last executing test programs:

41.003924282s ago: executing program 0 (id=1053):
r0 = syz_init_net_socket$llc(0x1a, 0x2, 0x0)
bind$llc(r0, &(0x7f0000000040)={0x1a, 0x0, 0x0, 0x0, 0x0, 0x9}, 0x10)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0)
write$cgroup_int(r1, &(0x7f0000000000), 0xffffff6a)
sendfile(r0, r1, 0x0, 0xffffffff000)
recvmmsg(r0, &(0x7f0000000640)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000b00)=""/225, 0xe1}], 0x1}, 0xffffffff}], 0x1, 0x40000033, 0x0)
ioctl$int_in(r0, 0x5452, &(0x7f00000001c0)=0x40000000000003)

40.875426829s ago: executing program 1 (id=1054):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00', <r1=>0x0})
ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000480)={'wlan0\x00'})
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001440)={0x1c, r2, 0x1, 0x0, 0x0, {{0x8}, {@val={0x8, 0x3, r1}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)

39.577650007s ago: executing program 1 (id=1056):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x100, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = dup(r1)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, 0x0)
ioctl$KVM_CAP_EXIT_ON_EMULATION_FAILURE(r1, 0x4068aea3, &(0x7f0000000100)={0xcc, 0x0, 0x1})
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)

39.342189634s ago: executing program 0 (id=1059):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x80143, 0x1ff)
close(r0)
socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0xf, 0x4, 0x8, 0x9}, 0x48)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000200)={r2, &(0x7f0000000100), &(0x7f00000001c0)=@tcp=r1}, 0x20)
mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000080), 0x8, &(0x7f0000000240)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

38.566849734s ago: executing program 0 (id=1061):
sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB="20000000130001002cbd7000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB='G'], 0xfffffffffffffd2b}, 0x1, 0x0, 0x0, 0x80640d0}, 0x200488c9)
r0 = socket$packet(0x11, 0x3, 0x300)
r1 = socket$packet(0x11, 0x2, 0x300)
setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000180)={0x1, 0x8003}, 0x4)
setsockopt$packet_int(r0, 0x107, 0xf, &(0x7f0000000100)=0x207, 0x4)
ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'bridge0\x00', <r2=>0x0})
sendto$packet(r0, &(0x7f00000002c0)="05031600d3fc140000004788031c09102c28", 0xfce0, 0x4, &(0x7f0000000140)={0x11, 0x0, r2, 0x1, 0x0, 0x6, @multicast}, 0x14)

38.566381141s ago: executing program 1 (id=1062):
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32, @ANYBLOB="0000000004000000b705000008000000850000006a00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
ioctl$VIDIOC_SUBDEV_ENUM_MBUS_CODE(0xffffffffffffffff, 0xc0445624, &(0x7f00000005c0))
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000001440)={0x1f, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000b70800000c000000638af8ff00000000b5080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018240000", @ANYRES32=r0, @ANYBLOB="0000000000000000b703"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000280)='workqueue_activate_work\x00', r1}, 0x18)
bpf$PROG_LOAD(0x5, &(0x7f0000000500)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x94)

38.138262036s ago: executing program 1 (id=1064):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8d}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8)
syz_mount_image$jfs(&(0x7f0000000400), &(0x7f0000000000)='./file1\x00', 0x800c08, &(0x7f0000000200)=ANY=[@ANYBLOB="2c756d61736b3d300004000000000000000000", @ANYRES32, @ANYRESOCT=0x0, @ANYRESDEC, @ANYRES16, @ANYRESHEX, @ANYRES16, @ANYRESOCT, @ANYRES8, @ANYRES16=0x0, @ANYRESOCT], 0x21, 0x624a, &(0x7f0000000880)="$eJzs3UuPHFfZB/Cnr3PxG8fKIsprITRJzCWE+BqMIUCSBSzYsEDeIluTSWThALINciILTzQbFnwIEBJLhFiy4gNkwZYdHwBLNhIoqxSqmXPGNeVp94zt6eqZ8/tJ4+qnTlX3Kf+7prunqvoEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABA//MGPz/Ui4sqv0owTEf8Xg4h+xFJdr0TE0sqJ5jovxWZzvBgRo4WIev3Nf56PeDMiPj0ecf/BndV69vk99uP7f/7HH35y7Ed//9PozH//cmvw1qTlbt/+7X/+evfJtxcAAABKVFVV1Usf809GxDB9tgcAjr78+l8leb567ur1OeuPWq1Wqw9h3VTt7m6ziIj15jr1ewaH4wHgkFmPz7ruAh2Sf9GGEXGs604Ac63XdQc4EPcf3FntpXx7zdeDla32fC7IjvzXe9vXd0yaTtM+x2RWz6+NGMQLE/qzNKM+zJOcf7+d/5Wt9nFa7qDzn5VJ+Y+3Ln0qTs5/0M6/5ejk3981/1Ll/If7yn8gfwAAAAAAmGP57/8nOj7+u/D0m7Injzv+uzKjPgAAAAAAAADAs7bf8f+GrfH/thn/DwAAAOZW/Vm99rvjD+dN+i62ev7lXsRzreWBwqSLZZa77gcAAAAAAAAAAAAAlGS4dQ7v5V7EKCKeW16uqqr+aWrX+/W06x92pW8/lKzrX/IAALDl0+Ota/l7EYsRcTl9199oeXm5qhaXlqvlamkhv58dLyxWS43PtXlaz1sY7+EN8XBc1Xe22Fivadrn5Wnt7furH2tcDfbQsdnoMHAAiIitV6P7XpGOmKp6Prp+l8PhYP8/euz/7EXXz1MAAADg4FVVVfXS13mfTMf8+113CgCYifz63z4uoFar1Wq1+ujVTdXu7jaLiFhvrlO/ZzAcPwAcMuvxWdddoEPyL9owIl7quhPAXOt13QEOxP0Hd1Z7Kd9e8/Ugje+ezwXZkf96b3O9vP5u02na55jM6vm1EYN4YUJ/XpxRH+ZJzr/fzv/KVvs4LXfQ+c/KpPzr7TzRQX+6lvMftPNvOTr593fNv1Q5/+G+8h/IHwAAAAAA5lj++/+JuTr+O37SzZnqccd/Vw7sUQEAAAAAAADgYN1/cGc1X/eaj/9/YZflXP95NOX8e/IvUs6/38r/q63lBo3b9959mP+/H9xZ/eOtf/1/nu4x/4d310vPrF56RvRSU2+Ypk+zdY/aGA3G9SONev3BMJ3zU43ej2txPdbi7I5l++n/42H7uUc2YrTZXg222s/vaB9ut+f1L+xoH6Uznaql3H46VuPncT3e22yv2xambP/ilPZqSnvOf2D/L1LOf9j4qfNfTu291rR275P+I/t9c7rb47xz7Yu/OXvwmzPVRgy2t62p3r5XOujP5v/JsXH88ubajdO3r966deNcpMmOuecjTZ6xnP8o/Wz//n91qz3/om7ur/c+Ge87/3mxEcOJ+b/auF1v72sz7lsXcv7j9JPzfy+1777/H+b8J+//r3fQHwAAAAAAAAAAAAAAAHicqqo2LxF9JyIuput/uro2EwCYrfz6XyV5/qzqwYwfT60+5HVvzvoz0/rz6lnd3zDmYXvU6i7qpmp3bzeLiPhbc536PcOvd7szAGCefR4R/+y6E3RG/gXL3/dXT0913Rlgpm5+9PFPr16/vnbjZtc9AQAAAAAAAACeVB7/c6Ux/vOpqqrutpbbMf7ru7HytON/DvON7QFGJwxUPdj/Nj3ORn886DeGG385Jo3/Pdq+9bjxv4dTHm80pX08pX3h0VlLzWJxyvq7XujRkPN/uTHe+amIONkafr2E8V/bY96XIOf/SuP5XOf/ldZyzfyr3x/m/Ps78j9z68NfnLn50cdvXPvw6gdrH6z97MK5c2cvXLx46dKlM+9fu752duvfDnt8sHL+eexr54GWJeefM5d/WXL+X0q1/MuS8/9yquVflpx/fr8n/7Lk/PNnH/mXJef/WqrlX5ac/9dSLf+y5PxfT7X8y5Lz/3qq5V+WnP8bqZZ/WXL+p1Mt/7Lk/M+keo/5Lx10v5iNnH8+wmX/L0vOP5/ZIP+y5PzPp1r+Zcn5X0i1/MuS838z1fIvS87/G6mWf1ly/hdTLf+y5Py/mWr5lyXnfynV8i9Lzv9bqZZ/WXL+3061/MuS838r1fIvS87/O6mWf1ly/t9NtfzLkvP/XqrlX5ac/9upln9ZHn7/vxtuzPjGyNNvfm90/ZsJAAAAAAAAAAAAAGibxenEXW8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA/9iBAwEAAAAAIP/XRqiqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqrCDhwIAAAAAAD5vzZCVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVFfbuLkaus74f+Nn17nrtQGIg5O/kb2DjmBASJ7t+iV9oU0x4bXgPhEJfsF3v2iz4Da9dAo1ko0CJhFFRRdtw0RYQKrmpiCpU0QpQLlCrqpWgvaA3iIqWi6gKKKBWaivIVnPO8zw7Mzs7M+sdr8+c8/lI8c87c2bOmTNnzu53ne8MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAs1tfO/epkSzLGv/lf2zJsuc1/r5pakt+2auu9RYCAAAAa/WL/M9nb0gXHOrjRk3L/N1Lv/O1xcXFxey9G/5w/HOLi+mKqSwb35hl+XXRkz9830jzMsGj2eTIaNPXoz1Wv6HH9WM9rh/vcf1Ej+s39rh+ssf1y3bAMpuK38fkd7Yj/+uWYpdmN2bj+XU7Otzq0ZGNo6Pxdzm5kfw2i+PHs/nsZDaXzbQsXyw7ki//jVsb63pTFtc12rSubY0j5KePHIvbMBL28Y6WdS3dZ/Tj12RTP/vpI8f+/PwzN3eaPXdDy/0V23nH9sZ2fiJcUmzrSLYx7ZO4naNN27mtw3OyoWU7R/LbNf7evp3P9rmdG5Y2c121P+eT2Wj+9+/m+2ms+dd6aT9tC5f9921Zll1a2uz2ZZatKxvNNrdcMrr0/EwWR2TjPhqH0guzsVUdp7f2cZw25uyO1uO0/TURn/9bw+3GVtiG5qfpxx+faHref754Jcdp1HjUK71W2o/BQb9WynIMxuPiu/mDfqzjMbgjPP5Hbl/5GOx47HQ4BtPjbjoGt/c6BkcnNuTbPPqVzXHt21uOwV0ty2/I1zSSz6dv734MTp8/dXZ64aMfu3v+1NETcyfmTu/ZtWtmz759Bw4cmD4+f3Jupvjzivd32W3ORtNrYHvYd/E18Iq2ZZsP1cUvTiw7/17p63Cyy+twS9uyg34djrU/uJH1eUEuHdPxkuK18e7GTp+8PJqt8BrLn5871/46TI+76XU41vQ67Pg9Zdk2j+S36fU6bCxz9s7+fmYZa/qv0zas/L1gbcfglqZjsP3nkfZjcNA/j5TlGJwMx8X371z5e8G2sL2P7VztzyMblh2D6eGGc0/jkvTz/uSBfHQ6Lm9pXHHdRHZhYe7cPQ8fPX/+3K4sjHXxoqZjpf143dz0mLJlx+voqo/XQ/MvfeyWDpdvCftq8u7GH5MrPleNZfbe0/25yr+7dd6fLZfuzsIYsPXen52+mzf250SWff7bH3/wm498/rUr7s9G3vzE9Np/Fk+5tOn8O77C+Tfm/ueK9aW7enTD+Fjx+t2Q9s54y/m49akay89dI/m6n53u73w8Hv5b7/PxjV3Ox1vblh30+Xi8/cHF8/FIr992rE378zkZjpOTM93Px41ltu5e7TE51vV8fFuYI2H/vzIkhZSLmo6dlY7btK6xsfHwuMbiGlqP0z0ty4+HbNZY1xO7r+w4veO24r42pEe3ZL2O06m2ZQd9nKbffa10nI70+u3blWl/PifDcXHjnu7HaWOZp/au/dy5Kf616dw50esYHN8w0djm8XQQ5uf7bHFTPAbvyY5lZ7KT2Wx+7UR+PI3k69p5b3/H4ET4b73PlVu7HIN3tC076GMwfR9b6dgbGVv+4Aeg/fmcDMfF4/d2PwYby7xu/2B/dr0jXJKWafrZtf33ayv9zuuWtt10tY6VsbCd397f/XezjWVOHlhtzuy+n+4Kl1zXYT+1v35Xek3NZuuzn7aG7XzmwMr7qbE9jWU+d7DP4+lQlmUXP3x//vve8O8rf3nhe19r+XeXTv+mc/HD9//k+cf/djXbD8Dwe64Ym4vvdU3/MtXPv/8DAAAAQyHm/tEwE/kfAAAAKiPm/vh/hSfyPwAAAFRGzP1jYSY1yf9bX/fM/HMXs9TMXwzi9Wk3PFAsFzuuM+HrqcUljcvv//Lcf/3Nxf7WPZpl2c8f+N2Oy299IG5XYSps55Ovb718ma/d3de6jzx0Ma23ub/+hXD/8fH0exh0quDOZFn2jRs+k69n6n2X8/nUA0fy+eClxx5tLPPsweLrePunX1Qs/yeh/Hvo+NGW2z8d9sOPwpx5c+f9EW/31cuv3Lb/PUvri7cb2X59/rAff39xv/F9cj77aLF83M8rbf83P/3EVxvLP/zyztt/cbTz9j8R7vfLYf7PS4rlm5+Dxtfxdp8M2x/XF293z5e+1XH7n/xUsfzZNxTLHQkzrv+O8PWONzwz37y/Hh452vK4sjcWy8X1z3zv9/Pr4/3F+2/f/snDl1v2R/vx8dQ/F/cz3bZ8vDyuJ/rrtvU37qf5+Izrf+L3jrTs517rf/LBp1/SuN/29d/VttzZD9+Zr3/p/lrfselPP/mZjuuL23PoL862PJ5D7wyv47D+x98fjsdw/f8+Wdxf+7srHHln6/knLv+FLRdbHk/0pp8V63/y1SfyuXFy0+brnvf86y+9rLHvsuy7G4v767X+E392pmX7v3hTsT/i9bGj377+lcT1n/vIztNnFi7Mz6a9+sgN+XvnvKXYnri9N4Rza/vXh8+c/8DcuamZqZksm6ruW+hdsS+F+ZNiXOq+9OKyM+idD4Xn85Y//sbm2//p0/Hyf3l3cfnlNxfft14RlvtsuHxLeP5Wt/7lHr/1pvz1PfJU2MLF5e8XvBbbdvzHgb4WDI+//eeCeLyfffEH8v3QuC7/vhFf12vc/h/MFvfz9bBfF8M7M2+/aWl9zcvH90a4/K7i9b7m/RdOc/F5/Up4vt/6o+L+43bFx/uD8HPMt7a2nu/i8fH1i6Pt95+/i8elcD7JLhXXx6Xi/r787E0dNy++D0l26eb86z9I93Pzqh7mShY+ujB9cv70hYenz88tnJ9e+OjHDp86c+H0+cP5e3ke/mCv2y+dnzbn56fZuX17s/xsdaYYV9m13v6zDx2b3T9z++zc8aMXjp9/6OzcuRPHFhaOzc0u3H70+PG5j/S6/fzsfbt2H9yzf/fOE/Oz9x04eHDPwZ3zp880NqPYqB72zXxo5+lzh/ObLNy39+Cue+/dO7Pz1JnZufv2z8zsvNDr9vn3pp2NW//OznNzJ4+enz81t3Nh/mNz9+06uG/f7p7vBnjq7PGFqelzF05PX1iYOzddPJap8/nFje99vW5PNS38a/HzbLuR4o34srfftS+9P2vDlz++4l0Vi7S9gegz4b1o/v4FZw/083XM/eNhJjXJ/wAAAFAHMfdPhJnI/wAAAFAZMfdvDDOR/wEAAKAyYu6fDDOpSf6vXP9/68W+1q//r//fvL/0/2vW/39X2fr/jfPFXOp16v+vzVr79/r/gf6//r/+v/6//j8DULb+f8z9m7KslvkfAAAA6iDm/s1hJvI/AAAAVEbM/deFmcj/AAAAUBkx9z8vzKQm+V//X/9f/1//X/+/8/rXt//v8/8HRf+/O/3/HvT/p7N69f8vDXL79f/77P9P9bonqqRs/f+Y+58fZlKT/A8AAAB1EHP/9WEm8j8AAABURsz9N4SZyP8AAABQGTH3bwkzqUn+1//X/9f/1//X/++8fv3/4aT/353+fw/6/z7/X//f5/8zUGXr/8fc/4Iwk5rkfwAAAKie5b9MiLn/hWEm8j8AAACUz9iV3Szm/heFmSzL/1e4AgAAAOCai7n/xqytCF6Tf//X/9f/1//X/9f/77z+/vv/GzL9//LQ/+9O/78H/f+19ecbJ0b9f/1//X+alK3/n+f+bDJ7cZhJTfI/AAAA1EHM/TeFmcj/AAAAUBkx9/+/MBP5HwAAACoj5v6tYSY1yf/6//r/dev//9te/X/9f5//X2X6/93p//eg/+/z//X/9f8ZjPiDUsn6/zH33xxmUpP8DwAAAHUQc/8tYSbyPwAAAFRGzP3/P8xE/gcAAIDKiLl/W5hJTfK//n/J+/+xOar/7/P/9f/1//X/+6L/353+fw/6//r/+v/6/wzUQsn6/zH3vyTMpCb5HwAAAOog5v6XhpnI/wAAAFAZMfe/LMxE/gcAAIDKiLl/KsykJvlf/7/k/f+iBz/h8//1//X/9f/1//uj/9+d/n8P+v/6//r/+v8MVNn6/zH33xpmUpP8DwAAAHUQc//2MBP5HwAAACoj5v7bwkzkfwAAAKiMmPt3hJnUJP/r/w9F/z/T/9f/1//X/9f/74/+f3f6/z3o/+v/6//r/zNQZev/x9z/8jCTmuR/AAAAqIOY+28PM5H/AQAAoDJi7n9FmIn8DwAAAJURc/8dYSY1yf/6//r/+v/6//r/ndev/z+c9P+70//vQf9f/1//X/+fgSpb/z/m/leGmdQk/wMAAEAdxNx/Z5iJ/A8AAACVEXP/XWEm8j8AAABURsz9O8NMapL/9f/1//X/9f/1/zuvX/9/OOn/d6f/34P+v/6//r/+PwNVtv5/zP13h5nUJP8DAABAHcTcf0+YifwPAAAAlRFz/3SYifwPAAAAlRFz/0yYSU3yv/6//r/+fyn7//lNStn/f9nS/er/F/T/y0X/vzv9/x70//X/r3n/f1z/n0opW/8/5v5dYSY1yf8AAABQBzH37w4zkf8BAACgMmLu3xNmIv8DAABAZcTcvzfMpCb5X/9f/1//v5T9/1wp+/9N9P8L+v/lov/f3eD7//Eh6v/r/+v/+/x//X+WK1v/P+b+e8NMapL/AQAAoA5i7t8XZiL/AwAAQGXE3L8/zET+BwAAgMqIuf9AmElN8r/+v/6//r/+v/5/5/Xr/w+ncvb/R/te//D1/33+/3D1/092vfZa9+fX6lpvv/6//j/Lla3/H3P/wTCTmuR/AAAAqIOY+18VZiL/AwAAQGXE3P9LYSbyPwAAAFRGzP2/HGZSk/yv/1/2/v9opv+v/6//r/+v/9+/cvb/+6f/r//v8/+Hd/v1//X/Wa5s/f+Y++8LM6lJ/gcAAIA6iLn/V8JM5H8AAACojJj7Xx1mIv8DAABAZcTcfyjMpCb5v2L9/8n+1jxM/X+f/38N+/+vae/f6//r/+v/l5/+f3f6/z3o/+v/6//r/zNQZev/x9z/mjCTmuR/AAAAqIOY++8PM5H/AQAAoDJi7n9tmIn8DwAAAJURc//rwkxqkv8r1v+v4Of/6//7/H/9f/1//f/V0P/vTv+/B/1//X/9f/1/Bqps/f+Y+18fZlKT/A8AAAB1EHP/G8KMxq/ZFgEAAACDFnP/G8NM/Ps/AAAAVEbM/W8KM6lJ/tf/1//X/9f/1//vvH79/+Gk/9+d/n8P+v/6//r/+v8MVNn6/zH3/2qYSU3yPwAAANRBzP0PhJnI/wAAAFAZMfe/OcxE/gcAAIDKiLn/LWEmNcn/+v/6//r/+v/6/53Xr/8/nPT/uxuy/v8vrg+X6/8X9P/Lvf2r7f+PtX19Vfr/P1yp/7+4sf32+v9cDWXr/8fc/9Ywk5rkfwAAAKiDmPvfFmYi/wMAAEBlxNz/9jAT+R8AAAAqI+b+d4SZ1CT/6/83tmOpvaz/r/+fX7Au/f93/Kf+v/5/pv8/cPr/3Q1Z/9/n/7fR/y/39vv8f/1/litb/z/m/neGmdQk/wMAAEAdxNz/YJiJ/A8AAACVEXP/u8JM5H8AAACojJj73x1mUpP8r//v8//1/33+v/5/5/Wvtv/f6TzQTP9/fej/d6f/34P+v/5/2fr//67/z3ArW/8/5v6Hwkxqkv8BAACgDmLuf0+YifwPAAAAlRFz/6+Fmcj/AAAAUBkx9783zKQm+X/l/v+HWhe8Sv3/Tfr/ffb/p/T/9f/1/9seT9n6/73o/68P/f/u9P970P/X/y9b/9/n/zPkytb/j7n/fWEm/ef/yb6XBAAAAK6JmPt/PcykJv/+DwAAAHUQc/9vhJnI/wAAAFAZMff/ZphJTfK/z/8flv6/z//P9P+Hv/8/qv+v/3/1rV//P5559P/1//X/I/1//X/9f9qVrf8fc/9vhZnUJP8DAABAHcTc//4wE/kfAAAAhkKn/ye7Xcz9h8NM5H8AAACojJj7j4SZ1CT/6//XqP//V/9QXKn/Pxz9/z/a/o/f/87bjuyqUv/f5//r/6+Ddf38/8aL3+f/6//r/yf6//r/+v+0K1v/P+b+o2EmNcn/AAAAUAcx9/92mIn8DwAAAJURc/+xMBP5HwAAACoj5v7ZMJOa5H/9/xr1/33+/3D1/4f48//j/tD/bzWw/n886er/d7Su/f/3LPXE9f9X2/+f6Hip/r/+/zBvv/6//j/Lla3/H3P/XJhJTfI/AAAA1EHI/aPHi7l0hfwPAAAAlRFz/4kwE/kfAAAAKiPm/g+EmdQk/+v/6//r/+v/+/z/zusvbf/f5/93pf/fXXn6/53p/+v/D/P26//r/7Nc2fr/MffPh5nUJP8DAABAHcTc/8EwE/kfAAAAKiPm/g+Fmcj/AAAAUBkx958MM6lJ/tf/1//X/9f/1//vvH79/+Gk/9+d/n8P+v/6/1ey/eG40f/X/2e5svX/Y+4/FWZSk/wPAADA/7F3J02SluX+x7OgOVQFEYezO4uzOWt9CSx0rS/AhRs3RqgLUHFWpHEeccJ5wHnGARRxQsUZnFCcRcR5QEUUB8Row+7rurqq86knq7ozq568789nwYX9t82EP6HnR/ONmx7k7r8wbrH/AQAAoBm5+y+KW+x/AAAAaEbu/kfGLZ3sf/2//r/Z/v9++v/dPl//r/9vmf5/yEX1e/r/BfT/+n/v/+v/Waqp9f+5+x8Vt3Sy/wEAAKAHufsfHbfY/wAAANCM3P0Xxy32PwAAADQjd/9j4pZO9v8p/f/GrM/+PzNe/X9L/b/3/3f9fP2//r9lB9v/X/af/+Zbg/7/JP3/Avp//b/+X//PUk2t/8/d/9i4pZP9DwAAAD3I3f+4uMX+BwAAgGbk7n983GL/AwAAQDNy9z8hbulk/3v/3/v/+n/9v/5/+PP1/+vJ+//jeur/L77lvAvvuvb/rtvP56++/79zZ/8f9P/LcdjfX/+v/2fe1Pr/3P1PjFs62f8AAADQg9z9T4pb7H8AAABoRu7+J8ct9j8AAAA0I3f/U+KWTva//l//r//X/7fS/18RP67/75v+f1xP/f/pfL73//X/+n/9P8s1tf4/d/8lcUsn+x8AAAB6kLv/qXGL/Q8AAADNyN1/adxi/wMAAEAzcvcfjVs62f/6/9X3///S/+v/4+r/vf+v/189/f84/f8C+n/9v/5f/89STa3/z91/WdzSyf4HAACAHuTuf1rcYv8DAABAM3L3Pz1usf8BAACgGbn7nxG3dLL/9f/e/9f/6//1/8Ofr/9fT/r/cfr/BfT/Z9rPn6P/1//r/9lun/3/PSP/tb2U/j93/zPjlk72PwAAAPQgd/+z4hb7HwAAAJqRu//ZcYv9DwAAAM3I3f+cuKWT/a//1//r//X/p93/z/+ld5z+f9jy+v+t+s/U/8/T/4+bTP+/cWTwh/X/a9//e/9f/6//Z4epvf+fu/+5cUsn+x8AAAB6kLv/eXHLyP7f99/MBwAAAA5V7v7nxy1+/R8AAADWXlZnuftfELd0sv/1//p//b/+3/v/w58/1v9ft+37ef9/WvT/4ybT/+9C/6//X+fvr//X/zNvav1/7v4Xxi2d7H8AAADoQe7+y+MW+x8AAACakbv/RXGL/Q8AAADNyN3/4rilk/0/3P+f/H/X/++N/n/n99f/D//1saz+P/8T9f+j/f/9233/X/8/Rv8/Tv+/gP5///38tj9E/f/p9P+X1O9NvP/fWvTz9f8MmVr/n7v/JXFLJ/sfAAAAepC7/6Vxi/0PAAAAzcjd/7K4xf4HAACAZuTuvyJu6WT/e/9f/5/9/OYa9P9n6/+9/z+R9/9nB97/H9H/75H+f5z+fwH9v/f/23j/P3/I+/8cuqn1/7n7Xx63dLL/AQAAoAe5+18Rt9j/AAAAsB62/7MDp/4DpSF3/yvjFvsfAAAAmpG7/1VxSyf7X/+v//f+v/5f/z/8+dPq/73/v1f6/3H6/wX0/6vo54801v9fudvPn0L/f+nq3v/X/3NadvT/15/88cPq/3P3vzpu6WT/AwAAQA9y978mbrH/AQAAoBm5+18bt9j/AAAA0Izc/a+LWzrZ/yvv/7d2/2z9v/5f/6//1/+f+KtH/788+v9x+v8F9P/e/2/j/X/9P5Oxo//f5rD6/9z9r49bOtn/AAAA0IPc/W+IW+x/AAAAaEbu/ivjFvsfAAAAmpG7/41xSyf73/v/+n/9v/5f/z/8+d7/X0/6/3H6/wX0/9v7+YfP9P/6f/0/Z2hq/X/u/jfFLZ3sfwAAAOhB7v43xy32PwAAADQjd/9b4hb7HwAAAJqRu/+tcUsn+1//v9r+P39c/6//n+n/9f/6/wPRbf+/MfS/RPN26f9vetjRB+78Ef2//t/7//p//T9LMIn+/9jJ/+syd//b4pZO9j8AAAD0IHf/2+MW+x8AAACakbv/HXGL/Q8AAADNyN3/zrhln/v/f5b6rQ6O/t/7//p//b/+f/jz9f/rqdv+f4+8/7+A/l//r//X/7NUk+j/t/3r3P3vilv8+j8AAAA0I3f/u+MW+x8AAACakbv/PXGL/Q8AAADNyN3/3rilk/2v/9f/6//1//r/4c/X/68n/f+4ifb/W/k7+v/T6v/vuI/+fxLfX/+v/2fe1Pr/3P1XxS2d7H8AAADoQe7+98Ut9j8AAAA0I3f/++MW+x8AAACacU90Vh84/q/62//6f/2//l//r/8f/nz9/3rS/4+baP9fDqT/v3rkCwz1/8fOnXr/7/3/iXx//b/+n3lT6/9z938wbulk/wMAAEAPcvdfHbfY/wAAANCM3P3XxC32PwAAADQjd/+H4pZO9r/+X/+v/9f/6/+HP3+g/z+y/Xvp/6dJ/z9O/7/Aer7/r/+fyPfX/+v/mTe1/j93/4fjlk72PwAAAPQgd/+1cYv9DwAAAM3I3f+RuMX+BwAAgGbk7r8ubulk/+v/9f/6f/2//n/4873/v55W1//P9P/6f/3/Avvq589dylc+vO8/QP+v/2fe1Pr/3P0fjVs62f8AAADQg9z9H4tb9rL/t85f1dcCAAAAlih3/8fjFr/+DwAAAM3I3f+JuKWT/a//n83O2hYv6//1/8d/QP+v/192/3++/v+geP9/nP5/Af2/9//1//p/lmpq/X/u/k/GLZ3sfwAAAOhB7v7r4xb7HwAAAJpx9/Hfbs4+FbfY/wAAANCM3P2fjls62f/6f+//7+z/ZzP9v/5f/3/CAbz/vznT/y+d/n+c/n8B/X+b/f9Zs4b6/61df77+nymaWv+fu/8zcUsn+x8AAAB6kLv/hrjF/gcAAIBm5O7/bNxi/wMAAEAzcvd/Lm7pZP/r//X/3v/X/+v/hz//APr/+rOq/18e/f84/f8C+v82+3/v/+v/OTRT6/9z938+bulk/wMAAEAPcvd/IW6x/wEAAKAZufu/GLfY/wAAANCM3P1fils62f/6f/2//l//r/8f/nz9/3rS/4/T/y+g/9f/6//1/yzV1Pr/3P1fjls62f8AAADQg9z9N8Yt9j8AAAA0I3f/TXGL/Q8AAADNyN3/lbilk/2v/9f/6//Xs//f1P/r//X/g6bS/19wwQNu1v/r//X/+n/9v/6/d1Pr/3P3fzVu6WT/AwAAQA9y938tbrH/AQAAoBm5+78et9j/AAAA0Izc/d+IWzrZ//P9/zmzE4XqCUP9fzRq+v9t9P87v7/+f/ivD+//6//1/6t3av9/7j5/vvf/g/5f/6//X23////zP1//T4um1v/n7r85bulk/wMAAEAPcvd/M26x/wEAAKAZufu/FbfY/wAAANCM3P23xC2d7H/v/+v/9f8H2f9v6P/1//r/FZvK+//6/9P7/vp//f86f/9m3v8/W//P8qy+/9+K39tb/5+7/9txSyf7HwAAAHqQu/87cYv9DwAAAM3I3f/duMX+BwAAgGbk7v9e3NLJ/tf/6//1/97/1/8Pf77+fz3p/8fp/xfop//fHPrBw+7nz9Rhf/9m+n/v/7NEU3v/P3f/9+OWTvY/AAAA9CB3/w/iFvsfAAAAmpG7/4dxi/0PAAAAzcjd/6O4pZP9r//X/7ff/z9E/3/K5x9S/39U/6//Pwj6//xf9GH6/wUm0/8P//+i9/+n/f31//p/5k2t/8/df2vc0sn+BwAAgB7k7v9x3GL/AwAAQDNy998Wt9j/AAAA0Izc/T+JWzrZ//r/vvr/jVmP/b/3/yfS/3v/X/9/IPT/4/T/C0ym/1/5+/+DDrufP4Tvf+8yv7/+X//PvKn1/7n7b9840uX+BwAAgHX1oPs+4ta9/ntvP/7bzdlP4xb7HwAAAJqRu/9ncYv9DwAAAM3I3f/zuKWT/a//76v/7/P9f/2//l//3xP9/zj9/wL6/976/6V+f/2//p95U+v/c/f/Im7ZNvyO7PuPEgAAAJiS3P2/jFs6+fV/AAAA6EHu/l/FLXP7/9ge/6l2AAAAYGpy9/86bunk1//XuP8fzjJa6/9nK+r/49/Xa/9/wwU7/3zp//X/Q5+v/19P+v9xZ9j/H9vQ/+v/Rwz387f9t/5f/6//79fU+v/c/b+JWzrZ/wAAANCoHX9HIXf/b+MW+x8AAACakbv/d3GL/Q8AAADNyN1/R9zSyf5f4/5/lz+gxvr/03r/f6t+z/v/nb//f/nm4Ocvvf8/Z+cfr/5/mP7/YOj/x3n/fwH9v/f/9f/6f5Zqav1/7v7fxy2d7H8AAADoQe7+P8Qt9j8AAAA0I3f/H+MW+x8AAACakbv/zrilk/2v/2+x/9/D+//6/z76/10+v533///3vKM3Pvih11yl/+ekg+z/868F/b/+X/9/gv5f/6//51RT6/9z9/8pbulk/wMAAEAPcvffFbfY/wAAANCM3P1/jlvsfwAAAGhG7v6/xC2d7H/9v/5/Kv1//rk+hP7/6Pr1/9kU997/e/9f/z/P+//j9P8L6P/1//p//T9LNbX+P3f/3XFLJ/sfAAAAepC7/69xS+7/jX3/rXsAAABgYnL3/+343fbPaPn1fwAAAGjGid2/Oft73NLJ/tf/6/+n0v8n7/+f/Hne/z9B/6//34+17/9nZ+n/9f/6/zX9/vp//T/zptb/5+7/R9zSyf4HAACAHuTu34hbdu7//zrYbwUAAAAs0z3Hf7s5+2fc4tf/AQAAoBm5+++NWzrZ//p//b/+X/+v/x/+fP3/elr7/t/7//p//f/afn/9v/6feVPr/3P3/zsAAP//q2RquA==")
rename(&(0x7f0000000040)='./file1\x00', &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00')
mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0)
mkdir(&(0x7f0000000180)='./bus\x00', 0x0)
mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000380)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@workdir={'workdir', 0x3d, './bus'}}]})

37.508708215s ago: executing program 0 (id=1065):
syz_mount_image$vfat(&(0x7f0000000040), &(0x7f00000001c0)='./file0\x00', 0x2048c5, &(0x7f0000000340)=ANY=[@ANYBLOB='uid=', @ANYRESHEX=0xee00, @ANYBLOB="2c73686f72746e616d653d77696e6e742c6e6f6e756d7461696c3d302c6e66733d6e6f7374616c655f726f2c756e695f786c6174653d312c756e695f786c6174653d302c756e695f786c6174653d312c2c64656275672c73686f72746e616d653d6d697865642c71756965742c757466383d302c00ba56dd00"/132], 0x0, 0x29f, &(0x7f0000000580)="$eJzs3UFrE1sYxvGnSdukKW2yKBfuhct9uW50M7TxEwRpQQwotRF1IUztREPGpGRiJCK2O7d+juLSlYL6Bbpx517cFEFw04UYaZKxaRswra1Tzf8HYU7OOe/MmZyZ8M5AJlvXn94rFwOn6NYVS5pi0rq2pcxOqWuku4y1y+Pqta5zk5/f/Xv1xs1LuXx+ftFsIbd0Pmtm0/+9evDo2f9v6pPXnk+/TGgzc2vrU/b95l+bf299XQrXXpVcW65W6+6y79lKKSg7Zld8zw08K1UCr1a3nvaiX11dbZpbWZlKrda8IDC30rSy17R61eq1prl33FLFHMexqZSGTfzQEYWNxUU3dyKDQRQm+lXWajk33rexsPErBgUAAE6XqPL/u6XASoFVqnvy+4P5f0yHyP+loc7/D4/8fxjs5P+p7vm7F/k/AAAAAAAAAAAAAAAAAAAAAAC/g+1WK91qtdLhMnwlJCUlhe+jHidOBvM/3Hp+uJeU/CeNQqPQWXbac0WV5MvT7Jj0pX08dHXKCxfz87PWltFrf60bv9YoxJUI40OZ/vFznXjrjV/TmFK9288qrZn+8dk+8Y3CuM6eaSW6W/bkKK23t1WVr5X2cb0b/3jO7MLl/L74iXY/AAAAAAD+BI59d+D6vd3uWPjYkH3tncrd+wNK/+D+wL7r61H9MxrdfgMAAAAAMEyC5sOy6/tebQgK4f8fHMsKo//okoN2HpXUrXlxWuZikEJM0lHD4z83yx8l7amZiXy6j6Pw4X7nDBikc5TfSgAAAABOQpj0j0Q9EAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhtigDw8L+x/l2WM9m4tHs5cAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADA6fAtAAD//2kbF4o=")
r0 = syz_open_procfs(0x0, &(0x7f0000000540)='mounts\x00')
mount$tmpfs(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0)
mount$bind(&(0x7f0000000500)='./file0\x00', &(0x7f0000000180)='./file0\x00', 0x0, 0x1333404, 0x0)
mount$bind(&(0x7f0000000300)='./file0\x00', &(0x7f0000000100)='./file0\x00', 0x0, 0x11080, 0x0)
mount$bind(&(0x7f0000000240)='.\x00', &(0x7f0000000280)='./file0\x00', 0x0, 0x1005848, 0x0)
read$FUSE(r0, &(0x7f0000002c00)={0x2020}, 0x2020)

36.492588759s ago: executing program 1 (id=1067):
sendmsg$TIPC_NL_PUBL_GET(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000100)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="000325bd70007affa19afd6ade8a3c0004803519010673797a3100ff07002c0007800800040004000000080001001800000008000200090000000800040005000000080004"], 0x50}, 0x1, 0x0, 0x0, 0x4008080}, 0x8000)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000380)=@delchain={0x24, 0x65, 0x10, 0x70bd2c, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0xf, 0x1}, {0xffff, 0x3}, {0xa, 0x4}}}, 0x24}, 0x1, 0x0, 0x0, 0x8000}, 0x4004001)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000100)=@newqdisc={0x34, 0x24, 0x1, 0x80000000, 0x0, {0x0, 0x0, 0x0, 0x0, {0xf, 0x3}, {0x8, 0xffe0}, {0x0, 0x10}}, [@qdisc_kind_options=@q_fq_pie={{0xb}, {0x4, 0x8002}}]}, 0x34}}, 0x20004055)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="500000001000010425bbe5ad600027842cf52300", @ANYRES32=0x0, @ANYBLOB="0300000000000000280012800a00010076786c616e00"], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca65c15}, 0x4008840)
r0 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0)

36.283420314s ago: executing program 0 (id=1069):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10)
mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0)
r1 = socket$rds(0x15, 0x5, 0x0)
bind$rds(r1, &(0x7f0000000040)={0x2, 0x2, @loopback}, 0x10)
sendmsg$rds(r1, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000780)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0x2c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x410200}], 0x1}}], 0x48}, 0x0)
mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0)

35.092209447s ago: executing program 0 (id=1070):
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r1, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000380)={0x43, 0x4, 0x3, 0x3}, 0x10)
sendmsg$tipc(r0, &(0x7f0000000400)={&(0x7f00000008c0)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x3}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x4008030)

32.504926024s ago: executing program 32 (id=1070):
r0 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r0, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
r1 = socket$tipc(0x1e, 0x5, 0x0)
bind$tipc(r1, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r1, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10)
setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, &(0x7f0000000380)={0x43, 0x4, 0x3, 0x3}, 0x10)
sendmsg$tipc(r0, &(0x7f0000000400)={&(0x7f00000008c0)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x3}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x4008030)

32.457242162s ago: executing program 1 (id=1074):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='tasks\x00', 0x2, 0x0)
sendfile(r1, r1, 0x0, 0xc)
r2 = openat$cgroup_procs(r0, &(0x7f0000000240)='cgroup.procs\x00', 0x2, 0x0)
sendfile(r2, r2, 0x0, 0xfff)
sendfile(r2, r1, 0x0, 0x5)

31.789795938s ago: executing program 33 (id=1074):
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r1 = openat$cgroup_procs(r0, &(0x7f0000000040)='tasks\x00', 0x2, 0x0)
sendfile(r1, r1, 0x0, 0xc)
r2 = openat$cgroup_procs(r0, &(0x7f0000000240)='cgroup.procs\x00', 0x2, 0x0)
sendfile(r2, r2, 0x0, 0xfff)
sendfile(r2, r1, 0x0, 0x5)

6.096184157s ago: executing program 3 (id=1132):
mkdir(&(0x7f0000000640)='./file0\x00', 0x4)
chdir(&(0x7f0000000140)='./file0\x00')
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, <r0=>0x0}, 0x4000)
setresuid(r0, r0, 0x0)
r1 = socket$inet_udplite(0x2, 0x2, 0x88)
getsockopt$sock_cred(r1, 0x1, 0x11, &(0x7f0000000240)={0x0, <r2=>0x0}, &(0x7f0000000280)=0x5)
ioprio_set$uid(0x3, r2, 0x6000)

5.550495254s ago: executing program 3 (id=1135):
r0 = fsopen(&(0x7f0000000300)='devtmpfs\x00', 0x0)
fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0)
r1 = fsmount(r0, 0x1, 0x4)
fchdir(r1)
mkdirat(r1, &(0x7f0000001dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x100)
rename(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000200)='./file0\x00')
mount$overlay(0x0, &(0x7f0000000340)='./file0\x00', &(0x7f0000000140), 0x1000000, &(0x7f0000000280)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@volatile}, {@uuid_null}]})

5.188257031s ago: executing program 4 (id=1137):
r0 = inotify_init()
inotify_add_watch(r0, &(0x7f0000000000)='.\x00', 0x400017e)
syz_mount_image$fuse(0x0, &(0x7f0000000840)='./file0\x00', 0x50880, 0x0, 0x0, 0x0, 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x68cd42, 0x4)
mprotect(&(0x7f0000002000/0x1000)=nil, 0x1000, 0x1)
openat$cgroup_ro(r1, &(0x7f0000000900)='net_prio.prioidx\x00', 0x275a, 0xb)
read$FUSE(r0, &(0x7f0000001fc0)={0x2020}, 0x2020)

5.071847625s ago: executing program 3 (id=1138):
r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0)
ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f00000000c0)=0x10000)
ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000040)={@my=0x0, 0x1})
ioctl$IOCTL_VMCI_DATAGRAM_SEND(r0, 0x7cb, &(0x7f0000000100)={&(0x7f0000000680)={{@any, 0x18000}, {@local, 0x6}, 0x400, "4145fdc5fec7663a106cef95c8d86f03d655b82e62dc5204ff06732791d90936bf31f7b4eafad3ed43e8da42de6780edce2e2f941399c9b9002a6a538fc1ebd3e994ce6fa4a67c775c476cdbedebbe34904cbe0d5808cf5892aa1e563f949f38cd2ebaa2c46464183ead798b1af0ba7ad5db77736a5329e7297e674242854f87ef03b0fba724523033529e64be44188740b9e9a0ba6944e9724c4aaa8470ab8d35a1746a1da4dfa2112cb5135d97efae0975e7fa5e421fe7ec12a8bbd7714076b63ddaca822d7c0383ccc4e21b11c8a0443850c05f4bb6716b6ba83016b709b44a9959c44daa717edf6b43f7c235fae47730ff2d435ed29d062451ab74bd9f65d9bf96e1afc645ca2249c89146fc815210d465ca0ede0acbfe1165b15d222ed668b79b14f901178d35e7421637588c887b0f2335ea84a442fc95bbcf0ea3b308ee18d913901cb8f40dd2798e781c4b1c620c23565b5bc18e25c206f772c863c8a8864f460c239033717d41f94fbf13b1d0c7271364bd6d144160e1df33fcb33e5d45a5e7ea4264d089397d7e022c6e1f37a2e464c01b4df6a906d3a46d9432ba1966d73aa0627491e3b3c33bee03ff2138896b64862910f24dbacc3c686e0059ff5915c8b69bce3c4022c5c80d574274d1107c9935898ae444a6c38dbd8319e778e1a86a293094bd98d0ae3ae2c32a4bcb20e0517c03e7b46839f4e3601ff98244ca5485cacbfe53c935cf14038bba908af19834a86b56cf68a7170448a434b55d66c080ea095b02ba4c3f8ba492c9e50111bf1b3085cc0f3938a58609a337e89eba9271ee071a8b9f3ab4ad0fc3c92a48cb6bc63ed74877d8425c88eb40d18c6260d2221dc295d1fa1557cfcfe1cb3a1d61b4b1235e28903ae5a4d3d358f6d3e2c87b110e38aab0fd1ca2c047b3ea826d8cd9b980b3fc64fbf38d0d3fed0057b30612880a3d93aa3e16e1c1902cc8c206d7732f426fbb063b020a03d08e3bcd4ff32c30c8ea424ea0c746e72c23e8d53576cc801bdf82f8bba865074e5dde3177820c24be87b9bd36e30a81d1d50b5aa0628262d46d19060ae37a33aa8e515fed3f8bfdf65ba5f8e11e4d517a50ce03f82bc5b3c8e9b3eb6572f1a686430170ce64bc1a61246fd99b2d8a3215104478eead271fcca07bc66e637d5543ad47147f5ad50cc5a203a37b7d2f67bb0387ae189ee7d5cfc0a421b0f0e6286aaf28a3eadfad1b8c83a26ac0a1d4a3846d93e161c82be100278d94e35fc7b5f1feb833f1b975adb33bec5d777cfbdb2c5fe171e205fd6596b37ba646b9ecb163fabcd89a469f6ad539a80937748105298b0a6364d75c6de3cbcbb96c440d5489f3f47149551e7f53d3a22d837cfb59c3e43f0c95760791ed36ff84ae82a679e4e062461bda5db7c27fb00c3238266734bc7c16d45ce7cd3f0b7e63c309977816048f24"}, 0x418, 0x1008})
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
ioctl$IOCTL_VMCI_SET_NOTIFY(r0, 0x7cb, &(0x7f0000000140)={0x0, 0x10000})
openat$vcs(0xffffffffffffff9c, 0x0, 0x10640, 0x0)

4.68654535s ago: executing program 2 (id=1139):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = fanotify_init(0x200, 0x0)
r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0)
fanotify_mark(r1, 0x71, 0x40000009, r2, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='net_prio.prioidx\x00', 0x275a, 0x0)
fanotify_mark(r1, 0x161, 0x40000867, r3, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

4.632051146s ago: executing program 4 (id=1140):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x41, 0x0)
ioctl$TCSETAF(r0, 0x5408, &(0x7f0000000080)={0xcf47, 0x5cc, 0xffff, 0xff, 0x6, "8003e3ffff072000"})
write$binfmt_aout(r0, &(0x7f00000006c0)=ANY=[], 0xff2e)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000100)={0x0, 0x0, 0x3, 0x7fff, 0x16, "b0bf2ebb48c849ac0000000003000018bfff40"})
r1 = syz_open_pts(r0, 0x0)
r2 = dup3(r1, r0, 0x0)
ioctl$TIOCSTI(r2, 0x5412, &(0x7f0000000000)=0xff)

4.578982567s ago: executing program 3 (id=1141):
socket$nl_rdma(0x10, 0x3, 0x14)
socket$nl_generic(0x10, 0x3, 0x10)
creat(&(0x7f0000000040)='./bus\x00', 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r2, @ANYBLOB="10007d8005", @ANYRES8=0x0, @ANYRES32=r0], 0x2c}, 0x1, 0x0, 0x0, 0x20004080}, 0x0)

4.167138944s ago: executing program 3 (id=1142):
prlimit64(0x0, 0xe, &(0x7f0000000100)={0xa, 0x88}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000440)=0x7)
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000040)='./file2\x00', 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="6e6f646973636172642c6e6f636865636b706f696e745f6d657267652c616c6c6f635f6d6f64653d64656661756c742c636865636b706f696e743d64697361626c652c666c7573685f6d657267652c6661756c745f696e6a656374696f6e3d2d303030303030303030303030303030313236322c61636c2c6e6f61636c2c636f6d70726573735f63616368652c616c6c6f635f6d6f64653d64656661756c742c6e6f657874656e745f63616368652c636f6d70726573735f63616368652c6661756c745f747970653d30303030303030303030303030303030303030342c008d73b6efef8bf6f516d60904182d07bca0e749cc80891d95a64e7017e017d72450a7d42539b57fb9c48865a0e2adbf3b790b6e666283ce3274281626e6b683df1e10a4b3b952294895df65e4a6b94f5c5a650e35a010e04bce2a92891fec6ae51521e10eeb1224f2905d434d7558325f47edf48ce3a8ad4664164f", @ANYRES8], 0x1, 0x5524, &(0x7f00000075c0)="$eJzs3E1rY+UXAPCTdjrv//kXceFuLgxCC5PQ9GXQXdUZfMEOZdSFK02TNGQmyS1NmtauZuFSXPhNRMGVSz+DC8GdO3GhzE5Qcu/tOPUFZCZN7MzvBzfnPk+enHueUAIntySAZ9Z88uDnUlyJCxExGxGXI7LzUnFk1vPwQkRcjYiZR45SMf9w4mxEXIyIK6Pkec5S8dRn10ejt375+ttzZy59/tV309s1MB3nHp69GBHdnfx8v5vHtJXHu8V8bdjOYnd1WMT8ie69Ypzmcb+5lWXYrx2tq2VxpZWvT3f2+qO43anVR7HV3s7md3r5BfvD1lGe7AV3a7vZuNHcymK7n2axdZjXdXCYf7Yd9gd5nkaR76MsfQwGRzGfbx408/3s3MtivTco5vO8aaN5MIrDIhaXi3raaWR1bD3eu30avN3u7R0kw+Zuv532krVK9aVK9Ua5ups2moPmarnWbdxYTRZandGy8qBZ66630rTVaVbqaXcxWWjV6+VqNVm42dxq13pJtVpZqSyV1xaLs+vJ67ffSzqNZGEUX2339gbtTj/ZTneT/BWLyXJl5eXF5Fo1eWdjM9m8c+vWxua7H9x8//YrG2++Viz6S1nJwvLS8nK5ulReri4+xqa/P6X7/7go+kn3D+NSmnYBAKfPfPIg+/ScTP8/vLb2k/4fOMn+f/dOxMn3/6H/H4tT1f+Oq/+fwv6Ly93/r+0fnoj+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgmfXD3BdvZCfz+fhSMf+/Yuq5YlyKiJmI+O1vzMbZYzlnizxz/7B+7k81fFOKLMPoGueK42JErBfHr/8/6XcBAAAAnl5f3r/6ad6t5w/z0y6IScq/tJm5/OGY8pUiYm7+xzFlmxk9PD+mZNnf95k4GFO27Aus82NKln/ldmZc2f6V2WPh/COhlIeZiZYDAABMxPFOYLJdCAAAAJP0ybQLYDpKcXQr8+hecPaf93/cELxwbAQAAACcQqVpFwAAAACcuKz/9/t/AAAA8HTLf/8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmfnXnLUhuE4AP8TkkJfKqq671W6g2P0CF12WXGAXoIDdEGv0AtwBrrrESoYEWd4jLKYEU6iGX2fFIwj88NGsLCNDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA9OlvvVn+/vH55605+8NZdXi6PKMBAAAAuuzqzbJ5Mk/1t+399+2tj229iIgyIrrm7pN4dZU5STlVnNv/umxfP+jDn4gm4fge0/Z6ExFf2uv/h54/BAAAAHjBtqv1Is3W08N87A4xpLRoU777mimviIh6/i9TWnnM+5QprPl+V/E9U1qzgDXLFJaW3KpcaY/S/NxPq3azi6JIRdn5slMns40dAAAY0OSqGHYWAgAAwJC+jd0BxlHE/VbmaStwmop2e+/1VQ0AAAB4hoqxOwAAAAD0rpn/93j+X/Pfgq72zv8DAACA4aTz/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjTrt4st6v14tac/eE2eUYDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMAd+/OOAiEQBmGwd31nMvc/rDRoampSBcLH3xgMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8OZ3f/k/MTXOJHOvjaXnkWTt1Ng6NfbOjaM/jK9fAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFzsz0sKhEAQRMGc8b+Tvv9hJUHPIEIENDyqqEUDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB80e9++T8xNc4kc6eNpeORZO2qsXXV2HvQOHow3v4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFzs3M9rHFUcAPA3MztbWxXXKHuIiIIHvdh2W1t7Ew9K8OCfIIR0W2O3/mhzsKWIuXiTnHsRPYoISrz1f+i5gVziLcgeInhW5ld28gNcf3Rmk3w+8OZ9dxjmfd8shHznvQQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKuO3J3GSHXpFHJfnHu3cW8r6jX195sHa5nzWsjhqMumj4cX6h6jfXiIAAACcHElV34cQttL1hayPe3n9n1bXZDX/t08XcVXP76/7q76q/bP2y8/bz+8O1CvGyW56bXk0PH8wlc7jm+Vse+Zvr+jkTz5/95LkX0j83upz4zR/ntHXDx++083DU01kCwD8G2ervgyq34eyftBmYgCcGJ1a4V3V/0mv3ZwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAmjBeDU9WcRRCmO9M4szGzr2lw/oHa5vzVbt8//5a+HJyz+wWaQjh2vJoeL7R2cy223fu3lgcjYa3mg9eCiG0Nfpb5fRvfDDFxSG08nwE/1MQl1/2rORzNIIWfygBAHAspWXL6vqtdH0hOxfNhfDnd3vr/1drcZiy/t/+8PKj+lj1+n/Q2Axn37mVm5+eu33n7uvLNxevD68PP37jwuDNwcUrly5d+a1bXOKNCQAAAP9Jt2z1+j+eO7j+f6YWhynr/8++GXxRHytR/x9qsujXdiYAAAAn27Mv//F7dMj5qNsNny+urNwaFMfdzxeKYwup/mOnylav/5O5trMCAAAAmjBejfas/1+txWHK9f+nvn/hx/o9kxDC6XL9/+zSJ6OrzU1npjXx58RtzxEAAIB2nS5bff0/zff/x7tbHuIQwmuvFHH5bwCnqv+Td7/6oT5Wff//xeamOJPifvE88r4fQqffdkYAAAAcZ0+ULSv2f03XFz766cz7Xfv/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJr2VwAAAP//Lbg4Bw==")
r0 = open(&(0x7f0000001b80)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000001c0)=0x20000088)
openat(0xffffffffffffff9c, &(0x7f0000000240)='./file0\x00', 0x40042, 0x1)
rename(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file1\x00')

4.06470785s ago: executing program 2 (id=1143):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7)
r0 = socket$packet(0x11, 0x3, 0x300)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r0, 0x8933, &(0x7f0000000080)={'batadv0\x00', <r1=>0x0})
sendto$packet(r0, 0x0, 0x0, 0x0, 0x0, 0x0)
r2 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000080)=ANY=[@ANYBLOB="3c00000013000100000000000000000000000002", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=r1, @ANYBLOB="1400350064756d6d7930"], 0x3c}}, 0x0)

3.64981946s ago: executing program 2 (id=1144):
r0 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000001c0)='net/stat\x00')
r1 = fanotify_init(0x20, 0x2)
readv(r1, &(0x7f0000000000)=[{&(0x7f0000000100)=""/146, 0x92}], 0x1)
fanotify_mark(r1, 0x1, 0x40001019, r0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)
unshare(0x2040400)
fallocate(r0, 0x3, 0x3, 0x4)

3.077666381s ago: executing program 4 (id=1145):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_open_procfs(0x0, &(0x7f0000000000)='net/icmp\x00')
ioctl$KVM_SET_GUEST_DEBUG_x86(r2, 0x4048ae9b, &(0x7f0000000080)={0xe0003, 0x0, {[0x8, 0x2, 0x81, 0xffffffffefffff15, 0x3, 0x5, 0x3, 0xb37f]}})
ioctl$KVM_RUN(r2, 0xae80, 0x0)

2.907214284s ago: executing program 2 (id=1146):
r0 = socket$kcm(0x2a, 0x2, 0x0)
sendmsg$kcm(r0, &(0x7f0000001f80)={&(0x7f0000001d00)=@qipcrtr={0x2a, 0xffffffffffffffff, 0xfffffffe}, 0x80, 0x0}, 0x0)
recvmsg(r0, &(0x7f0000000540)={0x0, 0x0, 0x0}, 0x40002182)
r1 = socket$kcm(0x2a, 0x2, 0x0)
getpeername(r0, 0x0, 0x0)
ioctl$F2FS_IOC_RELEASE_VOLATILE_WRITE(r0, 0xf504, 0x0)
sendmsg$kcm(r1, &(0x7f0000001540)={&(0x7f0000000040)=@qipcrtr={0x2a, 0x1, 0x4000}, 0x80, 0x0}, 0x0)

2.184836797s ago: executing program 3 (id=1147):
getsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000100)={@remote, 0x0, 0x2}, 0x0)
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[], 0x18}}, 0x0)
ioctl$FS_IOC_GETFSLABEL(r0, 0x400452c8, &(0x7f0000000100))
bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000000c0), 0x20)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x3, 0x3)
ioctl$FS_IOC_GETFSLABEL(r1, 0x400452c8, &(0x7f0000000100))

1.557830502s ago: executing program 2 (id=1148):
r0 = syz_io_uring_setup(0xf4d, &(0x7f0000000100)={0x0, 0x59c4, 0x8, 0x1000, 0x5cc}, &(0x7f0000000300)=<r1=>0x0, &(0x7f0000000080)=<r2=>0x0)
syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4)
io_uring_register$IORING_REGISTER_BUFFERS(r0, 0x0, &(0x7f0000000740)=[{&(0x7f00000003c0)=""/201, 0xc9}], 0x1)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5)
syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0xc, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x1})
io_uring_enter(r0, 0x749f, 0x4, 0x0, 0x0, 0xfffffffffffffef5)

1.483213397s ago: executing program 4 (id=1149):
r0 = syz_io_uring_setup(0x1ed3, &(0x7f0000000240)={0x0, 0x0, 0x10100, 0x5, 0x279}, &(0x7f00000002c0)=<r1=>0x0, &(0x7f0000000140)=<r2=>0x0)
sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB='('], 0x38}}, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000003c0)='pids.current\x00', 0x275a, 0x0)
write$UHID_CREATE2(r3, &(0x7f0000000180)=ANY=[], 0x118)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x0)
syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_TEE={0x21, 0x4, 0x0, @fd_index=0x8, 0x0, 0x0, 0x9, 0x7, 0x1})
io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0)

767.997092ms ago: executing program 2 (id=1150):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000500)={0x11, 0x3, &(0x7f0000000000)=@framed={{0x18, 0x0, 0x0, 0x0, 0xc}}, &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='tlb_flush\x00', r0}, 0x10)
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x3000003, 0x204031, 0xffffffffffffffff, 0xffffd000)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000000e00000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x31)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000680)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)
madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x19)
mremap(&(0x7f0000006000/0x3000)=nil, 0x3000, 0x3000, 0x7, &(0x7f0000ffd000/0x3000)=nil)

731.918765ms ago: executing program 6 (id=1078):
r0 = socket$netlink(0x10, 0x3, 0x0)
r1 = socket$netlink(0x10, 0x3, 0x0)
r2 = socket(0x10, 0x803, 0x0)
sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r2, &(0x7f0000001980)={0x0, 0x0, &(0x7f0000001940)={0x0, 0xf4}, 0x1, 0x0, 0x0, 0xc001}, 0x4000000)
getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, <r3=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14)
sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r3, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010005"], 0x3c}}, 0x0)
sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000240)=@newlink={0x4c, 0x10, 0xffffff1f, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x34080}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @gretap={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GRE_TOS={0x5, 0x9, 0xfb}, @IFLA_GRE_REMOTE={0x8, 0x7, @dev={0xac, 0x14, 0x14, 0x28}}]}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x4c}}, 0x804)

643.292645ms ago: executing program 4 (id=1151):
r0 = socket$inet6(0xa, 0x5, 0x0)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty, 0xffffff5d}, 0x1c)
listen(r0, 0x50)
r1 = socket(0x2, 0x80805, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sendmmsg$inet(r1, &(0x7f0000000b00)=[{{&(0x7f0000000180)={0x2, 0x4e20, @local}, 0x10, &(0x7f0000000080)=[{&(0x7f00000004c0)="89", 0x1}], 0x1}}, {{&(0x7f0000000000)={0x2, 0x4e20, @loopback}, 0x10, &(0x7f0000000040)=[{&(0x7f00000001c0)="c3", 0x1}], 0x1}}], 0x2, 0x0)

617.012854ms ago: executing program 5 (id=1073):
unshare(0x26000400)
sendmsg$inet(0xffffffffffffffff, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000000100000001"], 0x128}, 0x0)
socket$xdp(0x2c, 0x3, 0x0)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[], 0x128}, 0x0)
recvmsg$unix(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000580), 0x100}, 0x0)
select(0x2a, 0x0, 0x0, &(0x7f0000000400)={0xfefdffffffffffff, 0x1, 0x2, 0x300}, &(0x7f0000000440)={0x0, 0x2710})

0s ago: executing program 4 (id=1152):
r0 = landlock_create_ruleset(&(0x7f0000000200)={0x48, 0x3}, 0x18, 0x0)
landlock_restrict_self(r0, 0x0)
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0)
r1 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0)
landlock_restrict_self(r1, 0x0)
landlock_restrict_self(r1, 0x5)
pivot_root(&(0x7f0000000040)='./file0/../file0/../file0/../file0/../file0\x00', &(0x7f0000000600)='./file0/../file0/../file0/../file0\x00')

kernel console output (not intermixed with test programs):

encryption failed: -22
[  419.422174][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  419.859818][ T8016] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  419.870724][ T8016] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  420.101506][ T8016] BTRFS info (device loop1): rebuilding free space tree
[  420.149396][ T8016] BTRFS info (device loop1): disabling free space tree
[  420.156740][ T8016] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  420.167053][ T8016] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  420.205193][ T8016] BTRFS info (device loop1): enabling ssd optimizations
[  420.212703][ T8016] BTRFS info (device loop1): using spread ssd allocation scheme
[  420.220777][ T8016] BTRFS info (device loop1): turning off barriers
[  420.227812][ T8016] BTRFS info (device loop1): turning on async discard
[  420.234963][ T8016] BTRFS info (device loop1): force clearing of disk cache
[  420.482011][ T8041] loop2: detected capacity change from 0 to 128
[  420.514925][ T8041] hpfs: Unknown parameter '0xffffffffffffffff'
[  420.719532][ T8016] BTRFS warning (device loop1): failed to trim 1 device(s), last error -512
[  420.791946][ T5801] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  421.235705][   T30] audit: type=1326 audit(1768721054.115:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8037 comm="syz.0.640" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf5bd8f749 code=0x7fc00000
[  422.410647][ T8066] netlink: 12 bytes leftover after parsing attributes in process `syz.3.645'.
[  423.048537][ T8074] loop1: detected capacity change from 0 to 4096
[  423.409657][ T8085] loop2: detected capacity change from 0 to 1024
[  423.964834][  T793] IPVS: starting estimator thread 0...
[  423.978696][ T5853] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  424.094635][ T8097] IPVS: using max 192 ests per chain, 9600 per kthread
[  424.148918][ T3489] hfsplus: b-tree write err: -5, ino 4
[  424.216925][ T5853] usb 5-1: Using ep0 maxpacket: 32
[  424.241638][ T5853] usb 5-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=6f.be
[  424.251409][ T5853] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  424.309918][ T5853] usb 5-1: config 0 descriptor??
[  424.333781][ T5853] gspca_main: vc032x-2.14.0 probing 0ac8:0321
[  425.245173][ T8116] mmap: syz.3.671 (8116) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  425.800009][ T5853] gspca_vc032x: reg_w err -71
[  425.805007][ T5853] gspca_vc032x: I2c Bus Busy Wait 00
[  425.810813][ T5853] gspca_vc032x: I2c Bus Busy Wait 00
[  425.816272][ T5853] gspca_vc032x: I2c Bus Busy Wait 00
[  425.826291][ T5853] gspca_vc032x: I2c Bus Busy Wait 00
[  425.833114][ T5853] gspca_vc032x: I2c Bus Busy Wait 00
[  425.838842][ T5853] gspca_vc032x: I2c Bus Busy Wait 00
[  425.844297][ T5853] gspca_vc032x: I2c Bus Busy Wait 00
[  425.850087][ T5853] gspca_vc032x: I2c Bus Busy Wait 00
[  425.855532][ T5853] gspca_vc032x: I2c Bus Busy Wait 00
[  425.861137][ T5853] gspca_vc032x: I2c Bus Busy Wait 00
[  425.866672][ T5853] gspca_vc032x: I2c Bus Busy Wait 00
[  425.872559][ T5853] gspca_vc032x: I2c Bus Busy Wait 00
[  425.878178][ T5853] gspca_vc032x: I2c Bus Busy Wait 00
[  425.883642][ T5853] gspca_vc032x: I2c Bus Busy Wait 00
[  425.889318][ T5853] gspca_vc032x: I2c Bus Busy Wait 00
[  425.894762][ T5853] gspca_vc032x: I2c Bus Busy Wait 00
[  425.900369][ T5853] gspca_vc032x: I2c Bus Busy Wait 00
[  425.905829][ T5853] gspca_vc032x: I2c Bus Busy Wait 00
[  425.913234][ T5853] gspca_vc032x: Unknown sensor...
[  425.918843][ T5853] vc032x 5-1:0.0: probe with driver vc032x failed with error -22
[  426.082206][ T5853] usb 5-1: USB disconnect, device number 10
[  426.402120][ T8132] netlink: 76 bytes leftover after parsing attributes in process `syz.2.677'.
[  426.502427][   T30] audit: type=1326 audit(1768721059.375:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8119 comm="syz.3.674" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba6f38f749 code=0x7fc00000
[  426.525931][   T30] audit: type=1326 audit(1768721059.375:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8119 comm="syz.3.674" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fba6f38f749 code=0x7fc00000
[  426.553987][   T30] audit: type=1326 audit(1768721059.375:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8119 comm="syz.3.674" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fba6f38f749 code=0x7fc00000
[  427.460940][ T8145] netlink: 4 bytes leftover after parsing attributes in process `syz.2.682'.
[  427.475231][    C1] vcan0: j1939_xtp_rx_dat: no tx connection found
[  427.482111][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  427.491113][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  427.499310][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  427.508224][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  427.516338][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  427.525310][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  427.533421][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  427.542493][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  427.550774][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  427.559698][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  427.567861][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  427.576861][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  427.584972][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  427.593898][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  427.602101][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  427.610988][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  427.619066][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  427.628053][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  427.636080][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  427.645138][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  427.653272][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  427.662197][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  427.670311][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  427.679338][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  427.687451][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  427.696295][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  427.704491][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  427.713500][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  427.721700][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  427.730631][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  427.738746][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  427.747674][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  427.755729][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  427.764615][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  427.772743][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  427.781742][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  427.789974][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  427.798983][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  427.807087][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  427.816016][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  427.824385][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  427.833269][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  427.841407][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  427.850501][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  427.858620][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  427.867535][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  427.875643][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  427.885133][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  427.893245][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  427.902284][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  427.910411][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  427.919357][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  427.927448][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  427.936367][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  427.944488][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  427.953387][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  427.961510][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  427.970422][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  427.978520][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  427.992488][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.000637][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.009542][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.017670][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.026448][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.034632][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.043750][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.051933][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.060881][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.069018][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.077983][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.086214][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.095291][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.103506][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.112542][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.120672][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.129597][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.137772][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.146602][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.155186][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.164132][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.172256][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.181321][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.189433][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.198532][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.206587][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.215698][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.223849][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.232748][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.240848][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.249743][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.257896][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.266781][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.274902][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.283797][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.292172][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.301135][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.309344][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.318334][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.326379][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.335289][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.343479][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.352406][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.360612][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.369511][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.377650][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.386566][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.394721][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.403694][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.411871][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.420792][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.428911][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.437827][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.445928][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.454906][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.463134][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.472185][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.480406][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.489321][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.497442][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.506315][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.514448][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.523347][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.531464][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.540396][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.548780][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.557703][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.565741][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.574690][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.582801][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.591820][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.599913][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.608814][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.616839][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.625769][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.633869][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.642783][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.650894][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.659891][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.667974][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.676777][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.684885][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.693785][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.701934][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.710900][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.719034][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.723970][ T8142] loop0: detected capacity change from 0 to 4096
[  428.729139][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.741556][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.750495][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.758603][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.767559][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.775840][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.784788][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.792877][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.801763][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.809935][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.818810][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.826819][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.835695][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.843780][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.852675][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.860857][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.870105][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.878202][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.887029][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.895136][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.904025][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.912308][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.921222][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.929330][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.938376][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.946398][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.955328][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.963445][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.972311][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.980601][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  428.989528][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  428.997761][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  429.006956][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  429.015064][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  429.024062][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  429.032171][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  429.041077][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  429.049174][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  429.058111][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  429.066203][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  429.075080][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  429.083197][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  429.109459][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no tx connection found
[  429.117596][    C1] vcan0 (unregistering): j1939_xtp_rx_dat: no rx connection found
[  429.353441][ T8142] ntfs3(loop0): ino=8, mi_enum_attr
[  429.359475][ T8142] ntfs3(loop0): Mark volume as dirty due to NTFS errors
[  429.395010][ T8142] ntfs3(loop0): Failed to load $BadClus (-22).
[  429.515274][ T8154] af_packet: tpacket_rcv: packet too big, clamped from 1 to 4294967272. macoff=96
[  429.787688][  T793] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  430.050886][  T793] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08
[  430.060778][  T793] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  430.069051][ T5853] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  430.076950][  T793] usb 2-1: Product: syz
[  430.081656][  T793] usb 2-1: Manufacturer: syz
[  430.086460][  T793] usb 2-1: SerialNumber: syz
[  430.175735][  T793] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested
[  430.350823][ T5858] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008
[  430.827598][ T8153] random: crng reseeded on system resumption
[  431.016926][ T8165] loop2: detected capacity change from 0 to 32768
[  431.048823][ T5853] usb 5-1: Using ep0 maxpacket: 32
[  431.073675][ T5853] usb 5-1: New USB device found, idVendor=041e, idProduct=400b, bcdDevice=3e.e7
[  431.083260][ T5853] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  431.171757][ T8165] (syz.2.691,8165,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  431.186891][ T8165] (syz.2.691,8165,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  431.269984][ T5853] usb 5-1: config 0 descriptor??
[  431.326774][ T5853] gspca_main: sunplus-2.14.0 probing 041e:400b
[  431.388088][ T8165] JBD2: Ignoring recovery information on journal
[  431.481541][  T793] usb 2-1: USB disconnect, device number 3
[  431.529419][ T5858] ath9k_htc 2-1:1.0: ath9k_htc: Target is unresponsive
[  431.537368][ T5858] ath9k_htc: Failed to initialize the device
[  431.545815][  T793] usb 2-1: ath9k_htc: USB layer deinitialized
[  431.733979][ T8165] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  432.288837][ T6045] ocfs2: Unmounting device (7,2) on (node local)
[  432.902505][ T5853] gspca_sunplus: reg_w_riv err -71
[  432.908428][ T5853] sunplus 5-1:0.0: probe with driver sunplus failed with error -71
[  432.938987][ T5853] usb 5-1: USB disconnect, device number 11
[  433.514109][ T5858] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[  433.718317][ T5858] usb 2-1: Using ep0 maxpacket: 8
[  433.735270][ T5858] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  433.747562][ T5858] usb 2-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=6d.2a
[  433.756892][ T5858] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  433.827272][ T5858] usb 2-1: config 0 descriptor??
[  433.849848][ T8187] team_slave_1: Caught tx_queue_len zero misconfig
[  433.860271][ T5858] gspca_main: vc032x-2.14.0 probing 046d:0892
[  434.111668][ T5804] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci0/hci0:201'
[  434.128546][ T5804] CPU: 1 UID: 0 PID: 5804 Comm: kworker/u9:3 Not tainted syzkaller #0 PREEMPT(none) 
[  434.128702][ T5804] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  434.128810][ T5804] Workqueue: hci0 hci_rx_work
[  434.129006][ T5804] Call Trace:
[  434.129053][ T5804]  <TASK>
[  434.129101][ T5804]  __dump_stack+0x26/0x30
[  434.129258][ T5804]  dump_stack_lvl+0x14c/0x1c0
[  434.129437][ T5804]  dump_stack+0x1e/0x25
[  434.129586][ T5804]  sysfs_create_dir_ns+0x46c/0x540
[  434.129762][ T5804]  kobject_add_internal+0xf0f/0x1870
[  434.129941][ T5804]  kobject_add+0x2c1/0x410
[  434.130110][ T5804]  ? kmsan_get_metadata+0xfb/0x160
[  434.130293][ T5804]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  434.130507][ T5804]  device_add+0xa70/0x1c10
[  434.130682][ T5804]  hci_conn_add_sysfs+0x15f/0x2f0
[  434.130858][ T5804]  le_conn_complete_evt+0x1d03/0x2240
[  434.131106][ T5804]  hci_le_conn_complete_evt+0x157/0x260
[  434.131272][ T5804]  hci_le_meta_evt+0x6eb/0x960
[  434.131404][ T5804]  ? __pfx_hci_le_conn_complete_evt+0x10/0x10
[  434.131570][ T5804]  hci_event_packet+0xce2/0x1e40
[  434.131747][ T5804]  ? __pfx_hci_le_meta_evt+0x10/0x10
[  434.131922][ T5804]  hci_rx_work+0x8c3/0xfc0
[  434.132111][ T5804]  ? kmsan_get_metadata+0xfb/0x160
[  434.132291][ T5804]  ? __pfx_hci_rx_work+0x10/0x10
[  434.132474][ T5804]  process_scheduled_works+0xb91/0x1d80
[  434.132717][ T5804]  worker_thread+0xedf/0x1590
[  434.132876][ T5804]  kthread+0xd5c/0xf00
[  434.133009][ T5804]  ? __pfx_worker_thread+0x10/0x10
[  434.133159][ T5804]  ? __pfx_kthread+0x10/0x10
[  434.133293][ T5804]  ret_from_fork+0x208/0x710
[  434.133466][ T5804]  ? __switch_to+0x53d/0x790
[  434.133619][ T5804]  ? __pfx_kthread+0x10/0x10
[  434.133759][ T5804]  ret_from_fork_asm+0x1a/0x30
[  434.133952][ T5804]  </TASK>
[  434.135963][ T5804] kobject: kobject_add_internal failed for hci0:201 with -EEXIST, don't try to register things with the same name in the same directory.
[  434.355914][ T5804] Bluetooth: hci0: failed to register connection device
[  435.505471][ T5858] usb 2-1: USB disconnect, device number 4
[  435.721951][ T8196] loop2: detected capacity change from 0 to 32768
[  435.733737][ T8196] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.704 (8196)
[  435.789805][ T8196] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  435.800566][ T8196] BTRFS info (device loop2): using blake2b (blake2b-256-lib) checksum algorithm
[  436.088629][ T8196] BTRFS info (device loop2): rebuilding free space tree
[  436.140035][ T8196] BTRFS info (device loop2): setting nodatasum
[  436.146474][ T8196] BTRFS info (device loop2): setting nodatacow
[  436.153212][ T8196] BTRFS info (device loop2): enabling ssd optimizations
[  436.164515][ T8196] BTRFS info (device loop2): turning on async discard
[  436.171933][ T8196] BTRFS info (device loop2): enabling free space tree
[  436.175890][ T8217] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  436.179034][ T8196] BTRFS info (device loop2): force clearing of disk cache
[  436.186281][ T8217] IPv6: NLM_F_CREATE should be set when creating new route
[  436.575266][ T6045] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  436.846170][ T8225] syz_tun: entered promiscuous mode
[  436.852181][ T8225] vlan2: entered promiscuous mode
[  438.080013][ T8244] loop0: detected capacity change from 0 to 512
[  438.115169][ T8244] EXT4-fs (loop0): encrypted files will use data=ordered instead of data journaling mode
[  438.184741][ T8244] EXT4-fs (loop0): 1 truncate cleaned up
[  438.193141][ T8244] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  438.379740][ T8244] fscrypt: key with description 'fscrypt:0000111122223333' has invalid payload
[  438.557901][ T5809] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  439.708294][ T8264] loop0: detected capacity change from 0 to 32768
[  439.781921][ T8264] (syz.0.723,8264,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  439.796560][ T8264] (syz.0.723,8264,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  439.825818][ T8273] netlink: 'syz.4.727': attribute type 4 has an invalid length.
[  439.909064][ T8264] JBD2: Ignoring recovery information on journal
[  440.008889][ T8273] netlink: 'syz.4.727': attribute type 4 has an invalid length.
[  440.083587][ T8264] ocfs2: Mounting device (7,0) on (node local, slot 0) with ordered data mode.
[  440.414714][ T8283] loop2: detected capacity change from 0 to 128
[  440.456575][ T5809] ocfs2: Unmounting device (7,0) on (node local)
[  440.530384][ T8283] EXT4-fs (loop2): mounting ext2 file system using the ext4 subsystem
[  440.588970][   T50] Bluetooth: hci0: command 0x0406 tx timeout
[  440.615036][ T8283] EXT4-fs (loop2): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  440.709866][ T8283] ext2 filesystem being mounted at /106/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  441.464175][ T6045] EXT4-fs (loop2): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  441.771193][ T8286] loop4: detected capacity change from 0 to 40427
[  441.849671][ T8286] F2FS-fs (loop4): Magic Mismatch, valid(0xf2f52010) - read(0x1f52010)
[  441.858426][ T8286] F2FS-fs (loop4): Can't find valid F2FS filesystem in 2th superblock
[  441.866854][ T8286] F2FS-fs (loop4): Image doesn't support compression
[  441.874042][ T8286] F2FS-fs (loop4): build fault injection type: 0x4
[  441.923730][ T8286] F2FS-fs (loop4): invalid crc value
[  442.181855][ T8294] loop1: detected capacity change from 0 to 64
[  442.250107][ T8286] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  442.269359][ T8286] F2FS-fs (loop4): Start checkpoint disabled!
[  442.300142][ T8286] F2FS-fs (loop4): f2fs_disable_checkpoint() finish, err:0
[  442.353304][ T8294] minix: block size(59136) > page size(4096) not supported by filesystem
[  442.379932][ T8286] F2FS-fs (loop4): Try to recover 2th superblock, ret: 0
[  442.387701][ T8286] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  442.809863][ T3972] kworker/u8:27: attempt to access beyond end of device
[  442.809863][ T3972] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  442.830593][ T3972] CPU: 1 UID: 0 PID: 3972 Comm: kworker/u8:27 Not tainted syzkaller #0 PREEMPT(none) 
[  442.830743][ T3972] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  442.830859][ T3972] Workqueue: writeback wb_workfn (flush-7:4)
[  442.831035][ T3972] Call Trace:
[  442.831085][ T3972]  <TASK>
[  442.831138][ T3972]  __dump_stack+0x26/0x30
[  442.831313][ T3972]  dump_stack_lvl+0x14c/0x1c0
[  442.831490][ T3972]  dump_stack+0x1e/0x25
[  442.831646][ T3972]  f2fs_handle_critical_error+0xa6f/0xc20
[  442.831883][ T3972]  f2fs_stop_checkpoint+0x65/0x80
[  442.832081][ T3972]  f2fs_write_end_io+0x101c/0x1bc0
[  442.832331][ T3972]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  442.832530][ T3972]  bio_endio+0xf96/0x10f0
[  442.832687][ T3972]  submit_bio_noacct+0x2009/0x2930
[  442.832902][ T3972]  submit_bio+0x57c/0x630
[  442.833066][ T3972]  f2fs_submit_write_bio+0x92/0x250
[  442.833257][ T3972]  __submit_merged_bio+0x16f/0x6a0
[  442.833434][ T3972]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  442.833655][ T3972]  __submit_merged_write_cond+0x44a/0x990
[  442.833862][ T3972]  f2fs_write_data_pages+0x4cf3/0x57a0
[  442.834215][ T3972]  ? kmsan_get_metadata+0xfb/0x160
[  442.834415][ T3972]  ? list_lru_add+0x197/0x8b0
[  442.834557][ T3972]  ? __msan_warning+0x1b/0x30
[  442.834724][ T3972]  ? filter_irq_stacks+0x13f/0x190
[  442.834893][ T3972]  ? kmsan_get_metadata+0xfb/0x160
[  442.835087][ T3972]  ? kmsan_internal_set_shadow_origin+0x7a/0x110
[  442.835280][ T3972]  ? kmsan_get_metadata+0xfb/0x160
[  442.835466][ T3972]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  442.835685][ T3972]  ? kmsan_get_metadata+0xfb/0x160
[  442.835885][ T3972]  ? kmsan_get_metadata+0xfb/0x160
[  442.836083][ T3972]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  442.836292][ T3972]  ? kmsan_get_metadata+0xfb/0x160
[  442.836487][ T3972]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  442.836686][ T3972]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  442.836884][ T3972]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  442.837079][ T3972]  do_writepages+0x3f2/0x860
[  442.837219][ T3972]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  442.837423][ T3972]  ? writeback_sb_inodes+0x21/0x1f10
[  442.837585][ T3972]  ? kmsan_get_metadata+0xfb/0x160
[  442.837795][ T3972]  __writeback_single_inode+0x101/0x1190
[  442.837979][ T3972]  ? kmsan_get_metadata+0xfb/0x160
[  442.838199][ T3972]  writeback_sb_inodes+0xb2d/0x1f10
[  442.838475][ T3972]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  442.838708][ T3972]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  442.838927][ T3972]  wb_writeback+0x4ce/0xc00
[  442.839110][ T3972]  ? queue_io+0x4c1/0x790
[  442.839286][ T3972]  wb_workfn+0x397/0x1910
[  442.839431][ T3972]  ? kmsan_get_metadata+0xfb/0x160
[  442.839652][ T3972]  ? __pfx_wb_workfn+0x10/0x10
[  442.839787][ T3972]  process_scheduled_works+0xb91/0x1d80
[  442.840058][ T3972]  worker_thread+0xedf/0x1590
[  442.840246][ T3972]  kthread+0xd5c/0xf00
[  442.840390][ T3972]  ? __pfx_worker_thread+0x10/0x10
[  442.840559][ T3972]  ? __pfx_kthread+0x10/0x10
[  442.840711][ T3972]  ret_from_fork+0x208/0x710
[  442.840900][ T3972]  ? __switch_to+0x53d/0x790
[  442.841083][ T3972]  ? __pfx_kthread+0x10/0x10
[  442.841241][ T3972]  ret_from_fork_asm+0x1a/0x30
[  442.841445][ T3972]  </TASK>
[  443.166453][ T3972] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  443.669081][ T8294] Trying to free block not in datazone
[  443.674745][ T8294] Trying to free block not in datazone
[  443.680717][ T8294] Trying to free block not in datazone
[  443.686333][ T8294] Trying to free block not in datazone
[  444.116154][ T8311] loop1: detected capacity change from 0 to 128
[  444.653533][ T8318] netlink: 'syz.3.745': attribute type 12 has an invalid length.
[  444.921095][ T8322] loop1: detected capacity change from 0 to 128
[  445.095694][ T8322] syz.1.744: attempt to access beyond end of device
[  445.095694][ T8322] loop1: rw=2049, sector=138, nr_sectors = 2 limit=128
[  446.808092][ T8352] netlink: 27 bytes leftover after parsing attributes in process `syz.3.753'.
[  447.489348][ T8363] netlink: 80 bytes leftover after parsing attributes in process `syz.1.757'.
[  447.502706][ T8363] netlink: 80 bytes leftover after parsing attributes in process `syz.1.757'.
[  449.058989][ T8377] loop1: detected capacity change from 0 to 32768
[  449.126186][ T8377] XFS (loop1): Mounting V5 Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4
[  449.618037][ T8377] XFS (loop1): Starting recovery (logdev: internal)
[  449.627855][  T793] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  449.709597][ T8377] XFS (loop1): Ending recovery (logdev: internal)
[  449.776314][ T8377] XFS (loop1): Corruption warning: Metadata has LSN (8192:64) ahead of current LSN (1:192). Please unmount and run xfs_repair (>= v4.3) to resolve.
[  449.798054][ T8377] XFS (loop1): Metadata CRC error detected at xfs_allocbt_read_verify+0xaf/0x2d0, xfs_bnobt block 0x4 
[  449.810034][ T8377] XFS (loop1): Unmount and run xfs_repair
[  449.816001][ T8377] XFS (loop1): First 128 bytes of corrupted metadata buffer:
[  449.823790][ T8377] 00000000: 53 55 4d 59 00 00 00 02 ff ff ff ff ff ff ff ff  SUMY............
[  449.833415][ T8377] 00000010: 00 00 00 00 00 00 00 04 00 00 20 00 00 00 00 40  .......... ....@
[  449.842872][ T8377] 00000020: 9f 91 83 2a 3b 79 45 c3 9d 6d ed 0b c7 35 7f e4  ...*;yE..m...5..
[  449.850537][  T793] usb 5-1: Using ep0 maxpacket: 8
[  449.852844][ T8377] 00000030: 00 00 00 00 25 47 cc 81 00 00 00 0d 00 00 00 03  ....%G..........
[  449.866848][ T8377] 00000040: 00 00 0e a8 00 00 11 58 00 00 00 00 00 00 00 00  .......X........
[  449.876301][ T8377] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  449.889665][ T8377] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  449.900077][ T8377] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  449.909653][ T8377] XFS (loop1): metadata I/O error in "xfs_btree_read_buf_block+0x33d/0x5f0" at daddr 0x4 len 4 error 74
[  449.911612][ T8398] loop2: detected capacity change from 0 to 512
[  449.922591][ T8377] XFS (loop1): page discard on page ffffea0005e54c00, inode 0x1d06, pos 67584.
[  449.948683][ T8377] XFS (loop1): Corruption warning: Metadata has LSN (8192:64) ahead of current LSN (1:192). Please unmount and run xfs_repair (>= v4.3) to resolve.
[  449.964237][ T8377] XFS (loop1): Metadata CRC error detected at xfs_allocbt_read_verify+0xaf/0x2d0, xfs_bnobt block 0x4 
[  449.976045][ T8377] XFS (loop1): Unmount and run xfs_repair
[  449.982378][ T8377] XFS (loop1): First 128 bytes of corrupted metadata buffer:
[  449.994686][ T8377] 00000000: 53 55 4d 59 00 00 00 02 ff ff ff ff ff ff ff ff  SUMY............
[  450.005078][ T8377] 00000010: 00 00 00 00 00 00 00 04 00 00 20 00 00 00 00 40  .......... ....@
[  450.014464][ T8377] 00000020: 9f 91 83 2a 3b 79 45 c3 9d 6d ed 0b c7 35 7f e4  ...*;yE..m...5..
[  450.023769][ T8377] 00000030: 00 00 00 00 25 47 cc 81 00 00 00 0d 00 00 00 03  ....%G..........
[  450.033130][ T8377] 00000040: 00 00 0e a8 00 00 11 58 00 00 00 00 00 00 00 00  .......X........
[  450.033235][  T793] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  450.042506][ T8377] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  450.042627][ T8377] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  450.042736][ T8377] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  450.042851][ T8377] XFS (loop1): metadata I/O error in "xfs_btree_read_buf_block+0x33d/0x5f0" at daddr 0x4 len 4 error 74
[  450.054301][  T793] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  450.065003][ T8377] XFS (loop1): page discard on page ffffea0006383780, inode 0x1d06, pos 98304.
[  450.072723][  T793] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  450.086626][ T8377] XFS (loop1): Corruption warning: Metadata has LSN (8192:64) ahead of current LSN (1:192). Please unmount and run xfs_repair (>= v4.3) to resolve.
[  450.145471][ T8377] XFS (loop1): Metadata CRC error detected at xfs_allocbt_read_verify+0xaf/0x2d0, xfs_bnobt block 0x4 
[  450.157912][ T8377] XFS (loop1): Unmount and run xfs_repair
[  450.164057][ T8377] XFS (loop1): First 128 bytes of corrupted metadata buffer:
[  450.172129][ T8377] 00000000: 53 55 4d 59 00 00 00 02 ff ff ff ff ff ff ff ff  SUMY............
[  450.181867][ T8377] 00000010: 00 00 00 00 00 00 00 04 00 00 20 00 00 00 00 40  .......... ....@
[  450.196968][ T8377] 00000020: 9f 91 83 2a 3b 79 45 c3 9d 6d ed 0b c7 35 7f e4  ...*;yE..m...5..
[  450.206436][ T8377] 00000030: 00 00 00 00 25 47 cc 81 00 00 00 0d 00 00 00 03  ....%G..........
[  450.215883][ T8377] 00000040: 00 00 0e a8 00 00 11 58 00 00 00 00 00 00 00 00  .......X........
[  450.225405][ T8377] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  450.235147][ T8377] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  450.243120][ T8398] EXT4-fs: Ignoring removed nobh option
[  450.244923][ T8377] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  450.259411][ T8377] XFS (loop1): metadata I/O error in "xfs_btree_read_buf_block+0x33d/0x5f0" at daddr 0x4 len 4 error 74
[  450.272244][ T8377] XFS (loop1): page discard on page ffffea0005e4ffc0, inode 0x1d06, pos 131072.
[  450.296819][ T8398] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  450.438861][ T8398] EXT4-fs (loop2): 1 truncate cleaned up
[  450.446967][ T8398] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  450.486595][  T793] usb 5-1: config 0 descriptor??
[  450.565124][ T8406] netlink: 4 bytes leftover after parsing attributes in process `syz.0.771'.
[  450.666030][ T3972] XFS (loop1): Corruption warning: Metadata has LSN (8192:64) ahead of current LSN (1:192). Please unmount and run xfs_repair (>= v4.3) to resolve.
[  450.685167][ T3972] XFS (loop1): Metadata CRC error detected at xfs_allocbt_read_verify+0xaf/0x2d0, xfs_bnobt block 0x4 
[  450.698445][ T3972] XFS (loop1): Unmount and run xfs_repair
[  450.708837][ T3972] XFS (loop1): First 128 bytes of corrupted metadata buffer:
[  450.716639][ T3972] 00000000: 53 55 4d 59 00 00 00 02 ff ff ff ff ff ff ff ff  SUMY............
[  450.727366][ T3972] 00000010: 00 00 00 00 00 00 00 04 00 00 20 00 00 00 00 40  .......... ....@
[  450.736507][ T3972] 00000020: 9f 91 83 2a 3b 79 45 c3 9d 6d ed 0b c7 35 7f e4  ...*;yE..m...5..
[  450.745948][ T3972] 00000030: 00 00 00 00 25 47 cc 81 00 00 00 0d 00 00 00 03  ....%G..........
[  450.755465][ T3972] 00000040: 00 00 0e a8 00 00 11 58 00 00 00 00 00 00 00 00  .......X........
[  450.764892][ T3972] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  450.774337][ T3972] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  450.783719][ T3972] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  450.793171][ T3972] XFS (loop1): metadata I/O error in "xfs_btree_read_buf_block+0x33d/0x5f0" at daddr 0x4 len 4 error 74
[  450.809936][ T3972] XFS (loop1): page discard on page ffffea00063bdde0, inode 0x1d06, pos 2048.
[  450.829344][ T5852] loop1: writeback error on inode 7430, offset 0, sector 14980
[  450.894356][  T793] iowarrior 5-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  450.948788][ T6045] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  451.005897][ T3972] XFS (loop1): Corruption warning: Metadata has LSN (8192:64) ahead of current LSN (1:192). Please unmount and run xfs_repair (>= v4.3) to resolve.
[  451.031452][ T3972] XFS (loop1): Metadata CRC error detected at xfs_allocbt_read_verify+0xaf/0x2d0, xfs_bnobt block 0x4 
[  451.045597][ T3972] XFS (loop1): Unmount and run xfs_repair
[  451.052058][ T3972] XFS (loop1): First 128 bytes of corrupted metadata buffer:
[  451.059727][ T3972] 00000000: 53 55 4d 59 00 00 00 02 ff ff ff ff ff ff ff ff  SUMY............
[  451.069072][ T3972] 00000010: 00 00 00 00 00 00 00 04 00 00 20 00 00 00 00 40  .......... ....@
[  451.079175][ T3972] 00000020: 9f 91 83 2a 3b 79 45 c3 9d 6d ed 0b c7 35 7f e4  ...*;yE..m...5..
[  451.088624][ T3972] 00000030: 00 00 00 00 25 47 cc 81 00 00 00 0d 00 00 00 03  ....%G..........
[  451.098292][ T3972] 00000040: 00 00 0e a8 00 00 11 58 00 00 00 00 00 00 00 00  .......X........
[  451.107809][ T3972] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  451.126456][ T3972] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  451.138476][ T3972] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  451.147818][ T3972] XFS (loop1): metadata I/O error in "xfs_btree_read_buf_block+0x33d/0x5f0" at daddr 0x4 len 4 error 74
[  451.160223][ T3972] XFS (loop1): page discard on page ffffea00063bcbc0, inode 0x1d06, pos 12288.
[  451.183495][  T793] usb 5-1: USB disconnect, device number 12
[  451.227115][ T3972] XFS (loop1): Corruption warning: Metadata has LSN (8192:64) ahead of current LSN (1:192). Please unmount and run xfs_repair (>= v4.3) to resolve.
[  451.246469][ T3972] XFS (loop1): Metadata CRC error detected at xfs_allocbt_read_verify+0xaf/0x2d0, xfs_bnobt block 0x4 
[  451.259963][ T3972] XFS (loop1): Unmount and run xfs_repair
[  451.267682][ T3972] XFS (loop1): First 128 bytes of corrupted metadata buffer:
[  451.275579][ T3972] 00000000: 53 55 4d 59 00 00 00 02 ff ff ff ff ff ff ff ff  SUMY............
[  451.285961][ T3972] 00000010: 00 00 00 00 00 00 00 04 00 00 20 00 00 00 00 40  .......... ....@
[  451.295352][ T3972] 00000020: 9f 91 83 2a 3b 79 45 c3 9d 6d ed 0b c7 35 7f e4  ...*;yE..m...5..
[  451.304791][ T3972] 00000030: 00 00 00 00 25 47 cc 81 00 00 00 0d 00 00 00 03  ....%G..........
[  451.314239][ T3972] 00000040: 00 00 0e a8 00 00 11 58 00 00 00 00 00 00 00 00  .......X........
[  451.332630][ T3972] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  451.344596][ T3972] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  451.356483][ T3972] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  451.366343][ T3972] XFS (loop1): metadata I/O error in "xfs_btree_read_buf_block+0x33d/0x5f0" at daddr 0x4 len 4 error 74
[  451.379095][ T3972] XFS (loop1): page discard on page ffffea0005a5c940, inode 0x1d06, pos 49152.
[  451.397900][ T5801] XFS (loop1): Unmounting Filesystem 9f91832a-3b79-45c3-9d6d-ed0bc7357fe4
[  451.412479][ T5801] XFS (loop1): Uncorrected metadata errors detected; please run xfs_repair.
[  451.728393][ T5853] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  451.761392][ T8414] vlan2: entered promiscuous mode
[  451.766763][ T8414] macvtap0: entered promiscuous mode
[  451.927776][ T5853] usb 3-1: Using ep0 maxpacket: 32
[  452.000808][ T5853] usb 3-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=d4.15
[  452.010856][ T5853] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  452.019416][ T5853] usb 3-1: Product: syz
[  452.023797][ T5853] usb 3-1: Manufacturer: syz
[  452.029190][ T5853] usb 3-1: SerialNumber: syz
[  452.180123][ T5853] usb 3-1: config 0 descriptor??
[  452.446911][ T5853] RobotFuzz Open Source InterFace, OSIF 3-1:0.0: version d4.15 found at bus 003 address 002
[  453.406583][ T5858] usb 3-1: USB disconnect, device number 2
[  455.038526][ T8461] loop2: detected capacity change from 0 to 64
[  455.277630][ T8461] hfs: request for non-existent node 131072 in B*Tree
[  455.284858][ T8461] hfs: request for non-existent node 131072 in B*Tree
[  456.253441][ T8469] loop1: detected capacity change from 0 to 32768
[  456.264892][ T8469] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.796 (8469)
[  456.308841][ T8469] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  456.319756][ T8469] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  456.479544][ T8469] BTRFS info (device loop1): rebuilding free space tree
[  456.507054][ T8469] BTRFS info (device loop1): disabling free space tree
[  456.514814][ T8469] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  456.525127][ T8469] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  456.566395][ T8469] BTRFS info (device loop1): setting nodatasum
[  456.573469][ T8469] BTRFS info (device loop1): setting nodatacow
[  456.580027][ T8469] BTRFS info (device loop1): turning off barriers
[  456.586730][ T8469] BTRFS info (device loop1): force clearing of disk cache
[  456.614818][ T5858] usb 4-1: new high-speed USB device number 8 using dummy_hcd
[  456.857890][ T5858] usb 4-1: Using ep0 maxpacket: 32
[  456.887748][ T5801] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  456.897581][ T5858] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  456.909675][ T5858] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  456.920212][ T5858] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  456.935231][ T5858] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  456.964456][ T5858] usb 4-1: config 0 descriptor??
[  457.129186][ T8495] netlink: 'syz.0.800': attribute type 1 has an invalid length.
[  457.218049][ T5858] usbhid 4-1:0.0: can't add hid device: -71
[  457.224700][ T5858] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  457.237980][ T8495] 8021q: adding VLAN 0 to HW filter on device bond1
[  457.248737][ T5858] usb 4-1: USB disconnect, device number 8
[  457.378449][ T8497] netlink: 4 bytes leftover after parsing attributes in process `syz.0.800'.
[  457.496771][ T8497] bond1 (unregistering): Released all slaves
[  458.061467][ T8505] loop4: detected capacity change from 0 to 1024
[  458.108530][ T8505] EXT4-fs: Ignoring removed orlov option
[  458.239391][ T8505] EXT4-fs (loop4): stripe (2) is not aligned with cluster size (16), stripe is disabled
[  458.467306][ T8505] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  458.616918][ T8513] batman_adv: batadv0: Adding interface: dummy0
[  458.628603][ T8513] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  458.654933][ T8513] batman_adv: batadv0: Interface activated: dummy0
[  458.947100][ T8515] batadv0: mtu less than device minimum
[  458.956250][ T8515] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  458.969651][ T8515] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  458.983188][ T8515] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  458.998805][ T8515] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  459.012371][ T8515] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  459.025879][ T8515] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  459.039637][ T8515] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  459.052906][ T8515] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  459.066299][ T8515] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320)
[  459.070273][ T8509] loop2: detected capacity change from 0 to 32768
[  459.159025][ T8509] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.806 (8509)
[  459.192074][ T8509] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  459.209515][ T8509] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm
[  459.274956][ T5814] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  459.497711][ T8509] BTRFS info (device loop2): setting nodatasum
[  459.504144][ T8509] BTRFS info (device loop2): disabling tree log
[  459.515350][ T8509] BTRFS info (device loop2): enabling free space tree
[  459.522765][ T8509] BTRFS info (device loop2): max_inline set to 0
[  459.732558][ T6045] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  460.447523][ T5853] usb 4-1: new high-speed USB device number 9 using dummy_hcd
[  460.618017][ T5853] usb 4-1: Using ep0 maxpacket: 32
[  460.671012][ T5853] usb 4-1: config 0 has an invalid interface number: 132 but max is 0
[  460.680290][ T5853] usb 4-1: config 0 has no interface number 0
[  460.686800][ T5853] usb 4-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0
[  460.741056][ T5853] usb 4-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5
[  460.750995][ T5853] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  460.759866][ T5853] usb 4-1: Product: syz
[  460.764310][ T5853] usb 4-1: Manufacturer: syz
[  460.769353][ T5853] usb 4-1: SerialNumber: syz
[  460.780772][ T5853] usb 4-1: config 0 descriptor??
[  460.802397][ T5853] em28xx 4-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132)
[  460.812866][ T5853] em28xx 4-1:0.132: Video interface 132 found:
[  461.210044][ T5853] em28xx 4-1:0.132: unknown em28xx chip ID (0)
[  461.626159][ T5853] em28xx 4-1:0.132: reading from i2c device at 0xa0 failed: couldn't get the received message from the bridge (error=-5)
[  461.646609][ T5853] em28xx 4-1:0.132: board has no eeprom
[  461.797798][ T5853] em28xx 4-1:0.132: Identified as Leadtek Winfast USB II (card=7)
[  461.806383][ T5853] em28xx 4-1:0.132: analog set to bulk mode.
[  461.814850][ T5852] em28xx 4-1:0.132: Registering V4L2 extension
[  461.879456][ T5853] usb 4-1: USB disconnect, device number 9
[  461.887585][ T5853] em28xx 4-1:0.132: Disconnecting em28xx
[  463.492942][ T5852] em28xx 4-1:0.132: Config register raw data: 0xffffffed
[  463.500532][ T5852] em28xx 4-1:0.132: AC97 chip type couldn't be determined
[  463.511606][ T5852] em28xx 4-1:0.132: No AC97 audio processor
[  463.553432][ T5852] usb 4-1: Decoder not found
[  463.558502][ T5852] em28xx 4-1:0.132: failed to create media graph
[  463.565100][ T5852] em28xx 4-1:0.132: V4L2 device video103 deregistered
[  463.594615][ T5852] em28xx 4-1:0.132: Remote control support is not available for this card.
[  463.623938][ T5853] em28xx 4-1:0.132: Closing input extension
[  463.651410][ T5853] em28xx 4-1:0.132: Freeing device
[  463.859895][   T30] audit: type=1326 audit(1768721096.735:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8581 comm="syz.2.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5312d8f749 code=0x7ffc0000
[  463.884020][   T30] audit: type=1326 audit(1768721096.745:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8581 comm="syz.2.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=27 compat=0 ip=0x7f5312d8f749 code=0x7ffc0000
[  463.915472][   T30] audit: type=1326 audit(1768721096.745:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8581 comm="syz.2.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5312d8f749 code=0x7ffc0000
[  463.944315][   T30] audit: type=1326 audit(1768721096.825:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8581 comm="syz.2.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5312d8f749 code=0x7ffc0000
[  464.067614][   T30] audit: type=1326 audit(1768721096.855:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8581 comm="syz.2.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=144 compat=0 ip=0x7f5312d8f749 code=0x7ffc0000
[  464.090814][   T30] audit: type=1326 audit(1768721096.855:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8581 comm="syz.2.826" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5312d8f749 code=0x7ffc0000
[  464.524314][ T8590] sch_tbf: burst 19872 is lower than device lo mtu (65550) !
[  465.182619][ T8600] loop2: detected capacity change from 0 to 512
[  465.291576][ T8600] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  465.341727][ T8600] EXT4-fs (loop2): 1 truncate cleaned up
[  465.354246][ T8600] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  465.705863][ T6045] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  465.837500][ T5858] usb 1-1: new high-speed USB device number 9 using dummy_hcd
[  466.967527][ T5858] usb 1-1: Using ep0 maxpacket: 32
[  466.980245][ T5858] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86
[  466.998227][ T5858] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7
[  467.013058][ T5858] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0
[  467.023309][ T5858] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11
[  467.035045][ T5858] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024
[  467.079467][ T8610] loop2: detected capacity change from 0 to 40427
[  467.148544][ T8610] F2FS-fs (loop2): invalid crc value
[  467.169627][ T8619] loop3: detected capacity change from 0 to 2048
[  467.263209][ T8619] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  467.467101][ T8625] loop4: detected capacity change from 0 to 256
[  467.534338][ T8625] FAT-fs (loop4): bogus number of FAT sectors
[  467.540982][ T8625] FAT-fs (loop4): Can't find a valid FAT filesystem
[  467.545777][ T8610] F2FS-fs (loop2): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  467.560107][ T5858] usb 1-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36
[  467.569720][ T5858] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  467.578101][ T5858] usb 1-1: Product: syz
[  467.582483][ T5858] usb 1-1: Manufacturer: syz
[  467.587393][ T5858] usb 1-1: SerialNumber: syz
[  467.594981][ T8610] F2FS-fs (loop2): Start checkpoint disabled!
[  467.613955][ T5858] usb 1-1: config 0 descriptor??
[  467.624483][ T8610] F2FS-fs (loop2): f2fs_disable_checkpoint() finish, err:0
[  467.651901][ T8610] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  467.902509][ T3633] kworker/u8:21: attempt to access beyond end of device
[  467.902509][ T3633] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  467.920195][ T3633] CPU: 0 UID: 0 PID: 3633 Comm: kworker/u8:21 Tainted: G             L      syzkaller #0 PREEMPT(none) 
[  467.920374][ T3633] Tainted: [L]=SOFTLOCKUP
[  467.920423][ T3633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  467.920525][ T3633] Workqueue: writeback wb_workfn (flush-7:2)
[  467.920689][ T3633] Call Trace:
[  467.920738][ T3633]  <TASK>
[  467.920784][ T3633]  __dump_stack+0x26/0x30
[  467.920941][ T3633]  dump_stack_lvl+0x14c/0x1c0
[  467.921099][ T3633]  dump_stack+0x1e/0x25
[  467.921255][ T3633]  f2fs_handle_critical_error+0xa6f/0xc20
[  467.921463][ T3633]  f2fs_stop_checkpoint+0x65/0x80
[  467.921645][ T3633]  f2fs_write_end_io+0x101c/0x1bc0
[  467.921878][ T3633]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  467.923389][ T3633]  bio_endio+0xf96/0x10f0
[  467.923537][ T3633]  submit_bio_noacct+0x2009/0x2930
[  467.923739][ T3633]  submit_bio+0x57c/0x630
[  467.923900][ T3633]  f2fs_submit_write_bio+0x92/0x250
[  467.924091][ T3633]  __submit_merged_bio+0x16f/0x6a0
[  467.924280][ T3633]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  467.924498][ T3633]  __submit_merged_write_cond+0x44a/0x990
[  467.924707][ T3633]  f2fs_write_data_pages+0x4cf3/0x57a0
[  467.925034][ T3633]  ? kmsan_get_metadata+0xfb/0x160
[  467.925234][ T3633]  ? kmsan_get_metadata+0xfb/0x160
[  467.925433][ T3633]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  467.925632][ T3633]  ? kmsan_get_metadata+0xfb/0x160
[  467.925821][ T3633]  ? kmsan_get_metadata+0xfb/0x160
[  467.926034][ T3633]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  467.926257][ T3633]  ? kmsan_get_metadata+0xfb/0x160
[  467.926460][ T3633]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  467.926667][ T3633]  ? kmsan_get_metadata+0xfb/0x160
[  467.926871][ T3633]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  467.927078][ T3633]  ? kmsan_get_metadata+0xfb/0x160
[  467.927284][ T3633]  ? kmsan_get_metadata+0xfb/0x160
[  467.927482][ T3633]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  467.927678][ T3633]  ? kmsan_get_metadata+0xfb/0x160
[  467.927878][ T3633]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  467.928081][ T3633]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  467.928298][ T3633]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  467.928491][ T3633]  do_writepages+0x3f2/0x860
[  467.928645][ T3633]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  467.928851][ T3633]  ? writeback_sb_inodes+0x21/0x1f10
[  467.929024][ T3633]  ? kmsan_get_metadata+0xfb/0x160
[  467.929268][ T3633]  __writeback_single_inode+0x101/0x1190
[  467.929449][ T3633]  ? kmsan_get_metadata+0xfb/0x160
[  467.929663][ T3633]  writeback_sb_inodes+0xb2d/0x1f10
[  467.929933][ T3633]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  467.930150][ T3633]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  467.930391][ T3633]  wb_writeback+0x4ce/0xc00
[  467.930593][ T3633]  ? queue_io+0x4c1/0x790
[  467.930750][ T3633]  wb_workfn+0x397/0x1910
[  467.930887][ T3633]  ? kmsan_get_metadata+0xfb/0x160
[  467.931097][ T3633]  ? __pfx_wb_workfn+0x10/0x10
[  467.931239][ T3633]  process_scheduled_works+0xb91/0x1d80
[  467.931525][ T3633]  worker_thread+0xedf/0x1590
[  467.931696][ T3633]  kthread+0xd5c/0xf00
[  467.931830][ T3633]  ? __pfx_worker_thread+0x10/0x10
[  467.931988][ T3633]  ? __pfx_kthread+0x10/0x10
[  467.932127][ T3633]  ret_from_fork+0x208/0x710
[  467.932316][ T3633]  ? __switch_to+0x53d/0x790
[  467.932471][ T3633]  ? __pfx_kthread+0x10/0x10
[  467.932619][ T3633]  ret_from_fork_asm+0x1a/0x30
[  467.932827][ T3633]  </TASK>
[  468.280029][ T3633] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  468.441057][ T5808] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  468.483398][ T5858] iforce 1-1:0.0: usb_submit_urb failed: -32
[  468.491517][ T5858] input input9: Device does not respond to id packet M
[  468.594518][ T5858] iforce 1-1:0.0: usb_submit_urb failed: -32
[  468.602609][ T5858] input input9: Device does not respond to id packet P
[  468.668507][ T5858] iforce 1-1:0.0: usb_submit_urb failed: -32
[  468.675321][ T5858] input input9: Device does not respond to id packet B
[  468.788485][ T5858] input input9: Limiting number of effects to 32 (device reports 214)
[  468.934392][ T5858] iforce 1-1:0.0: usb_submit_urb failed: -71
[  469.011301][ T5858] iforce 1-1:0.0: usb_submit_urb failed: -71
[  469.048217][ T5858] iforce 1-1:0.0: usb_submit_urb failed: -71
[  469.089429][ T5858] iforce 1-1:0.0: usb_submit_urb failed: -71
[  469.100035][ T5858] input: Unknown I-Force Device [%04x:%04x] as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input9
[  469.186936][ T5858] usb 1-1: USB disconnect, device number 9
[  469.964153][ T8640] overlayfs: failed to get inode (-116)
[  469.986258][ T8640] overlayfs: failed to get inode (-116)
[  473.152742][ T8686] syzkaller1: entered promiscuous mode
[  473.158819][ T8686] syzkaller1: entered allmulticast mode
[  473.415099][ T3489] Bluetooth: hci5: Frame reassembly failed (-84)
[  473.679795][ T8693] loop4: detected capacity change from 0 to 1024
[  474.215762][ T3489] hfsplus: b-tree write err: -5, ino 4
[  475.468555][   T50] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  475.663483][ T8724] loop3: detected capacity change from 0 to 512
[  475.704295][ T8724] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  475.819182][ T8724] EXT4-fs (loop3): 1 truncate cleaned up
[  475.828181][ T8724] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  476.043380][ T8734] netlink: 12 bytes leftover after parsing attributes in process `syz.1.881'.
[  476.287090][ T5808] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  477.550397][ T8747] loop1: detected capacity change from 0 to 32768
[  477.563079][ T8747] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.886 (8747)
[  477.613262][ T8747] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  477.625161][ T8747] BTRFS info (device loop1): using sha256 (sha256-lib) checksum algorithm
[  477.860628][ T8747] BTRFS info (device loop1): enabling ssd optimizations
[  477.868515][ T8747] BTRFS info (device loop1): turning on async discard
[  477.875521][ T8747] BTRFS info (device loop1): enabling free space tree
[  478.094637][ T5801] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  478.128387][ T8770] loop2: detected capacity change from 0 to 512
[  478.188313][ T8770] EXT4-fs: Ignoring removed bh option
[  478.323391][ T8770] EXT4-fs error (device loop2): ext4_orphan_get:1391: inode #15: comm syz.2.889: iget: bad i_size value: 38620345925642
[  478.411186][ T8770] EXT4-fs error (device loop2): ext4_orphan_get:1396: comm syz.2.889: couldn't read orphan inode 15 (err -117)
[  478.448683][ T8770] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  478.641220][ T8770] EXT4-fs error (device loop2): ext4_validate_block_bitmap:432: comm syz.2.889: bg 0: block 5: invalid block bitmap
[  478.655765][ T5853] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  478.730078][ T8770] EXT4-fs (loop2): Delayed block allocation failed for inode 19 at logical offset 2 with max blocks 6 with error 28
[  478.743478][ T8770] EXT4-fs (loop2): This should not happen!! Data will be lost
[  478.743478][ T8770] 
[  478.754337][ T8770] EXT4-fs (loop2): Total free blocks count 0
[  478.764057][ T8770] EXT4-fs (loop2): Free/Dirty block details
[  478.771520][ T8770] EXT4-fs (loop2): free_blocks=0
[  478.776707][ T8770] EXT4-fs (loop2): dirty_blocks=66
[  478.782199][ T8770] EXT4-fs (loop2): Block reservation details
[  478.788840][ T8770] EXT4-fs (loop2): i_reserved_data_blocks=66
[  478.899075][ T5853] usb 5-1: Using ep0 maxpacket: 16
[  478.984811][ T8764] loop3: detected capacity change from 0 to 40427
[  479.026077][ T5853] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06
[  479.035823][ T5853] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  479.040561][ T8764] F2FS-fs (loop3): invalid crc value
[  479.044706][ T5853] usb 5-1: Product: syz
[  479.054014][ T5853] usb 5-1: Manufacturer: syz
[  479.059296][ T5853] usb 5-1: SerialNumber: syz
[  479.161521][ T5853] r8152-cfgselector 5-1: Unknown version 0x0000
[  479.171991][ T5853] r8152-cfgselector 5-1: config 0 descriptor??
[  479.436398][ T8764] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  479.450071][ T8764] F2FS-fs (loop3): Start checkpoint disabled!
[  479.460222][ T3629] EXT4-fs (loop2): Delayed block allocation failed for inode 19 at logical offset 8 with max blocks 60 with error 28
[  479.461800][ T8764] F2FS-fs (loop3): f2fs_disable_checkpoint() finish, err:0
[  479.491493][ T8764] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  479.554525][   T30] audit: type=1800 audit(1768721112.435:32): pid=8764 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.888" name="file1" dev="loop3" ino=10 res=0 errno=0
[  479.645732][ T8772] loop4: detected capacity change from 0 to 512
[  479.705046][ T8772] EXT4-fs: Ignoring removed bh option
[  479.711336][ T8772] EXT4-fs: Ignoring removed mblk_io_submit option
[  479.735978][ T3527] kworker/u8:16: attempt to access beyond end of device
[  479.735978][ T3527] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  479.750605][ T3527] CPU: 0 UID: 0 PID: 3527 Comm: kworker/u8:16 Tainted: G             L      syzkaller #0 PREEMPT(none) 
[  479.750801][ T3527] Tainted: [L]=SOFTLOCKUP
[  479.750865][ T3527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  479.750979][ T3527] Workqueue: writeback wb_workfn (flush-7:3)
[  479.751162][ T3527] Call Trace:
[  479.751215][ T3527]  <TASK>
[  479.751267][ T3527]  __dump_stack+0x26/0x30
[  479.751443][ T3527]  dump_stack_lvl+0x14c/0x1c0
[  479.751625][ T3527]  dump_stack+0x1e/0x25
[  479.751788][ T3527]  f2fs_handle_critical_error+0xa6f/0xc20
[  479.752040][ T3527]  f2fs_stop_checkpoint+0x65/0x80
[  479.752247][ T3527]  f2fs_write_end_io+0x101c/0x1bc0
[  479.752505][ T3527]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  479.752710][ T3527]  bio_endio+0xf96/0x10f0
[  479.752883][ T3527]  submit_bio_noacct+0x2009/0x2930
[  479.753109][ T3527]  submit_bio+0x57c/0x630
[  479.753281][ T3527]  f2fs_submit_write_bio+0x92/0x250
[  479.753468][ T3527]  __submit_merged_bio+0x16f/0x6a0
[  479.753653][ T3527]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  479.753896][ T3527]  __submit_merged_write_cond+0x44a/0x990
[  479.754115][ T3527]  f2fs_write_data_pages+0x4cf3/0x57a0
[  479.754479][ T3527]  ? f2fs_balance_fs_bg+0x11ee/0x1250
[  479.754660][ T3527]  ? stack_depot_save_flags+0x35/0x790
[  479.754844][ T3527]  ? kmsan_get_metadata+0xfb/0x160
[  479.755067][ T3527]  ? kmsan_internal_set_shadow_origin+0x7a/0x110
[  479.755253][ T3527]  ? kmsan_get_metadata+0xfb/0x160
[  479.755445][ T3527]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  479.755661][ T3527]  ? kmsan_get_metadata+0xfb/0x160
[  479.755865][ T3527]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  479.756065][ T3527]  ? kmsan_get_metadata+0xfb/0x160
[  479.756259][ T3527]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  479.756459][ T3527]  ? kmsan_get_metadata+0xfb/0x160
[  479.756656][ T3527]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  479.756861][ T3527]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  479.757058][ T3527]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  479.757255][ T3527]  do_writepages+0x3f2/0x860
[  479.757390][ T3527]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  479.757597][ T3527]  ? writeback_sb_inodes+0x21/0x1f10
[  479.757787][ T3527]  ? kmsan_get_metadata+0xfb/0x160
[  479.758014][ T3527]  __writeback_single_inode+0x101/0x1190
[  479.758199][ T3527]  ? kmsan_get_metadata+0xfb/0x160
[  479.758414][ T3527]  writeback_sb_inodes+0xb2d/0x1f10
[  479.758687][ T3527]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  479.758926][ T3527]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  479.759142][ T3527]  wb_writeback+0x4ce/0xc00
[  479.759321][ T3527]  ? queue_io+0x4c1/0x790
[  479.759500][ T3527]  wb_workfn+0x397/0x1910
[  479.759643][ T3527]  ? kmsan_get_metadata+0xfb/0x160
[  479.759871][ T3527]  ? __pfx_wb_workfn+0x10/0x10
[  479.760028][ T3527]  process_scheduled_works+0xb91/0x1d80
[  479.760314][ T3527]  worker_thread+0xedf/0x1590
[  479.760500][ T3527]  kthread+0xd5c/0xf00
[  479.760648][ T3527]  ? __pfx_worker_thread+0x10/0x10
[  479.760809][ T3527]  ? __pfx_kthread+0x10/0x10
[  479.760970][ T3527]  ret_from_fork+0x208/0x710
[  479.761168][ T3527]  ? __switch_to+0x53d/0x790
[  479.761342][ T3527]  ? __pfx_kthread+0x10/0x10
[  479.761501][ T3527]  ret_from_fork_asm+0x1a/0x30
[  479.761737][ T3527]  </TASK>
[  480.083871][ T3527] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  480.441094][ T8772] EXT4-fs (loop4): couldn't mount as ext3 due to feature incompatibilities
[  480.929411][ T8780] loop0: detected capacity change from 0 to 32768
[  480.963578][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[  480.970478][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  480.989952][ T8780] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.895 (8780)
[  481.045571][ T8780] BTRFS info (device loop0): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  481.058679][ T8780] BTRFS info (device loop0): using sha256 (sha256-lib) checksum algorithm
[  481.075497][ T8780] BTRFS warning (device loop0): space cache v1 is being deprecated and will be removed in a future release, please use -o space_cache=v2
[  481.109238][ T5852] r8152-cfgselector 5-1: USB disconnect, device number 13
[  481.383458][ T8790] loop1: detected capacity change from 0 to 1024
[  481.399614][ T8790] EXT4-fs (loop1): stripe (65535) is not aligned with cluster size (4096), stripe is disabled
[  481.443314][ T8780] BTRFS info (device loop0): rebuilding free space tree
[  481.466714][ T8790] EXT4-fs (loop1): revision level too high, forcing read-only mode
[  481.484002][ T8780] BTRFS info (device loop0): disabling free space tree
[  481.492101][ T8780] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  481.501992][ T8790] EXT4-fs (loop1): orphan cleanup on readonly fs
[  481.509026][ T8780] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  481.520123][ T8790] EXT4-fs error (device loop1): ext4_free_blocks:6728: comm syz.1.892: Freeing blocks not in datazone - block = 0, count = 4096
[  481.548565][ T8790] EXT4-fs (loop1): 1 orphan inode deleted
[  481.556864][ T8790] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: writeback.
[  481.580367][ T8780] BTRFS info (device loop0): checking UUID tree
[  481.604869][ T8780] BTRFS info (device loop0): setting nodatasum
[  481.611791][ T8780] BTRFS info (device loop0): setting nodatacow
[  481.619618][ T8780] BTRFS info (device loop0): enabling ssd optimizations
[  481.633537][ T8780] BTRFS info (device loop0): disabling tree log
[  481.642213][ T8780] BTRFS info (device loop0): enabling disk space caching
[  481.649708][ T8780] BTRFS info (device loop0): force clearing of disk cache
[  481.657486][ T8780] BTRFS info (device loop0): enabling auto defrag
[  481.855604][ T5809] BTRFS info (device loop0): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  482.100157][ T5801] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  484.167666][ T8829] gretap0: entered promiscuous mode
[  485.447821][ T5852] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  485.659543][ T5852] usb 5-1: Using ep0 maxpacket: 32
[  485.696382][ T5852] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  485.708284][ T5852] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  485.718566][ T5852] usb 5-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00
[  485.730737][ T5852] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  485.914329][ T5852] usb 5-1: config 0 descriptor??
[  486.216705][ T5852] usbhid 5-1:0.0: can't add hid device: -71
[  486.224545][ T5852] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[  486.289213][ T5852] usb 5-1: USB disconnect, device number 14
[  487.934638][ T8867] syz_tun: entered allmulticast mode
[  488.019642][ T8867] dvmrp8: entered allmulticast mode
[  489.082742][ T4546] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  489.142489][ T4546] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  489.170360][ T4546] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  489.180520][ T4546] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  489.195727][ T8886] loop0: detected capacity change from 0 to 128
[  489.258251][ T8886] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  489.284610][ T8886] ext4 filesystem being mounted at /187/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  489.836343][ T5809] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  492.199145][ T8928] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  492.954999][ T8941] loop1: detected capacity change from 0 to 512
[  493.069703][ T8941] EXT4-fs: Journaled quota options ignored when QUOTA feature is enabled
[  493.253807][ T8941] EXT4-fs error (device loop1): ext4_orphan_get:1391: inode #15: comm syz.1.952: iget: bad i_size value: 38620345925642
[  493.342217][ T8941] EXT4-fs error (device loop1): ext4_orphan_get:1396: comm syz.1.952: couldn't read orphan inode 15 (err -117)
[  493.441370][ T8941] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  493.508702][ T8945] ------------[ cut here ]------------
[  493.514603][ T8945] WARNING: fs/exec.c:119 at path_noexec+0x2ac/0x310, CPU#0: syz.4.953/8945
[  493.523873][ T8945] Modules linked in:
[  493.528364][ T8945] CPU: 0 UID: 0 PID: 8945 Comm: syz.4.953 Tainted: G             L      syzkaller #0 PREEMPT(none) 
[  493.540091][ T8945] Tainted: [L]=SOFTLOCKUP
[  493.544601][ T8945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  493.555094][ T8945] RIP: 0010:path_noexec+0x2ac/0x310
[  493.560782][ T8945] Code: 49 89 ff 8b 7d d4 e8 13 0d e2 ff 4c 89 ff e9 c8 fe ff ff 44 89 e7 e8 03 0d e2 ff 4d 85 ed 0f 85 a3 fe ff ff e8 c5 56 3b ff 90 <0f> 0b 90 48 8b 7d c0 4c 8b 37 e8 e5 01 e2 ff 48 8b 00 48 89 45 c8
[  493.581555][ T8945] RSP: 0018:ffff88804ff6bbc0 EFLAGS: 00010283
[  493.588246][ T8945] RAX: ffffffff82bdafeb RBX: ffff88811c98acd0 RCX: 0000000000080000
[  493.596839][ T8945] RDX: ffffc90009004000 RSI: 000000000000005d RDI: 000000000000005e
[  493.605221][ T8945] RBP: ffff88804ff6bc00 R08: ffffea000000000f R09: 0000000000000003
[  493.616328][ T8945] R10: 0000000000000003 R11: 0000000000000002 R12: 0000000000000000
[  493.625448][ T8945] R13: 0000000000000000 R14: ffff8881405927a0 R15: 0000000000000000
[  493.633862][ T8945] FS:  00007f2ad239d6c0(0000) GS:ffff8881aacf9000(0000) knlGS:0000000000000000
[  493.643239][ T8945] CS:  0010 DS: 0000 ES: 0000 CR0: 0000000080050033
[  493.650246][ T8945] CR2: 0000001b2ee24000 CR3: 000000004fe46000 CR4: 00000000003526f0
[  493.659154][ T8945] Call Trace:
[  493.662608][ T8945]  <TASK>
[  493.665718][ T8945]  do_mmap+0x1570/0x1d70
[  493.671466][ T8945]  vm_mmap_pgoff+0x40d/0x770
[  493.676448][ T8945]  ksys_mmap_pgoff+0x51b/0x7c0
[  493.681768][ T8945]  __x64_sys_mmap+0x19c/0x260
[  493.686760][ T8945]  x64_sys_call+0x1b28/0x3e70
[  493.691959][ T8945]  do_syscall_64+0xd3/0xf80
[  493.696863][ T8945]  ? clear_bhb_loop+0x40/0x90
[  493.702091][ T8945]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  493.708530][ T8945] RIP: 0033:0x7f2ad158f749
[  493.716253][ T8945] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  493.737066][ T8945] RSP: 002b:00007f2ad239d038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009
[  493.745958][ T8945] RAX: ffffffffffffffda RBX: 00007f2ad17e5fa0 RCX: 00007f2ad158f749
[  493.754345][ T8945] RDX: 0000000003000007 RSI: 0000000000002000 RDI: 0000200000ffe000
[  493.763153][ T8945] RBP: 00007f2ad1613f91 R08: 0000000000000005 R09: 0000000000000000
[  493.771494][ T8945] R10: 0000000000000011 R11: 0000000000000246 R12: 0000000000000000
[  493.780064][ T8945] R13: 00007f2ad17e6038 R14: 00007f2ad17e5fa0 R15: 00007fff222e61e8
[  493.788731][ T8945]  </TASK>
[  493.791935][ T8945] ---[ end trace 0000000000000000 ]---
[  494.129257][  T793] usb 1-1: new high-speed USB device number 10 using dummy_hcd
[  494.264071][ T8935] loop3: detected capacity change from 0 to 65536
[  494.301176][ T5801] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  494.333807][ T8935] XFS (loop3): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  494.376171][  T793] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  494.388176][  T793] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  494.398594][  T793] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  494.413153][  T793] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  494.422838][  T793] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  494.583066][ T8935] XFS (loop3): Ending clean mount
[  494.615147][  T793] usb 1-1: config 0 descriptor??
[  494.622278][ T8935] XFS (loop3): Metadata CRC error detected at xfs_agfl_read_verify+0x1b0/0x2f0, xfs_agfl block 0x3 
[  494.637639][ T8935] XFS (loop3): Unmount and run xfs_repair
[  494.643610][ T8935] XFS (loop3): First 128 bytes of corrupted metadata buffer:
[  494.652133][ T8935] 00000000: 58 41 46 4c 00 00 00 00 d6 f6 9d bd 8c 5d 46 be  XAFL.........]F.
[  494.661418][ T8935] 00000010: b8 8e 92 c0 ae 88 ce b2 00 00 00 00 00 00 00 00  ................
[  494.670892][ T8935] 00000020: 35 fc 5c 25 ff 00 ff ff 00 00 00 05 00 00 00 06  5.\%............
[  494.680382][ T8935] 00000030: 00 00 00 07 00 00 00 08 ff ff ff ff ff ff ff ff  ................
[  494.690063][ T8935] 00000040: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  494.699352][ T8935] 00000050: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  494.708653][ T8935] 00000060: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  494.718015][ T8935] 00000070: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff  ................
[  494.727118][ T8935] XFS (loop3): metadata I/O error in "xfs_alloc_read_agfl+0x242/0x460" at daddr 0x3 len 1 error 74
[  494.742887][ T8935] XFS (loop3): page discard on page ffffea0000761240, inode 0x46, pos 1024.
[  494.752968][ T5853] loop3: writeback error on inode 70, offset 0, sector 22
[  494.915227][ T5808] XFS (loop3): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  495.004122][ T5808] XFS (loop3): Uncorrected metadata errors detected; please run xfs_repair.
[  495.232807][  T793] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  495.700115][    C1] plantronics 0003:047F:FFFF.0005: hid_field_extract() called with n (132) > 32! (syz-executor)
[  495.737777][ T8971] loop1: detected capacity change from 0 to 256
[  495.781567][ T8971] exfat: Deprecated parameter 'utf8'
[  495.850301][ T8971] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xe3865569, utbl_chksum : 0xe619d30d)
[  495.919536][ T5853] usb 1-1: USB disconnect, device number 10
[  496.450520][ T8978] kvm: apic: phys broadcast and lowest prio
[  497.038856][ T8989] bridge0: entered allmulticast mode
[  497.063963][ T8989] netlink: 4 bytes leftover after parsing attributes in process `syz.1.968'.
[  497.073433][ T8989] bridge_slave_1: left allmulticast mode
[  497.079447][ T8989] bridge_slave_1: left promiscuous mode
[  497.086345][ T8989] bridge0: port 2(bridge_slave_1) entered disabled state
[  497.118926][ T8989] bridge_slave_0: left allmulticast mode
[  497.125114][ T8989] bridge_slave_0: left promiscuous mode
[  497.132240][ T8989] bridge0: port 1(bridge_slave_0) entered disabled state
[  497.386154][ T8989] bridge0 (unregistering): left allmulticast mode
[  497.484015][ T8991] loop0: detected capacity change from 0 to 256
[  497.516133][ T8993] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  497.643535][ T8991] exFAT-fs (loop0): failed to load upcase table (idx : 0x0000fe7f, chksum : 0x09066d1f, utbl_chksum : 0xe619d30d)
[  498.529337][ T8997] loop4: detected capacity change from 0 to 32768
[  498.541224][ T8997] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.971 (8997)
[  498.563334][ T8997] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  498.574108][ T8997] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm
[  498.810922][ T8997] BTRFS info (device loop4): enabling ssd optimizations
[  498.818930][ T8997] BTRFS info (device loop4): turning on async discard
[  498.826192][ T8997] BTRFS info (device loop4): enabling free space tree
[  498.946046][   T30] audit: type=1800 audit(1768721131.815:33): pid=8997 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.971" name="file1" dev="loop4" ino=260 res=0 errno=0
[  499.525705][ T5814] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  500.715742][ T9041] loop1: detected capacity change from 0 to 2048
[  500.746999][ T9041] EXT4-fs: Ignoring removed mblk_io_submit option
[  500.920895][ T9041] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  501.157542][ T9041] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.984: bg 0: block 234: padding at end of block bitmap is not set
[  501.218900][ T9041] EXT4-fs (loop1): Remounting filesystem read-only
[  501.720887][ T5801] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  502.236165][   T30] audit: type=1326 audit(1768721135.115:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9067 comm="syz.1.994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed9cf8f749 code=0x7ffc0000
[  502.260119][   T30] audit: type=1326 audit(1768721135.115:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9067 comm="syz.1.994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fed9cf8f783 code=0x7ffc0000
[  502.282874][   T30] audit: type=1326 audit(1768721135.145:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9067 comm="syz.1.994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed9cf8f749 code=0x7ffc0000
[  502.305738][   T30] audit: type=1326 audit(1768721135.145:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9067 comm="syz.1.994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fed9cf8f749 code=0x7ffc0000
[  502.533673][ T5853] hid-generic 0000:3000000:0000.0006: unknown main item tag 0x4
[  502.542060][ T5853] hid-generic 0000:3000000:0000.0006: unknown main item tag 0x2
[  502.550651][ T5853] hid-generic 0000:3000000:0000.0006: unknown main item tag 0x3
[  502.763380][ T5853] hid-generic 0000:3000000:0000.0006: hidraw0: <UNKNOWN> HID v0.00 Device [sy

] on syz0
[  503.540487][   T30] audit: type=1326 audit(1768721135.225:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9067 comm="syz.1.994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7fed9cf8f807 code=0x7ffc0000
[  503.569865][   T30] audit: type=1326 audit(1768721135.225:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9067 comm="syz.1.994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7fed9cf46bdd code=0x7ffc0000
[  503.597089][   T30] audit: type=1326 audit(1768721135.225:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9067 comm="syz.1.994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7fed9cfc3e89 code=0x7ffc0000
[  503.623909][   T30] audit: type=1326 audit(1768721135.235:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9067 comm="syz.1.994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=273 compat=0 ip=0x7fed9cf46357 code=0x7ffc0000
[  503.650949][   T30] audit: type=1326 audit(1768721135.235:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9067 comm="syz.1.994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7fed9cf463b6 code=0x7ffc0000
[  504.276799][ T9094] capability: warning: `syz.0.1005' uses 32-bit capabilities (legacy support in use)
[  505.154004][ T9097] loop3: detected capacity change from 0 to 32768
[  505.507057][ T9107] tipc: Started in network mode
[  505.512454][ T9107] tipc: Node identity 4, cluster identity 4711
[  505.519126][ T9107] tipc: Node number set to 4
[  507.586910][  T793] usb 4-1: new high-speed USB device number 10 using dummy_hcd
[  507.756648][ T9146] netlink: 'syz.1.1024': attribute type 4 has an invalid length.
[  507.811448][  T793] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  507.823185][  T793] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  507.833600][  T793] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  507.852285][  T793] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  507.863803][  T793] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  507.941368][  T793] usb 4-1: config 0 descriptor??
[  508.378471][  T793] plantronics 0003:047F:FFFF.0007: item 0 4 0 8 parsing failed
[  508.403231][  T793] plantronics 0003:047F:FFFF.0007: parse failed
[  508.410434][  T793] plantronics 0003:047F:FFFF.0007: probe with driver plantronics failed with error -22
[  508.599312][  T793] usb 4-1: USB disconnect, device number 10
[  508.990822][ T9156] loop1: detected capacity change from 0 to 4096
[  509.253300][ T9164] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  509.310610][ T9164] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  509.413094][ T9164] overlayfs: d_ino too big (., ino=4611686018427387905, xinobits=3)
[  509.421560][ T9164] overlayfs: d_ino too big (.., ino=4611686018427387905, xinobits=3)
[  509.430900][ T9164] overlayfs: d_ino too big (207, ino=9223372036854776930, xinobits=3)
[  509.440575][ T9164] overlayfs: d_ino too big (syzcgroup, ino=9223372036854775816, xinobits=3)
[  509.450537][ T9164] overlayfs: d_ino too big (syz-inputs, ino=9223372036854775815, xinobits=3)
[  509.460556][ T9164] overlayfs: d_ino too big (sys, ino=9223372036854775814, xinobits=3)
[  509.469917][ T9164] overlayfs: d_ino too big (selinux, ino=9223372036854775813, xinobits=3)
[  509.482247][ T9164] overlayfs: d_ino too big (proc, ino=9223372036854775812, xinobits=3)
[  509.492574][ T9164] overlayfs: d_ino too big (dev, ino=4611686018427387912, xinobits=3)
[  509.521089][ T9164] overlayfs: d_ino too big (kernel, ino=4611686018427389296, xinobits=3)
[  509.571209][ T9168] net_ratelimit: 10 callbacks suppressed
[  509.571288][ T9168] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1280
[  510.080913][ T9178] loop1: detected capacity change from 0 to 2048
[  510.087461][ T9171] can: request_module (can-proto-0) failed.
[  510.163089][ T9172] loop2: detected capacity change from 0 to 4096
[  510.303393][ T9178] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  510.396726][   T30] kauditd_printk_skb: 31 callbacks suppressed
[  510.396810][   T30] audit: type=1800 audit(1768721143.275:74): pid=9178 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1035" name="bus" dev="loop1" ino=18 res=0 errno=0
[  510.733972][ T5801] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  510.934280][ T9190] delete_channel: no stack
[  511.244184][ T9194] xt_hashlimit: size too large, truncated to 1048576
[  512.847921][ T9212] loop4: detected capacity change from 0 to 1024
[  512.936309][ T9212] EXT4-fs (loop4): failed to initialize system zone (-117)
[  512.988265][ T9212] EXT4-fs (loop4): mount failed
[  513.450937][ T9213] loop0: detected capacity change from 0 to 4096
[  514.483509][ T9226] loop4: detected capacity change from 0 to 32768
[  514.493136][ T9226] btrfs: Deprecated parameter 'usebackuproot'
[  514.503098][ T9226] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  514.550699][ T9226] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.1050 (9226)
[  514.576554][ T9226] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  514.588670][ T9226] BTRFS info (device loop4): using crc32c (crc32c-lib) checksum algorithm
[  514.609125][ T9230] loop2: detected capacity change from 0 to 4096
[  514.775972][ T3489] BTRFS warning (device loop4): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  514.790639][ T9226] BTRFS error (device loop4): failed to load root extent
[  514.798123][ T9226] BTRFS warning (device loop4): try to load backup roots slot 1
[  514.896502][ T3489] BTRFS warning (device loop4): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  514.913293][ T9226] BTRFS warning (device loop4): couldn't read tree root
[  514.921309][ T9226] BTRFS warning (device loop4): try to load backup roots slot 2
[  514.984943][ T3489] BTRFS error (device loop4): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  514.996416][ T9226] BTRFS warning (device loop4): couldn't read tree root
[  515.003896][ T9226] BTRFS warning (device loop4): try to load backup roots slot 3
[  515.063665][ T9226] BTRFS info (device loop4): rebuilding free space tree
[  515.097720][ T9226] BTRFS info (device loop4): checking UUID tree
[  515.116689][ T9226] BTRFS info (device loop4): enabling ssd optimizations
[  515.124561][ T9226] BTRFS info (device loop4): turning off barriers
[  515.131784][ T9226] BTRFS info (device loop4): turning on sync discard
[  515.138947][ T9226] BTRFS info (device loop4): enabling free space tree
[  515.146281][ T9226] BTRFS info (device loop4): force clearing of disk cache
[  515.153905][ T9226] BTRFS info (device loop4): enabling auto defrag
[  515.160804][ T9226] BTRFS info (device loop4): trying to use backup root at mount time
[  515.169351][ T9226] BTRFS info (device loop4): use zstd compression, level 3
[  515.600832][ T5814] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  516.560307][ T9260] loop2: detected capacity change from 0 to 32768
[  516.570196][ T9260] btrfs: Deprecated parameter 'usebackuproot'
[  516.576593][ T9260] BTRFS warning: 'usebackuproot' is deprecated, use 'rescue=usebackuproot' instead
[  516.621540][ T9260] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.1057 (9260)
[  516.651589][ T9260] BTRFS info (device loop2): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  516.662278][ T9260] BTRFS info (device loop2): using crc32c (crc32c-lib) checksum algorithm
[  517.023208][ T3633] BTRFS warning (device loop2): checksum verify failed on logical 5337088 mirror 1 wanted 0xe63dbdda found 0xc926492d level 0
[  517.037638][ T9260] BTRFS error (device loop2): failed to load root extent
[  517.045048][ T9260] BTRFS warning (device loop2): try to load backup roots slot 1
[  517.137058][ T3633] BTRFS warning (device loop2): checksum verify failed on logical 5324800 mirror 1 wanted 0x9f73850b found 0x80379423 level 0
[  517.151348][ T9260] BTRFS warning (device loop2): couldn't read tree root
[  517.164635][ T9260] BTRFS warning (device loop2): try to load backup roots slot 2
[  517.248281][ T3633] BTRFS error (device loop2): level verify failed on logical 5255168 mirror 1 wanted 0 found 1
[  517.259654][ T9260] BTRFS warning (device loop2): couldn't read tree root
[  517.271195][ T9260] BTRFS warning (device loop2): try to load backup roots slot 3
[  517.505151][ T9260] BTRFS info (device loop2): rebuilding free space tree
[  517.602616][ T9260] BTRFS info (device loop2): checking UUID tree
[  517.615769][ T9260] BTRFS info (device loop2): enabling ssd optimizations
[  517.623314][ T9260] BTRFS info (device loop2): turning off barriers
[  517.630502][ T9260] BTRFS info (device loop2): turning on sync discard
[  517.637676][ T9260] BTRFS info (device loop2): enabling free space tree
[  517.644709][ T9260] BTRFS info (device loop2): force clearing of disk cache
[  517.652217][ T9260] BTRFS info (device loop2): enabling auto defrag
[  517.659016][ T9260] BTRFS info (device loop2): trying to use backup root at mount time
[  517.667796][ T9260] BTRFS info (device loop2): use zstd compression, level 3
[  517.788123][ T9278] loop1: detected capacity change from 0 to 32768
[  517.901535][ T9278] find_entry called with index >= next_index
[  517.908114][ T9278] find_entry called with index >= next_index
[  517.914454][ T9278] find_entry called with index >= next_index
[  517.921042][ T9278] find_entry called with index >= next_index
[  517.927583][ T9278] find_entry called with index >= next_index
[  517.934560][ T9278] add_index: next_index = 0.  Resetting!
[  517.940795][ T9278] find_entry called with index >= next_index
[  517.946970][ T9278] find_entry called with index >= next_index
[  517.953392][ T9278] find_entry called with index >= next_index
[  517.959882][ T9278] find_entry called with index >= next_index
[  517.966040][ T9278] find_entry called with index >= next_index
[  517.972359][ T9278] find_entry called with index >= next_index
[  518.001840][ T9292] loop0: detected capacity change from 0 to 128
[  518.012384][ T9293] find_entry called with index >= next_index
[  518.019050][ T9293] find_entry called with index >= next_index
[  518.026606][ T9278] find_entry called with index >= next_index
[  518.033236][ T9278] find_entry called with index >= next_index
[  518.180997][ T9278] overlayfs: upper fs needs to support d_type.
[  518.194501][ T9278] overlayfs: upper fs does not support tmpfile.
[  518.203839][ T9278] overlayfs: upper fs does not support RENAME_WHITEOUT.
[  518.412209][ T6045] BTRFS info (device loop2): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  518.444736][ T5801] non-latin1 character 0x3ff found in JFS file name
[  518.455748][ T5801] mount with iocharset=utf8 to access
[  518.574606][ T5801] read_mapping_page failed!
[  518.579820][ T5801] ERROR: (device loop1): txAbort: 
[  518.579820][ T5801] 
[  518.676530][ T5801] ERROR: (device loop1): remounting filesystem as read-only
[  519.594403][ T9295] loop3: detected capacity change from 0 to 32768
[  519.703953][ T4546] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  519.763304][ T9295] JBD2: Ignoring recovery information on journal
[  519.890157][ T4546] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  519.921685][ T9295] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  519.984841][ T9295] grow_buffers: requested out-of-range block 8526360052292911102 for device loop3
[  519.995811][ T9295] (syz.3.1068,9295,0):ocfs2_read_blocks_sync:112 ERROR: status = -12
[  520.004736][ T9295] (syz.3.1068,9295,0):ocfs2_group_add:503 ERROR: Can't read the group descriptor # 8526360052292911102 from the device.
[  520.163510][ T4546] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  520.248578][ T5808] ocfs2: Unmounting device (7,3) on (node local)
[  520.405232][ T4546] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  520.535740][ T7551] syz_tun (unregistering): left allmulticast mode
[  521.017869][ T4546] bridge_slave_1: left allmulticast mode
[  521.023779][ T4546] bridge_slave_1: left promiscuous mode
[  521.031041][ T4546] bridge0: port 2(bridge_slave_1) entered disabled state
[  521.075946][ T4546] bridge_slave_0: left allmulticast mode
[  521.082334][ T4546] bridge_slave_0: left promiscuous mode
[  521.089178][ T4546] bridge0: port 1(bridge_slave_0) entered disabled state
[  522.099714][ T4546] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  522.145829][ T4546] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  522.186459][ T4546] bond0 (unregistering): Released all slaves
[  522.351251][ T4546] tipc: Left network mode
[  522.769665][ T4546] hsr_slave_0: left promiscuous mode
[  522.810176][ T4546] hsr_slave_1: left promiscuous mode
[  522.823175][ T4546] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  522.831323][ T4546] batman_adv: batadv0: Removing interface: batadv_slave_0
[  522.875172][ T4546] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  522.883128][ T4546] batman_adv: batadv0: Removing interface: batadv_slave_1
[  522.924772][ T5804] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  522.936331][ T4546] veth1_macvtap: left promiscuous mode
[  522.942401][ T4546] veth0_macvtap: left promiscuous mode
[  522.948601][ T4546] veth1_vlan: left promiscuous mode
[  522.954314][ T4546] veth0_vlan: left promiscuous mode
[  522.962764][ T5804] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  523.128236][ T5804] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  523.154012][ T5804] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  523.166229][ T5804] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  523.801993][ T4546] team0 (unregistering): Port device team_slave_1 removed
[  523.897968][ T4546] team0 (unregistering): Port device team_slave_0 removed
[  524.285292][ T9313] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1075'.
[  524.295176][ T9313] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1075'.
[  524.357741][ T9321] loop4: detected capacity change from 0 to 8
[  524.408949][ T9321] overlayfs: fs on './file0/../file0' does not support file handles, falling back to index=off,nfs_export=off.
[  524.473177][ T9321] SQUASHFS error: Failed to read block 0x4e8: -5
[  524.598341][ T5804] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  524.608740][ T5804] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  524.621323][ T5804] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  524.662820][ T9313] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1075'.
[  524.673493][ T9313] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1075'.
[  524.721896][ T4546] IPVS: stop unused estimator thread 0...
[  524.866050][ T5804] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  524.898162][ T5804] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  525.009878][ T4546] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  525.134210][ T4546] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  525.229246][   T50] Bluetooth: hci1: command tx timeout
[  525.465148][ T4546] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  525.690271][ T4546] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  526.924486][ T4546] dvmrp8 (unregistering): left allmulticast mode
[  527.018839][ T4546] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  527.040358][ T4546] bond0 (unregistering): Released all slaves
[  527.068052][ T4546] bond1 (unregistering): Released all slaves
[  527.087366][   T50] Bluetooth: hci3: command tx timeout
[  527.163448][ T9322] chnl_net:caif_netlink_parms(): no params data found
[  527.248113][ T9355] loop3: detected capacity change from 0 to 4096
[  527.314122][   T50] Bluetooth: hci1: command tx timeout
[  527.354216][ T9355] ntfs3(loop3): Different NTFS sector size (1024) and media sector size (512).
[  527.474187][ T9309] chnl_net:caif_netlink_parms(): no params data found
[  527.667594][ T9355] ntfs3(loop3): ino=0, attr_set_size
[  527.703590][ T9355] ntfs3(loop3): ino=0, attr_set_size
[  527.757562][ T9361] trusted_key: syz.4.1090 sent an empty control message without MSG_MORE.
[  527.771241][ T9363] ntfs3(loop3): ino=0, attr_set_size
[  527.957455][ T4546] hsr_slave_0: left promiscuous mode
[  527.976261][ T4546] hsr_slave_1: left promiscuous mode
[  527.988601][ T4546] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  527.996319][ T4546] batman_adv: batadv0: Removing interface: batadv_slave_0
[  528.060306][ T4546] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  528.068624][ T4546] batman_adv: batadv0: Removing interface: batadv_slave_1
[  528.187078][ T4546] veth1_macvtap: left promiscuous mode
[  528.194093][ T4546] veth0_macvtap: left promiscuous mode
[  528.200336][ T4546] veth1_vlan: left promiscuous mode
[  528.205918][ T4546] veth0_vlan: left promiscuous mode
[  529.149172][   T50] Bluetooth: hci3: command tx timeout
[  529.388146][   T50] Bluetooth: hci1: command tx timeout
[  529.470742][ T9372] loop2: detected capacity change from 0 to 32768
[  529.544068][ T9372] (syz.2.1094,9372,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  529.584410][ T9372] (syz.2.1094,9372,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  529.771213][ T4546] team0 (unregistering): Port device team_slave_1 removed
[  529.829764][ T9372] JBD2: Ignoring recovery information on journal
[  529.969218][ T4546] team0 (unregistering): Port device team_slave_0 removed
[  530.284785][ T9372] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  530.733147][ T6045] ocfs2: Unmounting device (7,2) on (node local)
[  530.962947][ T9322] bridge0: port 1(bridge_slave_0) entered blocking state
[  530.970782][ T9322] bridge0: port 1(bridge_slave_0) entered disabled state
[  530.978786][ T9322] bridge_slave_0: entered allmulticast mode
[  530.999009][ T9322] bridge_slave_0: entered promiscuous mode
[  531.078228][ T4546] IPVS: stop unused estimator thread 0...
[  531.179202][ T9322] bridge0: port 2(bridge_slave_1) entered blocking state
[  531.190220][ T9322] bridge0: port 2(bridge_slave_1) entered disabled state
[  531.198800][ T9322] bridge_slave_1: entered allmulticast mode
[  531.208923][ T9322] bridge_slave_1: entered promiscuous mode
[  531.231277][   T50] Bluetooth: hci3: command tx timeout
[  531.425929][ T9309] bridge0: port 1(bridge_slave_0) entered blocking state
[  531.433998][ T9309] bridge0: port 1(bridge_slave_0) entered disabled state
[  531.447900][ T9309] bridge_slave_0: entered allmulticast mode
[  531.458000][ T9309] bridge_slave_0: entered promiscuous mode
[  531.497390][   T50] Bluetooth: hci1: command tx timeout
[  531.534302][ T9309] bridge0: port 2(bridge_slave_1) entered blocking state
[  531.542182][ T9309] bridge0: port 2(bridge_slave_1) entered disabled state
[  531.550227][ T9309] bridge_slave_1: entered allmulticast mode
[  531.560030][ T9309] bridge_slave_1: entered promiscuous mode
[  531.587116][ T9322] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  531.612699][ T9322] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  531.921988][ T9309] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  532.017390][ T9322] team0: Port device team_slave_0 added
[  532.062649][ T9322] team0: Port device team_slave_1 added
[  532.956610][ T9401] loop4: detected capacity change from 0 to 40427
[  532.970061][ T9401] F2FS-fs (loop4): Invalid log blocks per segment (1)
[  532.977630][ T9401] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  532.986908][ T9401] F2FS-fs (loop4): Image doesn't support compression
[  532.994151][ T9401] F2FS-fs (loop4): build fault injection rate: 690
[  533.001319][ T9401] F2FS-fs (loop4): build fault injection type: 0x35f7
[  533.045244][ T9401] F2FS-fs (loop4): invalid crc value
[  533.308210][   T50] Bluetooth: hci3: command tx timeout
[  533.315660][ T9405] loop3: detected capacity change from 0 to 40427
[  533.325545][ T9405] f2fs: Bad value for 'alloc_mode'
[  533.350431][ T9401] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  533.363361][ T9401] F2FS-fs (loop4): Start checkpoint disabled!
[  533.378525][ T9401] F2FS-fs (loop4): f2fs_disable_checkpoint() finish, err:0
[  533.543874][ T9410] netlink: 'syz.2.1104': attribute type 1 has an invalid length.
[  533.556830][ T9401] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  533.565564][ T9401] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e6
[  533.605233][ T9401] syz.4.1102: attempt to access beyond end of device
[  533.605233][ T9401] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  533.717767][ T9309] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  533.804186][   T58] kworker/u8:3: attempt to access beyond end of device
[  533.804186][   T58] loop4: rw=1, sector=45104, nr_sectors = 8 limit=40427
[  533.871184][   T58] kworker/u8:3: attempt to access beyond end of device
[  533.871184][   T58] loop4: rw=2049, sector=45112, nr_sectors = 8 limit=40427
[  533.885955][   T58] CPU: 0 UID: 0 PID: 58 Comm: kworker/u8:3 Tainted: G        W    L      syzkaller #0 PREEMPT(none) 
[  533.886161][   T58] Tainted: [W]=WARN, [L]=SOFTLOCKUP
[  533.886231][   T58] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  533.886346][   T58] Workqueue: writeback wb_workfn (flush-7:4)
[  533.886539][   T58] Call Trace:
[  533.886590][   T58]  <TASK>
[  533.886643][   T58]  __dump_stack+0x26/0x30
[  533.886811][   T58]  dump_stack_lvl+0x14c/0x1c0
[  533.886987][   T58]  dump_stack+0x1e/0x25
[  533.887146][   T58]  f2fs_handle_critical_error+0xa6f/0xc20
[  533.887385][   T58]  f2fs_stop_checkpoint+0x65/0x80
[  533.887583][   T58]  f2fs_write_end_io+0x101c/0x1bc0
[  533.887826][   T58]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  533.888040][   T58]  bio_endio+0xf96/0x10f0
[  533.888196][   T58]  submit_bio_noacct+0x2009/0x2930
[  533.888421][   T58]  submit_bio+0x57c/0x630
[  533.888583][   T58]  f2fs_submit_write_bio+0x92/0x250
[  533.888776][   T58]  __submit_merged_bio+0x16f/0x6a0
[  533.888956][   T58]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  533.889169][   T58]  __submit_merged_write_cond+0x44a/0x990
[  533.889385][   T58]  f2fs_write_data_pages+0x4cf3/0x57a0
[  533.889733][   T58]  ? f2fs_balance_fs_bg+0x11ee/0x1250
[  533.889906][   T58]  ? stack_depot_save_flags+0x35/0x790
[  533.890093][   T58]  ? kmsan_get_metadata+0xfb/0x160
[  533.890304][   T58]  ? kmsan_get_metadata+0xfb/0x160
[  533.890498][   T58]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  533.890714][   T58]  ? kmsan_get_metadata+0xfb/0x160
[  533.890913][   T58]  ? kmsan_get_metadata+0xfb/0x160
[  533.891110][   T58]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  533.891321][   T58]  ? kmsan_get_metadata+0xfb/0x160
[  533.891515][   T58]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  533.891716][   T58]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  533.891911][   T58]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  533.892109][   T58]  do_writepages+0x3f2/0x860
[  533.892263][   T58]  ? stack_depot_save_flags+0x35/0x790
[  533.892428][   T58]  ? kmsan_get_metadata+0xfb/0x160
[  533.892635][   T58]  ? kmsan_get_metadata+0xfb/0x160
[  533.892854][   T58]  ? kmsan_get_metadata+0xfb/0x160
[  533.893073][   T58]  __writeback_single_inode+0x101/0x1190
[  533.893267][   T58]  ? kmsan_get_metadata+0xfb/0x160
[  533.893479][   T58]  writeback_sb_inodes+0xb2d/0x1f10
[  533.893794][   T58]  wb_writeback+0x4ce/0xc00
[  533.893980][   T58]  ? queue_io+0x4c1/0x790
[  533.894154][   T58]  wb_workfn+0x397/0x1910
[  533.894302][   T58]  ? kmsan_get_metadata+0xfb/0x160
[  533.894524][   T58]  ? __pfx_wb_workfn+0x10/0x10
[  533.894660][   T58]  process_scheduled_works+0xb91/0x1d80
[  533.894934][   T58]  worker_thread+0xedf/0x1590
[  533.895129][   T58]  kthread+0xd5c/0xf00
[  533.895284][   T58]  ? __pfx_worker_thread+0x10/0x10
[  533.895454][   T58]  ? __pfx_kthread+0x10/0x10
[  533.895601][   T58]  ret_from_fork+0x208/0x710
[  533.895795][   T58]  ? __switch_to+0x53d/0x790
[  533.895959][   T58]  ? __pfx_kthread+0x10/0x10
[  533.896112][   T58]  ret_from_fork_asm+0x1a/0x30
[  533.896343][   T58]  </TASK>
[  534.198752][   T58] F2FS-fs (loop4): Stopped filesystem due to reason: 3
[  534.309475][ T9411] bond1: (slave veth3): Enslaving as an active interface with a down link
[  534.323301][ T9322] batman_adv: batadv0: Adding interface: batadv_slave_0
[  534.332283][ T9322] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  534.360618][ T9322] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  534.380762][ T9322] batman_adv: batadv0: Adding interface: batadv_slave_1
[  534.388171][ T9322] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  534.415514][ T9322] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  534.635582][ T9309] team0: Port device team_slave_0 added
[  534.664741][ T9309] team0: Port device team_slave_1 added
[  535.000790][ T9309] batman_adv: batadv0: Adding interface: batadv_slave_0
[  535.008476][ T9309] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  535.036412][ T9309] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  535.053810][ T9309] batman_adv: batadv0: Adding interface: batadv_slave_1
[  535.061450][ T9309] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  535.090192][ T9309] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  535.234562][ T9322] hsr_slave_0: entered promiscuous mode
[  535.245121][ T9322] hsr_slave_1: entered promiscuous mode
[  535.644355][ T9309] hsr_slave_0: entered promiscuous mode
[  535.657851][ T9309] hsr_slave_1: entered promiscuous mode
[  535.666857][ T9309] debugfs: 'hsr0' already exists in 'hsr'
[  535.673137][ T9309] Cannot create hsr debugfs directory
[  537.138053][ T5804] Bluetooth: hci2: command 0x0406 tx timeout
[  538.755588][ T9322] netdevsim netdevsim6 netdevsim0: renamed from eth0
[  538.818782][ T9322] netdevsim netdevsim6 netdevsim1: renamed from eth1
[  538.859567][ T9322] netdevsim netdevsim6 netdevsim2: renamed from eth2
[  538.917954][ T9309] netdevsim netdevsim5 netdevsim0: renamed from eth0
[  538.953763][ T9322] netdevsim netdevsim6 netdevsim3: renamed from eth3
[  538.997913][ T9309] netdevsim netdevsim5 netdevsim1: renamed from eth1
[  539.118863][ T9309] netdevsim netdevsim5 netdevsim2: renamed from eth2
[  539.198881][ T9309] netdevsim netdevsim5 netdevsim3: renamed from eth3
[  539.227427][ T5097] Bluetooth: hci2: command 0x0406 tx timeout
[  539.957901][ T9322] 8021q: adding VLAN 0 to HW filter on device bond0
[  540.111910][ T9322] 8021q: adding VLAN 0 to HW filter on device team0
[  540.225656][ T9471] bridge0: port 1(bridge_slave_0) entered blocking state
[  540.233425][ T9471] bridge0: port 1(bridge_slave_0) entered forwarding state
[  540.324549][ T9471] bridge0: port 2(bridge_slave_1) entered blocking state
[  540.332243][ T9471] bridge0: port 2(bridge_slave_1) entered forwarding state
[  540.719457][ T9309] 8021q: adding VLAN 0 to HW filter on device bond0
[  540.948444][ T9309] 8021q: adding VLAN 0 to HW filter on device team0
[  540.983965][ T3633] bridge0: port 1(bridge_slave_0) entered blocking state
[  540.991797][ T3633] bridge0: port 1(bridge_slave_0) entered forwarding state
[  541.096984][ T3633] bridge0: port 2(bridge_slave_1) entered blocking state
[  541.104616][ T3633] bridge0: port 2(bridge_slave_1) entered forwarding state
[  541.176368][ T9515] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1117'.
[  541.371918][ T9508] loop3: detected capacity change from 0 to 4096
[  542.291598][ T1288] ieee802154 phy0 wpan0: encryption failed: -22
[  542.298934][ T1288] ieee802154 phy1 wpan1: encryption failed: -22
[  542.481535][ T9322] 8021q: adding VLAN 0 to HW filter on device batadv0
[  543.070433][ T9309] 8021q: adding VLAN 0 to HW filter on device batadv0
[  543.271565][ T9526] loop4: detected capacity change from 0 to 40427
[  543.289230][ T9526] F2FS-fs (loop4): build fault injection rate: 14
[  543.295921][ T9526] F2FS-fs (loop4): build fault injection type: 0x3bfe8c
[  543.309133][ T9526] F2FS-fs (loop4): invalid crc value
[  543.353425][    C1] F2FS-fs (loop4): inject read IO error in f2fs_read_end_io of bio_endio+0xf96/0x10f0
[  543.390733][    C0] F2FS-fs (loop4): inject read IO error in f2fs_read_end_io of bio_endio+0xf96/0x10f0
[  543.676361][ T9526] F2FS-fs (loop4): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  543.686973][ T9526] F2FS-fs (loop4): inject page alloc in f2fs_grab_cache_folio of f2fs_get_tmp_folio+0x38/0x50
[  543.706216][ T9526] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  543.796862][ T9526] F2FS-fs (loop4): inject no more block in inc_valid_node_count of f2fs_new_node_folio+0x66f/0x19b0
[  543.825982][ T9526] F2FS-fs (loop4): inject slab alloc in f2fs_kmem_cache_alloc of f2fs_new_node_folio+0x702/0x19b0
[  543.839281][ T9526] F2FS-fs (loop4): inject checkpoint error in f2fs_balance_fs of f2fs_write_single_data_page+0x22ff/0x2910
[  543.851222][ T9526] syz.4.1121: attempt to access beyond end of device
[  543.851222][ T9526] loop4: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  543.865950][ T9526] CPU: 0 UID: 0 PID: 9526 Comm: syz.4.1121 Tainted: G        W    L      syzkaller #0 PREEMPT(none) 
[  543.866149][ T9526] Tainted: [W]=WARN, [L]=SOFTLOCKUP
[  543.866222][ T9526] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  543.866321][ T9526] Call Trace:
[  543.866374][ T9526]  <TASK>
[  543.866429][ T9526]  __dump_stack+0x26/0x30
[  543.866608][ T9526]  dump_stack_lvl+0x14c/0x1c0
[  543.866794][ T9526]  dump_stack+0x1e/0x25
[  543.866964][ T9526]  f2fs_handle_critical_error+0xa6f/0xc20
[  543.867206][ T9526]  f2fs_stop_checkpoint+0x65/0x80
[  543.867420][ T9526]  f2fs_balance_fs+0x703/0x950
[  543.867594][ T9526]  ? f2fs_write_single_data_page+0x22ff/0x2910
[  543.867797][ T9526]  ? kmsan_get_metadata+0xfb/0x160
[  543.868010][ T9526]  f2fs_write_single_data_page+0x22ff/0x2910
[  543.868310][ T9526]  f2fs_write_data_pages+0x3451/0x57a0
[  543.868690][ T9526]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  543.868917][ T9526]  ? xas_load+0xcda/0xd70
[  543.869105][ T9526]  ? kmsan_internal_set_shadow_origin+0x7a/0x110
[  543.869298][ T9526]  ? kmsan_get_metadata+0xfb/0x160
[  543.869516][ T9526]  ? kmsan_get_metadata+0xfb/0x160
[  543.869719][ T9526]  ? kmsan_get_metadata+0xfb/0x160
[  543.869933][ T9526]  ? kmsan_internal_set_shadow_origin+0x7a/0x110
[  543.870135][ T9526]  ? kmsan_get_metadata+0xfb/0x160
[  543.870345][ T9526]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  543.870553][ T9526]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  543.870762][ T9526]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  543.870966][ T9526]  do_writepages+0x3f2/0x860
[  543.871122][ T9526]  ? _raw_spin_unlock+0x30/0x50
[  543.871295][ T9526]  ? wbc_attach_and_unlock_inode+0x131/0x680
[  543.871557][ T9526]  filemap_write_and_wait_range+0x5bb/0x840
[  543.871826][ T9526]  ? kmsan_get_metadata+0xfb/0x160
[  543.872054][ T9526]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  543.872279][ T9526]  f2fs_symlink+0xc38/0xfc0
[  543.872531][ T9526]  ? __pfx_f2fs_symlink+0x10/0x10
[  543.872735][ T9526]  vfs_symlink+0x42f/0x4c0
[  543.872935][ T9526]  do_symlinkat+0x2ae/0xbb0
[  543.873158][ T9526]  __x64_sys_symlinkat+0xf5/0x180
[  543.873379][ T9526]  x64_sys_call+0x342f/0x3e70
[  543.873574][ T9526]  do_syscall_64+0xd3/0xf80
[  543.873775][ T9526]  ? clear_bhb_loop+0x40/0x90
[  543.873945][ T9526]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  543.874108][ T9526] RIP: 0033:0x7f2ad158f749
[  543.874216][ T9526] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  543.874356][ T9526] RSP: 002b:00007f2ad239d038 EFLAGS: 00000246 ORIG_RAX: 000000000000010a
[  543.874491][ T9526] RAX: ffffffffffffffda RBX: 00007f2ad17e5fa0 RCX: 00007f2ad158f749
[  543.874596][ T9526] RDX: 0000200000000040 RSI: ffffffffffffff9c RDI: 0000200000001040
[  543.874700][ T9526] RBP: 00007f2ad1613f91 R08: 0000000000000000 R09: 0000000000000000
[  543.874791][ T9526] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  543.874880][ T9526] R13: 00007f2ad17e6038 R14: 00007f2ad17e5fa0 R15: 00007fff222e61e8
[  543.875031][ T9526]  </TASK>
[  544.179630][ T9526] F2FS-fs (loop4): Stopped filesystem due to reason: 1
[  545.143851][ T9322] veth0_vlan: entered promiscuous mode
[  545.338981][ T9322] veth1_vlan: entered promiscuous mode
[  545.572682][ T9322] veth0_macvtap: entered promiscuous mode
[  545.740847][ T9322] veth1_macvtap: entered promiscuous mode
[  545.879935][ T9309] veth0_vlan: entered promiscuous mode
[  545.893342][ T9322] batman_adv: batadv0: Interface activated: batadv_slave_0
[  545.960789][ T9322] batman_adv: batadv0: Interface activated: batadv_slave_1
[  546.039293][ T9309] veth1_vlan: entered promiscuous mode
[  546.088119][ T9469] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  546.109505][ T9469] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  546.162606][ T9469] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  546.204914][ T9469] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  546.442623][ T9309] veth0_macvtap: entered promiscuous mode
[  546.502534][ T9309] veth1_macvtap: entered promiscuous mode
[  546.719098][ T9309] batman_adv: batadv0: Interface activated: batadv_slave_0
[  546.801297][ T9309] batman_adv: batadv0: Interface activated: batadv_slave_1
[  546.927927][ T9469] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  546.976712][ T9469] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  547.031324][ T9469] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  547.071674][ T9469] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  547.720373][ T9574] loop4: detected capacity change from 0 to 1024
[  547.737711][ T9574] EXT4-fs: Ignoring removed nomblk_io_submit option
[  547.784210][ T9574] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  547.814834][ T9574] System zones: 0-1, 3-36
[  547.839566][ T9574] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  547.936896][ T9574] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  548.558195][ T9584] loop4: detected capacity change from 0 to 2048
[  548.648163][ T9584] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  549.428543][ T5855] IPVS: starting estimator thread 0...
[  549.527673][ T9601] IPVS: using max 192 ests per chain, 9600 per kthread
[  549.630053][ T9604] overlayfs: conflicting lowerdir path
[  551.095289][ T9632] batman_adv: batadv0: Adding interface: dummy0
[  551.102247][ T9632] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem.
[  551.128173][ T9632] batman_adv: batadv0: Interface activated: dummy0
[  552.142893][ T9630] loop3: detected capacity change from 0 to 40427
[  552.178919][ T9630] F2FS-fs (loop3): Magic Mismatch, valid(0xf2f52010) - read(0x1f52010)
[  552.194797][ T9630] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[  552.203396][ T9630] F2FS-fs (loop3): Image doesn't support compression
[  552.210446][ T9630] F2FS-fs (loop3): build fault injection type: 0x4
[  552.232995][ T9630] F2FS-fs (loop3): invalid crc value
[  552.538011][ T9630] F2FS-fs (loop3): f2fs_recover_fsync_data: recovery fsync data, check_only: 0
[  552.550191][ T9630] F2FS-fs (loop3): Start checkpoint disabled!
[  552.560489][ T9630] F2FS-fs (loop3): f2fs_disable_checkpoint() finish, err:0
[  552.574710][ T9630] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[  552.582253][ T9630] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  552.757065][ T3489] kworker/u8:13: attempt to access beyond end of device
[  552.757065][ T3489] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  552.772238][ T3489] CPU: 0 UID: 0 PID: 3489 Comm: kworker/u8:13 Tainted: G        W    L      syzkaller #0 PREEMPT(none) 
[  552.772442][ T3489] Tainted: [W]=WARN, [L]=SOFTLOCKUP
[  552.772500][ T3489] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  552.772611][ T3489] Workqueue: writeback wb_workfn (flush-7:3)
[  552.772787][ T3489] Call Trace:
[  552.772841][ T3489]  <TASK>
[  552.772891][ T3489]  __dump_stack+0x26/0x30
[  552.773059][ T3489]  dump_stack_lvl+0x14c/0x1c0
[  552.773237][ T3489]  dump_stack+0x1e/0x25
[  552.773401][ T3489]  f2fs_handle_critical_error+0xa6f/0xc20
[  552.773634][ T3489]  f2fs_stop_checkpoint+0x65/0x80
[  552.773829][ T3489]  f2fs_write_end_io+0x101c/0x1bc0
[  552.774074][ T3489]  ? __pfx_f2fs_write_end_io+0x10/0x10
[  552.774269][ T3489]  bio_endio+0xf96/0x10f0
[  552.774428][ T3489]  submit_bio_noacct+0x2009/0x2930
[  552.774646][ T3489]  submit_bio+0x57c/0x630
[  552.774810][ T3489]  f2fs_submit_write_bio+0x92/0x250
[  552.775002][ T3489]  __submit_merged_bio+0x16f/0x6a0
[  552.775184][ T3489]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  552.775408][ T3489]  __submit_merged_write_cond+0x44a/0x990
[  552.775617][ T3489]  f2fs_write_data_pages+0x4cf3/0x57a0
[  552.775968][ T3489]  ? kmsan_get_metadata+0xfb/0x160
[  552.776163][ T3489]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  552.776373][ T3489]  ? kmsan_get_metadata+0xfb/0x160
[  552.776575][ T3489]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  552.776775][ T3489]  ? kmsan_get_metadata+0xfb/0x160
[  552.776965][ T3489]  ? kmsan_get_metadata+0xfb/0x160
[  552.777163][ T3489]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  552.777367][ T3489]  ? kmsan_get_metadata+0xfb/0x160
[  552.777559][ T3489]  ? kmsan_get_metadata+0xfb/0x160
[  552.777751][ T3489]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  552.777949][ T3489]  ? kmsan_get_metadata+0xfb/0x160
[  552.778136][ T3489]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  552.778341][ T3489]  ? kmsan_get_metadata+0xfb/0x160
[  552.778536][ T3489]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  552.778736][ T3489]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  552.778934][ T3489]  ? __pfx_f2fs_write_data_pages+0x10/0x10
[  552.779125][ T3489]  do_writepages+0x3f2/0x860
[  552.779273][ T3489]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  552.779477][ T3489]  ? kmsan_get_metadata+0xfb/0x160
[  552.779669][ T3489]  ? kmsan_get_metadata+0xfb/0x160
[  552.779883][ T3489]  __writeback_single_inode+0x101/0x1190
[  552.780062][ T3489]  ? kmsan_get_metadata+0xfb/0x160
[  552.780278][ T3489]  writeback_sb_inodes+0xb2d/0x1f10
[  552.780551][ T3489]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  552.780783][ T3489]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  552.780991][ T3489]  wb_writeback+0x4ce/0xc00
[  552.781176][ T3489]  ? queue_io+0x4c1/0x790
[  552.781357][ T3489]  wb_workfn+0x397/0x1910
[  552.781500][ T3489]  ? kmsan_get_metadata+0xfb/0x160
[  552.781723][ T3489]  ? __pfx_wb_workfn+0x10/0x10
[  552.781860][ T3489]  process_scheduled_works+0xb91/0x1d80
[  552.782132][ T3489]  worker_thread+0xedf/0x1590
[  552.782317][ T3489]  kthread+0xd5c/0xf00
[  552.782459][ T3489]  ? __pfx_worker_thread+0x10/0x10
[  552.782623][ T3489]  ? __pfx_kthread+0x10/0x10
[  552.782769][ T3489]  ret_from_fork+0x208/0x710
[  552.782956][ T3489]  ? __switch_to+0x53d/0x790
[  552.783122][ T3489]  ? __pfx_kthread+0x10/0x10
[  552.783284][ T3489]  ret_from_fork_asm+0x1a/0x30
[  552.783508][ T3489]  </TASK>
[  552.882256][ T3489] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  553.517514][ T3972] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  553.525777][ T3972] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  553.578117][ T3489] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  553.586285][ T3489] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  553.663722][ T9464] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  553.672099][ T9464] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  553.729721][ T9471] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  553.738994][ T9471] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  554.643622][ T9662] netlink: 'syz.6.1078': attribute type 1 has an invalid length.
[  554.942218][ T9662] =====================================================
[  554.954427][ T9662] BUG: KMSAN: kernel-infoleak-after-free in _copy_to_user+0xcc/0x120
[  554.964143][ T9662]  _copy_to_user+0xcc/0x120
[  554.969216][ T9662]  copy_siginfo_to_user+0x3f/0x140
[  554.974633][ T9662]  x64_setup_rt_frame+0x1392/0x2590
[  554.981526][ T9662]  arch_do_signal_or_restart+0x63c/0xc00
[  554.987607][ T9662]  exit_to_user_mode_loop+0x118/0x1b70
[  554.993421][ T9662]  do_syscall_64+0x1e1/0xf80
[  554.998486][ T9662]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  555.004611][ T9662] 
[  555.007049][ T9662] Uninit was stored to memory at:
[  555.012955][ T9662]  __dequeue_signal+0x4d6/0x970
[  555.018318][ T9662]  dequeue_signal+0x1c0/0x840
[  555.023246][ T9662]  get_signal+0xbf6/0x2a20
[  555.028054][ T9662]  arch_do_signal_or_restart+0x53/0xc00
[  555.033846][ T9662]  exit_to_user_mode_loop+0x118/0x1b70
[  555.039809][ T9662]  do_syscall_64+0x1e1/0xf80
[  555.044736][ T9662]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  555.055704][ T9662] 
[  555.060063][ T9662] Uninit was created at:
[  555.064589][ T9662]  kmem_cache_free+0x2c9/0x13c0
[  555.072693][ T9662]  __sigqueue_free+0x23a/0x270
[  555.079277][ T9662]  __dequeue_signal+0x66b/0x970
[  555.084403][ T9662]  dequeue_signal+0x1c0/0x840
[  555.089528][ T9662]  get_signal+0xbf6/0x2a20
[  555.094117][ T9662]  arch_do_signal_or_restart+0x53/0xc00
[  555.100325][ T9662]  exit_to_user_mode_loop+0x118/0x1b70
[  555.106132][ T9662]  do_syscall_64+0x1e1/0xf80
[  555.111169][ T9662]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  555.117433][ T9662] 
[  555.119861][ T9662] Bytes 12-15 of 48 are uninitialized
[  555.125367][ T9662] Memory access of size 48 starts at ffff88812dfafd10
[  555.132479][ T9662] Data copied to user address 00007ffb17c50bb0
[  555.138952][ T9662] 
[  555.141418][ T9662] CPU: 0 UID: 0 PID: 9662 Comm: syz.6.1078 Tainted: G        W    L      syzkaller #0 PREEMPT(none) 
[  555.157601][ T9662] Tainted: [W]=WARN, [L]=SOFTLOCKUP
[  555.163042][ T9662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  555.176468][ T9662] =====================================================
[  555.183715][ T9662] Disabling lock debugging due to kernel taint
[  555.190306][ T9662] Kernel panic - not syncing: kmsan.panic set ...
[  555.197189][ T9662] CPU: 0 UID: 0 PID: 9662 Comm: syz.6.1078 Tainted: G    B   W    L      syzkaller #0 PREEMPT(none) 
[  555.208308][ T9662] Tainted: [B]=BAD_PAGE, [W]=WARN, [L]=SOFTLOCKUP
[  555.214844][ T9662] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025
[  555.225119][ T9662] Call Trace:
[  555.228501][ T9662]  <TASK>
[  555.231534][ T9662]  __dump_stack+0x26/0x30
[  555.236057][ T9662]  dump_stack_lvl+0x50/0x1c0
[  555.240834][ T9662]  ? dump_stack+0x12/0x25
[  555.245445][ T9662]  dump_stack+0x1e/0x25
[  555.249779][ T9662]  vpanic+0x435/0xd30
[  555.253989][ T9662]  panic+0x15d/0x160
[  555.258159][ T9662]  kmsan_report+0x31c/0x320
[  555.262918][ T9662]  ? kmsan_internal_check_memory+0x16c/0x230
[  555.269095][ T9662]  ? kmsan_copy_to_user+0xf1/0x190
[  555.274421][ T9662]  ? _copy_to_user+0xcc/0x120
[  555.279314][ T9662]  ? copy_siginfo_to_user+0x3f/0x140
[  555.284792][ T9662]  ? x64_setup_rt_frame+0x1392/0x2590
[  555.290369][ T9662]  ? arch_do_signal_or_restart+0x63c/0xc00
[  555.296390][ T9662]  ? exit_to_user_mode_loop+0x118/0x1b70
[  555.302331][ T9662]  ? do_syscall_64+0x1e1/0xf80
[  555.307321][ T9662]  ? entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  555.313593][ T9662]  ? kmsan_get_metadata+0xfb/0x160
[  555.318925][ T9662]  ? kmsan_internal_check_memory+0x9c/0x230
[  555.325145][ T9662]  ? copy_fpstate_to_sigframe+0x126f/0x13d0
[  555.331367][ T9662]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  555.337672][ T9662]  ? kmsan_get_metadata+0xfb/0x160
[  555.343058][ T9662]  ? kmsan_get_metadata+0xfb/0x160
[  555.348394][ T9662]  ? kmsan_get_shadow_origin_ptr+0x4a/0xb0
[  555.354433][ T9662]  kmsan_internal_check_memory+0x16c/0x230
[  555.360763][ T9662]  kmsan_copy_to_user+0xf1/0x190
[  555.366117][ T9662]  _copy_to_user+0xcc/0x120
[  555.371044][ T9662]  copy_siginfo_to_user+0x3f/0x140
[  555.376413][ T9662]  x64_setup_rt_frame+0x1392/0x2590
[  555.381881][ T9662]  arch_do_signal_or_restart+0x63c/0xc00
[  555.387782][ T9662]  exit_to_user_mode_loop+0x118/0x1b70
[  555.393567][ T9662]  ? __x64_sys_sendmsg+0x333/0x3e0
[  555.398959][ T9662]  do_syscall_64+0x1e1/0xf80
[  555.403805][ T9662]  ? clear_bhb_loop+0x40/0x90
[  555.408677][ T9662]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  555.414856][ T9662] RIP: 0033:0x7ffb16d8f749
[  555.419539][ T9662] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  555.439354][ T9662] RSP: 002b:00007ffb17c51038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  555.448088][ T9662] RAX: 000000000000004c RBX: 00007ffb16fe5fa0 RCX: 00007ffb16d8f749
[  555.456238][ T9662] RDX: 0000000000000804 RSI: 00002000000000c0 RDI: 0000000000000005
[  555.464372][ T9662] RBP: 00007ffb16e13f91 R08: 0000000000000000 R09: 0000000000000000
[  555.472489][ T9662] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  555.480602][ T9662] R13: 00007ffb16fe6038 R14: 00007ffb16fe5fa0 R15: 00007fff31e038d8
[  555.488768][ T9662]  </TASK>
[  555.492705][ T9662] Kernel Offset: disabled
[  555.497108][ T9662] Rebooting in 86400 seconds..