, 0x0)

00:43:26 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
syz_open_dev$usbfs(&(0x7f0000000000), 0x200, 0x102)
r2 = dup(0xffffffffffffffff)
ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f00000007c0)=@usbdevfs_connect={0x1})

00:43:27 executing program 2:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000940)={0xffffffffffffffff, &(0x7f0000000780)="d9", &(0x7f0000000900)=@udp=r0}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = memfd_create(&(0x7f0000000580)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\x91\xfdy\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7U\x00\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0`\xaa8\xc7\xc8\x9d\xfdA\b\x10\x92(c\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n\x8f~\xd0\xe2y-l\xef_\xb0\x93=\xabQ\xf7 \x1d\xa1\xce\x8b\xac \xe8\x88\xdc\x02\xd7\x04\x9b\x9aL\x9f([4\x81\xf6\xb6\xdf\x16J\xab\xecC\xfe{\xfd\x8a\xa3Eo\tCv\xad\x18\xe9\xd8]B6{\xf0(\xaeW;)\x9f\x9cR\xae\x12G\xd8\xa4\a\x00\x00\x00\x00\x00\x00\x00\x94\xb6\xe8\x885\x92#\x8dE \x86[N\xa7\xd03\xa8\xb4,\x85p\xbd\x88\x02\x1d\xf3\xd5X\xa0\xa9M\xca\xc7\x8b\x8cu\xf0\x00\x00\x00\x00\x00i\xc7\xe7\xbc\xd2\x1e\xf99|\x93\xc7\x7flk\xd2\xa0\xe9\x99`\xff\xf6\xfb\xc4\x9a[\x05\\\x96<\x92\xea}\xec\xac\x17\x9f7\xc0\xa1P\xd0\xf2\x8f\xdc\xf2\xb0\vV\xf7%4_\xba\x81\x95cLW\xfcw\xe0\x97wS\x15\xe4F\xb3\x8a\x9f\b\f\x10z\x14>\x03\xf9\xb0\x95\xbd\xaaF\x02\x86.\xbf\x85\xcfo)G\xb1m\xa8\x01H\x1fO\x9d\x9a\x1b\xfd\xaaf\x96\x92\x96\x1b\xfd\x8e\x10\x8a\x9e:\xa5\x14\xb0`\x82\xd8k\xfd\xd2XNh\xd3\xa3\x03\xb1\x10d)\x11.\xe8~\x8c\x19x\x8f\x82Y\xb9\xc8W\xd1\xa8\xa6b9\xbc\x1a\xff\xc5\xdcObsvRc\x13gb\xa4\x0e~\xbb\r\xb7!\x19\x17\xd56\xec\xb5\xe3\xd2\xa3\x17i\x1c?\xcb\x85\xbe\x13\xa13\x05\x8c\xa6Z\x87\xe0\x91]Bp\xd1\xabg\xd9p\xa9)n\xc5t\x8a\xcb\x1e\xec\x92\xdco\xc1\xe2\x12\xd3\xd1\x19\b&%\xf8a&9\x1b?\f\xd8\xa8\x1a\xc8q\x17\xc2]N\x9c\x80\xb1\x13\xb3\xd6\x01\xad\xc26\x13\x93\xd0\x80$\xc8\x05\x91\x9b\xa8\x02\xc3\x87\xc9\x86^\xb8\x7f\xec\\n\x05\xbf\xd7\x15\xce\xff\x00\xe7\xd9\xc5\r\x00\x02\x00\x00\x00\x00\x00\x00\x15\xd2\xd4~\x88\x19der\xa9B\x91m=\xcd\xf7\x9f\xaa\xe7\x9f\x11\x19\xf8\xe6\x16\x7f\xa8W\xf3\xbf\xcbq\x9d\x14#\xb0}\xb4#\x10\xa3\xc8\xff\xc3\x06\xe9^7\x86\x85\xd4:\x8dQd&E\xf4F\xc7l&\x19\xe6\x95\xec\xa1\n\x9cx\x8d\xf2\xec|\xccYR\xaeZ\xd2\x84\xed0\x00\x00\x00\x00\x00\x00\x00', 0x0)
r3 = dup(r2)
pwritev2(r3, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:27 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff, 0x7}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000200), &(0x7f0000000280)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10)
r2 = syz_open_dev$usbfs(&(0x7f0000000040), 0x76, 0x141201)
ioctl$USBDEVFS_REAPURB(r2, 0x4008550c, 0x0)

[  836.586418][   T20] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11
[  836.602956][   T20] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024
[  836.625998][   T20] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
00:43:27 executing program 3:
r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_service_time\x00', 0x275a, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1c916, &(0x7f0000000180)=ANY=[@ANYBLOB='nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=', @ANYRESHEX=0xee01, @ANYBLOB=',jqfmt=vfsold,noauto_da_alloc,resgid=', @ANYRESDEC=r1, @ANYBLOB="3200ff97274c68d17b7c16f8461797323c26897387cd742fcba8abebd00606fa2ce467cd74", @ANYRES32=r0], 0x1b, 0x4da, &(0x7f0000000a40)="$eJzs3d1rW+cZAPDnHFtZPpzZYbvIAsvCkmGHLZIdL4kZLNtgbFeBbdnF7jLPlo2xbBlLTmITNof9AYMR2kKvetWbQv+AQsldb0tLoL0vbWkpbdJe9KKNir7SxJH8QWQrWL8fHOs9H/LzvBJ6dd73vOgE0LNORcT5iHhYqVTORsRgY3vaWO4eiYj1+nEP7t+aqi5JVCpXP08iaWyrHj/y2P9sPCUORsTf/hzxr+TpuKXVtfnJQiG/3FjPlReWcqXVtXNzC5Oz+dn84vj42MWJSxMXJkY7Us+BiLj8x49f+N+rf7r85q9ufHDt05F/V9P6bWN/sx6dVq96pvZaNPVHxPJuBOuCvkZ9Mt1OBACAbWme5/88Is7GYPTVzuYAAACA/aTyu4H4JomoAAAAAPtWWpsbm6TZxjyAgUjTbLY+h/fHcTgtFEvlX84UVxan63NohyKTzswV8qONucJDkUmq62O18vfr5zesj0fEsYi4M3iotp6dKhamuz34AQAAAD3iyIb+/1eD9f4/AAAAsM8MdTsBAAAAYNfp/wMAAMD+16L//49u5AEAAADsir9cuVJdKs37X09fX12ZL14/N50vzWcXVqayU8XlpexssThb+82+ha3+X6FYXPp1LK7czJXzpXKutLp2baG4sli+NvfELbABAACAPXTsZ3ffTyJi/TeHakvVgW4nBeyJ/p0c/NHu5QHsvb5uJwB0zY6+/4F9JdPtBICuS7bY33byztudzwUAANgdwz9pff0/2XJsYD3doxSBXWL8D3qX6//Qu1z/h96Vib7QkYfetvvX/yuVHSUEAAB03EBtSdJsRG0cYCDSNJuNOFq7LUAmmZkr5Ecj4ocR8d5g5gfV9bHaM5Mt+wwAAAAAAAAAAAAAAAAAAAAAAAAAQF2lkkQFAAAA2Nci0k+Sxv2/hgfPDGwcHziQfD1Ye4yIGy9fffHmZLm8PFbd/sWj7eWXGtvPd2MEAwAAANio2U9v9uMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJMe3L811Vz2Mu5nf4iIoVbx++Ng7fFgZCLi8JdJ9D/2vCQi+joQf/12RBxvFT+pphVDjSxaxT/UxfhpRBzpQHzoZXer7c/vW33+0jhVe2z9+btYa6GeXfv2L33U/vW1aX+ObjPGiXuv59rGvx1xor91+9OMn7SJf3qb8f/597W1dvsqr0QMt/z+SZ6IlSsvLOVKq2vn5hYmZ/Oz+cXx8bGLE5cmLkyM5mbmCvnG3xYRDsT/f/rGw83qfzjutG1/N6v/mW3W/9t7N+//qF7MtIo/crr1+3+8Tfy08d33i0a5un+4WV6vlx938rV3Tka8+1a7+k+3ef23ev9Htln/s3/974fbPBQA2AOl1bX5yUIhv9zThWd6NaqnRc9FLRR2WvjP85HGc1nobrsEAAB03tN94Cd14ho7AAAAAAAAAAAAAAAAAAAAsLm9/HW9pvXuVBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYFPfBQAA//9z7Ner")
r2 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)

00:43:27 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
finit_module(r1, 0x0, 0x0)

[  836.643591][   T20] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  836.663872][T29548] loop1: detected capacity change from 0 to 131072
[  836.680523][T29602] Invalid ELF header magic: != ELF
[  836.686084][T29604] loop3: detected capacity change from 0 to 512
00:43:27 executing program 4:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:27 executing program 4:
r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x203, 0x8401)
ioctl$USBDEVFS_DROP_PRIVILEGES(r0, 0x4004551e, &(0x7f0000000340))
ioctl$USBDEVFS_DISCONNECT_CLAIM(0xffffffffffffffff, 0x5514, 0x0)

[  836.686397][T29552] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
00:43:27 executing program 4:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r2}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
ioctl$KDSIGACCEPT(r1, 0x5607, 0x38)

[  836.718183][T29548] F2FS-fs (loop1): invalid crc value
[  836.726730][T29604] EXT4-fs (loop3): Quota format mount options ignored when QUOTA feature is enabled
[  836.736234][T29604] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
[  836.744517][T29548] F2FS-fs (loop1): Found nat_bits in checkpoint
[  836.767537][T29604] [EXT4 FS bs=4096, gc=1, bpg=3008, ipg=32, mo=4015e018, mo2=0000]
[  836.772605][T29548] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[  836.782702][T29604] EXT4-fs (loop3): 1 truncate cleaned up
[  836.789908][T29604] EXT4-fs (loop3): mounted filesystem without journal. Opts: nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=0x000000000000ee01,jqfmt=vfsold,noauto_da_alloc,resgid=000000000000000000032,errors=continue. Quota mode: writeback.
00:43:27 executing program 1:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000940)={0xffffffffffffffff, &(0x7f0000000780)="d9", &(0x7f0000000900)=@udp=r0}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = memfd_create(&(0x7f0000000580)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\x91\xfdy\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7U\x00\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0`\xaa8\xc7\xc8\x9d\xfdA\b\x10\x92(c\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n\x8f~\xd0\xe2y-l\xef_\xb0\x93=\xabQ\xf7 \x1d\xa1\xce\x8b\xac \xe8\x88\xdc\x02\xd7\x04\x9b\x9aL\x9f([4\x81\xf6\xb6\xdf\x16J\xab\xecC\xfe{\xfd\x8a\xa3Eo\tCv\xad\x18\xe9\xd8]B6{\xf0(\xaeW;)\x9f\x9cR\xae\x12G\xd8\xa4\a\x00\x00\x00\x00\x00\x00\x00\x94\xb6\xe8\x885\x92#\x8dE \x86[N\xa7\xd03\xa8\xb4,\x85p\xbd\x88\x02\x1d\xf3\xd5X\xa0\xa9M\xca\xc7\x8b\x8cu\xf0\x00\x00\x00\x00\x00i\xc7\xe7\xbc\xd2\x1e\xf99|\x93\xc7\x7flk\xd2\xa0\xe9\x99`\xff\xf6\xfb\xc4\x9a[\x05\\\x96<\x92\xea}\xec\xac\x17\x9f7\xc0\xa1P\xd0\xf2\x8f\xdc\xf2\xb0\vV\xf7%4_\xba\x81\x95cLW\xfcw\xe0\x97wS\x15\xe4F\xb3\x8a\x9f\b\f\x10z\x14>\x03\xf9\xb0\x95\xbd\xaaF\x02\x86.\xbf\x85\xcfo)G\xb1m\xa8\x01H\x1fO\x9d\x9a\x1b\xfd\xaaf\x96\x92\x96\x1b\xfd\x8e\x10\x8a\x9e:\xa5\x14\xb0`\x82\xd8k\xfd\xd2XNh\xd3\xa3\x03\xb1\x10d)\x11.\xe8~\x8c\x19x\x8f\x82Y\xb9\xc8W\xd1\xa8\xa6b9\xbc\x1a\xff\xc5\xdcObsvRc\x13gb\xa4\x0e~\xbb\r\xb7!\x19\x17\xd56\xec\xb5\xe3\xd2\xa3\x17i\x1c?\xcb\x85\xbe\x13\xa13\x05\x8c\xa6Z\x87\xe0\x91]Bp\xd1\xabg\xd9p\xa9)n\xc5t\x8a\xcb\x1e\xec\x92\xdco\xc1\xe2\x12\xd3\xd1\x19\b&%\xf8a&9\x1b?\f\xd8\xa8\x1a\xc8q\x17\xc2]N\x9c\x80\xb1\x13\xb3\xd6\x01\xad\xc26\x13\x93\xd0\x80$\xc8\x05\x91\x9b\xa8\x02\xc3\x87\xc9\x86^\xb8\x7f\xec\\n\x05\xbf\xd7\x15\xce\xff\x00\xe7\xd9\xc5\r\x00\x02\x00\x00\x00\x00\x00\x00\x15\xd2\xd4~\x88\x19der\xa9B\x91m=\xcd\xf7\x9f\xaa\xe7\x9f\x11\x19\xf8\xe6\x16\x7f\xa8W\xf3\xbf\xcbq\x9d\x14#\xb0}\xb4#\x10\xa3\xc8\xff\xc3\x06\xe9^7\x86\x85\xd4:\x8dQd&E\xf4F\xc7l&\x19\xe6\x95\xec\xa1\n\x9cx\x8d\xf2\xec|\xccYR\xaeZ\xd2\x84\xed0\x00\x00\x00\x00\x00\x00\x00', 0x0)
r3 = dup(r2)
pwritev2(r3, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:27 executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x2, 0x4, 0x7fe2, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, 0x0, 0x0)

00:43:27 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
r2 = syz_open_dev$usbfs(&(0x7f0000000000), 0x200, 0x102)
dup(r2)
ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, &(0x7f00000007c0)=@usbdevfs_connect={0x1})

00:43:27 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r4 = dup(r3)
write$FUSE_BMAP(r4, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r5, 0x0, 0x2)

[  836.813371][  T351] Quota error (device loop3): free_dqentry: Quota structure has offset to other block (1) than it should (5)
[  836.824283][T29604] EXT4-fs (loop3): re-mounted. Opts: (null). Quota mode: writeback.
[  837.616340][   T20] aiptek 1-1:17.0: Aiptek using 400 ms programming speed
[  837.627141][   T20] input: Aiptek as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:17.0/input/input362
[  837.818471][  T329] usb 1-1: USB disconnect, device number 27
00:43:29 executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

00:43:29 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0x8, 0x8}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='tlb_flush\x00', r2}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:29 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000007000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:29 executing program 1:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r2}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
ioctl$KDSIGACCEPT(r1, 0x5607, 0x38)

00:43:29 executing program 2:
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffffffffffff00000000", @ANYRES32, @ANYBLOB="0400ffff7a"], 0x3c}}, 0x0)
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000040)=ANY=[@ANYBLOB="c0060000006b094f0000ad99fd0081000500000000050080"], 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

00:43:29 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
r2 = syz_open_dev$usbfs(&(0x7f0000000000), 0x200, 0x102)
dup(r2)
ioctl$USBDEVFS_IOCTL(0xffffffffffffffff, 0xc0105512, &(0x7f00000007c0)=@usbdevfs_connect={0x1})

00:43:29 executing program 0:
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff}, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = dup3(r1, r0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r3}, 0x10)
write$FUSE_BMAP(r2, 0x0, 0x0)

00:43:29 executing program 0:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000280)='task_newtask\x00', r1}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:29 executing program 3:
syz_emit_ethernet(0x3b6, &(0x7f0000000800)={@local, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x380, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x0, 0xa, "a78ce54006598080a8030037004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af2502"}, {0x0, 0x1, "000000050000000026000400"}, {0x0, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf2915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0x1d, "06aa85616177c41bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee96f24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000"}, {0x1f, 0xb, "17dcea46805d4809c20547406b18901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2e9ac946a3f0e2bc4619f91394c02bcfbbb7d71138537d68e2d2c6393a9f3becd1a9f51a948b5b303f4f019"}, {0x21, 0x7, "b8a3e100908f61640000000200fe80ffff00000000000000ff0bc0fe00000000008879e66485201a0015c883747357a027450004000000"}, {0x0, 0x14, "5e14f0e74d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d18065daa7628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808288e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c676d8800871a6aa54155dea2d995cb22c9924e0ad38c6967052cc7786d779b8353aac33a57d79b05613a12328f61129017fb632dbf04542188b196e213408c"}, {0x0, 0x5, "d5170000dce9674a36da018dff16e70b8b14c4b7a94fe18e88605aa6be1a02a326a6bce65f81ed"}]}}}}}}, 0x0)

00:43:29 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff, 0x7}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000200), &(0x7f0000000280)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10)
ioctl$USBDEVFS_REAPURB(0xffffffffffffffff, 0x4008550c, 0x0)
ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f0000000080)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000000), 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

00:43:29 executing program 1:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
finit_module(r1, 0x0, 0x0)

00:43:29 executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000007000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:29 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000030"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

00:43:29 executing program 0:
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff}, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = dup3(r1, r0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r3}, 0x10)
write$FUSE_BMAP(r2, 0x0, 0x0)

00:43:29 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0x8, 0x8}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='tlb_flush\x00', r2}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:29 executing program 1:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000700000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_service_time\x00', 0x275a, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1c916, &(0x7f0000000180)=ANY=[@ANYBLOB='nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=', @ANYRESHEX=0xee01, @ANYBLOB=',jqfmt=vfsold,noauto_da_alloc,resgid=', @ANYRESDEC=r1, @ANYBLOB="3200ff97274c68d17b7c16f8461797323c26897387cd742fcba8abebd00606fa2ce467cd74", @ANYRES32=r0], 0x1b, 0x4da, &(0x7f0000000a40)="$eJzs3d1rW+cZAPDnHFtZPpzZYbvIAsvCkmGHLZIdL4kZLNtgbFeBbdnF7jLPlo2xbBlLTmITNof9AYMR2kKvetWbQv+AQsldb0tLoL0vbWkpbdJe9KKNir7SxJH8QWQrWL8fHOs9H/LzvBJ6dd73vOgE0LNORcT5iHhYqVTORsRgY3vaWO4eiYj1+nEP7t+aqi5JVCpXP08iaWyrHj/y2P9sPCUORsTf/hzxr+TpuKXVtfnJQiG/3FjPlReWcqXVtXNzC5Oz+dn84vj42MWJSxMXJkY7Us+BiLj8x49f+N+rf7r85q9ufHDt05F/V9P6bWN/sx6dVq96pvZaNPVHxPJuBOuCvkZ9Mt1OBACAbWme5/88Is7GYPTVzuYAAACA/aTyu4H4JomoAAAAAPtWWpsbm6TZxjyAgUjTbLY+h/fHcTgtFEvlX84UVxan63NohyKTzswV8qONucJDkUmq62O18vfr5zesj0fEsYi4M3iotp6dKhamuz34AQAAAD3iyIb+/1eD9f4/AAAAsM8MdTsBAAAAYNfp/wMAAMD+16L//49u5AEAAADsir9cuVJdKs37X09fX12ZL14/N50vzWcXVqayU8XlpexssThb+82+ha3+X6FYXPp1LK7czJXzpXKutLp2baG4sli+NvfELbABAACAPXTsZ3ffTyJi/TeHakvVgW4nBeyJ/p0c/NHu5QHsvb5uJwB0zY6+/4F9JdPtBICuS7bY33byztudzwUAANgdwz9pff0/2XJsYD3doxSBXWL8D3qX6//Qu1z/h96Vib7QkYfetvvX/yuVHSUEAAB03EBtSdJsRG0cYCDSNJuNOFq7LUAmmZkr5Ecj4ocR8d5g5gfV9bHaM5Mt+wwAAAAAAAAAAAAAAAAAAAAAAAAAQF2lkkQFAAAA2Nci0k+Sxv2/hgfPDGwcHziQfD1Ye4yIGy9fffHmZLm8PFbd/sWj7eWXGtvPd2MEAwAAANio2U9v9uMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJMe3L811Vz2Mu5nf4iIoVbx++Ng7fFgZCLi8JdJ9D/2vCQi+joQf/12RBxvFT+pphVDjSxaxT/UxfhpRBzpQHzoZXer7c/vW33+0jhVe2z9+btYa6GeXfv2L33U/vW1aX+ObjPGiXuv59rGvx1xor91+9OMn7SJf3qb8f/597W1dvsqr0QMt/z+SZ6IlSsvLOVKq2vn5hYmZ/Oz+cXx8bGLE5cmLkyM5mbmCvnG3xYRDsT/f/rGw83qfzjutG1/N6v/mW3W/9t7N+//qF7MtIo/crr1+3+8Tfy08d33i0a5un+4WV6vlx938rV3Tka8+1a7+k+3ef23ev9Htln/s3/974fbPBQA2AOl1bX5yUIhv9zThWd6NaqnRc9FLRR2WvjP85HGc1nobrsEAAB03tN94Cd14ho7AAAAAAAAAAAAAAAAAAAAsLm9/HW9pvXuVBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYFPfBQAA//9z7Ner")
r2 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)

[  838.428084][T29653] Invalid ELF header magic: != ELF
00:43:29 executing program 0:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
ioctl$KDSIGACCEPT(r1, 0x5607, 0x38)

00:43:29 executing program 3:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:29 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000007000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:29 executing program 2:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000280)='task_newtask\x00', r1}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:29 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000200), &(0x7f0000000280)}, 0x20)
r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x76, 0x141201)
ioctl$USBDEVFS_REAPURB(r1, 0x4008550c, 0x0)
ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000080)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000000), 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

00:43:29 executing program 3:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
finit_module(r1, 0x0, 0x0)

[  838.489723][T29664] loop1: detected capacity change from 0 to 512
00:43:29 executing program 2:
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff}, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = dup3(r1, r0, 0x0)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r3}, 0x10)
write$FUSE_BMAP(r2, 0x0, 0x0)

00:43:29 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000030"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

00:43:29 executing program 2:
openat$binderfs(0xffffffffffffff9c, 0x0, 0x2, 0x0)
r0 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x143ffd, 0x4, 0x1}, 0x48)
bpf$MAP_DELETE_ELEM(0x2, &(0x7f0000000400)={r1, &(0x7f0000000180), 0x20000000}, 0x20)
sendmsg$TIPC_CMD_SET_NETID(0xffffffffffffffff, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x24, r0, 0x400, 0x0, 0x25dfdbfd, {{}, {}, {0x8, 0x2, 0x4}}, ["", "", "", "", ""]}, 0x24}, 0x1, 0x0, 0x0, 0x20048804}, 0x4000041)
r2 = openat$binder_debug(0xffffffffffffff9c, &(0x7f0000001280)='/sys/kernel/debug/binder/state\x00', 0x0, 0x0)
read$hidraw(r2, &(0x7f0000000380)=""/182, 0xb6)
prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r3 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f00000006c0)={'lo\x00', <r4=>0x0})
bind$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @multicast}, 0x14)
r5 = socket$packet(0x11, 0x3, 0x300)
setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000000), 0x8)

00:43:29 executing program 0:
syz_mount_image$ext4(&(0x7f0000000140)='ext4\x00', &(0x7f00000005c0)='./file1\x00', 0x8200, &(0x7f00000001c0)=ANY=[@ANYRES64=0x0, @ANYRES16, @ANYRESHEX], 0x83, 0x5de, &(0x7f0000000bc0)="$eJzs3c9rXNUeAPDvvZPkJW3eS/t4PGxRDLhoQZomtVh11daFXRQs2IWIi4YmqaHTHzQp2FowBRcKCiJuRbrxH3Av3bsTQd25FqpIxYVKR+6de9shnUljmsmd9n4+cCfnnHuTc765ObnnzJ0zE0BtTWYPacSuiDiVREx07BuP9s7J4rjbv147nW1JtFqv/ZJEUpSVx98pvm7PHpKI0Yj45mjEfxv317t05erZ2War7d2I/cvnLu5funJ13+K52TPzZ+bPzxx44eCh6RdnDs5sSpxlXMeOv/rkR++99fzCt819SRyOk8PvzMWqODbLZEzGnSLEzvKhiDiUJbr8Xh41ZQhJxe1gYxrF3+NwRPw/JqKR59omYvHDShsH9FWrEdECairR/6GmynFAObfvxzx4kN060p4A3R//UPu5kRjN50bbbicdM6P2fHfHJtSf1fHXtd2fZVv0eB5iaBPq6WXlekQ80S3+JG/bjvxZnCz+NNKO78vS0xExUrTv5Q3WP7kqv9V/f/8k/s7zkMV/uPialR/dYP1Vxw9APd08UlzIV7LcvetfNjIsxz/RZfwz3uXatRFVX/96j//K6/1o/hx5umoclo3/TnT/kcOrC3784NgnvervHP9lW1Z/ORbcCreuR+xeFf/7+UAvuXv+ky7nPzvk1DrreOW7n4/12ld1/K0bEXu6zn/u3dHKUmvcn9y/sNicn24/dq3jq6/f/KJX/VXHn53/6BH/Wuc/K7u4zjq+PHHjXK994w+MP/1pJDmZp0aKkrdnl5cvzUSMJMeLQzrKD6zdlvKY8mdk8e99pnv/Xyv+sfJf5jpcfP3s7V77HvL832mt88BesvjnNnj+P15nHb+/cfmpXvvWin/sYQIDAAAAAACAGkrze7BJOnU3naZTU+01vP+LbWnzwtLyswsXLp+fi9ibvx5yOC3vdE+080mWnyleD1vmD6zKPxcROyPi08ZYnp86faE5V3XwAAAAAAAAAAAAAAAAAAAAMCC2F+v/y8+p/q3RXv8P1EQ/P2AOGGz6P9RX3v/TqlsBVMH1H+pL/4f60v+hvvR/qC/9H+pL/4f60v+hvvR/AAAAAHgs7Xz65g9JRKy8NJZvmZFi33ClLQP6TR+H+mpU3QCgMndv/Vv+D7WzrvH/H8WbA/a/OUAFkm6F+eCgtXbnv9n1OwEAAAAAAAAAAACAPtizy/p/qCvL/qC+HmL9v7cOgEect/6H+jLHBx60in+01w7r/wEAAAAAAAAAAABgy4znW5JOFWuBxyNNp6Yi/h0RO2I4WVhszk9HxH8i4vvG8L+y/EzVjQYAAAAAAAAAAAAAAAAAAIDHzNKVq2dnm835S52JP+8rebwT5aegDkp7OhORbH2lYxExCLH3JzHUUZJErGRnfiAadmkpBqMZeaLif0wAAAAAAAAAAAAAAAAAAFBDHWuPu9v9+Ra3CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC23r3P/+9fouoYAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBH098BAAD//wX4PNY=")
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000108500000075000000a50000002300000095"], &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10)
r1 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0)
getdents64(r1, &(0x7f0000002ec0)=""/4096, 0x1000)

00:43:29 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000007000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

[  838.539812][T29678] Invalid ELF header magic: != ELF
[  838.551189][T29664] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled
[  838.568253][T29664] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
00:43:29 executing program 3:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:29 executing program 3:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000280)='task_newtask\x00', r1}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

[  838.598126][T29686] loop0: detected capacity change from 0 to 1024
[  838.605048][T29664] [EXT4 FS bs=4096, gc=1, bpg=3008, ipg=32, mo=4015e018, mo2=0000]
[  838.615256][T29664] EXT4-fs (loop1): 1 truncate cleaned up
[  838.621029][T29664] EXT4-fs (loop1): mounted filesystem without journal. Opts: nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=0x000000000000ee01,jqfmt=vfsold,noauto_da_alloc,resgid=000000000000000000032,errors=continue. Quota mode: writeback.
00:43:29 executing program 4:
r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000040), 0x701b00, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
recvfrom$packet(r0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:29 executing program 2:
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff}, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = dup3(r1, r0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00'}, 0x10)
write$FUSE_BMAP(r2, 0x0, 0x0)

00:43:29 executing program 1:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
ioctl$KDSIGACCEPT(r1, 0x5607, 0x38)

00:43:29 executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000200), &(0x7f0000000280)}, 0x20)
r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x76, 0x141201)
ioctl$USBDEVFS_REAPURB(r1, 0x4008550c, 0x0)
ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000080)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000000), 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

00:43:29 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x5, 0x8, 0x1}, 0x48)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000940)={r0, &(0x7f0000000780)="d9", &(0x7f0000000900)=@udp=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000300)='kfree\x00', r2}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = memfd_create(&(0x7f0000000580)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\x91\xfdy\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7U\x00\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0`\xaa8\xc7\xc8\x9d\xfdA\b\x10\x92(c\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n\x8f~\xd0\xe2y-l\xef_\xb0\x93=\xabQ\xf7 \x1d\xa1\xce\x8b\xac \xe8\x88\xdc\x02\xd7\x04\x9b\x9aL\x9f([4\x81\xf6\xb6\xdf\x16J\xab\xecC\xfe{\xfd\x8a\xa3Eo\tCv\xad\x18\xe9\xd8]B6{\xf0(\xaeW;)\x9f\x9cR\xae\x12G\xd8\xa4\a\x00\x00\x00\x00\x00\x00\x00\x94\xb6\xe8\x885\x92#\x8dE \x86[N\xa7\xd03\xa8\xb4,\x85p\xbd\x88\x02\x1d\xf3\xd5X\xa0\xa9M\xca\xc7\x8b\x8cu\xf0\x00\x00\x00\x00\x00i\xc7\xe7\xbc\xd2\x1e\xf99|\x93\xc7\x7flk\xd2\xa0\xe9\x99`\xff\xf6\xfb\xc4\x9a[\x05\\\x96<\x92\xea}\xec\xac\x17\x9f7\xc0\xa1P\xd0\xf2\x8f\xdc\xf2\xb0\vV\xf7%4_\xba\x81\x95cLW\xfcw\xe0\x97wS\x15\xe4F\xb3\x8a\x9f\b\f\x10z\x14>\x03\xf9\xb0\x95\xbd\xaaF\x02\x86.\xbf\x85\xcfo)G\xb1m\xa8\x01H\x1fO\x9d\x9a\x1b\xfd\xaaf\x96\x92\x96\x1b\xfd\x8e\x10\x8a\x9e:\xa5\x14\xb0`\x82\xd8k\xfd\xd2XNh\xd3\xa3\x03\xb1\x10d)\x11.\xe8~\x8c\x19x\x8f\x82Y\xb9\xc8W\xd1\xa8\xa6b9\xbc\x1a\xff\xc5\xdcObsvRc\x13gb\xa4\x0e~\xbb\r\xb7!\x19\x17\xd56\xec\xb5\xe3\xd2\xa3\x17i\x1c?\xcb\x85\xbe\x13\xa13\x05\x8c\xa6Z\x87\xe0\x91]Bp\xd1\xabg\xd9p\xa9)n\xc5t\x8a\xcb\x1e\xec\x92\xdco\xc1\xe2\x12\xd3\xd1\x19\b&%\xf8a&9\x1b?\f\xd8\xa8\x1a\xc8q\x17\xc2]N\x9c\x80\xb1\x13\xb3\xd6\x01\xad\xc26\x13\x93\xd0\x80$\xc8\x05\x91\x9b\xa8\x02\xc3\x87\xc9\x86^\xb8\x7f\xec\\n\x05\xbf\xd7\x15\xce\xff\x00\xe7\xd9\xc5\r\x00\x02\x00\x00\x00\x00\x00\x00\x15\xd2\xd4~\x88\x19der\xa9B\x91m=\xcd\xf7\x9f\xaa\xe7\x9f\x11\x19\xf8\xe6\x16\x7f\xa8W\xf3\xbf\xcbq\x9d\x14#\xb0}\xb4#\x10\xa3\xc8\xff\xc3\x06\xe9^7\x86\x85\xd4:\x8dQd&E\xf4F\xc7l&\x19\xe6\x95\xec\xa1\n\x9cx\x8d\xf2\xec|\xccYR\xaeZ\xd2\x84\xed0\x00\x00\x00\x00\x00\x00\x00', 0x0)
r4 = dup(r3)
pwritev2(r4, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:29 executing program 2:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:29 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000007000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

[  838.644717][  T351] Quota error (device loop1): free_dqentry: Quota structure has offset to other block (1) than it should (5)
[  838.658908][T29664] EXT4-fs (loop1): re-mounted. Opts: (null). Quota mode: writeback.
[  838.681400][T29686] EXT4-fs (loop0): revision level too high, forcing read-only mode
00:43:29 executing program 2:
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x3, 0x0)
sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0)
getsockname$packet(r1, &(0x7f0000000080)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x27)
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x48}}, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=ANY=[@ANYBLOB="3000000024001d0f00"/20, @ANYRES32=r2, @ANYBLOB="0000c8aff1ffffff000000000b000100636c73616374"], 0x30}}, 0x0)

00:43:29 executing program 4:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000700000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_service_time\x00', 0x275a, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1c916, &(0x7f0000000180)=ANY=[@ANYBLOB='nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=', @ANYRESHEX=0xee01, @ANYBLOB=',jqfmt=vfsold,noauto_da_alloc,resgid=', @ANYRESDEC=r1, @ANYBLOB="3200ff97274c68d17b7c16f8461797323c26897387cd742fcba8abebd00606fa2ce467cd74", @ANYRES32=r0], 0x1b, 0x4da, &(0x7f0000000a40)="$eJzs3d1rW+cZAPDnHFtZPpzZYbvIAsvCkmGHLZIdL4kZLNtgbFeBbdnF7jLPlo2xbBlLTmITNof9AYMR2kKvetWbQv+AQsldb0tLoL0vbWkpbdJe9KKNir7SxJH8QWQrWL8fHOs9H/LzvBJ6dd73vOgE0LNORcT5iHhYqVTORsRgY3vaWO4eiYj1+nEP7t+aqi5JVCpXP08iaWyrHj/y2P9sPCUORsTf/hzxr+TpuKXVtfnJQiG/3FjPlReWcqXVtXNzC5Oz+dn84vj42MWJSxMXJkY7Us+BiLj8x49f+N+rf7r85q9ufHDt05F/V9P6bWN/sx6dVq96pvZaNPVHxPJuBOuCvkZ9Mt1OBACAbWme5/88Is7GYPTVzuYAAACA/aTyu4H4JomoAAAAAPtWWpsbm6TZxjyAgUjTbLY+h/fHcTgtFEvlX84UVxan63NohyKTzswV8qONucJDkUmq62O18vfr5zesj0fEsYi4M3iotp6dKhamuz34AQAAAD3iyIb+/1eD9f4/AAAAsM8MdTsBAAAAYNfp/wMAAMD+16L//49u5AEAAADsir9cuVJdKs37X09fX12ZL14/N50vzWcXVqayU8XlpexssThb+82+ha3+X6FYXPp1LK7czJXzpXKutLp2baG4sli+NvfELbABAACAPXTsZ3ffTyJi/TeHakvVgW4nBeyJ/p0c/NHu5QHsvb5uJwB0zY6+/4F9JdPtBICuS7bY33byztudzwUAANgdwz9pff0/2XJsYD3doxSBXWL8D3qX6//Qu1z/h96Vib7QkYfetvvX/yuVHSUEAAB03EBtSdJsRG0cYCDSNJuNOFq7LUAmmZkr5Ecj4ocR8d5g5gfV9bHaM5Mt+wwAAAAAAAAAAAAAAAAAAAAAAAAAQF2lkkQFAAAA2Nci0k+Sxv2/hgfPDGwcHziQfD1Ye4yIGy9fffHmZLm8PFbd/sWj7eWXGtvPd2MEAwAAANio2U9v9uMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJMe3L811Vz2Mu5nf4iIoVbx++Ng7fFgZCLi8JdJ9D/2vCQi+joQf/12RBxvFT+pphVDjSxaxT/UxfhpRBzpQHzoZXer7c/vW33+0jhVe2z9+btYa6GeXfv2L33U/vW1aX+ObjPGiXuv59rGvx1xor91+9OMn7SJf3qb8f/597W1dvsqr0QMt/z+SZ6IlSsvLOVKq2vn5hYmZ/Oz+cXx8bGLE5cmLkyM5mbmCvnG3xYRDsT/f/rGw83qfzjutG1/N6v/mW3W/9t7N+//qF7MtIo/crr1+3+8Tfy08d33i0a5un+4WV6vlx938rV3Tka8+1a7+k+3ef23ev9Htln/s3/974fbPBQA2AOl1bX5yUIhv9zThWd6NaqnRc9FLRR2WvjP85HGc1nobrsEAAB03tN94Cd14ho7AAAAAAAAAAAAAAAAAAAAsLm9/HW9pvXuVBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYFPfBQAA//9z7Ner")
r2 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)

00:43:29 executing program 2:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

[  838.739138][T29686] EXT4-fs (loop0): orphan cleanup on readonly fs
[  838.745939][T29686] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor.0: bg 0: block 10: padding at end of block bitmap is not set
[  838.763741][T29686] Quota error (device loop0): write_blk: dquota write failed
[  838.771576][T29686] Quota error (device loop0): find_free_dqentry: Can't write quota data block 5
[  838.771770][T29717] loop4: detected capacity change from 0 to 512
00:43:29 executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
r2 = syz_open_dev$usbfs(&(0x7f0000000000), 0x200, 0x102)
r3 = dup(r2)
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, 0x0)

00:43:29 executing program 1:
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff}, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = dup3(r1, r0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00'}, 0x10)
write$FUSE_BMAP(r2, 0x0, 0x0)

00:43:29 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x5, 0x8, 0x1}, 0x48)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000940)={r0, &(0x7f0000000780)="d9", &(0x7f0000000900)=@udp=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000300)='kfree\x00', r2}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = memfd_create(&(0x7f0000000580)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\x91\xfdy\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7U\x00\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0`\xaa8\xc7\xc8\x9d\xfdA\b\x10\x92(c\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n\x8f~\xd0\xe2y-l\xef_\xb0\x93=\xabQ\xf7 \x1d\xa1\xce\x8b\xac \xe8\x88\xdc\x02\xd7\x04\x9b\x9aL\x9f([4\x81\xf6\xb6\xdf\x16J\xab\xecC\xfe{\xfd\x8a\xa3Eo\tCv\xad\x18\xe9\xd8]B6{\xf0(\xaeW;)\x9f\x9cR\xae\x12G\xd8\xa4\a\x00\x00\x00\x00\x00\x00\x00\x94\xb6\xe8\x885\x92#\x8dE \x86[N\xa7\xd03\xa8\xb4,\x85p\xbd\x88\x02\x1d\xf3\xd5X\xa0\xa9M\xca\xc7\x8b\x8cu\xf0\x00\x00\x00\x00\x00i\xc7\xe7\xbc\xd2\x1e\xf99|\x93\xc7\x7flk\xd2\xa0\xe9\x99`\xff\xf6\xfb\xc4\x9a[\x05\\\x96<\x92\xea}\xec\xac\x17\x9f7\xc0\xa1P\xd0\xf2\x8f\xdc\xf2\xb0\vV\xf7%4_\xba\x81\x95cLW\xfcw\xe0\x97wS\x15\xe4F\xb3\x8a\x9f\b\f\x10z\x14>\x03\xf9\xb0\x95\xbd\xaaF\x02\x86.\xbf\x85\xcfo)G\xb1m\xa8\x01H\x1fO\x9d\x9a\x1b\xfd\xaaf\x96\x92\x96\x1b\xfd\x8e\x10\x8a\x9e:\xa5\x14\xb0`\x82\xd8k\xfd\xd2XNh\xd3\xa3\x03\xb1\x10d)\x11.\xe8~\x8c\x19x\x8f\x82Y\xb9\xc8W\xd1\xa8\xa6b9\xbc\x1a\xff\xc5\xdcObsvRc\x13gb\xa4\x0e~\xbb\r\xb7!\x19\x17\xd56\xec\xb5\xe3\xd2\xa3\x17i\x1c?\xcb\x85\xbe\x13\xa13\x05\x8c\xa6Z\x87\xe0\x91]Bp\xd1\xabg\xd9p\xa9)n\xc5t\x8a\xcb\x1e\xec\x92\xdco\xc1\xe2\x12\xd3\xd1\x19\b&%\xf8a&9\x1b?\f\xd8\xa8\x1a\xc8q\x17\xc2]N\x9c\x80\xb1\x13\xb3\xd6\x01\xad\xc26\x13\x93\xd0\x80$\xc8\x05\x91\x9b\xa8\x02\xc3\x87\xc9\x86^\xb8\x7f\xec\\n\x05\xbf\xd7\x15\xce\xff\x00\xe7\xd9\xc5\r\x00\x02\x00\x00\x00\x00\x00\x00\x15\xd2\xd4~\x88\x19der\xa9B\x91m=\xcd\xf7\x9f\xaa\xe7\x9f\x11\x19\xf8\xe6\x16\x7f\xa8W\xf3\xbf\xcbq\x9d\x14#\xb0}\xb4#\x10\xa3\xc8\xff\xc3\x06\xe9^7\x86\x85\xd4:\x8dQd&E\xf4F\xc7l&\x19\xe6\x95\xec\xa1\n\x9cx\x8d\xf2\xec|\xccYR\xaeZ\xd2\x84\xed0\x00\x00\x00\x00\x00\x00\x00', 0x0)
r4 = dup(r3)
pwritev2(r4, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:29 executing program 1:
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000007000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r0}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

[  838.780731][T29686] Quota error (device loop0): qtree_write_dquot: Error -28 occurred while creating quota
[  838.818172][T29686] EXT4-fs error (device loop0): ext4_free_blocks:6190: comm syz-executor.0: Freeing blocks not in datazone - block = 0, count = 4096
00:43:29 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r1 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
read$char_usb(r1, 0x0, 0x0)

00:43:29 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
mount$bpf(0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='mode=00'])
chdir(0x0)
r0 = open(0x0, 0x0, 0x0)
mkdirat(r0, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
mremap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1000, 0x8, &(0x7f0000ffa000/0x1000)=nil)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$BTRFS_IOC_TREE_SEARCH(r0, 0xd0009411, &(0x7f0000000a40)={{0x0, 0x8, 0xb1af, 0x7, 0x0, 0x0, 0x7, 0x0, 0x4, 0xffffff8f, 0xfff, 0x6, 0x77, 0x0, 0xedd7}})
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x8, 0x0, 0x0}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x6}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x6, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="180000002000000000000000000000e618110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000002b00)={{r2}, &(0x7f0000000980), &(0x7f0000002ac0)=r3}, 0x20)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000580)={r3, 0x0, 0x0}, 0x10)

00:43:29 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000200), &(0x7f0000000280)}, 0x20)
r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x76, 0x141201)
ioctl$USBDEVFS_REAPURB(r1, 0x4008550c, 0x0)
ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000080)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000000), 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

[  838.839376][T29717] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled
[  838.859541][T29686] EXT4-fs (loop0): 1 truncate cleaned up
[  838.880804][T29717] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
00:43:29 executing program 3:
io_uring_setup(0x5, &(0x7f00000002c0))
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f0000000180)=ANY=[@ANYBLOB="18010000002304e800000000000000ea850000007b00000095"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f00000001c0)='netlink_extack\x00', r1}, 0x10)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'bridge_slave_0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c0000001d00070f000200000000000007000000", @ANYRES32=r2], 0x24}}, 0x0)

00:43:29 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0x8, 0x8}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100"/14, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='tlb_flush\x00', r2}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:29 executing program 3:
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff}, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
r2 = dup3(r1, r0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00'}, 0x10)
write$FUSE_BMAP(r2, 0x0, 0x0)

[  838.897738][T29686] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
00:43:29 executing program 1:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
finit_module(r1, 0x0, 0x0)

00:43:29 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000007000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r0}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:29 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r4 = dup(r3)
write$FUSE_BMAP(r4, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r5, 0x0, 0x2)

00:43:29 executing program 1:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

00:43:29 executing program 2:
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r1 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
read$char_usb(r1, 0x0, 0x0)

00:43:29 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
mount$bpf(0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='mode=00'])
chdir(0x0)
r0 = open(0x0, 0x0, 0x0)
mkdirat(r0, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
mremap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1000, 0x8, &(0x7f0000ffa000/0x1000)=nil)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$BTRFS_IOC_TREE_SEARCH(r0, 0xd0009411, &(0x7f0000000a40)={{0x0, 0x8, 0xb1af, 0x7, 0x0, 0x0, 0x7, 0x0, 0x4, 0xffffff8f, 0xfff, 0x6, 0x77, 0x0, 0xedd7}})
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x8, 0x0, 0x0}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x6}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x6, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="180000002000000000000000000000e618110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000002b00)={{r2}, &(0x7f0000000980), &(0x7f0000002ac0)=r3}, 0x20)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000580)={r3, 0x0, 0x0}, 0x10)

[  838.938812][T29686] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 16: comm syz-executor.0: path /root/syzkaller-testdir1588329118/syzkaller.15RdqO/139/file1: bad entry in directory: inode out of bounds - offset=44, inode=40, rec_len=16, size=1024 fake=0
[  838.958222][T29744] Invalid ELF header magic: != ELF
[  838.975484][T29717] [EXT4 FS bs=4096, gc=1, bpg=3008, ipg=32, mo=4015e018, mo2=0000]
00:43:29 executing program 3:
pipe2$9p(&(0x7f0000001900)={<r0=>0xffffffffffffffff}, 0x0)
r1 = socket$key(0xf, 0x3, 0x2)
dup3(r1, r0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000de0000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007200000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000000)='kmem_cache_free\x00', r2}, 0x10)
write$FUSE_BMAP(0xffffffffffffffff, 0x0, 0x0)

00:43:29 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0x8, 0x8}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="180100"/14, @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='tlb_flush\x00', r2}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:29 executing program 3:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000001980)=@ipv4_delroute={0x24, 0x19, 0x1, 0x0, 0x0, {0x2, 0x18}, [@RTA_DST={0x8, 0x1, @dev}]}, 0x24}}, 0x0)

[  839.003265][T29717] EXT4-fs (loop4): 1 truncate cleaned up
[  839.010773][T29717] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=0x000000000000ee01,jqfmt=vfsold,noauto_da_alloc,resgid=000000000000000000032,errors=continue. Quota mode: writeback.
00:43:29 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f00000003c0)={0x2, &(0x7f0000000380)=[{0x3d, 0x0, 0x2}, {}]}, 0x10)

00:43:29 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
finit_module(r1, 0x0, 0x0)

00:43:29 executing program 1:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:29 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000007000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r0}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:29 executing program 2:
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r1 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
read$char_usb(r1, 0x0, 0x0)

00:43:29 executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff, 0x7}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10)
r2 = syz_open_dev$usbfs(&(0x7f0000000040), 0x76, 0x141201)
ioctl$USBDEVFS_REAPURB(r2, 0x4008550c, 0x0)
ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000080)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000000), 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

00:43:29 executing program 0:
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000500)={0x0, 0x0, 0x0, 0x0, 0x0, "df3f0400000000000000000000000609000040"})
r1 = syz_open_pts(r0, 0x0)
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r0, &(0x7f0000000080))
dup3(r1, r0, 0x0)

[  839.057125][T29717] EXT4-fs (loop4): re-mounted. Opts: (null). Quota mode: writeback.
[  839.084286][ T2745] Quota error (device loop4): free_dqentry: Quota structure has offset to other block (1) than it should (5)
00:43:29 executing program 2:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_service_time\x00', 0x275a, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1c916, &(0x7f0000000180)=ANY=[@ANYBLOB='nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=', @ANYRESHEX=0xee01, @ANYBLOB=',jqfmt=vfsold,noauto_da_alloc,resgid=', @ANYRESDEC=r1, @ANYBLOB="3200ff97274c68d17b7c16f8461797323c26897387cd742fcba8abebd00606fa2ce467cd74", @ANYRES32=r0], 0x1b, 0x4da, &(0x7f0000000a40)="$eJzs3d1rW+cZAPDnHFtZPpzZYbvIAsvCkmGHLZIdL4kZLNtgbFeBbdnF7jLPlo2xbBlLTmITNof9AYMR2kKvetWbQv+AQsldb0tLoL0vbWkpbdJe9KKNir7SxJH8QWQrWL8fHOs9H/LzvBJ6dd73vOgE0LNORcT5iHhYqVTORsRgY3vaWO4eiYj1+nEP7t+aqi5JVCpXP08iaWyrHj/y2P9sPCUORsTf/hzxr+TpuKXVtfnJQiG/3FjPlReWcqXVtXNzC5Oz+dn84vj42MWJSxMXJkY7Us+BiLj8x49f+N+rf7r85q9ufHDt05F/V9P6bWN/sx6dVq96pvZaNPVHxPJuBOuCvkZ9Mt1OBACAbWme5/88Is7GYPTVzuYAAACA/aTyu4H4JomoAAAAAPtWWpsbm6TZxjyAgUjTbLY+h/fHcTgtFEvlX84UVxan63NohyKTzswV8qONucJDkUmq62O18vfr5zesj0fEsYi4M3iotp6dKhamuz34AQAAAD3iyIb+/1eD9f4/AAAAsM8MdTsBAAAAYNfp/wMAAMD+16L//49u5AEAAADsir9cuVJdKs37X09fX12ZL14/N50vzWcXVqayU8XlpexssThb+82+ha3+X6FYXPp1LK7czJXzpXKutLp2baG4sli+NvfELbABAACAPXTsZ3ffTyJi/TeHakvVgW4nBeyJ/p0c/NHu5QHsvb5uJwB0zY6+/4F9JdPtBICuS7bY33byztudzwUAANgdwz9pff0/2XJsYD3doxSBXWL8D3qX6//Qu1z/h96Vib7QkYfetvvX/yuVHSUEAAB03EBtSdJsRG0cYCDSNJuNOFq7LUAmmZkr5Ecj4ocR8d5g5gfV9bHaM5Mt+wwAAAAAAAAAAAAAAAAAAAAAAAAAQF2lkkQFAAAA2Nci0k+Sxv2/hgfPDGwcHziQfD1Ye4yIGy9fffHmZLm8PFbd/sWj7eWXGtvPd2MEAwAAANio2U9v9uMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJMe3L811Vz2Mu5nf4iIoVbx++Ng7fFgZCLi8JdJ9D/2vCQi+joQf/12RBxvFT+pphVDjSxaxT/UxfhpRBzpQHzoZXer7c/vW33+0jhVe2z9+btYa6GeXfv2L33U/vW1aX+ObjPGiXuv59rGvx1xor91+9OMn7SJf3qb8f/597W1dvsqr0QMt/z+SZ6IlSsvLOVKq2vn5hYmZ/Oz+cXx8bGLE5cmLkyM5mbmCvnG3xYRDsT/f/rGw83qfzjutG1/N6v/mW3W/9t7N+//qF7MtIo/crr1+3+8Tfy08d33i0a5un+4WV6vlx938rV3Tka8+1a7+k+3ef23ev9Htln/s3/974fbPBQA2AOl1bX5yUIhv9zThWd6NaqnRc9FLRR2WvjP85HGc1nobrsEAAB03tN94Cd14ho7AAAAAAAAAAAAAAAAAAAAsLm9/HW9pvXuVBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYFPfBQAA//9z7Ner")
r2 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)

00:43:29 executing program 1:
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)
mount$bpf(0x0, 0x0, &(0x7f0000000280), 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB='mode=00'])
chdir(0x0)
r0 = open(0x0, 0x0, 0x0)
mkdirat(r0, &(0x7f0000000340)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x40, 0x0)
mremap(&(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x1000, 0x8, &(0x7f0000ffa000/0x1000)=nil)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$BTRFS_IOC_TREE_SEARCH(r0, 0xd0009411, &(0x7f0000000a40)={{0x0, 0x8, 0xb1af, 0x7, 0x0, 0x0, 0x7, 0x0, 0x4, 0xffffff8f, 0xfff, 0x6, 0x77, 0x0, 0xedd7}})
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, 0x0)
sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x0, 0x8, 0x0, 0x0}, 0x90)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x6}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x6, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="180000002000000000000000000000e618110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000019007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000900)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000002b00)={{r2}, &(0x7f0000000980), &(0x7f0000002ac0)=r3}, 0x20)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000580)={r3, 0x0, 0x0}, 0x10)

00:43:29 executing program 0:
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000480)='./bus\x00', 0x100ca, &(0x7f0000000600)=ANY=[@ANYRES16=0x0, @ANYRES16, @ANYRES16, @ANYRESOCT, @ANYBLOB="2b9377d62e0bb1a6c958ce648008795312927666db21aacec68292115af5ab5d03455f201121fc087d52f9464379ce473dbe3fd2b4af29c4564506f5c2632929dc860c92abd13f19333ee747e30d9dd911dbd9ca9e927be03743abb8d6428ce1b07eb5c482df8a2a05000000000000006ffe103fbeb74e7a51d36864b5e8bf1969b3305ab6f962ba5e7635b4f081d15405826661850142924f8c35444258afb84d9ec9ba010000807d2f5ca512e2f879eb1a01bfbea0b9d90ac01434b01bb179fdb2172b8f5fb381000000000000007a9ab82d4d4871b1f05d83e57d5caa8f691586352baf61c503d1875e65883e39038a7f023fb2924d72048e67d6a45cabf56c8cd5d09d8b78afff647bc63f748da49139302fd5055c2552e072b90df648c4b49e454a7571302629e652a145fb9afded711ce2d9253e423537a16b4a114fdca72f057e0a20e3fca7cd52fc6ffdc6c39ff2bc2e5cb6847950ac4e4fc4a1a5f5975da688b55a01bcca6c57f98b37880e6206480094a2f8eee5dd0d06914809a1c610fe27bce8c717fd2545dfc58c1ee8a1a6f3aa2b19ff0ea4e09f29aee5aa4b8bf2263e35186c7d340b72e52c298deac605f32c34bcc3b9c495ada38bbcef414fb3fd9193a703a52c14251fbfc2be2843bde0c1fe9ce09e5acf5542c0bbf514052ecd12d17d7df449403881ef65"], 0x2, 0x45c, &(0x7f0000000cc0)="$eJzs3M1vG0UbAPBn7ST9evsmlPLRD2igICoQSZMW6IFDi0DiABISHMoxJGlV6jaoCRKtKggcyhFV4o44IvEXcIILAk5IXOGOKlWolxZOi9beTVzXNo5j1638+0muZ3ZnNfN4d7wzO3UCGFqT2T9JbMvefo+I8Wq2ocBk7e3Wjcvzf9+4PJ9Emr79V1Itd/PG5fmiaHHcjiKzWsvva1Lv8sVLZ+cqlcULeX565dwH08sXLz1/5tzc6cXTi+dnjx07emTmpRdnX+hJnFmbbu79eGn/ntffvfrm/Mmr7/38bVLE3xBHj0w22VYuEk/3uLJB21mXTkYG2BA2JLsgs9M1Wu3/41GO9ZM3Hq99NtDGAX2Vpmm6pfXu1bSp0fxI4P6W6MkwpIobfTb/zV5J7+fB97TrJ2oToCz2W/mrtmckSnmZ0Yb5bS9ls62Tq/98lb2iP88hAABu8/2J2nsx/lsff5Ti4bpyx/O1oYmIeCAidkXEgxGxOyIeiqiWfSQiHl07YmtH9Tcuktw5/ild6y6yzmTjv5fzta3bx3/F6C8mynluZzX+0eTUmcri4Yj4f0QcitEtWX6mTR0/vPrbF632TdaN/7JXVn8xFszbcW2k4QHdwtzK3GZirnf904i9I83iT9ZWApKI2BMRew90V8eZZ7/Z32rff8ffRg/WmdKvI56pnf/VaIi/kLRfn5zeGpXFw9PFVXGnX3698lar+juLP9l8oC1k53970+t/rc6JpH69dnnjdVz54/OWc5pur/+x5J1qeizf9tHcysqFmYix5I18+/H17bPrxxb5onwW/6GDzfv/rlj/JPZFRHYRPxYRj0fEgbztT0TEkxFxsE38P73y1Pvdx99fWfwLGzr/G0+Uz/743W2VTrSJP4km5/9oNXUo39LJ91+nDdzs5wcAAAD3g1JE/C+S0tRaulSamqr9f/ndsb1UWVpeee7U0ofnF7J91eefpeJJ13jd89CZfFpf5Gcb8kfy58ZflrdV81PzS5WFQQcPQ25Hi/6f+bPc9tCxu9NCoK/8XguGV7f9P03TT3rcFOAuc/+H4aX/w/Bq0v+3NeTb/I0A4H7W7P5vYg/Dwfgfhpf+D8Orq/6f9PFXqcBd4/4PQ2kzv+vvWSL7/rkHmtFxIk0HVPvY4GNfS0TpnmiGRJ8Sg/5mAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6I1/AwAA///OVOLx")

00:43:29 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0x8, 0x8}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='tlb_flush\x00', r2}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:29 executing program 1:
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000007000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r0}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:29 executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r4 = dup(r3)
write$FUSE_BMAP(r4, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r5, 0x0, 0x2)

00:43:29 executing program 4:
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r1 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
read$char_usb(r1, 0x0, 0x0)

00:43:29 executing program 1:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

[  839.155831][T29780] Invalid ELF header magic: != ELF
[  839.162564][T29777] loop2: detected capacity change from 0 to 512
[  839.193022][T29789] loop0: detected capacity change from 0 to 512
00:43:29 executing program 3:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:29 executing program 4:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
ioctl$KDSIGACCEPT(r1, 0x5607, 0x38)

00:43:29 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000001b95"], &(0x7f00000002c0)='syzkaller\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0x1, 0x0, &(0x7f0000000300)=',', 0x0, 0x40, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

[  839.228484][T29789] EXT4-fs (loop0): bad geometry: block count 150995200 exceeds size of device (256 blocks)
[  839.239210][T29777] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled
00:43:29 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r4, 0x0, 0x2)

00:43:29 executing program 1:
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000007000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r0}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:29 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0x8, 0x8}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='tlb_flush\x00', r2}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:29 executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff, 0x7}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10)
r2 = syz_open_dev$usbfs(&(0x7f0000000040), 0x76, 0x141201)
ioctl$USBDEVFS_REAPURB(r2, 0x4008550c, 0x0)
ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000080)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000000), 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

[  839.274191][T29777] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
00:43:30 executing program 1:
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
read$char_usb(r2, 0x0, 0x0)

00:43:30 executing program 4:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:30 executing program 0:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={0x0, r1}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

[  839.341092][T29777] [EXT4 FS bs=4096, gc=1, bpg=3008, ipg=32, mo=4015e018, mo2=0000]
[  839.361687][T29777] EXT4-fs (loop2): 1 truncate cleaned up
[  839.376421][  T351] Quota error (device loop2): free_dqentry: Quota structure has offset to other block (1) than it should (5)
00:43:30 executing program 1:
syz_emit_ethernet(0x4a, &(0x7f0000000040)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0xa, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010100, @local, {[@generic={0x94, 0x4, 'T.'}, @ssrr={0x89, 0xf, 0xfc, [@remote, @broadcast, @local]}]}}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0)

00:43:30 executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000007000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r0}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

[  839.389911][T29777] EXT4-fs (loop2): mounted filesystem without journal. Opts: nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=0x000000000000ee01,jqfmt=vfsold,noauto_da_alloc,resgid=000000000000000000032,errors=continue. Quota mode: writeback.
00:43:30 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r4, 0x0, 0x2)

00:43:30 executing program 3:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0x8, 0x8}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='tlb_flush\x00', r2}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:30 executing program 1:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
ioctl$KDSIGACCEPT(r1, 0x5607, 0x38)

[  839.441980][T29777] EXT4-fs (loop2): re-mounted. Opts: (null). Quota mode: writeback.
00:43:30 executing program 4:
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@newlink={0x54, 0x10, 0x1, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x34, 0x12, 0x0, 0x1, @ip6gretap={{0xe}, {0x20, 0x2, 0x0, 0x1, [@IFLA_GRE_IFLAGS={0x6}, @IFLA_GRE_REMOTE={0x14, 0x7, @ipv4={'\x00', '\xff\xff', @local}}]}}}]}, 0x54}, 0x1, 0x2}, 0x0)

00:43:30 executing program 0:
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
read$char_usb(r2, 0x0, 0x0)

00:43:30 executing program 3:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:30 executing program 4:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_service_time\x00', 0x275a, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1c916, &(0x7f0000000180)=ANY=[@ANYBLOB='nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=', @ANYRESHEX=0xee01, @ANYBLOB=',jqfmt=vfsold,noauto_da_alloc,resgid=', @ANYRESDEC=r1, @ANYBLOB="3200ff97274c68d17b7c16f8461797323c26897387cd742fcba8abebd00606fa2ce467cd74", @ANYRES32=r0], 0x1b, 0x4da, &(0x7f0000000a40)="$eJzs3d1rW+cZAPDnHFtZPpzZYbvIAsvCkmGHLZIdL4kZLNtgbFeBbdnF7jLPlo2xbBlLTmITNof9AYMR2kKvetWbQv+AQsldb0tLoL0vbWkpbdJe9KKNir7SxJH8QWQrWL8fHOs9H/LzvBJ6dd73vOgE0LNORcT5iHhYqVTORsRgY3vaWO4eiYj1+nEP7t+aqi5JVCpXP08iaWyrHj/y2P9sPCUORsTf/hzxr+TpuKXVtfnJQiG/3FjPlReWcqXVtXNzC5Oz+dn84vj42MWJSxMXJkY7Us+BiLj8x49f+N+rf7r85q9ufHDt05F/V9P6bWN/sx6dVq96pvZaNPVHxPJuBOuCvkZ9Mt1OBACAbWme5/88Is7GYPTVzuYAAACA/aTyu4H4JomoAAAAAPtWWpsbm6TZxjyAgUjTbLY+h/fHcTgtFEvlX84UVxan63NohyKTzswV8qONucJDkUmq62O18vfr5zesj0fEsYi4M3iotp6dKhamuz34AQAAAD3iyIb+/1eD9f4/AAAAsM8MdTsBAAAAYNfp/wMAAMD+16L//49u5AEAAADsir9cuVJdKs37X09fX12ZL14/N50vzWcXVqayU8XlpexssThb+82+ha3+X6FYXPp1LK7czJXzpXKutLp2baG4sli+NvfELbABAACAPXTsZ3ffTyJi/TeHakvVgW4nBeyJ/p0c/NHu5QHsvb5uJwB0zY6+/4F9JdPtBICuS7bY33byztudzwUAANgdwz9pff0/2XJsYD3doxSBXWL8D3qX6//Qu1z/h96Vib7QkYfetvvX/yuVHSUEAAB03EBtSdJsRG0cYCDSNJuNOFq7LUAmmZkr5Ecj4ocR8d5g5gfV9bHaM5Mt+wwAAAAAAAAAAAAAAAAAAAAAAAAAQF2lkkQFAAAA2Nci0k+Sxv2/hgfPDGwcHziQfD1Ye4yIGy9fffHmZLm8PFbd/sWj7eWXGtvPd2MEAwAAANio2U9v9uMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJMe3L811Vz2Mu5nf4iIoVbx++Ng7fFgZCLi8JdJ9D/2vCQi+joQf/12RBxvFT+pphVDjSxaxT/UxfhpRBzpQHzoZXer7c/vW33+0jhVe2z9+btYa6GeXfv2L33U/vW1aX+ObjPGiXuv59rGvx1xor91+9OMn7SJf3qb8f/597W1dvsqr0QMt/z+SZ6IlSsvLOVKq2vn5hYmZ/Oz+cXx8bGLE5cmLkyM5mbmCvnG3xYRDsT/f/rGw83qfzjutG1/N6v/mW3W/9t7N+//qF7MtIo/crr1+3+8Tfy08d33i0a5un+4WV6vlx938rV3Tka8+1a7+k+3ef23ev9Htln/s3/974fbPBQA2AOl1bX5yUIhv9zThWd6NaqnRc9FLRR2WvjP85HGc1nobrsEAAB03tN94Cd14ho7AAAAAAAAAAAAAAAAAAAAsLm9/HW9pvXuVBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYFPfBQAA//9z7Ner")
r2 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)

00:43:30 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff, 0x7}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10)
r2 = syz_open_dev$usbfs(&(0x7f0000000040), 0x76, 0x141201)
ioctl$USBDEVFS_REAPURB(r2, 0x4008550c, 0x0)
ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000080)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000000), 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

00:43:30 executing program 3:
socket$can_bcm(0x1d, 0x2, 0x2)
socket$can_bcm(0x1d, 0x2, 0x2)
r0 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000140)={'team0\x00', <r1=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0xc}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @vcan={{0x9}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x3c}}, 0x0)

00:43:30 executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:30 executing program 1:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={0x0, r1}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:30 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0x8, 0x8}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='tlb_flush\x00', r2}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:30 executing program 0:
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000540), r0)
r2 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NLBL_CIPSOV4_C_ADD(r2, &(0x7f0000000700)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000440)=ANY=[@ANYBLOB='H\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000000000000000000100000024000480050007000200000005000300000000000500030001000000050003000200000008000100ffffffff0800020002"], 0x48}}, 0x0)

00:43:30 executing program 3:
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
read$char_usb(r2, 0x0, 0x0)

00:43:30 executing program 0:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

[  839.574108][T29847] loop4: detected capacity change from 0 to 512
[  839.592241][T29847] EXT4-fs (loop4): Quota format mount options ignored when QUOTA feature is enabled
[  839.608737][T29847] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
00:43:30 executing program 3:
r0 = syz_open_dev$usbfs(&(0x7f0000000040), 0x12, 0x80801)
ioctl$USBDEVFS_DISCONNECT_CLAIM(r0, 0x8108551b, &(0x7f0000000080)={0x0, 0x0, "27092cfa555702279299fa2716dd2f9323cfe7b40d8b108ce6707549cb26c6c14c886e5bde7477a20e3772522b9b15dd0650e83716c1240aa1d0251a1e4996723eceba0f9af00a979e132db2d3d18da77f695be20bcb5b6cc37b02eae8a78cc781698e7858feda720e1fc83af7557b0f97916ce0ccab55b156620b821b5f9b6d9423fd3979ebac50aa40722562a94171016dceb1b3fff148c736662a8ef9216d75a957b104c49f9ede0b770568b1e23580c1783668eb1e8631f5794bc35acb9a71b9a7238b5d0ba3ec928ba0b5bab037b38429be05e85731f77722d8f3762181dcc4a3895ea0b277e8ce07c7035d9def50e408b65668351d7ae7d9c3f3174a77"})
ioctl$USBDEVFS_ALLOW_SUSPEND(r0, 0x5522)

00:43:30 executing program 1:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
ioctl$KDSIGACCEPT(r1, 0x5607, 0x38)

00:43:30 executing program 0:
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x0, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r4, 0x0, 0x2)

00:43:30 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff, 0x7}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000200), &(0x7f0000000280)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00'}, 0x10)
r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x76, 0x141201)
ioctl$USBDEVFS_REAPURB(r1, 0x4008550c, 0x0)
ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000080)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000000), 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

00:43:30 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:30 executing program 3:
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)={0x2, 0xd, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, [@sadb_address={0x5, 0x17, 0x0, 0xa0, 0x0, @in6={0xa, 0x0, 0x0, @remote}}]}, 0x38}}, 0x0)

00:43:30 executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x0, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
read$char_usb(r2, 0x0, 0x0)

[  839.694643][T29847] [EXT4 FS bs=4096, gc=1, bpg=3008, ipg=32, mo=4015e018, mo2=0000]
00:43:30 executing program 3:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={0x0, r1}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:30 executing program 2:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:30 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r4, 0x0, 0x2)

00:43:30 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0x8, 0x8}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='tlb_flush\x00', r2}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

[  839.737402][T29847] EXT4-fs (loop4): 1 truncate cleaned up
[  839.743103][T29847] EXT4-fs (loop4): mounted filesystem without journal. Opts: nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=0x000000000000ee01,jqfmt=vfsold,noauto_da_alloc,resgid=000000000000000000032,errors=continue. Quota mode: writeback.
[  839.774698][ T2745] Quota error (device loop4): free_dqentry: Quota structure has offset to other block (1) than it should (5)
00:43:30 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x8, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x0, 0x3, 0x0, 0x1, 0x8f}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24}, 0x2f)

00:43:30 executing program 0:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x0, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="3d84abd9b872c703b4180000"], 0x0}, 0x90)
syz_emit_ethernet(0x5e, &(0x7f0000000600)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaabb86dd600040000028060020010000000000000000000000000001fe8000000000000000000000000000aa00000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="a00000e9907800008dded4c4662307180000cc2cad22270b45eabd60f8b8d75e4c11"], 0x0)
socket$nl_route(0x10, 0x3, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000680)=ANY=[@ANYBLOB="b405000000000000611078000000000007000000000000009500000000000000e85859fb27a6a04b90e566b4e258f0853df1278164ed629c3684490d65e22b60b6daeb07f0efb172877a560300000000000000"], &(0x7f0000003ff6)='GPL\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x3c)
r0 = epoll_create1(0x80000)
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = dup(r1)
ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(0xffffffffffffffff, 0x40182103, &(0x7f0000000b80)={0x0, 0x2, r0, 0x2})
ioctl$TIOCL_SELLOADLUT(0xffffffffffffffff, 0x541c, &(0x7f0000000040)={0x5, 0x100000007fffffff, 0xffff, 0x6, 0xff})
ioctl$KDFONTOP_COPY(0xffffffffffffffff, 0x4b72, &(0x7f0000000480)={0x3, 0x1, 0x1f, 0x13, 0xea, &(0x7f0000000080)})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000100)='mountinfo\x00')
ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000003a80))
stat(&(0x7f0000003ac0)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0)
ioctl$TIOCL_SETSEL(r2, 0x541c, &(0x7f0000001900)={0x2, {0x2, 0x0, 0x0, 0x0, 0x100}})
ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, 0x0)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, 0xffffffffffffffff, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)

00:43:30 executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:30 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x0, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
read$char_usb(r2, 0x0, 0x0)

00:43:30 executing program 2:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:30 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x3, &(0x7f0000000440)=@framed, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r4, 0x0, 0x2)

[  839.794360][T29847] EXT4-fs (loop4): re-mounted. Opts: (null). Quota mode: writeback.
00:43:30 executing program 1:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
ioctl$KDSIGACCEPT(r1, 0x5607, 0x38)

00:43:30 executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff, 0x7}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000200), &(0x7f0000000280)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00'}, 0x10)
r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x76, 0x141201)
ioctl$USBDEVFS_REAPURB(r1, 0x4008550c, 0x0)
ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000080)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000000), 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

00:43:30 executing program 0:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000280)='task_newtask\x00'}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:30 executing program 2:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_service_time\x00', 0x275a, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1c916, &(0x7f0000000180)=ANY=[@ANYBLOB='nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=', @ANYRESHEX=0xee01, @ANYBLOB=',jqfmt=vfsold,noauto_da_alloc,resgid=', @ANYRESDEC=r1, @ANYBLOB="3200ff97274c68d17b7c16f8461797323c26897387cd742fcba8abebd00606fa2ce467cd74", @ANYRES32=r0], 0x1b, 0x4da, &(0x7f0000000a40)="$eJzs3d1rW+cZAPDnHFtZPpzZYbvIAsvCkmGHLZIdL4kZLNtgbFeBbdnF7jLPlo2xbBlLTmITNof9AYMR2kKvetWbQv+AQsldb0tLoL0vbWkpbdJe9KKNir7SxJH8QWQrWL8fHOs9H/LzvBJ6dd73vOgE0LNORcT5iHhYqVTORsRgY3vaWO4eiYj1+nEP7t+aqi5JVCpXP08iaWyrHj/y2P9sPCUORsTf/hzxr+TpuKXVtfnJQiG/3FjPlReWcqXVtXNzC5Oz+dn84vj42MWJSxMXJkY7Us+BiLj8x49f+N+rf7r85q9ufHDt05F/V9P6bWN/sx6dVq96pvZaNPVHxPJuBOuCvkZ9Mt1OBACAbWme5/88Is7GYPTVzuYAAACA/aTyu4H4JomoAAAAAPtWWpsbm6TZxjyAgUjTbLY+h/fHcTgtFEvlX84UVxan63NohyKTzswV8qONucJDkUmq62O18vfr5zesj0fEsYi4M3iotp6dKhamuz34AQAAAD3iyIb+/1eD9f4/AAAAsM8MdTsBAAAAYNfp/wMAAMD+16L//49u5AEAAADsir9cuVJdKs37X09fX12ZL14/N50vzWcXVqayU8XlpexssThb+82+ha3+X6FYXPp1LK7czJXzpXKutLp2baG4sli+NvfELbABAACAPXTsZ3ffTyJi/TeHakvVgW4nBeyJ/p0c/NHu5QHsvb5uJwB0zY6+/4F9JdPtBICuS7bY33byztudzwUAANgdwz9pff0/2XJsYD3doxSBXWL8D3qX6//Qu1z/h96Vib7QkYfetvvX/yuVHSUEAAB03EBtSdJsRG0cYCDSNJuNOFq7LUAmmZkr5Ecj4ocR8d5g5gfV9bHaM5Mt+wwAAAAAAAAAAAAAAAAAAAAAAAAAQF2lkkQFAAAA2Nci0k+Sxv2/hgfPDGwcHziQfD1Ye4yIGy9fffHmZLm8PFbd/sWj7eWXGtvPd2MEAwAAANio2U9v9uMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJMe3L811Vz2Mu5nf4iIoVbx++Ng7fFgZCLi8JdJ9D/2vCQi+joQf/12RBxvFT+pphVDjSxaxT/UxfhpRBzpQHzoZXer7c/vW33+0jhVe2z9+btYa6GeXfv2L33U/vW1aX+ObjPGiXuv59rGvx1xor91+9OMn7SJf3qb8f/597W1dvsqr0QMt/z+SZ6IlSsvLOVKq2vn5hYmZ/Oz+cXx8bGLE5cmLkyM5mbmCvnG3xYRDsT/f/rGw83qfzjutG1/N6v/mW3W/9t7N+//qF7MtIo/crr1+3+8Tfy08d33i0a5un+4WV6vlx938rV3Tka8+1a7+k+3ef23ev9Htln/s3/974fbPBQA2AOl1bX5yUIhv9zThWd6NaqnRc9FLRR2WvjP85HGc1nobrsEAAB03tN94Cd14ho7AAAAAAAAAAAAAAAAAAAAsLm9/HW9pvXuVBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYFPfBQAA//9z7Ner")
r2 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)

00:43:30 executing program 4:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc71b, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0xc}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000000), &(0x7f0000000080)}, 0x20)
syz_usb_control_io(r0, &(0x7f00000002c0)={0x2c, &(0x7f00000001c0)={0x0, 0x0, 0x7, {0x7, 0x0, "47f882f4d1"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

00:43:30 executing program 0:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:30 executing program 0:
write$FUSE_STATFS(0xffffffffffffffff, 0x0, 0x0)
ioctl$sock_inet_SIOCGIFBRDADDR(0xffffffffffffffff, 0x5452, 0x0)
mlockall(0x1)
socket$inet(0x2, 0x0, 0x0)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
write$tun(0xffffffffffffffff, 0x0, 0x1c)
r0 = socket(0x0, 0x6, 0x4)
ioctl$FIONREAD(r0, 0x891b, &(0x7f0000000180))
r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil)
ioctl$TIOCNOTTY(r1, 0x5413)

00:43:30 executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:30 executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x0, 0x8, 0x1}, 0x48)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000940)={r0, &(0x7f0000000780)="d9", &(0x7f0000000900)=@udp=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000300)='kfree\x00', r2}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = memfd_create(&(0x7f0000000580)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\x91\xfdy\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7U\x00\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0`\xaa8\xc7\xc8\x9d\xfdA\b\x10\x92(c\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n\x8f~\xd0\xe2y-l\xef_\xb0\x93=\xabQ\xf7 \x1d\xa1\xce\x8b\xac \xe8\x88\xdc\x02\xd7\x04\x9b\x9aL\x9f([4\x81\xf6\xb6\xdf\x16J\xab\xecC\xfe{\xfd\x8a\xa3Eo\tCv\xad\x18\xe9\xd8]B6{\xf0(\xaeW;)\x9f\x9cR\xae\x12G\xd8\xa4\a\x00\x00\x00\x00\x00\x00\x00\x94\xb6\xe8\x885\x92#\x8dE \x86[N\xa7\xd03\xa8\xb4,\x85p\xbd\x88\x02\x1d\xf3\xd5X\xa0\xa9M\xca\xc7\x8b\x8cu\xf0\x00\x00\x00\x00\x00i\xc7\xe7\xbc\xd2\x1e\xf99|\x93\xc7\x7flk\xd2\xa0\xe9\x99`\xff\xf6\xfb\xc4\x9a[\x05\\\x96<\x92\xea}\xec\xac\x17\x9f7\xc0\xa1P\xd0\xf2\x8f\xdc\xf2\xb0\vV\xf7%4_\xba\x81\x95cLW\xfcw\xe0\x97wS\x15\xe4F\xb3\x8a\x9f\b\f\x10z\x14>\x03\xf9\xb0\x95\xbd\xaaF\x02\x86.\xbf\x85\xcfo)G\xb1m\xa8\x01H\x1fO\x9d\x9a\x1b\xfd\xaaf\x96\x92\x96\x1b\xfd\x8e\x10\x8a\x9e:\xa5\x14\xb0`\x82\xd8k\xfd\xd2XNh\xd3\xa3\x03\xb1\x10d)\x11.\xe8~\x8c\x19x\x8f\x82Y\xb9\xc8W\xd1\xa8\xa6b9\xbc\x1a\xff\xc5\xdcObsvRc\x13gb\xa4\x0e~\xbb\r\xb7!\x19\x17\xd56\xec\xb5\xe3\xd2\xa3\x17i\x1c?\xcb\x85\xbe\x13\xa13\x05\x8c\xa6Z\x87\xe0\x91]Bp\xd1\xabg\xd9p\xa9)n\xc5t\x8a\xcb\x1e\xec\x92\xdco\xc1\xe2\x12\xd3\xd1\x19\b&%\xf8a&9\x1b?\f\xd8\xa8\x1a\xc8q\x17\xc2]N\x9c\x80\xb1\x13\xb3\xd6\x01\xad\xc26\x13\x93\xd0\x80$\xc8\x05\x91\x9b\xa8\x02\xc3\x87\xc9\x86^\xb8\x7f\xec\\n\x05\xbf\xd7\x15\xce\xff\x00\xe7\xd9\xc5\r\x00\x02\x00\x00\x00\x00\x00\x00\x15\xd2\xd4~\x88\x19der\xa9B\x91m=\xcd\xf7\x9f\xaa\xe7\x9f\x11\x19\xf8\xe6\x16\x7f\xa8W\xf3\xbf\xcbq\x9d\x14#\xb0}\xb4#\x10\xa3\xc8\xff\xc3\x06\xe9^7\x86\x85\xd4:\x8dQd&E\xf4F\xc7l&\x19\xe6\x95\xec\xa1\n\x9cx\x8d\xf2\xec|\xccYR\xaeZ\xd2\x84\xed0\x00\x00\x00\x00\x00\x00\x00', 0x0)
r4 = dup(r3)
pwritev2(r4, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:30 executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
r2 = syz_open_dev$usbfs(&(0x7f0000000000), 0x200, 0x102)
r3 = dup(r2)
ioctl$USBDEVFS_IOCTL(r3, 0xc0105512, &(0x7f00000007c0)=@usbdevfs_connect)

00:43:30 executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x0, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
read$char_usb(r2, 0x0, 0x0)

00:43:30 executing program 1:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000280)='task_newtask\x00'}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:30 executing program 3:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

[  839.921742][T29919] loop2: detected capacity change from 0 to 512
00:43:30 executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff, 0x7}, 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000200), &(0x7f0000000280)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00'}, 0x10)
r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x76, 0x141201)
ioctl$USBDEVFS_REAPURB(r1, 0x4008550c, 0x0)
ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000080)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000000), 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

00:43:30 executing program 3:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDSETMODE(r0, 0x4b3a, 0x0)
syz_pidfd_open(0x0, 0x0)
r1 = socket$nl_route(0x10, 0x3, 0x0)
bind$inet(0xffffffffffffffff, &(0x7f0000002680)={0x2, 0x0, @local}, 0x10)
setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000300), 0x4)
r2 = socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$int_in(0xffffffffffffffff, 0x0, &(0x7f0000000300))
bind$inet6(r2, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c)
sendto$inet6(r2, 0x0, 0x1e, 0x2200c851, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c)
recvfrom$inet6(r2, &(0x7f0000001300)=""/29, 0x1d, 0x10020, &(0x7f0000001340)={0xa, 0x0, 0x1936e1a0, @empty, 0x3}, 0x1c)
poll(&(0x7f0000000040), 0x0, 0x800)
sendto$inet6(r2, &(0x7f0000000180)="44f9b108b1cdc885c9c52dd21f474bec8bfef1df1e2da71e578dc6b91d09f7ab15378571d8e27546090011006e75436914ab717528ee4b7a9beaf908d11137c11903064e83b4", 0x46, 0x1, 0x0, 0x0)
shutdown(r2, 0x0)
ioctl$BTRFS_IOC_BALANCE_PROGRESS(r1, 0x84009422, &(0x7f00000013c0)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}})
ioctl$BTRFS_IOC_GET_DEV_STATS(r2, 0xc4089434, &(0x7f0000000640)={0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x400], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0xfffffffffffffffd]})
openat2(0xffffffffffffffff, 0x0, 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)

00:43:30 executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

[  840.017619][T29919] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled
[  840.036341][T29919] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
00:43:30 executing program 1:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, 0x0, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

[  840.077446][T29919] [EXT4 FS bs=4096, gc=1, bpg=3008, ipg=32, mo=4015e018, mo2=0000]
[  840.092532][T29919] EXT4-fs (loop2): 1 truncate cleaned up
[  840.101508][T29919] EXT4-fs (loop2): mounted filesystem without journal. Opts: nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=0x000000000000ee01,jqfmt=vfsold,noauto_da_alloc,resgid=000000000000000000032,errors=continue. Quota mode: writeback.
00:43:30 executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x0, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
read$char_usb(r2, 0x0, 0x0)

00:43:30 executing program 1:
socket$inet_icmp_raw(0x2, 0x3, 0x1)
syz_emit_ethernet(0x6a, &(0x7f0000000340)={@local, @random="6af9bf2b8540", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x1, 0x0, @private=0xa010101, @local}, @time_exceeded={0x5, 0x0, 0x0, 0x3, 0x0, 0x0, {0x10, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @broadcast=0xac14140a, @broadcast=0xac1414bb, {[@timestamp_addr={0x44, 0x1c, 0x0, 0x1, 0x0, [{@initdev={0xac, 0x1e, 0x0, 0x0}}, {@broadcast}, {@dev}]}, @cipso={0x86, 0xd, 0x0, [{0x0, 0x7, "e02f39d6d0"}]}]}}}}}}}, 0x0)

00:43:30 executing program 2:
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000001dc0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000280)='task_newtask\x00'}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:30 executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x5, 0x2, 0x7, 0x102, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r0}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='ext4_discard_preallocations\x00', r2}, 0x10)
write$cgroup_int(r1, &(0x7f0000000100), 0x1001)
ioctl$SIOCSIFHWADDR(r1, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}})

[  840.106443][  T351] Quota error (device loop2): free_dqentry: Quota structure has offset to other block (1) than it should (5)
[  840.146299][T29919] EXT4-fs (loop2): re-mounted. Opts: (null). Quota mode: writeback.
00:43:30 executing program 1:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{}, &(0x7f0000000200), &(0x7f0000000280)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r0}, 0x10)
r1 = syz_open_dev$usbfs(&(0x7f0000000040), 0x76, 0x141201)
ioctl$USBDEVFS_REAPURB(r1, 0x4008550c, 0x0)
ioctl$USBDEVFS_SUBMITURB(r1, 0x8038550a, &(0x7f0000000080)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000000), 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

00:43:30 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0x8, 0x8}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000181100", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='tlb_flush\x00', r2}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:30 executing program 2:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

00:43:30 executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x0, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
read$char_usb(r2, 0x0, 0x0)

[  840.266358][  T329] usb 5-1: new high-speed USB device number 22 using dummy_hcd
00:43:31 executing program 1:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_service_time\x00', 0x275a, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1c916, &(0x7f0000000180)=ANY=[@ANYBLOB='nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=', @ANYRESHEX=0xee01, @ANYBLOB=',jqfmt=vfsold,noauto_da_alloc,resgid=', @ANYRESDEC=r1, @ANYBLOB="3200ff97274c68d17b7c16f8461797323c26897387cd742fcba8abebd00606fa2ce467cd74", @ANYRES32=r0], 0x1b, 0x4da, &(0x7f0000000a40)="$eJzs3d1rW+cZAPDnHFtZPpzZYbvIAsvCkmGHLZIdL4kZLNtgbFeBbdnF7jLPlo2xbBlLTmITNof9AYMR2kKvetWbQv+AQsldb0tLoL0vbWkpbdJe9KKNir7SxJH8QWQrWL8fHOs9H/LzvBJ6dd73vOgE0LNORcT5iHhYqVTORsRgY3vaWO4eiYj1+nEP7t+aqi5JVCpXP08iaWyrHj/y2P9sPCUORsTf/hzxr+TpuKXVtfnJQiG/3FjPlReWcqXVtXNzC5Oz+dn84vj42MWJSxMXJkY7Us+BiLj8x49f+N+rf7r85q9ufHDt05F/V9P6bWN/sx6dVq96pvZaNPVHxPJuBOuCvkZ9Mt1OBACAbWme5/88Is7GYPTVzuYAAACA/aTyu4H4JomoAAAAAPtWWpsbm6TZxjyAgUjTbLY+h/fHcTgtFEvlX84UVxan63NohyKTzswV8qONucJDkUmq62O18vfr5zesj0fEsYi4M3iotp6dKhamuz34AQAAAD3iyIb+/1eD9f4/AAAAsM8MdTsBAAAAYNfp/wMAAMD+16L//49u5AEAAADsir9cuVJdKs37X09fX12ZL14/N50vzWcXVqayU8XlpexssThb+82+ha3+X6FYXPp1LK7czJXzpXKutLp2baG4sli+NvfELbABAACAPXTsZ3ffTyJi/TeHakvVgW4nBeyJ/p0c/NHu5QHsvb5uJwB0zY6+/4F9JdPtBICuS7bY33byztudzwUAANgdwz9pff0/2XJsYD3doxSBXWL8D3qX6//Qu1z/h96Vib7QkYfetvvX/yuVHSUEAAB03EBtSdJsRG0cYCDSNJuNOFq7LUAmmZkr5Ecj4ocR8d5g5gfV9bHaM5Mt+wwAAAAAAAAAAAAAAAAAAAAAAAAAQF2lkkQFAAAA2Nci0k+Sxv2/hgfPDGwcHziQfD1Ye4yIGy9fffHmZLm8PFbd/sWj7eWXGtvPd2MEAwAAANio2U9v9uMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJMe3L811Vz2Mu5nf4iIoVbx++Ng7fFgZCLi8JdJ9D/2vCQi+joQf/12RBxvFT+pphVDjSxaxT/UxfhpRBzpQHzoZXer7c/vW33+0jhVe2z9+btYa6GeXfv2L33U/vW1aX+ObjPGiXuv59rGvx1xor91+9OMn7SJf3qb8f/597W1dvsqr0QMt/z+SZ6IlSsvLOVKq2vn5hYmZ/Oz+cXx8bGLE5cmLkyM5mbmCvnG3xYRDsT/f/rGw83qfzjutG1/N6v/mW3W/9t7N+//qF7MtIo/crr1+3+8Tfy08d33i0a5un+4WV6vlx938rV3Tka8+1a7+k+3ef23ev9Htln/s3/974fbPBQA2AOl1bX5yUIhv9zThWd6NaqnRc9FLRR2WvjP85HGc1nobrsEAAB03tN94Cd14ho7AAAAAAAAAAAAAAAAAAAAsLm9/HW9pvXuVBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYFPfBQAA//9z7Ner")
r2 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)

00:43:31 executing program 2:
bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r4, 0x0, 0x2)

00:43:31 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x5, 0x2, 0x7, 0x102, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r0}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='ext4_discard_preallocations\x00', r2}, 0x10)
write$cgroup_int(r1, &(0x7f0000000100), 0x1001)
ioctl$SIOCSIFHWADDR(r1, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}})

00:43:31 executing program 2:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
ioctl$KDSIGACCEPT(r1, 0x5607, 0x38)

[  840.364207][T29973] loop1: detected capacity change from 0 to 512
00:43:31 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0x8, 0x8}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000181100", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='tlb_flush\x00', r2}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

[  840.449431][T29973] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled
[  840.468386][T29973] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
00:43:31 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x0, 0x8, 0x1}, 0x48)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000940)={r0, &(0x7f0000000780)="d9", &(0x7f0000000900)=@udp=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000300)='kfree\x00', r2}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = memfd_create(&(0x7f0000000580)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\x91\xfdy\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7U\x00\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0`\xaa8\xc7\xc8\x9d\xfdA\b\x10\x92(c\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n\x8f~\xd0\xe2y-l\xef_\xb0\x93=\xabQ\xf7 \x1d\xa1\xce\x8b\xac \xe8\x88\xdc\x02\xd7\x04\x9b\x9aL\x9f([4\x81\xf6\xb6\xdf\x16J\xab\xecC\xfe{\xfd\x8a\xa3Eo\tCv\xad\x18\xe9\xd8]B6{\xf0(\xaeW;)\x9f\x9cR\xae\x12G\xd8\xa4\a\x00\x00\x00\x00\x00\x00\x00\x94\xb6\xe8\x885\x92#\x8dE \x86[N\xa7\xd03\xa8\xb4,\x85p\xbd\x88\x02\x1d\xf3\xd5X\xa0\xa9M\xca\xc7\x8b\x8cu\xf0\x00\x00\x00\x00\x00i\xc7\xe7\xbc\xd2\x1e\xf99|\x93\xc7\x7flk\xd2\xa0\xe9\x99`\xff\xf6\xfb\xc4\x9a[\x05\\\x96<\x92\xea}\xec\xac\x17\x9f7\xc0\xa1P\xd0\xf2\x8f\xdc\xf2\xb0\vV\xf7%4_\xba\x81\x95cLW\xfcw\xe0\x97wS\x15\xe4F\xb3\x8a\x9f\b\f\x10z\x14>\x03\xf9\xb0\x95\xbd\xaaF\x02\x86.\xbf\x85\xcfo)G\xb1m\xa8\x01H\x1fO\x9d\x9a\x1b\xfd\xaaf\x96\x92\x96\x1b\xfd\x8e\x10\x8a\x9e:\xa5\x14\xb0`\x82\xd8k\xfd\xd2XNh\xd3\xa3\x03\xb1\x10d)\x11.\xe8~\x8c\x19x\x8f\x82Y\xb9\xc8W\xd1\xa8\xa6b9\xbc\x1a\xff\xc5\xdcObsvRc\x13gb\xa4\x0e~\xbb\r\xb7!\x19\x17\xd56\xec\xb5\xe3\xd2\xa3\x17i\x1c?\xcb\x85\xbe\x13\xa13\x05\x8c\xa6Z\x87\xe0\x91]Bp\xd1\xabg\xd9p\xa9)n\xc5t\x8a\xcb\x1e\xec\x92\xdco\xc1\xe2\x12\xd3\xd1\x19\b&%\xf8a&9\x1b?\f\xd8\xa8\x1a\xc8q\x17\xc2]N\x9c\x80\xb1\x13\xb3\xd6\x01\xad\xc26\x13\x93\xd0\x80$\xc8\x05\x91\x9b\xa8\x02\xc3\x87\xc9\x86^\xb8\x7f\xec\\n\x05\xbf\xd7\x15\xce\xff\x00\xe7\xd9\xc5\r\x00\x02\x00\x00\x00\x00\x00\x00\x15\xd2\xd4~\x88\x19der\xa9B\x91m=\xcd\xf7\x9f\xaa\xe7\x9f\x11\x19\xf8\xe6\x16\x7f\xa8W\xf3\xbf\xcbq\x9d\x14#\xb0}\xb4#\x10\xa3\xc8\xff\xc3\x06\xe9^7\x86\x85\xd4:\x8dQd&E\xf4F\xc7l&\x19\xe6\x95\xec\xa1\n\x9cx\x8d\xf2\xec|\xccYR\xaeZ\xd2\x84\xed0\x00\x00\x00\x00\x00\x00\x00', 0x0)
r4 = dup(r3)
pwritev2(r4, 0x0, 0x0, 0x0, 0x0, 0x0)

[  840.506747][T29973] [EXT4 FS bs=4096, gc=1, bpg=3008, ipg=32, mo=4015e018, mo2=0000]
[  840.519673][T29973] EXT4-fs (loop1): 1 truncate cleaned up
[  840.525294][T29973] EXT4-fs (loop1): mounted filesystem without journal. Opts: nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=0x000000000000ee01,jqfmt=vfsold,noauto_da_alloc,resgid=000000000000000000032,errors=continue. Quota mode: writeback.
00:43:31 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x0, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
read$char_usb(r2, 0x0, 0x0)

00:43:31 executing program 1:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:31 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000070000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:31 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d000000"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
finit_module(r1, 0x0, 0x0)

00:43:31 executing program 2:
syz_emit_ethernet(0x4e, &(0x7f0000000100)={@local, @remote, @void, {@ipv4={0x800, @tcp={{0xb, 0x4, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x5, 0x0, @remote, @private=0xa010100, {[@timestamp_addr={0x44, 0x14, 0x7, 0x3, 0x0, [{@empty}, {@loopback}]}, @generic={0x83, 0x2}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0)

[  840.548490][  T351] Quota error (device loop1): free_dqentry: Quota structure has offset to other block (1) than it should (5)
[  840.566765][T29973] EXT4-fs (loop1): re-mounted. Opts: (null). Quota mode: writeback.
[  840.609987][T29994] Invalid ELF header magic: != ELF
[  840.656446][  T329] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  840.667352][  T329] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  840.678064][  T329] usb 5-1: New USB device found, idVendor=046d, idProduct=c71b, bcdDevice= 0.00
[  840.686926][  T329] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  840.695232][  T329] usb 5-1: config 0 descriptor??
[  841.177781][  T329] logitech-djreceiver 0003:046D:C71B.0137: item fetching failed at offset 5/7
[  841.186562][  T329] logitech-djreceiver 0003:046D:C71B.0137: logi_dj_probe: parse failed
[  841.194531][  T329] logitech-djreceiver: probe of 0003:046D:C71B.0137 failed with error -22
[  841.377485][  T870] usb 5-1: USB disconnect, device number 22
00:43:32 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000070000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:32 executing program 0:
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, &(0x7f0000000000))
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, r0, &(0x7f0000000100)={0xaf294b17a31401d5})
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000600)={0x6, 0x8, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000c600010025000000851000000100ee00950000000000000018400000ffffffff0000000000000000950000000000000075232c0eecd331e07393d7f8729d3d565f939ced19a0fd195760c83ad41a7f240433fc8b84bcfe8e70a9fccffdd95a4fc567eb6b4a6cca31f4"], 0x0, 0x8}, 0x90)
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$packet(0x11, 0x3, 0x300)
socket$packet(0x11, 0xa, 0x300)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)={0x58, 0x0, 0x1, 0x0, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @multicast1}}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x4}, @CTA_LABELS={0x4}]}, 0x58}}, 0x0)

00:43:32 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x5, 0x0, 0x1}, 0x48)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000940)={r0, &(0x7f0000000780)="d9", &(0x7f0000000900)=@udp=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000300)='kfree\x00', r2}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = memfd_create(&(0x7f0000000580)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\x91\xfdy\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7U\x00\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0`\xaa8\xc7\xc8\x9d\xfdA\b\x10\x92(c\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n\x8f~\xd0\xe2y-l\xef_\xb0\x93=\xabQ\xf7 \x1d\xa1\xce\x8b\xac \xe8\x88\xdc\x02\xd7\x04\x9b\x9aL\x9f([4\x81\xf6\xb6\xdf\x16J\xab\xecC\xfe{\xfd\x8a\xa3Eo\tCv\xad\x18\xe9\xd8]B6{\xf0(\xaeW;)\x9f\x9cR\xae\x12G\xd8\xa4\a\x00\x00\x00\x00\x00\x00\x00\x94\xb6\xe8\x885\x92#\x8dE \x86[N\xa7\xd03\xa8\xb4,\x85p\xbd\x88\x02\x1d\xf3\xd5X\xa0\xa9M\xca\xc7\x8b\x8cu\xf0\x00\x00\x00\x00\x00i\xc7\xe7\xbc\xd2\x1e\xf99|\x93\xc7\x7flk\xd2\xa0\xe9\x99`\xff\xf6\xfb\xc4\x9a[\x05\\\x96<\x92\xea}\xec\xac\x17\x9f7\xc0\xa1P\xd0\xf2\x8f\xdc\xf2\xb0\vV\xf7%4_\xba\x81\x95cLW\xfcw\xe0\x97wS\x15\xe4F\xb3\x8a\x9f\b\f\x10z\x14>\x03\xf9\xb0\x95\xbd\xaaF\x02\x86.\xbf\x85\xcfo)G\xb1m\xa8\x01H\x1fO\x9d\x9a\x1b\xfd\xaaf\x96\x92\x96\x1b\xfd\x8e\x10\x8a\x9e:\xa5\x14\xb0`\x82\xd8k\xfd\xd2XNh\xd3\xa3\x03\xb1\x10d)\x11.\xe8~\x8c\x19x\x8f\x82Y\xb9\xc8W\xd1\xa8\xa6b9\xbc\x1a\xff\xc5\xdcObsvRc\x13gb\xa4\x0e~\xbb\r\xb7!\x19\x17\xd56\xec\xb5\xe3\xd2\xa3\x17i\x1c?\xcb\x85\xbe\x13\xa13\x05\x8c\xa6Z\x87\xe0\x91]Bp\xd1\xabg\xd9p\xa9)n\xc5t\x8a\xcb\x1e\xec\x92\xdco\xc1\xe2\x12\xd3\xd1\x19\b&%\xf8a&9\x1b?\f\xd8\xa8\x1a\xc8q\x17\xc2]N\x9c\x80\xb1\x13\xb3\xd6\x01\xad\xc26\x13\x93\xd0\x80$\xc8\x05\x91\x9b\xa8\x02\xc3\x87\xc9\x86^\xb8\x7f\xec\\n\x05\xbf\xd7\x15\xce\xff\x00\xe7\xd9\xc5\r\x00\x02\x00\x00\x00\x00\x00\x00\x15\xd2\xd4~\x88\x19der\xa9B\x91m=\xcd\xf7\x9f\xaa\xe7\x9f\x11\x19\xf8\xe6\x16\x7f\xa8W\xf3\xbf\xcbq\x9d\x14#\xb0}\xb4#\x10\xa3\xc8\xff\xc3\x06\xe9^7\x86\x85\xd4:\x8dQd&E\xf4F\xc7l&\x19\xe6\x95\xec\xa1\n\x9cx\x8d\xf2\xec|\xccYR\xaeZ\xd2\x84\xed0\x00\x00\x00\x00\x00\x00\x00', 0x0)
r4 = dup(r3)
pwritev2(r4, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:32 executing program 1:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_service_time\x00', 0x275a, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1c916, &(0x7f0000000180)=ANY=[@ANYBLOB='nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=', @ANYRESHEX=0xee01, @ANYBLOB=',jqfmt=vfsold,noauto_da_alloc,resgid=', @ANYRESDEC=r1, @ANYBLOB="3200ff97274c68d17b7c16f8461797323c26897387cd742fcba8abebd00606fa2ce467cd74", @ANYRES32=r0], 0x1b, 0x4da, &(0x7f0000000a40)="$eJzs3d1rW+cZAPDnHFtZPpzZYbvIAsvCkmGHLZIdL4kZLNtgbFeBbdnF7jLPlo2xbBlLTmITNof9AYMR2kKvetWbQv+AQsldb0tLoL0vbWkpbdJe9KKNir7SxJH8QWQrWL8fHOs9H/LzvBJ6dd73vOgE0LNORcT5iHhYqVTORsRgY3vaWO4eiYj1+nEP7t+aqi5JVCpXP08iaWyrHj/y2P9sPCUORsTf/hzxr+TpuKXVtfnJQiG/3FjPlReWcqXVtXNzC5Oz+dn84vj42MWJSxMXJkY7Us+BiLj8x49f+N+rf7r85q9ufHDt05F/V9P6bWN/sx6dVq96pvZaNPVHxPJuBOuCvkZ9Mt1OBACAbWme5/88Is7GYPTVzuYAAACA/aTyu4H4JomoAAAAAPtWWpsbm6TZxjyAgUjTbLY+h/fHcTgtFEvlX84UVxan63NohyKTzswV8qONucJDkUmq62O18vfr5zesj0fEsYi4M3iotp6dKhamuz34AQAAAD3iyIb+/1eD9f4/AAAAsM8MdTsBAAAAYNfp/wMAAMD+16L//49u5AEAAADsir9cuVJdKs37X09fX12ZL14/N50vzWcXVqayU8XlpexssThb+82+ha3+X6FYXPp1LK7czJXzpXKutLp2baG4sli+NvfELbABAACAPXTsZ3ffTyJi/TeHakvVgW4nBeyJ/p0c/NHu5QHsvb5uJwB0zY6+/4F9JdPtBICuS7bY33byztudzwUAANgdwz9pff0/2XJsYD3doxSBXWL8D3qX6//Qu1z/h96Vib7QkYfetvvX/yuVHSUEAAB03EBtSdJsRG0cYCDSNJuNOFq7LUAmmZkr5Ecj4ocR8d5g5gfV9bHaM5Mt+wwAAAAAAAAAAAAAAAAAAAAAAAAAQF2lkkQFAAAA2Nci0k+Sxv2/hgfPDGwcHziQfD1Ye4yIGy9fffHmZLm8PFbd/sWj7eWXGtvPd2MEAwAAANio2U9v9uMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJMe3L811Vz2Mu5nf4iIoVbx++Ng7fFgZCLi8JdJ9D/2vCQi+joQf/12RBxvFT+pphVDjSxaxT/UxfhpRBzpQHzoZXer7c/vW33+0jhVe2z9+btYa6GeXfv2L33U/vW1aX+ObjPGiXuv59rGvx1xor91+9OMn7SJf3qb8f/597W1dvsqr0QMt/z+SZ6IlSsvLOVKq2vn5hYmZ/Oz+cXx8bGLE5cmLkyM5mbmCvnG3xYRDsT/f/rGw83qfzjutG1/N6v/mW3W/9t7N+//qF7MtIo/crr1+3+8Tfy08d33i0a5un+4WV6vlx938rV3Tka8+1a7+k+3ef23ev9Htln/s3/974fbPBQA2AOl1bX5yUIhv9zThWd6NaqnRc9FLRR2WvjP85HGc1nobrsEAAB03tN94Cd14ho7AAAAAAAAAAAAAAAAAAAAsLm9/HW9pvXuVBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYFPfBQAA//9z7Ner")
r2 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)

00:43:32 executing program 3:
r0 = socket$inet_udp(0x2, 0x2, 0x0)
sendmmsg$sock(r0, &(0x7f0000001e00)=[{{&(0x7f0000000000)=@in={0x2, 0x4e24, @local}, 0x80, 0x0, 0x0, &(0x7f0000000180)=[@timestamping={{0x14}}], 0x18}}], 0x1, 0x0)

00:43:32 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x0, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
read$char_usb(r2, 0x0, 0x0)

00:43:32 executing program 2:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
finit_module(r1, 0x0, 0x0)

00:43:32 executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x6, 0x4, 0x7fe2, 0x1}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0x14, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000ff7f00007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000180100002520732500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000380)='ext4_ext_handle_unwritten_extents\x00', r1}, 0x10)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.current\x00', 0x275a, 0x0)
ioctl$SIOCSIFHWADDR(r2, 0x40305839, &(0x7f0000000540)={'\x00', @link_local={0x1, 0x80, 0xc2, 0x5}})

00:43:32 executing program 0:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:32 executing program 2:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000480)={0x0, 0x0, 0x0}, 0x0)
ioctl$KDGKBMODE(0xffffffffffffffff, 0x4b44, 0x0)
ioctl$VT_RESIZEX(r0, 0x4b4a, 0x0)

00:43:32 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r4 = dup(r3)
write$FUSE_BMAP(r4, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r5, 0x0, 0x2)

00:43:32 executing program 4:
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = socket$xdp(0x2c, 0x3, 0x0)
getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0)
r1 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x204, 0x0)
mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x0, 0x11012, r1, 0x0)
setsockopt$XDP_RX_RING(r0, 0x11b, 0x2, &(0x7f0000001980), 0x4)

[  841.918108][T30004] loop1: detected capacity change from 0 to 512
[  841.939949][T30013] Invalid ELF header magic: != ELF
00:43:32 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x5, 0x0, 0x1}, 0x48)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000940)={r0, &(0x7f0000000780)="d9", &(0x7f0000000900)=@udp=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000300)='kfree\x00', r2}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = memfd_create(&(0x7f0000000580)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\x91\xfdy\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7U\x00\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0`\xaa8\xc7\xc8\x9d\xfdA\b\x10\x92(c\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n\x8f~\xd0\xe2y-l\xef_\xb0\x93=\xabQ\xf7 \x1d\xa1\xce\x8b\xac \xe8\x88\xdc\x02\xd7\x04\x9b\x9aL\x9f([4\x81\xf6\xb6\xdf\x16J\xab\xecC\xfe{\xfd\x8a\xa3Eo\tCv\xad\x18\xe9\xd8]B6{\xf0(\xaeW;)\x9f\x9cR\xae\x12G\xd8\xa4\a\x00\x00\x00\x00\x00\x00\x00\x94\xb6\xe8\x885\x92#\x8dE \x86[N\xa7\xd03\xa8\xb4,\x85p\xbd\x88\x02\x1d\xf3\xd5X\xa0\xa9M\xca\xc7\x8b\x8cu\xf0\x00\x00\x00\x00\x00i\xc7\xe7\xbc\xd2\x1e\xf99|\x93\xc7\x7flk\xd2\xa0\xe9\x99`\xff\xf6\xfb\xc4\x9a[\x05\\\x96<\x92\xea}\xec\xac\x17\x9f7\xc0\xa1P\xd0\xf2\x8f\xdc\xf2\xb0\vV\xf7%4_\xba\x81\x95cLW\xfcw\xe0\x97wS\x15\xe4F\xb3\x8a\x9f\b\f\x10z\x14>\x03\xf9\xb0\x95\xbd\xaaF\x02\x86.\xbf\x85\xcfo)G\xb1m\xa8\x01H\x1fO\x9d\x9a\x1b\xfd\xaaf\x96\x92\x96\x1b\xfd\x8e\x10\x8a\x9e:\xa5\x14\xb0`\x82\xd8k\xfd\xd2XNh\xd3\xa3\x03\xb1\x10d)\x11.\xe8~\x8c\x19x\x8f\x82Y\xb9\xc8W\xd1\xa8\xa6b9\xbc\x1a\xff\xc5\xdcObsvRc\x13gb\xa4\x0e~\xbb\r\xb7!\x19\x17\xd56\xec\xb5\xe3\xd2\xa3\x17i\x1c?\xcb\x85\xbe\x13\xa13\x05\x8c\xa6Z\x87\xe0\x91]Bp\xd1\xabg\xd9p\xa9)n\xc5t\x8a\xcb\x1e\xec\x92\xdco\xc1\xe2\x12\xd3\xd1\x19\b&%\xf8a&9\x1b?\f\xd8\xa8\x1a\xc8q\x17\xc2]N\x9c\x80\xb1\x13\xb3\xd6\x01\xad\xc26\x13\x93\xd0\x80$\xc8\x05\x91\x9b\xa8\x02\xc3\x87\xc9\x86^\xb8\x7f\xec\\n\x05\xbf\xd7\x15\xce\xff\x00\xe7\xd9\xc5\r\x00\x02\x00\x00\x00\x00\x00\x00\x15\xd2\xd4~\x88\x19der\xa9B\x91m=\xcd\xf7\x9f\xaa\xe7\x9f\x11\x19\xf8\xe6\x16\x7f\xa8W\xf3\xbf\xcbq\x9d\x14#\xb0}\xb4#\x10\xa3\xc8\xff\xc3\x06\xe9^7\x86\x85\xd4:\x8dQd&E\xf4F\xc7l&\x19\xe6\x95\xec\xa1\n\x9cx\x8d\xf2\xec|\xccYR\xaeZ\xd2\x84\xed0\x00\x00\x00\x00\x00\x00\x00', 0x0)
r4 = dup(r3)
pwritev2(r4, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:32 executing program 4:
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in6=@empty, @in=@private, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x9}, {}, 0x1, 0x0, 0x1}}, 0xb8}}, 0x0)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="c4000000190001000000000000000000000000000001000000000000000000000000000000000000000000000000000000000200000000000200000000400000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0xc4}}, 0x0)

00:43:32 executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x0, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
read$char_usb(r2, 0x0, 0x0)

00:43:32 executing program 2:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
finit_module(r1, 0x0, 0x0)

[  841.964125][   T30] audit: type=1400 audit(1713055412.619:933): avc:  denied  { map } for  pid=30018 comm="syz-executor.4" path="/dev/bus/usb/006/001" dev="devtmpfs" ino=155 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  841.995057][T30004] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled
[  842.008502][T30027] netlink: 12 bytes leftover after parsing attributes in process `syz-executor.4'.
00:43:32 executing program 3:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:32 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000070000000000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:32 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r4 = dup(r3)
write$FUSE_BMAP(r4, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r5, 0x0, 0x2)

00:43:32 executing program 0:
io_setup(0x8, &(0x7f0000000000)=<r0=>0x0)
r1 = eventfd2(0x0, 0x0)
io_submit(r0, 0x1, &(0x7f0000000600)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r1, 0x0}])
r2 = socket$netlink(0x10, 0x3, 0x0)
r3 = fcntl$dupfd(r1, 0x0, r2)
writev(r3, &(0x7f0000000580)=[{&(0x7f0000000180)="000000f071f4a000", 0x8}, {0x0}], 0x2)

[  842.018010][T30004] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  842.028662][T30029] Invalid ELF header magic: != ELF
[  842.057220][T30004] [EXT4 FS bs=4096, gc=1, bpg=3008, ipg=32, mo=4015e018, mo2=0000]
00:43:32 executing program 4:
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000200), &(0x7f0000000280)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10)
r2 = syz_open_dev$usbfs(&(0x7f0000000040), 0x76, 0x141201)
ioctl$USBDEVFS_REAPURB(r2, 0x4008550c, 0x0)
ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000080)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000000), 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

00:43:32 executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x5, 0x2, 0x7, 0x102, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r0}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
r2 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='ext4_discard_preallocations\x00', r2}, 0x10)
write$cgroup_int(r1, &(0x7f0000000100), 0x1001)
ioctl$SIOCSIFHWADDR(r1, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}})

00:43:32 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0x0, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
read$char_usb(r2, 0x0, 0x0)

00:43:32 executing program 3:
sendto(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r0, &(0x7f00000001c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0)
r1 = socket$packet(0x11, 0x2, 0x300)
getsockopt$packet_buf(r1, 0x107, 0x0, &(0x7f0000000140)=""/5, &(0x7f00000001c0)=0x5)

[  842.080676][T30004] EXT4-fs (loop1): 1 truncate cleaned up
[  842.093421][T30004] EXT4-fs (loop1): mounted filesystem without journal. Opts: nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=0x000000000000ee01,jqfmt=vfsold,noauto_da_alloc,resgid=000000000000000000032,errors=continue. Quota mode: writeback.
00:43:32 executing program 2:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0x8, 0x8}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='tlb_flush\x00', r2}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:32 executing program 1:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
finit_module(r1, 0x0, 0x0)

00:43:32 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000700"/15, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:32 executing program 3:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:32 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r4, 0x0, 0x2)

00:43:32 executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x5, 0x0, 0x1}, 0x48)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000940)={r0, &(0x7f0000000780)="d9", &(0x7f0000000900)=@udp=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000300)='kfree\x00', r2}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = memfd_create(&(0x7f0000000580)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\x91\xfdy\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7U\x00\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0`\xaa8\xc7\xc8\x9d\xfdA\b\x10\x92(c\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n\x8f~\xd0\xe2y-l\xef_\xb0\x93=\xabQ\xf7 \x1d\xa1\xce\x8b\xac \xe8\x88\xdc\x02\xd7\x04\x9b\x9aL\x9f([4\x81\xf6\xb6\xdf\x16J\xab\xecC\xfe{\xfd\x8a\xa3Eo\tCv\xad\x18\xe9\xd8]B6{\xf0(\xaeW;)\x9f\x9cR\xae\x12G\xd8\xa4\a\x00\x00\x00\x00\x00\x00\x00\x94\xb6\xe8\x885\x92#\x8dE \x86[N\xa7\xd03\xa8\xb4,\x85p\xbd\x88\x02\x1d\xf3\xd5X\xa0\xa9M\xca\xc7\x8b\x8cu\xf0\x00\x00\x00\x00\x00i\xc7\xe7\xbc\xd2\x1e\xf99|\x93\xc7\x7flk\xd2\xa0\xe9\x99`\xff\xf6\xfb\xc4\x9a[\x05\\\x96<\x92\xea}\xec\xac\x17\x9f7\xc0\xa1P\xd0\xf2\x8f\xdc\xf2\xb0\vV\xf7%4_\xba\x81\x95cLW\xfcw\xe0\x97wS\x15\xe4F\xb3\x8a\x9f\b\f\x10z\x14>\x03\xf9\xb0\x95\xbd\xaaF\x02\x86.\xbf\x85\xcfo)G\xb1m\xa8\x01H\x1fO\x9d\x9a\x1b\xfd\xaaf\x96\x92\x96\x1b\xfd\x8e\x10\x8a\x9e:\xa5\x14\xb0`\x82\xd8k\xfd\xd2XNh\xd3\xa3\x03\xb1\x10d)\x11.\xe8~\x8c\x19x\x8f\x82Y\xb9\xc8W\xd1\xa8\xa6b9\xbc\x1a\xff\xc5\xdcObsvRc\x13gb\xa4\x0e~\xbb\r\xb7!\x19\x17\xd56\xec\xb5\xe3\xd2\xa3\x17i\x1c?\xcb\x85\xbe\x13\xa13\x05\x8c\xa6Z\x87\xe0\x91]Bp\xd1\xabg\xd9p\xa9)n\xc5t\x8a\xcb\x1e\xec\x92\xdco\xc1\xe2\x12\xd3\xd1\x19\b&%\xf8a&9\x1b?\f\xd8\xa8\x1a\xc8q\x17\xc2]N\x9c\x80\xb1\x13\xb3\xd6\x01\xad\xc26\x13\x93\xd0\x80$\xc8\x05\x91\x9b\xa8\x02\xc3\x87\xc9\x86^\xb8\x7f\xec\\n\x05\xbf\xd7\x15\xce\xff\x00\xe7\xd9\xc5\r\x00\x02\x00\x00\x00\x00\x00\x00\x15\xd2\xd4~\x88\x19der\xa9B\x91m=\xcd\xf7\x9f\xaa\xe7\x9f\x11\x19\xf8\xe6\x16\x7f\xa8W\xf3\xbf\xcbq\x9d\x14#\xb0}\xb4#\x10\xa3\xc8\xff\xc3\x06\xe9^7\x86\x85\xd4:\x8dQd&E\xf4F\xc7l&\x19\xe6\x95\xec\xa1\n\x9cx\x8d\xf2\xec|\xccYR\xaeZ\xd2\x84\xed0\x00\x00\x00\x00\x00\x00\x00', 0x0)
r4 = dup(r3)
pwritev2(r4, 0x0, 0x0, 0x0, 0x0, 0x0)

[  842.129567][ T2745] Quota error (device loop1): free_dqentry: Quota structure has offset to other block (1) than it should (5)
[  842.141445][T30004] EXT4-fs (loop1): re-mounted. Opts: (null). Quota mode: writeback.
00:43:32 executing program 3:
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r1 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
read$char_usb(r1, 0x0, 0x0)

00:43:32 executing program 2:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_service_time\x00', 0x275a, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1c916, &(0x7f0000000180)=ANY=[@ANYBLOB='nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=', @ANYRESHEX=0xee01, @ANYBLOB=',jqfmt=vfsold,noauto_da_alloc,resgid=', @ANYRESDEC=r1, @ANYBLOB="3200ff97274c68d17b7c16f8461797323c26897387cd742fcba8abebd00606fa2ce467cd74", @ANYRES32=r0], 0x1b, 0x4da, &(0x7f0000000a40)="$eJzs3d1rW+cZAPDnHFtZPpzZYbvIAsvCkmGHLZIdL4kZLNtgbFeBbdnF7jLPlo2xbBlLTmITNof9AYMR2kKvetWbQv+AQsldb0tLoL0vbWkpbdJe9KKNir7SxJH8QWQrWL8fHOs9H/LzvBJ6dd73vOgE0LNORcT5iHhYqVTORsRgY3vaWO4eiYj1+nEP7t+aqi5JVCpXP08iaWyrHj/y2P9sPCUORsTf/hzxr+TpuKXVtfnJQiG/3FjPlReWcqXVtXNzC5Oz+dn84vj42MWJSxMXJkY7Us+BiLj8x49f+N+rf7r85q9ufHDt05F/V9P6bWN/sx6dVq96pvZaNPVHxPJuBOuCvkZ9Mt1OBACAbWme5/88Is7GYPTVzuYAAACA/aTyu4H4JomoAAAAAPtWWpsbm6TZxjyAgUjTbLY+h/fHcTgtFEvlX84UVxan63NohyKTzswV8qONucJDkUmq62O18vfr5zesj0fEsYi4M3iotp6dKhamuz34AQAAAD3iyIb+/1eD9f4/AAAAsM8MdTsBAAAAYNfp/wMAAMD+16L//49u5AEAAADsir9cuVJdKs37X09fX12ZL14/N50vzWcXVqayU8XlpexssThb+82+ha3+X6FYXPp1LK7czJXzpXKutLp2baG4sli+NvfELbABAACAPXTsZ3ffTyJi/TeHakvVgW4nBeyJ/p0c/NHu5QHsvb5uJwB0zY6+/4F9JdPtBICuS7bY33byztudzwUAANgdwz9pff0/2XJsYD3doxSBXWL8D3qX6//Qu1z/h96Vib7QkYfetvvX/yuVHSUEAAB03EBtSdJsRG0cYCDSNJuNOFq7LUAmmZkr5Ecj4ocR8d5g5gfV9bHaM5Mt+wwAAAAAAAAAAAAAAAAAAAAAAAAAQF2lkkQFAAAA2Nci0k+Sxv2/hgfPDGwcHziQfD1Ye4yIGy9fffHmZLm8PFbd/sWj7eWXGtvPd2MEAwAAANio2U9v9uMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJMe3L811Vz2Mu5nf4iIoVbx++Ng7fFgZCLi8JdJ9D/2vCQi+joQf/12RBxvFT+pphVDjSxaxT/UxfhpRBzpQHzoZXer7c/vW33+0jhVe2z9+btYa6GeXfv2L33U/vW1aX+ObjPGiXuv59rGvx1xor91+9OMn7SJf3qb8f/597W1dvsqr0QMt/z+SZ6IlSsvLOVKq2vn5hYmZ/Oz+cXx8bGLE5cmLkyM5mbmCvnG3xYRDsT/f/rGw83qfzjutG1/N6v/mW3W/9t7N+//qF7MtIo/crr1+3+8Tfy08d33i0a5un+4WV6vlx938rV3Tka8+1a7+k+3ef23ev9Htln/s3/974fbPBQA2AOl1bX5yUIhv9zThWd6NaqnRc9FLRR2WvjP85HGc1nobrsEAAB03tN94Cd14ho7AAAAAAAAAAAAAAAAAAAAsLm9/HW9pvXuVBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYFPfBQAA//9z7Ner")
r2 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)

00:43:32 executing program 0:
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
recvmsg(r0, &(0x7f0000000000)={&(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, 0x0}, 0x0)
close(0xffffffffffffffff)
socketpair(0x1, 0x1, 0x0, 0x0)

00:43:32 executing program 3:
openat$tcp_congestion(0xffffffffffffff9c, &(0x7f0000000080), 0x1, 0x0)
r0 = socket$nl_route(0x10, 0x3, 0x0)
pipe2$watch_queue(0x0, 0x80)
socket$unix(0x1, 0x0, 0x0)
recvfrom(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0)
recvmsg(r0, &(0x7f0000000100)={&(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, <r1=>0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x80, 0x0}, 0x0)
socket$inet6(0xa, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
close(r1)
epoll_create(0x2802)

00:43:32 executing program 4:
r0 = bpf$MAP_CREATE(0x0, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000200), &(0x7f0000000280)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10)
r2 = syz_open_dev$usbfs(&(0x7f0000000040), 0x76, 0x141201)
ioctl$USBDEVFS_REAPURB(r2, 0x4008550c, 0x0)
ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000080)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000000), 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

[  842.219915][T30066] Invalid ELF header magic: != ELF
00:43:32 executing program 1:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:32 executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x5, 0x8}, 0x48)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000940)={r0, &(0x7f0000000780)="d9", &(0x7f0000000900)=@udp=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000300)='kfree\x00', r2}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = memfd_create(&(0x7f0000000580)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\x91\xfdy\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7U\x00\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0`\xaa8\xc7\xc8\x9d\xfdA\b\x10\x92(c\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n\x8f~\xd0\xe2y-l\xef_\xb0\x93=\xabQ\xf7 \x1d\xa1\xce\x8b\xac \xe8\x88\xdc\x02\xd7\x04\x9b\x9aL\x9f([4\x81\xf6\xb6\xdf\x16J\xab\xecC\xfe{\xfd\x8a\xa3Eo\tCv\xad\x18\xe9\xd8]B6{\xf0(\xaeW;)\x9f\x9cR\xae\x12G\xd8\xa4\a\x00\x00\x00\x00\x00\x00\x00\x94\xb6\xe8\x885\x92#\x8dE \x86[N\xa7\xd03\xa8\xb4,\x85p\xbd\x88\x02\x1d\xf3\xd5X\xa0\xa9M\xca\xc7\x8b\x8cu\xf0\x00\x00\x00\x00\x00i\xc7\xe7\xbc\xd2\x1e\xf99|\x93\xc7\x7flk\xd2\xa0\xe9\x99`\xff\xf6\xfb\xc4\x9a[\x05\\\x96<\x92\xea}\xec\xac\x17\x9f7\xc0\xa1P\xd0\xf2\x8f\xdc\xf2\xb0\vV\xf7%4_\xba\x81\x95cLW\xfcw\xe0\x97wS\x15\xe4F\xb3\x8a\x9f\b\f\x10z\x14>\x03\xf9\xb0\x95\xbd\xaaF\x02\x86.\xbf\x85\xcfo)G\xb1m\xa8\x01H\x1fO\x9d\x9a\x1b\xfd\xaaf\x96\x92\x96\x1b\xfd\x8e\x10\x8a\x9e:\xa5\x14\xb0`\x82\xd8k\xfd\xd2XNh\xd3\xa3\x03\xb1\x10d)\x11.\xe8~\x8c\x19x\x8f\x82Y\xb9\xc8W\xd1\xa8\xa6b9\xbc\x1a\xff\xc5\xdcObsvRc\x13gb\xa4\x0e~\xbb\r\xb7!\x19\x17\xd56\xec\xb5\xe3\xd2\xa3\x17i\x1c?\xcb\x85\xbe\x13\xa13\x05\x8c\xa6Z\x87\xe0\x91]Bp\xd1\xabg\xd9p\xa9)n\xc5t\x8a\xcb\x1e\xec\x92\xdco\xc1\xe2\x12\xd3\xd1\x19\b&%\xf8a&9\x1b?\f\xd8\xa8\x1a\xc8q\x17\xc2]N\x9c\x80\xb1\x13\xb3\xd6\x01\xad\xc26\x13\x93\xd0\x80$\xc8\x05\x91\x9b\xa8\x02\xc3\x87\xc9\x86^\xb8\x7f\xec\\n\x05\xbf\xd7\x15\xce\xff\x00\xe7\xd9\xc5\r\x00\x02\x00\x00\x00\x00\x00\x00\x15\xd2\xd4~\x88\x19der\xa9B\x91m=\xcd\xf7\x9f\xaa\xe7\x9f\x11\x19\xf8\xe6\x16\x7f\xa8W\xf3\xbf\xcbq\x9d\x14#\xb0}\xb4#\x10\xa3\xc8\xff\xc3\x06\xe9^7\x86\x85\xd4:\x8dQd&E\xf4F\xc7l&\x19\xe6\x95\xec\xa1\n\x9cx\x8d\xf2\xec|\xccYR\xaeZ\xd2\x84\xed0\x00\x00\x00\x00\x00\x00\x00', 0x0)
r4 = dup(r3)
pwritev2(r4, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:32 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

[  842.245956][T30069] loop2: detected capacity change from 0 to 512
[  842.268085][T30069] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled
[  842.283802][T30069] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
00:43:32 executing program 1:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
ioctl$KDSIGACCEPT(r1, 0x5607, 0x38)

00:43:32 executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r1 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
read$char_usb(r1, 0x0, 0x0)

00:43:33 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r4, 0x0, 0x2)

[  842.309230][T30069] [EXT4 FS bs=4096, gc=1, bpg=3008, ipg=32, mo=4015e018, mo2=0000]
[  842.328228][T30069] EXT4-fs (loop2): 1 truncate cleaned up
[  842.336376][T30069] EXT4-fs (loop2): mounted filesystem without journal. Opts: nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=0x000000000000ee01,jqfmt=vfsold,noauto_da_alloc,resgid=000000000000000000032,errors=continue. Quota mode: writeback.
00:43:33 executing program 4:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
finit_module(r0, 0x0, 0x0)

00:43:33 executing program 1:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:33 executing program 2:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

00:43:33 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:33 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x4, 0xfff, 0x7}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000200), &(0x7f0000000280)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10)
r2 = syz_open_dev$usbfs(&(0x7f0000000040), 0x76, 0x141201)
ioctl$USBDEVFS_REAPURB(r2, 0x4008550c, 0x0)
ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000080)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000000), 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

00:43:33 executing program 1:
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_int(r0, &(0x7f0000000200), 0x12)

[  842.367598][  T351] Quota error (device loop2): free_dqentry: Quota structure has offset to other block (1) than it should (5)
[  842.375674][T30069] EXT4-fs (loop2): re-mounted. Opts: (null). Quota mode: writeback.
[  842.406530][T30098] Invalid ELF header magic: != ELF
00:43:33 executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r4, 0x0, 0x2)

00:43:33 executing program 4:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
ioctl$KDSIGACCEPT(r1, 0x5607, 0x38)

00:43:33 executing program 2:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_service_time\x00', 0x275a, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1c916, &(0x7f0000000180)=ANY=[@ANYBLOB='nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=', @ANYRESHEX=0xee01, @ANYBLOB=',jqfmt=vfsold,noauto_da_alloc,resgid=', @ANYRESDEC=r1, @ANYBLOB="3200ff97274c68d17b7c16f8461797323c26897387cd742fcba8abebd00606fa2ce467cd74", @ANYRES32=r0], 0x1b, 0x4da, &(0x7f0000000a40)="$eJzs3d1rW+cZAPDnHFtZPpzZYbvIAsvCkmGHLZIdL4kZLNtgbFeBbdnF7jLPlo2xbBlLTmITNof9AYMR2kKvetWbQv+AQsldb0tLoL0vbWkpbdJe9KKNir7SxJH8QWQrWL8fHOs9H/LzvBJ6dd73vOgE0LNORcT5iHhYqVTORsRgY3vaWO4eiYj1+nEP7t+aqi5JVCpXP08iaWyrHj/y2P9sPCUORsTf/hzxr+TpuKXVtfnJQiG/3FjPlReWcqXVtXNzC5Oz+dn84vj42MWJSxMXJkY7Us+BiLj8x49f+N+rf7r85q9ufHDt05F/V9P6bWN/sx6dVq96pvZaNPVHxPJuBOuCvkZ9Mt1OBACAbWme5/88Is7GYPTVzuYAAACA/aTyu4H4JomoAAAAAPtWWpsbm6TZxjyAgUjTbLY+h/fHcTgtFEvlX84UVxan63NohyKTzswV8qONucJDkUmq62O18vfr5zesj0fEsYi4M3iotp6dKhamuz34AQAAAD3iyIb+/1eD9f4/AAAAsM8MdTsBAAAAYNfp/wMAAMD+16L//49u5AEAAADsir9cuVJdKs37X09fX12ZL14/N50vzWcXVqayU8XlpexssThb+82+ha3+X6FYXPp1LK7czJXzpXKutLp2baG4sli+NvfELbABAACAPXTsZ3ffTyJi/TeHakvVgW4nBeyJ/p0c/NHu5QHsvb5uJwB0zY6+/4F9JdPtBICuS7bY33byztudzwUAANgdwz9pff0/2XJsYD3doxSBXWL8D3qX6//Qu1z/h96Vib7QkYfetvvX/yuVHSUEAAB03EBtSdJsRG0cYCDSNJuNOFq7LUAmmZkr5Ecj4ocR8d5g5gfV9bHaM5Mt+wwAAAAAAAAAAAAAAAAAAAAAAAAAQF2lkkQFAAAA2Nci0k+Sxv2/hgfPDGwcHziQfD1Ye4yIGy9fffHmZLm8PFbd/sWj7eWXGtvPd2MEAwAAANio2U9v9uMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJMe3L811Vz2Mu5nf4iIoVbx++Ng7fFgZCLi8JdJ9D/2vCQi+joQf/12RBxvFT+pphVDjSxaxT/UxfhpRBzpQHzoZXer7c/vW33+0jhVe2z9+btYa6GeXfv2L33U/vW1aX+ObjPGiXuv59rGvx1xor91+9OMn7SJf3qb8f/597W1dvsqr0QMt/z+SZ6IlSsvLOVKq2vn5hYmZ/Oz+cXx8bGLE5cmLkyM5mbmCvnG3xYRDsT/f/rGw83qfzjutG1/N6v/mW3W/9t7N+//qF7MtIo/crr1+3+8Tfy08d33i0a5un+4WV6vlx938rV3Tka8+1a7+k+3ef23ev9Htln/s3/974fbPBQA2AOl1bX5yUIhv9zThWd6NaqnRc9FLRR2WvjP85HGc1nobrsEAAB03tN94Cd14ho7AAAAAAAAAAAAAAAAAAAAsLm9/HW9pvXuVBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYFPfBQAA//9z7Ner")
r2 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)

00:43:33 executing program 1:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000010000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:33 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
finit_module(r0, 0x0, 0x0)

00:43:33 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

[  842.501901][T30114] loop2: detected capacity change from 0 to 512
[  842.523381][T30119] Invalid ELF header magic: != ELF
[  842.527283][T30114] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled
[  842.539627][T30114] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
00:43:33 executing program 1:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c)
listen(r0, 0xfff)
syz_emit_ethernet(0x4a, &(0x7f0000000440)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0)
syz_emit_ethernet(0x4e, &(0x7f00000002c0)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "f200", 0x18, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x0, {[@generic={0x1, 0x2}]}}}}}}}}, 0x0)

00:43:33 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x4, 0xfff, 0x7}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000200), &(0x7f0000000280)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10)
r2 = syz_open_dev$usbfs(&(0x7f0000000040), 0x76, 0x141201)
ioctl$USBDEVFS_REAPURB(r2, 0x4008550c, 0x0)
ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000080)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000000), 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

[  842.578039][T30114] [EXT4 FS bs=4096, gc=1, bpg=3008, ipg=32, mo=4015e018, mo2=0000]
[  842.592639][T30114] EXT4-fs (loop2): 1 truncate cleaned up
[  842.598603][T30114] EXT4-fs (loop2): mounted filesystem without journal. Opts: nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=0x000000000000ee01,jqfmt=vfsold,noauto_da_alloc,resgid=000000000000000000032,errors=continue. Quota mode: writeback.
00:43:33 executing program 1:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

00:43:33 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r1}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r4 = dup(r3)
write$FUSE_BMAP(r4, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r5, 0x0, 0x2)

00:43:33 executing program 4:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:33 executing program 4:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
finit_module(r0, 0x0, 0x0)

00:43:33 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0x8, 0x8}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={0x0, r2}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

[  842.622051][  T351] Quota error (device loop2): free_dqentry: Quota structure has offset to other block (1) than it should (5)
[  842.642083][T30114] EXT4-fs (loop2): re-mounted. Opts: (null). Quota mode: writeback.
00:43:33 executing program 4:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
ioctl$KDSIGACCEPT(r1, 0x5607, 0x38)

00:43:33 executing program 2:
timer_create(0x0, &(0x7f0000000680)={0x0, 0x21}, &(0x7f0000000100))
timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0xffffffffffffff09, &(0x7f0000000b00)={&(0x7f00000015c0)={{0x14}, [@NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x0, 0x0, 0x0, {}, [@NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @masq={{0x9}, @val={0x4}}}, {0x0, 0x1, 0x0, 0x1, @synproxy={{}, @void}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_USERDATA={0x5, 0x7, 0x1, 0x0, "9c"}]}], {0x14}}, 0x74}}, 0x0)

[  842.682016][T30137] Invalid ELF header magic: != ELF
00:43:33 executing program 1:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_service_time\x00', 0x275a, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1c916, &(0x7f0000000180)=ANY=[@ANYBLOB='nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=', @ANYRESHEX=0xee01, @ANYBLOB=',jqfmt=vfsold,noauto_da_alloc,resgid=', @ANYRESDEC=r1, @ANYBLOB="3200ff97274c68d17b7c16f8461797323c26897387cd742fcba8abebd00606fa2ce467cd74", @ANYRES32=r0], 0x1b, 0x4da, &(0x7f0000000a40)="$eJzs3d1rW+cZAPDnHFtZPpzZYbvIAsvCkmGHLZIdL4kZLNtgbFeBbdnF7jLPlo2xbBlLTmITNof9AYMR2kKvetWbQv+AQsldb0tLoL0vbWkpbdJe9KKNir7SxJH8QWQrWL8fHOs9H/LzvBJ6dd73vOgE0LNORcT5iHhYqVTORsRgY3vaWO4eiYj1+nEP7t+aqi5JVCpXP08iaWyrHj/y2P9sPCUORsTf/hzxr+TpuKXVtfnJQiG/3FjPlReWcqXVtXNzC5Oz+dn84vj42MWJSxMXJkY7Us+BiLj8x49f+N+rf7r85q9ufHDt05F/V9P6bWN/sx6dVq96pvZaNPVHxPJuBOuCvkZ9Mt1OBACAbWme5/88Is7GYPTVzuYAAACA/aTyu4H4JomoAAAAAPtWWpsbm6TZxjyAgUjTbLY+h/fHcTgtFEvlX84UVxan63NohyKTzswV8qONucJDkUmq62O18vfr5zesj0fEsYi4M3iotp6dKhamuz34AQAAAD3iyIb+/1eD9f4/AAAAsM8MdTsBAAAAYNfp/wMAAMD+16L//49u5AEAAADsir9cuVJdKs37X09fX12ZL14/N50vzWcXVqayU8XlpexssThb+82+ha3+X6FYXPp1LK7czJXzpXKutLp2baG4sli+NvfELbABAACAPXTsZ3ffTyJi/TeHakvVgW4nBeyJ/p0c/NHu5QHsvb5uJwB0zY6+/4F9JdPtBICuS7bY33byztudzwUAANgdwz9pff0/2XJsYD3doxSBXWL8D3qX6//Qu1z/h96Vib7QkYfetvvX/yuVHSUEAAB03EBtSdJsRG0cYCDSNJuNOFq7LUAmmZkr5Ecj4ocR8d5g5gfV9bHaM5Mt+wwAAAAAAAAAAAAAAAAAAAAAAAAAQF2lkkQFAAAA2Nci0k+Sxv2/hgfPDGwcHziQfD1Ye4yIGy9fffHmZLm8PFbd/sWj7eWXGtvPd2MEAwAAANio2U9v9uMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJMe3L811Vz2Mu5nf4iIoVbx++Ng7fFgZCLi8JdJ9D/2vCQi+joQf/12RBxvFT+pphVDjSxaxT/UxfhpRBzpQHzoZXer7c/vW33+0jhVe2z9+btYa6GeXfv2L33U/vW1aX+ObjPGiXuv59rGvx1xor91+9OMn7SJf3qb8f/597W1dvsqr0QMt/z+SZ6IlSsvLOVKq2vn5hYmZ/Oz+cXx8bGLE5cmLkyM5mbmCvnG3xYRDsT/f/rGw83qfzjutG1/N6v/mW3W/9t7N+//qF7MtIo/crr1+3+8Tfy08d33i0a5un+4WV6vlx938rV3Tka8+1a7+k+3ef23ev9Htln/s3/974fbPBQA2AOl1bX5yUIhv9zThWd6NaqnRc9FLRR2WvjP85HGc1nobrsEAAB03tN94Cd14ho7AAAAAAAAAAAAAAAAAAAAsLm9/HW9pvXuVBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYFPfBQAA//9z7Ner")
r2 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)

00:43:33 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x0, 0x4, 0xfff, 0x7}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000200), &(0x7f0000000280)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10)
r2 = syz_open_dev$usbfs(&(0x7f0000000040), 0x76, 0x141201)
ioctl$USBDEVFS_REAPURB(r2, 0x4008550c, 0x0)
ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000080)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000000), 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

[  842.740711][T30149] loop1: detected capacity change from 0 to 512
[  842.836789][T30149] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled
[  842.848329][T30149] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  842.867551][T30149] [EXT4 FS bs=4096, gc=1, bpg=3008, ipg=32, mo=4015e018, mo2=0000]
[  842.877143][T30149] EXT4-fs (loop1): 1 truncate cleaned up
[  842.882591][T30149] EXT4-fs (loop1): mounted filesystem without journal. Opts: nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=0x000000000000ee01,jqfmt=vfsold,noauto_da_alloc,resgid=000000000000000000032,errors=continue. Quota mode: writeback.
[  842.905952][  T347] Quota error (device loop1): free_dqentry: Quota structure has offset to other block (1) than it should (5)
[  842.917603][T30149] EXT4-fs (loop1): re-mounted. Opts: (null). Quota mode: writeback.
00:43:33 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x18, 0x3, &(0x7f00000000c0)=@framed, &(0x7f0000000140)='syzkaller\x00'}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sys_exit\x00', r0}, 0x10)
bpf$BPF_MAP_GET_FD_BY_ID(0xe, &(0x7f00000004c0)={0xffffffffffffffff, 0x0, 0x18}, 0xc)

00:43:33 executing program 3:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7020000020000008500000086000000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
ioctl$KDSIGACCEPT(r1, 0x5607, 0x38)

00:43:33 executing program 2:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:33 executing program 4:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

00:43:33 executing program 1:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
r1 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
finit_module(r1, 0x0, 0x0)

00:43:33 executing program 0:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0x8, 0x8}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={0x0, r2}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:33 executing program 2:
r0 = open(&(0x7f0000000080)='./bus\x00', 0x105042, 0x0)
setrlimit(0x0, &(0x7f0000000100)={0xffffffff, 0xffffffffffffffff})
fallocate(r0, 0x0, 0x0, 0x7fffffff)
utime(&(0x7f00000003c0)='./bus\x00', 0x0)
pipe2$9p(&(0x7f0000000180)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
write$P9_RSETATTR(r1, &(0x7f0000000000)={0x7}, 0x69ff9a93bfc25838)
write$P9_RCREATE(r1, 0x0, 0x0)
close(r1)
rt_sigreturn()
r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/class/power_supply', 0x0, 0x0)
r3 = openat$cgroup_procs(r2, &(0x7f0000000040)='cgroup.procs\x00', 0x2, 0x0)
ioctl$FS_IOC_GETVERSION(r3, 0x80087601, &(0x7f00000002c0))
truncate(&(0x7f00000000c0)='./bus\x00', 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.controllers\x00', 0x275a, 0x0)
setxattr$incfs_metadata(&(0x7f00000001c0)='./bus\x00', &(0x7f0000000240), 0x0, 0x0, 0x0)
timer_create(0x0, &(0x7f0000000180)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000280))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x3938700}, {0x0, 0x3938700}}, 0x0)
timer_create(0x0, &(0x7f0000000000)={0x0, 0x14}, &(0x7f0000000440)=<r4=>0x0)
timer_settime(r4, 0x0, &(0x7f00000010c0)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)
pivot_root(&(0x7f0000000380)='./bus/file0\x00', &(0x7f0000000400)='./bus\x00')

00:43:33 executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000700"/15, @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:33 executing program 4:
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0}, 0x90)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
r1 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
read$char_usb(r1, 0x0, 0x0)

00:43:33 executing program 1:
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000440)='./file0\x00', 0xc0ed0006, &(0x7f0000000740)=ANY=[@ANYBLOB='jqfmt=vfsold,resgid=', @ANYRESHEX=0xee00, @ANYBLOB="2c6e6f626c6f636b5f76616c69646974792c6e6f6c6f61642c646174615f6572723d69676e6f72652c7573726a71756f74613d2c696e69745f697461626c653d3078303030303030303030303030303630312c6d61785f6469725f73697a655f6b623d3078303030303030303030303030303030332c000080a2a162242f5f14e27cd903e752deaf069045d4f4b073f9cfa18c6c20158ae13a24e79b654ee8588b677e3b0ce2caf652e5c64333f74721b5a36a1045a01e15c7a929146b162c26a0e61b813935e3ce71a21954d9dc4e39701c78e38927c9db9d9bc3af4d447aa1981be8f7653c750a903c6f7c71a085669f96eef683e1d86a96dd79c22167dba4981972ae5aae355be78a013fe295c78256a145c3efe6940576a655dab6de92f1aae8a9ecf3b9b17cfe5078243cecdd4a7f8faf2f8fb7b7270fc9234af8a1c86dc7f40d65bf6d4247b92f4c3fb6a34de928cefa87f40fc9b5fc3ff0510dbe6cef810cf4230f3eee9e4b6a5276717243eb92e3628adcc4f5a8c5197c5e9c48dcbc52ed01228a5483e2", @ANYRESDEC], 0x1, 0x455, &(0x7f0000000940)="$eJzs3M9PHFUcAPDv7PKzpYK1/ii2Ea1G4g8o9Ic9eNFo4kETEz1oPBHABrstpmAiDVH0gEdjYrwaj/4LnvRijCcTr3o3Jo1yafVg1szuDF1gly6wZdvu55MMvDfz4L3vzLzdN+/BBtCxRtIvScRARPwWEYPV7MYCI9Vv19eWp/9ZW55Oolx+46+kUu7a2vJ0XjT/uYPVTLmc5Xvr1Lv6TsRUqTR7OcuPL158f3xh6cqzcxenzs+en700ee7c6VPHe85OnmlJnGlc14Y/mj929JW3v3jtxv6B7HttHK0yUj27dT1R+drX6irb5lBNOulqY0PYkWJEpJeru9L/B6MY/evHBuPlT9vaOOCWKpfL5Xrvz5mVMnAXS6LdLQDaI3+jT59/822fhh63hasvVB+A0rivZ1v1SFcUsjLdm55vW2kkIt5a+ffrdItbNA8BAFDr+3T880y98V8hHqgpd0+2hjIUEfdGxOGIuC8ijkTE/RGVsg9GxEM7qr1vywrJfo9/0vHf89na1sbxXz76i6FiljtUib87eXeuNHsyOyej0d2b5ie2qeOHl379vNGx2vFfuqX152PBrB1/dm2aoJuZWpzaS8y1rn4SMdxVL/4k8mWcJCKORsTwLuuYe+rbY42O3Tz+bbRgnan8TcST1eu/EpvizyUN1ycnnjs7eWa8L0qzJ8fzu2Krn39Zfb1R/XuKvwXS638gu/83rkauxz+U9EUsfHXlQmW9dmHbX/f3xqfKqtXfP2vYp3d7//ckb1bSPdm+D6cWFy9PRPQkr27dP3njZ/N8Xj6Nf/RE/f5/uOZMPBwR6U18fP03DVTa/mhEPBYRJ7Y5KT+9+Ph7eXrzim/j+LeZlW+hNP6Zuq9/Ndc/IhaW8uv/SJ5YajZRvPDjd43qb+76n66kRrM9zbz+NdvAvZw7AAAAuFMUKjMZSWFsPV0ojI1V/4b/SBwolOYXFp/un//g0kz1b+WHoruQz3QN1syHTmRzw3l+clP+VDZv/GWxv5Ifm54vzbQ7eOhwBxv0/9QfxYj4b8t0LnA38f9a0Ln0f+hc+j90Lv0fOpf+D52rXv//uA3tAPaf93/oXPo/dC79HzqX/g8dqeH/xhcaH9qfxM4/Z0BiPxNRuC2acYcmCtF04a6mP8xil4neuofa/coEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQGv8HAAD//xip4/k=")
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
renameat2(r0, &(0x7f0000000140)='./file0/file0\x00', r0, &(0x7f00000002c0)='./file1\x00', 0x0)
syz_mount_image$tmpfs(&(0x7f0000000040), &(0x7f0000001080)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x21408, 0x0, 0x1, 0x0, &(0x7f0000006380))
socketpair$unix(0x1, 0x0, 0x0, 0x0)
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
renameat(r1, &(0x7f0000001380)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r1, &(0x7f00000001c0)='./file0\x00')

[  843.105918][T30162] Invalid ELF header magic: != ELF
00:43:33 executing program 4:
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000040c0)={<r0=>0xffffffffffffffff})
r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r2 = dup3(r0, r1, 0x0)
setsockopt$netlink_NETLINK_NO_ENOBUFS(r2, 0x10e, 0x5, 0x0, 0x0)

00:43:33 executing program 3:
epoll_create1(0x0)
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
ioctl$SNAPSHOT_CREATE_IMAGE(r0, 0x40043311, 0x0)

00:43:33 executing program 0:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001000000"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

[  843.145773][T30175] loop1: detected capacity change from 0 to 512
[  843.167708][T30175] EXT4-fs (loop1): mounting ext3 file system using the ext4 subsystem
[  843.187957][T30175] EXT4-fs (loop1): 1 truncate cleaned up
00:43:33 executing program 4:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
r1 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
finit_module(r1, 0x0, 0x0)

00:43:33 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

00:43:33 executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000700000000000000000000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:33 executing program 0:
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="b702000000ecffff7f00000000000000850000000c0000009500000000000a6682f08a000000e2dd39d1a88073c9479e9a907c994a09566dbbf1acd717fd83e985be33d8ef246cc4127ed247d35d238f671bc6c8a3d87944f1e6cb4082687905ba8112df4f033094c6620ed86d419d9e0c9477aad30aeb621b22642efc3581f1f66fcafb238b9800fe8548aa7216e135ee8487402c6b9d338fbbb3d93a5f4b28679933490af177ae3b5ab1ddfb30d861d7d23e20d362cf5e8237ffb792fc19da30c74ea15047b6ea85b4b0bf03b4fd449f5167801af2f09903b2cb2686b62ff116e6ba89d355675381106b46aa36ba452f5e00e62f379e1524ef06"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0x2, &(0x7f000000cf3d)=""/195}, 0x23)
socket(0x40000000015, 0x5, 0x0)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{}, 0x0, &(0x7f0000000700)=r2}, 0x20)
ptrace$getregset(0x4205, r1, 0x202, &(0x7f00000004c0)={&(0x7f0000000500)=""/4096, 0x1000})
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="000200000500004a01010007"], 0x18)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x32}}}, 0x1c)

00:43:33 executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r1}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r3, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r4 = dup(r3)
write$FUSE_BMAP(r4, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r5, 0x0, 0x2)

[  843.193506][T30175] EXT4-fs (loop1): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x000000000000ee00,noblock_validity,noload,data_err=ignore,usrjquota=,init_itable=0x0000000000000601,max_dir_size_kb=0x0000000000000003,,errors=continue. Quota mode: none.
[  843.229443][T30187] Invalid ELF header magic: != ELF
00:43:33 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0x8, 0x8}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={0x0, r2}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:33 executing program 1:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sys_exit\x00', r0}, 0x10)
bpf$BPF_MAP_GET_FD_BY_ID(0x21, &(0x7f00000004c0)={0xffffffffffffffff, 0x0, 0x18}, 0xc)

00:43:33 executing program 1:
openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
socket$inet6_tcp(0xa, 0x1, 0x0)
ioctl$RNDADDENTROPY(0xffffffffffffffff, 0x5450, 0x0)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
waitid(0x0, 0x0, 0x0, 0x80000008, 0x0)
syz_clone(0x12040100, &(0x7f0000000040)="6335255780071005b449dacd97d5f4a9bb", 0x11, 0x0, 0x0, 0x0)
rt_sigqueueinfo(0x0, 0x39, 0x0)
rt_sigreturn()
open$dir(&(0x7f00000000c0)='./file0\x00', 0x4140, 0x0)

00:43:33 executing program 3:
r0 = socket$inet6(0xa, 0x1, 0x0)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote}, 0x1c)
rt_sigreturn()
r1 = eventfd(0x0)
r2 = fcntl$dupfd(r1, 0x0, r1)
write$P9_RSTATFS(r2, &(0x7f0000000080)={0x43, 0x9, 0x0, {0xfff}}, 0x43)
write$P9_RLERROR(r2, &(0x7f0000000100)=ANY=[@ANYBLOB="e067f0ff06031002"], 0xb)
timer_create(0x0, &(0x7f0000000280)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000140))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)
timer_create(0x0, &(0x7f00000001c0)={0x0, 0x14, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000040)=<r3=>0x0)
timer_settime(r3, 0x0, &(0x7f00000000c0)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0)

00:43:34 executing program 0:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:34 executing program 4:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ff"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

00:43:34 executing program 0:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, r0}, 0x10)
r1 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
finit_module(r1, 0x0, 0x0)

00:43:34 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000700000000000000000000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:34 executing program 0:
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000780)=ANY=[], 0x45, 0x785, &(0x7f0000001400)="$eJzs3c9rHFUcAPDvbH6n1UQQtJ4CHgyUbkyNrYKHigcRLBT0bBs221CzyZbspjQhYIsIXgQVD4JePPuj3rz646r/hQdpqZoWKx4kMvsj3Ta76abN7tb284HJvrdvNu999828ebsz7ATw0JpI/2QiDkTEh0nEWO35JCIGKqn+iGPV9W5srOfSJYnNzTf+SCrrXN9Yz0XDa1L7apknI+LH9yIOZrbXW1pdW5gtFPLLtfxUefHsVGl17dCZxdn5/Hx+6cj0zMzho88fPbJ3sf71y9r+Kx+9+sw3x/5594lLH/yUxLHYXytrjGOvTMRE7T0ZSN/CW7yy15X1WLJzcZMtgPtB2jF91b08DsRY9FVSLYx0s2UAQKe8ExGbrfS1LAEA/teS1sd/AOCBVP8e4PrGeq6+9PYbie66+nJEDFfjr5/frJb0187ZDVfOg45eT245M5JExPge1D8REZ9/99ZX6RIdOg8J0MyFixFxanxi+/ifbLtmYbeebWOdidvyxj/onu/T+c8LzeZ/ma35TzSZ/ww12Xfvxp33/8zlPaimpXT+91LDtW03GuKvGe+r5R6pzPkGktNnCvl0bHs0IiZjYCjNT+9Qx+S1f6+1Kmuc//358dtfpvWnjzfXyFzuH7r1NXOz5dl7ibnR1YsRT/U3iz/Z6v+kxfz3RJt1vPbi+5+1KkvjT+OtL9vj76zNwVqiSfx1yY7XJ05VNoep+kbRxLe/fjraqv7G/k+XtP76Z4FuSPt/tOn2vxX/eNJwvebm2O7r+PmLsR9ald05/ubb/2DyZiVd777zs+Xy8nTEYPL69ucP33xtPV9fP41/8ult8VeC32n7Tz8Tnmoz/v4rv3999/F3Vhr/3C76f/kuEpduLPS1qr+9/p+ppCZrz7Qz/rXbwHt57wAAAAAAAAAAAAAAAAAAAAAAAACgXZmI2B9JJruVzmSy2eo9vB+P0UyhWCofPF1cWZqLyr2yx2MgU/+py7GG30Odrv0efj1/+Lb8cxHxWER8MjRSyWdzxcJcr4MHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJp9Le7/n/ptqNetAwA6Zriv1y0AALptuL/XLQAAum14V2uPdKwdAED37O74DwA8CBz/AeDh4/gPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAh504fjxdNv/eWM+l+blzqysLxXOH5vKlheziSi6bKy6fzc4Xi/OFfDZXXGz5jy5UHwrF4tmZWFo5P1XOl8pTpdW1k4vFlaXyyTOLs/P5k/mBrkUGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO0rra4tzBYK+WUJCYldJ+JCdT+6X9qzd4kYvDlKjPRsfAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC43/0XAAD//zGyJVg=")
r0 = open(&(0x7f00000000c0)='./bus\x00', 0xc8942, 0x0)
pwrite64(r0, &(0x7f0000000000)='+', 0x1, 0x3225)
pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000140)='~', 0x1}], 0x1, 0x0, 0x0, 0x4)

[  843.392519][T30211] Invalid ELF header magic: != ELF
00:43:34 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00'}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r4, 0x0, 0x2)

00:43:34 executing program 1:
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="b702000000ecffff7f00000000000000850000000c0000009500000000000a6682f08a000000e2dd39d1a88073c9479e9a907c994a09566dbbf1acd717fd83e985be33d8ef246cc4127ed247d35d238f671bc6c8a3d87944f1e6cb4082687905ba8112df4f033094c6620ed86d419d9e0c9477aad30aeb621b22642efc3581f1f66fcafb238b9800fe8548aa7216e135ee8487402c6b9d338fbbb3d93a5f4b28679933490af177ae3b5ab1ddfb30d861d7d23e20d362cf5e8237ffb792fc19da30c74ea15047b6ea85b4b0bf03b4fd449f5167801af2f09903b2cb2686b62ff116e6ba89d355675381106b46aa36ba452f5e00e62f379e1524ef06"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0x2, &(0x7f000000cf3d)=""/195}, 0x23)
socket(0x40000000015, 0x5, 0x0)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{}, 0x0, &(0x7f0000000700)=r2}, 0x20)
ptrace$getregset(0x4205, r1, 0x202, &(0x7f00000004c0)={&(0x7f0000000500)=""/4096, 0x1000})
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="000200000500004a01010007"], 0x18)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x32}}}, 0x1c)

00:43:34 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='tlb_flush\x00'}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

[  843.447913][T30215] loop0: detected capacity change from 0 to 2048
00:43:34 executing program 1:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:34 executing program 4:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ff"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

00:43:34 executing program 1:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
r0 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
finit_module(r0, 0x0, 0x0)

00:43:34 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000700000000000000000000001811", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

[  843.558916][T30215] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  843.581263][T30215] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor.0: bg 0: block 234: padding at end of block bitmap is not set
[  843.600896][T30236] Invalid ELF header magic: != ELF
00:43:34 executing program 4:
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
write$snapshot(r0, 0x0, 0x0)

[  843.606450][T30215] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28
[  843.618536][T30215] EXT4-fs (loop0): This should not happen!! Data will be lost
[  843.618536][T30215] 
[  843.629133][T30215] EXT4-fs (loop0): Total free blocks count 0
[  843.635002][T30215] EXT4-fs (loop0): Free/Dirty block details
[  843.640884][T30215] EXT4-fs (loop0): free_blocks=0
[  843.645732][T30215] EXT4-fs (loop0): dirty_blocks=16
[  843.650865][T30215] EXT4-fs (loop0): Block reservation details
00:43:34 executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00'}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r4, 0x0, 0x2)

00:43:34 executing program 0:
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="b702000000ecffff7f00000000000000850000000c0000009500000000000a6682f08a000000e2dd39d1a88073c9479e9a907c994a09566dbbf1acd717fd83e985be33d8ef246cc4127ed247d35d238f671bc6c8a3d87944f1e6cb4082687905ba8112df4f033094c6620ed86d419d9e0c9477aad30aeb621b22642efc3581f1f66fcafb238b9800fe8548aa7216e135ee8487402c6b9d338fbbb3d93a5f4b28679933490af177ae3b5ab1ddfb30d861d7d23e20d362cf5e8237ffb792fc19da30c74ea15047b6ea85b4b0bf03b4fd449f5167801af2f09903b2cb2686b62ff116e6ba89d355675381106b46aa36ba452f5e00e62f379e1524ef06"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0x2, &(0x7f000000cf3d)=""/195}, 0x23)
socket(0x40000000015, 0x5, 0x0)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{}, 0x0, &(0x7f0000000700)=r2}, 0x20)
ptrace$getregset(0x4205, r1, 0x202, &(0x7f00000004c0)={&(0x7f0000000500)=""/4096, 0x1000})
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="000200000500004a01010007"], 0x18)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x32}}}, 0x1c)

00:43:34 executing program 4:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='tlb_flush\x00'}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

[  843.658293][T30215] EXT4-fs (loop0): i_reserved_data_blocks=1
[  843.678242][ T2745] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 6 with max blocks 1 with error 28
[  843.702029][ T2745] EXT4-fs (loop0): This should not happen!! Data will be lost
[  843.702029][ T2745] 
00:43:34 executing program 2:
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10)
r0 = openat$sysfs(0xffffff9c, &(0x7f0000000040)='/sys/kernel/notes', 0x0, 0x0)
finit_module(r0, 0x0, 0x0)

00:43:34 executing program 0:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000580)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b000111000000090400000195699b0009058b", @ANYRES32], 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002a20702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d0000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000016c0)={0x84, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

00:43:34 executing program 4:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:34 executing program 1:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ff"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

00:43:34 executing program 4:
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000780)=ANY=[], 0x45, 0x785, &(0x7f0000001400)="$eJzs3c9rHFUcAPDvbH6n1UQQtJ4CHgyUbkyNrYKHigcRLBT0bBs221CzyZbspjQhYIsIXgQVD4JePPuj3rz646r/hQdpqZoWKx4kMvsj3Ta76abN7tb284HJvrdvNu999828ebsz7ATw0JpI/2QiDkTEh0nEWO35JCIGKqn+iGPV9W5srOfSJYnNzTf+SCrrXN9Yz0XDa1L7apknI+LH9yIOZrbXW1pdW5gtFPLLtfxUefHsVGl17dCZxdn5/Hx+6cj0zMzho88fPbJ3sf71y9r+Kx+9+sw3x/5594lLH/yUxLHYXytrjGOvTMRE7T0ZSN/CW7yy15X1WLJzcZMtgPtB2jF91b08DsRY9FVSLYx0s2UAQKe8ExGbrfS1LAEA/teS1sd/AOCBVP8e4PrGeq6+9PYbie66+nJEDFfjr5/frJb0187ZDVfOg45eT245M5JExPge1D8REZ9/99ZX6RIdOg8J0MyFixFxanxi+/ifbLtmYbeebWOdidvyxj/onu/T+c8LzeZ/ma35TzSZ/ww12Xfvxp33/8zlPaimpXT+91LDtW03GuKvGe+r5R6pzPkGktNnCvl0bHs0IiZjYCjNT+9Qx+S1f6+1Kmuc//358dtfpvWnjzfXyFzuH7r1NXOz5dl7ibnR1YsRT/U3iz/Z6v+kxfz3RJt1vPbi+5+1KkvjT+OtL9vj76zNwVqiSfx1yY7XJ05VNoep+kbRxLe/fjraqv7G/k+XtP76Z4FuSPt/tOn2vxX/eNJwvebm2O7r+PmLsR9ald05/ubb/2DyZiVd777zs+Xy8nTEYPL69ucP33xtPV9fP41/8ult8VeC32n7Tz8Tnmoz/v4rv3999/F3Vhr/3C76f/kuEpduLPS1qr+9/p+ppCZrz7Qz/rXbwHt57wAAAAAAAAAAAAAAAAAAAAAAAACgXZmI2B9JJruVzmSy2eo9vB+P0UyhWCofPF1cWZqLyr2yx2MgU/+py7GG30Odrv0efj1/+Lb8cxHxWER8MjRSyWdzxcJcr4MHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJp9Le7/n/ptqNetAwA6Zriv1y0AALptuL/XLQAAum14V2uPdKwdAED37O74DwA8CBz/AeDh4/gPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAh504fjxdNv/eWM+l+blzqysLxXOH5vKlheziSi6bKy6fzc4Xi/OFfDZXXGz5jy5UHwrF4tmZWFo5P1XOl8pTpdW1k4vFlaXyyTOLs/P5k/mBrkUGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO0rra4tzBYK+WUJCYldJ+JCdT+6X9qzd4kYvDlKjPRsfAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC43/0XAAD//zGyJVg=")
r0 = open(&(0x7f00000000c0)='./bus\x00', 0xc8942, 0x0)
pwrite64(r0, &(0x7f0000000000)='+', 0x1, 0x3225)
pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000140)='~', 0x1}], 0x1, 0x0, 0x0, 0x4)

00:43:34 executing program 1:
r0 = socket(0x10, 0x80002, 0x0)
sendmsg$nl_route_sched(r0, &(0x7f0000000100)={0x0, 0x4, &(0x7f0000000300)={&(0x7f0000000000)=ANY=[@ANYBLOB="7000000030003b050000000000000000090000005c000100580001000b00010073616d706c650000480002800800050002001200180002000000000000000000c39210af3f3489c0000000000800030020"], 0x70}}, 0x0)

00:43:34 executing program 1:
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x7, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000040)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000010b704000000000000850000000100000095"], &(0x7f00000001c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='tlb_flush\x00'}, 0x10)
syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)

[  843.874333][T30257] loop4: detected capacity change from 0 to 2048
00:43:34 executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00'}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(r2, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r3 = dup(r2)
write$FUSE_BMAP(r3, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r3, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r1, @ANYBLOB=',wfdno=', @ANYRESHEX=r2])
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
r4 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r4, 0x0, 0x2)

00:43:34 executing program 2:
r0 = socket$inet6(0xa, 0x1, 0x8010000000000084)
bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000100)=ANY=[@ANYBLOB="b702000000ecffff7f00000000000000850000000c0000009500000000000a6682f08a000000e2dd39d1a88073c9479e9a907c994a09566dbbf1acd717fd83e985be33d8ef246cc4127ed247d35d238f671bc6c8a3d87944f1e6cb4082687905ba8112df4f033094c6620ed86d419d9e0c9477aad30aeb621b22642efc3581f1f66fcafb238b9800fe8548aa7216e135ee8487402c6b9d338fbbb3d93a5f4b28679933490af177ae3b5ab1ddfb30d861d7d23e20d362cf5e8237ffb792fc19da30c74ea15047b6ea85b4b0bf03b4fd449f5167801af2f09903b2cb2686b62ff116e6ba89d355675381106b46aa36ba452f5e00e62f379e1524ef06"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0x2, &(0x7f000000cf3d)=""/195}, 0x23)
socket(0x40000000015, 0x5, 0x0)
r1 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
ptrace(0x10, r1)
openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
bpf$ENABLE_STATS(0x20, 0x0, 0x0)
socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r2=>0xffffffffffffffff})
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000740)={{}, 0x0, &(0x7f0000000700)=r2}, 0x20)
ptrace$getregset(0x4205, r1, 0x202, &(0x7f00000004c0)={&(0x7f0000000500)=""/4096, 0x1000})
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @empty}, 0x1c)
setsockopt$inet6_IPV6_HOPOPTS(r0, 0x29, 0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="000200000500004a01010007"], 0x18)
connect$inet6(r0, &(0x7f0000000040)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x32}}}, 0x1c)

[  843.950968][T30257] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  843.974584][T30257] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor.4: bg 0: block 234: padding at end of block bitmap is not set
[  843.995313][T30267] Invalid ELF header magic: != ELF
00:43:34 executing program 1:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bf"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_service_time\x00', 0x275a, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1c916, &(0x7f0000000180)=ANY=[@ANYBLOB='nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=', @ANYRESHEX=0xee01, @ANYBLOB=',jqfmt=vfsold,noauto_da_alloc,resgid=', @ANYRESDEC=r1, @ANYBLOB="3200ff97274c68d17b7c16f8461797323c26897387cd742fcba8abebd00606fa2ce467cd74", @ANYRES32=r0], 0x1b, 0x4da, &(0x7f0000000a40)="$eJzs3d1rW+cZAPDnHFtZPpzZYbvIAsvCkmGHLZIdL4kZLNtgbFeBbdnF7jLPlo2xbBlLTmITNof9AYMR2kKvetWbQv+AQsldb0tLoL0vbWkpbdJe9KKNir7SxJH8QWQrWL8fHOs9H/LzvBJ6dd73vOgE0LNORcT5iHhYqVTORsRgY3vaWO4eiYj1+nEP7t+aqi5JVCpXP08iaWyrHj/y2P9sPCUORsTf/hzxr+TpuKXVtfnJQiG/3FjPlReWcqXVtXNzC5Oz+dn84vj42MWJSxMXJkY7Us+BiLj8x49f+N+rf7r85q9ufHDt05F/V9P6bWN/sx6dVq96pvZaNPVHxPJuBOuCvkZ9Mt1OBACAbWme5/88Is7GYPTVzuYAAACA/aTyu4H4JomoAAAAAPtWWpsbm6TZxjyAgUjTbLY+h/fHcTgtFEvlX84UVxan63NohyKTzswV8qONucJDkUmq62O18vfr5zesj0fEsYi4M3iotp6dKhamuz34AQAAAD3iyIb+/1eD9f4/AAAAsM8MdTsBAAAAYNfp/wMAAMD+16L//49u5AEAAADsir9cuVJdKs37X09fX12ZL14/N50vzWcXVqayU8XlpexssThb+82+ha3+X6FYXPp1LK7czJXzpXKutLp2baG4sli+NvfELbABAACAPXTsZ3ffTyJi/TeHakvVgW4nBeyJ/p0c/NHu5QHsvb5uJwB0zY6+/4F9JdPtBICuS7bY33byztudzwUAANgdwz9pff0/2XJsYD3doxSBXWL8D3qX6//Qu1z/h96Vib7QkYfetvvX/yuVHSUEAAB03EBtSdJsRG0cYCDSNJuNOFq7LUAmmZkr5Ecj4ocR8d5g5gfV9bHaM5Mt+wwAAAAAAAAAAAAAAAAAAAAAAAAAQF2lkkQFAAAA2Nci0k+Sxv2/hgfPDGwcHziQfD1Ye4yIGy9fffHmZLm8PFbd/sWj7eWXGtvPd2MEAwAAANio2U9v9uMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJMe3L811Vz2Mu5nf4iIoVbx++Ng7fFgZCLi8JdJ9D/2vCQi+joQf/12RBxvFT+pphVDjSxaxT/UxfhpRBzpQHzoZXer7c/vW33+0jhVe2z9+btYa6GeXfv2L33U/vW1aX+ObjPGiXuv59rGvx1xor91+9OMn7SJf3qb8f/597W1dvsqr0QMt/z+SZ6IlSsvLOVKq2vn5hYmZ/Oz+cXx8bGLE5cmLkyM5mbmCvnG3xYRDsT/f/rGw83qfzjutG1/N6v/mW3W/9t7N+//qF7MtIo/crr1+3+8Tfy08d33i0a5un+4WV6vlx938rV3Tka8+1a7+k+3ef23ev9Htln/s3/974fbPBQA2AOl1bX5yUIhv9zThWd6NaqnRc9FLRR2WvjP85HGc1nobrsEAAB03tN94Cd14ho7AAAAAAAAAAAAAAAAAAAAsLm9/HW9pvXuVBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYFPfBQAA//9z7Ner")
r2 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)

[  844.020203][T30257] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28
[  844.032452][T30257] EXT4-fs (loop4): This should not happen!! Data will be lost
[  844.032452][T30257] 
[  844.042344][T30257] EXT4-fs (loop4): Total free blocks count 0
[  844.048552][T30257] EXT4-fs (loop4): Free/Dirty block details
[  844.054309][T30257] EXT4-fs (loop4): free_blocks=0
[  844.059199][T30257] EXT4-fs (loop4): dirty_blocks=16
[  844.064199][T30257] EXT4-fs (loop4): Block reservation details
00:43:34 executing program 4:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

[  844.070109][T30257] EXT4-fs (loop4): i_reserved_data_blocks=1
[  844.087054][  T347] EXT4-fs (loop4): Delayed block allocation failed for inode 18 at logical offset 6 with max blocks 1 with error 28
[  844.103416][  T347] EXT4-fs (loop4): This should not happen!! Data will be lost
[  844.103416][  T347] 
[  844.110934][T30274] loop1: detected capacity change from 0 to 512
00:43:34 executing program 2:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7020000080000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

00:43:34 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x5, 0x8, 0x1}, 0x48)
socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = memfd_create(&(0x7f0000000580)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\x91\xfdy\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7U\x00\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0`\xaa8\xc7\xc8\x9d\xfdA\b\x10\x92(c\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n\x8f~\xd0\xe2y-l\xef_\xb0\x93=\xabQ\xf7 \x1d\xa1\xce\x8b\xac \xe8\x88\xdc\x02\xd7\x04\x9b\x9aL\x9f([4\x81\xf6\xb6\xdf\x16J\xab\xecC\xfe{\xfd\x8a\xa3Eo\tCv\xad\x18\xe9\xd8]B6{\xf0(\xaeW;)\x9f\x9cR\xae\x12G\xd8\xa4\a\x00\x00\x00\x00\x00\x00\x00\x94\xb6\xe8\x885\x92#\x8dE \x86[N\xa7\xd03\xa8\xb4,\x85p\xbd\x88\x02\x1d\xf3\xd5X\xa0\xa9M\xca\xc7\x8b\x8cu\xf0\x00\x00\x00\x00\x00i\xc7\xe7\xbc\xd2\x1e\xf99|\x93\xc7\x7flk\xd2\xa0\xe9\x99`\xff\xf6\xfb\xc4\x9a[\x05\\\x96<\x92\xea}\xec\xac\x17\x9f7\xc0\xa1P\xd0\xf2\x8f\xdc\xf2\xb0\vV\xf7%4_\xba\x81\x95cLW\xfcw\xe0\x97wS\x15\xe4F\xb3\x8a\x9f\b\f\x10z\x14>\x03\xf9\xb0\x95\xbd\xaaF\x02\x86.\xbf\x85\xcfo)G\xb1m\xa8\x01H\x1fO\x9d\x9a\x1b\xfd\xaaf\x96\x92\x96\x1b\xfd\x8e\x10\x8a\x9e:\xa5\x14\xb0`\x82\xd8k\xfd\xd2XNh\xd3\xa3\x03\xb1\x10d)\x11.\xe8~\x8c\x19x\x8f\x82Y\xb9\xc8W\xd1\xa8\xa6b9\xbc\x1a\xff\xc5\xdcObsvRc\x13gb\xa4\x0e~\xbb\r\xb7!\x19\x17\xd56\xec\xb5\xe3\xd2\xa3\x17i\x1c?\xcb\x85\xbe\x13\xa13\x05\x8c\xa6Z\x87\xe0\x91]Bp\xd1\xabg\xd9p\xa9)n\xc5t\x8a\xcb\x1e\xec\x92\xdco\xc1\xe2\x12\xd3\xd1\x19\b&%\xf8a&9\x1b?\f\xd8\xa8\x1a\xc8q\x17\xc2]N\x9c\x80\xb1\x13\xb3\xd6\x01\xad\xc26\x13\x93\xd0\x80$\xc8\x05\x91\x9b\xa8\x02\xc3\x87\xc9\x86^\xb8\x7f\xec\\n\x05\xbf\xd7\x15\xce\xff\x00\xe7\xd9\xc5\r\x00\x02\x00\x00\x00\x00\x00\x00\x15\xd2\xd4~\x88\x19der\xa9B\x91m=\xcd\xf7\x9f\xaa\xe7\x9f\x11\x19\xf8\xe6\x16\x7f\xa8W\xf3\xbf\xcbq\x9d\x14#\xb0}\xb4#\x10\xa3\xc8\xff\xc3\x06\xe9^7\x86\x85\xd4:\x8dQd&E\xf4F\xc7l&\x19\xe6\x95\xec\xa1\n\x9cx\x8d\xf2\xec|\xccYR\xaeZ\xd2\x84\xed0\x00\x00\x00\x00\x00\x00\x00', 0x0)
r3 = dup(r2)
pwritev2(r3, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:34 executing program 4:
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)=ANY=[@ANYBLOB="400000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000000c001a800800028a04000180140012800900010076657468"], 0x40}}, 0x0)

[  844.113084][   T20] usb 1-1: new high-speed USB device number 28 using dummy_hcd
00:43:34 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000070000000000000000000000181100", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:34 executing program 3:
r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x1, 0x0)
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
write$snapshot(r0, 0x0, 0x0)

00:43:34 executing program 4:
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x46d, 0xc71b, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x4, 0x8, 0xc}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000e00000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r2}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000200)={{r1}, &(0x7f0000000000), &(0x7f0000000080)}, 0x20)
syz_usb_control_io(r0, &(0x7f00000002c0)={0x2c, &(0x7f00000001c0)={0x0, 0x0, 0x7, {0x7, 0x0, "47f882f4d1"}}, 0x0, 0x0, 0x0, 0x0}, 0x0)

00:43:34 executing program 2:
r0 = socket$inet6(0xa, 0x1, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@loopback={0xfec0ffff00000000}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1c0}, 0x20)

00:43:34 executing program 2:
bpf$MAP_CREATE(0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x7, 0xfff, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000006c0)={{r0}, &(0x7f0000000640), &(0x7f0000000680)}, 0x20)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='mm_page_alloc\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000000)='cgroup.kill\x00', 0x0, 0x0)
r2 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$TUNSETOFFLOAD(r2, 0xc004743e, 0x20001408)
ioctl$TUNSETOFFLOAD(r2, 0x40047451, 0x2000000a)

00:43:34 executing program 3:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:34 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x0, 0xfff, 0x7}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000200), &(0x7f0000000280)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10)
r2 = syz_open_dev$usbfs(&(0x7f0000000040), 0x76, 0x141201)
ioctl$USBDEVFS_REAPURB(r2, 0x4008550c, 0x0)
ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000080)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000000), 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

[  844.226896][T30274] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled
[  844.245585][T30274] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  844.269172][T30274] [EXT4 FS bs=4096, gc=1, bpg=3008, ipg=32, mo=4015e018, mo2=0000]
00:43:35 executing program 3:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000002c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002800)=ANY=[], 0x58}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000027b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000003c0)='kmem_cache_free\x00', r3}, 0x10)
close(r0)

00:43:35 executing program 2:
syz_mount_image$ext4(&(0x7f0000000080)='ext3\x00', &(0x7f0000000440)='./file0\x00', 0xc0ed0006, &(0x7f0000000740)=ANY=[@ANYBLOB='jqfmt=vfsold,resgid=', @ANYRESHEX=0xee00, @ANYBLOB="2c6e6f626c6f636b5f76616c69646974792c6e6f6c6f61642c646174615f6572723d69676e6f72652c7573726a71756f74613d2c696e69745f697461626c653d3078303030303030303030303030303630312c6d61785f6469725f73697a655f6b623d3078303030303030303030303030303030332c000080a2a162242f5f14e27cd903e752deaf069045d4f4b073f9cfa18c6c20158ae13a24e79b654ee8588b677e3b0ce2caf652e5c64333f74721b5a36a1045a01e15c7a929146b162c26a0e61b813935e3ce71a21954d9dc4e39701c78e38927c9db9d9bc3af4d447aa1981be8f7653c750a903c6f7c71a085669f96eef683e1d86a96dd79c22167dba4981972ae5aae355be78a013fe295c78256a145c3efe6940576a655dab6de92f1aae8a9ecf3b9b17cfe5078243cecdd4a7f8faf2f8fb7b7270fc9234af8a1c86dc7f40d65bf6d4247b92f4c3fb6a34de928cefa87f40fc9b5fc3ff0510dbe6cef810cf4230f3eee9e4b6a5276717243eb92e3628adcc4f5a8c5197c5e9c48dcbc52ed01228a5483e2", @ANYRESDEC], 0x1, 0x455, &(0x7f0000000940)="$eJzs3M9PHFUcAPDv7PKzpYK1/ii2Ea1G4g8o9Ic9eNFo4kETEz1oPBHABrstpmAiDVH0gEdjYrwaj/4LnvRijCcTr3o3Jo1yafVg1szuDF1gly6wZdvu55MMvDfz4L3vzLzdN+/BBtCxRtIvScRARPwWEYPV7MYCI9Vv19eWp/9ZW55Oolx+46+kUu7a2vJ0XjT/uYPVTLmc5Xvr1Lv6TsRUqTR7OcuPL158f3xh6cqzcxenzs+en700ee7c6VPHe85OnmlJnGlc14Y/mj929JW3v3jtxv6B7HttHK0yUj27dT1R+drX6irb5lBNOulqY0PYkWJEpJeru9L/B6MY/evHBuPlT9vaOOCWKpfL5Xrvz5mVMnAXS6LdLQDaI3+jT59/822fhh63hasvVB+A0rivZ1v1SFcUsjLdm55vW2kkIt5a+ffrdItbNA8BAFDr+3T880y98V8hHqgpd0+2hjIUEfdGxOGIuC8ijkTE/RGVsg9GxEM7qr1vywrJfo9/0vHf89na1sbxXz76i6FiljtUib87eXeuNHsyOyej0d2b5ie2qeOHl379vNGx2vFfuqX152PBrB1/dm2aoJuZWpzaS8y1rn4SMdxVL/4k8mWcJCKORsTwLuuYe+rbY42O3Tz+bbRgnan8TcST1eu/EpvizyUN1ycnnjs7eWa8L0qzJ8fzu2Krn39Zfb1R/XuKvwXS638gu/83rkauxz+U9EUsfHXlQmW9dmHbX/f3xqfKqtXfP2vYp3d7//ckb1bSPdm+D6cWFy9PRPQkr27dP3njZ/N8Xj6Nf/RE/f5/uOZMPBwR6U18fP03DVTa/mhEPBYRJ7Y5KT+9+Ph7eXrzim/j+LeZlW+hNP6Zuq9/Ndc/IhaW8uv/SJ5YajZRvPDjd43qb+76n66kRrM9zbz+NdvAvZw7AAAAuFMUKjMZSWFsPV0ojI1V/4b/SBwolOYXFp/un//g0kz1b+WHoruQz3QN1syHTmRzw3l+clP+VDZv/GWxv5Ifm54vzbQ7eOhwBxv0/9QfxYj4b8t0LnA38f9a0Ln0f+hc+j90Lv0fOpf+D52rXv//uA3tAPaf93/oXPo/dC79HzqX/g8dqeH/xhcaH9qfxM4/Z0BiPxNRuC2acYcmCtF04a6mP8xil4neuofa/coEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQGv8HAAD//xip4/k=")
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000100)=ANY=[], 0xfecc)

[  844.324404][T30274] EXT4-fs (loop1): 1 truncate cleaned up
[  844.336418][ T2745] Quota error (device loop1): free_dqentry: Quota structure has offset to other block (1) than it should (5)
[  844.348492][T30274] EXT4-fs (loop1): mounted filesystem without journal. Opts: nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=0x000000000000ee01,jqfmt=vfsold,noauto_da_alloc,resgid=000000000000000000032,errors=continue. Quota mode: writeback.
00:43:35 executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000070000000000000000000000181100", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:35 executing program 3:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f0000000080)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x80}, {0x6}]}, 0x10)
r2 = fcntl$dupfd(r0, 0x0, r1)
sendmsg$SOCK_DESTROY(r2, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000001a80)={0x14}, 0x14}}, 0x0)

00:43:35 executing program 1:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$sysfs(0xffffff9c, 0x0, 0x0, 0x0)
finit_module(r1, 0x0, 0x0)

00:43:35 executing program 3:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r2}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
ioctl$KDSIGACCEPT(r1, 0x5607, 0x38)

00:43:35 executing program 1:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:35 executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x5, 0x2, 0x7, 0x102, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r0}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f00000001c0)='ext4_discard_preallocations\x00', r2}, 0x10)
write$cgroup_int(r1, &(0x7f0000000100), 0x1001)
ioctl$SIOCSIFHWADDR(r1, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}})

00:43:35 executing program 1:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000002c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002800)=ANY=[], 0x58}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000027b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000003c0)='kmem_cache_free\x00', r3}, 0x10)
close(r0)

[  844.394714][T30274] EXT4-fs (loop1): re-mounted. Opts: (null). Quota mode: writeback.
[  844.418046][T30304] loop2: detected capacity change from 0 to 512
00:43:35 executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000007000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

00:43:35 executing program 1:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bf"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_service_time\x00', 0x275a, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1c916, &(0x7f0000000180)=ANY=[@ANYBLOB='nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=', @ANYRESHEX=0xee01, @ANYBLOB=',jqfmt=vfsold,noauto_da_alloc,resgid=', @ANYRESDEC=r1, @ANYBLOB="3200ff97274c68d17b7c16f8461797323c26897387cd742fcba8abebd00606fa2ce467cd74", @ANYRES32=r0], 0x1b, 0x4da, &(0x7f0000000a40)="$eJzs3d1rW+cZAPDnHFtZPpzZYbvIAsvCkmGHLZIdL4kZLNtgbFeBbdnF7jLPlo2xbBlLTmITNof9AYMR2kKvetWbQv+AQsldb0tLoL0vbWkpbdJe9KKNir7SxJH8QWQrWL8fHOs9H/LzvBJ6dd73vOgE0LNORcT5iHhYqVTORsRgY3vaWO4eiYj1+nEP7t+aqi5JVCpXP08iaWyrHj/y2P9sPCUORsTf/hzxr+TpuKXVtfnJQiG/3FjPlReWcqXVtXNzC5Oz+dn84vj42MWJSxMXJkY7Us+BiLj8x49f+N+rf7r85q9ufHDt05F/V9P6bWN/sx6dVq96pvZaNPVHxPJuBOuCvkZ9Mt1OBACAbWme5/88Is7GYPTVzuYAAACA/aTyu4H4JomoAAAAAPtWWpsbm6TZxjyAgUjTbLY+h/fHcTgtFEvlX84UVxan63NohyKTzswV8qONucJDkUmq62O18vfr5zesj0fEsYi4M3iotp6dKhamuz34AQAAAD3iyIb+/1eD9f4/AAAAsM8MdTsBAAAAYNfp/wMAAMD+16L//49u5AEAAADsir9cuVJdKs37X09fX12ZL14/N50vzWcXVqayU8XlpexssThb+82+ha3+X6FYXPp1LK7czJXzpXKutLp2baG4sli+NvfELbABAACAPXTsZ3ffTyJi/TeHakvVgW4nBeyJ/p0c/NHu5QHsvb5uJwB0zY6+/4F9JdPtBICuS7bY33byztudzwUAANgdwz9pff0/2XJsYD3doxSBXWL8D3qX6//Qu1z/h96Vib7QkYfetvvX/yuVHSUEAAB03EBtSdJsRG0cYCDSNJuNOFq7LUAmmZkr5Ecj4ocR8d5g5gfV9bHaM5Mt+wwAAAAAAAAAAAAAAAAAAAAAAAAAQF2lkkQFAAAA2Nci0k+Sxv2/hgfPDGwcHziQfD1Ye4yIGy9fffHmZLm8PFbd/sWj7eWXGtvPd2MEAwAAANio2U9v9uMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJMe3L811Vz2Mu5nf4iIoVbx++Ng7fFgZCLi8JdJ9D/2vCQi+joQf/12RBxvFT+pphVDjSxaxT/UxfhpRBzpQHzoZXer7c/vW33+0jhVe2z9+btYa6GeXfv2L33U/vW1aX+ObjPGiXuv59rGvx1xor91+9OMn7SJf3qb8f/597W1dvsqr0QMt/z+SZ6IlSsvLOVKq2vn5hYmZ/Oz+cXx8bGLE5cmLkyM5mbmCvnG3xYRDsT/f/rGw83qfzjutG1/N6v/mW3W/9t7N+//qF7MtIo/crr1+3+8Tfy08d33i0a5un+4WV6vlx938rV3Tka8+1a7+k+3ef23ev9Htln/s3/974fbPBQA2AOl1bX5yUIhv9zThWd6NaqnRc9FLRR2WvjP85HGc1nobrsEAAB03tN94Cd14ho7AAAAAAAAAAAAAAAAAAAAsLm9/HW9pvXuVBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYFPfBQAA//9z7Ner")
r2 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)

[  844.487356][T30304] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[  844.498957][T30304] EXT4-fs (loop2): 1 truncate cleaned up
[  844.504579][T30304] EXT4-fs (loop2): mounted filesystem without journal. Opts: jqfmt=vfsold,resgid=0x000000000000ee00,noblock_validity,noload,data_err=ignore,usrjquota=,init_itable=0x0000000000000601,max_dir_size_kb=0x0000000000000003,,errors=continue. Quota mode: none.
[  844.519761][T30323] loop1: detected capacity change from 0 to 512
00:43:35 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb7020000080000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

00:43:35 executing program 2:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$sysfs(0xffffff9c, 0x0, 0x0, 0x0)
finit_module(r1, 0x0, 0x0)

[  844.539155][   T20] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11
[  844.560511][   T20] usb 1-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024
[  844.575688][T30323] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled
[  844.587517][   T20] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  844.588840][T30323] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
[  844.604101][   T20] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  844.617171][T30323] [EXT4 FS bs=4096, gc=1, bpg=3008, ipg=32, mo=4015e018, mo2=0000]
[  844.626387][  T820] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[  844.634052][T30323] EXT4-fs (loop1): 1 truncate cleaned up
[  844.639627][T30323] EXT4-fs (loop1): mounted filesystem without journal. Opts: nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=0x000000000000ee01,jqfmt=vfsold,noauto_da_alloc,resgid=000000000000000000032,errors=continue. Quota mode: writeback.
[  844.648925][T30253] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  844.672355][ T2745] Quota error (device loop1): free_dqentry: Quota structure has offset to other block (1) than it should (5)
[  844.701311][T30323] EXT4-fs (loop1): re-mounted. Opts: (null). Quota mode: writeback.
[  845.016342][  T820] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  845.027047][  T820] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  845.036619][  T820] usb 5-1: New USB device found, idVendor=046d, idProduct=c71b, bcdDevice= 0.00
[  845.045432][  T820] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  845.053941][  T820] usb 5-1: config 0 descriptor??
[  845.527286][  T820] logitech-djreceiver 0003:046D:C71B.0138: item fetching failed at offset 5/7
[  845.536081][  T820] logitech-djreceiver 0003:046D:C71B.0138: logi_dj_probe: parse failed
[  845.544166][  T820] logitech-djreceiver: probe of 0003:046D:C71B.0138 failed with error -22
[  845.576314][   T20] aiptek 1-1:17.0: Aiptek using 400 ms programming speed
[  845.583556][   T20] input: Aiptek as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:17.0/input/input363
[  845.727680][T24746] usb 5-1: USB disconnect, device number 23
[  845.785525][   T20] usb 1-1: USB disconnect, device number 28
00:43:36 executing program 0:
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f00000000c0)='./file0\x00', 0x0, &(0x7f0000000780)=ANY=[], 0x45, 0x785, &(0x7f0000001400)="$eJzs3c9rHFUcAPDvbH6n1UQQtJ4CHgyUbkyNrYKHigcRLBT0bBs221CzyZbspjQhYIsIXgQVD4JePPuj3rz646r/hQdpqZoWKx4kMvsj3Ta76abN7tb284HJvrdvNu999828ebsz7ATw0JpI/2QiDkTEh0nEWO35JCIGKqn+iGPV9W5srOfSJYnNzTf+SCrrXN9Yz0XDa1L7apknI+LH9yIOZrbXW1pdW5gtFPLLtfxUefHsVGl17dCZxdn5/Hx+6cj0zMzho88fPbJ3sf71y9r+Kx+9+sw3x/5594lLH/yUxLHYXytrjGOvTMRE7T0ZSN/CW7yy15X1WLJzcZMtgPtB2jF91b08DsRY9FVSLYx0s2UAQKe8ExGbrfS1LAEA/teS1sd/AOCBVP8e4PrGeq6+9PYbie66+nJEDFfjr5/frJb0187ZDVfOg45eT245M5JExPge1D8REZ9/99ZX6RIdOg8J0MyFixFxanxi+/ifbLtmYbeebWOdidvyxj/onu/T+c8LzeZ/ma35TzSZ/ww12Xfvxp33/8zlPaimpXT+91LDtW03GuKvGe+r5R6pzPkGktNnCvl0bHs0IiZjYCjNT+9Qx+S1f6+1Kmuc//358dtfpvWnjzfXyFzuH7r1NXOz5dl7ibnR1YsRT/U3iz/Z6v+kxfz3RJt1vPbi+5+1KkvjT+OtL9vj76zNwVqiSfx1yY7XJ05VNoep+kbRxLe/fjraqv7G/k+XtP76Z4FuSPt/tOn2vxX/eNJwvebm2O7r+PmLsR9ald05/ubb/2DyZiVd777zs+Xy8nTEYPL69ucP33xtPV9fP41/8ult8VeC32n7Tz8Tnmoz/v4rv3999/F3Vhr/3C76f/kuEpduLPS1qr+9/p+ppCZrz7Qz/rXbwHt57wAAAAAAAAAAAAAAAAAAAAAAAACgXZmI2B9JJruVzmSy2eo9vB+P0UyhWCofPF1cWZqLyr2yx2MgU/+py7GG30Odrv0efj1/+Lb8cxHxWER8MjRSyWdzxcJcr4MHAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgJp9Le7/n/ptqNetAwA6Zriv1y0AALptuL/XLQAAum14V2uPdKwdAED37O74DwA8CBz/AeDh4/gPAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAh504fjxdNv/eWM+l+blzqysLxXOH5vKlheziSi6bKy6fzc4Xi/OFfDZXXGz5jy5UHwrF4tmZWFo5P1XOl8pTpdW1k4vFlaXyyTOLs/P5k/mBrkUGAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAO0rra4tzBYK+WUJCYldJ+JCdT+6X9qzd4kYvDlKjPRsfAIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC43/0XAAD//zGyJVg=")
r0 = open(&(0x7f00000000c0)='./bus\x00', 0xc8942, 0x0)
pwrite64(r0, &(0x7f0000000000)='+', 0x1, 0x3225)
pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000140)='~', 0x1}], 0x1, 0x0, 0x0, 0x4)

00:43:36 executing program 3:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:36 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x5, 0x8, 0x1}, 0x48)
socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000300)='kfree\x00', r1}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r2 = memfd_create(&(0x7f0000000580)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\x91\xfdy\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7U\x00\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0`\xaa8\xc7\xc8\x9d\xfdA\b\x10\x92(c\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n\x8f~\xd0\xe2y-l\xef_\xb0\x93=\xabQ\xf7 \x1d\xa1\xce\x8b\xac \xe8\x88\xdc\x02\xd7\x04\x9b\x9aL\x9f([4\x81\xf6\xb6\xdf\x16J\xab\xecC\xfe{\xfd\x8a\xa3Eo\tCv\xad\x18\xe9\xd8]B6{\xf0(\xaeW;)\x9f\x9cR\xae\x12G\xd8\xa4\a\x00\x00\x00\x00\x00\x00\x00\x94\xb6\xe8\x885\x92#\x8dE \x86[N\xa7\xd03\xa8\xb4,\x85p\xbd\x88\x02\x1d\xf3\xd5X\xa0\xa9M\xca\xc7\x8b\x8cu\xf0\x00\x00\x00\x00\x00i\xc7\xe7\xbc\xd2\x1e\xf99|\x93\xc7\x7flk\xd2\xa0\xe9\x99`\xff\xf6\xfb\xc4\x9a[\x05\\\x96<\x92\xea}\xec\xac\x17\x9f7\xc0\xa1P\xd0\xf2\x8f\xdc\xf2\xb0\vV\xf7%4_\xba\x81\x95cLW\xfcw\xe0\x97wS\x15\xe4F\xb3\x8a\x9f\b\f\x10z\x14>\x03\xf9\xb0\x95\xbd\xaaF\x02\x86.\xbf\x85\xcfo)G\xb1m\xa8\x01H\x1fO\x9d\x9a\x1b\xfd\xaaf\x96\x92\x96\x1b\xfd\x8e\x10\x8a\x9e:\xa5\x14\xb0`\x82\xd8k\xfd\xd2XNh\xd3\xa3\x03\xb1\x10d)\x11.\xe8~\x8c\x19x\x8f\x82Y\xb9\xc8W\xd1\xa8\xa6b9\xbc\x1a\xff\xc5\xdcObsvRc\x13gb\xa4\x0e~\xbb\r\xb7!\x19\x17\xd56\xec\xb5\xe3\xd2\xa3\x17i\x1c?\xcb\x85\xbe\x13\xa13\x05\x8c\xa6Z\x87\xe0\x91]Bp\xd1\xabg\xd9p\xa9)n\xc5t\x8a\xcb\x1e\xec\x92\xdco\xc1\xe2\x12\xd3\xd1\x19\b&%\xf8a&9\x1b?\f\xd8\xa8\x1a\xc8q\x17\xc2]N\x9c\x80\xb1\x13\xb3\xd6\x01\xad\xc26\x13\x93\xd0\x80$\xc8\x05\x91\x9b\xa8\x02\xc3\x87\xc9\x86^\xb8\x7f\xec\\n\x05\xbf\xd7\x15\xce\xff\x00\xe7\xd9\xc5\r\x00\x02\x00\x00\x00\x00\x00\x00\x15\xd2\xd4~\x88\x19der\xa9B\x91m=\xcd\xf7\x9f\xaa\xe7\x9f\x11\x19\xf8\xe6\x16\x7f\xa8W\xf3\xbf\xcbq\x9d\x14#\xb0}\xb4#\x10\xa3\xc8\xff\xc3\x06\xe9^7\x86\x85\xd4:\x8dQd&E\xf4F\xc7l&\x19\xe6\x95\xec\xa1\n\x9cx\x8d\xf2\xec|\xccYR\xaeZ\xd2\x84\xed0\x00\x00\x00\x00\x00\x00\x00', 0x0)
r3 = dup(r2)
pwritev2(r3, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:36 executing program 1:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000002c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002800)=ANY=[], 0x58}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000027b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000003c0)='kmem_cache_free\x00', r3}, 0x10)
close(r0)

00:43:36 executing program 4:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r2}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
ioctl$KDSIGACCEPT(r1, 0x5607, 0x38)

00:43:36 executing program 2:
r0 = socket$tipc(0x1e, 0x2, 0x0)
r1 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r1, &(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
r2 = socket$tipc(0x1e, 0x4, 0x0)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x83f}, 0x10)
bind$tipc(r1, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42, 0x2}}}, 0x10)
bind$tipc(r0, &(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x42, 0x1}}}, 0x10)
sendmsg$tipc(r0, &(0x7f0000002340)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x4}}, 0x10, 0x0}, 0x0)

00:43:36 executing program 3:
getresgid(&(0x7f0000000140), &(0x7f0000000000), &(0x7f0000000100)=<r0=>0x0)
syz_mount_image$msdos(&(0x7f00000000c0), &(0x7f0000000200)='./file0\x00', 0x10814, &(0x7f0000000340)=ANY=[@ANYBLOB='umask=00000000000000000000000,flush,nodots,dots,gid=', @ANYRESHEX=r0, @ANYBLOB="00006b746769643d0092", @ANYRESHEX=0x0, @ANYBLOB="1500bba7d41fabba4332de3ca642acf6f8de847e3f21783608008708a887d30aaf0a14b0691d48445fe3b4d1ddde1b81337b2c3b5f88535d7f6fa931b84783704494cebe49ca9f6269b05edde0246c360d0566b4056f0f02ccab035d3d0a5cde0b31bd424949fe23c0a0a25691738006c5c6acdf101fecdb4f79abdfb95c6afaea03dd5903b5240565f31504c207a9a2aa6c8108fb973081e90412a3c6cfa3b2513693727fad9acd8108acb8b90fab033c9dac0dc3e5a61c513e7b5edc5d76320f0e54045ea2b7b8fb1f78d3d346e26ee5ed6926cea1ffe0a1"], 0x1, 0x200, &(0x7f0000000700)="$eJzs28FqE10UB/Azbdpv8nVhF65EYcCNq6A+gUEqiAEhkoWuDFQ3rQjpJgpin8e1D+HLuOlCsotMZmibaQtJx3Qk/n4w3EP/M3Bm0Zy7uPP27oeD/Y9H77e+nESaZLER8SQmEbt5VUrKNZ3V2zEniTp+1XoaALiWfn/YbboHVms06g5vR8TOhWTwrZGGAAAAAAAAAAAAqG2Z8/8bEV+r5/+Pb7hfAKA+5//XV7tcR6Pu8F6xf6tw/h8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABozmQ6vTXNr7Rcy+u/iEgjoh0R/0dEKyLyvzfdLwBQ32Q6P/evmv8RkUSE+Q8Aa+DV6zcvur3eXj/L0oifx+PBeFCsRf7seW/vYTaze/bUyXg82DzNHxV5Np9vzfYNef740nw7Htwv8jx7+rJXyXdif/WvDwD/pE526tx83yyviE7nsjyfz0V1bn9Qmd+tuNO6sdcAAJZw9OnzwfDw8N3ojxfJck+1y4auvud7a1WtKhYqfiR/RRuKukW6yM0N/zABK3f2T19N0mYaAgAAAAAAAAAAAAAALlj4m6Hp9T85avodAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABYP78DAAD//y6eUd4=")
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
rmdir(&(0x7f0000000140)='./file0\x00')
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.controllers\x00', 0x275a, 0x0)
write$binfmt_script(r1, &(0x7f0000000080)=ANY=[], 0x208e24b)

00:43:36 executing program 1:
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000004850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$sysfs(0xffffff9c, 0x0, 0x0, 0x0)
finit_module(r1, 0x0, 0x0)

00:43:37 executing program 2:
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x0, 0x12, r0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0xb, &(0x7f0000000140)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x180000}, [@printk={@lli, {0x3, 0x3, 0x3, 0xa, 0x1, 0xfe00}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x800000}, {0x85, 0x0, 0x0, 0x10}}]}, &(0x7f0000000040)='syzkaller\x00', 0x9, 0xfe7, &(0x7f0000001e00)=""/4071, 0x0, 0xa}, 0x90)

00:43:37 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000200), &(0x7f0000000280)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10)
r2 = syz_open_dev$usbfs(&(0x7f0000000040), 0x76, 0x141201)
ioctl$USBDEVFS_REAPURB(r2, 0x4008550c, 0x0)
ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000080)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000000), 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

00:43:37 executing program 1:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000580)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b000111000000090400000195699b0009058b", @ANYRES32], 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002a20702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d0000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000016c0)={0x84, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

[  846.325588][T30340] loop0: detected capacity change from 0 to 2048
[  846.349225][T30348] loop3: detected capacity change from 0 to 256
00:43:37 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x5, 0x8, 0x1}, 0x48)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000940)={0xffffffffffffffff, &(0x7f0000000780)="d9", &(0x7f0000000900)=@udp=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000300)='kfree\x00', r2}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = memfd_create(&(0x7f0000000580)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\x91\xfdy\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7U\x00\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0`\xaa8\xc7\xc8\x9d\xfdA\b\x10\x92(c\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n\x8f~\xd0\xe2y-l\xef_\xb0\x93=\xabQ\xf7 \x1d\xa1\xce\x8b\xac \xe8\x88\xdc\x02\xd7\x04\x9b\x9aL\x9f([4\x81\xf6\xb6\xdf\x16J\xab\xecC\xfe{\xfd\x8a\xa3Eo\tCv\xad\x18\xe9\xd8]B6{\xf0(\xaeW;)\x9f\x9cR\xae\x12G\xd8\xa4\a\x00\x00\x00\x00\x00\x00\x00\x94\xb6\xe8\x885\x92#\x8dE \x86[N\xa7\xd03\xa8\xb4,\x85p\xbd\x88\x02\x1d\xf3\xd5X\xa0\xa9M\xca\xc7\x8b\x8cu\xf0\x00\x00\x00\x00\x00i\xc7\xe7\xbc\xd2\x1e\xf99|\x93\xc7\x7flk\xd2\xa0\xe9\x99`\xff\xf6\xfb\xc4\x9a[\x05\\\x96<\x92\xea}\xec\xac\x17\x9f7\xc0\xa1P\xd0\xf2\x8f\xdc\xf2\xb0\vV\xf7%4_\xba\x81\x95cLW\xfcw\xe0\x97wS\x15\xe4F\xb3\x8a\x9f\b\f\x10z\x14>\x03\xf9\xb0\x95\xbd\xaaF\x02\x86.\xbf\x85\xcfo)G\xb1m\xa8\x01H\x1fO\x9d\x9a\x1b\xfd\xaaf\x96\x92\x96\x1b\xfd\x8e\x10\x8a\x9e:\xa5\x14\xb0`\x82\xd8k\xfd\xd2XNh\xd3\xa3\x03\xb1\x10d)\x11.\xe8~\x8c\x19x\x8f\x82Y\xb9\xc8W\xd1\xa8\xa6b9\xbc\x1a\xff\xc5\xdcObsvRc\x13gb\xa4\x0e~\xbb\r\xb7!\x19\x17\xd56\xec\xb5\xe3\xd2\xa3\x17i\x1c?\xcb\x85\xbe\x13\xa13\x05\x8c\xa6Z\x87\xe0\x91]Bp\xd1\xabg\xd9p\xa9)n\xc5t\x8a\xcb\x1e\xec\x92\xdco\xc1\xe2\x12\xd3\xd1\x19\b&%\xf8a&9\x1b?\f\xd8\xa8\x1a\xc8q\x17\xc2]N\x9c\x80\xb1\x13\xb3\xd6\x01\xad\xc26\x13\x93\xd0\x80$\xc8\x05\x91\x9b\xa8\x02\xc3\x87\xc9\x86^\xb8\x7f\xec\\n\x05\xbf\xd7\x15\xce\xff\x00\xe7\xd9\xc5\r\x00\x02\x00\x00\x00\x00\x00\x00\x15\xd2\xd4~\x88\x19der\xa9B\x91m=\xcd\xf7\x9f\xaa\xe7\x9f\x11\x19\xf8\xe6\x16\x7f\xa8W\xf3\xbf\xcbq\x9d\x14#\xb0}\xb4#\x10\xa3\xc8\xff\xc3\x06\xe9^7\x86\x85\xd4:\x8dQd&E\xf4F\xc7l&\x19\xe6\x95\xec\xa1\n\x9cx\x8d\xf2\xec|\xccYR\xaeZ\xd2\x84\xed0\x00\x00\x00\x00\x00\x00\x00', 0x0)
r4 = dup(r3)
pwritev2(r4, 0x0, 0x0, 0x0, 0x0, 0x0)

[  846.368108][T30340] EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  846.381260][T30340] EXT4-fs error (device loop0): ext4_validate_block_bitmap:438: comm syz-executor.0: bg 0: block 234: padding at end of block bitmap is not set
[  846.399884][T30348] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  846.410635][T30340] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 0 with max blocks 1 with error 28
00:43:37 executing program 2:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:37 executing program 2:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000002c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002800)=ANY=[], 0x58}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000027b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000003c0)='kmem_cache_free\x00', r3}, 0x10)
close(r0)

[  846.422855][T30340] EXT4-fs (loop0): This should not happen!! Data will be lost
[  846.422855][T30340] 
[  846.436780][T30340] EXT4-fs (loop0): Total free blocks count 0
[  846.442932][T30340] EXT4-fs (loop0): Free/Dirty block details
[  846.449123][T30340] EXT4-fs (loop0): free_blocks=0
[  846.457790][T30340] EXT4-fs (loop0): dirty_blocks=16
[  846.464901][T30340] EXT4-fs (loop0): Block reservation details
00:43:37 executing program 4:
r0 = socket$tipc(0x1e, 0x2, 0x0)
r1 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r1, &(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
r2 = socket$tipc(0x1e, 0x4, 0x0)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x83f}, 0x10)
bind$tipc(r1, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42, 0x2}}}, 0x10)
bind$tipc(r0, &(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x42, 0x1}}}, 0x10)
sendmsg$tipc(r0, &(0x7f0000002340)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x4}}, 0x10, 0x0}, 0x0)

00:43:37 executing program 4:
r0 = socket(0x2, 0x2, 0x0)
close(r0)
shutdown(r0, 0x0)

[  846.471129][T30340] EXT4-fs (loop0): i_reserved_data_blocks=1
00:43:37 executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_service_time\x00', 0x275a, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1c916, &(0x7f0000000180)=ANY=[@ANYBLOB='nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=', @ANYRESHEX=0xee01, @ANYBLOB=',jqfmt=vfsold,noauto_da_alloc,resgid=', @ANYRESDEC=r1, @ANYBLOB="3200ff97274c68d17b7c16f8461797323c26897387cd742fcba8abebd00606fa2ce467cd74", @ANYRES32=r0], 0x1b, 0x4da, &(0x7f0000000a40)="$eJzs3d1rW+cZAPDnHFtZPpzZYbvIAsvCkmGHLZIdL4kZLNtgbFeBbdnF7jLPlo2xbBlLTmITNof9AYMR2kKvetWbQv+AQsldb0tLoL0vbWkpbdJe9KKNir7SxJH8QWQrWL8fHOs9H/LzvBJ6dd73vOgE0LNORcT5iHhYqVTORsRgY3vaWO4eiYj1+nEP7t+aqi5JVCpXP08iaWyrHj/y2P9sPCUORsTf/hzxr+TpuKXVtfnJQiG/3FjPlReWcqXVtXNzC5Oz+dn84vj42MWJSxMXJkY7Us+BiLj8x49f+N+rf7r85q9ufHDt05F/V9P6bWN/sx6dVq96pvZaNPVHxPJuBOuCvkZ9Mt1OBACAbWme5/88Is7GYPTVzuYAAACA/aTyu4H4JomoAAAAAPtWWpsbm6TZxjyAgUjTbLY+h/fHcTgtFEvlX84UVxan63NohyKTzswV8qONucJDkUmq62O18vfr5zesj0fEsYi4M3iotp6dKhamuz34AQAAAD3iyIb+/1eD9f4/AAAAsM8MdTsBAAAAYNfp/wMAAMD+16L//49u5AEAAADsir9cuVJdKs37X09fX12ZL14/N50vzWcXVqayU8XlpexssThb+82+ha3+X6FYXPp1LK7czJXzpXKutLp2baG4sli+NvfELbABAACAPXTsZ3ffTyJi/TeHakvVgW4nBeyJ/p0c/NHu5QHsvb5uJwB0zY6+/4F9JdPtBICuS7bY33byztudzwUAANgdwz9pff0/2XJsYD3doxSBXWL8D3qX6//Qu1z/h96Vib7QkYfetvvX/yuVHSUEAAB03EBtSdJsRG0cYCDSNJuNOFq7LUAmmZkr5Ecj4ocR8d5g5gfV9bHaM5Mt+wwAAAAAAAAAAAAAAAAAAAAAAAAAQF2lkkQFAAAA2Nci0k+Sxv2/hgfPDGwcHziQfD1Ye4yIGy9fffHmZLm8PFbd/sWj7eWXGtvPd2MEAwAAANio2U9v9uMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJMe3L811Vz2Mu5nf4iIoVbx++Ng7fFgZCLi8JdJ9D/2vCQi+joQf/12RBxvFT+pphVDjSxaxT/UxfhpRBzpQHzoZXer7c/vW33+0jhVe2z9+btYa6GeXfv2L33U/vW1aX+ObjPGiXuv59rGvx1xor91+9OMn7SJf3qb8f/597W1dvsqr0QMt/z+SZ6IlSsvLOVKq2vn5hYmZ/Oz+cXx8bGLE5cmLkyM5mbmCvnG3xYRDsT/f/rGw83qfzjutG1/N6v/mW3W/9t7N+//qF7MtIo/crr1+3+8Tfy08d33i0a5un+4WV6vlx938rV3Tka8+1a7+k+3ef23ev9Htln/s3/974fbPBQA2AOl1bX5yUIhv9zThWd6NaqnRc9FLRR2WvjP85HGc1nobrsEAAB03tN94Cd14ho7AAAAAAAAAAAAAAAAAAAAsLm9/HW9pvXuVBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYFPfBQAA//9z7Ner")
r2 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)

00:43:37 executing program 4:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r2}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
ioctl$KDSIGACCEPT(r1, 0x5607, 0x38)

00:43:37 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000007000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

[  846.502401][  T351] EXT4-fs (loop0): Delayed block allocation failed for inode 18 at logical offset 6 with max blocks 1 with error 28
[  846.514565][  T351] EXT4-fs (loop0): This should not happen!! Data will be lost
[  846.514565][  T351] 
00:43:37 executing program 2:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:37 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r4 = dup(r3)
write$FUSE_BMAP(r4, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r5, 0x0, 0x2)

00:43:37 executing program 2:
r0 = syz_open_dev$tty1(0xc, 0x4, 0x1)
ioctl$KDFONTOP_GET(r0, 0x4b72, &(0x7f0000000580)={0x1, 0x0, 0xa, 0x0, 0xfffffffe, 0x0})

00:43:37 executing program 4:
socket$inet6_icmp_raw(0xa, 0x3, 0x3a)
r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/raw6\x00')
preadv(r0, &(0x7f00000001c0)=[{&(0x7f0000000240)=""/198, 0xc6}], 0x1, 0xa3, 0x0)
r1 = getuid()
syz_mount_image$msdos(&(0x7f0000000140), &(0x7f0000000040)='./file0\x00', 0x200012, &(0x7f0000000100)=ANY=[@ANYRES8=r1, @ANYRESDEC, @ANYRES32=r1], 0x1, 0x522, &(0x7f0000000a80)="$eJzs1b1u01AYBuCvaSiBqTNiOBILU1XYmAhCqVRhCQmUASYiNSwxQooXJ1MvgQvgwhi4CJSpW1BlF2jFWP+oeZ4ln/LaPuc9g/3p8ZfF2dfi849v32M03ovBOB4MLvbiMAZx5TwAgLvkYruNX9tK13sBANrh+w8Au+f9h49vXmXZ5F1Ko4jNeTktp9VvlZ+cZpPjdOngn7s2ZTnd/5M/S5Xr+b14WOfP/5sfxNMnVX6ZvX6b3cjvx1nj7QEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYLcdpTSMiJRSOvz776Ysp/tVfpSu3Mir6eQ0mxzXF1zPh/Fo2FoNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4BYUq/Vilufz5R0bIn5Gy4uO6iNtuem4XrYvJ9/k8LKJJ7+IiL4U7NHQ4UsJAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADoVLFaL2Z5Pl8WXe8EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOiLYrVezPJ8vmxw6LojAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0I3fAQAA///PCC46")
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$UHID_CREATE2(r2, &(0x7f00000001c0)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r2, 0x0)
mkdir(&(0x7f0000000100)='./file0\x00', 0x0)

00:43:37 executing program 2:
r0 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', &(0x7f0000000140), 0x18)
creat(&(0x7f0000000040)='./file0\x00', 0x0)
openat(r0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0)

[  846.578054][T30372] loop0: detected capacity change from 0 to 512
[  846.593805][T30372] EXT4-fs (loop0): Quota format mount options ignored when QUOTA feature is enabled
[  846.610937][T30372] EXT4-fs (loop0): feature flags set on rev 0 fs, running e2fsck is recommended
00:43:37 executing program 3:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000002c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002800)=ANY=[], 0x58}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000027b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
close(r0)

00:43:37 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000007000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

[  846.632324][T30372] [EXT4 FS bs=4096, gc=1, bpg=3008, ipg=32, mo=4015e018, mo2=0000]
[  846.636358][   T20] usb 2-1: new high-speed USB device number 127 using dummy_hcd
[  846.647904][T30372] EXT4-fs (loop0): 1 truncate cleaned up
[  846.653648][T30372] EXT4-fs (loop0): mounted filesystem without journal. Opts: nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=0x000000000000ee01,jqfmt=vfsold,noauto_da_alloc,resgid=000000000000000000032,errors=continue. Quota mode: writeback.
00:43:37 executing program 0:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:37 executing program 2:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

00:43:37 executing program 4:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r2}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
ioctl$KDSIGACCEPT(r1, 0x5607, 0x38)

00:43:37 executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
read$char_usb(r2, 0x0, 0x0)

00:43:37 executing program 2:
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
fchmod(0xffffffffffffffff, 0x0)
fchown(0xffffffffffffffff, 0x0, 0xee01)
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)
socket$key(0xf, 0x3, 0x2)
connect$inet(0xffffffffffffffff, 0x0, 0x0)
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000340)=ANY=[@ANYBLOB="5c010000100001000000000000000000e000000200"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ffffffff0000000000000000000000000000000033000000ac1414aa00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a00000000000000000000001c00170000000000000000000000000000000000000000000000000048000100736861323536"], 0x15c}}, 0x0)

[  846.684523][T30372] EXT4-fs (loop0): re-mounted. Opts: (null). Quota mode: writeback.
[  846.690598][T30381] loop4: detected capacity change from 0 to 2048
[  846.703436][ T2745] Quota error (device loop0): free_dqentry: Quota structure has offset to other block (1) than it should (5)
00:43:37 executing program 3:
syz_clone3(&(0x7f0000000240)={0x3185200, &(0x7f0000000000)=<r0=>0xffffffffffffffff, 0x0, 0x0, {}, 0x0, 0x0, &(0x7f0000000140)=""/191, 0x0}, 0x58)
r1 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000002c0)={0x1001})
epoll_ctl$EPOLL_CTL_MOD(r1, 0x3, r0, &(0x7f0000000300)={0x2009})

00:43:37 executing program 2:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a9"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_service_time\x00', 0x275a, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1c916, &(0x7f0000000180)=ANY=[@ANYBLOB='nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=', @ANYRESHEX=0xee01, @ANYBLOB=',jqfmt=vfsold,noauto_da_alloc,resgid=', @ANYRESDEC=r1, @ANYBLOB="3200ff97274c68d17b7c16f8461797323c26897387cd742fcba8abebd00606fa2ce467cd74", @ANYRES32=r0], 0x1b, 0x4da, &(0x7f0000000a40)="$eJzs3d1rW+cZAPDnHFtZPpzZYbvIAsvCkmGHLZIdL4kZLNtgbFeBbdnF7jLPlo2xbBlLTmITNof9AYMR2kKvetWbQv+AQsldb0tLoL0vbWkpbdJe9KKNir7SxJH8QWQrWL8fHOs9H/LzvBJ6dd73vOgE0LNORcT5iHhYqVTORsRgY3vaWO4eiYj1+nEP7t+aqi5JVCpXP08iaWyrHj/y2P9sPCUORsTf/hzxr+TpuKXVtfnJQiG/3FjPlReWcqXVtXNzC5Oz+dn84vj42MWJSxMXJkY7Us+BiLj8x49f+N+rf7r85q9ufHDt05F/V9P6bWN/sx6dVq96pvZaNPVHxPJuBOuCvkZ9Mt1OBACAbWme5/88Is7GYPTVzuYAAACA/aTyu4H4JomoAAAAAPtWWpsbm6TZxjyAgUjTbLY+h/fHcTgtFEvlX84UVxan63NohyKTzswV8qONucJDkUmq62O18vfr5zesj0fEsYi4M3iotp6dKhamuz34AQAAAD3iyIb+/1eD9f4/AAAAsM8MdTsBAAAAYNfp/wMAAMD+16L//49u5AEAAADsir9cuVJdKs37X09fX12ZL14/N50vzWcXVqayU8XlpexssThb+82+ha3+X6FYXPp1LK7czJXzpXKutLp2baG4sli+NvfELbABAACAPXTsZ3ffTyJi/TeHakvVgW4nBeyJ/p0c/NHu5QHsvb5uJwB0zY6+/4F9JdPtBICuS7bY33byztudzwUAANgdwz9pff0/2XJsYD3doxSBXWL8D3qX6//Qu1z/h96Vib7QkYfetvvX/yuVHSUEAAB03EBtSdJsRG0cYCDSNJuNOFq7LUAmmZkr5Ecj4ocR8d5g5gfV9bHaM5Mt+wwAAAAAAAAAAAAAAAAAAAAAAAAAQF2lkkQFAAAA2Nci0k+Sxv2/hgfPDGwcHziQfD1Ye4yIGy9fffHmZLm8PFbd/sWj7eWXGtvPd2MEAwAAANio2U9v9uMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJMe3L811Vz2Mu5nf4iIoVbx++Ng7fFgZCLi8JdJ9D/2vCQi+joQf/12RBxvFT+pphVDjSxaxT/UxfhpRBzpQHzoZXer7c/vW33+0jhVe2z9+btYa6GeXfv2L33U/vW1aX+ObjPGiXuv59rGvx1xor91+9OMn7SJf3qb8f/597W1dvsqr0QMt/z+SZ6IlSsvLOVKq2vn5hYmZ/Oz+cXx8bGLE5cmLkyM5mbmCvnG3xYRDsT/f/rGw83qfzjutG1/N6v/mW3W/9t7N+//qF7MtIo/crr1+3+8Tfy08d33i0a5un+4WV6vlx938rV3Tka8+1a7+k+3ef23ev9Htln/s3/974fbPBQA2AOl1bX5yUIhv9zThWd6NaqnRc9FLRR2WvjP85HGc1nobrsEAAB03tN94Cd14ho7AAAAAAAAAAAAAAAAAAAAsLm9/HW9pvXuVBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYFPfBQAA//9z7Ner")
r2 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)

00:43:37 executing program 3:
keyctl$restrict_keyring(0x18, 0x0, 0x0, 0x0)

[  846.746993][T30395] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'.
00:43:37 executing program 0:
pipe2$watch_queue(&(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x80)
close_range(r0, 0xffffffffffffffff, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$BATADV_CMD_GET_ROUTING_ALGOS(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000002a40)=ANY=[], 0x64}}, 0x0)

00:43:37 executing program 3:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000002c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002800)=ANY=[], 0x58}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000027b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
close(r0)

00:43:37 executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

[  846.792212][T30404] loop2: detected capacity change from 0 to 512
[  846.820127][T30404] EXT4-fs (loop2): Quota format mount options ignored when QUOTA feature is enabled
00:43:37 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
read$char_usb(r2, 0x0, 0x0)

00:43:37 executing program 3:
syz_mount_image$vfat(&(0x7f0000000100), &(0x7f0000000640)='./bus\x00', 0x0, &(0x7f0000000080)=ANY=[], 0x1, 0x1268, &(0x7f0000002500)="$eJzs3U9rI2UcB/Bf2vTv2qbquroL4oNeFCFue/DkpcguiAWl2gUVhFmbamialCYUIuLWkyfBlyHq0ZsgvoFevHgWBJFePO5BHGmT1aZJu7ptU5HP5zIPzzzfeWYyzMCE+TF7L32+sb7WLK9lrRgpFKK4ORbFuylSjMRodOzEc7d+/OnJN956+9XFpaUbyyndXHxz/sWU0uxT373z0ddPf9+6dOub2W8nYnfu3b3fFn7evbJ7de+Pr6LaTNVmqjdaKUu3G41WdrtWSavV5no5pddrlaxZSdV6s7LVs36t1tjcbKesvjozvblVaTZTVm+n9Uo7tQqptdVO2ftZtZ7K5XKamQ5OY+XLu3meR+T5WIxHnuf5VEzHpXgoZmI2SjEXD8cj8WhcjsfiSjweT8TVg1EXvd8AAAAAAAAAAAAAAAAAAADw/3Kf+v+C+n8AAAAAAAAAAAAAAAAAAAA4f0fr/4sRvv8PAAAAAAAAAAAAAAAAAAAAQ3af7/8fqf9/Xv0/AAAAAAAAAAAAAAAAAAAAnIfJzmI5pcmIjU+3V7ZXOstO/+JaVKMWlbgepfg9Dqr/Ozrtm68s3bieDszFCxt3uvk72yujvfn5sVLMFQbm5zv51JufiOnD+YUoxeXB8y8MzE/Gs8/s5z/p5MtRih/ei0bUYjWi0D36g/zH8ym9/NrSVG/+2v64Y42e82kBAACAs1ROf+l/ft/pDhq4vrOq+3yeuiMLJ/w/cOT5vBjXihd11NzTbH+4ntVqla0HbIwfv53x0225r1GIiCwO98xO/7K8P/mZTfGgjdGhTjp28phTnNMo/gd+zDNo/PrFoZ7JGO7sI91LIqvt3z//WSp28vxcd2zgxThxUur4e0ZhCPclhuPvk37RewIAAAAAAAAAAMC/MfDtv6mI6Hsf8IO+nnuvh/fG+7d8/OyfDeEIAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/mQHjgUAAAAAhPlbp9GxAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwFcBAAD///ME0UM=")
r0 = creat(&(0x7f0000000140)='./bus\x00', 0x0)
ftruncate(r0, 0x12081ff)
r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x81000)
renameat2(r1, &(0x7f0000000140)='./file1\x00', r1, &(0x7f0000000980)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)
unlinkat(r1, &(0x7f0000000540)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0)

00:43:37 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x5, 0x8, 0x1}, 0x48)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000940)={0xffffffffffffffff, &(0x7f0000000780)="d9", &(0x7f0000000900)=@udp=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000300)='kfree\x00', r2}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = memfd_create(&(0x7f0000000580)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\x91\xfdy\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7U\x00\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0`\xaa8\xc7\xc8\x9d\xfdA\b\x10\x92(c\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n\x8f~\xd0\xe2y-l\xef_\xb0\x93=\xabQ\xf7 \x1d\xa1\xce\x8b\xac \xe8\x88\xdc\x02\xd7\x04\x9b\x9aL\x9f([4\x81\xf6\xb6\xdf\x16J\xab\xecC\xfe{\xfd\x8a\xa3Eo\tCv\xad\x18\xe9\xd8]B6{\xf0(\xaeW;)\x9f\x9cR\xae\x12G\xd8\xa4\a\x00\x00\x00\x00\x00\x00\x00\x94\xb6\xe8\x885\x92#\x8dE \x86[N\xa7\xd03\xa8\xb4,\x85p\xbd\x88\x02\x1d\xf3\xd5X\xa0\xa9M\xca\xc7\x8b\x8cu\xf0\x00\x00\x00\x00\x00i\xc7\xe7\xbc\xd2\x1e\xf99|\x93\xc7\x7flk\xd2\xa0\xe9\x99`\xff\xf6\xfb\xc4\x9a[\x05\\\x96<\x92\xea}\xec\xac\x17\x9f7\xc0\xa1P\xd0\xf2\x8f\xdc\xf2\xb0\vV\xf7%4_\xba\x81\x95cLW\xfcw\xe0\x97wS\x15\xe4F\xb3\x8a\x9f\b\f\x10z\x14>\x03\xf9\xb0\x95\xbd\xaaF\x02\x86.\xbf\x85\xcfo)G\xb1m\xa8\x01H\x1fO\x9d\x9a\x1b\xfd\xaaf\x96\x92\x96\x1b\xfd\x8e\x10\x8a\x9e:\xa5\x14\xb0`\x82\xd8k\xfd\xd2XNh\xd3\xa3\x03\xb1\x10d)\x11.\xe8~\x8c\x19x\x8f\x82Y\xb9\xc8W\xd1\xa8\xa6b9\xbc\x1a\xff\xc5\xdcObsvRc\x13gb\xa4\x0e~\xbb\r\xb7!\x19\x17\xd56\xec\xb5\xe3\xd2\xa3\x17i\x1c?\xcb\x85\xbe\x13\xa13\x05\x8c\xa6Z\x87\xe0\x91]Bp\xd1\xabg\xd9p\xa9)n\xc5t\x8a\xcb\x1e\xec\x92\xdco\xc1\xe2\x12\xd3\xd1\x19\b&%\xf8a&9\x1b?\f\xd8\xa8\x1a\xc8q\x17\xc2]N\x9c\x80\xb1\x13\xb3\xd6\x01\xad\xc26\x13\x93\xd0\x80$\xc8\x05\x91\x9b\xa8\x02\xc3\x87\xc9\x86^\xb8\x7f\xec\\n\x05\xbf\xd7\x15\xce\xff\x00\xe7\xd9\xc5\r\x00\x02\x00\x00\x00\x00\x00\x00\x15\xd2\xd4~\x88\x19der\xa9B\x91m=\xcd\xf7\x9f\xaa\xe7\x9f\x11\x19\xf8\xe6\x16\x7f\xa8W\xf3\xbf\xcbq\x9d\x14#\xb0}\xb4#\x10\xa3\xc8\xff\xc3\x06\xe9^7\x86\x85\xd4:\x8dQd&E\xf4F\xc7l&\x19\xe6\x95\xec\xa1\n\x9cx\x8d\xf2\xec|\xccYR\xaeZ\xd2\x84\xed0\x00\x00\x00\x00\x00\x00\x00', 0x0)
r4 = dup(r3)
pwritev2(r4, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:37 executing program 4:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB, @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:37 executing program 0:
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a300000001f0900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWRULE={0x60, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x34, 0x4, 0x0, 0x1, [{0x30, 0x1, 0x0, 0x1, @immediate={{0xe}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_IMMEDIATE_DREG={0x8}, @NFTA_IMMEDIATE_DATA={0x10, 0x2, 0x0, 0x1, [@NFTA_DATA_VERDICT={0xc, 0x2, 0x0, 0x1, [@NFTA_VERDICT_CODE={0x8}]}]}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_DELRULE={0x14}], {0x14}}, 0x9c}}, 0x0)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x40, 0x3, 0xa, 0x205, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}]}, @NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_EXPRESSIONS={0x14, 0x4, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, @masq={{0x9}, @void}}]}, @NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xc4}}, 0x0)

[  846.833979][T30404] EXT4-fs (loop2): feature flags set on rev 0 fs, running e2fsck is recommended
[  846.903419][T30404] [EXT4 FS bs=4096, gc=1, bpg=3008, ipg=32, mo=4015e018, mo2=0000]
[  846.913208][T30404] EXT4-fs (loop2): 1 truncate cleaned up
[  846.919168][T30404] EXT4-fs (loop2): mounted filesystem without journal. Opts: nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=0x000000000000ee01,jqfmt=vfsold,noauto_da_alloc,resgid=000000000000000000032,errors=continue. Quota mode: writeback.
[  846.920651][T30417] loop3: detected capacity change from 0 to 8192
[  846.942679][  T351] Quota error (device loop2): free_dqentry: Quota structure has offset to other block (1) than it should (5)
[  846.960988][T30404] EXT4-fs (loop2): re-mounted. Opts: (null). Quota mode: writeback.
[  847.066370][   T20] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11
[  847.077465][   T20] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024
[  847.088692][   T20] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  847.097716][   T20] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  847.116356][T30353] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  848.036352][   T20] aiptek 2-1:17.0: Aiptek using 400 ms programming speed
[  848.043649][   T20] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input364
[  848.238688][   T20] usb 2-1: USB disconnect, device number 127
00:43:39 executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
read$char_usb(r2, 0x0, 0x0)

00:43:39 executing program 4:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff, 0x7}, 0x48)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000200), &(0x7f0000000280)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10)
r2 = syz_open_dev$usbfs(&(0x7f0000000040), 0x76, 0x141201)
ioctl$USBDEVFS_REAPURB(r2, 0x4008550c, 0x0)
ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000080)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000000), 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

00:43:39 executing program 0:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r2}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
ioctl$KDSIGACCEPT(r1, 0x5607, 0x38)

00:43:39 executing program 2:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000002c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002800)=ANY=[], 0x58}, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000027b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
close(r0)

00:43:39 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

00:43:39 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x5, 0x8, 0x1}, 0x48)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000940)={r0, 0x0, &(0x7f0000000900)=@udp=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000300)='kfree\x00', r2}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = memfd_create(&(0x7f0000000580)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\x91\xfdy\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7U\x00\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0`\xaa8\xc7\xc8\x9d\xfdA\b\x10\x92(c\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n\x8f~\xd0\xe2y-l\xef_\xb0\x93=\xabQ\xf7 \x1d\xa1\xce\x8b\xac \xe8\x88\xdc\x02\xd7\x04\x9b\x9aL\x9f([4\x81\xf6\xb6\xdf\x16J\xab\xecC\xfe{\xfd\x8a\xa3Eo\tCv\xad\x18\xe9\xd8]B6{\xf0(\xaeW;)\x9f\x9cR\xae\x12G\xd8\xa4\a\x00\x00\x00\x00\x00\x00\x00\x94\xb6\xe8\x885\x92#\x8dE \x86[N\xa7\xd03\xa8\xb4,\x85p\xbd\x88\x02\x1d\xf3\xd5X\xa0\xa9M\xca\xc7\x8b\x8cu\xf0\x00\x00\x00\x00\x00i\xc7\xe7\xbc\xd2\x1e\xf99|\x93\xc7\x7flk\xd2\xa0\xe9\x99`\xff\xf6\xfb\xc4\x9a[\x05\\\x96<\x92\xea}\xec\xac\x17\x9f7\xc0\xa1P\xd0\xf2\x8f\xdc\xf2\xb0\vV\xf7%4_\xba\x81\x95cLW\xfcw\xe0\x97wS\x15\xe4F\xb3\x8a\x9f\b\f\x10z\x14>\x03\xf9\xb0\x95\xbd\xaaF\x02\x86.\xbf\x85\xcfo)G\xb1m\xa8\x01H\x1fO\x9d\x9a\x1b\xfd\xaaf\x96\x92\x96\x1b\xfd\x8e\x10\x8a\x9e:\xa5\x14\xb0`\x82\xd8k\xfd\xd2XNh\xd3\xa3\x03\xb1\x10d)\x11.\xe8~\x8c\x19x\x8f\x82Y\xb9\xc8W\xd1\xa8\xa6b9\xbc\x1a\xff\xc5\xdcObsvRc\x13gb\xa4\x0e~\xbb\r\xb7!\x19\x17\xd56\xec\xb5\xe3\xd2\xa3\x17i\x1c?\xcb\x85\xbe\x13\xa13\x05\x8c\xa6Z\x87\xe0\x91]Bp\xd1\xabg\xd9p\xa9)n\xc5t\x8a\xcb\x1e\xec\x92\xdco\xc1\xe2\x12\xd3\xd1\x19\b&%\xf8a&9\x1b?\f\xd8\xa8\x1a\xc8q\x17\xc2]N\x9c\x80\xb1\x13\xb3\xd6\x01\xad\xc26\x13\x93\xd0\x80$\xc8\x05\x91\x9b\xa8\x02\xc3\x87\xc9\x86^\xb8\x7f\xec\\n\x05\xbf\xd7\x15\xce\xff\x00\xe7\xd9\xc5\r\x00\x02\x00\x00\x00\x00\x00\x00\x15\xd2\xd4~\x88\x19der\xa9B\x91m=\xcd\xf7\x9f\xaa\xe7\x9f\x11\x19\xf8\xe6\x16\x7f\xa8W\xf3\xbf\xcbq\x9d\x14#\xb0}\xb4#\x10\xa3\xc8\xff\xc3\x06\xe9^7\x86\x85\xd4:\x8dQd&E\xf4F\xc7l&\x19\xe6\x95\xec\xa1\n\x9cx\x8d\xf2\xec|\xccYR\xaeZ\xd2\x84\xed0\x00\x00\x00\x00\x00\x00\x00', 0x0)
r4 = dup(r3)
pwritev2(r4, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:39 executing program 1:
r0 = socket$tipc(0x1e, 0x2, 0x0)
r1 = socket$tipc(0x1e, 0x2, 0x0)
bind$tipc(r1, &(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10)
r2 = socket$tipc(0x1e, 0x4, 0x0)
setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000040)={0x42, 0x83f}, 0x10)
bind$tipc(r1, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42, 0x2}}}, 0x10)
bind$tipc(r0, &(0x7f0000000080)=@name={0x1e, 0x2, 0x0, {{0x42, 0x1}}}, 0x10)
sendmsg$tipc(r0, &(0x7f0000002340)={&(0x7f0000000000)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x4}}, 0x10, 0x0}, 0x0)

00:43:39 executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10)
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff}, 0x0)
write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000300)=ANY=[@ANYBLOB="1500000065ffff018400110800395032303030"], 0x15)
r4 = dup(r3)
write$FUSE_BMAP(r4, &(0x7f0000000080)={0x18}, 0x18)
write$FUSE_NOTIFY_RETRIEVE(r4, &(0x7f00000000c0)={0x14c}, 0x137)
mount$9p_fd(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000200), 0x0, &(0x7f0000000600)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r2, @ANYBLOB=',wfdno=', @ANYRESHEX=r3])
lchown(&(0x7f0000000100)='./file0\x00', 0xffffffffffffffff, 0x0)
r5 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x0, 0x0)
getdents64(r5, 0x0, 0x2)

00:43:39 executing program 1:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a9"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_service_time\x00', 0x275a, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1c916, &(0x7f0000000180)=ANY=[@ANYBLOB='nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=', @ANYRESHEX=0xee01, @ANYBLOB=',jqfmt=vfsold,noauto_da_alloc,resgid=', @ANYRESDEC=r1, @ANYBLOB="3200ff97274c68d17b7c16f8461797323c26897387cd742fcba8abebd00606fa2ce467cd74", @ANYRES32=r0], 0x1b, 0x4da, &(0x7f0000000a40)="$eJzs3d1rW+cZAPDnHFtZPpzZYbvIAsvCkmGHLZIdL4kZLNtgbFeBbdnF7jLPlo2xbBlLTmITNof9AYMR2kKvetWbQv+AQsldb0tLoL0vbWkpbdJe9KKNir7SxJH8QWQrWL8fHOs9H/LzvBJ6dd73vOgE0LNORcT5iHhYqVTORsRgY3vaWO4eiYj1+nEP7t+aqi5JVCpXP08iaWyrHj/y2P9sPCUORsTf/hzxr+TpuKXVtfnJQiG/3FjPlReWcqXVtXNzC5Oz+dn84vj42MWJSxMXJkY7Us+BiLj8x49f+N+rf7r85q9ufHDt05F/V9P6bWN/sx6dVq96pvZaNPVHxPJuBOuCvkZ9Mt1OBACAbWme5/88Is7GYPTVzuYAAACA/aTyu4H4JomoAAAAAPtWWpsbm6TZxjyAgUjTbLY+h/fHcTgtFEvlX84UVxan63NohyKTzswV8qONucJDkUmq62O18vfr5zesj0fEsYi4M3iotp6dKhamuz34AQAAAD3iyIb+/1eD9f4/AAAAsM8MdTsBAAAAYNfp/wMAAMD+16L//49u5AEAAADsir9cuVJdKs37X09fX12ZL14/N50vzWcXVqayU8XlpexssThb+82+ha3+X6FYXPp1LK7czJXzpXKutLp2baG4sli+NvfELbABAACAPXTsZ3ffTyJi/TeHakvVgW4nBeyJ/p0c/NHu5QHsvb5uJwB0zY6+/4F9JdPtBICuS7bY33byztudzwUAANgdwz9pff0/2XJsYD3doxSBXWL8D3qX6//Qu1z/h96Vib7QkYfetvvX/yuVHSUEAAB03EBtSdJsRG0cYCDSNJuNOFq7LUAmmZkr5Ecj4ocR8d5g5gfV9bHaM5Mt+wwAAAAAAAAAAAAAAAAAAAAAAAAAQF2lkkQFAAAA2Nci0k+Sxv2/hgfPDGwcHziQfD1Ye4yIGy9fffHmZLm8PFbd/sWj7eWXGtvPd2MEAwAAANio2U9v9uMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJMe3L811Vz2Mu5nf4iIoVbx++Ng7fFgZCLi8JdJ9D/2vCQi+joQf/12RBxvFT+pphVDjSxaxT/UxfhpRBzpQHzoZXer7c/vW33+0jhVe2z9+btYa6GeXfv2L33U/vW1aX+ObjPGiXuv59rGvx1xor91+9OMn7SJf3qb8f/597W1dvsqr0QMt/z+SZ6IlSsvLOVKq2vn5hYmZ/Oz+cXx8bGLE5cmLkyM5mbmCvnG3xYRDsT/f/rGw83qfzjutG1/N6v/mW3W/9t7N+//qF7MtIo/crr1+3+8Tfy08d33i0a5un+4WV6vlx938rV3Tka8+1a7+k+3ef23ev9Htln/s3/974fbPBQA2AOl1bX5yUIhv9zThWd6NaqnRc9FLRR2WvjP85HGc1nobrsEAAB03tN94Cd14ho7AAAAAAAAAAAAAAAAAAAAsLm9/HW9pvXuVBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYFPfBQAA//9z7Ner")
r2 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)

00:43:39 executing program 2:
clock_settime(0xca8a6cfc4e3c3683, 0x0)

00:43:39 executing program 4:
r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000580)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b000111000000090400000195699b0009058b", @ANYRES32], 0x0)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002a20702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000002d0000"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r1}, 0x10)
syz_usb_control_io(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f00000016c0)={0x84, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

00:43:39 executing program 0:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000002c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002800)=ANY=[], 0x58}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000003c0)='kmem_cache_free\x00'}, 0x10)
close(r0)

00:43:39 executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x5, 0x2, 0x7, 0x102, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r0}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
write$cgroup_int(r1, &(0x7f0000000100), 0x1001)
ioctl$SIOCSIFHWADDR(r1, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}})

00:43:39 executing program 2:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

00:43:39 executing program 0:
r0 = socket$inet6(0xa, 0x3, 0x80)
getsockopt$sock_buf(r0, 0x1, 0x2b, 0x0, &(0x7f0000000100))

00:43:39 executing program 0:
r0 = socket$packet(0x11, 0x2, 0x300)
ioctl$sock_inet_SIOCGIFBRDADDR(r0, 0x8919, &(0x7f00000002c0)={'veth1_to_bond\x00', {0x2, 0x0, @multicast1}})

[  848.813264][T30445] loop1: detected capacity change from 0 to 512
00:43:39 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0xfff, 0x7}, 0x48)
r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, &(0x7f0000000200), &(0x7f0000000280)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f0000000300)='sched_switch\x00', r1}, 0x10)
r2 = syz_open_dev$usbfs(&(0x7f0000000040), 0x76, 0x141201)
ioctl$USBDEVFS_REAPURB(r2, 0x4008550c, 0x0)
ioctl$USBDEVFS_SUBMITURB(r2, 0x8038550a, &(0x7f0000000080)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000000), 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

00:43:39 executing program 0:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r2}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
ioctl$KDSIGACCEPT(r1, 0x5607, 0x38)

00:43:39 executing program 3:
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f0000000000)={0x77359400}, 0x10)

00:43:39 executing program 3:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000007000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000500)='hrtimer_start\x00', r1}, 0x10)
timer_create(0x0, 0x0, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0)

[  848.862877][T30445] EXT4-fs (loop1): Quota format mount options ignored when QUOTA feature is enabled
[  848.886335][T30445] EXT4-fs (loop1): feature flags set on rev 0 fs, running e2fsck is recommended
00:43:39 executing program 3:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000002c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002800)=ANY=[], 0x58}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000003c0)='kmem_cache_free\x00'}, 0x10)
close(r0)

00:43:39 executing program 3:
unshare(0x6a040200)

00:43:39 executing program 2:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

[  848.908191][T30445] [EXT4 FS bs=4096, gc=1, bpg=3008, ipg=32, mo=4015e018, mo2=0000]
[  848.920010][T30445] EXT4-fs (loop1): 1 truncate cleaned up
[  848.925875][T30445] EXT4-fs (loop1): mounted filesystem without journal. Opts: nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=0x000000000000ee01,jqfmt=vfsold,noauto_da_alloc,resgid=000000000000000000032,errors=continue. Quota mode: writeback.
00:43:39 executing program 0:
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmmsg(r1, &(0x7f0000002880), 0x10, 0x0)
sendto$unix(r1, &(0x7f0000000100)="8d", 0x1, 0x0, 0x0, 0x0)
recvfrom$unix(r0, &(0x7f0000000140)=""/178, 0xb2, 0x60, 0x0, 0x0)

00:43:39 executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x5, 0x2, 0x7, 0x102, 0x1}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000640), &(0x7f0000000740), 0x75, r0}, 0x38)
bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.events\x00', 0x275a, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0, r2}, 0x10)
write$cgroup_int(r1, &(0x7f0000000100), 0x1001)
ioctl$SIOCSIFHWADDR(r1, 0x4030582b, &(0x7f0000000280)={'lo\x00', @link_local={0x1, 0x80, 0xc2, 0xc}})

00:43:39 executing program 3:
r0 = socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_INIT(r0, 0x0, 0x60, 0x0, 0x0)

00:43:39 executing program 2:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:39 executing program 2:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f00000002c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, &(0x7f0000002800)=ANY=[], 0x58}, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000003c0)='kmem_cache_free\x00'}, 0x10)
close(r0)

00:43:39 executing program 0:
pipe2(&(0x7f0000000000)={<r0=>0xffffffffffffffff}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$NL80211_CMD_SET_QOS_MAP(r0, &(0x7f0000005380)={0x0, 0x0, &(0x7f0000005340)={&(0x7f0000005200)={0x14, 0x0, 0x0, 0x0, 0x0, {{}, {@void, @void}}}, 0x14}}, 0x0)

00:43:39 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a9"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_service_time\x00', 0x275a, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1c916, &(0x7f0000000180)=ANY=[@ANYBLOB='nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=', @ANYRESHEX=0xee01, @ANYBLOB=',jqfmt=vfsold,noauto_da_alloc,resgid=', @ANYRESDEC=r1, @ANYBLOB="3200ff97274c68d17b7c16f8461797323c26897387cd742fcba8abebd00606fa2ce467cd74", @ANYRES32=r0], 0x1b, 0x4da, &(0x7f0000000a40)="$eJzs3d1rW+cZAPDnHFtZPpzZYbvIAsvCkmGHLZIdL4kZLNtgbFeBbdnF7jLPlo2xbBlLTmITNof9AYMR2kKvetWbQv+AQsldb0tLoL0vbWkpbdJe9KKNir7SxJH8QWQrWL8fHOs9H/LzvBJ6dd73vOgE0LNORcT5iHhYqVTORsRgY3vaWO4eiYj1+nEP7t+aqi5JVCpXP08iaWyrHj/y2P9sPCUORsTf/hzxr+TpuKXVtfnJQiG/3FjPlReWcqXVtXNzC5Oz+dn84vj42MWJSxMXJkY7Us+BiLj8x49f+N+rf7r85q9ufHDt05F/V9P6bWN/sx6dVq96pvZaNPVHxPJuBOuCvkZ9Mt1OBACAbWme5/88Is7GYPTVzuYAAACA/aTyu4H4JomoAAAAAPtWWpsbm6TZxjyAgUjTbLY+h/fHcTgtFEvlX84UVxan63NohyKTzswV8qONucJDkUmq62O18vfr5zesj0fEsYi4M3iotp6dKhamuz34AQAAAD3iyIb+/1eD9f4/AAAAsM8MdTsBAAAAYNfp/wMAAMD+16L//49u5AEAAADsir9cuVJdKs37X09fX12ZL14/N50vzWcXVqayU8XlpexssThb+82+ha3+X6FYXPp1LK7czJXzpXKutLp2baG4sli+NvfELbABAACAPXTsZ3ffTyJi/TeHakvVgW4nBeyJ/p0c/NHu5QHsvb5uJwB0zY6+/4F9JdPtBICuS7bY33byztudzwUAANgdwz9pff0/2XJsYD3doxSBXWL8D3qX6//Qu1z/h96Vib7QkYfetvvX/yuVHSUEAAB03EBtSdJsRG0cYCDSNJuNOFq7LUAmmZkr5Ecj4ocR8d5g5gfV9bHaM5Mt+wwAAAAAAAAAAAAAAAAAAAAAAAAAQF2lkkQFAAAA2Nci0k+Sxv2/hgfPDGwcHziQfD1Ye4yIGy9fffHmZLm8PFbd/sWj7eWXGtvPd2MEAwAAANio2U9v9uMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJMe3L811Vz2Mu5nf4iIoVbx++Ng7fFgZCLi8JdJ9D/2vCQi+joQf/12RBxvFT+pphVDjSxaxT/UxfhpRBzpQHzoZXer7c/vW33+0jhVe2z9+btYa6GeXfv2L33U/vW1aX+ObjPGiXuv59rGvx1xor91+9OMn7SJf3qb8f/597W1dvsqr0QMt/z+SZ6IlSsvLOVKq2vn5hYmZ/Oz+cXx8bGLE5cmLkyM5mbmCvnG3xYRDsT/f/rGw83qfzjutG1/N6v/mW3W/9t7N+//qF7MtIo/crr1+3+8Tfy08d33i0a5un+4WV6vlx938rV3Tka8+1a7+k+3ef23ev9Htln/s3/974fbPBQA2AOl1bX5yUIhv9zThWd6NaqnRc9FLRR2WvjP85HGc1nobrsEAAB03tN94Cd14ho7AAAAAAAAAAAAAAAAAAAAsLm9/HW9pvXuVBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYFPfBQAA//9z7Ner")
r2 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)

00:43:39 executing program 2:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
ioctl$KDSIGACCEPT(r1, 0x5607, 0x38)

[  848.963412][T30445] EXT4-fs (loop1): re-mounted. Opts: (null). Quota mode: writeback.
[  848.970266][  T347] Quota error (device loop1): free_dqentry: Quota structure has offset to other block (1) than it should (5)
00:43:39 executing program 0:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000030"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

00:43:39 executing program 0:
socketpair(0x1, 0x5, 0x0, &(0x7f0000000480)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
dup3(r0, r1, 0x0)
sendmsg$NL80211_CMD_EXTERNAL_AUTH(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x0)

00:43:39 executing program 1:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:39 executing program 0:
r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
close(r0)
socket$igmp(0x2, 0x3, 0x2)
setsockopt$MRT_ASSERT(r0, 0x0, 0xcf, &(0x7f00000007c0), 0x4)

00:43:39 executing program 2:
r0 = socket$unix(0x1, 0x5, 0x0)
bind$unix(0xffffffffffffffff, 0x0, 0x0)
ppoll(&(0x7f0000000000)=[{r0}, {}], 0x2, &(0x7f0000000140), 0x0, 0x0)

00:43:39 executing program 1:
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = open$dir(&(0x7f0000001300)='./file0\x00', 0x0, 0x0)
ioctl$FS_IOC_GET_ENCRYPTION_KEY_STATUS(r0, 0xc020662a, &(0x7f0000001400)={@id={0x2, 0x0, @c}})

00:43:39 executing program 0:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xa, 0x6, 0x6, 0x5}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000e00000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000680)={{r0}, &(0x7f0000000080), &(0x7f0000000540)}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000ac0)={&(0x7f0000000a80)='ext4_writepages\x00', r1}, 0x10)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000580)='memory.events\x00', 0x100002, 0x0)
write$cgroup_type(r2, &(0x7f0000000180), 0x2009)

[  849.028524][T30490] loop3: detected capacity change from 0 to 512
[  849.048462][T30490] EXT4-fs (loop3): Quota format mount options ignored when QUOTA feature is enabled
[  849.068204][T30490] EXT4-fs (loop3): feature flags set on rev 0 fs, running e2fsck is recommended
00:43:39 executing program 2:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000030"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

00:43:39 executing program 1:
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = openat$selinux_attr(0xffffffffffffff9c, &(0x7f0000000080)='/proc/thread-self/attr/sockcreate\x00', 0x2, 0x0)
read$char_usb(r2, 0x0, 0x0)

00:43:39 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x5, 0x8, 0x1}, 0x48)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000940)={r0, 0x0, &(0x7f0000000900)=@udp=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000300)='kfree\x00', r2}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = memfd_create(&(0x7f0000000580)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\x91\xfdy\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7U\x00\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0`\xaa8\xc7\xc8\x9d\xfdA\b\x10\x92(c\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n\x8f~\xd0\xe2y-l\xef_\xb0\x93=\xabQ\xf7 \x1d\xa1\xce\x8b\xac \xe8\x88\xdc\x02\xd7\x04\x9b\x9aL\x9f([4\x81\xf6\xb6\xdf\x16J\xab\xecC\xfe{\xfd\x8a\xa3Eo\tCv\xad\x18\xe9\xd8]B6{\xf0(\xaeW;)\x9f\x9cR\xae\x12G\xd8\xa4\a\x00\x00\x00\x00\x00\x00\x00\x94\xb6\xe8\x885\x92#\x8dE \x86[N\xa7\xd03\xa8\xb4,\x85p\xbd\x88\x02\x1d\xf3\xd5X\xa0\xa9M\xca\xc7\x8b\x8cu\xf0\x00\x00\x00\x00\x00i\xc7\xe7\xbc\xd2\x1e\xf99|\x93\xc7\x7flk\xd2\xa0\xe9\x99`\xff\xf6\xfb\xc4\x9a[\x05\\\x96<\x92\xea}\xec\xac\x17\x9f7\xc0\xa1P\xd0\xf2\x8f\xdc\xf2\xb0\vV\xf7%4_\xba\x81\x95cLW\xfcw\xe0\x97wS\x15\xe4F\xb3\x8a\x9f\b\f\x10z\x14>\x03\xf9\xb0\x95\xbd\xaaF\x02\x86.\xbf\x85\xcfo)G\xb1m\xa8\x01H\x1fO\x9d\x9a\x1b\xfd\xaaf\x96\x92\x96\x1b\xfd\x8e\x10\x8a\x9e:\xa5\x14\xb0`\x82\xd8k\xfd\xd2XNh\xd3\xa3\x03\xb1\x10d)\x11.\xe8~\x8c\x19x\x8f\x82Y\xb9\xc8W\xd1\xa8\xa6b9\xbc\x1a\xff\xc5\xdcObsvRc\x13gb\xa4\x0e~\xbb\r\xb7!\x19\x17\xd56\xec\xb5\xe3\xd2\xa3\x17i\x1c?\xcb\x85\xbe\x13\xa13\x05\x8c\xa6Z\x87\xe0\x91]Bp\xd1\xabg\xd9p\xa9)n\xc5t\x8a\xcb\x1e\xec\x92\xdco\xc1\xe2\x12\xd3\xd1\x19\b&%\xf8a&9\x1b?\f\xd8\xa8\x1a\xc8q\x17\xc2]N\x9c\x80\xb1\x13\xb3\xd6\x01\xad\xc26\x13\x93\xd0\x80$\xc8\x05\x91\x9b\xa8\x02\xc3\x87\xc9\x86^\xb8\x7f\xec\\n\x05\xbf\xd7\x15\xce\xff\x00\xe7\xd9\xc5\r\x00\x02\x00\x00\x00\x00\x00\x00\x15\xd2\xd4~\x88\x19der\xa9B\x91m=\xcd\xf7\x9f\xaa\xe7\x9f\x11\x19\xf8\xe6\x16\x7f\xa8W\xf3\xbf\xcbq\x9d\x14#\xb0}\xb4#\x10\xa3\xc8\xff\xc3\x06\xe9^7\x86\x85\xd4:\x8dQd&E\xf4F\xc7l&\x19\xe6\x95\xec\xa1\n\x9cx\x8d\xf2\xec|\xccYR\xaeZ\xd2\x84\xed0\x00\x00\x00\x00\x00\x00\x00', 0x0)
r4 = dup(r3)
pwritev2(r4, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:39 executing program 1:
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
r1 = syz_open_dev$tty1(0xc, 0x4, 0x1)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000240)=ANY=[@ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r3}, 0x10)
timer_settime(0x0, 0x0, &(0x7f0000000040)={{}, {0x0, 0x3938700}}, 0x0)
ioctl$KDSIGACCEPT(r1, 0x5607, 0x38)

[  849.126355][T30490] [EXT4 FS bs=4096, gc=1, bpg=3008, ipg=32, mo=4015e018, mo2=0000]
[  849.148143][T30490] EXT4-fs (loop3): 1 truncate cleaned up
[  849.161361][T30490] EXT4-fs (loop3): mounted filesystem without journal. Opts: nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=0x000000000000ee01,jqfmt=vfsold,noauto_da_alloc,resgid=000000000000000000032,errors=continue. Quota mode: writeback.
[  849.185773][T30490] EXT4-fs (loop3): re-mounted. Opts: (null). Quota mode: writeback.
[  849.188959][  T351] Quota error (device loop3): free_dqentry: Quota structure has offset to other block (1) than it should (5)
[  849.226329][   T20] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[  849.596351][   T20] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11
[  849.607384][   T20] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024
[  849.618419][   T20] usb 5-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00
[  849.627249][   T20] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  849.646348][T30447] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  850.566366][   T20] aiptek 5-1:17.0: Aiptek using 400 ms programming speed
[  850.573666][   T20] input: Aiptek as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:17.0/input/input365
[  850.768463][   T20] usb 5-1: USB disconnect, device number 24
00:43:41 executing program 4:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000080850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r0}, 0x10)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000380)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000030"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='ext4_request_inode\x00', r1}, 0x10)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)

00:43:41 executing program 0:
socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000080)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000040)={0x43}, 0x10)
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000002c0)={r2, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10)
sendmsg$tipc(r1, &(0x7f00000006c0)={0x0, 0x0, 0x0}, 0x0)
close(r0)

00:43:41 executing program 3:
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={<r0=>0xffffffffffffffff})
r1 = dup(r0)
getsockname$inet(r1, 0x0, &(0x7f0000000040))

00:43:41 executing program 2:
r0 = socket$inet_udplite(0x2, 0x2, 0x88)
ioctl$sock_proto_private(r0, 0x8921, &(0x7f0000000440)="36e259a63bdb55f03a")

00:43:41 executing program 1:
syz_emit_ethernet(0x4a, &(0x7f0000000440)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x33, 0x0, @remote, @local, {[], {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}}, 0x0)

00:43:41 executing program 0:
r0 = creat(&(0x7f0000000000)='./file0\x00', 0x0)
r1 = socket$unix(0x1, 0x2, 0x0)
r2 = dup2(r0, r1)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x5450, 0x0)

00:43:41 executing program 1:
r0 = syz_open_procfs(0x0, &(0x7f0000000000)='net/snmp6\x00')
write$cgroup_subtree(r0, 0x0, 0x0)

00:43:41 executing program 2:
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x12, 0x5, 0x8, 0x1}, 0x48)
r1 = socket$inet_udp(0x2, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000940)={r0, &(0x7f0000000780), &(0x7f0000000900)=@udp=r1}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x11, 0xc, &(0x7f00000001c0)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000300)='kfree\x00', r2}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r3 = memfd_create(&(0x7f0000000580)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\x91\xfdy\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7U\x00\x00\xbc\xfa2\xb3\xbb\x8d\xac\xacva}knh#\xcf)\x0f\xc8\xc0`\xaa8\xc7\xc8\x9d\xfdA\b\x10\x92(c\x10d\xee\xa9\x8b\x066\xb8G\xd1c\xe1$\xff\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n\x8f~\xd0\xe2y-l\xef_\xb0\x93=\xabQ\xf7 \x1d\xa1\xce\x8b\xac \xe8\x88\xdc\x02\xd7\x04\x9b\x9aL\x9f([4\x81\xf6\xb6\xdf\x16J\xab\xecC\xfe{\xfd\x8a\xa3Eo\tCv\xad\x18\xe9\xd8]B6{\xf0(\xaeW;)\x9f\x9cR\xae\x12G\xd8\xa4\a\x00\x00\x00\x00\x00\x00\x00\x94\xb6\xe8\x885\x92#\x8dE \x86[N\xa7\xd03\xa8\xb4,\x85p\xbd\x88\x02\x1d\xf3\xd5X\xa0\xa9M\xca\xc7\x8b\x8cu\xf0\x00\x00\x00\x00\x00i\xc7\xe7\xbc\xd2\x1e\xf99|\x93\xc7\x7flk\xd2\xa0\xe9\x99`\xff\xf6\xfb\xc4\x9a[\x05\\\x96<\x92\xea}\xec\xac\x17\x9f7\xc0\xa1P\xd0\xf2\x8f\xdc\xf2\xb0\vV\xf7%4_\xba\x81\x95cLW\xfcw\xe0\x97wS\x15\xe4F\xb3\x8a\x9f\b\f\x10z\x14>\x03\xf9\xb0\x95\xbd\xaaF\x02\x86.\xbf\x85\xcfo)G\xb1m\xa8\x01H\x1fO\x9d\x9a\x1b\xfd\xaaf\x96\x92\x96\x1b\xfd\x8e\x10\x8a\x9e:\xa5\x14\xb0`\x82\xd8k\xfd\xd2XNh\xd3\xa3\x03\xb1\x10d)\x11.\xe8~\x8c\x19x\x8f\x82Y\xb9\xc8W\xd1\xa8\xa6b9\xbc\x1a\xff\xc5\xdcObsvRc\x13gb\xa4\x0e~\xbb\r\xb7!\x19\x17\xd56\xec\xb5\xe3\xd2\xa3\x17i\x1c?\xcb\x85\xbe\x13\xa13\x05\x8c\xa6Z\x87\xe0\x91]Bp\xd1\xabg\xd9p\xa9)n\xc5t\x8a\xcb\x1e\xec\x92\xdco\xc1\xe2\x12\xd3\xd1\x19\b&%\xf8a&9\x1b?\f\xd8\xa8\x1a\xc8q\x17\xc2]N\x9c\x80\xb1\x13\xb3\xd6\x01\xad\xc26\x13\x93\xd0\x80$\xc8\x05\x91\x9b\xa8\x02\xc3\x87\xc9\x86^\xb8\x7f\xec\\n\x05\xbf\xd7\x15\xce\xff\x00\xe7\xd9\xc5\r\x00\x02\x00\x00\x00\x00\x00\x00\x15\xd2\xd4~\x88\x19der\xa9B\x91m=\xcd\xf7\x9f\xaa\xe7\x9f\x11\x19\xf8\xe6\x16\x7f\xa8W\xf3\xbf\xcbq\x9d\x14#\xb0}\xb4#\x10\xa3\xc8\xff\xc3\x06\xe9^7\x86\x85\xd4:\x8dQd&E\xf4F\xc7l&\x19\xe6\x95\xec\xa1\n\x9cx\x8d\xf2\xec|\xccYR\xaeZ\xd2\x84\xed0\x00\x00\x00\x00\x00\x00\x00', 0x0)
r4 = dup(r3)
pwritev2(r4, 0x0, 0x0, 0x0, 0x0, 0x0)

00:43:41 executing program 3:
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a99985000000"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_service_time\x00', 0x275a, 0x0)
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x1c916, &(0x7f0000000180)=ANY=[@ANYBLOB='nobarrier,noblock_validity,discard,grpquota,noinit_itable,resgid=', @ANYRESHEX=0xee01, @ANYBLOB=',jqfmt=vfsold,noauto_da_alloc,resgid=', @ANYRESDEC=r1, @ANYBLOB="3200ff97274c68d17b7c16f8461797323c26897387cd742fcba8abebd00606fa2ce467cd74", @ANYRES32=r0], 0x1b, 0x4da, &(0x7f0000000a40)="$eJzs3d1rW+cZAPDnHFtZPpzZYbvIAsvCkmGHLZIdL4kZLNtgbFeBbdnF7jLPlo2xbBlLTmITNof9AYMR2kKvetWbQv+AQsldb0tLoL0vbWkpbdJe9KKNir7SxJH8QWQrWL8fHOs9H/LzvBJ6dd73vOgE0LNORcT5iHhYqVTORsRgY3vaWO4eiYj1+nEP7t+aqi5JVCpXP08iaWyrHj/y2P9sPCUORsTf/hzxr+TpuKXVtfnJQiG/3FjPlReWcqXVtXNzC5Oz+dn84vj42MWJSxMXJkY7Us+BiLj8x49f+N+rf7r85q9ufHDt05F/V9P6bWN/sx6dVq96pvZaNPVHxPJuBOuCvkZ9Mt1OBACAbWme5/88Is7GYPTVzuYAAACA/aTyu4H4JomoAAAAAPtWWpsbm6TZxjyAgUjTbLY+h/fHcTgtFEvlX84UVxan63NohyKTzswV8qONucJDkUmq62O18vfr5zesj0fEsYi4M3iotp6dKhamuz34AQAAAD3iyIb+/1eD9f4/AAAAsM8MdTsBAAAAYNfp/wMAAMD+16L//49u5AEAAADsir9cuVJdKs37X09fX12ZL14/N50vzWcXVqayU8XlpexssThb+82+ha3+X6FYXPp1LK7czJXzpXKutLp2baG4sli+NvfELbABAACAPXTsZ3ffTyJi/TeHakvVgW4nBeyJ/p0c/NHu5QHsvb5uJwB0zY6+/4F9JdPtBICuS7bY33byztudzwUAANgdwz9pff0/2XJsYD3doxSBXWL8D3qX6//Qu1z/h96Vib7QkYfetvvX/yuVHSUEAAB03EBtSdJsRG0cYCDSNJuNOFq7LUAmmZkr5Ecj4ocR8d5g5gfV9bHaM5Mt+wwAAAAAAAAAAAAAAAAAAAAAAAAAQF2lkkQFAAAA2Nci0k+Sxv2/hgfPDGwcHziQfD1Ye4yIGy9fffHmZLm8PFbd/sWj7eWXGtvPd2MEAwAAANio2U9v9uMBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoJMe3L811Vz2Mu5nf4iIoVbx++Ng7fFgZCLi8JdJ9D/2vCQi+joQf/12RBxvFT+pphVDjSxaxT/UxfhpRBzpQHzoZXer7c/vW33+0jhVe2z9+btYa6GeXfv2L33U/vW1aX+ObjPGiXuv59rGvx1xor91+9OMn7SJf3qb8f/597W1dvsqr0QMt/z+SZ6IlSsvLOVKq2vn5hYmZ/Oz+cXx8bGLE5cmLkyM5mbmCvnG3xYRDsT/f/rGw83qfzjutG1/N6v/mW3W/9t7N+//qF7MtIo/crr1+3+8Tfy08d33i0a5un+4WV6vlx938rV3Tka8+1a7+k+3ef23ev9Htln/s3/974fbPBQA2AOl1bX5yUIhv9zThWd6NaqnRc9FLRR2WvjP85HGc1nobrsEAAB03tN94Cd14ho7AAAAAAAAAAAAAAAAAAAAsLm9/HW9pvXuVBUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAYFPfBQAA//9z7Ner")
r2 = fspick(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r2, 0x7, 0x0, 0x0, 0x0)

[  851.313551][T30535] loop3: detected capacity change from 0 to 512
[  951.326258][    C1] rcu: INFO: rcu_preempt self-detected stall on CPU
[  951.332671][    C1] rcu: 	1-...!: (10000 ticks this GP) idle=36b/1/0x4000000000000000 softirq=191505/191515 fqs=0 last_accelerate: d70a/fe20 dyntick_enabled: 1
[  951.346909][    C1] 	(t=10002 jiffies g=166249 q=260)
[  951.351934][    C1] rcu: rcu_preempt kthread timer wakeup didn't happen for 10001 jiffies! g166249 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
[  951.364172][    C1] rcu: 	Possible timer handling issue on cpu=1 timer-softirq=47831
[  951.371894][    C1] rcu: rcu_preempt kthread starved for 10004 jiffies! g166249 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1
[  951.383294][    C1] rcu: 	Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
[  951.393102][    C1] rcu: RCU grace-period kthread stack dump:
[  951.398829][    C1] task:rcu_preempt     state:I stack:28288 pid:   14 ppid:     2 flags:0x00004000
[  951.407857][    C1] Call Trace:
[  951.410980][    C1]  <TASK>
[  951.413768][    C1]  __schedule+0xccc/0x1590
[  951.418010][    C1]  ? __sched_text_start+0x8/0x8
[  951.422697][    C1]  schedule+0x11f/0x1e0
[  951.426692][    C1]  schedule_timeout+0x18c/0x370
[  951.431375][    C1]  ? _raw_spin_unlock_irq+0x4e/0x70
[  951.436409][    C1]  ? console_conditional_schedule+0x30/0x30
[  951.442140][    C1]  ? update_process_times+0x200/0x200
[  951.447345][    C1]  ? prepare_to_swait_event+0x308/0x320
[  951.452728][    C1]  rcu_gp_fqs_loop+0x2af/0xf80
[  951.457329][    C1]  ? debug_smp_processor_id+0x17/0x20
[  951.462533][    C1]  ? __note_gp_changes+0x4ab/0x920
[  951.467481][    C1]  ? rcu_gp_init+0xc30/0xc30
[  951.471908][    C1]  ? _raw_spin_unlock_irq+0x4e/0x70
[  951.476941][    C1]  ? rcu_gp_init+0x9cf/0xc30
[  951.481368][    C1]  rcu_gp_kthread+0xa4/0x350
[  951.485795][    C1]  ? _raw_spin_lock+0x1b0/0x1b0
[  951.490479][    C1]  ? rcu_barrier_callback+0x50/0x50
[  951.495515][    C1]  ? __kasan_check_read+0x11/0x20
[  951.500376][    C1]  ? __kthread_parkme+0xb2/0x200
[  951.505148][    C1]  kthread+0x421/0x510
[  951.509054][    C1]  ? rcu_barrier_callback+0x50/0x50
[  951.514085][    C1]  ? kthread_blkcg+0xd0/0xd0
[  951.518515][    C1]  ret_from_fork+0x1f/0x30
[  951.522770][    C1]  </TASK>
[  951.525632][    C1] rcu: Stack dump where RCU GP kthread last ran:
[  951.531794][    C1] NMI backtrace for cpu 1
[  951.535960][    C1] CPU: 1 PID: 89 Comm: klogd Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  951.545071][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[  951.554967][    C1] Call Trace:
[  951.558091][    C1]  <IRQ>
[  951.560780][    C1]  dump_stack_lvl+0x151/0x1b7
[  951.565294][    C1]  ? io_uring_drop_tctx_refs+0x190/0x190
[  951.570766][    C1]  dump_stack+0x15/0x17
[  951.574753][    C1]  nmi_cpu_backtrace+0x2f7/0x300
[  951.579530][    C1]  ? nmi_trigger_cpumask_backtrace+0x270/0x270
[  951.585870][    C1]  ? panic+0x751/0x751
[  951.589777][    C1]  ? arch_trigger_cpumask_backtrace+0x20/0x20
[  951.595678][    C1]  nmi_trigger_cpumask_backtrace+0x15d/0x270
[  951.601496][    C1]  ? arch_trigger_cpumask_backtrace+0x20/0x20
[  951.607395][    C1]  arch_trigger_cpumask_backtrace+0x10/0x20
[  951.613122][    C1]  rcu_check_gp_kthread_starvation+0x1e3/0x250
[  951.619115][    C1]  ? rcu_check_gp_kthread_expired_fqs_timer+0x18e/0x230
[  951.625882][    C1]  print_cpu_stall+0x310/0x5f0
[  951.630484][    C1]  rcu_sched_clock_irq+0x989/0x12f0
[  951.635516][    C1]  ? rcu_boost_kthread_setaffinity+0x340/0x340
[  951.641513][    C1]  ? hrtimer_run_queues+0x15f/0x440
[  951.646538][    C1]  update_process_times+0x198/0x200
[  951.651575][    C1]  tick_sched_timer+0x188/0x240
[  951.656264][    C1]  ? tick_setup_sched_timer+0x480/0x480
[  951.661641][    C1]  __hrtimer_run_queues+0x41a/0xad0
[  951.666678][    C1]  ? hrtimer_interrupt+0xaa0/0xaa0
[  951.671621][    C1]  ? clockevents_program_event+0x22f/0x300
[  951.677261][    C1]  ? ktime_get_update_offsets_now+0x2ba/0x2d0
[  951.685778][    C1]  hrtimer_interrupt+0x40c/0xaa0
[  951.690552][    C1]  __sysvec_apic_timer_interrupt+0xfd/0x3c0
[  951.696278][    C1]  sysvec_apic_timer_interrupt+0x95/0xc0
[  951.701747][    C1]  </IRQ>
[  951.704520][    C1]  <TASK>
[  951.707300][    C1]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[  951.713113][    C1] RIP: 0010:kvm_wait+0x147/0x180
[  951.717888][    C1] Code: 4c 89 e8 48 c1 e8 03 42 0f b6 04 20 84 c0 44 8b 74 24 1c 75 34 41 0f b6 45 00 44 38 f0 75 10 66 90 0f 00 2d 5b 03 f3 03 fb f4 <e9> 24 ff ff ff fb e9 1e ff ff ff 44 89 e9 80 e1 07 38 c1 7c a3 4c
[  951.737331][    C1] RSP: 0018:ffffc90000997440 EFLAGS: 00000246
[  951.743231][    C1] RAX: 0000000000000003 RBX: 1ffff92000132e8c RCX: ffffffff8154f88f
[  951.751042][    C1] RDX: dffffc0000000000 RSI: 0000000000000003 RDI: ffff888125df9668
[  951.758855][    C1] RBP: ffffc900009974f0 R08: dffffc0000000000 R09: ffffed1024bbf2ce
[  951.766666][    C1] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[  951.774476][    C1] R13: ffff888125df9668 R14: 0000000000000003 R15: 1ffff92000132e90
[  951.784114][    C1]  ? __pv_queued_spin_lock_slowpath+0x65f/0xc40
[  951.790187][    C1]  ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[  951.796174][    C1]  ? kvm_arch_para_hints+0x30/0x30
[  951.801122][    C1]  ? __pv_queued_spin_lock_slowpath+0x65f/0xc40
[  951.807197][    C1]  __pv_queued_spin_lock_slowpath+0x6bc/0xc40
[  951.813100][    C1]  ? __pv_queued_spin_unlock_slowpath+0x310/0x310
[  951.819350][    C1]  _raw_spin_lock_bh+0x139/0x1b0
[  951.824122][    C1]  ? _raw_spin_lock_irq+0x1b0/0x1b0
[  951.829155][    C1]  ? sock_hash_bucket_hash+0x36d/0x7e0
[  951.834450][    C1]  sock_hash_delete_elem+0xb1/0x2f0
[  951.839483][    C1]  ? sock_map_unref+0x352/0x4d0
[  951.844170][    C1]  bpf_prog_2c29ac5cdc6b1842+0x3a/0x3ec
[  951.849551][    C1]  bpf_trace_run2+0xec/0x210
[  951.853978][    C1]  ? bpf_trace_run1+0x1c0/0x1c0
[  951.858664][    C1]  ? sock_map_unref+0x352/0x4d0
[  951.863350][    C1]  ? desc_read+0x1bb/0x420
[  951.867605][    C1]  ? sock_map_unref+0x352/0x4d0
[  951.872290][    C1]  __bpf_trace_kfree+0x6f/0x90
[  951.876890][    C1]  ? sock_map_unref+0x352/0x4d0
[  951.882184][    C1]  kfree+0x1f3/0x220
[  951.885917][    C1]  sock_map_unref+0x352/0x4d0
[  951.890433][    C1]  sock_hash_delete_elem+0x274/0x2f0
[  951.895549][    C1]  ? syslog_print+0x8fe/0x990
[  951.900061][    C1]  bpf_prog_2c29ac5cdc6b1842+0x3a/0x3ec
[  951.905443][    C1]  bpf_trace_run2+0xec/0x210
[  951.909870][    C1]  ? __kasan_check_write+0x14/0x20
[  951.914818][    C1]  ? bpf_trace_run1+0x1c0/0x1c0
[  951.919503][    C1]  ? syslog_print+0x8fe/0x990
[  951.924018][    C1]  ? syslog_print+0x8fe/0x990
[  951.928532][    C1]  __bpf_trace_kfree+0x6f/0x90
[  951.933130][    C1]  ? syslog_print+0x8fe/0x990
[  951.937644][    C1]  kfree+0x1f3/0x220
[  951.941374][    C1]  ? __kasan_check_read+0x11/0x20
[  951.946238][    C1]  syslog_print+0x8fe/0x990
[  951.950577][    C1]  ? do_syslog+0x830/0x830
[  951.954830][    C1]  ? avc_has_perm_noaudit+0x430/0x430
[  951.960037][    C1]  ? cap_capable+0x1d2/0x270
[  951.964466][    C1]  ? security_socket_sendmsg+0x82/0xb0
[  951.969758][    C1]  ? io_schedule+0x120/0x120
[  951.974185][    C1]  do_syslog+0x340/0x830
[  951.978263][    C1]  ? devkmsg_release+0x130/0x130
[  951.983037][    C1]  ? sched_clock+0x9/0x10
[  951.987206][    C1]  ? debug_smp_processor_id+0x17/0x20
[  951.992407][    C1]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  951.998311][    C1]  __x64_sys_syslog+0x7c/0x90
[  952.002823][    C1]  do_syscall_64+0x3d/0xb0
[  952.007080][    C1]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[  952.012718][    C1]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  952.018447][    C1] RIP: 0033:0x7f5476243fa7
[  952.022702][    C1] Code: 73 01 c3 48 8b 0d 81 ce 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 67 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 51 ce 0c 00 f7 d8 64 89 01 48
[  952.042148][    C1] RSP: 002b:00007ffdfad07e78 EFLAGS: 00000206 ORIG_RAX: 0000000000000067
[  952.050388][    C1] RAX: ffffffffffffffda RBX: 00007f54763e24a0 RCX: 00007f5476243fa7
[  952.058198][    C1] RDX: 00000000000003ff RSI: 00007f54763e24a0 RDI: 0000000000000002
[  952.066009][    C1] RBP: 0000000000000000 R08: 0000000000000007 R09: a207e698a3e49b2d
[  952.073823][    C1] R10: 0000000000004000 R11: 0000000000000206 R12: 00007f54763e24a0
[  952.081729][    C1] R13: 00007f54763d2212 R14: 00007f54763e24e4 R15: 00007f54763e24e4
[  952.089532][    C1]  </TASK>
[  952.092413][    C1] Sending NMI from CPU 1 to CPUs 0:
[  952.097455][    C0] NMI backtrace for cpu 0
[  952.097465][    C0] CPU: 0 PID: 30537 Comm: syz-executor.2 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  952.097482][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[  952.097491][    C0] RIP: 0010:kvm_wait+0x147/0x180
[  952.097513][    C0] Code: 4c 89 e8 48 c1 e8 03 42 0f b6 04 20 84 c0 44 8b 74 24 1c 75 34 41 0f b6 45 00 44 38 f0 75 10 66 90 0f 00 2d 5b 03 f3 03 fb f4 <e9> 24 ff ff ff fb e9 1e ff ff ff 44 89 e9 80 e1 07 38 c1 7c a3 4c
[  952.097526][    C0] RSP: 0018:ffffc90000a47400 EFLAGS: 00000246
[  952.097540][    C0] RAX: 0000000000000001 RBX: 1ffff92000148e84 RCX: 1ffffffff0d1aa9c
[  952.097552][    C0] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffff8881f7037ed4
[  952.097563][    C0] RBP: ffffc90000a474b0 R08: dffffc0000000000 R09: ffffed103ee06fdb
[  952.097574][    C0] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[  952.097585][    C0] R13: ffff8881f7037ed4 R14: 0000000000000001 R15: 1ffff92000148e88
[  952.097596][    C0] FS:  00007f6845be96c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[  952.097610][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  952.097622][    C0] CR2: 0000001b2f421000 CR3: 0000000114e0f000 CR4: 00000000003506b0
[  952.097636][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[  952.097645][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[  952.097655][    C0] Call Trace:
[  952.097660][    C0]  <NMI>
[  952.097666][    C0]  ? show_regs+0x58/0x60
[  952.097749][    C0]  ? nmi_cpu_backtrace+0x29f/0x300
[  952.097768][    C0]  ? nmi_trigger_cpumask_backtrace+0x270/0x270
[  952.097786][    C0]  ? kvm_wait+0x147/0x180
[  952.097799][    C0]  ? kvm_wait+0x147/0x180
[  952.097813][    C0]  ? nmi_cpu_backtrace_handler+0xc/0x20
[  952.097830][    C0]  ? nmi_handle+0xa8/0x280
[  952.097845][    C0]  ? kvm_wait+0x147/0x180
[  952.097859][    C0]  ? default_do_nmi+0x69/0x160
[  952.097875][    C0]  ? exc_nmi+0xaf/0x120
[  952.097889][    C0]  ? end_repeat_nmi+0x16/0x31
[  952.097905][    C0]  ? kvm_wait+0x147/0x180
[  952.097919][    C0]  ? kvm_wait+0x147/0x180
[  952.097932][    C0]  ? kvm_wait+0x147/0x180
[  952.097946][    C0]  </NMI>
[  952.097951][    C0]  <TASK>
[  952.097955][    C0]  ? _raw_spin_unlock+0x4d/0x70
[  952.097972][    C0]  ? kvm_arch_para_hints+0x30/0x30
[  952.097988][    C0]  __pv_queued_spin_lock_slowpath+0x41b/0xc40
[  952.098008][    C0]  ? __pv_queued_spin_unlock_slowpath+0x310/0x310
[  952.098026][    C0]  ? cgroup_freezing+0x88/0xb0
[  952.098059][    C0]  _raw_spin_lock_bh+0x139/0x1b0
[  952.098075][    C0]  ? _raw_spin_lock_irq+0x1b0/0x1b0
[  952.098091][    C0]  ? sock_hash_bucket_hash+0x36d/0x7e0
[  952.098110][    C0]  sock_hash_delete_elem+0xb1/0x2f0
[  952.098126][    C0]  ? security_compute_sid+0x1d7d/0x1f40
[  952.098185][    C0]  bpf_prog_2c29ac5cdc6b1842+0x3a/0x3ec
[  952.098198][    C0]  bpf_trace_run2+0xec/0x210
[  952.098214][    C0]  ? context_to_sid+0x5a8/0x600
[  952.098230][    C0]  ? bpf_trace_run1+0x1c0/0x1c0
[  952.098246][    C0]  ? security_compute_sid+0x1d7d/0x1f40
[  952.098261][    C0]  ? security_compute_sid+0x1d7d/0x1f40
[  952.098275][    C0]  __bpf_trace_kfree+0x6f/0x90
[  952.098290][    C0]  ? security_compute_sid+0x1d7d/0x1f40
[  952.098304][    C0]  kfree+0x1f3/0x220
[  952.098320][    C0]  ? policydb_context_isvalid+0x1de/0x430
[  952.098338][    C0]  security_compute_sid+0x1d7d/0x1f40
[  952.098358][    C0]  ? security_transition_sid+0x90/0x90
[  952.098374][    C0]  ? __kasan_slab_alloc+0xc3/0xe0
[  952.098388][    C0]  ? __kasan_slab_alloc+0xb1/0xe0
[  952.098401][    C0]  ? slab_post_alloc_hook+0x53/0x2c0
[  952.098416][    C0]  ? kmem_cache_alloc+0xf5/0x200
[  952.098431][    C0]  ? __d_alloc+0x2d/0x6c0
[  952.098446][    C0]  ? d_alloc_pseudo+0x1d/0x70
[  952.098459][    C0]  ? alloc_file_pseudo+0x131/0x2f0
[  952.098474][    C0]  ? __shmem_file_setup+0x1d6/0x2a0
[  952.098488][    C0]  ? shmem_file_setup+0x2f/0x40
[  952.098501][    C0]  ? __se_sys_memfd_create+0x1e1/0x3e0
[  952.098517][    C0]  ? __x64_sys_memfd_create+0x5b/0x70
[  952.098532][    C0]  ? do_syscall_64+0x3d/0xb0
[  952.098546][    C0]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  952.098566][    C0]  ? __kasan_check_write+0x14/0x20
[  952.098581][    C0]  ? _raw_spin_lock+0xa4/0x1b0
[  952.098596][    C0]  ? _raw_spin_trylock_bh+0x190/0x190
[  952.098612][    C0]  security_transition_sid+0x7d/0x90
[  952.098628][    C0]  inode_doinit_with_dentry+0x61b/0x1070
[  952.098646][    C0]  ? sb_finish_set_opts+0xa90/0xa90
[  952.098661][    C0]  ? __d_alloc+0x19b/0x6c0
[  952.098675][    C0]  ? d_set_d_op+0xff/0x390
[  952.098689][    C0]  selinux_d_instantiate+0x27/0x40
[  952.098719][    C0]  security_d_instantiate+0x9f/0x100
[  952.098734][    C0]  d_instantiate+0x55/0x90
[  952.098748][    C0]  alloc_file_pseudo+0x248/0x2f0
[  952.098770][    C0]  ? alloc_empty_file_noaccount+0x80/0x80
[  952.098787][    C0]  ? __kasan_check_write+0x14/0x20
[  952.098801][    C0]  ? clear_nlink+0x89/0xe0
[  952.098817][    C0]  __shmem_file_setup+0x1d6/0x2a0
[  952.098831][    C0]  shmem_file_setup+0x2f/0x40
[  952.098845][    C0]  __se_sys_memfd_create+0x1e1/0x3e0
[  952.098861][    C0]  __x64_sys_memfd_create+0x5b/0x70
[  952.098877][    C0]  do_syscall_64+0x3d/0xb0
[  952.098897][    C0]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  952.098922][    C0] RIP: 0033:0x7f6846e75e69
[  952.098947][    C0] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[  952.098960][    C0] RSP: 002b:00007f6845be90c8 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[  952.098983][    C0] RAX: ffffffffffffffda RBX: 00007f6846fa3f80 RCX: 00007f6846e75e69
[  952.098999][    C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000580
[  952.099009][    C0] RBP: 00007f6846ec247a R08: 0000000000000000 R09: 0000000000000000
[  952.099019][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  952.099029][    C0] R13: 000000000000000b R14: 00007f6846fa3f80 R15: 00007fff1371de08
[  952.099043][    C0]  </TASK>
[  952.099442][    C1] NMI backtrace for cpu 1
[  952.679604][    C1] CPU: 1 PID: 89 Comm: klogd Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[  952.688708][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[  952.698606][    C1] Call Trace:
[  952.701732][    C1]  <IRQ>
[  952.704422][    C1]  dump_stack_lvl+0x151/0x1b7
[  952.708954][    C1]  ? io_uring_drop_tctx_refs+0x190/0x190
[  952.714398][    C1]  ? cpumask_next+0x8a/0xb0
[  952.718742][    C1]  dump_stack+0x15/0x17
[  952.722731][    C1]  nmi_cpu_backtrace+0x2f7/0x300
[  952.727529][    C1]  ? init_x2apic_ldr+0x10/0x10
[  952.732115][    C1]  ? nmi_trigger_cpumask_backtrace+0x270/0x270
[  952.738092][    C1]  ? irq_work_queue+0xd4/0x160
[  952.742694][    C1]  ? arch_trigger_cpumask_backtrace+0x20/0x20
[  952.748595][    C1]  nmi_trigger_cpumask_backtrace+0x15d/0x270
[  952.754419][    C1]  ? arch_trigger_cpumask_backtrace+0x20/0x20
[  952.760313][    C1]  arch_trigger_cpumask_backtrace+0x10/0x20
[  952.766038][    C1]  rcu_dump_cpu_stacks+0x1d8/0x330
[  952.770995][    C1]  print_cpu_stall+0x315/0x5f0
[  952.775588][    C1]  rcu_sched_clock_irq+0x989/0x12f0
[  952.780625][    C1]  ? rcu_boost_kthread_setaffinity+0x340/0x340
[  952.786613][    C1]  ? hrtimer_run_queues+0x15f/0x440
[  952.791648][    C1]  update_process_times+0x198/0x200
[  952.796679][    C1]  tick_sched_timer+0x188/0x240
[  952.801377][    C1]  ? tick_setup_sched_timer+0x480/0x480
[  952.806746][    C1]  __hrtimer_run_queues+0x41a/0xad0
[  952.811781][    C1]  ? hrtimer_interrupt+0xaa0/0xaa0
[  952.816731][    C1]  ? clockevents_program_event+0x22f/0x300
[  952.822366][    C1]  ? ktime_get_update_offsets_now+0x2ba/0x2d0
[  952.828269][    C1]  hrtimer_interrupt+0x40c/0xaa0
[  952.833047][    C1]  __sysvec_apic_timer_interrupt+0xfd/0x3c0
[  952.838776][    C1]  sysvec_apic_timer_interrupt+0x95/0xc0
[  952.844239][    C1]  </IRQ>
[  952.847017][    C1]  <TASK>
[  952.849795][    C1]  asm_sysvec_apic_timer_interrupt+0x1b/0x20
[  952.855619][    C1] RIP: 0010:kvm_wait+0x147/0x180
[  952.860399][    C1] Code: 4c 89 e8 48 c1 e8 03 42 0f b6 04 20 84 c0 44 8b 74 24 1c 75 34 41 0f b6 45 00 44 38 f0 75 10 66 90 0f 00 2d 5b 03 f3 03 fb f4 <e9> 24 ff ff ff fb e9 1e ff ff ff 44 89 e9 80 e1 07 38 c1 7c a3 4c
[  952.880477][    C1] RSP: 0018:ffffc90000997440 EFLAGS: 00000246
[  952.886455][    C1] RAX: 0000000000000003 RBX: 1ffff92000132e8c RCX: ffffffff8154f88f
[  952.894269][    C1] RDX: dffffc0000000000 RSI: 0000000000000003 RDI: ffff888125df9668
[  952.902251][    C1] RBP: ffffc900009974f0 R08: dffffc0000000000 R09: ffffed1024bbf2ce
[  952.911964][    C1] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[  952.919772][    C1] R13: ffff888125df9668 R14: 0000000000000003 R15: 1ffff92000132e90
[  952.927594][    C1]  ? __pv_queued_spin_lock_slowpath+0x65f/0xc40
[  952.933662][    C1]  ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[  952.939648][    C1]  ? kvm_arch_para_hints+0x30/0x30
[  952.944595][    C1]  ? __pv_queued_spin_lock_slowpath+0x65f/0xc40
[  952.950672][    C1]  __pv_queued_spin_lock_slowpath+0x6bc/0xc40
[  952.956574][    C1]  ? __pv_queued_spin_unlock_slowpath+0x310/0x310
[  952.962823][    C1]  _raw_spin_lock_bh+0x139/0x1b0
[  952.967594][    C1]  ? _raw_spin_lock_irq+0x1b0/0x1b0
[  952.972628][    C1]  ? sock_hash_bucket_hash+0x36d/0x7e0
[  952.977925][    C1]  sock_hash_delete_elem+0xb1/0x2f0
[  952.982964][    C1]  ? sock_map_unref+0x352/0x4d0
[  952.987645][    C1]  bpf_prog_2c29ac5cdc6b1842+0x3a/0x3ec
[  952.993023][    C1]  bpf_trace_run2+0xec/0x210
[  952.997454][    C1]  ? bpf_trace_run1+0x1c0/0x1c0
[  953.002137][    C1]  ? sock_map_unref+0x352/0x4d0
[  953.006825][    C1]  ? desc_read+0x1bb/0x420
[  953.011083][    C1]  ? sock_map_unref+0x352/0x4d0
[  953.015765][    C1]  __bpf_trace_kfree+0x6f/0x90
[  953.020522][    C1]  ? sock_map_unref+0x352/0x4d0
[  953.025169][    C1]  kfree+0x1f3/0x220
[  953.028902][    C1]  sock_map_unref+0x352/0x4d0
[  953.033415][    C1]  sock_hash_delete_elem+0x274/0x2f0
[  953.038536][    C1]  ? syslog_print+0x8fe/0x990
[  953.043048][    C1]  bpf_prog_2c29ac5cdc6b1842+0x3a/0x3ec
[  953.048428][    C1]  bpf_trace_run2+0xec/0x210
[  953.052855][    C1]  ? __kasan_check_write+0x14/0x20
[  953.057804][    C1]  ? bpf_trace_run1+0x1c0/0x1c0
[  953.062490][    C1]  ? syslog_print+0x8fe/0x990
[  953.067006][    C1]  ? syslog_print+0x8fe/0x990
[  953.071645][    C1]  __bpf_trace_kfree+0x6f/0x90
[  953.076348][    C1]  ? syslog_print+0x8fe/0x990
[  953.081147][    C1]  kfree+0x1f3/0x220
[  953.084851][    C1]  ? __kasan_check_read+0x11/0x20
[  953.089799][    C1]  syslog_print+0x8fe/0x990
[  953.094138][    C1]  ? do_syslog+0x830/0x830
[  953.098390][    C1]  ? avc_has_perm_noaudit+0x430/0x430
[  953.103598][    C1]  ? cap_capable+0x1d2/0x270
[  953.108024][    C1]  ? security_socket_sendmsg+0x82/0xb0
[  953.113319][    C1]  ? io_schedule+0x120/0x120
[  953.117747][    C1]  do_syslog+0x340/0x830
[  953.121825][    C1]  ? devkmsg_release+0x130/0x130
[  953.126599][    C1]  ? sched_clock+0x9/0x10
[  953.130763][    C1]  ? debug_smp_processor_id+0x17/0x20
[  953.135970][    C1]  ? fpregs_assert_state_consistent+0xb6/0xe0
[  953.141875][    C1]  __x64_sys_syslog+0x7c/0x90
[  953.146385][    C1]  do_syscall_64+0x3d/0xb0
[  953.150640][    C1]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[  953.156282][    C1]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[  953.162006][    C1] RIP: 0033:0x7f5476243fa7
[  953.166267][    C1] Code: 73 01 c3 48 8b 0d 81 ce 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 67 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 51 ce 0c 00 f7 d8 64 89 01 48
[  953.186221][    C1] RSP: 002b:00007ffdfad07e78 EFLAGS: 00000206 ORIG_RAX: 0000000000000067
[  953.194470][    C1] RAX: ffffffffffffffda RBX: 00007f54763e24a0 RCX: 00007f5476243fa7
[  953.202283][    C1] RDX: 00000000000003ff RSI: 00007f54763e24a0 RDI: 0000000000000002
[  953.210094][    C1] RBP: 0000000000000000 R08: 0000000000000007 R09: a207e698a3e49b2d
[  953.217901][    C1] R10: 0000000000004000 R11: 0000000000000206 R12: 00007f54763e24a0
[  953.225710][    C1] R13: 00007f54763d2212 R14: 00007f54763e24e4 R15: 00007f54763e24e4
[  953.233528][    C1]  </TASK>
[ 1101.029315][    C0] watchdog: BUG: soft lockup - CPU#0 stuck for 246s! [syz-executor.2:30537]
[ 1101.037808][    C0] Modules linked in:
[ 1101.041541][    C0] CPU: 0 PID: 30537 Comm: syz-executor.2 Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 1101.051697][    C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 1101.061676][    C0] RIP: 0010:kvm_wait+0x147/0x180
[ 1101.066450][    C0] Code: 4c 89 e8 48 c1 e8 03 42 0f b6 04 20 84 c0 44 8b 74 24 1c 75 34 41 0f b6 45 00 44 38 f0 75 10 66 90 0f 00 2d 5b 03 f3 03 fb f4 <e9> 24 ff ff ff fb e9 1e ff ff ff 44 89 e9 80 e1 07 38 c1 7c a3 4c
[ 1101.086241][    C0] RSP: 0018:ffffc90000a47400 EFLAGS: 00000246
[ 1101.092138][    C0] RAX: 0000000000000001 RBX: 1ffff92000148e84 RCX: 1ffffffff0d1aa9c
[ 1101.099952][    C0] RDX: 0000000000000001 RSI: 0000000000000001 RDI: ffff8881f7037ed4
[ 1101.107762][    C0] RBP: ffffc90000a474b0 R08: dffffc0000000000 R09: ffffed103ee06fdb
[ 1101.115572][    C0] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[ 1101.123384][    C0] R13: ffff8881f7037ed4 R14: 0000000000000001 R15: 1ffff92000148e88
[ 1101.131197][    C0] FS:  00007f6845be96c0(0000) GS:ffff8881f7000000(0000) knlGS:0000000000000000
[ 1101.139960][    C0] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1101.146385][    C0] CR2: 0000001b2f421000 CR3: 0000000114e0f000 CR4: 00000000003506b0
[ 1101.154196][    C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1101.162006][    C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1101.169819][    C0] Call Trace:
[ 1101.172947][    C0]  <IRQ>
[ 1101.175635][    C0]  ? show_regs+0x58/0x60
[ 1101.179711][    C0]  ? watchdog_timer_fn+0x4b1/0x5f0
[ 1101.184666][    C0]  ? proc_watchdog_cpumask+0xd0/0xd0
[ 1101.189782][    C0]  ? __hrtimer_run_queues+0x41a/0xad0
[ 1101.194988][    C0]  ? hrtimer_interrupt+0xaa0/0xaa0
[ 1101.199932][    C0]  ? clockevents_program_event+0x22f/0x300
[ 1101.205574][    C0]  ? ktime_get_update_offsets_now+0x2ba/0x2d0
[ 1101.211478][    C0]  ? hrtimer_interrupt+0x40c/0xaa0
[ 1101.216445][    C0]  ? __sysvec_apic_timer_interrupt+0xfd/0x3c0
[ 1101.222329][    C0]  ? sysvec_apic_timer_interrupt+0x95/0xc0
[ 1101.227967][    C0]  </IRQ>
[ 1101.230744][    C0]  <TASK>
[ 1101.233525][    C0]  ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 1101.239515][    C0]  ? kvm_wait+0x147/0x180
[ 1101.243678][    C0]  ? _raw_spin_unlock+0x4d/0x70
[ 1101.248373][    C0]  ? kvm_arch_para_hints+0x30/0x30
[ 1101.253313][    C0]  __pv_queued_spin_lock_slowpath+0x41b/0xc40
[ 1101.259301][    C0]  ? __pv_queued_spin_unlock_slowpath+0x310/0x310
[ 1101.265548][    C0]  ? cgroup_freezing+0x88/0xb0
[ 1101.270151][    C0]  _raw_spin_lock_bh+0x139/0x1b0
[ 1101.274923][    C0]  ? _raw_spin_lock_irq+0x1b0/0x1b0
[ 1101.279958][    C0]  ? sock_hash_bucket_hash+0x36d/0x7e0
[ 1101.285250][    C0]  sock_hash_delete_elem+0xb1/0x2f0
[ 1101.290285][    C0]  ? security_compute_sid+0x1d7d/0x1f40
[ 1101.295666][    C0]  bpf_prog_2c29ac5cdc6b1842+0x3a/0x3ec
[ 1101.301049][    C0]  bpf_trace_run2+0xec/0x210
[ 1101.305470][    C0]  ? context_to_sid+0x5a8/0x600
[ 1101.310160][    C0]  ? bpf_trace_run1+0x1c0/0x1c0
[ 1101.314845][    C0]  ? security_compute_sid+0x1d7d/0x1f40
[ 1101.320228][    C0]  ? security_compute_sid+0x1d7d/0x1f40
[ 1101.325607][    C0]  __bpf_trace_kfree+0x6f/0x90
[ 1101.330209][    C0]  ? security_compute_sid+0x1d7d/0x1f40
[ 1101.335588][    C0]  kfree+0x1f3/0x220
[ 1101.339320][    C0]  ? policydb_context_isvalid+0x1de/0x430
[ 1101.344877][    C0]  security_compute_sid+0x1d7d/0x1f40
[ 1101.350086][    C0]  ? security_transition_sid+0x90/0x90
[ 1101.355378][    C0]  ? __kasan_slab_alloc+0xc3/0xe0
[ 1101.360237][    C0]  ? __kasan_slab_alloc+0xb1/0xe0
[ 1101.365096][    C0]  ? slab_post_alloc_hook+0x53/0x2c0
[ 1101.370218][    C0]  ? kmem_cache_alloc+0xf5/0x200
[ 1101.374991][    C0]  ? __d_alloc+0x2d/0x6c0
[ 1101.379161][    C0]  ? d_alloc_pseudo+0x1d/0x70
[ 1101.383669][    C0]  ? alloc_file_pseudo+0x131/0x2f0
[ 1101.388618][    C0]  ? __shmem_file_setup+0x1d6/0x2a0
[ 1101.393654][    C0]  ? shmem_file_setup+0x2f/0x40
[ 1101.398340][    C0]  ? __se_sys_memfd_create+0x1e1/0x3e0
[ 1101.403635][    C0]  ? __x64_sys_memfd_create+0x5b/0x70
[ 1101.408839][    C0]  ? do_syscall_64+0x3d/0xb0
[ 1101.413267][    C0]  ? entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1101.419171][    C0]  ? __kasan_check_write+0x14/0x20
[ 1101.424115][    C0]  ? _raw_spin_lock+0xa4/0x1b0
[ 1101.428715][    C0]  ? _raw_spin_trylock_bh+0x190/0x190
[ 1101.433925][    C0]  security_transition_sid+0x7d/0x90
[ 1101.439044][    C0]  inode_doinit_with_dentry+0x61b/0x1070
[ 1101.444511][    C0]  ? sb_finish_set_opts+0xa90/0xa90
[ 1101.449547][    C0]  ? __d_alloc+0x19b/0x6c0
[ 1101.453905][    C0]  ? d_set_d_op+0xff/0x390
[ 1101.458163][    C0]  selinux_d_instantiate+0x27/0x40
[ 1101.463130][    C0]  security_d_instantiate+0x9f/0x100
[ 1101.468247][    C0]  d_instantiate+0x55/0x90
[ 1101.472586][    C0]  alloc_file_pseudo+0x248/0x2f0
[ 1101.477340][    C0]  ? alloc_empty_file_noaccount+0x80/0x80
[ 1101.482892][    C0]  ? __kasan_check_write+0x14/0x20
[ 1101.487840][    C0]  ? clear_nlink+0x89/0xe0
[ 1101.492094][    C0]  __shmem_file_setup+0x1d6/0x2a0
[ 1101.496955][    C0]  shmem_file_setup+0x2f/0x40
[ 1101.501466][    C0]  __se_sys_memfd_create+0x1e1/0x3e0
[ 1101.506587][    C0]  __x64_sys_memfd_create+0x5b/0x70
[ 1101.511621][    C0]  do_syscall_64+0x3d/0xb0
[ 1101.515872][    C0]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1101.521602][    C0] RIP: 0033:0x7f6846e75e69
[ 1101.525867][    C0] Code: 28 00 00 00 75 05 48 83 c4 28 c3 e8 e1 20 00 00 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 b0 ff ff ff f7 d8 64 89 01 48
[ 1101.545294][    C0] RSP: 002b:00007f6845be90c8 EFLAGS: 00000246 ORIG_RAX: 000000000000013f
[ 1101.553540][    C0] RAX: ffffffffffffffda RBX: 00007f6846fa3f80 RCX: 00007f6846e75e69
[ 1101.561352][    C0] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000020000580
[ 1101.569163][    C0] RBP: 00007f6846ec247a R08: 0000000000000000 R09: 0000000000000000
[ 1101.576979][    C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[ 1101.584785][    C0] R13: 000000000000000b R14: 00007f6846fa3f80 R15: 00007fff1371de08
[ 1101.592603][    C0]  </TASK>
[ 1101.595463][    C0] Sending NMI from CPU 0 to CPUs 1:
[ 1101.600514][    C1] NMI backtrace for cpu 1
[ 1101.600524][    C1] CPU: 1 PID: 89 Comm: klogd Not tainted 5.15.148-syzkaller-00718-g993bed180178 #0
[ 1101.600541][    C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/27/2024
[ 1101.600550][    C1] RIP: 0010:kvm_wait+0x147/0x180
[ 1101.600571][    C1] Code: 4c 89 e8 48 c1 e8 03 42 0f b6 04 20 84 c0 44 8b 74 24 1c 75 34 41 0f b6 45 00 44 38 f0 75 10 66 90 0f 00 2d 5b 03 f3 03 fb f4 <e9> 24 ff ff ff fb e9 1e ff ff ff 44 89 e9 80 e1 07 38 c1 7c a3 4c
[ 1101.600585][    C1] RSP: 0018:ffffc90000997440 EFLAGS: 00000246
[ 1101.600600][    C1] RAX: 0000000000000003 RBX: 1ffff92000132e8c RCX: ffffffff8154f88f
[ 1101.600612][    C1] RDX: dffffc0000000000 RSI: 0000000000000003 RDI: ffff888125df9668
[ 1101.600623][    C1] RBP: ffffc900009974f0 R08: dffffc0000000000 R09: ffffed1024bbf2ce
[ 1101.600635][    C1] R10: 0000000000000000 R11: dffffc0000000001 R12: dffffc0000000000
[ 1101.600647][    C1] R13: ffff888125df9668 R14: 0000000000000003 R15: 1ffff92000132e90
[ 1101.600658][    C1] FS:  00007f54760e2380(0000) GS:ffff8881f7100000(0000) knlGS:0000000000000000
[ 1101.600672][    C1] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[ 1101.600684][    C1] CR2: 00007f63af342e78 CR3: 000000010b8fc000 CR4: 00000000003506a0
[ 1101.600698][    C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000
[ 1101.600707][    C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400
[ 1101.600718][    C1] Call Trace:
[ 1101.600723][    C1]  <NMI>
[ 1101.600729][    C1]  ? show_regs+0x58/0x60
[ 1101.600745][    C1]  ? nmi_cpu_backtrace+0x29f/0x300
[ 1101.600765][    C1]  ? nmi_trigger_cpumask_backtrace+0x270/0x270
[ 1101.600783][    C1]  ? kvm_wait+0x147/0x180
[ 1101.600796][    C1]  ? kvm_wait+0x147/0x180
[ 1101.600810][    C1]  ? nmi_cpu_backtrace_handler+0xc/0x20
[ 1101.600827][    C1]  ? nmi_handle+0xa8/0x280
[ 1101.600843][    C1]  ? kvm_wait+0x147/0x180
[ 1101.600856][    C1]  ? default_do_nmi+0x69/0x160
[ 1101.600873][    C1]  ? exc_nmi+0xaf/0x120
[ 1101.600886][    C1]  ? end_repeat_nmi+0x16/0x31
[ 1101.600902][    C1]  ? __pv_queued_spin_lock_slowpath+0x65f/0xc40
[ 1101.600927][    C1]  ? kvm_wait+0x147/0x180
[ 1101.600940][    C1]  ? kvm_wait+0x147/0x180
[ 1101.600954][    C1]  ? kvm_wait+0x147/0x180
[ 1101.600968][    C1]  </NMI>
[ 1101.600973][    C1]  <TASK>
[ 1101.600978][    C1]  ? asm_sysvec_apic_timer_interrupt+0x1b/0x20
[ 1101.600996][    C1]  ? kvm_arch_para_hints+0x30/0x30
[ 1101.601011][    C1]  ? __pv_queued_spin_lock_slowpath+0x65f/0xc40
[ 1101.601028][    C1]  __pv_queued_spin_lock_slowpath+0x6bc/0xc40
[ 1101.601047][    C1]  ? __pv_queued_spin_unlock_slowpath+0x310/0x310
[ 1101.601066][    C1]  _raw_spin_lock_bh+0x139/0x1b0
[ 1101.601082][    C1]  ? _raw_spin_lock_irq+0x1b0/0x1b0
[ 1101.601099][    C1]  ? sock_hash_bucket_hash+0x36d/0x7e0
[ 1101.601117][    C1]  sock_hash_delete_elem+0xb1/0x2f0
[ 1101.601133][    C1]  ? sock_map_unref+0x352/0x4d0
[ 1101.601148][    C1]  bpf_prog_2c29ac5cdc6b1842+0x3a/0x3ec
[ 1101.601161][    C1]  bpf_trace_run2+0xec/0x210
[ 1101.601178][    C1]  ? bpf_trace_run1+0x1c0/0x1c0
[ 1101.601193][    C1]  ? sock_map_unref+0x352/0x4d0
[ 1101.601208][    C1]  ? desc_read+0x1bb/0x420
[ 1101.601223][    C1]  ? sock_map_unref+0x352/0x4d0
[ 1101.601238][    C1]  __bpf_trace_kfree+0x6f/0x90
[ 1101.601252][    C1]  ? sock_map_unref+0x352/0x4d0
[ 1101.601267][    C1]  kfree+0x1f3/0x220
[ 1101.601284][    C1]  sock_map_unref+0x352/0x4d0
[ 1101.601300][    C1]  sock_hash_delete_elem+0x274/0x2f0
[ 1101.601316][    C1]  ? syslog_print+0x8fe/0x990
[ 1101.601331][    C1]  bpf_prog_2c29ac5cdc6b1842+0x3a/0x3ec
[ 1101.601343][    C1]  bpf_trace_run2+0xec/0x210
[ 1101.601359][    C1]  ? __kasan_check_write+0x14/0x20
[ 1101.601375][    C1]  ? bpf_trace_run1+0x1c0/0x1c0
[ 1101.601390][    C1]  ? syslog_print+0x8fe/0x990
[ 1101.601405][    C1]  ? syslog_print+0x8fe/0x990
[ 1101.601419][    C1]  __bpf_trace_kfree+0x6f/0x90
[ 1101.601433][    C1]  ? syslog_print+0x8fe/0x990
[ 1101.601447][    C1]  kfree+0x1f3/0x220
[ 1101.601461][    C1]  ? __kasan_check_read+0x11/0x20
[ 1101.601477][    C1]  syslog_print+0x8fe/0x990
[ 1101.601493][    C1]  ? do_syslog+0x830/0x830
[ 1101.601510][    C1]  ? avc_has_perm_noaudit+0x430/0x430
[ 1101.601527][    C1]  ? cap_capable+0x1d2/0x270
[ 1101.601541][    C1]  ? security_socket_sendmsg+0x82/0xb0
[ 1101.601555][    C1]  ? io_schedule+0x120/0x120
[ 1101.601571][    C1]  do_syslog+0x340/0x830
[ 1101.601586][    C1]  ? devkmsg_release+0x130/0x130
[ 1101.601600][    C1]  ? sched_clock+0x9/0x10
[ 1101.601617][    C1]  ? debug_smp_processor_id+0x17/0x20
[ 1101.601632][    C1]  ? fpregs_assert_state_consistent+0xb6/0xe0
[ 1101.601650][    C1]  __x64_sys_syslog+0x7c/0x90
[ 1101.601665][    C1]  do_syscall_64+0x3d/0xb0
[ 1101.601679][    C1]  ? sysvec_apic_timer_interrupt+0x55/0xc0
[ 1101.601694][    C1]  entry_SYSCALL_64_after_hwframe+0x61/0xcb
[ 1101.601711][    C1] RIP: 0033:0x7f5476243fa7
[ 1101.601724][    C1] Code: 73 01 c3 48 8b 0d 81 ce 0c 00 f7 d8 64 89 01 48 83 c8 ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 b8 67 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 8b 0d 51 ce 0c 00 f7 d8 64 89 01 48
[ 1101.601737][    C1] RSP: 002b:00007ffdfad07e78 EFLAGS: 00000206 ORIG_RAX: 0000000000000067
[ 1101.601752][    C1] RAX: ffffffffffffffda RBX: 00007f54763e24a0 RCX: 00007f5476243fa7
[ 1101.601764][    C1] RDX: 00000000000003ff RSI: 00007f54763e24a0 RDI: 0000000000000002
[ 1101.601774][    C1] RBP: 0000000000000000 R08: 0000000000000007 R09: a207e698a3e49b2d
[ 1101.601784][    C1] R10: 0000000000004000 R11: 0000000000000206 R12: 00007f54763e24a0
[ 1101.601794][    C1] R13: 00007f54763d2212 R14: 00007f54763e24e4 R15: 00007f54763e24e4
[ 1101.601808][    C1]  </TASK>