last executing test programs:

7m22.391869382s ago: executing program 3 (id=133):
r0 = syz_io_uring_setup(0x110, &(0x7f00000000c0)={0x0, 0x10, 0x0, 0x3, 0x8085}, &(0x7f0000000400)=<r1=>0x0, &(0x7f0000000280))
io_uring_register$IORING_REGISTER_FILES(r0, 0x2, &(0x7f0000000040)=[0xffffffffffffffff], 0x1)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4)
r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00')
read$eventfd(r2, &(0x7f0000000140), 0x8)

7m20.964036141s ago: executing program 3 (id=135):
r0 = fsopen(&(0x7f0000000400)='pstore\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
fsmount(r0, 0x0, 0xf)
fsconfig$FSCONFIG_SET_FLAG(r0, 0x0, &(0x7f0000000040)='ro\x00', 0x0, 0x0)
fsconfig$FSCONFIG_CMD_RECONFIGURE(r0, 0x7, 0x0, 0x0, 0x0)

7m19.422918473s ago: executing program 3 (id=138):
unshare(0x6020400)
r0 = gettid()
r1 = syz_open_procfs$namespace(r0, &(0x7f0000000040)='ns/cgroup\x00')
unshare(0x2020000)
close(r1)

7m18.086038439s ago: executing program 3 (id=143):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x1001a, &(0x7f0000000280)={[{@quota}, {@resuid={'resuid', 0x3d, 0xee01}}, {@barrier_val={'barrier', 0x3d, 0x3}}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x80}}, {@block_validity}, {@jqfmt_vfsv1}]}, 0x1, 0x42e, &(0x7f0000000940)="$eJzs20tvG0UcAPD/rpOUvkgo5dEHECiIiEfSpAV64AICiQsSEhzKMSRpFeI2qAkSrSIICHFFlbgjjkh8Ak5wQcAJiSsfAFWqUC4tnIzW3k1sx3k4deKCfz9pk5ndcWb+3hl7dicbQM8azn4kEYci4o+IGKxlGwsM137dXlma+ntlaSqJSuXtv5JquVsrS1NF0eJ1B/PMSBqRfp7EiRb1Lly9NjdZLs9cyfNji5c+GFu4eu352UuTF2cuzlyeOHfu7Jnxl16ceKEjcWZtunX84/mTx9549/qbU+evv/fLd0kRf1McHTK82cGnKpUOV9ddh+vSSV8XG0JbShGRna7+6vgfjFKsnbzBeP2zrjYO2FWVSqVycOPDyxXgfyyJbrcA6I7iiz67/i22PZp63BVuvlK7AMrivp1vtSN9keZl+puubztpOCLOL//zdbbF7tyHAABo8EM2/3mu1fwvjQfryt2brw0NRcR9EXEkIu6PiKMR8UBEtexDEfFwm/U3L5Ksn/+kN3YU2DZl87+X87WtxvlfMfuLoVKeO1yNvz+5MFueOZ2/JyPRvy/Lj29Sx4+v/f7lRsfq53/ZltVfzAXzdtzo29f4munJxck7ibnezU8jjve1ij9ZXQlIIuJYRBzfYR2zz3x7cqNjW8e/iQ6sM1W+iXi6dv6Xoyn+QrL5+uTYPVGeOT1W9Ir1fv3ti7c2qv+O4u+A7PwfaNn/V+MfSurXaxfa+/v7tji+0/4/kLxTTQ/k+z6aXFy8Mh4xMNfYKar7J9bni/JZ/COnWo//I7H2TpyIiKwTPxIRj0bEY3nbH4+IJyLi1CYx/vzqk+/vPP7dlcU/3db5X0sMRPOe1onS3E/fN1Q61E782fk/W02N5Hu28/m3nXa135sBAADgvymNiEORpKOr6TQdHa39v/zROJCW5xcWn70w/+Hl6dozAkPRnxZ3ugbr7oeO55f1RX6iKX8mv2/8VWl/NT86NV+e7nbw0OMObjD+M3+Wut06YNd5Xgt6l/EPvcv4h95l/EPvajH+93ejHcDea/X9/0kX2gHsvabxb9kPeojrf+hdxj/0LuMfetLC/tj6IXkJiXWJSO+KZkjsUqLbn0wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACd8W8AAAD//9Oa5Js=")
mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180), 0x1204001, &(0x7f00000011c0)={[{@lowerdir={'lowerdir', 0x3d, '.'}, 0x3a}], [], 0x2f})
chdir(&(0x7f0000000040)='./file0\x00')
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x115)
getdents64(r0, &(0x7f0000000f80)=""/4096, 0x1000)

7m16.025391604s ago: executing program 3 (id=147):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000980)={0x48, 0x5, r1, 0x0, <r2=>0x0, 0x1})
ioctl$IOMMU_IOAS_MAP(r0, 0x3b85, &(0x7f0000000a00)={0x28, 0x7, r1, 0x0, &(0x7f00000a0000)='LLLLLLLLLLLLLLLLLLLLLLLLLLLL', 0x1000})
ioctl$IOMMU_TEST_OP_ACCESS_RW(r0, 0x3ba0, &(0x7f0000000ac0)={0x48, 0x8, r2, 0x0, 0x400, 0x1, &(0x7f0000000b40)='L', 0x4})

7m14.168785887s ago: executing program 3 (id=151):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000700)='attr/current\x00')
exit(0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
close_range(r0, 0xffffffffffffffff, 0x0)

7m11.810408754s ago: executing program 32 (id=151):
r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0006}]})
syz_open_procfs(0xffffffffffffffff, &(0x7f0000000700)='attr/current\x00')
exit(0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00')
close_range(r0, 0xffffffffffffffff, 0x0)

5m52.204904512s ago: executing program 0 (id=374):
r0 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000080))
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0xe)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil)
connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)
ioctl$PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f0000000100)={0x60, 0x0, &(0x7f00001c9000/0x3000)=nil, &(0x7f0000ffc000/0x1000)=nil, 0xfffffffffffffffe, &(0x7f0000000f40)=[{0x0, 0x20000002}, {0x8, 0x1c, 0xcc}], 0x2, 0x237, 0x0, 0x2, 0x0, 0x2})

5m51.456537721s ago: executing program 0 (id=377):
socket$packet(0x11, 0x3, 0x300)
r0 = socket$packet(0x11, 0x2, 0x300)
socket$packet(0x11, 0xa, 0x300)
setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x8000}, 0x4)
syz_emit_ethernet(0xfdef, &(0x7f0000000000)=ANY=[@ANYBLOB="bbbbbbbbbbbb0180c200000008004500002c0000ff"], 0x0)

5m50.460146112s ago: executing program 0 (id=382):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1c0)
r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x2000, 0x1a8)
unlinkat(0xffffffffffffff9c, &(0x7f0000000380)='./file1\x00', 0x200)
fchdir(r0)
mount(0x0, &(0x7f0000000380)='./file1\x00', 0x0, 0x0, 0x0)

5m49.250979629s ago: executing program 0 (id=385):
syz_mount_image$vfat(&(0x7f0000000240), &(0x7f0000000000)='./file0\x00', 0x101c08a, &(0x7f00000006c0)={[{@utf8no}, {@utf8no}, {@fat=@errors_continue}, {@uni_xlate}, {@numtail}, {@rodir}, {@iocharset={'iocharset', 0x3d, 'cp437'}}, {@uni_xlateno}, {@rodir}, {@numtail}, {@shortname_win95}, {@rodir}, {@fat=@codepage={'codepage', 0x3d, '1250'}}, {@shortname_win95}, {@fat=@dos1xfloppy}, {@utf8no}, {}]}, 0x6, 0x2d2, &(0x7f00000008c0)="$eJzs3T9rZFUYB+D3JpOZWQUnhZUIHtDCatlsazOL7IKYymUKtdDgZmHJBCWBgH/wupWtjYWFn0AQ/CA2fgPBVrBzhYUj9869eyebMJu7OBHd5ymSkzPnN+c9d4bkpsibD18+PLiT4u79L36N8biIjWlM40ER27ERra/ilOk3AQD8lz3IOf7IC31yRUSM11cWALBGF/v5P+iGP11KWQDAGt1+9723b+zu3nwnpXHcOvz6ZFb9Zl99vtIuuRfz2I9rMYmHEfWNwlbUdwvV8FbOuRykyna8dliezE5mEYcf/NyEb/weUed3YhLb9dSju406/9buzZ06nj55ocuXVR3PVfm7cW9a5a/HJF58FD6Vv55SGkVKS/uXMRvG668u8vX+V2MSv3wUH8c87tRFdPkvd1J6M3/75+fvV+VV+aI8mY3qdZ28eakvDAAAAAAAAAAAAAAAAAAAAAAA/2tXF7130ijq/j3VVNN/Z/Nh9cVWpNZyf5+y+hhNH+Dacn+gnHOZ4/u2v861lFJuFnb5Qbw0WG4sCAAAAAAAAAAAAAAAAAAAAM+u408/O9ibz/eP/pFB2w1gEBF/3Y542ueZLs28EqsXj5o99+bzjWZ4es1geSY22zVFxMoyqkM87dUYRK+zXzlTczP44ce+u4+fvGar2qvoV2HPQfvuOtgrzr+Go2hnxk0Z3w0jujXDuOBew8dn8mTxPLnXAYfnPjTpffbh8/WgXLEmilWFvfHb4so1M2depmF9Vc+NbzWDpfhj740LvZ9jvIif/V5R6NYBAAAAAAAAAAAAAAAAAABr1f317zkP3l8Z3cijtZUFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJeq+///PQZlE94/Oh48YfEwjo7/5SMCAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwDPg7AAD//+RmV1Y=")
mlock2(&(0x7f0000627000/0x3000)=nil, 0x3000, 0x0)
syz_clone3(&(0x7f0000001880)={0x100000200, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0}, 0x58)
mlock(&(0x7f0000a53000/0x3000)=nil, 0x3000)
mlock(&(0x7f0000626000/0x5000)=nil, 0x5000)

5m47.481133293s ago: executing program 0 (id=391):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000180), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f00000001c0)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08000900fc000000080011000700000008000e00800000000800", @ANYRES32=r0, @ANYRES64], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x20000810)

5m46.50515496s ago: executing program 0 (id=394):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa07, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1, 0x2})

5m43.492578571s ago: executing program 33 (id=394):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa07, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1, 0x2})

2m43.871517435s ago: executing program 6 (id=985):
socket$nl_route(0x10, 0x3, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
openat$rfkill(0xffffffffffffff9c, &(0x7f0000000240), 0x40900, 0x0)
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c00000015000103000000000000e7ff0b00000008000100", @ANYRES64=r0], 0x1c}, 0x1, 0x0, 0x0, 0x4001}, 0x4000000)
sendmsg$NLBL_UNLABEL_C_STATICADD(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x8, 0x3000000000002}, 0x0)

2m43.028823391s ago: executing program 6 (id=989):
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50)
bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000040)={{r0, <r1=>0xffffffffffffffff}, &(0x7f00000001c0), &(0x7f0000000000)='%pS    \x00'}, 0x20)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000280)={r1}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x11, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000000000000400008500000061000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r2, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000840)="b9ff07002321008cb89e08f088a8", 0x0, 0xfe2, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

2m41.151853849s ago: executing program 6 (id=993):
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=@gettaction={0x50, 0x32, 0x20, 0x70bd25, 0x25dfdbfe, {}, [@action_gd=@TCA_ACT_TAB={0x1c, 0x1, [{0xc, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'bpf\x00'}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}]}, @action_gd=@TCA_ACT_TAB={0x20, 0x1, [{0x10, 0xc, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x40}}]}]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x4048840)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000180)=@newqdisc={0x24, 0x24, 0x1, 0x70bd2a, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}, {0x5}}}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b0001006272696467650000180002"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

2m39.592680544s ago: executing program 6 (id=997):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
mount$bind(0x0, &(0x7f00000005c0)='./file0\x00', 0x0, 0x100000, 0x0)
r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901)
move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0)
move_mount(0xffffffffffffff9c, &(0x7f00000000c0)='./file0\x00', r0, 0x0, 0x141)

2m38.733258019s ago: executing program 6 (id=1002):
syz_mount_image$vfat(&(0x7f0000000300), &(0x7f0000000000)='./file1\x00', 0x204888, &(0x7f0000000380)=ANY=[@ANYBLOB="756e695f786c6174653d312c696f636861727365743d757466382c0097b75cbdde02821d0f899c2377ee9577397fc18b433d0c59e692b381740ca495e1c145c5922679338b5ff21c0653a98440a5725268a242c0263564f988d3c178704feaf8a412df818275708882ea9a4048c6e458a1f05b83f2e69b965b1df203b21de2b0ee375647f886a5310889982079aa7b1fb42e2382d40feefe7f768eec58b19cf50faaf129503175f4262df740183df51d3641ff78b86127c1db8ef165bfa3bd20797fde6ff91a0e45d3d7c1c6d1ce0a72be8c1fdb00000000"], 0x1, 0x336, &(0x7f0000000880)="$eJzs3cFrI1UcB/DfxrXdXe2mBxEUxIde9DK09R8wyC6IBaVuZfUgzNqphswmJRNWsoi7N/Hm37F49CaI4LkX79689eJxD4uRJm23ienBhTSWfD4Q3i/z8mXeJEz4XZJ3cPuHu63dKtvNe1F7N8XViKg9jliNWhy7dDTWhvVSnPYw3q7f/uO1jz/97IPG5uaNrZRuNm69s5FSuv76L19/8+Mbv/Ze+OSn6z8vx/7q5wd/bfy5//L+Kwd/3/qqWaVmldqdXsrTnU6nl98pi7TTrFpZSh+VRV4Vqdmuiu7Y/G7Z2dvrp7y9s3Jtr1tUVcrb/dQq+qnXSb1uP+Vf5s12yrIsrVyLxfIs17v9aGsrb8xgMZyj7ycPXB1/2u028sN7ePlfye1HM10YAPC/NNn/1+LK8Pic+v/jFuW/9/+XFr3/fxb6/0Vw2P8vHd2/4/T/AAAAAAAAAAAAAABwETweDOqDwaB+PE4+5r0+Zsvnv9hO/XDvSkT53b3te9ujcTTf2I1mlFHEWtTjScTgxKi++f7mjbU0tBordx+M8ofjc+P59ajH6vT8ekpp8CCl8fzzw3+0OMlvRD1emp7fGJ1/Ir8Ub715Kp9FPX7/IjpRxk4cZp/mv11P6b0PNyfyy8PXAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALAYsnRi6v79WXbW/Ch/sr/+WtTjyfT9+dem7s9/OV69PN9rBwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIBjVf9+Ky/Lonv+xcM4Y2pwZF4LO/8iYman+O3FOOt9VijOLub9zQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADn7+mm3/NeCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPNU9e+38rIsujMs5n2NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF8k/AQAA//8A7ioD")
munmap(&(0x7f0000002000/0x1000)=nil, 0x1000)
open(&(0x7f0000000040)='./file1\x00', 0x8001121ac2, 0x0)
r0 = open(&(0x7f0000000140)='.\x00', 0x8000, 0x112)
getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8)
getdents(r0, &(0x7f0000001fc0)=""/184, 0xb8)

2m38.169163386s ago: executing program 6 (id=1006):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x2, @loopback}, 0x10)
sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x410200}], 0x1}}], 0x48}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff002, 0x0, 0x2000000000032, 0xffffffffffffffff, 0x0)

2m35.352058753s ago: executing program 34 (id=1006):
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r0 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r0, &(0x7f0000000040)={0x2, 0x2, @loopback}, 0x10)
sendmsg$rds(r0, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x410200}], 0x1}}], 0x48}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff002, 0x0, 0x2000000000032, 0xffffffffffffffff, 0x0)

1m2.035541061s ago: executing program 2 (id=1190):
r0 = socket$inet(0x2, 0x2, 0x0)
setsockopt$inet_mreqn(r0, 0x0, 0x23, &(0x7f0000000740)={@multicast2, @loopback}, 0xc)
syz_io_uring_setup(0x10278e, &(0x7f0000000000)={0x0, 0x4c1f, 0x10, 0x0, 0x200004}, 0x0, 0x0)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000000)=ANY=[@ANYBLOB="e00000027fa80a010100000004"], 0x57)
r1 = socket$netlink(0x10, 0x3, 0x0)
writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000040)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000009000000000000000007fdc111efc40800040000000000000000", 0x39}], 0x1)

59.766014709s ago: executing program 2 (id=1195):
socket$inet_udp(0x2, 0x2, 0x0)
syz_open_dev$usbfs(&(0x7f0000000040), 0x20000007d, 0x0)
r0 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x0, 0x400, 0x0, 0x338}, &(0x7f0000000080)=<r1=>0x0, &(0x7f00000001c0)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
syz_io_uring_submit(r1, r2, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x8, 0x0, @fd_index=0x4, 0x0, 0x0})
io_uring_enter(r0, 0x47ba, 0x98f1, 0x2a, 0x0, 0x0)

58.70889935s ago: executing program 2 (id=1198):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$SO_TIMESTAMP(r0, 0x1, 0x3f, &(0x7f0000000080)=0x1, 0x4)
bind$inet(r0, &(0x7f0000000480)={0x2, 0x4e23, @multicast1}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x28040041, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10)
sendmsg$inet(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000280)="1f", 0x1}], 0x1}, 0x8c0)
recvmmsg(r0, &(0x7f0000000e00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=""/25, 0x19}, 0x8}], 0x1, 0x0, 0x0)

56.781279391s ago: executing program 2 (id=1203):
io_uring_setup(0x3eae, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x3})
madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000000000/0x800000)=nil, 0x800000}, 0x1})
mremap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x400000, 0x3, &(0x7f0000c00000/0x400000)=nil)

55.593236331s ago: executing program 2 (id=1207):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8000000008b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
syz_mount_image$jfs(&(0x7f0000000000), &(0x7f0000000040)='./file0\x00', 0x1010000, &(0x7f0000000200)=ANY=[@ANYBLOB="696f636861727365743d6d616363726f617469616e2c646973636172643d3078303030303030303030303030303030332c6e6f646973636172642c6572726f72733d636f6e74696e75652c696f636861727365743d6d6163637972696c6c69632c0067add4ceec7cb8702b1b4a0ff322839e69b507d7478e0706b00408dc59283f5c0159b8e3c0289dcb182504844ef8e6972cdb3f50680fc9602ed27c1f6b47a91f941f154ae205d34a9b7a7c67efa0c0e2a70251d664fce12ae64a5a521aa83080b7672c4e1566a61a0ade4b6c9d78151053d9fb31fd2cfc77f269f873e14e5fe3c46c0acbb22d40391ae31d2025dcd947adf76739ae4ecbe3b630040b37e2b09d7816e0b93981de1147532cf2f46d4d4904f68fb43cd165b9"], 0x1, 0x61d0, &(0x7f000000cb40)="$eJzs3c2OHFfZB/Cn+ms+8saxsojyWghNEgMJIf4MxhAgyQIWbFggb5GtySSycADZBjmRhSeaDQsuAoTEEhBLVlxAFmzZcQFYspGArFKoZs4Z1zTd7rGd6eqZ8/tJk6qnTtX0qfy7prtdVX0CAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIjvffcHZ6uIuPzztOB4xP9FP6IXsdLUaxGxsnY8rz+IiOdjuzmei4jhUkSVG5+JeD0iPj4Wce/+7fVm0bl99uM7f/zbb3/41Pf/+vvh6X//6Wb/jWnr3br1q3/9+c7j7y8AAACUqK7rukof80+kz/e9rjsFAMxFfv2vk7xcvXD15oL1R61Wq9WHsG6rJ7vTLiJis71N857B6XgAOGQ245Ouu0CH5F+0QUQ81XUngIVWdd0BDsS9+7fXq5Rv1X49WNtpz9eC7Ml/s9q9v2PadJbxa0zm9fzain48O6U/K3PqwyLJ+ffG87+80z5K6x10/vMyLf/Rzq1Pxcn598fzH3N08u9NzL9UOf/BI+Xflz8AAAAAACyw/O//xzs+/7v05LuyLw87/7s2pz4AAAAAAAAAwGftScf/21UZ/w8AAAAWVfNZvfHrYw+WTfsutmb5pSri6bH1gcKkm2VWu+4HAAAAAAAAAAAAAJRksHMN76UqYhgRT6+u1nXd/LSN14/qSbc/7ErffyhZ13/kAQBgx8fHxu7lryKWI+JS+q6/4erqal0vr6zWq/XKUn4/O1parldan2vztFm2NNrHG+LBqG5+2XJru7ZZn5dntY//vuaxRnV/Hx2bjw4DB4CI2Hk1uucV6Yip62ei63c5HA6O/6PH8c9+dP08BQAAAA5eXdd1lb7O+0Q659/rulMAwFzk1//x8wJqtVqtVquPXt1WT3anXUTEZnub5j2D4fgB4JDZjE+67gIdkn/RBhHxfNedABZa1XUHOBD37t9er1K+Vfv1II3vnq8F2ZP/ZrW9Xd5+0nSW8WtM5vX82op+PDulP8/NqQ+LJOffG8//8k77KK130PnPy7T8m/083kF/upbz74/nP+bo5N+bmH+pcv6DR8q/L38AAAAAAFhg+d//jy/U+d/R4+7OTA87/7t2YI8KAAAAAAAAAAfr3v3b6/m+13z+/3MT1nP/59GU86/kX6Scf7r/f/fCm5fH1uu35u++/SD/f96/vf67m//4/zzdb/5LeaZKz6wqPSOq9EjVIE0fc8em2Br2R80jDatef5Cu+amH78bVuBYbcWbPur10PDxoP7unvenpcLu97u+0n9vTPthtz9uf39M+TFc61Su5/VSsx0/iWryz3d60Lc3Y/+UZ7fWM9px/3/FfpJz/oPXT5L+a2quxaePuR73/Oe7b00mP89bVz//yzMHvzkxb0d/dt7Zm/17soD/b/0+eGsXPbmxcP3Xrys2b189GmuxZei7S5DOW8x+mn5z/yy/ttOe/++3j9e5Ho0fOf1FsxWBq/i+15pv9fWXOfetCzn+UfnL+76T2ycf/Yc5/+vH/agf9AQAAAAAAAAAAAAAAgIep63r7FtG3IuJCuv+nq3szAYD5yq//dZKXz6vuP+72f9i7H131X62ec10tWH/mWn9aL1Z/1AtZ/2fB+rNwdVs92ZvtIiL+0t6mec/wi0m/DABYZJ9GxN+77gSdkX/B8vf9NdOTXXcGmKsbH3z4oyvXrm1cv9F1TwAAAAAAAACAx5XH/1xrjf98sq7rO2Pr7Rn/9e1Ye9LxPwd5ZneA0SkDVfcffZ8eZqs36vdaw42/ENPG/x7uzj1s/O/BjMcbzmgfzWhfmtG+PKN94o0eLTn/F1rjnZ+MiBNjw6+XMP7r+Jj3Jcj5v9h6Pjf5f2lsvXb+9W8Oc/69Pfmfvvn+T0/f+ODD166+f+W9jfc2fnz+7Nkz5y9cuHjx4ul3r17bOLPz3w57fLBy/nnsa9eBliXnnzOXf1ly/l9ItfzLkvP/YqrlX5acf36/J/+y5PzzZx/5lyXn/0qq5V+WnP+XUy3/suT8X021/MuS8/9KquVflpz/a6mWf1ly/qdSLf+y5PxPp3qf+a8cdL+Yj5x/PsPl+C9Lzj9f2SD/suT8z6Va/mXJ+Z9PtfzLkvN/PdXyL0vO/6upln9Zcv4XUi3/suT8v5Zq+Zcl538x1fIvS87/66mWf1ly/t9ItfzLkvN/I9XyL0vO/5upln9Zcv7fSrX8y5Lz/3aq5V+WnP+bqZZ/WR58/78ZM2bM5Jmu/zIBAAAAAAAAAAAAAOPmcTlx1/sIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB/2YEDAQAAAAAg/9dGqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqsIOHAgAAAAAAPm/NkJVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVUV9u4tRq67vgP4mb1540BiIKROasLGMcY4m+z6El9oXUy4NtxKQij0gu1612bBN7x2CTSqHQVKJIyKKtqGh7aAUJuXCqvigVaA8oBaVaoE7QN9QVSoPERVQAGpKq0gW82c//+/M7OzM7ve8ebMOZ+PlPyyM2fmnDnzn9n92vnuAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAM3ufMPsp2pZltVqtfyCTVn2ovq8YWJT45LXvrDHBwAAAKzdLxr/fu7mdMHhFdyoaZt/uuPbX11YWFjI3jf8p6OfW1hIV0xk2eiGLGtcF139wftrzdsEj2fjtaGmr4d67H64x/UjPa4f7XH9WI/rN/S4frzH9UtOwBI3ZLV0Z9sa/7kpP6XZLdlo47ptHW71eG3DUP3cpdtmtcZtFkZPZHPZqWw2m27ZPt+21tj+63fW9/XWLO5rqGlfW+or5CePHo/HUAvneFvLvhbvM/rR67OJn/7k0eN/feHZ2zrNnqeh5f7y49yxtX6cnwiX5MdayzakcxKPc6jpOLd0eE6GW46z1rhd/b/bj/O5FR7n8OJhrqv253w8G2r893ca52mklnU4T1vCZT+7K8uyy4uH3b7Nkn1lQ9nGlkuGFp+f8XxF1u+jvpRemo2sap3euYJ1Wp8z21rXaftrIj7/d4bbjSxzDM1P048eG2t63n++cC3rNKo/6uVeK+1rsN+vlaKswbguvtN40E90XIPbwuN/dPvya7Dj2umwBtPjblqDW3utwaGx4cYxpyeh1rjN4hrc1bL9cGNPtcZ8Znv3NTh14fS5qfmPffyeudPHTs6enD2zZ9eu6T379h04cGDqxNyp2en839d4totvYzaUXgNbw7mLr4FXt23bvFQXvji25P33Wl+H411eh5vatu3363Ck/cHV1ucFuXRN56+N99RP+viVoWyZ11jj+dm59tdhetxNr8ORptdhx+8pHV6HIyt4Hda3ObdzZT+zjDT90+kYlv9esLY1uKlpDbb/PNK+Bvv980hR1uB4WBff27n894It4XifmFztzyPDS9Zgerjhvad+Sfp5f/xAY3Ral7fXr7hxLLs4P3v+3keOXbhwflcWxrp4WdNaaV+vG5seU7ZkvQ6ter0enrvjids7XL4pnKvxe+r/Gl/2uapvs/fe7s9V47tb5/PZcunuLIw+W+/z2em7ef18jmXZ57/12IPfePTzb1j2fNbz5iem1v6zeMqlTe+/o8u8/8bc/3y+v3RXjw+PjuSv3+F0dkZb3o9bn6qRxntXrbHv56ZW9n48Gv5Z7/fjW7q8H29u27bf78ej7Q8uvh/Xev1px9q0P5/jYZ2cmu7+flzfZvPu1a7Jka7vx3eFWQvn/zUhKaRc1LR2llu3aV8jI6PhcY3EPbSu0z0t24+GbFbf11O7r22d7rgrv6/h9OgWrdc6nWjbtt/rNP3Z13LrtNbrT9+uTfvzOR7WxS17uq/T+jZP7137e+cN8T+b3jvHeq3B0eGx+jGPpkXYeL/PFm6Ia/De7Hh2NjuVzTSuHWusp1pjX5P3rWwNjoV/1vu9cnOXNbijbdt+r8H0fWy5tVcbWfrg+6D9+RwP6+LJ+7qvwfo2b9zf359dd4RL0jZNP7u2//nacn/mdXvbabpea2UkHOe39nf/s9n6NqcOrDZndj9Pd4dLbuxwntpfv8u9pmay9TlPm8NxPntg+fNUP576Np87uML1dDjLsksfub/x573h71f+7uJ3v9ry9y6d/k7n0kfu//GLT/zjao4fgMH3fD425t/rmv5maiV//w8AAAAMhJj7h8JM5H8AAAAojZj74/8Vnsj/AAAAUBox94+EmVQk/29+47Nzz1/KUjN/IYjXp9PwQL5d7LhOh68nFhbVL7//y7P//Q+XVrbvoSzLfv7AH3TcfvMD8bhyE+E4r76p9fIlvnrPivZ99OFLab/N/fUvhPuPj2ely6BTBXc6y7Kv3/yZxn4m3n+lMZ9+4GhjPnj5icfr2zx3MP863v6Zl+Xb/0Uo/x4+cazl9s+E8/DDMKff1vl8xNt95cprtux/7+L+4u1qW29qPOwnP5Dfb/w9OZ99PN8+nufljv8bn37qK/XtH3lV5+O/NNT5+J8K9/vlMP/3Ffn2zc9B/et4u0+G44/7i7e790vf7Hj8Vz+Vb3/uzfl2R8OM+98Rvt725mfnms/XI7VjLY8re0u+Xdz/9Hf/uHF9vL94/+3HP37kSsv5aF8fT/9bfj9TbdvHy+N+or9v23/9fprXZ9z/U390tOU899r/1QefeUX9ftv3f3fbduc+srOx/8X7a/2NTX/5yc903F88nsN/e67l8Rx+d3gdh/0/+YGwHsP1/3c1v7/2365w9N2t7z9x+y9sutTyeKK3/jTf/9XXnWzMDeM3bLzxRS++6fIr6+cuy76zIb+/Xvs/+VdnW47/i7fm5yNeHzv67ftfTtz/+Y9Onjk7f3FuJp3VR29u/O6ct+fHE4/35vDe2v71kbMXPjh7fmJ6YjrLJsr7K/Su2ZfC/HE+LnffemHJO+jOh8Pzefuff33j9n/9dLz839+TX37lbfn3rVeH7T4bLt8Unr/V7X+pJ++8tfH6rj0djnBh6e8LXost2/7rwIo2DI+//eeCuN7PvfyDjfNQv67xfSO+rtd4/N+fye/na+G8LoTfzLz11sX9NW8ffzfClYfy1/uaz194m4vP69+E5/sdP8zvPx5XfLzfDz/HfHNz6/tdXB9fuzTUfv+N3+JxObyfZJfz6+NW8Xxfee7WjocXfw9Jdvm2xtd/ku7ntlU9zOXMf2x+6tTcmYuPTF2Ynb8wNf+xjx85ffbimQtHGr/L88iHet1+8f1pY+P9aWZ2396s8W51Nh/X2Qt9/OcePj6zf3r7zOyJYxdPXHj43Oz5k8fn54/PzsxvP3bixOxHe91+bubQrt0H9+zfPXlybubQgYMH9xycnDtztn4Y+UH1sG/6w5Nnzh9p3GT+0N6Du+67b+/05OmzM7OH9k9PT17sdfvG96bJ+q1/f/L87KljF+ZOz07Oz3189tCug/v27e752wBPnzsxPzF1/uKZqYvzs+en8scycaFxcf17X6/bU07z/5H/PNuulv8ivuxdd+9Lv5+17suPLXtX+SZtv0D02fC7aP75JecOrOTrmPtHw0wqkv8BAACgCmLuHwszkf8BAACgNGLu3xBmIv8DAABAacTcPx5mUpH8X7r+/+ZLK9q//r/+f/P50v+vWP//oaL1//P3C/3//lhr/17/P9D/1//X/9f/1/+nD4rW/4+5/4Ysq2T+BwAAgCqIuX9jmIn8DwAAAKURc/+NYSbyPwAAAJRGzP0vCjOpSP7X/9f/1//X/9f/77x//f/BpP/fnf5/D/r/U1m1+v+X+3n8+v/6/yxVtP5/zP0vDjOpSP4HAACAKoi5/6YwE/kfAAAASiPm/pvDTOR/AAAAKI2Y+zeFmVQk/+v/6//r/+v/6/933r/+/2DS/+9O/78H/X+f/6//r/9PXxWt/x9z/0vCTCqS/wEAAKAKYu5/aZiJ/A8AAADFM3JtN4u5/2VhJkvy/zXuAAAAAHjBxdx/S9ZWBK/I3//r/+v/F7//vyFdp/+v/58Vsv8/nOn/F4f+f3f6/z3o/+v/6//r/9NXRev/N3J/Np69PMykIvkfAAAAqiDm/lvDTOR/AAAAKI2Y+38pzET+BwAAgNKIuX9zmElF8r/+v/5/8fv/Pv9f/7/o/X+f/18k+v/d6f/3oP+v/6//r/9PXxWt/x9z/21hJhXJ/wAAAFAFMfffHmYi/wMAAEBpxNz/y2Em8j8AAACURsz9W8JMKpL/9f8L3v+PzVH9f/1//X/9f/3/FdH/707/vwf9f/1//X/9f/qqaP3/mPtfEWZSkfwPAAAAVRBz/x1hJvI/AAAAlEbM/a8MM5H/AQAAoDRi7p8IM6lI/tf/L3j/P+/Bj/n8f/1//X/9f/3/ldH/707/vwf9f/3/vvT/Fy7p/+v/kyta/z/m/jvDTCqS/wEAAKAKYu7fGmYi/wMAAEBpxNx/V5iJ/A8AAAClEXP/tjCTiuR//f+B6P9n+v/6//r/+v/6/yuj/9+d/n8P+v/6/z7/X/+fvipa/z/m/leFmVQk/wMAAEAVxNy/PcxE/gcAAIDSiLn/1WEm8j8AAACURsz9O8JMKpL/9f/1//X/9f/1/zvvX/9/MOn/d6f/34P+v/6//r/+P31VtP5/zP2vCTOpSP4HAACAKoi5f2eYifwPAAAApRFz/91hJvI/AAAAlEbM/ZNhJhXJ//r/+v/6//r/+v+d96//P5j0/7vT/+9B/1//X/9f/5++Klr/P+b+e8JMKpL/AQAAoApi7r83zET+BwAAgNKIuX8qzET+BwAAgNKIuX86zKQi+V//X/9f/1//f1X9/1cu3q/+f07/v1j0/7vT/+9B/1///wXv/4/q/1MqRev/x9y/K8ykIvkfAAAAqiDm/t1hJvI/AAAAlEbM/XvCTOR/AAAAKI2Y+/eGmVQk/+v/6//r/+v/+/z/zvvX/x9M+v/d9b//Hx+i/r/+v/6/z//X/2epovX/Y+6/L8ykIvkfAAAAqiDm/n1hJvI/AAAAlEbM/fvDTOR/AAAAKI2Y+w+EmVQk/+v/6//r/+v/6/933r/+/2DS/+/O5//3oP+v/6//r//PGj30h81fFa3/H3P/wTCTiuR/AAAAqIKY+18bZiL/AwAAQGnE3P8rYSbyPwAAAJRGzP2/GmZSkfyv/9/SPa8/XP1//X/9f/3/Bv3/waT/353+fw/6//r/+v/6//TVsv3/EL3Xu/8fc/+hMJOK5H8AAACogpj7fy3MRP4HAACA0oi5/3VhJvI/AAAAlEbM/YfDTCqS//X/ff6//r/+v/5/5/2vd/9/LN6v/v+a6P93p//fg/6//r/+v/4/fVW0z/+Puf/1YSYVyf8AAABQBTH33x9mIv8DAABAacTc/4YwE/kfAAAASiPm/jeGmVQk/+v/6//r/+v/6/933r/P/x9M+v/d6f/3oP+v/6//r/9PXxWt/x9z/5vCTCqS/wEAAKAKYu5/c5iJ/A8AAAClEXP/W8JM5H8AAAAojZj73xpmUpH8r/+v/6//r/+v/995//r/g0n/vzv9/x70//X/9f/1/+mrovX/Y+7/9TCTiuR/AAAAqIKY+x8IM5H/AQAAoDRi7n9bmIn8DwAAAKURc//bw0wqkv/1//X/9f/1//X/O+9f/38w6f93N2D9/1/cFC7X/8/p/xf7+Ffb/x9p+/q69P9/sFz/f2FD++31/7keitb/j7n/HWEmFcn/AAAAUAUx978zzET+BwAAgNKIuf9dYSbyPwAAAJRGzP2/EWZSkfyv/18/jsX2sv5/Wfv/Q/r/+v/6/xWh/9/dgPX/ff5/G/3/Yh+/z//X/2epovX/Y+5/d5hJRfI/AAAAVEHM/Q+Gmcj/AAAAUBox9z8UZiL/AwAAQGnE3P+eMJOK5H/9f5//X43+v8//z/T/9f8rQv+/O/3/HvT/9f+L1v//T/1/BlvR+v8x9z8cZlKR/A8AAABVEHP/e8NM5H8AAAAojZj7fzPMRP4HAACA0oi5/31hJhXJ//r/g9L/nxjQ/v9j+v/Xsf9/x035dvr/+v8s0v/vTv+/B/1//f+i9f99/j8Drmj9/5j73x9msvL8P77iLQEAAIAXRMz9vxVmUpG//wcAAIAqiLn/t8NM5H8AAAAojZj7fyfMpCL5X/9/UPr/Pv8/0//3+f9tj0f/X/+/k/Xr/8d3Hv1//X/9/0j/X/9f/592Rev/x9z/u2EmFcn/AAAAUAUx938gzET+BwAAgIHQ6f/Jbhdz/5EwE/kfAAAASiPm/qNhJhXJ//r/+v/6/wXt///Z1n/53rffeXSX/r/+v/7/qqzr5//XX/w+/1//X/8/0f/X/9f/p13R+v8x9x8LM6lI/gcAAIAqiLn/98JM5H8AAAAojZj7j4eZyP8AAABQGjH3z4SZVCT/6//r/+v/F7T/P8Cf/x/Ph/5/q771/+Obrv5/R3n/Pq2i69v/f+9iT1z/f7X9/7GOl+r/6/8P8vHr/+v/s1TR+v8x98+GmVQk/wMAAEAVhNw/dCKfi1fI/wAAAFAaMfefDDOR/wEAAKA0Yu7/YJhJRfK//r/+v/6//r/P/++8/279/9qIz/8vqtS//1njhaL/36Y4/f/O9P/1/wf5+PX/9f9Zqmj9/5j758JMKpL/AQAAoApi7v9QmIn8DwAAAKURc/+Hw0zkfwAAACiNmPtPhZlUJP/r/+v/6//r/+v/d95/YT//X/+/q7X27/X/A/3/avf//0f/X/9f/5/+KFr/P+b+02EmFcn/AAAAUAUx958JM5H/AQD+n707abKzLvs4fvp5wpNO8SzcuXBjlUtfAgtd6wtw4caNVZYLJ1ScCc4jioqzIjgPOIAgooLzAE4ozqDiPA84IUrFonNdV9Ldd9+nOzndfd///+ezyCVtmnOkUgm/dL7eANCM3P2PjVvsfwAAAGhG7v7HxS2d7H/9/9n0/6cqZf3/5vc/if7/Qfr/nV5f/6//b5n+f5z+fwn9v+f/6//1/6zU1Pr/3P2Pj1s62f8AAADQg9z9T4hb7H8AAABoRu7+8+MW+x8AAACakbv/iXFLJ/t/S/+/tuiz/8+M1/P/W+r/Pf9/x9fX/+v/W3aw/f9F9/7Mp//X/+v/g/5/V/3/0Z0+X/9Pi6bW/+fuf1Lc0sn+BwAAgB7k7n9y3GL/AwAAQDNy918Qt9j/AAAA0Izc/U+JWzrZ/6t7/v+xjY/PtP8v+n/9/8YH9P/6f/3/bHn+/7ie+v/zbz33MXdee7/r9vL6+n/9v+f/6/9Zran1/7n7nxq3dLL/AQAAoAe5+58Wt9j/AAAA0Izc/U+PW+x/AAAAaEbu/mfELZ3s/9X1/7N+/n/R/+v/Nz6g/9f/6/9nS/8/rqf+/0xeX/+v/9f/6/9Zran1/7n7nxm3dLL/AQAAoAe5+58Vt9j/AAAA0Izc/RfGLfY/AAAANCN3//G4pZP9r//f//7/Hv2//j+u/l//r//ff/r/cfr/JfT/+n/9v/6flZpa/5+7/6K4pZP9DwAAAD3I3f/suMX+BwAAgGbk7n9O3GL/AwAAQDNy9z83bulk/+v/Pf9f/6//1/8Pv77+f570/+P0/0vo/8+2nz9H/6//1/9zuj32/3eP/LS9kv4/d//z4pZO9j8AAAD0IHf/8+MW+x8AAACakbv/BXGL/Q8AAADNyN3/wrilk/2v/9f/6//1/2fc/2//obdB/z9M/38w9P/jJtP/rx0Z/LD+f/b9v+f/6//1/2wytef/5+5/UdzSyf4HAACAHuTuf3HcMrL/9/yb+QAAAMChyt3/krjF1/8BAABg9rI6y93/0rilk/2v/9f/6//1/57/P/z6Y/3/dae9P/3/tOj/x02m/9+B/l//P+f3r//X/7Pd1Pr/3P0vi1s62f8AAADQg9z9F8ct9j8AAAA0I3f/y+MW+x8AAACakbv/FXFLJ/t/uP8/9d/r/3dH/7/5/ev/h398rKr/z7+j/n+0/3+w5//3Sf8/7uD7/6P6/81/f/3/Pjrs9994/39s2efr/xkytf4/d/8lcUsn+x8AAAB6kLv/lXGL/Q8AAADNyN3/qrjF/gcAAIBm5O5/ddzSyf73/H/9v/5/fv2/5/+fdJjP/18ceP9/RP+/S/r/cZ7/v4T+X/+v//f8f1Zqav1/7v5L45ZO9j8AAAD04NK7Fhu7/zWLhf0PAAAAc3T6nx3Y+gdKQ+7+18Yt9j8AAAA0I3f/6+KWTva//l//r//X/+v/h19/Wv2/5//vlv5/nP5/Cf3/fvTzRxrr/y/b6fOn0P9fqP9nYjb1/zec+vhh9f+5+18ft3Sy/wEAAKAHufvfELfY/wAAANCM3P1vjFvsfwAAAGhG7v43xS2d7P997/+P7fza+n/9v/5f/6//1/+vmv5/nP5/Cf2/5/97/r/+n5U61f9v/vnwsPr/3P1vjls62f8AAADQg9z9b4lb7H8AAABoRu7+y+IW+x8AAACakbv/rXFLJ/vf8//1//p//b/+f/j19f/zpP8fp/9fQv+v/9f/6/9ZqU3P/z/NYfX/ufsvj1s62f8AAADQg9z9V8Qt9j8AAAA0I3f/2+IW+x8AAACakbv/7XFLJ/tf/7+//X9+XP+v/1/o//X/+v8D0W3/vzb0K9F2O/T/Nz/q+EM3f0T/r//X/+v/9f+swCT6/xOn/u0yd/874pZO9j8AAAD0IHf/O+MW+x8AAACakbv/XXGL/Q8AAADNyN3/7rhlj/v/Pit9VwdH/+/5//p//b/+f/j19f/z1G3/v0ue/7+E/l//r//X/7NSk+j/T/vr3P3viVt8/R8AAACakbv/vXGL/Q8AAADNyN3/vrjF/gcAAIBm5O5/f9zSyf7X/+v/9f/6f/3/8Oufaf+/vhim/z8Y+v9x+v8l9P/6f/2//p+Vmlr/n7v/yrilk/0PAAAAPcjd/4G4xf4HAACAZuTu/2DcYv8DAABAM3L3fyhu6WT/6//1//p//b/+f/j1Pf9/nvT/4/T/i8XiqpE3MNT/nziq/9f/6//1/5yhqfX/ufs/HLd0sv8BAACgB7n7r4pb7H8AAABoRu7+q+MW+x8AAACakbv/I3FLJ/tf/6//1//r//X/w6+v/58n/f84/f8Snv+v/9f/6/9Zqan1/7n7r4lbOtn/AAAA0IPc/dfGLfY/AAAANCN3/0fjFvsfAAAAmpG7/7q4pZP9r//X/+v/9f/70v8f1/9vpf8/GPvX/y/0//p//f8S+n/9v/6frQ6q/787fr5f1v/n7v9Y3NLJ/gcAAIAe5O6/Pm6x/wEAAKAZufs/HrfY/wAAANCM3P2fiFs62f/6f/2//l//7/n/w6+v/58nz/8fp/9fQv+v/9f/6/9ZqYPq/3fq/bf+de7+T8Ytnex/AAAA6EHu/hviFvsfAAAAmpG7/8a4xf4HAACAZuTu/1Tc0sn+1//r/zf3/4uF/l//r/8/6QD6//WF/n/l9P/j9P9L6P/b7P//Z9FQ/39sx8/X/zNFU+v/c/d/Om7pZP8DAABAD3L3fyZusf8BAACgGbn7Pxu32P8AAADQjNz9n4tbWtr/9+ycvs2//z+65RP1/4vF4rYLPP9f/z/y+vr/yfT/9U9V/786+v9x+v8l9P9t9v+e/6//59BMrf/P3f/5uKWl/Q8AAACdy93/hbjF/gcAAIBm5O7/Ytxi/wMAAEAzcvd/KW7pZP/Pv//f+on6/8VZPf9f/7/xAf2//l//P1tn299fvh6/pun/9f/6/8F+fm2Hf+9Z6P/1//p/Bkyt/8/d/+W4pZP9DwAAAD3I3X9T3GL/AwAAQDNy998ct9j/AAAA0Izc/V+JWzrZ//p//b/+f579/7r+X/+v/x80lef/n3feQ27R/+v/W+z/x+j/9f/6f7aaWv+fu/+rcUsn+x8AAAB6kLv/a3GL/Q8AAADNyN3/9bjF/gcAAIBm5O7/RtzSyf7f3v+fszhZqJ401P9Ho6b/P43+f/P71/8P//jw/H/9v/5//02l//f8/zN7//p//f+c3/+e+v/7b/98/T8tmlr/n7v/lrilk/0PAAAAPcjd/824xf4HAACAZuTu/1bcYv8DAABAM3L33xq3dLL/Pf9f/6//1//r/4dfX/8/T/r/cfr/JfT/Z9/P58+q+v/5Pv//f/X/rM7U+v/c/d+OWzaG3wP+/wz/ZwIAAAATkrv/O3FLJ1//BwAAgB7k7v9u3GL/AwAAQDNy938vbulk/+v/9f/6f/2//n/49fX/86T/H6f/X6Kf/n996IOH3c+frcN+/830/57/zwpNrf/P3f/9uKWT/Q8AAABtu2vj29z9P4hb7H8AAABoRu7+H8Yt9j8AAAA0I3f/bXFLJ/tf/6//b7//f4T+f8vr6//1/y3T/+ev6MP0/0v00/8POux+fu7vX/+v/2e7qfX/uftvj1s62f8AAADQg9z9P4pb7H8AAABoRu7+H8ct9j8AAAA0I3f/T+KWTva//r+v/n9t0WP/7/n/+n/9f0/m0/9fcWToo57/r//X/8/3/ev/9f9sN7X+P3f/HWtHutz/AAAAMFcPe+Cjb9/t971j49v1xU/jFvsfAAAAmpG7/2dxi/0PAAAAzcjd//O4pZP9r//vq//v8/n/+n/9v/6/J/Pp/4fp//X/+v/5vn/9v/6f7abW/+fu/0XcctrwG/w/6AEAAAAOz//t7bvn7v9l3NLJ1/8BAACgB7n7fxW3bNv/J3b5p9oBAACAqcnd/+u4pZOv/+v/J97/L/ap/4/vp/8/Sf+v/x96ff3/POn/x51l/39iTf+v/x+h/9f/6//Zamr9f+7+669ZdLn/AQAAoFGbfkfhNxvfri9+G7fY/wAAANCM3P2/i1vsfwAAAGhG7v7fxy2d7H/9/8T7/zN6/v+x+k+e/995/3/x+uDr6//1/y3T/4/z/P8l9P/6f/2//p+V2kP/vzFI97v/z93/h7ilk/0PAAAAPcjd/8e4xf4HAACAZuTu/1PcYv8DAABAM3L3/zlu6WT/6/8Pof+/5Ohisa/9/y6e/6//76P/3+H12+n/73vu8Zse/sirr9T/c8pB9v/5Y0H/r//X/5+k/9f/6//ZamrP/8/d/5e4pZP9DwAAAD3I3X9n3GL/AwAAQDNy9/81brl3/994WO8KAAAAWKXc/X+LWzr5+r/+v8Xn/8+z/89/1ofQ/x+fX/+fTXHv/b/n/+v/t/P8/3H6/yX0//p//b/+n5WaWv+fu//vcUsn+x8AAAB6kLv/H3FL7v+1Pf/WPQAAADAxufv/Gbf4+j8AAAA0I3f/XXFLJ/tf/6//n0r/nzz//9Tnef7/Sfp//f9e6P/H6f+X0P/r//X/+n9Wamr9f+7+f8Utnex/AAAA6EHu/rvjFvsfAAAAmpG7/99xi/0PAAAAzcjd/5+4pZP9r//X/+v/9f/6/+HX1//Pk/5/nP5/Cf2//l//r/9npabW/+fu/28AAAD//xDQcaQ=")
mknod$loop(&(0x7f0000000000)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xcc48, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x141042, 0xa4)
pwrite64(r0, &(0x7f0000000140)='2', 0xff10, 0x8000c61)

53.219496752s ago: executing program 2 (id=1212):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d032, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
ioctl$UFFDIO_CONTINUE(r0, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)

37.291800526s ago: executing program 35 (id=1212):
mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d032, 0xffffffffffffffff, 0x0)
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000100))
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5})
ioctl$UFFDIO_CONTINUE(r0, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}})
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)

11.42897265s ago: executing program 5 (id=1280):
syz_mount_image$exfat(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000001880)=ANY=[], 0x1, 0x153b, &(0x7f0000000340)="$eJzs3AucTlXXAPC19t5nDImnSS7D3nsdnuSyTZLkkiSXJEmSJLeEpEleSUgMIUlDEpLLkMQQksvEpHG/3y8JSdIkSUhuyf5+E37qrb73/b73/fL+vln/3+/87DXnrH3WedZznuecg/m269BaTWpXb0RE8C/BC38kAUAsAAwEgLwAEABA+bjycYAB5JSY9K/thP17PZh6pStgVxL3P3vj/mdv3P/sjfufvXH/szfuf/bG/c/euP+MZWebphW6hpfsu/x1z/+Bn///x+Hv//9HMsuM/XJNmeu6AcT8sync/+yN+///VvDPbMT9z964/9lV7JUugP0H4PM/O8jxp2u4/9kb95+x7OxKP3++0gtE/sNegyM5LzTmrzp+xhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGPsL3DaX6YA4NL4StfFGGOMMcYYY4yxfx+f40pXwBhjjDHGGGOMsf97CAIkKAggBnJALOSEXCAA4GrIA3khAtdAHFwL+eA6yA8FoCAUgngoDEVAgwELBCEUhWIQheuhONwAJaAklILS4KAMJMCNUBZugnJwM5SHW6AC3AoVoRJUhipwG1SF26Ea3AHV4U6oATWhFtSGu6AO3A114R6oB/dCfbgPGsD90BAegEbwIDSGh6AJPAxN4RFoBs2hBbSEVv+r/OehJ7wAvaA3JEEf6AsvQj/oDwPgJRgIL8MgeAUGw6uQDENgKLwGw+B1GA5vwAgYCaPgTRgNb8EYGAvjYDykwASYCG/DJHgHJsO7MAWmQipMg+nwHsyAmTAL3ofZ8AHMgbkwD+ZDGnwIC2AhpMNHsAg+hgxYDEtgKSyD5bACVsIqWA1rYC2sg/WwATbCJtgMW2ArbIPtsAM+gZ3wKeyC3bAHPoO98Pmv8gGSfunnf5d/6u/yuyEgoECBChXGYAzGYizmwlyYG3NjHsyDEYxgHMZhPsyH+TE/FsSCGI/xWASLoEGDhIRFsShGMYrFsTiWwBJYCkuhQ4cJmIBl8SYsh+WwPJbHClgBK2IlrIRVsApWxapYDathdayONbAG1sJaeBfehX2wLtbFelgP62P9S4+nsBE2wsbYGJtgE2yKTbEZNsMW2AJbYStsja2xDbbBdtgO22N77IAdMBETsSN2xE7YCTtjZ+yCXbArdsVu2B27Zz6fA/AFfAF7Yw3RB/tiX+yHyTkG4Ev4Er6Mg/AVfAVfxWQcgkPxNXwNX8fheBJH4EgchaOwqngLx+BYJDEeUzAFJ+JEnISTMKvQd3EqpuI0nI7TcQbOxJn4Ps7GD/ADnItzcT6mYRouwIWYjum4CE9hBi7GJbgUl+FyXIYrcRWuxDW4FtfgelyPG3EjbsbNuBW34nbcjp+gAsBPcTfuxmTci3txH+7D/bgfD+ABzMRMPIgH8RAewsN4GI/gETyKx/A4HsMTeAJP4ik8jafxLJ7Fc/hs/NeNPym5OhlEFiWUiBExIlbEilwil8gtcos8Io+IiIiIE3Ein8gn8ov8oqAoKOJFvCgiiggjjCARxgCAiIqoKC6KixKihCglSgknnEgQCaKsKCvKiXKivLhFVBC3ioqikmjrqogqoqpo56qJO0R1UV3UEDVFLVFb1BZ1RB1RV9QV9UQ9UV/UFw3E/aKh6IMD8EGR1ZkmYgg2FUOxmWgu5MVPsNZiOLYRbUU78bgYiSOwg2jtEsVToqMYg53E38RYfEZ0EeOxq3hOdBPdRQ/xvOgp2rheoreYjH1EXzEV+4n+YoB4SczAmuJ9nJ2zlnhVJIshYqh4TczH18Vw8YYYIUaKUeJNMVq8JcaIsWKcGC9SxAQxUbwtJol3xGTxrpgipopUMU1MF++JGWKmmCXeF7PFB2KOmCvmifkiTXwoFoiFIl18JBaJj0WGWCyWiKVimVguVoiVYpVYLdaItWKdWC82iI1ik9gstoitYpvYLnaIT8RO8anYJXaLPeIzsVd8LvaJL8R+8aU4IL4SmeJrcVB8Iw6Jb8Vh8Z04Ir4XR8UxcVz8IE6IH8VJcUqcFmfEWfGTOCd+FueFFyBRCimlkoGMkTlkrMwpc8mrZG4ZXHx1r5Fx8lqZT14n88sCsqAsJONlYVlEammklSRDWVQWk1F5vSwub5AlZElZSpaWTpaRCfJGWVbeJMvJm2V5eYusIG+VFWUlWVlWkbfJqvJ2CZEL+6gha8pasra8SybB3bKuvEfWk/fK+vI+2UDeLxvKB2Qj+aBsLB+STeTDsql8RDaTzWUL2VK2ko/K1vIx2Ua2le3k47K9fEJ2kE/KRPmU7Cj9xbfIM7KLfFZ2lc/JbrK77CF/luell71kbwl9QPaVL8p+sr8cEAsA8mU5SL4iB8tXZbIcIofK1+Qw+bocLt+QI+RIOUq+KUfLt+QYOVaOk+NlipwgJ8q35ST5jpws35VT5FSZKqfJAXLgLzPNkvIf5r/9B/mDf9n7RrlJbpZb5Fa5TW6XO+QncqfcKXfJXXKP3CP3yr1yn9wn98v98oA8IDNlpjwoD8pD8pA8LA/LI/KIPCqPyTPyB3lC/ihPylPylDwjz8qz8tzF1wAUKqGkUipQMSqHilU5VS51lcqtrlZ5VF4VUdeoOHWtyqeuU/lVAVVQFVLxqrAqorQyyipSoSqqiqmouh4vvmFUKVVaOVVGJagb/yf5qri6QZVQJX+Tf6m+pD+pr5VqpVqr1qqNaqPaqXaqvWqvOqgOKlElqo6qo+qkOqnOqrPqorqorqqr6qa6qR6qh+qpeqpeqpdKUkmqr3pR9VP91QD1khqoXlaD1CA1WA1WySpZDVVD1TA1TA1Xw9UINUKNUqPUaDVajVFj1Dg1TqWoFDVRTVST1CQ1WU1WU9QUlapS1XQ1Xc1QM9QsNUvNVrPVHDVHzVPzVJpKUwvUApWu0tUitUhlqMVqsVqqlqrlarlaqVaq1Wq1WqvWqvVqvcpQm9QmtUVtUdvUNrVD7VA71U61S+1Se9QetVftVfvUPrVf7VcH1AGVqTLVQXVQHVKH1GF1WB1RR9RRdVQdV8fVCXVCnVQn1Wl1Wp1VZ9U5dU6dV+ezLvsCEYhABSqICWKC2CA2yBXkCnIHuYM8QZ4gEkSCuCAuyBdcF+QPCgQFg0JBfFA4KBLowAQ2EBebHg2uD4oHNwQlgpJBqaB04IIyQUJwY1A2uCkoF9wclA9uCSoEtwYVg0pB5aBKcFtQNbg9qBbcEVQP7gxqBDWDWkHt4K6gTnB3UDe4J6gX3BvUD+4LGgT3Bw2DB4JGwYNB4+ChoEnwcNA0eCRoFjQPWgQtg1b/4vxZp/zl+b0/WeAx10v31km6j+6rX9T9dH89QL+kB+qX9SD9ih6sX9XJeogeql/Tw/Trerh+Q4/QI/Uo/aYerd/SY/RYPU6P1yl6gp6o39aT9Dt6sn5XT9FTdaqepqfr9/QMPVPP0u/r2foDPUfP1fP0fJ2mP9QL9EKdrj/Si/THOkMv1kv0Ur1ML9cr9Eq9Sq/Wa/RavU6v1xv0Rr1Jb9Zb9Fa9TW/XO/Qneqf+VO/Su/Ue/Zneqz/X+/QXer/+Uh/QX+lM/bU+qL/Rh/S3+rD+Th/R3+uj+pg+rn/QJ/SP+qQ+pU/rM/qs/kmf0z/r89pnXdxnfb0bZZSJMTEm1sSaXCaXyW1ymzwmj4mYiIkzcSafyWfym/ymoClo4k28KWKKmCxkyBQ1RU3URE1xU9yUMCVMKVPKOONMgkkwZU1ZU86UM+VNeVPBVDAVTUVT2VQ2t5nbzO3mdnOHucPcae40NU1NU9vUNnVMHVPX1DX1TD1T39Q3DUwD09A0NI1MI9PYNDZNTBPT1DQ1zUwz08K0MK1MK9PatDZtTBvTzrQz7U1708F0MIkm0XQ0HU0n08l0Np1NF9PFdDVdTTfTzfQwPUxP09P0Mr1MkkkyfU1f08/0MwPMADPQDDSDzCAz2Aw2ySbZDDVDzTAzzAw3w80IM9KMyrpQNW+ZMWasGWfGmxSTYiaaiWaSmWQmm8lmipliUk2qmW6mmxlmhpllZpnZZraZY+aYeWaeSTNpZoFZYNJNullkFpkMk2GWmCVmmVlmVpgVZpVZZdaYNWYdrDMbzAazyWwyW8wWs81sMzvMDrPT7DS7zC6zx+wxe81es8/sM/vNfnPAHDCZJtMcNAfNIXPIHDaHzRFzxBw1R81xc9ycMCfMSXPSnDanzVlT4OL3pTexNqfNZa+yue3VNo/Na/8+LmgL2Xhb2Bax2ua3BX4TG2ttCVvSlrKlrbNlbIK98XdxRVvJVrZV7G22qr3dVvtdXMfebevae2w9e6+tbe/6TVzf3mcb2IdtQ0QA29w2ti1tE/uwbWofsc1sc9vCtrTt7RO2g33SJtqnbEf79O/iBXahXWVX2zV2rd1ld9vT9ow9ZL+1Z+1PtpftbQfal+0g+4odbF+1yXbI7+JR9k072r5lx9ixdpwd/7t4ip1qU+00O92+Z2fYmb+L0+yHdrZNt3PsXDvPzv8lzqop3X5kF9mPbYYNYIldapfZ5XaFXXmpVp/Xrrcb7Ea7035qt9itdpvdbndcuhC2u+0e+5ndaz+3B+03dr/90h6wh22m/fqXOOv4Dtvv7BH7vT1qj9nj9gd7wv6oLmVnHfsP9md73noLhAQkSVFAMZSDYikn5aKrKDddTXkoL0XoGoqjaykfXUf5qQAVpEIUT4WpCGkyZIkopKJUjKJ0PV0qrxSVJkdlKIFupLJ0E5Wjm6k83UIV6FaqSJWoMlWh26gq3U7V6A6qTndSDapJtag23UV16G6qS/dQPbqX6tN91IDup4b0ADWiB6kxPURN6GFqSo9QM2pOLagltaJHqTU9Rm2oLbWjx6k9PUEd6ElKpKeoIz1Nnehv1JmeoS70LHWl56gbdace9Dz1pBeoF/WmJOpDfelF6kf9aQC9RAPpZRpEr9BgepWSaQgNpddoGL1Ow+kNGkEjaRS9SaPpLRpDY2kcjacUmkAT6W2aRO/QZHqXptBUSqVpNJ3eoxk0k2bR+zSbPqA5NJfm0XxKow9pAS2kdPqIFtHHlEGLaQktpWW0nFbQSlpFq2kNraV1tJ420EbaRJtpC22lbbSddtAntJM+pV20m/bQZ7SXPqd99AXtpy/pAH1FmfQ1HaRv6BB9S4fpO9+bvqejdIyO0w90gn6kk3SKTtMZOks/0Tn6mc6TJwgxFKEMVRiEMWGOMDbMGeYKrwpzh1eHecK8YSS8JowLrw3zhdeF+cMCYcGwUBgfFg6LhDo0oQ0pDMOiYbEwGl4fFg9vCEuEJcNSYenQhWXChPDGsGx4U1guvDksH94SVghvDSuGlcKH760S3hZWDW8Pq4V3hNXDO8MaYc2wVlg7vCusE94d1g3vCeuF94blwvvCBuH9YcPwgbBR+GDYOHwobBI+HDYNHwmbhc3DFmHLsFX4aNg6fCxsE7YN24WPh+3DJ8IO4ZNhYvhU2DF8+pf19y388/VJYZ+wb/hi+GLo/T1yXnR+NC36YXRBdGE0PfpRdFH042hGdHF0SXRpdFl0eXRFdGV0VXR1dE10bXRddH10Q3Rj1PvaOcChE0465QIX43K4WJfT5XJXudzuapfH5XURd42Lc9e6fO46l98VcAVdIRfvCrsiTjvjrCMXuqKumIu6611xd4Mr4Uq6Uq60c66MS3AtXSvXyrV2j7k2rq1r5x53j7sn3BPuSfeke8p1dE+7Tu5vrrN7xnVxz7pn3XOum+vuerjnXU83Ic+FczLJ9XV9XT/Xzw1wA9xAN9ANcoPcYDfYJbtkN9QNdcPcMDfcDXcj3Ag3yo1yo91oN8aNcePcOJfiUtxEN9FNcpPcZDfZTXFTXKpLddPddDfDzXBVZ17Yyxw3x81z81yaS3MLXNY1Y7pb5Ba5DJfhlrglbplb5la4FW6VW+XWuDVunVvnNrgNbpPb5La4LW6b2+Z2uB1up9vpdvm8FyZ1e90+t8/td/vdAfeVy3Rfu4PuG3fIfesOu+/cEfe9O+qOuePuB3fC/ehOulPutDvjzrqf3Dn3szvvvEuJTIhMjLwdmRR5JzI58m5kSmRqJDUyLTI98l5kRmRmZFbk/cjsyAeROZG5kXmR+ZG0yIeRBZGFkfTIR5FFkY8jGZHFkSWRpZFlkeUR7wtvCX1RX8xH/fW+uL/Bl/AlfSlf2jtfxif4G31Zf5Mv52/25f0tvoK/1Vf0lXxl/4hv5pv7Fr6lb+Uf9a39Y76Nb+vb+cd9e/+E7+Cf9In+Kd/RP+07+b/5zv4Z38U/67v653w339338M/7nv4F38v39km+j+/rX/T9fH8/wL/kB/qX/SD/ih/sX/XJfogf6l/zw/zrfrh/w4/wI/2omDf96Eu3yDDep/gJfqJ/20/y7/jJ/l0/xU/1qX6an+7f8zP8TD/Lv+9n+w/8HD/Xz/PzfZr/0C/wC326/8gv8h/7DL/40kNlv8Kv9Kv8ar/Gr/Xr/Hq/wW/0m/xmv8Vv9dv8dr/Df+J3+k/9Lr/b7/Gf+b3+c7/Pf+H3+y/9Af+Vz/Rf+4P+G3/If+sP++/8Ef+9P+qP+eP+B3/C/+hP+lP+tD/jz/qf/Dn/sz/P/2eNMcYYY+yfMuHyUPx2zYXH+X3+IEf8auO+AHD11kKZv16fdUW5Lv+FcX8R3z4CAE/17vrgpaVGjaSkpIvbZkgIis0FuPQ3QVli4HK8GNrBE5AIbaHsH9bfX3Q/S/9g/ugtALl+lRMLl+PL838BgEl/MP+jj49aUCE8HfffzD8XoESxyzk54XK8GNr98nylLZT7k/oLtP6T+vHi/Dm/TAFo86uc3HA5vlx/AjwGT0Pib7ZkjDHGGGOMMcYu6C8qd750/3npX3z+0f15vLqckwMux//o/pwxxhhjjDHGGGNX3jPdezz5aGJi287/80G1/1XWPz1oCv9XM/PgDwfeA1z6iQKAf3FCgKyB/CuPYvNfsq/ki6fO369adsYH8J/Ryn/H4Ap/MDHGGGOMMcb+7S5f9P/25+pKFcQYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjGVDf8WvE7vSx8gYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4xdaf8VAAD//3aq+3A=")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuset.effective_mems\x00', 0x275a, 0x0)
mount$nfs(&(0x7f0000000100)='...', 0x0, 0x0, 0x40000, 0x0)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x24)
rename(&(0x7f0000000040)='./file1\x00', &(0x7f0000000100)='./file0/file0\x00')

10.129230858s ago: executing program 4 (id=1283):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000180), 0x28c03, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000400)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000840)={0x28, 0x2, r1, 0x0, &(0x7f0000007000/0x3000)=nil, 0x3000, 0x7fffffffffffffff})
ioctl$IOMMU_OPTION$IOMMU_OPTION_HUGE_PAGES(r0, 0x3b87, &(0x7f0000000080)={0x18, 0x1, 0x0, 0x0, r1})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000000)={0x28, 0x4, r1, 0x0, &(0x7f00004f9000/0x3000)=nil, 0x3000})
ioctl$IOMMU_IOAS_COPY(r0, 0x3b83, &(0x7f0000000440)={0x28, 0x5, r1, r1, 0x1000, 0xfffffff7fffffffe, 0x3ffe})

9.933910485s ago: executing program 1 (id=1284):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000000300))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
fcntl$setstatus(0xffffffffffffffff, 0x4, 0x42800)
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl$HCIINQUIRY(r1, 0x400448e1, &(0x7f0000000240)={0x1, 0xfffe, "be4108"})

9.283764967s ago: executing program 4 (id=1285):
prlimit64(0x0, 0xe, &(0x7f00000007c0)={0xb, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="6e6f646973636172642c6261636b67726f756e645f67633d73796e632c6261636b67726f756e645f67633d6f6e2c6e6f757365725f78617474722c6e6f71756f74612c64697361626c655f726f6c6c5f666f72776172642c67635f6d657267652c6e6f757365725f78617474722c636865636b706f696e743d64697361626c652c757365725f78617474722c6673796e635f6d6f64653d7374726963742c646973636172645f756e69743d73656374696f6e2c636865636b706f696e743d64697361626c652c6e6f696e6c696e655f64656e7472792c00ec6da92d1c80a6c720380e3c2c55bf27596d2776ce408c4bb19b149757508e1c7e919c6c2047023baa412d14fa75c8cac6e5f103e13ea52708af0a7c5da8af4ecb6612"], 0x2, 0x5505, &(0x7f0000002480)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYoIAfSQhqgBnJLCRFEeBwCEYdIHttK9H2SMxnL/HiD4DAz0gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAF26r9aL26vf121zdvt28owGAAAAuGRbrRf1P7PU/9rc/97c+tn0i4goI+LS3H0Un84yR01O9fL8zenz1asa7iLqhMN7TJrrS0T8aa7HH11/CgAAAPBxbZareZqtpz+zoQuiT2nRpvz2N1NeERHV7CFTWnnI+5UprP5+j+N/prR6AWuaKSwtuY1zpb1J/XM/rtpNT5oiNeXFlx2LzDZ2AACgR6Ozpt9ZCAAAAH36N3QBDKOI563M41bgJDXN9t7nsx4AAADwDhVDFwAAAAB0rp7/93T+3975fwAAADCMdP4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXdpW68VmuZq3zdnt28kzGgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHhif95RIATCIAz2ru9M5v6HlQZNTU2qQPj4G4MBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIA3v/vL/4mpcSaZe20sPY8ka6fG1qmxd24c/WF8/RoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIv9eUmBEAiCKJgz/nfS9z+sJOgZRIiAhkcVtWgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4It+98v/ialxJpk7bSwdjyRrV42tq8beg8bRg/H2bwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgIud+3mNo4oDAP5mZmdrq+IaZQ8RUfCgF7vd1tbexIMSPPgnCCHd1titP9ocbCliLt4k515EjyKCEm/9H3JOIJd4y2EPETwrMzuTnfwA118zm+TzgTfvu8Mw7/tmIeQ77yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACURm9P4iQ7dMZxXJzb3Hu4lPVbh/rM47Xt+axlcVRn0ifDi9UPUbe5RAAAADg7krK+DyHspOsLWR938vo/La/Jav5vnx7HZT1/uO4v+7L2z9ovP+8+vz9QZzxOdtOby8PBpaOptP6/Wc62Z/7yilb+5PN3L0n+hcTvrT43SvPnGX29sfFOOw/P1ZEtAPBPXCz7Iih/H8r6fpOJAXBmtCqFd1n/J51mcwIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACow2g1PFnGUQhhvjWJM1t7D5eO6x+vbc+X7dqjR2vhy8k9s1ukIYSby8PBpVpnM9vu3X9we3E4HNytP3gphNDU6G8V07/9wRQXh9DI8xH8R0FcfNmzks/JCBr8oQQAwKmUFi2r63fS9YXsXDQXwh/fHaz/X63EYcr6f/fDa5vVsar1f7+2Gc6+3sqdT3v37j94ffnO4q3BrcHHb1zuv9m/cv3q1eu9/F1JzxsTAAAA/p120ar1fzx3dP3/QiUOU9b/n33T/6I6VqL+P9Zk0a/pTAAAAM62Z1/+/bfomPNRux0+X1xZudsfH/c/Xx4fG0j1bztXtGr9n8w1nRUAAABQh9FqdGD9/0YlDlOu/z/1/Qs/Vu+ZhBDOF+v/F5c+Gd6obzozrY4/J256jgAAADTrfNGq6/9pvv8/3t/yEIcQXntlHBf/BnCq+j9596sfqmNV9/9fqW+KMynujp9H3ndDaHWbzggAAIDT7ImiZcX+r+n6wkc/XXi/bf8/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQN3+DAAA//962D6S")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x183341, 0x0)
ioctl$FS_IOC_RESVSP(r0, 0x40305828, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000000})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x26e1, 0x0)

9.20317002s ago: executing program 5 (id=1286):
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=ANY=[@ANYBLOB="0207e80702"], 0x10}}, 0x40044)
sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000002c0)=@migrate={0xa0, 0x21, 0x1, 0x70bd2d, 0x25dfdbfe, {{@in=@multicast1, @in=@rand_addr=0x64010100, 0x4e22, 0x8001, 0x7, 0x0, 0xa, 0x80, 0x80, 0x3b}, 0x6e6bb3, 0x1}, [@migrate={0x50, 0x11, [{@in6=@empty, @in=@loopback, @in=@multicast1, @in6=@private0, 0x2b, 0x3, 0x0, 0x34ff, 0x2, 0xa}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x400c000}, 0x20000000)
r1 = socket$inet6(0xa, 0x3, 0x84)
setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000280)={{{@in=@empty, @in6=@dev={0xfe, 0x80, '\x00', 0x18}, 0x0, 0x56, 0x2, 0x0, 0x2}, {0x0, 0x0, 0x0, 0x2, 0xfffffffffffffff6, 0x2000000, 0x1}, {0x1ff, 0x0, 0x4, 0xffffffffffffffff}, 0x1, 0x0, 0x1, 0x0, 0x1}, {{@in=@empty, 0x0, 0x2b}, 0xa, @in=@loopback, 0x3507, 0x4, 0x0, 0x0, 0xffffffff, 0x6, 0x4}}, 0xe8)
connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xff}}}, 0x1c)

8.950808039s ago: executing program 1 (id=1287):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_CAP_HYPERV_SYNIC2(r2, 0x4068aea3, &(0x7f0000000140))
ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000040)={0x1, 0x0, [{0x40000092, 0x0, 0x5}]})

6.239567763s ago: executing program 1 (id=1288):
r0 = socket$packet(0x11, 0x3, 0x300)
sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="380036a38b3b010800000000000000000500000414000780080011400000005205001500dd000000050001000600000005000500"], 0x38}}, 0x0)
sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="840000000002010400000000000000000a00000004000180300003802c00018014000300fc00000000000000000000100000000014004400fe800000001f610000000000000000bb3c0002800c00028005000100000000002c00018014000300fc02000000000000000000000000000014"], 0x84}}, 0x0)
r1 = socket(0x10, 0x803, 0x0)
getsockname$packet(r0, &(0x7f0000000300)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="a000000010003b0e2a1a86eb2636037f00000000", @ANYRES32=r2, @ANYBLOB="0200000000008000800012000800010076746936740002"], 0xa0}}, 0x0)

4.926366674s ago: executing program 4 (id=1289):
prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0)
r0 = mq_open(&(0x7f0000000040)='!\x7f\x00\xca\x00\x00\x00\f\x00\x00\x01E!Tnux\x00', 0x6e93ebbbcc0884f2, 0x0, &(0x7f0000000000)={0x0, 0x9, 0xa, 0x3})
mq_timedreceive(r0, 0x0, 0xfffffffffffffee3, 0x1, 0x0)
mq_timedreceive(r0, &(0x7f0000000180)=""/196, 0xc4, 0x0, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
mq_timedreceive(r0, &(0x7f0000000640)=""/155, 0x9b, 0x1000, 0x0)

3.342001266s ago: executing program 5 (id=1290):
r0 = socket(0xa, 0x3, 0x87)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'lo\x00', <r2=>0x0})
ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000000)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x18, r2})
ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000480)={@local, 0x18, r2})
ioctl$sock_inet6_tcp_SIOCINQ(r0, 0x8936, &(0x7f0000000000))

2.76975132s ago: executing program 1 (id=1291):
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x8000)
syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000fd9e1a40f30c74933bbc0000000109021b000104000000090400004fd4695e00090532825b"], 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff})
syz_emit_ethernet(0x4a, &(0x7f00000004c0)={@local, @random="6cf6566994c6", @val={@void, {0x8100, 0x0, 0x0, 0x1}}, {@ipv4={0x800, @tcp={{0x9, 0x4, 0x0, 0x2d, 0x38, 0x0, 0x0, 0xa3, 0x6, 0x0, @remote, @local, {[@rr={0x7, 0xf, 0x9, [@multicast2, @loopback, @empty]}]}}, {{0x4e22, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000080)={&(0x7f0000000000)=@rxrpc=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e20, @remote}}, 0x80, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

1.788284048s ago: executing program 5 (id=1292):
r0 = fsopen(&(0x7f00000014c0)='proc\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x0, 0x2)
fchdir(r1)
capset(&(0x7f0000000380)={0x20080522}, &(0x7f0000000040)={0x200000, 0x40200003, 0x0, 0x6, 0x7})
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='net_prio.prioidx\x00', 0x275a, 0x0)

1.626900825s ago: executing program 4 (id=1293):
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
r0 = socket(0x10, 0x803, 0x0)
write(r0, &(0x7f0000000340)="2600000022004701050007108980e8ff06006d20002b1ffec0e90101c7bb0000b00000000000", 0x26)
setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000d9bffc), 0x4)
sendto(r0, &(0x7f0000000380)="120000001200e7ef007b00000000000000a1", 0x12, 0x20000090, 0x0, 0x0)
recvmmsg(r0, 0x0, 0x0, 0x40000000, 0x0)

1.065061089s ago: executing program 5 (id=1294):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080))
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_mgmt(&(0x7f0000000040), r0)
sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000000000000000040000001400050003030000000a0000005dc00006000000080002000500000014000600ff01000a00f2f3f31f000a0000000001060001"], 0x4c}, 0x1, 0x0, 0x0, 0x8004}, 0x4040000)
getsockopt$inet_sctp_SCTP_FRAGMENT_INTERLEAVE(0xffffffffffffffff, 0x84, 0x12, 0x0, &(0x7f0000000180))
sendmsg$NLBL_MGMT_C_ADDDEF(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[], 0x4c}, 0x1, 0x0, 0x0, 0x24008000}, 0x4040000)

847.709753ms ago: executing program 4 (id=1295):
r0 = fsopen(&(0x7f0000000140)='erofs\x00', 0x1)
r1 = creat(&(0x7f0000000100)='./file0\x00', 0x0)
close(r1)
socket$inet_udp(0x2, 0x2, 0x0)
mount$9p_fd(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f00000000c0), 0x1000000, &(0x7f0000000180)={'trans=fd,', {'rfdno', 0x3d, r1}, 0x2c, {'wfdno', 0x3d, r0}})
ioctl$BTRFS_IOC_GET_FEATURES(r0, 0x80189439, 0x0)

486.369846ms ago: executing program 1 (id=1296):
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x35, 0x4, 0x2}, 0x50)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r2}, &(0x7f0000000040), &(0x7f0000000140)=r1}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000003c0)={{r2, <r3=>0xffffffffffffffff}, &(0x7f0000000080), &(0x7f0000000380)=r0}, 0x20)
bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000300)={r3, &(0x7f00000001c0), &(0x7f0000000400)=""/198}, 0x20)

87.375818ms ago: executing program 1 (id=1297):
r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000280), 0x80a00, 0x0)
ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000080)={0x1, "0600000000000000c64c3b6e6ff82a75e5318fca4288c2ffbdbec772020acd2c", <r1=>0xffffffffffffffff})
ioctl$SYNC_IOC_MERGE(r1, 0xc0303e03, &(0x7f00000000c0)={"e50d1af80100007ea25edd00ff000000080000f6907ff16b7e00", r1})
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x2, 0x3, 0x80000000, 0x20000006, 0x4d, 0x6, 0x5d, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x5, 0x4, 0x0, 0x7, 0x3c5b, 0x1, 0x24, 0xd, 0x7, 0x0, 0xffffffff, 0xe661, 0x4, 0x7, 0x3, 0x8, 0x4c74, 0x80000000, 0x242, 0x3, 0xe, 0x0, 0x80008071, 0x7, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x8c, 0x6, 0xffff, 0x0, 0x5, 0x4, 0x8008, 0x400, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x2008004, 0x5, 0xfffffff3, 0x129432e6, 0xc8, 0xf9, 0xe, 0x2c0, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f2e, 0xd, 0x4e2, 0x2, 0x4, 0xb, 0x4, 0x9, 0x8, 0x9, 0x6, 0x47, 0x8000, 0x1, 0xfe000000, 0xffff, 0x2, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0x81, 0x48c93690, 0x42, 0x3], [0x7, 0x408, 0x7, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0xac8, 0xca, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0x0, 0x5, 0x1c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x3c484551], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x93a, 0x5, 0x6, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x101, 0x10000, 0x2000004, 0x7fff, 0xffff, 0xa620, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x16, 0xffffffff, 0x80000000, 0x5, 0x4, 0xc8, 0xfffffff9, 0xfffff000, 0x10000, 0x0, 0x7e, 0x100, 0x9602, 0x7, 0xaf, 0x5, 0x6, 0x226, 0x5, 0x5, 0x8, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1e, 0xd7, 0x200, 0xffff3441, 0xfff]}, 0x45c)
ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0)
dup3(r1, r0, 0x0)

8.630359ms ago: executing program 5 (id=1298):
r0 = creat(&(0x7f00000002c0)='./file0\x00', 0x0)
r1 = open$dir(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
mmap$xdp(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x0, 0x12, r1, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000300000000000000fe020010850000000700000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
write$P9_RVERSION(r0, &(0x7f0000000400)=ANY=[@ANYBLOB="fbd63449514be8"], 0x13)
bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000003c0)={r2, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000280)='./file0\x00', &(0x7f0000000300)=[0x5], 0x0, 0x0, 0x1}}, 0x40)

0s ago: executing program 4 (id=1299):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x8480, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000400)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000840)={0x28, 0x2, r1, 0x0, &(0x7f0000007000/0x3000)=nil, 0x3000, 0x7fffffffffffffff})
ioctl$IOMMU_OPTION$IOMMU_OPTION_HUGE_PAGES(r0, 0x3b87, &(0x7f0000000080)={0x18, 0x1, 0x0, 0x0, r1})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000000)={0x28, 0x4, r1, 0x0, &(0x7f00004f9000/0x3000)=nil, 0x3000})
ioctl$IOMMU_IOAS_COPY(r0, 0x3b83, &(0x7f0000000040)={0x28, 0x4, r1, r1, 0xffe, 0x621, 0x3ffe})

kernel console output (not intermixed with test programs):

TerraTec NOXON DAB Stick' in warm state
[  390.120236][ T6433] XFS (loop5): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  390.355131][   T24] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32
[  390.452629][   T24] usb 5-1: USB disconnect, device number 2
[  390.991288][ T7310] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  391.123928][ T7310] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  391.243744][ T7310] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  391.354118][ T7310] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  391.475183][ T7471] vxcan0: tx address claim with different name
[  392.748913][ T7488] loop1: detected capacity change from 0 to 512
[  392.957425][ T7310] 8021q: adding VLAN 0 to HW filter on device bond0
[  393.207646][ T7310] 8021q: adding VLAN 0 to HW filter on device team0
[  393.374753][ T1129] bridge0: port 1(bridge_slave_0) entered blocking state
[  393.382275][ T1129] bridge0: port 1(bridge_slave_0) entered forwarding state
[  393.523137][ T7488] EXT4-fs (loop1): orphan cleanup on readonly fs
[  393.575852][ T1038] bridge0: port 2(bridge_slave_1) entered blocking state
[  393.583596][ T1038] bridge0: port 2(bridge_slave_1) entered forwarding state
[  393.716867][ T7488] EXT4-fs warning (device loop1): ext4_xattr_inode_get:546: inode #11: comm syz.1.451: ea_inode file size=4 entry size=6
[  393.811836][ T7488] EXT4-fs warning (device loop1): ext4_expand_extra_isize_ea:2858: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  393.850768][ T7488] EXT4-fs error (device loop1): ext4_do_update_inode:5617: inode #15: comm syz.1.451: corrupted inode contents
[  393.923803][ T7488] EXT4-fs (loop1): Remounting filesystem read-only
[  393.982044][ T7488] EXT4-fs warning (device loop1): ext4_evict_inode:273: xattr delete (err -30)
[  394.041081][ T7488] EXT4-fs (loop1): 1 orphan inode deleted
[  394.072567][ T7488] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  394.279374][    C1] vcan0: j1939_tp_rxtimer: 0xffff888051765a00: rx timeout, send abort
[  394.289517][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff888051765a00: 0x00000: (3) A timeout occurred and this is the connection abort to close the session.
[  395.194584][ T7507] loop5: detected capacity change from 0 to 1024
[  395.323984][ T7507] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  395.342765][ T7507] ext4 filesystem being mounted at /43/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  395.404959][ T7515] netlink: 'syz.2.458': attribute type 29 has an invalid length.
[  395.419115][ T7515] netlink: 'syz.2.458': attribute type 29 has an invalid length.
[  395.477540][ T7517] netlink: 500 bytes leftover after parsing attributes in process `syz.2.458'.
[  395.487636][ T7517] unsupported nla_type 58
[  395.734021][ T6433] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  395.965779][ T5790] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  396.458250][ T7310] 8021q: adding VLAN 0 to HW filter on device batadv0
[  396.583773][ T7532] mac80211_hwsim hwsim5 wlan1: (WE) : Wireless Event (cmd=0x8B1A) too big (33)
[  397.188559][ T7542] netlink: 16 bytes leftover after parsing attributes in process `syz.1.465'.
[  397.578647][    C1] IPv4: Oversized IP packet from 172.20.20.24
[  397.850132][ T7554] netlink: 4 bytes leftover after parsing attributes in process `syz.5.468'.
[  398.511627][ T7567] netlink: 'syz.1.471': attribute type 5 has an invalid length.
[  399.147744][ T7577] Bluetooth: MGMT ver 1.23
[  399.174049][ T7577] Bluetooth: hci0: service_discovery: expected 4 bytes, got 7 bytes
[  399.384760][ T7310] veth0_vlan: entered promiscuous mode
[  399.512406][ T7310] veth1_vlan: entered promiscuous mode
[  399.877045][ T7310] veth0_macvtap: entered promiscuous mode
[  399.995816][ T7310] veth1_macvtap: entered promiscuous mode
[  400.149506][ T7310] batman_adv: batadv0: Interface activated: batadv_slave_0
[  400.187834][ T7588] loop1: detected capacity change from 0 to 256
[  400.267330][ T7310] batman_adv: batadv0: Interface activated: batadv_slave_1
[  400.302200][ T7588] exFAT-fs (loop1): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x89cb6648, utbl_chksum : 0xe619d30d)
[  400.440415][ T6021] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  400.449463][ T6021] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  400.461432][   T12] wlan1: Trigger new scan to find an IBSS to join
[  400.582945][ T5986] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  400.599548][ T7588] exFAT-fs (loop1): error, invalid access to FAT (entry 0xffffffff)
[  400.608369][ T7588] exFAT-fs (loop1): Filesystem has been set read-only
[  400.620685][ T5986] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  400.776307][ T7597] exFAT-fs (loop1): error, invalid access to FAT (entry 0xffffffff)
[  401.782168][ T7608] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2
[  402.279303][ T7612] loop2: detected capacity change from 0 to 1024
[  402.322649][ T7612] EXT4-fs: Ignoring removed mblk_io_submit option
[  402.558262][ T7612] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  402.777384][ T7621] netlink: 24 bytes leftover after parsing attributes in process `syz.1.488'.
[  402.862569][ T7621] netlink: 48 bytes leftover after parsing attributes in process `syz.1.488'.
[  402.979528][ T7624] loop5: detected capacity change from 0 to 2048
[  403.151085][ T7624] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  403.184598][ T5780] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  403.502209][ T6012] wlan1: Trigger new scan to find an IBSS to join
[  403.719222][ T7634] netlink: 40 bytes leftover after parsing attributes in process `syz.2.490'.
[  404.295193][ T7641] use of bytesused == 0 is deprecated and will be removed in the future,
[  404.304412][ T7641] use the actual size instead.
[  404.507570][ T7642] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  404.515130][ T7642] IPv6: NLM_F_CREATE should be set when creating new route
[  404.567119][ T3545] wlan1: Creating new IBSS network, BSSID b2:87:f4:9b:43:bf
[  404.752627][ T7649] veth1_to_bond: entered allmulticast mode
[  404.806897][ T7649] veth1_to_bond: left allmulticast mode
[  405.238678][ T7652] loop2: detected capacity change from 0 to 256
[  405.470860][ T7652] exFAT-fs (loop2): failed to load upcase table (idx : 0x0000fd4f, chksum : 0x3963664b, utbl_chksum : 0xe619d30d)
[  405.605338][ T7652] exFAT-fs (loop2): valid_size(150994954) is greater than size(10)
[  405.683379][ T7652] exFAT-fs (loop2): failed to test cluster bit(11)
[  406.177484][ T7663] loop5: detected capacity change from 0 to 1024
[  406.261090][ T7663] EXT4-fs: inline encryption not supported
[  406.410622][ T7663] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  406.894182][ T6433] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  407.284283][ T7676] loop4: detected capacity change from 0 to 4096
[  407.306809][ T7676] EXT4-fs: Ignoring removed nomblk_io_submit option
[  407.366206][ T7676] EXT4-fs (loop4): Test dummy encryption mode enabled
[  407.417173][ T7676] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  407.451105][ T7676] System zones: 0-5
[  407.517236][ T1129] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  407.530568][ T1129] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  407.549593][ T7676] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  407.722769][   T30] audit: type=1800 audit(1769214829.653:8): pid=7676 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.505" name="file1" dev="loop4" ino=15 res=0 errno=0
[  407.766248][ T6021] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  407.770369][ T5839] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  407.774582][ T6021] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  408.050799][ T5839] usb 2-1: config 0 has no interfaces?
[  408.106878][ T5839] usb 2-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13
[  408.116270][ T5839] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  408.124678][ T5839] usb 2-1: Product: syz
[  408.129123][ T5839] usb 2-1: Manufacturer: syz
[  408.134064][ T5839] usb 2-1: SerialNumber: syz
[  408.267555][ T5783] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  408.309219][ T7690] loop2: detected capacity change from 0 to 512
[  408.312720][ T5839] usb 2-1: config 0 descriptor??
[  408.367664][ T7690] EXT4-fs: Ignoring removed bh option
[  408.373511][ T7690] EXT4-fs: Ignoring removed mblk_io_submit option
[  408.422480][ T7690] EXT4-fs (loop2): mounting ext3 file system using the ext4 subsystem
[  408.490404][ T7690] EXT4-fs (loop2): 1 truncate cleaned up
[  408.498110][ T7690] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  408.639715][ T7695] loop8: detected capacity change from 0 to 8
[  408.720463][ T7695]  loop8: [CUMANA/ADFS] p1 [ADFS] p1
[  408.726194][ T7695] loop8: partition table partially beyond EOD, truncated
[  408.804293][ T7695] loop8: p1 size 2479356556 extends beyond EOD, truncated
[  408.873918][ T7683] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  408.908385][ T7683] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  408.985248][ T5836] usb 2-1: USB disconnect, device number 3
[  409.036705][ T5780] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  409.723180][ T6141] udevd[6141]: inotify_add_watch(7, /dev/loop8p1, 10) failed: No such file or directory
[  410.542885][ T7715] loop1: detected capacity change from 0 to 1024
[  410.620157][ T7715] EXT4-fs: Ignoring removed bh option
[  410.718031][ T7711] loop4: detected capacity change from 0 to 32768
[  410.824099][ T7711] JBD2: Ignoring recovery information on journal
[  410.913894][ T7715] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  410.931679][ T7705] loop2: detected capacity change from 0 to 8192
[  410.961059][ T7711] ocfs2: Mounting device (7,4) on (node local, slot 0) with ordered data mode.
[  411.026487][ T7711] (syz.4.517,7711,1):ocfs2_group_add:495 ERROR: The disk is too old and small. Force to do offline resize.
[  411.352707][ T7727] loop5: detected capacity change from 0 to 256
[  411.479131][ T5790] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  411.553000][ T5783] ocfs2: Unmounting device (7,4) on (node local)
[  412.317302][ T7737] loop6: detected capacity change from 0 to 22
[  412.458459][ T7737] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  414.957823][ T7761] loop2: detected capacity change from 0 to 512
[  416.197390][ T7776] loop5: detected capacity change from 0 to 47
[  416.217465][ T7775] loop1: detected capacity change from 0 to 256
[  416.512570][   T30] audit: type=1804 audit(1769214838.453:9): pid=7776 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.5.538" name="/newroot/63/file1/file1" dev="loop5" ino=8 res=1 errno=0
[  417.699231][ T7787] io-wq is not configured for unbound workers
[  418.800171][ T5839] usb 7-1: new high-speed USB device number 2 using dummy_hcd
[  419.064761][ T5839] usb 7-1: Using ep0 maxpacket: 32
[  419.078600][ T5839] usb 7-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[  419.184243][ T5839] usb 7-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  419.196583][ T5839] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  419.205871][ T5839] usb 7-1: Product: syz
[  419.210398][ T5839] usb 7-1: Manufacturer: syz
[  419.215200][ T5839] usb 7-1: SerialNumber: syz
[  419.224537][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  419.231308][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  419.347584][ T5839] usb 7-1: config 0 descriptor??
[  419.441314][ T7799] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22
[  419.498196][ T5839] input: syz syz as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/input/input10
[  420.010515][ T5836] usb 7-1: USB disconnect, device number 2
[  420.010552][    C0] usbtouchscreen 7-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  420.625752][ T7821] 9pnet: p9_errstr2errno: server reported unknown error 0x000
[  421.525790][ T7822] loop4: detected capacity change from 0 to 32768
[  421.539138][ T7822] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.553 (7822)
[  421.590819][ T7822] BTRFS info (device loop4): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  421.622664][ T7822] BTRFS info (device loop4): using blake2b (blake2b-256-lib) checksum algorithm
[  421.976340][ T7822] BTRFS info (device loop4): enabling ssd optimizations
[  421.991115][ T7822] BTRFS info (device loop4): turning on async discard
[  421.998092][ T7822] BTRFS info (device loop4): enabling free space tree
[  422.005237][ T7822] BTRFS info (device loop4): use zstd compression, level 3
[  422.593872][ T5839] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  422.789087][ T5783] BTRFS info (device loop4): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  422.830186][ T5839] usb 3-1: Using ep0 maxpacket: 16
[  422.867030][ T5839] usb 3-1: config index 0 descriptor too short (expected 67, got 36)
[  422.960136][ T5839] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  422.971595][ T5839] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  422.981833][ T5839] usb 3-1: New USB device found, idVendor=05ac, idProduct=0247, bcdDevice= 0.00
[  422.993213][ T5839] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  423.073436][ T5839] usb 3-1: config 0 descriptor??
[  423.965987][ T7860] loop5: detected capacity change from 0 to 32768
[  424.066282][ T5839] apple 0003:05AC:0247.0001: fixing up MacBook JIS keyboard report descriptor
[  424.122005][ T5839] apple 0003:05AC:0247.0001: unexpected long global item
[  424.186071][ T5839] apple 0003:05AC:0247.0001: parse failed
[  424.192640][ T5839] apple 0003:05AC:0247.0001: probe with driver apple failed with error -22
[  424.302639][ T5839] usb 3-1: USB disconnect, device number 6
[  425.821101][ T7886] loop2: detected capacity change from 0 to 512
[  426.651239][ T7894] netlink: 20 bytes leftover after parsing attributes in process `syz.6.574'.
[  428.218479][ T7916] mmap: syz.1.580 (7916) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  430.529346][ T7932] loop2: detected capacity change from 0 to 32768
[  430.633998][ T7932] JBD2: Ignoring recovery information on journal
[  430.835640][ T7932] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  431.141065][ T5780] ocfs2: Unmounting device (7,2) on (node local)
[  434.346186][ T7958] loop1: detected capacity change from 0 to 32768
[  434.474960][ T7958] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  434.581149][   T59] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge)
[  434.616605][ T7960] loop6: detected capacity change from 0 to 40427
[  434.628346][ T7960] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[  434.636462][ T7960] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  434.670457][ T7960] F2FS-fs (loop6): invalid crc value
[  435.106242][ T7960] F2FS-fs (loop6): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  435.122420][ T7958] XFS (loop1): Ending clean mount
[  435.146309][ T7958] XFS (loop1): Quotacheck needed: Please wait.
[  435.161876][ T7960] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  435.174586][ T7960] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  435.416863][ T7958] XFS (loop1): Quotacheck: Done.
[  435.587582][ T5790] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  436.390090][  T798] usb 3-1: new high-speed USB device number 7 using dummy_hcd
[  436.584888][  T798] usb 3-1: Using ep0 maxpacket: 32
[  436.628216][  T798] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[  436.809583][  T798] usb 3-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  436.819256][  T798] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  436.828323][  T798] usb 3-1: Product: syz
[  436.832780][  T798] usb 3-1: Manufacturer: syz
[  436.837595][  T798] usb 3-1: SerialNumber: syz
[  437.092294][  T798] usb 3-1: config 0 descriptor??
[  437.099541][ T7978] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22
[  437.336973][  T798] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input11
[  437.634959][    C0] usbtouchscreen 3-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  437.644721][  T798] usb 3-1: USB disconnect, device number 7
[  438.586583][  T798] kernel read not supported for file /swradio3 (pid: 798 comm: kworker/0:2)
[  438.797024][ T8003] netlink: 24 bytes leftover after parsing attributes in process `syz.1.606'.
[  438.954667][ T8005] netlink: 24 bytes leftover after parsing attributes in process `syz.1.606'.
[  440.254353][ T8008] loop4: detected capacity change from 0 to 4096
[  440.510782][  T798] usb 6-1: new high-speed USB device number 4 using dummy_hcd
[  440.549437][ T8025] loop1: detected capacity change from 0 to 512
[  440.608468][ T8025] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  440.737557][ T8025] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=200ec018, mo2=0002]
[  440.746047][  T798] usb 6-1: Using ep0 maxpacket: 32
[  440.765572][  T798] usb 6-1: config 0 has an invalid interface number: 85 but max is 0
[  440.776921][  T798] usb 6-1: config 0 has no interface number 0
[  440.783547][  T798] usb 6-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  440.795114][  T798] usb 6-1: config 0 interface 85 has no altsetting 0
[  440.837137][ T8025] System zones: 1-12
[  440.842064][  T798] usb 6-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72
[  440.851695][  T798] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  440.862393][  T798] usb 6-1: Product: syz
[  440.866804][  T798] usb 6-1: Manufacturer: syz
[  440.871742][  T798] usb 6-1: SerialNumber: syz
[  440.929386][ T8025] EXT4-fs (loop1): 1 truncate cleaned up
[  441.004138][  T798] usb 6-1: config 0 descriptor??
[  441.082966][ T8025] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  441.508427][   T30] audit: type=1800 audit(1769214863.433:10): pid=8025 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.613" name="file1" dev="loop1" ino=15 res=0 errno=0
[  441.787287][  T798] appletouch 6-1:0.85: Geyser mode initialized.
[  441.860329][  T798] input: appletouch as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.85/input/input12
[  442.080799][  T798] usb 6-1: USB disconnect, device number 4
[  442.209106][ T5790] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  442.228878][  T798] appletouch 6-1:0.85: input: appletouch disconnected
[  442.755421][ T8040] netlink: 8 bytes leftover after parsing attributes in process `syz.1.617'.
[  443.530218][  T797] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[  443.750513][  T797] usb 5-1: Using ep0 maxpacket: 32
[  443.781149][  T797] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9
[  443.840269][  T797] usb 5-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c
[  443.849702][  T797] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  443.858084][  T797] usb 5-1: Product: syz
[  443.863011][  T797] usb 5-1: Manufacturer: syz
[  443.867820][  T797] usb 5-1: SerialNumber: syz
[  444.118664][  T797] usb 5-1: config 0 descriptor??
[  444.152005][ T8046] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  444.248491][  T797] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input13
[  444.387580][ T8060] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  444.710955][  T798] usb 5-1: USB disconnect, device number 3
[  444.711049][    C1] usbtouchscreen 5-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19
[  444.900409][ T5839] usb 7-1: new high-speed USB device number 3 using dummy_hcd
[  445.176414][ T5839] usb 7-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00
[  445.185979][ T5839] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  445.194524][ T5839] usb 7-1: Product: syz
[  445.198884][ T5839] usb 7-1: Manufacturer: syz
[  445.205340][ T5839] usb 7-1: SerialNumber: syz
[  445.890375][ T5839] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE
[  445.902773][ T5839] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE
[  446.225071][ T8081] geneve2: entered promiscuous mode
[  446.237877][ T8081] geneve2: entered allmulticast mode
[  446.387194][ T5839] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO
[  446.399682][ T5839] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED....
[  446.520384][ T5839] lan78xx 7-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED
[  446.601677][ T5839] lan78xx 7-1:1.0: probe with driver lan78xx failed with error -71
[  446.720718][ T5839] usb 7-1: USB disconnect, device number 3
[  447.942786][ T8087] loop2: detected capacity change from 0 to 40427
[  447.989363][ T8089] loop1: detected capacity change from 0 to 40427
[  448.003599][ T8087] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  448.012592][ T8087] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  448.041656][ T8087] F2FS-fs (loop2): invalid crc value
[  448.062607][ T8089] F2FS-fs (loop1): build fault injection rate: 690
[  448.074904][ T8089] F2FS-fs (loop1): invalid crc value
[  448.496798][ T8087] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  448.577161][ T8089] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  448.597854][ T8087] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  448.606894][ T8087] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  448.617510][ T8089] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  448.699602][   T30] audit: type=1804 audit(1769214870.623:11): pid=8089 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.634" name="/newroot/135/file0/file0" dev="loop1" ino=10 res=1 errno=0
[  448.798264][ T5790] syz-executor: attempt to access beyond end of device
[  448.798264][ T5790] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  448.813956][ T5790] CPU: 1 UID: 0 PID: 5790 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(voluntary) 
[  448.814114][ T5790] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  448.814199][ T5790] Call Trace:
[  448.814253][ T5790]  <TASK>
[  448.814305][ T5790]  __dump_stack+0x26/0x30
[  448.814486][ T5790]  dump_stack_lvl+0x14c/0x1c0
[  448.814667][ T5790]  dump_stack+0x1e/0x25
[  448.814830][ T5790]  f2fs_handle_critical_error+0xa6f/0xc20
[  448.815101][ T5790]  f2fs_stop_checkpoint+0x65/0x80
[  448.815254][ T5790]  f2fs_write_end_io+0x101c/0x1bb0
[  448.815459][ T5790]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  448.815613][ T5790]  bio_endio+0xf92/0x10e0
[  448.815788][ T5790]  submit_bio_noacct+0x200a/0x2930
[  448.816025][ T5790]  submit_bio+0x57a/0x620
[  448.816206][ T5790]  f2fs_submit_write_bio+0x92/0x250
[  448.816420][ T5790]  __submit_merged_bio+0x16f/0x6a0
[  448.816623][ T5790]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  448.816858][ T5790]  __submit_merged_write_cond+0x44a/0x990
[  448.817095][ T5790]  f2fs_write_data_pages+0x4d18/0x57a0
[  448.817397][ T5790]  ? kmsan_internal_set_shadow_origin+0x7a/0x110
[  448.817598][ T5790]  ? kmsan_get_metadata+0xf1/0x160
[  448.817815][ T5790]  ? folio_batch_move_lru+0x6a2/0x6d0
[  448.818033][ T5790]  ? __msan_warning+0x1b/0x30
[  448.818219][ T5790]  ? filter_irq_stacks+0x13f/0x190
[  448.818426][ T5790]  ? stack_depot_save_flags+0x35/0x790
[  448.818746][ T5790]  ? kmsan_internal_set_shadow_origin+0x7a/0x110
[  448.818988][ T5790]  ? kmsan_get_metadata+0xf1/0x160
[  448.819202][ T5790]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  448.819418][ T5790]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  448.819576][ T5790]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  448.819742][ T5790]  do_writepages+0x3f2/0x860
[  448.819925][ T5790]  ? _raw_spin_unlock+0x30/0x50
[  448.820085][ T5790]  ? wbc_attach_and_unlock_inode+0x131/0x670
[  448.820268][ T5790]  filemap_fdatawrite+0x207/0x260
[  448.820531][ T5790]  f2fs_sync_dirty_inodes+0x2aa/0x9d0
[  448.820737][ T5790]  f2fs_write_checkpoint+0x10a3/0x3720
[  448.821081][ T5790]  ? stack_depot_save_flags+0x35/0x790
[  448.821323][ T5790]  kill_f2fs_super+0x320/0x990
[  448.821537][ T5790]  ? __pfx_kill_f2fs_super+0x10/0x10
[  448.821706][ T5790]  deactivate_locked_super+0xcb/0x3c0
[  448.821906][ T5790]  deactivate_super+0x12f/0x140
[  448.822095][ T5790]  cleanup_mnt+0x7eb/0x870
[  448.822266][ T5790]  ? __pfx___cleanup_mnt+0x10/0x10
[  448.822430][ T5790]  __cleanup_mnt+0x22/0x30
[  448.822576][ T5790]  task_work_run+0x208/0x2b0
[  448.822779][ T5790]  exit_to_user_mode_loop+0x2ff/0x1b20
[  448.822998][ T5790]  ? user_path_at+0x241/0x3e0
[  448.823183][ T5790]  ? __x64_sys_umount+0x1dc/0x250
[  448.823390][ T5790]  do_syscall_64+0x1d7/0xf80
[  448.823576][ T5790]  ? clear_bhb_loop+0x40/0x90
[  448.823743][ T5790]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  448.823903][ T5790] RIP: 0033:0x7f8726d9bf17
[  448.824016][ T5790] Code: a2 c7 05 7c 96 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  448.824138][ T5790] RSP: 002b:00007fff7d8c5c28 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  448.824275][ T5790] RAX: 0000000000000000 RBX: 00007f8726e0471f RCX: 00007f8726d9bf17
[  448.824372][ T5790] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007fff7d8c5ce0
[  448.824463][ T5790] RBP: 00007fff7d8c5ce0 R08: 00007fff7d8c6ce0 R09: 00000000ffffffff
[  448.824564][ T5790] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fff7d8c6d70
[  448.824656][ T5790] R13: 00007f8726e0471f R14: 000000000006d8c2 R15: 00007fff7d8c6db0
[  448.824794][ T5790]  </TASK>
[  449.186241][ T5790] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  449.479325][ T8104] loop5: detected capacity change from 0 to 512
[  449.660075][ T8104] EXT4-fs (loop5): feature flags set on rev 0 fs, running e2fsck is recommended
[  449.669562][ T8104] EXT4-fs (loop5): couldn't mount RDWR because of unsupported optional features (3000000)
[  449.679957][ T8104] EXT4-fs (loop5): couldn't mount as ext2 due to feature incompatibilities
[  449.745175][ T8102] loop6: detected capacity change from 0 to 512
[  449.801013][ T8102] EXT4-fs: Ignoring removed i_version option
[  449.844091][ T8102] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  449.958738][ T8102] EXT4-fs (loop6): 1 truncate cleaned up
[  449.969481][ T8102] EXT4-fs (loop6): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  450.099018][ T8106] netlink: 16 bytes leftover after parsing attributes in process `syz.4.641'.
[  451.038778][   T30] audit: type=1800 audit(1769214872.973:12): pid=8114 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.637" name="bus" dev="loop6" ino=18 res=0 errno=0
[  451.413685][ T8117] loop5: detected capacity change from 0 to 256
[  452.084035][ T7310] EXT4-fs (loop6): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  453.729396][ T8133] loop2: detected capacity change from 0 to 32768
[  453.745533][ T5839] usb 7-1: new high-speed USB device number 4 using dummy_hcd
[  453.875113][ T8133] JBD2: Ignoring recovery information on journal
[  453.951245][ T5839] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  453.964045][ T5839] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  453.974359][ T5839] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  453.988167][ T5839] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  453.997655][ T5839] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  454.127806][ T8133] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  454.222681][ T5839] usb 7-1: config 0 descriptor??
[  454.786717][ T5780] ocfs2: Unmounting device (7,2) on (node local)
[  454.843158][ T5839] plantronics 0003:047F:FFFF.0002: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[  455.057756][ T5839] usb 7-1: USB disconnect, device number 4
[  455.701204][ T8154] loop5: detected capacity change from 0 to 512
[  455.982699][ T8154] FAT-fs (loop5): error, corrupted directory (invalid entries)
[  457.750265][ T8165] loop2: detected capacity change from 0 to 32768
[  457.794241][ T8157] fido_id[8157]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.6/usb7/report_descriptor': No such file or directory
[  457.873800][ T8165] JBD2: Ignoring recovery information on journal
[  457.979735][ T8165] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  458.091207][ T8173] netlink: 12 bytes leftover after parsing attributes in process `syz.6.665'.
[  458.233377][ T5780] ocfs2: Unmounting device (7,2) on (node local)
[  459.444673][  T797] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  459.649717][  T797] usb 5-1: Using ep0 maxpacket: 8
[  459.694002][  T797] usb 5-1: config index 0 descriptor too short (expected 301, got 45)
[  459.770068][  T797] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  459.780494][  T797] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  459.790832][  T797] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  459.801310][  T797] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  459.814704][  T797] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  459.824121][  T797] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  460.276657][  T797] usb 5-1: usb_control_msg returned -32
[  460.282833][  T797] usbtmc 5-1:16.0: can't read capabilities
[  461.711584][ T8200] loop2: detected capacity change from 0 to 4096
[  461.759046][ T8200] ntfs3(loop2): Different NTFS sector size (1024) and media sector size (512).
[  462.411806][ T8200] ntfs3(loop2): Failed to load $Extend (-22).
[  462.492192][ T8200] ntfs3(loop2): Failed to initialize $Extend.
[  462.774736][ T8209] loop6: detected capacity change from 0 to 32768
[  462.846633][ T5839] usb 5-1: USB disconnect, device number 4
[  463.691574][ T8216] loop4: detected capacity change from 0 to 1024
[  464.227889][ T8222] loop5: detected capacity change from 0 to 64
[  464.615957][ T1038] hfsplus: b-tree write err: -5, ino 4
[  465.358621][ T8226] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  466.474368][ T8239] loop2: detected capacity change from 0 to 128
[  466.616443][ T8239] UDF-fs: error (device loop2): udf_read_tagged: read failed, block=256, location=256
[  467.005311][ T8239] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  467.577214][ T8245] loop6: detected capacity change from 0 to 32768
[  467.585471][   T30] audit: type=1800 audit(1769214889.463:13): pid=8239 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.693" name="bus" dev="loop2" ino=125 res=0 errno=0
[  467.616503][ T8245] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.694 (8245)
[  467.709576][ T8245] BTRFS info (device loop6): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  467.728460][ T8245] BTRFS info (device loop6): using sha256 (sha256-lib) checksum algorithm
[  468.002017][ T8245] BTRFS info (device loop6): enabling ssd optimizations
[  468.012193][ T8245] BTRFS info (device loop6): turning on async discard
[  468.021625][ T8245] BTRFS info (device loop6): enabling free space tree
[  468.197726][ T7310] BTRFS info (device loop6): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  469.011975][ T8271] loop8: detected capacity change from 0 to 8
[  469.041596][ T5962] Dev loop8: unable to read RDB block 8
[  469.047491][ T5962]  loop8: unable to read partition table
[  469.121021][ T5962] loop8: partition table beyond EOD, truncated
[  469.144878][ T8271] Dev loop8: unable to read RDB block 8
[  469.151135][ T8271]  loop8: unable to read partition table
[  469.190991][ T8271] loop8: partition table beyond EOD, truncated
[  469.199050][ T8271] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  471.614792][ T8299] loop4: detected capacity change from 0 to 128
[  471.705851][ T8299] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  471.800915][ T8299] hpfs: filesystem error: improperly stopped
[  471.810364][ T8299] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  471.823294][ T8299] hpfs: You really don't want any checks? You are crazy...
[  472.042761][ T8299] hpfs: hpfs_map_sector(): read error
[  472.048564][ T8299] hpfs: code page support is disabled
[  472.143223][ T8299] hpfs: hpfs_map_4sectors(): unaligned read
[  472.193335][ T8299] hpfs: hpfs_map_4sectors(): unaligned read
[  472.199462][ T8299] hpfs: filesystem error: unable to find root dir
[  472.404353][ T8299] hpfs: hpfs_map_4sectors(): unaligned read
[  473.712080][ T8300] loop2: detected capacity change from 0 to 65536
[  473.929094][ T8300] XFS (loop2): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  474.234766][ T8300] XFS (loop2): Ending clean mount
[  474.417559][ T5780] XFS (loop2): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  474.876899][ T8326] loop1: detected capacity change from 0 to 2048
[  475.063132][ T8326] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  475.275787][ T5839] usb 5-1: new high-speed USB device number 5 using dummy_hcd
[  475.321928][   T30] audit: type=1800 audit(1769214897.243:14): pid=8326 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.720" name="bus" dev="loop1" ino=18 res=0 errno=0
[  475.509445][ T5839] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  475.528585][ T5839] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  475.671601][ T5839] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  475.681324][ T5839] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  475.695192][ T5839] usb 5-1: SerialNumber: syz
[  476.076512][ T5790] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  476.103786][ T5839] usb 5-1: 0:2 : does not exist
[  476.319289][ T5839] usb 5-1: USB disconnect, device number 5
[  476.515732][ T8344] loop6: detected capacity change from 0 to 512
[  476.711441][ T8344] EXT4-fs warning (device loop6): read_mmp_block:111: Error -117 while reading MMP block 8
[  477.519142][ T6143] udevd[6143]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  479.025612][ T8349] loop5: detected capacity change from 0 to 65536
[  479.173221][ T8349] XFS (loop5): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  479.251504][ T8351] loop4: detected capacity change from 0 to 32768
[  479.345470][ T8351] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  479.535976][ T8349] XFS (loop5): Ending clean mount
[  479.692418][ T8351] XFS (loop4): Ending clean mount
[  479.706386][ T8351] XFS (loop4): Quotacheck needed: Please wait.
[  479.895635][ T8351] XFS (loop4): Quotacheck: Done.
[  480.216894][ T6433] XFS (loop5): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  480.404659][ T8370] loop2: detected capacity change from 0 to 32768
[  480.549502][ T8370] XFS (loop2): DAX unsupported by block device. Turning off DAX.
[  480.560374][ T8370] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  480.648471][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  480.656436][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  480.979309][ T5783] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  481.081498][ T8370] XFS (loop2): Ending clean mount
[  481.098187][ T8370] XFS (loop2): Quotacheck needed: Please wait.
[  481.195717][ T8370] XFS (loop2): Quotacheck: Done.
[  481.564511][ T5780] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  482.010210][ T8394] input: syz0 as /devices/virtual/input/input14
[  482.713508][ T5794] Bluetooth: hci5: command 0x0406 tx timeout
[  483.627694][ T8401] loop6: detected capacity change from 0 to 4096
[  485.197376][ T8411] loop4: detected capacity change from 0 to 32768
[  486.210958][ T8412] loop5: detected capacity change from 0 to 65536
[  486.298880][ T8412] XFS (loop5): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  486.628375][ T8412] XFS (loop5): Ending clean mount
[  486.852621][ T6433] XFS (loop5): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  488.492182][ T8447] tipc: Started in network mode
[  488.497385][ T8447] tipc: Node identity ac14142f, cluster identity 4711
[  488.576254][ T8447] tipc: New replicast peer: 0.0.0.0
[  488.584930][ T8447] tipc: Enabled bearer <udp:syz2>, priority 10
[  489.664636][ T8450] loop4: detected capacity change from 0 to 32768
[  489.710540][ T5839] tipc: Node number set to 2886997039
[  489.759133][ T8450] XFS (loop4): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  489.834249][ T8452] netlink: 8 bytes leftover after parsing attributes in process `syz.2.761'.
[  490.107358][ T8450] XFS (loop4): Ending clean mount
[  490.121677][ T8450] XFS (loop4): Quotacheck needed: Please wait.
[  490.214095][ T8450] XFS (loop4): Quotacheck: Done.
[  490.460268][ T5783] XFS (loop4): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  492.060462][ T8484] netlink: 'syz.5.753': attribute type 4 has an invalid length.
[  492.470355][ T8485] loop4: detected capacity change from 0 to 2048
[  492.686571][ T8485] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  493.310886][ T8496] EXT4-fs error (device loop4): ext4_mb_generate_buddy:1306: group 0, block bitmap and bg descriptor inconsistent: 25 vs 150994969 free clusters
[  493.411922][ T5783] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  493.735563][ T8505] loop1: detected capacity change from 0 to 512
[  493.853291][ T8505] EXT4-fs: Mount option(s) incompatible with ext3
[  494.477844][ T8513] netlink: 4 bytes leftover after parsing attributes in process `syz.4.782'.
[  495.595249][ T8523] loop1: detected capacity change from 0 to 2048
[  495.808168][ T8529] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  496.100504][ T8529] NILFS (loop1): vblocknr = 23 has abnormal lifetime: start cno (= 4294967298) > current cno (= 3)
[  496.111706][ T8529] NILFS error (device loop1): nilfs_bmap_propagate: broken bmap (inode number=4)
[  496.207579][ T8529] Remounting filesystem read-only
[  496.231094][ T8523] NILFS (loop1): mounting fs with errors
[  496.259103][ T8523] NILFS error (device loop1): nilfs_bmap_lookup_contig: broken bmap (inode number=2)
[  496.325944][ T8523] Remounting filesystem read-only
[  496.553417][ T8533] loop4: detected capacity change from 0 to 16
[  496.840124][ T5790] NILFS (loop1): disposed unprocessed dirty file(s) when stopping log writer
[  498.061029][ T5794] Bluetooth: hci0: command 0x0406 tx timeout
[  498.073522][ T8540] loop5: detected capacity change from 0 to 32768
[  498.084936][ T8540] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.794 (8540)
[  498.139537][ T8540] BTRFS info (device loop5): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  498.155214][ T8540] BTRFS info (device loop5): using crc32c (crc32c-lib) checksum algorithm
[  498.179644][ T5839] usb 5-1: new high-speed USB device number 6 using dummy_hcd
[  498.351499][ T5839] usb 5-1: Using ep0 maxpacket: 16
[  498.385352][ T5839] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  498.397392][ T5839] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  498.407609][ T5839] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2db4, bcdDevice= 0.00
[  498.417044][ T5839] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  498.466216][ T8540] BTRFS info (device loop5): enabling ssd optimizations
[  498.473565][ T8540] BTRFS info (device loop5): turning on async discard
[  498.481508][ T8540] BTRFS info (device loop5): enabling free space tree
[  498.592566][ T5839] usb 5-1: config 0 descriptor??
[  498.872175][ T6433] BTRFS info (device loop5): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  498.986262][ T8565] loop2: detected capacity change from 0 to 128
[  499.109575][ T8565] FAT-fs (loop2): Directory bread(block 524322) failed
[  499.117269][ T8565] FAT-fs (loop2): Directory bread(block 524323) failed
[  499.195012][ T5839] konepure 0003:1E7D:2DB4.0003: unknown main item tag 0x0
[  499.204146][ T5839] konepure 0003:1E7D:2DB4.0003: unknown main item tag 0x0
[  499.211773][ T5839] konepure 0003:1E7D:2DB4.0003: unknown main item tag 0x0
[  499.219169][ T5839] konepure 0003:1E7D:2DB4.0003: unknown main item tag 0x0
[  499.229304][ T8565] FAT-fs (loop2): Directory bread(block 524324) failed
[  499.261189][ T8565] FAT-fs (loop2): Directory bread(block 524325) failed
[  499.280116][ T8565] FAT-fs (loop2): Directory bread(block 524326) failed
[  499.287504][ T8565] FAT-fs (loop2): Directory bread(block 524327) failed
[  499.375748][ T5839] konepure 0003:1E7D:2DB4.0003: hidraw0: USB HID v0.00 Device [HID 1e7d:2db4] on usb-dummy_hcd.4-1/input0
[  499.395316][ T8565] FAT-fs (loop2): Directory bread(block 524328) failed
[  499.444003][ T8565] FAT-fs (loop2): Directory bread(block 524329) failed
[  499.533901][ T5839] usb 5-1: USB disconnect, device number 6
[  501.141357][ T8574] loop6: detected capacity change from 0 to 32768
[  501.155423][ T8574] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop6 (7:6) scanned by syz.6.802 (8574)
[  501.193717][ T8573] fido_id[8573]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory
[  501.236014][ T8574] BTRFS info (device loop6): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  501.246611][ T8574] BTRFS info (device loop6): using sha256 (sha256-lib) checksum algorithm
[  501.538543][ T8574] BTRFS info (device loop6): rebuilding free space tree
[  501.569007][ T8574] BTRFS info (device loop6): turning off barriers
[  501.575780][ T8574] BTRFS info (device loop6): turning on async discard
[  501.583142][ T8574] BTRFS info (device loop6): enabling free space tree
[  501.590306][ T8574] BTRFS info (device loop6): force clearing of disk cache
[  501.597635][ T8574] BTRFS info (device loop6): max_inline set to 17
[  502.127447][ T7310] BTRFS info (device loop6): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  502.174214][ T8579] loop2: detected capacity change from 0 to 4096
[  502.766677][ T8608] sctp: [Deprecated]: syz.6.807 (pid 8608) Use of int in maxseg socket option.
[  502.766677][ T8608] Use struct sctp_assoc_value instead
[  502.898238][ T8579] ntfs3(loop2): ino=0, ni_find_attr
[  502.920675][ T8579] ntfs3(loop2): Mark volume as dirty due to NTFS errors
[  504.478583][ T8610] loop1: detected capacity change from 0 to 40427
[  504.503121][ T8610] F2FS-fs (loop1): invalid crc value
[  504.826256][ T8610] F2FS-fs (loop1): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  504.840108][ T8610] F2FS-fs (loop1): Start checkpoint disabled!
[  504.851829][ T8610] F2FS-fs (loop1): f2fs_disable_checkpoint() finish, err:0
[  504.877411][ T8610] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e6
[  504.987198][   T30] audit: type=1800 audit(1769214926.923:15): pid=8610 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.810" name="file1" dev="loop1" ino=10 res=0 errno=0
[  505.062580][ T8610] syz.1.810: attempt to access beyond end of device
[  505.062580][ T8610] loop1: rw=2049, sector=45096, nr_sectors = 968 limit=40427
[  505.337505][ T3545] kworker/u8:10: attempt to access beyond end of device
[  505.337505][ T3545] loop1: rw=2049, sector=46064, nr_sectors = 8 limit=40427
[  505.353801][ T3545] CPU: 1 UID: 0 PID: 3545 Comm: kworker/u8:10 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  505.353958][ T3545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  505.354074][ T3545] Workqueue: writeback wb_workfn (flush-7:1)
[  505.354272][ T3545] Call Trace:
[  505.354336][ T3545]  <TASK>
[  505.354393][ T3545]  __dump_stack+0x26/0x30
[  505.354568][ T3545]  dump_stack_lvl+0x14c/0x1c0
[  505.354755][ T3545]  dump_stack+0x1e/0x25
[  505.354933][ T3545]  f2fs_handle_critical_error+0xa6f/0xc20
[  505.355196][ T3545]  f2fs_stop_checkpoint+0x65/0x80
[  505.355357][ T3545]  f2fs_write_end_io+0x101c/0x1bb0
[  505.355561][ T3545]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  505.355717][ T3545]  bio_endio+0xf92/0x10e0
[  505.355893][ T3545]  submit_bio_noacct+0x200a/0x2930
[  505.356124][ T3545]  submit_bio+0x57a/0x620
[  505.356311][ T3545]  f2fs_submit_write_bio+0x92/0x250
[  505.356524][ T3545]  __submit_merged_bio+0x16f/0x6a0
[  505.356726][ T3545]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  505.356957][ T3545]  __submit_merged_write_cond+0x44a/0x990
[  505.357192][ T3545]  f2fs_write_data_pages+0x4d18/0x57a0
[  505.357447][ T3545]  ? kmsan_get_metadata+0xf1/0x160
[  505.357710][ T3545]  ? kmsan_get_metadata+0xf1/0x160
[  505.357919][ T3545]  ? kmsan_get_metadata+0xf1/0x160
[  505.358132][ T3545]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  505.358363][ T3545]  ? kmsan_get_metadata+0xf1/0x160
[  505.358576][ T3545]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  505.358794][ T3545]  ? kmsan_get_metadata+0xf1/0x160
[  505.359185][ T3545]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  505.359405][ T3545]  ? kmsan_get_metadata+0xf1/0x160
[  505.359611][ T3545]  ? kmsan_get_metadata+0xf1/0x160
[  505.359827][ T3545]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  505.360048][ T3545]  ? kmsan_get_metadata+0xf1/0x160
[  505.360255][ T3545]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  505.360470][ T3545]  ? kmsan_get_metadata+0xf1/0x160
[  505.360679][ T3545]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  505.360896][ T3545]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  505.361056][ T3545]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  505.361204][ T3545]  do_writepages+0x3f2/0x860
[  505.361360][ T3545]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  505.361582][ T3545]  ? queue_io+0x771/0x790
[  505.361751][ T3545]  ? kmsan_get_metadata+0xf1/0x160
[  505.361985][ T3545]  __writeback_single_inode+0x101/0x1180
[  505.362190][ T3545]  ? kmsan_get_metadata+0xf1/0x160
[  505.362452][ T3545]  writeback_sb_inodes+0xb2d/0x1f10
[  505.362743][ T3545]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  505.362986][ T3545]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  505.363229][ T3545]  wb_writeback+0x4d0/0xc00
[  505.363431][ T3545]  ? queue_io+0x471/0x790
[  505.363729][ T3545]  wb_workfn+0x397/0x1910
[  505.363879][ T3545]  ? kmsan_get_metadata+0xf1/0x160
[  505.364142][ T3545]  ? __pfx_wb_workfn+0x10/0x10
[  505.364371][ T3545]  process_scheduled_works+0xb03/0x1da0
[  505.364668][ T3545]  worker_thread+0xede/0x1590
[  505.364873][ T3545]  kthread+0xd5a/0xf00
[  505.365035][ T3545]  ? __pfx_worker_thread+0x10/0x10
[  505.365228][ T3545]  ? __pfx_kthread+0x10/0x10
[  505.365391][ T3545]  ret_from_fork+0x207/0x6f0
[  505.365532][ T3545]  ? __switch_to+0x521/0x750
[  505.365708][ T3545]  ? __pfx_kthread+0x10/0x10
[  505.365880][ T3545]  ret_from_fork_asm+0x1a/0x30
[  505.366125][ T3545]  </TASK>
[  505.698298][ T3545] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  507.291901][ T8640] bond0: option arp_all_targets: invalid value (52)
[  508.818198][ T8654] loop5: detected capacity change from 0 to 1024
[  508.857628][ T8654] EXT4-fs: Ignoring removed bh option
[  509.083318][ T8654] EXT4-fs (loop5): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  509.464329][ T8664] loop2: detected capacity change from 0 to 1024
[  509.610781][ T6433] EXT4-fs (loop5): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  511.258227][ T8686]  nullb0: AHDI p1
[  512.399041][ T8700] loop1: detected capacity change from 0 to 47
[  512.727552][ T8703] 9pnet: p9_errstr2errno: server reported unknown error 0x0000
[  512.807344][ T8706] loop2: detected capacity change from 0 to 256
[  515.118657][ T8728] netlink: 104 bytes leftover after parsing attributes in process `syz.6.855'.
[  515.877111][ T8740] loop5: detected capacity change from 0 to 47
[  517.465406][ T8760] GUP no longer grows the stack in syz.6.868 (8760): 200000004000-20000000a000 (200000002000)
[  517.476529][ T8760] CPU: 0 UID: 0 PID: 8760 Comm: syz.6.868 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  517.476687][ T8760] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  517.476779][ T8760] Call Trace:
[  517.476832][ T8760]  <TASK>
[  517.476887][ T8760]  __dump_stack+0x26/0x30
[  517.477077][ T8760]  dump_stack_lvl+0x14c/0x1c0
[  517.477276][ T8760]  dump_stack+0x1e/0x25
[  517.477444][ T8760]  __get_user_pages+0x4506/0x5f20
[  517.477627][ T8760]  ? kmsan_get_metadata+0xf1/0x160
[  517.477889][ T8760]  ? filter_irq_stacks+0x13f/0x190
[  517.478107][ T8760]  ? kmsan_get_metadata+0xf1/0x160
[  517.478366][ T8760]  get_user_pages_remote+0x468/0x1390
[  517.478588][ T8760]  ? stack_depot_save_flags+0x35/0x790
[  517.478787][ T8760]  ? kmsan_get_metadata+0xf1/0x160
[  517.479040][ T8760]  ? access_remote_vm+0x4e/0x70
[  517.479228][ T8760]  __access_remote_vm+0x2f8/0xfe0
[  517.479459][ T8760]  access_remote_vm+0x4e/0x70
[  517.479642][ T8760]  proc_pid_cmdline_read+0xac1/0x1a30
[  517.479885][ T8760]  vfs_readv+0x929/0xf20
[  517.480025][ T8760]  ? __pfx_proc_pid_cmdline_read+0x10/0x10
[  517.480246][ T8760]  ? kmsan_get_metadata+0xf1/0x160
[  517.480442][ T8760]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  517.480691][ T8760]  __x64_sys_preadv+0x2a3/0x510
[  517.480911][ T8760]  x64_sys_call+0x3033/0x3e70
[  517.481104][ T8760]  do_syscall_64+0xc9/0xf80
[  517.481299][ T8760]  ? clear_bhb_loop+0x40/0x90
[  517.481467][ T8760]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  517.481631][ T8760] RIP: 0033:0x7fc6e219acb9
[  517.481748][ T8760] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  517.481886][ T8760] RSP: 002b:00007fc6e03f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  517.482030][ T8760] RAX: ffffffffffffffda RBX: 00007fc6e2415fa0 RCX: 00007fc6e219acb9
[  517.482149][ T8760] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000003
[  517.482242][ T8760] RBP: 00007fc6e2208bf7 R08: 0000000000000000 R09: 0000000000000000
[  517.482336][ T8760] R10: 0000000000000300 R11: 0000000000000246 R12: 0000000000000000
[  517.482424][ T8760] R13: 00007fc6e2416038 R14: 00007fc6e2415fa0 R15: 00007fff88126a58
[  517.482566][ T8760]  </TASK>
[  517.905212][ T8759] loop1: detected capacity change from 0 to 2048
[  518.033511][ T8759] UDF-fs: error (device loop1): udf_process_sequence: Primary Volume Descriptor not found!
[  518.118467][ T8759] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  519.255689][ T8769] loop2: detected capacity change from 0 to 40427
[  519.271334][ T8769] F2FS-fs (loop2): build fault injection rate: 14
[  519.277985][ T8769] F2FS-fs (loop2): build fault injection type: 0x3bfe8c
[  519.288111][ T8769] F2FS-fs (loop2): invalid crc value
[  519.323571][    C0] F2FS-fs (loop2): inject read IO error in f2fs_read_end_io of bio_endio+0xf92/0x10e0
[  519.363969][    C0] F2FS-fs (loop2): inject read IO error in f2fs_read_end_io of bio_endio+0xf92/0x10e0
[  519.771907][ T8769] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  519.781909][ T8769] F2FS-fs (loop2): inject page alloc in f2fs_grab_cache_folio of f2fs_get_tmp_folio+0x38/0x50
[  519.811076][ T8769] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  519.848476][ T8769] F2FS-fs (loop2): inject no more block in inc_valid_node_count of f2fs_new_node_folio+0x66f/0x19b0
[  519.885227][ T8769] F2FS-fs (loop2): inject slab alloc in f2fs_alloc_inode of alloc_inode+0x8a/0x4a0
[  520.132602][ T5780] F2FS-fs (loop2): inject discard error in __submit_discard_cmd of __issue_discard_cmd+0x899/0x26f0
[  520.159552][ T8790] loop1: detected capacity change from 0 to 8
[  520.824964][   T30] audit: type=1326 audit(1769214942.763:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8792 comm="syz.4.878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f937099acb9 code=0x7fc00000
[  521.337814][   T30] audit: type=1326 audit(1769214943.273:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8792 comm="syz.4.878" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f937099acb9 code=0x7fc00000
[  522.469248][ T8815] netlink: 8 bytes leftover after parsing attributes in process `syz.2.884'.
[  522.478783][ T8815] netlink: 'syz.2.884': attribute type 8 has an invalid length.
[  522.773916][ T8815] geneve2: entered promiscuous mode
[  522.779470][ T8815] geneve2: entered allmulticast mode
[  523.269508][  T797] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0
[  523.360528][  T797] hid-generic 0000:0000:0000.0004: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  523.555555][  T797] usb 5-1: new high-speed USB device number 7 using dummy_hcd
[  523.752806][  T797] usb 5-1: config 0 has no interfaces?
[  523.793220][  T797] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  523.802725][  T797] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  523.811194][  T797] usb 5-1: SerialNumber: syz
[  523.938701][  T797] usb 5-1: config 0 descriptor??
[  524.004879][ T5836] usb 7-1: new high-speed USB device number 5 using dummy_hcd
[  524.231909][ T5836] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  524.242766][ T5836] usb 7-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00
[  524.252206][ T5836] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  524.421124][ T5836] usb 7-1: config 0 descriptor??
[  525.775364][ T8839] loop2: detected capacity change from 0 to 32768
[  525.789519][ T8839] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.893 (8839)
[  525.857778][ T8839] BTRFS info (device loop2): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  525.871057][ T8839] BTRFS info (device loop2): using sha256 (sha256-lib) checksum algorithm
[  526.091629][ T8839] BTRFS info (device loop2): enabling ssd optimizations
[  526.100729][ T8839] BTRFS info (device loop2): turning on async discard
[  526.107700][ T8839] BTRFS info (device loop2): enabling free space tree
[  526.620727][ T5839] usb 5-1: USB disconnect, device number 7
[  527.064083][ T5780] BTRFS info (device loop2): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  527.203245][ T5836] usbhid 7-1:0.0: can't add hid device: -71
[  527.210550][ T5836] usbhid 7-1:0.0: probe with driver usbhid failed with error -71
[  527.396159][ T5836] usb 7-1: USB disconnect, device number 5
[  527.441842][ T5839] usb 5-1: new full-speed USB device number 8 using dummy_hcd
[  527.802812][ T5839] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea
[  527.813426][ T5839] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  527.822739][ T5839] usb 5-1: Product: syz
[  527.827117][ T5839] usb 5-1: Manufacturer: syz
[  527.832308][ T5839] usb 5-1: SerialNumber: syz
[  527.992746][ T5839] usb 5-1: config 0 descriptor??
[  528.271796][ T8873] loop1: detected capacity change from 0 to 64
[  528.371251][ T8873] hfs: unable to locate alternate MDB
[  528.379033][ T8873] hfs: continuing without an alternate MDB
[  529.157020][ T5839] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state
[  529.312173][ T8872] loop5: detected capacity change from 0 to 32768
[  529.420220][ T8872] 
[  529.420220][ T8872]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  529.420220][ T8872] 
[  529.647483][ T5839] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71
[  529.748493][ T5839] usb 5-1: USB disconnect, device number 8
[  529.925253][ T6036] ERROR: (device loop5): diWrite: ixpxd invalid
[  529.925253][ T6036] 
[  530.028994][ T6036] ERROR: (device loop5): txAbort: 
[  530.028994][ T6036] 
[  530.037183][ T6036] jfs_write_inode: jfs_commit_inode failed!
[  530.119699][ T6433] 
[  530.119699][ T6433]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  530.119699][ T6433] 
[  530.161734][ T6433] 
[  530.161734][ T6433]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  530.161734][ T6433] 
[  531.312606][ T8881] loop1: detected capacity change from 0 to 4096
[  531.348906][ T8883] loop2: detected capacity change from 0 to 32768
[  531.463964][ T8883] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  531.883845][ T8883] XFS (loop2): Ending clean mount
[  531.957211][ T8883] XFS (loop2): User initiated shutdown received.
[  531.964024][ T8883] XFS (loop2): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x91/0x200 (fs/xfs/xfs_fsops.c:472).  Shutting down filesystem.
[  531.978161][ T8883] XFS (loop2): Please unmount the filesystem and rectify the problem(s)
[  532.390822][   T30] audit: type=1800 audit(1769214954.303:18): pid=8905 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.904" name="file1" dev="loop1" ino=33 res=0 errno=0
[  532.530965][ T5780] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  533.480259][ T5836] usb 6-1: new high-speed USB device number 5 using dummy_hcd
[  533.700255][ T5836] usb 6-1: Using ep0 maxpacket: 16
[  533.735231][ T5836] usb 6-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83
[  533.747507][ T5836] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  533.890916][ T5836] usb 6-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  533.901534][ T5836] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  533.910280][ T5836] usb 6-1: Product: syz
[  533.914673][ T5836] usb 6-1: Manufacturer: syz
[  533.919461][ T5836] usb 6-1: SerialNumber: syz
[  534.117209][ T5836] usb 6-1: config 0 descriptor??
[  534.243703][ T5836] em28xx 6-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0)
[  534.253941][ T5836] em28xx 6-1:0.0: Audio interface 0 found (Vendor Class)
[  534.380449][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  534.390370][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  534.892286][ T5836] em28xx 6-1:0.0: unknown em28xx chip ID (0)
[  534.925074][ T5836] em28xx 6-1:0.0: Config register raw data: 0x62
[  534.931981][ T5836] em28xx 6-1:0.0: I2S Audio (1 sample rate(s))
[  534.938383][ T5836] em28xx 6-1:0.0: No AC97 audio processor
[  535.362348][ T5836] usb 6-1: USB disconnect, device number 5
[  535.420345][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  535.429973][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  536.089572][ T8942] netlink: 4 bytes leftover after parsing attributes in process `syz.4.924'.
[  536.460532][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  536.470485][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  536.864357][ T8953] netlink: 'syz.4.929': attribute type 4 has an invalid length.
[  536.967984][ T8951] loop5: detected capacity change from 0 to 2048
[  536.981077][ T8954] netlink: 'syz.4.929': attribute type 4 has an invalid length.
[  537.254573][ T8957] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  537.500232][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  537.510322][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  537.942268][ T8965] input: syz0 as /devices/virtual/input/input15
[  538.540414][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  538.550175][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  539.580193][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  539.590968][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  539.687339][ T8991] loop6: detected capacity change from 0 to 128
[  540.620224][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  540.629637][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  541.000897][ T5836] usb 6-1: new high-speed USB device number 6 using dummy_hcd
[  541.262920][ T5836] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  541.274283][ T5836] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  541.284441][ T5836] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  541.297812][ T5836] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  541.307924][ T5836] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  541.495494][ T5836] usb 6-1: config 0 descriptor??
[  541.660289][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  541.670060][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  541.704575][ T9007] loop6: detected capacity change from 0 to 4096
[  542.105559][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  542.112363][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  542.227319][ T5836] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  542.557966][ T9014] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  542.610418][ T9014] overlayfs: failed to set xattr on upper
[  542.616348][ T9014] overlayfs: ...falling back to redirect_dir=nofollow.
[  542.623584][ T9014] overlayfs: ...falling back to index=off.
[  542.629559][ T9014] overlayfs: ...falling back to uuid=null.
[  542.635718][ T9014] overlayfs: maximum fs stacking depth exceeded
[  542.707092][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  542.718582][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  542.743613][ T5836] usb 6-1: USB disconnect, device number 6
[  543.118310][ T9016] fido_id[9016]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[  543.605125][ T9023] loop2: detected capacity change from 0 to 1024
[  543.640673][ T5839] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  543.740238][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  543.750084][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  543.830756][ T9023] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  543.888663][ T5839] usb 5-1: config 1 interface 0 altsetting 127 bulk endpoint 0x81 has invalid maxpacket 64
[  543.899202][ T5839] usb 5-1: config 1 interface 0 altsetting 127 bulk endpoint 0x2 has invalid maxpacket 32
[  543.909615][ T5839] usb 5-1: config 1 interface 0 has no altsetting 0
[  544.120777][ T5839] usb 5-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.40
[  544.132023][ T5839] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  544.141117][ T5839] usb 5-1: Product: syz
[  544.145492][ T5839] usb 5-1: Manufacturer: syz
[  544.150510][ T5839] usb 5-1: SerialNumber: syz
[  544.301488][ T9024] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  544.378524][ T9024] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22
[  544.504365][ T5780] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  544.780235][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  544.790496][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  544.880623][ T9040] loop6: detected capacity change from 0 to 256
[  544.961074][ T9040] FAT-fs (loop6): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  545.338789][ T5836] usb 7-1: new high-speed USB device number 6 using dummy_hcd
[  545.576294][ T5836] usb 7-1: Using ep0 maxpacket: 16
[  545.693462][ T5836] usb 7-1: config 0 has no interfaces?
[  545.820145][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  545.829376][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  545.970862][ T5836] usb 7-1: New USB device found, idVendor=0403, idProduct=b8d8, bcdDevice=30.bb
[  545.980487][ T5836] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  545.988711][ T5836] usb 7-1: Product: syz
[  545.993235][ T5836] usb 7-1: Manufacturer: syz
[  545.998026][ T5836] usb 7-1: SerialNumber: syz
[  546.239630][ T5839] rtl8150 5-1:1.0: eth9: rtl8150 is detected
[  546.311730][ T5836] usb 7-1: config 0 descriptor??
[  546.331077][ T5839] usb 5-1: USB disconnect, device number 9
[  546.383608][ T9046] loop1: detected capacity change from 0 to 32768
[  546.740156][  T798] usb 3-1: new high-speed USB device number 8 using dummy_hcd
[  546.839102][ T9040] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  546.860170][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  546.870778][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  546.908958][ T9040] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  546.956406][ T5839] usb 7-1: USB disconnect, device number 6
[  546.970180][  T798] usb 3-1: Using ep0 maxpacket: 16
[  547.021207][  T798] usb 3-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4
[  547.031710][  T798] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  547.138599][  T798] usb 3-1: config 0 descriptor??
[  547.223193][  T798] gspca_main: sonixj-2.14.0 probing 0471:0327
[  547.900148][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  547.909562][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  548.324928][ T9056] loop5: detected capacity change from 0 to 32768
[  548.350448][ T9056] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop5 (7:5) scanned by syz.5.970 (9056)
[  548.386432][ T9056] BTRFS info (device loop5): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  548.397260][ T9056] BTRFS info (device loop5): using blake2b (blake2b-256-lib) checksum algorithm
[  548.522169][ T9062] netlink: 8 bytes leftover after parsing attributes in process `syz.1.972'.
[  548.870316][ T9056] BTRFS info (device loop5): enabling ssd optimizations
[  548.877650][ T9056] BTRFS info (device loop5): turning on async discard
[  548.885177][ T9056] BTRFS info (device loop5): enabling free space tree
[  548.892480][ T9056] BTRFS info (device loop5): use zstd compression, level 3
[  548.940269][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  548.950941][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  548.972707][  T798] gspca_sonixj: reg_w1 err -71
[  549.000860][  T798] sonixj 3-1:0.0: probe with driver sonixj failed with error -71
[  549.083314][  T798] usb 3-1: USB disconnect, device number 8
[  549.675729][ T6433] BTRFS info (device loop5): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  549.980218][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  549.990312][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  551.020274][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  551.030041][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  552.061436][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  552.074653][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  552.100923][  T798] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  552.280174][  T798] usb 2-1: Using ep0 maxpacket: 32
[  552.350286][  T798] usb 2-1: config 0 has an invalid interface number: 184 but max is 0
[  552.358805][  T798] usb 2-1: config 0 has no interface number 0
[  552.440284][  T798] usb 2-1: config 0 interface 184 has no altsetting 0
[  552.506477][  T798] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  552.516043][  T798] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  552.526920][  T798] usb 2-1: Product: syz
[  552.531704][  T798] usb 2-1: Manufacturer: syz
[  552.536513][  T798] usb 2-1: SerialNumber: syz
[  552.693002][  T798] usb 2-1: config 0 descriptor??
[  552.763861][  T798] smsc75xx v1.0.0
[  552.891193][ T8929] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  553.100305][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  553.110174][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  553.161838][ T8929] usb 5-1: Using ep0 maxpacket: 16
[  553.193998][ T8929] usb 5-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  553.205696][ T8929] usb 5-1: config 0 interface 0 has no altsetting 0
[  553.212798][ T8929] usb 5-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00
[  553.222170][ T8929] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  553.362152][ T8929] usb 5-1: config 0 descriptor??
[  553.491453][  T798] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32
[  553.502849][  T798] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  553.983658][  T798] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000010: -71
[  553.995294][  T798] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to write HW_CFG: -71
[  554.005459][  T798] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  554.140171][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  554.140911][ T8929] nzxt-smart2 0003:1E71:2009.0006: hidraw0: USB HID v0.05 Device [HID 1e71:2009] on usb-dummy_hcd.4-1/input0
[  554.152868][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  554.201659][  T798] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -71
[  554.291443][  T798] usb 2-1: USB disconnect, device number 4
[  554.640881][ T9130] netlink: 'syz.6.993': attribute type 12 has an invalid length.
[  554.648876][ T9130] netlink: 4 bytes leftover after parsing attributes in process `syz.6.993'.
[  555.058468][ T6036] netdevsim netdevsim6 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  555.085019][ T9130] netlink: 'syz.6.993': attribute type 12 has an invalid length.
[  555.096893][ T9130] netlink: 4 bytes leftover after parsing attributes in process `syz.6.993'.
[  555.119103][ T6036] netdevsim netdevsim6 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  555.180310][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  555.190904][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  555.206794][ T6036] netdevsim netdevsim6 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  555.262326][ T6036] netdevsim netdevsim6 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  556.053840][ T8929] usb 5-1: USB disconnect, device number 10
[  556.220170][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  556.229633][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  556.446196][ T9146] loop1: detected capacity change from 0 to 136
[  556.739540][ T9150] loop4: detected capacity change from 0 to 512
[  556.813898][ T9150] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  556.930537][ T9150] EXT4-fs error (device loop4): ext4_orphan_get:1417: comm syz.4.1001: bad orphan inode 131083
[  557.012699][ T9150] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  557.166901][ T3545] netdevsim netdevsim6 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  557.178695][ T3545] netdevsim netdevsim6 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  557.260464][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  557.270814][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  557.538590][ T3545] netdevsim netdevsim6 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  557.550483][ T3545] netdevsim netdevsim6 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  557.633409][ T5783] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  557.744330][ T9161] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1007'.
[  558.056936][ T3545] netdevsim netdevsim6 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  558.068141][ T3545] netdevsim netdevsim6 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  558.300406][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  558.310892][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  558.423448][ T3545] netdevsim netdevsim6 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[  558.434710][ T3545] netdevsim netdevsim6 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  559.140576][ T3545] bridge_slave_1: left allmulticast mode
[  559.146482][ T3545] bridge_slave_1: left promiscuous mode
[  559.153419][ T3545] bridge0: port 2(bridge_slave_1) entered disabled state
[  559.211142][ T3545] bridge_slave_0: left allmulticast mode
[  559.217024][ T3545] bridge_slave_0: left promiscuous mode
[  559.224067][ T3545] bridge0: port 1(bridge_slave_0) entered disabled state
[  559.340428][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  559.350910][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  559.912620][ T3545] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  559.939320][ T3545] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  559.977602][ T3545] bond0 (unregistering): Released all slaves
[  560.206658][ T3545] tipc: Disabling bearer <udp:syz2>
[  560.212638][ T3545] tipc: Left network mode
[  560.372579][ T9173] netlink: 20 bytes leftover after parsing attributes in process `syz.5.1012'.
[  560.530518][ T5836] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[  560.613229][ T8929] usb 3-1: new full-speed USB device number 9 using dummy_hcd
[  560.832801][ T5836] usb 2-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36
[  560.842592][ T5836] usb 2-1: New USB device strings: Mfr=241, Product=2, SerialNumber=3
[  560.851284][ T5836] usb 2-1: Product: syz
[  560.855785][ T5836] usb 2-1: Manufacturer: syz
[  560.863471][ T5836] usb 2-1: SerialNumber: syz
[  560.877360][ T3545] hsr_slave_0: left promiscuous mode
[  560.886317][ T8929] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  560.914356][ T8929] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  560.928634][ T8929] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  560.941023][ T8929] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 7
[  560.954219][ T8929] usb 3-1: New USB device found, idVendor=0eef, idProduct=72c4, bcdDevice= 0.00
[  560.963720][ T8929] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  560.981031][ T3545] hsr_slave_1: left promiscuous mode
[  561.006537][ T5836] usb 2-1: config 0 descriptor??
[  561.039378][ T3545] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  561.047114][ T3545] batman_adv: batadv0: Removing interface: batadv_slave_0
[  561.064161][ T5836] ch341 2-1:0.0: ch341-uart converter detected
[  561.118475][ T3545] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  561.129432][ T3545] batman_adv: batadv0: Removing interface: batadv_slave_1
[  561.185329][ T8929] usb 3-1: config 0 descriptor??
[  561.218896][ T9174] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  561.288556][ T3545] veth1_macvtap: left promiscuous mode
[  561.318229][ T3545] veth0_macvtap: left promiscuous mode
[  561.372838][ T5794] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  561.386742][ T5794] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  561.397343][ T3545] veth1_vlan: left promiscuous mode
[  561.403727][ T5794] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  561.416775][ T3545] veth0_vlan: left promiscuous mode
[  561.444387][ T5794] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  561.466289][ T5794] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  561.784272][ T8929] usbhid 3-1:0.0: can't add hid device: -71
[  561.791826][ T8929] usbhid 3-1:0.0: probe with driver usbhid failed with error -71
[  561.938580][ T8929] usb 3-1: USB disconnect, device number 9
[  562.197401][ T5836] usb 2-1: ch341-uart converter now attached to ttyUSB0
[  562.380043][ T8929] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  562.426835][ T5836] usb 2-1: USB disconnect, device number 5
[  562.485175][ T5836] ch341-uart ttyUSB0: ch341-uart converter now disconnected from ttyUSB0
[  562.535283][ T5836] ch341 2-1:0.0: device disconnected
[  562.590322][ T8929] usb 3-1: Using ep0 maxpacket: 32
[  562.636346][ T8929] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  562.704006][ T8929] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  562.715479][ T8929] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 7
[  562.728817][ T8929] usb 3-1: New USB device found, idVendor=0eef, idProduct=72c4, bcdDevice= 0.00
[  562.738314][ T8929] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  562.905738][ T8929] usb 3-1: config 0 descriptor??
[  563.294507][ T9196] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1017'.
[  563.449461][ T8929] hid-multitouch 0003:0EEF:72C4.0007: reserved main item tag 0xd
[  563.529478][ T9196] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1017'.
[  563.632957][ T8929] hid-multitouch 0003:0EEF:72C4.0007: hidraw0: USB HID v0.00 Device [HID 0eef:72c4] on usb-dummy_hcd.2-1/input0
[  563.672850][ T5794] Bluetooth: hci0: command tx timeout
[  563.814574][ T8929] usb 3-1: USB disconnect, device number 10
[  565.151342][ T3545] team0 (unregistering): Port device team_slave_1 removed
[  565.601905][ T3545] team0 (unregistering): Port device team_slave_0 removed
[  565.740623][ T5794] Bluetooth: hci0: command tx timeout
[  565.814981][ T9217] Bluetooth: MGMT ver 1.23
[  565.897238][ T9208] fido_id[9208]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory
[  566.392004][ T9213] loop4: detected capacity change from 0 to 4096
[  567.820533][ T5794] Bluetooth: hci0: command tx timeout
[  569.367071][ T9233] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1027'.
[  569.401470][ T9233] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1027'.
[  569.500533][ T5839] usb 6-1: new high-speed USB device number 7 using dummy_hcd
[  569.866206][ T5839] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  569.899335][ T5839] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3
[  569.939598][ T5794] Bluetooth: hci0: command tx timeout
[  570.025179][ T5839] usb 6-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  570.045793][ T5839] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  570.066878][ T5839] usb 6-1: SerialNumber: syz
[  570.824898][ T5839] usb 6-1: 0:2 : does not exist
[  571.261009][ T5839] usb 6-1: USB disconnect, device number 7
[  572.274086][ T5962] udevd[5962]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  572.982272][ T9180] chnl_net:caif_netlink_parms(): no params data found
[  573.452179][ T9259] loop1: detected capacity change from 0 to 512
[  573.505841][ T9259] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  573.606704][ T9259] EXT4-fs (loop1): 1 truncate cleaned up
[  573.635162][ T9259] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  574.355181][ T5790] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  575.990183][ T9180] bridge0: port 1(bridge_slave_0) entered blocking state
[  575.998629][ T9180] bridge0: port 1(bridge_slave_0) entered disabled state
[  576.059323][ T9180] bridge_slave_0: entered allmulticast mode
[  576.168263][ T9180] bridge_slave_0: entered promiscuous mode
[  576.242820][ T9180] bridge0: port 2(bridge_slave_1) entered blocking state
[  576.254448][ T9180] bridge0: port 2(bridge_slave_1) entered disabled state
[  576.329684][ T9180] bridge_slave_1: entered allmulticast mode
[  576.368468][ T9180] bridge_slave_1: entered promiscuous mode
[  576.670608][ T8929] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0
[  576.783778][ T8929] hid-generic 0000:0000:0000.0008: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[  576.988520][ T9297] loop4: detected capacity change from 0 to 1024
[  577.156227][ T9180] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  577.469276][ T9180] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  577.874022][ T9300] loop1: detected capacity change from 0 to 32768
[  577.891759][ T9300] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1047 (9300)
[  577.965011][ T9300] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  577.982785][ T9300] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  578.279306][   T59] hfsplus: b-tree write err: -5, ino 4
[  578.313904][ T9300] BTRFS info (device loop1): enabling ssd optimizations
[  578.327225][ T9300] BTRFS info (device loop1): turning on async discard
[  578.335930][ T9300] BTRFS info (device loop1): enabling free space tree
[  578.521168][ T9180] team0: Port device team_slave_0 added
[  578.683548][ T9180] team0: Port device team_slave_1 added
[  579.036877][ T9302] fido_id[9302]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory
[  579.122921][ T5790] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  579.295058][ T9180] batman_adv: batadv0: Adding interface: batadv_slave_0
[  579.308524][ T9180] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  579.336585][ T9180] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  579.629945][ T9180] batman_adv: batadv0: Adding interface: batadv_slave_1
[  579.641173][ T9180] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  579.678500][ T9180] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  579.995999][ T9332] loop2: detected capacity change from 0 to 512
[  580.083873][ T9332] EXT4-fs: Ignoring removed mblk_io_submit option
[  580.093124][ T9332] EXT4-fs: inline encryption not supported
[  580.197225][ T9332] EXT4-fs (loop2): Test dummy encryption mode enabled
[  580.214332][ T9332] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  580.524833][ T9332] EXT4-fs (loop2): 1 truncate cleaned up
[  580.593999][ T9332] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  581.069551][ T9180] hsr_slave_0: entered promiscuous mode
[  581.172742][ T9180] hsr_slave_1: entered promiscuous mode
[  581.909361][ T5780] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  582.135869][ T9352] loop8: detected capacity change from 0 to 8
[  582.232423][ T9352] Dev loop8: unable to read RDB block 8
[  582.246800][ T9352]  loop8: unable to read partition table
[  582.285975][ T9352] loop8: partition table beyond EOD, truncated
[  582.296323][ T9352] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  583.087325][ T9358] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1059'.
[  583.916286][ T8929] IPVS: starting estimator thread 0...
[  583.989394][ T9365] loop8: detected capacity change from 0 to 8
[  584.049503][ T9367] IPVS: using max 192 ests per chain, 9600 per kthread
[  584.050612][ T9365] Dev loop8: unable to read RDB block 8
[  584.069047][ T9365]  loop8: unable to read partition table
[  584.171674][ T9365] loop8: partition table beyond EOD, truncated
[  584.179234][ T9365] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5)
[  584.377443][ T9360] loop5: detected capacity change from 0 to 4096
[  584.791867][ T9373] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  585.611020][ T9180] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  585.853084][ T9180] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  585.887435][   T30] audit: type=1800 audit(1769215007.823:19): pid=9382 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.1065" name="SYSV00000000" dev="tmpfs" ino=1 res=0 errno=0
[  586.128711][ T9180] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  586.384460][ T9180] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  590.115275][ T9180] 8021q: adding VLAN 0 to HW filter on device bond0
[  590.484765][ T9180] 8021q: adding VLAN 0 to HW filter on device team0
[  590.790461][   T59] bridge0: port 1(bridge_slave_0) entered blocking state
[  590.801943][   T59] bridge0: port 1(bridge_slave_0) entered forwarding state
[  591.044558][ T9409] loop2: detected capacity change from 0 to 65536
[  591.161157][ T9409] XFS (loop2): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  591.273828][ T6060] bridge0: port 2(bridge_slave_1) entered blocking state
[  591.288478][ T6060] bridge0: port 2(bridge_slave_1) entered forwarding state
[  591.415673][ T9409] XFS (loop2): Ending clean mount
[  591.593729][ T5780] XFS (loop2): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  593.774304][ T9447] loop4: detected capacity change from 0 to 256
[  595.369336][ T9459] netlink: 'syz.2.1086': attribute type 1 has an invalid length.
[  596.248595][ T9466] netlink: 'syz.1.1088': attribute type 1 has an invalid length.
[  596.265101][ T9466] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1088'.
[  596.717280][ T9180] 8021q: adding VLAN 0 to HW filter on device batadv0
[  596.930686][ T9472] binder: 9470:9472 ioctl c0306201 200000000600 returned -22
[  598.897847][ T9494] loop2: detected capacity change from 0 to 128
[  599.052236][ T9494] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  599.100584][ T9494] ext4 filesystem being mounted at /227/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  599.952453][ T5780] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  601.335071][ T9509] loop1: detected capacity change from 0 to 32768
[  601.410232][ T9509] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  602.062180][ T9509] XFS (loop1): Ending clean mount
[  602.110692][ T9509] XFS (loop1): Quotacheck needed: Please wait.
[  602.288166][ T9509] XFS (loop1): Quotacheck: Done.
[  602.411070][   T30] audit: type=1800 audit(1769215024.333:20): pid=9509 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1101" name="bus" dev="loop1" ino=6156 res=0 errno=0
[  602.509339][ T9180] veth0_vlan: entered promiscuous mode
[  602.721016][ T9533] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1106'.
[  602.732877][ T9533] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1106'.
[  602.763083][ T5790] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  602.891442][ T9180] veth1_vlan: entered promiscuous mode
[  602.901882][    C0] hrtimer: interrupt took 3453558 ns
[  603.013193][ T9533] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1106'.
[  603.025402][ T9533] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1106'.
[  603.552672][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  603.565256][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  603.973551][ T9180] veth0_macvtap: entered promiscuous mode
[  604.169607][ T9180] veth1_macvtap: entered promiscuous mode
[  604.360572][ T9543] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1111'.
[  604.696688][ T9180] batman_adv: batadv0: Interface activated: batadv_slave_0
[  605.079842][ T9180] batman_adv: batadv0: Interface activated: batadv_slave_1
[  605.921193][ T1038] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  606.241281][ T1038] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  606.405793][ T1038] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  606.705495][ T1038] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  612.789295][ T9575] loop2: detected capacity change from 0 to 40427
[  612.809176][ T9575] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  612.820476][ T9575] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  612.880990][ T9575] F2FS-fs (loop2): invalid crc value
[  613.719238][ T9575] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  613.825054][ T9575] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  613.860154][ T9575] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  615.983263][ T9596] netlink: 'syz.4.1126': attribute type 1 has an invalid length.
[  617.144410][ T9596] 8021q: adding VLAN 0 to HW filter on device bond1
[  618.760745][ T9600] bond1: (slave veth3): Enslaving as an active interface with a down link
[  624.800582][ T5793] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[  624.827686][ T5793] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[  624.861632][ T5793] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[  624.979170][ T5793] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[  625.062448][ T5793] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[  627.260057][ T5793] Bluetooth: hci2: command tx timeout
[  629.361018][ T5793] Bluetooth: hci2: command tx timeout
[  630.830883][ T9640] chnl_net:caif_netlink_parms(): no params data found
[  630.870249][ T9686] loop1: detected capacity change from 0 to 64
[  631.430980][ T5793] Bluetooth: hci2: command tx timeout
[  631.669147][ T5986] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  632.079540][ T5986] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  632.433041][ T5986] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  632.798958][ T5986] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  633.064039][ T9704] loop5: detected capacity change from 0 to 64
[  633.532867][ T5793] Bluetooth: hci2: command tx timeout
[  634.124285][ T5986] bridge_slave_1: left allmulticast mode
[  634.142448][ T5986] bridge_slave_1: left promiscuous mode
[  634.152213][ T5986] bridge0: port 2(bridge_slave_1) entered disabled state
[  634.607854][ T5986] bridge_slave_0: left allmulticast mode
[  634.619130][ T5986] bridge_slave_0: left promiscuous mode
[  634.636692][ T5986] bridge0: port 1(bridge_slave_0) entered disabled state
[  635.122457][ T9714] loop4: detected capacity change from 0 to 40427
[  635.153192][ T9716] loop1: detected capacity change from 0 to 64
[  635.166994][ T9714] F2FS-fs (loop4): invalid crc value
[  635.512812][ T9724] hfs: keylen 1794 too large
[  635.592515][ T9714] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  635.613740][ T9714] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  635.639013][ T9724] hfs: keylen 1794 too large
[  635.814333][ T5783] syz-executor: attempt to access beyond end of device
[  635.814333][ T5783] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  635.833891][ T5783] CPU: 1 UID: 0 PID: 5783 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(voluntary) 
[  635.834051][ T5783] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  635.834142][ T5783] Call Trace:
[  635.834199][ T5783]  <TASK>
[  635.834253][ T5783]  __dump_stack+0x26/0x30
[  635.834440][ T5783]  dump_stack_lvl+0x14c/0x1c0
[  635.834620][ T5783]  dump_stack+0x1e/0x25
[  635.834790][ T5783]  f2fs_handle_critical_error+0xa6f/0xc20
[  635.835054][ T5783]  f2fs_stop_checkpoint+0x65/0x80
[  635.835205][ T5783]  f2fs_write_end_io+0x101c/0x1bb0
[  635.835398][ T5783]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  635.835527][ T5783]  bio_endio+0xf92/0x10e0
[  635.835699][ T5783]  submit_bio_noacct+0x200a/0x2930
[  635.835938][ T5783]  submit_bio+0x57a/0x620
[  635.836113][ T5783]  f2fs_submit_write_bio+0x92/0x250
[  635.836324][ T5783]  __submit_merged_bio+0x16f/0x6a0
[  635.836523][ T5783]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  635.836773][ T5783]  __submit_merged_write_cond+0x44a/0x990
[  635.837000][ T5783]  f2fs_write_data_pages+0x4d18/0x57a0
[  635.837276][ T5783]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  635.837504][ T5783]  ? kmsan_get_metadata+0xf1/0x160
[  635.837708][ T5783]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  635.838074][ T5783]  ? kmsan_get_metadata+0xf1/0x160
[  635.838279][ T5783]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  635.838511][ T5783]  ? update_misfit_status+0x32/0xa90
[  635.838724][ T5783]  ? kmsan_internal_set_shadow_origin+0x7a/0x110
[  635.838942][ T5783]  ? kmsan_get_metadata+0xf1/0x160
[  635.839156][ T5783]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  635.839378][ T5783]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  635.839530][ T5783]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  635.839682][ T5783]  do_writepages+0x3f2/0x860
[  635.839860][ T5783]  ? _raw_spin_unlock+0x30/0x50
[  635.840021][ T5783]  ? wbc_attach_and_unlock_inode+0x131/0x670
[  635.840221][ T5783]  filemap_fdatawrite+0x207/0x260
[  635.840483][ T5783]  f2fs_sync_dirty_inodes+0x2aa/0x9d0
[  635.840697][ T5783]  f2fs_write_checkpoint+0x10a3/0x3720
[  635.840970][ T5783]  ? stack_depot_save_flags+0x35/0x790
[  635.841202][ T5783]  kill_f2fs_super+0x320/0x990
[  635.841414][ T5783]  ? __pfx_kill_f2fs_super+0x10/0x10
[  635.841583][ T5783]  deactivate_locked_super+0xcb/0x3c0
[  635.841782][ T5783]  deactivate_super+0x12f/0x140
[  635.841966][ T5783]  cleanup_mnt+0x7eb/0x870
[  635.842132][ T5783]  ? __pfx___cleanup_mnt+0x10/0x10
[  635.842289][ T5783]  __cleanup_mnt+0x22/0x30
[  635.842438][ T5783]  task_work_run+0x208/0x2b0
[  635.842639][ T5783]  exit_to_user_mode_loop+0x2ff/0x1b20
[  635.842862][ T5783]  ? user_path_at+0x241/0x3e0
[  635.843051][ T5783]  ? __x64_sys_umount+0x1dc/0x250
[  635.843263][ T5783]  do_syscall_64+0x1d7/0xf80
[  635.843450][ T5783]  ? clear_bhb_loop+0x40/0x90
[  635.843615][ T5783]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  635.843776][ T5783] RIP: 0033:0x7f937099bf17
[  635.843898][ T5783] Code: a2 c7 05 7c 96 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  635.844023][ T5783] RSP: 002b:00007ffd2e881918 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  635.844164][ T5783] RAX: 0000000000000000 RBX: 00007f9370a0471f RCX: 00007f937099bf17
[  635.844262][ T5783] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffd2e8819d0
[  635.844354][ T5783] RBP: 00007ffd2e8819d0 R08: 00007ffd2e8829d0 R09: 00000000ffffffff
[  635.844454][ T5783] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffd2e882a60
[  635.844549][ T5783] R13: 00007f9370a0471f R14: 000000000009b30d R15: 00007ffd2e882aa0
[  635.846041][ T5783]  </TASK>
[  636.340931][ T5783] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  637.011519][ T9730] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1164'.
[  637.224672][ T5986] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  637.335721][ T5986] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  637.496144][ T5986] bond0 (unregistering): Released all slaves
[  638.173344][ T5986] hsr_slave_0: left promiscuous mode
[  638.275358][ T5986] hsr_slave_1: left promiscuous mode
[  638.370955][ T5986] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  638.382789][ T5986] batman_adv: batadv0: Removing interface: batadv_slave_0
[  638.510368][ T5986] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  638.523992][ T5986] batman_adv: batadv0: Removing interface: batadv_slave_1
[  638.791449][ T9742] loop2: detected capacity change from 0 to 512
[  638.808218][ T5986] veth1_macvtap: left promiscuous mode
[  638.832218][ T5986] veth0_macvtap: left promiscuous mode
[  638.838531][ T5986] veth1_vlan: left promiscuous mode
[  638.912725][ T5986] veth0_vlan: left promiscuous mode
[  640.837424][ T9750] loop2: detected capacity change from 0 to 32768
[  640.851628][ T9750] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1170 (9750)
[  640.887871][ T9750] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  640.907126][ T9750] BTRFS info (device loop2): using blake2b (blake2b-256-lib) checksum algorithm
[  641.317615][ T9750] BTRFS info (device loop2): enabling ssd optimizations
[  641.328547][ T9750] BTRFS info (device loop2): turning on async discard
[  641.338721][ T9750] BTRFS info (device loop2): enabling free space tree
[  641.350975][ T9750] BTRFS info (device loop2): use lzo compression, level 1
[  641.998957][ T5780] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  643.496221][ T5986] team0 (unregistering): Port device team_slave_1 removed
[  643.632079][ T5986] team0 (unregistering): Port device team_slave_0 removed
[  643.652429][ T9779] loop1: detected capacity change from 0 to 8192
[  643.743187][ T9779] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  647.402919][ T9741] netlink: 104 bytes leftover after parsing attributes in process `syz.5.1168'.
[  647.554612][ T9741] netlink: 104 bytes leftover after parsing attributes in process `syz.5.1168'.
[  647.715536][ T9640] bridge0: port 1(bridge_slave_0) entered blocking state
[  647.726150][ T9640] bridge0: port 1(bridge_slave_0) entered disabled state
[  647.863353][ T9640] bridge_slave_0: entered allmulticast mode
[  647.934714][ T9640] bridge_slave_0: entered promiscuous mode
[  648.165099][ T9640] bridge0: port 2(bridge_slave_1) entered blocking state
[  648.177427][ T9640] bridge0: port 2(bridge_slave_1) entered disabled state
[  648.425258][ T9640] bridge_slave_1: entered allmulticast mode
[  648.599140][ T9640] bridge_slave_1: entered promiscuous mode
[  649.174022][ T9871] loop2: detected capacity change from 0 to 32768
[  649.318903][ T9871] XFS (loop2): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  649.683737][ T9640] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  649.816830][ T9640] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  649.899322][ T9871] XFS (loop2): Ending clean mount
[  649.922071][ T9871] XFS (loop2): Quotacheck needed: Please wait.
[  650.055345][ T9871] XFS (loop2): Quotacheck: Done.
[  650.205048][ T9891] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  650.224317][ T9891] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  650.234897][ T9891] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  650.344641][ T9891] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  650.528611][ T9640] team0: Port device team_slave_0 added
[  650.672644][ T9640] team0: Port device team_slave_1 added
[  650.780581][ T5780] XFS (loop2): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  651.181043][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  651.191473][    C1] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  651.339095][ T9640] batman_adv: batadv0: Adding interface: batadv_slave_0
[  651.350743][ T9640] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  651.400278][ T9640] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  651.730110][ T9640] batman_adv: batadv0: Adding interface: batadv_slave_1
[  651.741605][ T9640] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  651.782138][ T9640] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  652.384394][ T9910] loop5: detected capacity change from 0 to 64
[  652.721108][ T9910] hfs: walked past end of dir
[  653.044365][ T9640] hsr_slave_0: entered promiscuous mode
[  653.140451][ T9640] hsr_slave_1: entered promiscuous mode
[  653.580860][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  653.591767][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  653.716267][ T9912] loop1: detected capacity change from 0 to 4096
[  653.751779][ T9921] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1191'.
[  654.055127][ T9923] netlink: 25 bytes leftover after parsing attributes in process `syz.2.1190'.
[  654.756755][ T9924] team0: Port device team_slave_0 removed
[  654.867126][ T9924] bond1: (slave team_slave_0): Enslaving as a backup interface with an up link
[  656.710764][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  658.012563][ T9640] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  658.118362][ T9640] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  658.179120][ T9966] loop5: detected capacity change from 0 to 128
[  658.295834][ T9640] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  658.455863][ T9640] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  659.820911][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  659.881308][ T9981] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1206'.
[  659.894151][ T9981] netlink: 300 bytes leftover after parsing attributes in process `syz.5.1206'.
[  659.906337][ T9981] netlink: 152 bytes leftover after parsing attributes in process `syz.5.1206'.
[  660.116017][ T9981] netlink: 16 bytes leftover after parsing attributes in process `syz.5.1206'.
[  661.018488][ T9640] 8021q: adding VLAN 0 to HW filter on device bond0
[  661.336045][ T9985] loop2: detected capacity change from 0 to 32768
[  661.476101][ T9985] 
[  661.476101][ T9985]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  661.476101][ T9985] 
[  661.559564][ T9985] ERROR: (device loop2): diWrite: ixpxd invalid
[  661.559564][ T9985] 
[  661.600368][ T9985] ERROR: (device loop2): txAbort: 
[  661.600368][ T9985] 
[  661.627839][ T9985] 
[  661.627839][ T9985]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  661.627839][ T9985] 
[  661.640676][ T9985] 
[  661.640676][ T9985]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  661.640676][ T9985] 
[  661.655824][ T9985] 
[  661.655824][ T9985]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  661.655824][ T9985] 
[  661.675259][ T9985] 
[  661.675259][ T9985]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  661.675259][ T9985] 
[  661.715811][ T9985] 
[  661.715811][ T9985]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  661.715811][ T9985] 
[  661.734372][ T9985] 
[  661.734372][ T9985]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  661.734372][ T9985] 
[  661.754335][ T9985] 
[  661.754335][ T9985]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  661.754335][ T9985] 
[  661.771071][ T9985] 
[  661.771071][ T9985]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  661.771071][ T9985] 
[  661.797009][ T9640] 8021q: adding VLAN 0 to HW filter on device team0
[  661.811014][  T113] 
[  661.811014][  T113]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  661.811014][  T113] 
[  661.834747][ T9985] 
[  661.834747][ T9985]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  661.834747][ T9985] 
[  661.848615][ T9985] 
[  661.848615][ T9985]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  661.848615][ T9985] 
[  661.864264][ T9985] 
[  661.864264][ T9985]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  661.864264][ T9985] 
[  661.885580][ T9985] 
[  661.885580][ T9985]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  661.885580][ T9985] 
[  661.919322][ T9985] 
[  661.919322][ T9985]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  661.919322][ T9985] 
[  662.071933][ T9829] bridge0: port 1(bridge_slave_0) entered blocking state
[  662.079902][ T9829] bridge0: port 1(bridge_slave_0) entered forwarding state
[  662.110626][ T5780] 
[  662.110626][ T5780]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  662.110626][ T5780] 
[  662.192746][ T5780] 
[  662.192746][ T5780]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  662.192746][ T5780] 
[  662.317576][ T6060] bridge0: port 2(bridge_slave_1) entered blocking state
[  662.331602][ T6060] bridge0: port 2(bridge_slave_1) entered forwarding state
[  662.470856][ T9998] sctp: [Deprecated]: syz.4.1210 (pid 9998) Use of struct sctp_assoc_value in delayed_ack socket option.
[  662.470856][ T9998] Use struct sctp_sack_info instead
[  663.298282][T10006] loop5: detected capacity change from 0 to 64
[  663.420774][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  663.632683][   T30] audit: type=1800 audit(1769215085.573:21): pid=10006 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1214" name="file1" dev="loop5" ino=22 res=0 errno=0
[  664.990066][ T1295] ieee802154 phy0 wpan0: encryption failed: -22
[  665.002677][ T1295] ieee802154 phy1 wpan1: encryption failed: -22
[  666.404404][T10030] netlink: 'syz.4.1222': attribute type 10 has an invalid length.
[  666.519118][ T9640] 8021q: adding VLAN 0 to HW filter on device batadv0
[  666.532440][T10030] bridge0: port 2(bridge_slave_1) entered disabled state
[  666.545813][T10030] bridge0: port 1(bridge_slave_0) entered disabled state
[  666.777161][T10030] bridge0: port 2(bridge_slave_1) entered blocking state
[  666.788970][T10030] bridge0: port 2(bridge_slave_1) entered forwarding state
[  666.805846][T10030] bridge0: port 1(bridge_slave_0) entered blocking state
[  666.817206][T10030] bridge0: port 1(bridge_slave_0) entered forwarding state
[  666.917308][T10030] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  667.690835][T10040] netlink: 'syz.5.1224': attribute type 10 has an invalid length.
[  667.935027][T10040] team0: Port device dummy0 added
[  669.502443][ T9640] veth0_vlan: entered promiscuous mode
[  669.713701][ T9640] veth1_vlan: entered promiscuous mode
[  670.250632][ T9640] veth0_macvtap: entered promiscuous mode
[  670.377588][ T9640] veth1_macvtap: entered promiscuous mode
[  670.620795][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  670.743749][ T9640] batman_adv: batadv0: Interface activated: batadv_slave_0
[  670.948656][ T9640] batman_adv: batadv0: Interface activated: batadv_slave_1
[  671.079561][ T9844] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  671.177511][ T9844] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  671.248419][ T9844] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  671.316817][ T9844] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  673.273490][T10097] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  673.321943][T10097] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  673.341906][T10097] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  673.358422][T10097] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  673.378054][T10097] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  673.431417][T10099] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  673.446606][T10099] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  673.509278][T10100] loop1: detected capacity change from 0 to 64
[  673.528611][T10096] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  675.072131][T10103] loop5: detected capacity change from 0 to 32768
[  675.232210][T10103] XFS (loop5): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  675.540657][T10119] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1242'.
[  675.814069][T10103] XFS (loop5): Ending clean mount
[  675.842375][T10103] XFS (loop5): Quotacheck needed: Please wait.
[  675.939510][T10103] XFS (loop5): Quotacheck: Done.
[  677.473740][ T6433] XFS (loop5): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  678.276309][T10123] loop4: detected capacity change from 0 to 65536
[  678.407249][T10123] XFS (loop4): Mounting V5 Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  678.713504][T10123] XFS (loop4): Ending clean mount
[  678.734361][T10123] XFS (loop4): Quotacheck needed: Please wait.
[  678.822889][T10123] XFS (loop4): Quotacheck: Done.
[  680.501551][ T5783] XFS (loop4): Unmounting Filesystem 9b7348e5-2fa0-41a5-9526-c53a678b01f3
[  682.164062][ T5794] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  682.186666][ T5794] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  682.218928][ T5794] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  682.247287][ T5794] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  682.320754][ T5794] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  684.621518][ T5794] Bluetooth: hci0: command tx timeout
[  685.340721][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  686.699972][ T5794] Bluetooth: hci0: command tx timeout
[  688.794694][ T5794] Bluetooth: hci0: command tx timeout
[  689.032077][ T5793] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1
[  689.057150][ T5793] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9
[  689.076558][ T5793] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9
[  689.106223][ T5793] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4
[  689.129980][ T5793] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2
[  690.562729][T10145] chnl_net:caif_netlink_parms(): no params data found
[  690.862519][ T5793] Bluetooth: hci0: command tx timeout
[  691.061349][ T9831] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  691.076042][ T9831] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  691.232671][T10170] loop1: detected capacity change from 0 to 4096
[  691.262410][ T5793] Bluetooth: hci6: command tx timeout
[  691.731008][T10170] ntfs3(loop1): Mark volume as dirty due to NTFS errors
[  691.826920][T10170] ntfs3(loop1): ino=1a, mi_enum_attr
[  691.870695][T10170] ntfs3(loop1): ino=1a, mi_enum_attr
[  691.877558][T10170] ntfs3(loop1): Failed to initialize $Extend/$Reparse.
[  693.156885][ T9831] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  693.380742][ T5793] Bluetooth: hci6: command tx timeout
[  693.771723][ T9831] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  693.949578][T10164] chnl_net:caif_netlink_parms(): no params data found
[  694.298154][ T9831] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  694.375080][T10187] loop1: detected capacity change from 0 to 32768
[  694.392690][T10187] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.1258 (10187)
[  694.417158][T10187] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  694.432733][T10187] BTRFS info (device loop1): using crc32c (crc32c-lib) checksum algorithm
[  694.674665][T10187] BTRFS info (device loop1): enabling ssd optimizations
[  694.685073][T10187] BTRFS info (device loop1): turning on async discard
[  694.693895][T10187] BTRFS info (device loop1): enabling free space tree
[  694.832414][T10187] BTRFS info (device loop1): balance: start -svrange=4192962769381109550..3476060267370475366,limit=202604818480
[  694.857526][T10187] BTRFS info (device loop1): balance: ended with status: 0
[  695.094014][ T5790] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  695.379132][ T9831] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  695.441385][ T5793] Bluetooth: hci6: command tx timeout
[  695.653650][T10145] bridge0: port 1(bridge_slave_0) entered blocking state
[  695.672079][T10145] bridge0: port 1(bridge_slave_0) entered disabled state
[  695.768993][T10145] bridge_slave_0: entered allmulticast mode
[  695.884570][T10145] bridge_slave_0: entered promiscuous mode
[  695.965150][T10145] bridge0: port 2(bridge_slave_1) entered blocking state
[  695.976039][T10145] bridge0: port 2(bridge_slave_1) entered disabled state
[  696.081942][T10145] bridge_slave_1: entered allmulticast mode
[  696.130468][T10145] bridge_slave_1: entered promiscuous mode
[  696.813625][T10145] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  697.540345][ T5793] Bluetooth: hci6: command tx timeout
[  697.607612][T10145] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  698.723336][ T9831] bridge_slave_1: left allmulticast mode
[  698.732743][ T9831] bridge_slave_1: left promiscuous mode
[  698.743893][ T9831] bridge0: port 2(bridge_slave_1) entered disabled state
[  698.900158][ T9831] bridge_slave_0: left allmulticast mode
[  698.907601][ T9831] bridge_slave_0: left promiscuous mode
[  698.921730][ T9831] bridge0: port 1(bridge_slave_0) entered disabled state
[  700.276254][ T9831] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  700.313706][ T9831] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  700.348352][ T9831] bond0 (unregistering): Released all slaves
[  700.677819][T10145] team0: Port device team_slave_0 added
[  700.859067][T10235] netlink: 'syz.1.1269': attribute type 1 has an invalid length.
[  700.932863][ T9831] hsr_slave_0: left promiscuous mode
[  700.954480][ T9831] hsr_slave_1: left promiscuous mode
[  700.983928][ T9831] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  700.994095][ T9831] batman_adv: batadv0: Removing interface: batadv_slave_0
[  701.048440][ T9831] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  701.057307][ T9831] batman_adv: batadv0: Removing interface: batadv_slave_1
[  701.180970][ T9831] veth1_macvtap: left promiscuous mode
[  701.188274][ T9831] veth0_macvtap: left promiscuous mode
[  701.250696][ T9831] veth1_vlan: left promiscuous mode
[  701.256328][ T9831] veth0_vlan: left promiscuous mode
[  703.757442][ T9831] team0 (unregistering): Port device team_slave_1 removed
[  703.954236][ T9831] team0 (unregistering): Port device team_slave_0 removed
[  704.593877][T10266] loop5: detected capacity change from 0 to 256
[  704.682394][T10266] exFAT-fs (loop5): Medium has reported failures. Some data may be lost.
[  704.821212][T10266] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x7f1fc68d, utbl_chksum : 0xe619d30d)
[  705.170390][T10164] bridge0: port 1(bridge_slave_0) entered blocking state
[  705.179635][T10164] bridge0: port 1(bridge_slave_0) entered disabled state
[  705.274056][T10164] bridge_slave_0: entered allmulticast mode
[  705.385558][T10164] bridge_slave_0: entered promiscuous mode
[  705.497503][T10145] team0: Port device team_slave_1 added
[  705.530817][T10164] bridge0: port 2(bridge_slave_1) entered blocking state
[  705.538772][T10164] bridge0: port 2(bridge_slave_1) entered disabled state
[  705.628925][T10164] bridge_slave_1: entered allmulticast mode
[  705.700913][T10164] bridge_slave_1: entered promiscuous mode
[  705.820237][T10274] Bluetooth: hci1: Opcode 0x080f failed: -4
[  706.382301][T10164] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  706.657701][T10164] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  706.710447][T10145] batman_adv: batadv0: Adding interface: batadv_slave_0
[  706.718681][T10145] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  706.757564][T10145] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  707.096428][T10145] batman_adv: batadv0: Adding interface: batadv_slave_1
[  707.110551][T10145] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  707.153822][T10145] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  707.634742][T10276] loop4: detected capacity change from 0 to 40427
[  707.674104][T10276] F2FS-fs (loop4): invalid crc value
[  707.870358][ T5793] Bluetooth: hci1: command 0x0406 tx timeout
[  708.081051][T10276] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 1
[  708.133051][T10276] F2FS-fs (loop4): Start checkpoint disabled!
[  708.149154][T10276] F2FS-fs (loop4): f2fs_disable_checkpoint() finish, err:0
[  708.191486][T10276] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  708.264484][T10164] team0: Port device team_slave_0 added
[  708.396945][T10164] team0: Port device team_slave_1 added
[  710.551627][ T9851] kworker/u8:34: attempt to access beyond end of device
[  710.551627][ T9851] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  710.573233][ T9851] CPU: 1 UID: 0 PID: 9851 Comm: kworker/u8:34 Not tainted syzkaller #0 PREEMPT(voluntary) 
[  710.573390][ T9851] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  710.573505][ T9851] Workqueue: writeback wb_workfn (flush-7:4)
[  710.573708][ T9851] Call Trace:
[  710.573761][ T9851]  <TASK>
[  710.573817][ T9851]  __dump_stack+0x26/0x30
[  710.573990][ T9851]  dump_stack_lvl+0x14c/0x1c0
[  710.574173][ T9851]  dump_stack+0x1e/0x25
[  710.574337][ T9851]  f2fs_handle_critical_error+0xa6f/0xc20
[  710.574600][ T9851]  f2fs_stop_checkpoint+0x65/0x80
[  710.574762][ T9851]  f2fs_write_end_io+0x101c/0x1bb0
[  710.574969][ T9851]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  710.575123][ T9851]  bio_endio+0xf92/0x10e0
[  710.575299][ T9851]  submit_bio_noacct+0x200a/0x2930
[  710.575530][ T9851]  submit_bio+0x57a/0x620
[  710.575718][ T9851]  f2fs_submit_write_bio+0x92/0x250
[  710.575930][ T9851]  __submit_merged_bio+0x16f/0x6a0
[  710.576136][ T9851]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  710.576371][ T9851]  __submit_merged_write_cond+0x44a/0x990
[  710.576603][ T9851]  f2fs_write_data_pages+0x4d18/0x57a0
[  710.576859][ T9851]  ? kmsan_get_metadata+0xf1/0x160
[  710.577121][ T9851]  ? kmsan_get_metadata+0xf1/0x160
[  710.577333][ T9851]  ? kmsan_get_metadata+0xf1/0x160
[  710.577548][ T9851]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  710.577778][ T9851]  ? kmsan_get_metadata+0xf1/0x160
[  710.578126][ T9851]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  710.578355][ T9851]  ? kmsan_get_metadata+0xf1/0x160
[  710.578661][ T9851]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  710.578884][ T9851]  ? kmsan_get_metadata+0xf1/0x160
[  710.581965][ T9851]  ? kmsan_get_metadata+0xf1/0x160
[  710.582178][ T9851]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  710.582395][ T9851]  ? kmsan_get_metadata+0xf1/0x160
[  710.582606][ T9851]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  710.582829][ T9851]  ? kmsan_get_metadata+0xf1/0x160
[  710.583042][ T9851]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  710.583259][ T9851]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  710.584811][ T9851]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  710.584965][ T9851]  do_writepages+0x3f2/0x860
[  710.585114][ T9851]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  710.585339][ T9851]  ? queue_io+0x771/0x790
[  710.585504][ T9851]  ? kmsan_get_metadata+0xf1/0x160
[  710.585749][ T9851]  __writeback_single_inode+0x101/0x1180
[  710.585945][ T9851]  ? kmsan_get_metadata+0xf1/0x160
[  710.586169][ T9851]  writeback_sb_inodes+0xb2d/0x1f10
[  710.586462][ T9851]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  710.586720][ T9851]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  710.586951][ T9851]  wb_writeback+0x4d0/0xc00
[  710.587153][ T9851]  ? queue_io+0x471/0x790
[  710.587340][ T9851]  wb_workfn+0x397/0x1910
[  710.587500][ T9851]  ? kmsan_get_metadata+0xf1/0x160
[  710.587746][ T9851]  ? __pfx_wb_workfn+0x10/0x10
[  710.587978][ T9851]  process_scheduled_works+0xb03/0x1da0
[  710.588201][ T9851]  worker_thread+0xede/0x1590
[  710.588396][ T9851]  kthread+0xd5a/0xf00
[  710.588560][ T9851]  ? __pfx_worker_thread+0x10/0x10
[  710.588744][ T9851]  ? __pfx_kthread+0x10/0x10
[  710.588911][ T9851]  ret_from_fork+0x207/0x6f0
[  710.589053][ T9851]  ? __switch_to+0x521/0x750
[  710.589233][ T9851]  ? __pfx_kthread+0x10/0x10
[  710.589404][ T9851]  ret_from_fork_asm+0x1a/0x30
[  710.589631][ T9851]  </TASK>
[  711.041804][ T9851] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  711.585704][T10344] netlink: 92 bytes leftover after parsing attributes in process `syz.1.1288'.
[  712.000357][T10145] hsr_slave_0: entered promiscuous mode
[  712.032435][T10145] hsr_slave_1: entered promiscuous mode
[  712.116670][T10164] batman_adv: batadv0: Adding interface: batadv_slave_0
[  712.124312][T10164] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  712.150717][T10164] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  712.376610][T10164] batman_adv: batadv0: Adding interface: batadv_slave_1
[  712.388534][T10164] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  712.415020][T10164] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  713.010986][  T798] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  713.228461][  T798] usb 2-1: too many endpoints for config 4 interface 0 altsetting 0: 79, using maximum allowed: 30
[  713.269362][  T798] usb 2-1: config 4 interface 0 altsetting 0 has an endpoint descriptor with address 0x32, changing to 0x2
[  713.282472][  T798] usb 2-1: config 4 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 91
[  713.296140][  T798] usb 2-1: config 4 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 79
[  713.310076][  T798] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b
[  713.319362][  T798] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  713.442473][T10358] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  713.683283][  T798] ath6kl: Failed to submit usb control message: -71
[  713.690389][  T798] ath6kl: unable to send the bmi data to the device: -71
[  713.699380][  T798] ath6kl: Unable to send get target info: -71
[  713.708563][  T798] ath6kl: Failed to init ath6kl core: -71
[  713.721564][  T798] ath6kl_usb 2-1:4.0: probe with driver ath6kl_usb failed with error -71
[  713.815334][  T798] usb 2-1: USB disconnect, device number 6
[  713.842380][T10164] hsr_slave_0: entered promiscuous mode
[  713.965765][T10164] hsr_slave_1: entered promiscuous mode
[  714.030227][T10164] debugfs: 'hsr0' already exists in 'hsr'
[  714.036296][T10164] Cannot create hsr debugfs directory
[  714.140601][    C0] GRED: Unable to relocate VQ 0x0 after dequeue, screwing up backlog
[  715.544036][ T5780] jfs_flush_journal: synclist not empty
[  715.550123][ T5780] =====================================================
[  715.557336][ T5780] BUG: KMSAN: uninit-value in hex_dump_to_buffer+0xeeb/0xf20
[  715.565335][ T5780]  hex_dump_to_buffer+0xeeb/0xf20
[  715.570750][ T5780]  print_hex_dump+0x10d/0x330
[  715.575604][ T5780]  jfs_flush_journal+0x13e9/0x1670
[  715.581288][ T5780]  jfs_umount+0x1e3/0x720
[  715.585832][ T5780]  jfs_put_super+0x112/0x3d0
[  715.591667][ T5780]  generic_shutdown_super+0x1b0/0x4b0
[  715.597250][ T5780]  kill_block_super+0x42/0xd0
[  715.602596][ T5780]  deactivate_locked_super+0xcb/0x3c0
[  715.608191][ T5780]  deactivate_super+0x12f/0x140
[  715.613434][ T5780]  cleanup_mnt+0x7eb/0x870
[  715.618031][ T5780]  __cleanup_mnt+0x22/0x30
[  715.623242][ T5780]  task_work_run+0x208/0x2b0
[  715.628048][ T5780]  exit_to_user_mode_loop+0x2ff/0x1b20
[  715.633919][ T5780]  do_syscall_64+0x1d7/0xf80
[  715.638733][ T5780]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  715.648064][ T5780] 
[  715.651617][ T5780] Uninit was stored to memory at:
[  715.656913][ T5780]  hex_dump_to_buffer+0xee4/0xf20
[  715.662301][ T5780]  print_hex_dump+0x10d/0x330
[  715.667156][ T5780]  jfs_flush_journal+0x13e9/0x1670
[  715.672748][ T5780]  jfs_umount+0x1e3/0x720
[  715.677260][ T5780]  jfs_put_super+0x112/0x3d0
[  715.682203][ T5780]  generic_shutdown_super+0x1b0/0x4b0
[  715.687779][ T5780]  kill_block_super+0x42/0xd0
[  715.692818][ T5780]  deactivate_locked_super+0xcb/0x3c0
[  715.698394][ T5780]  deactivate_super+0x12f/0x140
[  715.703572][ T5780]  cleanup_mnt+0x7eb/0x870
[  715.708165][ T5780]  __cleanup_mnt+0x22/0x30
[  715.713121][ T5780]  task_work_run+0x208/0x2b0
[  715.717935][ T5780]  exit_to_user_mode_loop+0x2ff/0x1b20
[  715.723866][ T5780]  do_syscall_64+0x1d7/0xf80
[  715.728681][ T5780]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  715.734972][ T5780] 
[  715.737393][ T5780] Uninit was created at:
[  715.744335][ T5780]  kmem_cache_alloc_noprof+0x967/0x1730
[  715.753892][ T5780]  mempool_alloc_slab+0x36/0x50
[  715.760421][ T5780]  mempool_alloc_noprof+0x19d/0x3c0
[  715.765844][ T5780]  __get_metapage+0xa20/0x1790
[  715.771033][ T5780]  diWrite+0x58f/0x2190
[  715.775390][ T5780]  txCommit+0xca7/0x92e0
[  715.780002][ T5780]  jfs_mknod+0xf69/0x1190
[  715.784522][ T5780]  vfs_mknod+0x903/0x9b0
[  715.788988][ T5780]  do_mknodat+0x637/0xe90
[  715.794064][ T5780]  __x64_sys_mknod+0xc3/0x140
[  715.798971][ T5780]  x64_sys_call+0x2ef3/0x3e70
[  715.812052][ T5780]  do_syscall_64+0xc9/0xf80
[  715.816812][ T5780]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  715.823445][ T5780] 
[  715.825915][ T5780] CPU: 1 UID: 0 PID: 5780 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(voluntary) 
[  715.836284][ T5780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  715.850002][ T5780] =====================================================
[  715.857061][ T5780] Disabling lock debugging due to kernel taint
[  715.864473][ T5780] Kernel panic - not syncing: kmsan.panic set ...
[  715.871047][ T5780] CPU: 1 UID: 0 PID: 5780 Comm: syz-executor Tainted: G    B               syzkaller #0 PREEMPT(voluntary) 
[  715.882815][ T5780] Tainted: [B]=BAD_PAGE
[  715.887075][ T5780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/13/2026
[  715.897288][ T5780] Call Trace:
[  715.900680][ T5780]  <TASK>
[  715.903726][ T5780]  __dump_stack+0x26/0x30
[  715.908364][ T5780]  dump_stack_lvl+0x50/0x1c0
[  715.913156][ T5780]  ? dump_stack+0x12/0x25
[  715.917702][ T5780]  dump_stack+0x1e/0x25
[  715.922062][ T5780]  vpanic+0x435/0xd40
[  715.926287][ T5780]  panic+0x15d/0x160
[  715.930449][ T5780]  kmsan_report+0x31a/0x320
[  715.935208][ T5780]  ? panic_on_this_cpu+0x5b/0x90
[  715.940331][ T5780]  ? __msan_warning+0x1b/0x30
[  715.945403][ T5780]  ? hex_dump_to_buffer+0xeeb/0xf20
[  715.950789][ T5780]  ? print_hex_dump+0x10d/0x330
[  715.955822][ T5780]  ? jfs_flush_journal+0x13e9/0x1670
[  715.961316][ T5780]  ? jfs_umount+0x1e3/0x720
[  715.966020][ T5780]  ? jfs_put_super+0x112/0x3d0
[  715.971121][ T5780]  ? generic_shutdown_super+0x1b0/0x4b0
[  715.976997][ T5780]  ? kill_block_super+0x42/0xd0
[  715.982080][ T5780]  ? deactivate_locked_super+0xcb/0x3c0
[  715.987840][ T5780]  ? deactivate_super+0x12f/0x140
[  715.993068][ T5780]  ? cleanup_mnt+0x7eb/0x870
[  715.997851][ T5780]  ? __cleanup_mnt+0x22/0x30
[  716.002715][ T5780]  ? task_work_run+0x208/0x2b0
[  716.007788][ T5780]  ? exit_to_user_mode_loop+0x2ff/0x1b20
[  716.013845][ T5780]  ? do_syscall_64+0x1d7/0xf80
[  716.019539][ T5780]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  716.026072][ T5780]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  716.032365][ T5780]  ? kmsan_get_metadata+0xf1/0x160
[  716.037732][ T5780]  ? kmsan_get_metadata+0xf1/0x160
[  716.043099][ T5780]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  716.049281][ T5780]  ? kmsan_get_metadata+0xf1/0x160
[  716.055087][ T5780]  ? kmsan_internal_set_shadow_origin+0x7a/0x110
[  716.061669][ T5780]  ? kmsan_internal_unpoison_memory+0x14/0x20
[  716.067986][ T5780]  ? kmsan_get_metadata+0xf1/0x160
[  716.073388][ T5780]  __msan_warning+0x1b/0x30
[  716.078141][ T5780]  hex_dump_to_buffer+0xeeb/0xf20
[  716.083398][ T5780]  ? print_hex_dump+0x5e/0x330
[  716.088356][ T5780]  print_hex_dump+0x10d/0x330
[  716.093252][ T5780]  ? kmsan_get_metadata+0xf1/0x160
[  716.098621][ T5780]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  716.104698][ T5780]  jfs_flush_journal+0x13e9/0x1670
[  716.110048][ T5780]  ? kmsan_get_metadata+0xf1/0x160
[  716.115451][ T5780]  jfs_umount+0x1e3/0x720
[  716.120014][ T5780]  jfs_put_super+0x112/0x3d0
[  716.124844][ T5780]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  716.130925][ T5780]  ? __pfx_jfs_put_super+0x10/0x10
[  716.136276][ T5780]  generic_shutdown_super+0x1b0/0x4b0
[  716.141898][ T5780]  kill_block_super+0x42/0xd0
[  716.146799][ T5780]  ? __pfx_kill_block_super+0x10/0x10
[  716.152407][ T5780]  deactivate_locked_super+0xcb/0x3c0
[  716.158024][ T5780]  deactivate_super+0x12f/0x140
[  716.163096][ T5780]  cleanup_mnt+0x7eb/0x870
[  716.167735][ T5780]  ? __pfx___cleanup_mnt+0x10/0x10
[  716.173048][ T5780]  __cleanup_mnt+0x22/0x30
[  716.177653][ T5780]  task_work_run+0x208/0x2b0
[  716.182503][ T5780]  exit_to_user_mode_loop+0x2ff/0x1b20
[  716.188233][ T5780]  ? user_path_at+0x241/0x3e0
[  716.193148][ T5780]  ? __x64_sys_umount+0x1dc/0x250
[  716.198429][ T5780]  do_syscall_64+0x1d7/0xf80
[  716.203245][ T5780]  ? clear_bhb_loop+0x40/0x90
[  716.208142][ T5780]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  716.214246][ T5780] RIP: 0033:0x7f40a7f9bf17
[  716.218822][ T5780] Code: a2 c7 05 7c 96 24 00 00 00 00 00 eb 96 e8 e1 12 00 00 90 31 f6 e9 09 00 00 00 66 0f 1f 84 00 00 00 00 00 b8 a6 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 01 c3 48 c7 c2 e8 ff ff ff f7 d8 64 89 02 b8
[  716.238647][ T5780] RSP: 002b:00007ffff32a14b8 EFLAGS: 00000246 ORIG_RAX: 00000000000000a6
[  716.247334][ T5780] RAX: 0000000000000000 RBX: 00007f40a800471f RCX: 00007f40a7f9bf17
[  716.255440][ T5780] RDX: 0000000000000000 RSI: 0000000000000009 RDI: 00007ffff32a1570
[  716.263538][ T5780] RBP: 00007ffff32a1570 R08: 00007ffff32a2570 R09: 00000000ffffffff
[  716.271656][ T5780] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ffff32a2600
[  716.279774][ T5780] R13: 00007f40a800471f R14: 00000000000a195c R15: 00007ffff32a2640
[  716.287943][ T5780]  </TASK>
[  716.291734][ T5780] Kernel Offset: disabled
[  716.296126][ T5780] Rebooting in 86400 seconds..