last executing test programs:

3.655637282s ago: executing program 2 (id=551):
syz_io_uring_setup(0xbd7, &(0x7f0000000040)={0x0, 0xe14f, 0x8, 0x1, 0x4000032f}, &(0x7f0000000000), 0x0, &(0x7f0000000000))
r0 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1)
ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000000)=0xffb)

3.132708467s ago: executing program 3 (id=553):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd(0x8c66)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000240)={0x27800000000, 0x0, 0x1, r2, 0x1})
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x27800000000, 0x0, 0x1, r2})

3.129635878s ago: executing program 2 (id=561):
syz_mount_image$exfat(&(0x7f0000002bc0), &(0x7f0000000080)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x10000, &(0x7f00000003c0)={[{@uid={'uid', 0x3d, 0xee00}}, {@dmask={'dmask', 0x3d, 0x6}}, {@time_offset}, {@iocharset={'iocharset', 0x3d, 'cp737'}}, {@fmask={'fmask', 0x3d, 0x1}}, {@namecase}, {@utf8}, {@namecase}, {@umask={'umask', 0x3d, 0x75}}, {@errors_continue}, {@iocharset={'iocharset', 0x3d, 'cp863'}}]}, 0x1, 0x1535, &(0x7f0000001380)="$eJzs3AucjdX6OPDnWWu9Y0jaTXIZ1lrPy04uiyTJJUkuSZIkSW4JSZIjCYkht6QhCcllSC5DSC4Tk8b9fr8kJEmTJCG5Jev/mZi/OnX+55xfnfz+Z57v57M/s55Z+1nvs+aZvfe739l802VojUY1qzYgIvhD8OKXBACIBYCBAHANAAQAUDaubFzGfHaJCX/sIOzP9VDyla6AXUnc/6yN+5+1cf+zNu5/1sb9z9q4/1kb9z9r4/4zlpVtnp7/Wr5l3Rtf/8/K+PX/v0h6ybFfrC15fVeAmH81hfv//z/8A7nc//9awb9yJ+5/1sb9z6pir3QB7H8BfvxnBdn+4Qz3P2vj/jOWlf3yWnAsXPnr0X/1DSL/yb+B+F4Xf8pXfp//cP+MMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxthf4Iy/TAFA5vhK18UYY4wxxhhjjLE/j892pStgjDHGGGOMMcbYfx6CAAkKAoiBbBAL2SEHCICYzPlrIQ6ug9xwPeSBvJAP8kM8FICCoMGABYIQCkFhiMINUARuhKJQDIpDCXBQEkrBTVAaboYycAuUhVuhHNwG5aECVIRKcDtUhjugCtwJVeEuqAbVoQbUhLuhFtwDteFeqAP3QV24H+rBA1AfHoQG8BA0hIehETwCjeFRaAJNoRk0hxb/o/wXoAe8CD2hFyRAb+gDL0Ff6Af9YQAMhJdhELwCg+FVSIQhMBReg2HwOgyHN2AEjIRR8CaMhrdgDIyFcTAekmACTIS3YRK8A5NhCkyFaZAM02EGvAszYRbMhvdgDrwPc2EezIcFkAIfwEJYBKnwISyGjyANlsBSWAbLYQWshFWwGtbAWlgH62EDbIRNsBm2wFbYBtthB+yEj2EXfAK7YQ/shU9hH3z2b+af/rv8rggIKFCgQoUxGIOxGIs5MAfmxJyYC3NhBCMYh3GYG3NjHsyD+TAfxmM8FsSCaNAgIWEhLIRRjGIRLIJFsSgWx+Lo0GEpLIWl8WYsg2WwLJbFclgOy2MFrICVsBJWxspYBatgVayK1bAa1sAaeDfejb2xNtbGOlgH62LdzMtT2AAbYENsiI2wETbGxtgEm2AzbIYtsAW2xJbYClthG2yDbbEttsN22B7bYwfsgB2xI3bCTtgZO2MX7IJdsRt2S38hG+CL+CL2wmqiN/bBPtgXE7P1xwE4AF/GQfgKvoKvYiIOwaH4Gr6Gr+NwPIUjLozEUTgKK4u3cAyORRLjMQmTcCJOxEk4CSfjFJyC0zAZp+MMnIEzcRbOwvdwDr6P7+M8nIcLMAVTcCEuwlRMxcV4GtNwCS7FZbgcV+ByXIWrcRWuxXW4FjfgBtyEm3ALbsFtuA134A78GBUAfoJ7cA8m4j7ch/txPx7AA3gQD2I6puMhPISH8TAewSN4FI/iMTyOJ/A4nsSTeApP4xk8g+fwHJ7H5+K/avhxsTWJIDIooUSMiBGxIlbkEDlETpFT5BK5RERERJyIE7lFbpFH5BH5RD4RL+JFQVFQGGEEiTDjmUJERVQUEUVEUVFUFBfFhRNOlBKlRGlRWpQRZURZcasoJ24T5UUF0dpVEpVEZdHGVRF3iqqiqqgmqosaoqaoKWqJWqK2qC3qiDqirqgr6okHRH3RG/vjQyKjM43EEGwshmIT0VTIS89QLcVwbCVaizbiCTESR2A70dK1F0+LDmIMdhR/E2PxWdFZjMcu4nnRVXQT3cULoodo5XqKXmIy9hZ9xDTsK/qJ/mKAmInVxXs4J3sN8apIFEPEUPGaWICvi+HiKjFCjBSjxJtitHhLjBFjxTgxXiSJCWKieFtMEu+IyWKKmCqmiWQxXcwQ74qZYpaYLd4Tc8T7Yq6YJ+aLBSJFfCAWikUiVXwoFouPRJpYIpaKZWK5WCFWilVitVgj1op1Yr3YIDaKTWKz2CK2im1iu9ghdoqPxS7xidgt9oi94lOxT3wm9ovPxQHxhTgovhTp4itxSHwtDotvxBHxrTgqvhPHxHFxQnwvToofxClxWpwRZ8U58aM4L34SF4QXIFEKKaWSgYyR2WSszC5zyKtkThlkPv/LOHmdzC2vl3lkXplP5pfxsoAsKLU00kqSoSwkC8uovEEWkTfKorKYLC5LSCdLylLyJlla3izLyFtkWXmrLCdvk+VlBVlRVpK3y8ryDgmRi8eoJqvLGrKmvFsmwD2ytrxX1pH3ybryfllPPiDrywdlA/mQbCgflo3kI7KxfFQ2kU1lM9lctpCPyZbycdlKtpZt5BOyrXxStpNPyfbyadlB+ku/Is/KzvI52UU+L7vKbrK7/ElekF72lL0k9AbZR74k+8p+sr8cIAfKl+Ug+YocLF+ViXKIHCpfk8Pk63K4fEOOkCPlKPmmHC3fkmPkWDlOjpdJcoKcKN+Wk+Q7crKcIqfKaTJZTpf9L600W8p/mv/27+QP/vnom+RmuUVuldvkdrlD7pQfy11yl9wtd8u9cq/cJ/fJ/XK/PCAPyIPyoEyX6fKQPCQPy8PyiDwij8qj8pg8Ls/K7+VJ+YM8JU/L0/KsPCfPyfOXfgagUAkllVKBilHZVKzKrnKoq1ROdbXKpa5REXWtilPXqdzqepVH5VX5VH4Vrwqogkoro6wiFapCqrCKqhvw0i+MKq5KKKdKqlLqpn8nXxVRN6qiqtiv8jPrS/gH9bVQLVRL1VK1Uq1UG9VGtVVtVTvVTrVX7VUH1UF1VB1VJ9VJdVadVRfVRXVVXVV31V31UD1UT9VTJagE1Ue9pPqqfqq/GqAGqpdFxh4Gq8EqUSWqoWqoGqaGqeFquBqhRqhRapQarUarMWqMGqfGqSSVpCaqiWqSmqQmq8lqqpqqklWymqFmqJlqppqtZqs5ao6aq+aq+Wq+SlEpaqFaqFJVqlqsFqs0tUQtUcvUMrVCrVCr1Cq1Rq1R69Q6tUFtUGlqs9qstqqtarvarnaqnWqX2qV2q91qr9qr9ql9ar/arw6oA+qgOqjSVbo6pA6pw+qwOqKOqKPqqDqmjqkT6oQ6qU6qU+qUOqPOqHPqnDqvzqsL6kLGaV8gAhGoQAUxQUwQG8QGOYIcQc4gZ5AryBVEgkgQF8QFuYPrgzxB3iBfkD+IDwoEBQMdmMAG4lLTo8ENQZHgxqBoUCwoHpQIXFAyKBXcFJQObg7KBLcEZYNbg3LBbUH5oEJQMagU3B5UDu4IqgR3BlWDu4JqQfWgRlAzuDuoFdwT1A7uDeoE9wV1g/uDesEDQf3gwaBB8FDQMHg4aBQ8EjQOHg2aBE2DZkHzoMWfur73p/I+7nrqXjpB99Z99Eu6r+6n++sBeqB+WQ/Sr+jB+lWdqIfoofo1PUy/rofrN/QIPVKP0m/q0fotPUaP1eP0eJ2kJ+iJ+m09Sb+jJ+speqqeppP1dD1Dv6tn6ll6tn5Pz9Hv67l6np6vF+gU/YFeqBfpVP2hXqw/0ml6iV6ql+nleoVeqVfp1XqNXqvX6fV6g96oN+nNeoveqrfp7XqH3qk/1rv0J3q33qP36k/1Pv2Z3q8/1wf0F/qg/lKn66/0If21Pqy/0Uf0t/qo/k4f08d1Gf29Pql/0Kf0aX1Gn9Xn9I/6vP5JX9A+4+Q+4+XdKKNMjIkxsSbW5DA5TE6T0+QyuUzEREyciTO5TW6Tx+Qx+Uw+E2/iTUFT0GQgQ6aQKWSiJmqKmCKmqClqipvixhlnSplSprQpbcqYMqasKWvKmXKmvClvKpqK5nZzu7nD3GHuNHeau8xdprqpbmqamqaWqWVqm9qmjqlj6pq6pp6pZ+qb+qaBaWAamoamkWlkGpvGpolpYpqZZqaFaWFampamlWll2pg2pq1pa9qZdqa9aW86mA6mo+loOplOprPpbLqYLqar6Wq6m+6mh+lhepqeJsEkmD6mj+lr+pr+pr8ZaAaaQWaQGWwGm0STaIaaoWaYGWaGm+FmhBlpRmWcqJq3zBgz1owz402SSTITzUQzyUwyk81kM9VMNckm2cwwM8xMM9PMNrPNHDPHzDVzzXwz36SYFLPQLDSpJtUsNotNmkkzS81Ss9wsNyvNSrParDZrzVqzHtabjWaj2Ww2m61mq9lutpudZqfZZXaZ3Wa32Wv2mn1mn9lv9psD5oA5aA6adJNuDplD5rA5bI6YI+aoOWqOmWPmhDlhTpqT5pQ5Zc6YM+acyXvp9dKbWJvd5rBX2Zz2apvLXmP/Ps5n89t4W8AWtNrmsXl/FRtrbVFbzBa3JayzJW0pe9Nv4vK2gq1oK9nbbWV7h63ym7iWvcfWtvfaOvY+W9Pe/au4rr3f1rOP2PqIALapbWib20b2EdvYPmqb2Ka2mW1u29onbTv7lG1vn7Yd7DO/iRfaRXa1XWPX2nV2t91jz9iz9rD9xp6zP9qetpcdaF+2g+wrdrB91SbaIb+JR9k37Wj7lh1jx9pxdvxv4ql2mk220+0M+66daWf9Jk6xH9g5NtXOtfPsfLvg5zijplT7oV1sP7JpNoCldpldblfYlXbV/611md1gN9pNdpf9xG612+x2u8PuzDwRtnvsXvup3Wc/s4fs1/aA/cIetEdsuv3q5zhjf0fst/ao/c4es8ftCfu9PWl/UJnZGXv/3v5kL1hvgZCAJCkKKIayUSxlpxx0FeWkqykXXUMRupbi6DrKTddTHspL+Sg/xVMBKkiaDFkiCqkQFaYo3UCZ5RWnEuSoJJWim6g03Uxl6BYqS7dSObqNylMFqkiV6HaqTHdQFbqTqtJdVI2qUw2qSXdTLbqHatO9VIfuo7p0P9WjB6g+PUgN6CFqSA9TI3qEGtOj1ISaUjNqTi3oMWpJj1Mrak1t6AlqS09SO3qK2tPT1IGeoY70N+pEz1Jneo660PPUlbpRd3qBetCL1JN6UQL1pj70EvWlftSfBtBAepkG0Ss0mF6lRBpCQ+k1Gkav03B6g0bQSBpFb9JoeovG0FgaR+MpiSbQRHqbJtE7NJmm0FSaRsk0nWbQuzSTZtFseo/m0Ps0l+bRfFpAKfQBLaRFlEof0mL6iNJoCS2lZbScVtBKWkWraQ2tpXW0njbQRtpEm2kLbaVttJ120E76mHbRJ7Sb9tBe+pT20We0nz6nA/QFHaQvKZ2+okP0NR2mb+gIfet70Xd0jI7TCfqeTtIPdIpO0xk6S+foRzpPP9EF8gQhhiKUoQqDMCbMFsaG2cMc4VVhzvDqMFd4TRgJrw3jwuvC3OH1YZ4wb5gvzB/GhwXCgqEOTWhDCsOwUFg4jIY3hEXCG8OiYbGweFgidGHJsFR4U1g6vDksE94Slg1vDcuFt4XlwwrhI/dVCm8PK4d3hFXCO8Oq4V1htbB6WCOsGd4d1grvCWuH94Z1wvvCMuH9Yb3wgbB++GDYIHwobBg+HDYKHwkbh4+GTcKmYbOwedgifCxsGT4etgpbh23Cq8K24ZNhu/CpsH34dNghfObn+fsXZc4/8Zv5hLB32Cd8KXwp9P5eOT+6IJoS/SC6MLoomhr9MLo4+lE0LbokujS6LLo8uiK6Mroqujq6Jro2ui66ProhujG6Kep9zWzg0AknnXKBi3HZXKzL7nK4q1xOd7XL5a5xEXeti3PXudzuepfH5XX5XH4X7wq4gk4746wjF7pCrrCLuhtcEXejK+qKueKuhHOupCvlmrsWroVr6R53rVxr18Y94Z5wT7on3VPuKfe06+CecR3d31wn96zr7J5zz7nnXVfXzXV3L7gebkKui4/JBNfH9XF9XV/X3/V3A91AN8gNcoPdYJfoEt1QN9QNc8PccDfcjXAj3Cg3yo12o90YN8aNc+NckktyE91EN8lNcpPdZDfVTXXJLtnNcDPcTDfTVZ518Shz3Vw33813KS7FLXQZ54ypbrFb7NJcmlvqlrrlbrlb6Va61W61W+vWuvVuvdvoNrrNbrPb6ra67W672+l2ul1ul9vtr7m4qNvn9rv97oA74A66L126+8odcl+7w+4bd8R9646679wxd9ydcN+7k+4Hd8qddmfcWXfO/ejOu5/cBeddUmRCZGLk7cikyDuRyZEpkamRaZHkyPTIjMi7kZmRWZHZkfcicyLvR+ZG5kXmRxZEUiIfRBZGFkVSIx9GFkc+iqRFlkSWRpZFlkdWRLwvsDX0hXxhH/U3+CL+Rl/UF/PFfQnvfElfyt/kS1+sO837W305f5sv7yv4iv5R38Q39c18c9/CP+Zb+sd9K9/at/FP+Lb+Sd/OP+Xb+6d9B/+M7+j/5jv5Z31n/5zv4p/3XX03392/4Hv4F31P38sn+N6+j3/J9/X9fH8/wA/0L/tB/hU/2L/qE/0QP9S/5of51/1w/4Yf4Uf6UTFv+tGZb5FhvE/yE/xE/7af5N/xk/0UP9VP88l+up/h3/Uz/Sw/27/n5/j3/Vw/z8/3C3yK/8Av9It8qv/QL/Yf+TS/JPOisV/pV/nVfo1f69f59X6D3+g3+c1+i9/qt/ntfoff6T/2u/wnfrff4/f6T/0+/5nf7z/3B/wX/qD/0qf7r/wh/7U/7L/xR/y3/qj/zh/zx/0J/70/6X/wp/xpf8af9ef8j/68/8lf4H+zxhhjjDH2L5lweSh+PXPxcn7v38kRv7hzHwC4elv+9F/OZ5xRrs9zcdxPxMdmfH26V5eHMm/VqiUkJFy6b5qEoPA8gMy/BGX4+aMHl+Il0AaehPbQGkr/bv39RLdz9E/Wj94KkOMXORkFZcaX1/8cABN+s99+4rEnRi0sF56J+3+sPw+gaOHLOdnhcrwE2vx8faU1lPkH9edt+U/qz/5FEkCrX+TkhMvx5fpLwePwDLT/1T0ZY4wxxhhjjLGL+omKnTLff2Z+4vP33p/Hq8s52eBy/M/enzPGGGOMMcYYY+zKe7Zb96cea9++dad/f1Dlf5T1Lw8aw39qZR787sB7gMzvKAD4gwsCZAzkX7mLLX/JsRIvPXT+fmr5WR/A/45W/hmDK/zExBhjjDHGGPvTXT7p//X31ZUqiDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYy4L+iv9O7ErvkTHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGGOMMcYYY4wxxhhjjDHGGLvS/k8AAAD///P/+v8=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x1ce)
epoll_create1(0x0)
getdents64(r0, &(0x7f0000000200)=""/179, 0xb3)

2.681265238s ago: executing program 3 (id=554):
timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000b80)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000001000/0x3000)=nil, 0x3000, &(0x7f0000000000)='gretap\x00')

2.423227935s ago: executing program 3 (id=556):
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0)
ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r0, 0xc08c5332, &(0x7f00000001c0)={0x4, 0x0, 0x0, 'queue0\x00'})
r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x8882)
ioctl$SNDRV_SEQ_IOCTL_SET_QUEUE_TIMER(r1, 0x40605346, &(0x7f0000000400)={0x0, 0x0, {0x0, 0x2, 0x0, 0x0, 0x3}, 0x1000d023})
write$sndseq(r1, &(0x7f0000000140)=[{0x1f, 0x0, 0x0, 0xfd, @tick=0x4, {}, {}, @raw32={[0x0, 0x8]}}], 0x1c)

2.422173495s ago: executing program 2 (id=566):
timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000b80)=<r0=>0x0)
fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000040)={0x0, 0x0, 0x10001, 0x5})
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0)
prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000001000/0x3000)=nil, 0x3000, &(0x7f0000000000)='gretap\x00')

2.202119141s ago: executing program 2 (id=557):
r0 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000100)=0x101, 0x4)
bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @rand_addr=' \x01\x00', 0x3}, 0x1c)
r1 = socket$inet6(0xa, 0x2, 0x0)
bind$inet6(r1, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast1, 0x1}, 0x1c)

2.194259181s ago: executing program 3 (id=560):
r0 = socket$kcm(0x11, 0x2, 0x300)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001540)=ANY=[@ANYBLOB="bf16000000000000b7070000000100ff487000000000000050000000000000ff95000000000000002ba728041598fbd30cb599e83d24a3aa81d36bb3019c13bd23212fb56fa54f2641d8b02c3815e79c1414eb07eae6f0711e6bd917487960717142fa9ea4318123f602000000000080de89e661168c1886d0d4d94f204e34ff65c26e278ef5b915395b19284a1a4bc72fbc1626e3a2a2ad358061d0ae0209e62f51ee988e6ea604ce974a22a550d6f97080980400003e05df3ceb9f1feae5737ecaa80a666963c474c2a100c788b277beee1cbf9b0a4d3881dcc7b1b85f3c3d44aeaccd3641110bec4e90a6341965c39e4b3431abe802f5ab3e89cf6c662ed4048d3b3e22278d00ce00000000d3a02762c2951257b85802189d74005d2a1bcf9436e192e23fd275985bf31b714f000bcab6fcd610f25f5888000000003f11afc9bd08c6ebfbb89432fb465bc52f49129b9b6150e320c9901de2ebb9000000018e3095c4c5c7a156cec33a667dccaff950ca1e5efdd4c968dacf81baa3a509b1041d06f6b0097c430481824a3f4fddd3c643f630ba175d876defd3541772f26e27c44cfdb2d85d6d29983e830a9cdd79837b3468e8c67a571d0a017c100344c52a570dd39877dfb2ff1ae66e1ce917474b2e650ae630afd086004c4a56c6cce6e51723257c872c5255f20100000000000000f041b665ab21372c8d8b7bac5b5c784d20a4a24d8dbd75062e1daef9dead619cc6e7baa72707157791c3d2a286ffb8d35452bb5d36c2a8682bf7ecbd53f950ef4709ec01e230d2f53594ef4839c6130c4c13a0cca84b9935f771fd49e480cd9d48aeb12b1d6acabd38a817bcd222614d1f62734d679039a97d2b74f9e8e997ccd314000f7477137f4e8e7025123e783df8b8a17e3aa9fe1f662aef87a065b03cfb65b4dfe4f1b56e1f23128d743753a1de172d683d5892ce9414a1d98ea93e3d35dbb6c23b90cf36e83b8a434a97d09343d7f83079ccb02e69d384146056d125cfa788237874dd42dae334bda042819a2aa24dba1c25be2794448b4f63483026b5e34d44705b76ef29241adab0dd7d68bf975e02069f6f2425e1bc97a3d588085f16bef63a06578d4f5de7bfb6aaa75f16996d536256c02284cb1d3a6fb8cae87691fae365a70c3fc69e1565bba8dd8a8ca049f798abe646f738bebd69413afc9d8a5edd7aaa000000000000001e6c2f2a287c5278a218dbfaffffff00a14db5cfa6819eb1d39c48cfdc80d215c9e16e0c4736c819363154cca4e2f89800d18c89d7f46f679df6c9e2952ae1ebfd0ca88368ee6ce139e8b5822c22cf2e9dde943d34c432e1001171792c65986146666a5490928441f47e0fe5eac41824ca1fd0eb71aa243c88d5480efd8329d9a733d8f9ffffff5f912ac4e34bf6ea8a86da707b03bddb491ba0cc98f6be92c50008a2b50025419d1476c73132ca7ca26ce8a7e3ffb700f09e157f9b844051f1a642aca9ff98c9036471ccff0522903e7bcf62e18f7696bbc280b95e8e0d6fd5644b0ebde3a95b06548862de809d3dae3cccf109f7c78e8479a345e800000000000000000000009455bf417627ce723a5d9103706aba69279500bb82f6b5a3ddc0bd9856712945b70c75ce5b722578820820d010d7a3cffc99fc647d0b82ef26ab708c0b19ed144be51c3b398f0e6bb7a30006000000cba12953d58cff0f0378740fe6662f377b97d8e7cdb047acd083d3cd3856476a60a49ad127ba6570bafc2bbcf9ee721fd9cb467ff071e5604fbf0491245c0000007d932d7a64de4c4aa433fc0840aff7c47da3a4c6966d0000000000000000f6bfbae29e8a6e2a889f6ef6869d82d6bd73eb76b65c7a35a54a4a6b8ad4600e3a972a0bb5971a5f16590b0a03dafa3fd1118765cc8ab9fccf3b51c41a339f200f2fa33006910a679a9ae0187b4d750c4bd244cb0cbfd23b265f4d4da448a7a0d19c5e430a31609dfa2dde267551467eb6475293dd7012cc449009981f22820e57a0eff234ccfe21d7a2302e000669753d3c3432cc14ee1abe724adb6b5431befedd3e22971118f0e21aed1823cb7dde8212a8531bd9691dd4cc6a370e9eb56b3d790b98f2bd0db1e5de6a146597b2cbb7103040d2a39d7965d34df524b760ab92efcce7dd1574052c735935bf6a752c015c7f5ffee9ff66e5dd2866b15b6e0d17618cb1f5c1ee4b051f47db7aa110f499f840a5c965443d725556351ee25fe09f69494b053678dcadcf02e063dff2fa4bef1ac3bbbebe6c74d71ec3b23e29895eff1d1017024fe3e8cc759b05785adc346b7ffd05963f92c1d0d7d90ba878ad89e490f3e29ac51d30632869a534418f916bf6fe8167827a8e6c8f8b391c822805cb0adf1b8bd6947ff208753eb0d208ce14f7b206b2e02c21e963abc5ceb735c1b3c46b0a843de52a903375dfb663a8d8ee9c2b2705c1a81d9d3b9656b219c8cd99c9cafcd0d0540884d97aecb19983fc6af29ab44a82aff9cba921192c665b877af6539bdb1b567f481ba07982e7ad758f4e1eac69e7e88a63960975f490e161e371ec8534791e3b61c685d900a9c0839208356b53750e76fcc3c2d1bddcbd83897921414d0c02e8188f3df79ea2a5c5444004830e6cb227ca1bdafb977c00000000003a417193b8c5d793687335a930867094fd6a78218218e04b705ec62f1608cb569b81914e68f175b392af6bc4fd2121d7fd276af2c97a441b56e7a0687d98b8e76d8d0d231e4fe00be1de76bd19cc12e2bd938eb681ed6bc951c1b4f7c51af59eea4d40c6000000000200778a677b72786311153271a3313da02645e11761699e4d04ac86dd14ff7b9a10d3fa74696fe3953a5b7706bf5d1faba4b18808d9cb0e9db696dec4e0820ee4028d7225a2c9c427cf64cbde6fba056b2006b7a37c1181d530fb865e235cd302f3b4071ee5237ada986b9e5e3144bf479f277f10656ad3744037ccc9c63685a6f1109d2ea73773d3635f61497f1fa1ea4a16f601800bf3e59141fbf05a96113320c445f9ba8596970d5254727e804fbd99ccefb7c09269dd2c5c25e56e169ac15980f3f85f7ca36dd5950ef5b64fd46f123311829534a82940994199b3cf7a8fabea9930952f5da9b909c1946e55289f668c423fcbb31ae91864c882313151741a67538c9689dc8ecc9903c7041e5c0704e2fa55a756487517a7445cbd9e3f5175e41c0000000000000000000a000000bf98efd587fffe326f474b0b089c017b16c0062cbce96f5adebec52a79f9363909842f79c50a1520be46d87003137e4c5031f00123e812a5e37cd52c9eb7336281cb8c6ce9934b157d7875a70eaf103cb3938e2361c51cd1eab8a26b232acf6bf0ab829c26dab637538b2eb1420d812d2b80c777710ba0f18e4661681aa218d9ba54023ab4305d77eb15611ae2545835e9d30e9f6d4fb43a291c69545a1eea0f8720431132d8549f99bf6c5cb060da70cbb59d0a000000000034d083fc37d2449f72de0cbea4bc1dc89c136cdbc504f849d5502d77a95c7bfff4cd9c03058d0d4d07ea64824f1acf2b39389f675f39d01719cdbab3f1ce10609c8d7b3e37cb99b41da5e485a441b6a103549f55ab09dc98767763d1f2fafd45bb7d2b40050d1f8292f4d9ec6d0000000000003932062290f4996fdd55b06023437e9e2072daf7f5d82f6f1b5b89a41134f4dc2e65bb11272fdf8c8141f41d6160b3d8b6ecd16d14267f61b4881adee7f07f3d6af5ae79e16fe2c3f55ac7a6392d2e1d9b4286b6c3e1f5a76b85ed6e1f0000c67e6c5fcdc8c39381be4799b8cb2d08b8262c807dd755e22b801162381aa9d1af2bbc9cfd497585337eac408b8475b47a392a10cae349160f128e5f873a58064eb400c36a90624f6aed398a215e9ce64522ab249f67c38a656d32ecff5cdb2b039c4abf349d2c0f88a42e9189bbfa7f5cf35b6e7ef8f9d33163b7ea875583e3aec4714c9c4ca3ecb04f2720237615a28bf310b58ffa2a103216fdcc8c2d8f5d55e5e7ebf147105272aaae56e86d856b3cf79a3f7306436762dd1a08ce873e07cebc7892ec6f9f696da38feed3dc0001500e34adae1ba89a32bad2af9030f840f1ba46cdadd5cbacc59352c290f55d971b65953533668c25f21d8d62d849e9058eaa97c63491568887548f668cdbca2abf01a361a0b64d8b523e669da350e3ec7445dfbf366b0b3bc5e76824a1e43eaaeca70db90f2fa39596443447671933079a24fe3681ad9ac361f71ac279a688f10a1cc4df1112105edebc5e3bbc394c8305ab129ca2dfb9b7c5e9d097bd01b495cccefddce569117f7f5d6a6270ff0f0f4c371029ca8489571b55841bf3dd003bc81460eee57ceb3c33f4e9300b0144fe040cf5fcfcbb616c2070237881afdb314cecd1623f3e55ab8b7627fa1be349145a8d6313cbc790eefe2020138e82fb9d351be4ddcbcc9bc048dd3db5828d16baec6e07a007f0030f34ea3cfd524d6fa1d45da5641d6c94e1d3ae7fba1c85035d2a60ef1696e0d96aa1c60019f73ae0aa6113cd66ef26b5777337c26e1461405d86fdf091edd526f25cada439bb3609ed5c35ab60a539ade786bd6004d0ea3edbd6c4da0d8e8be8c771c8c8a0b07d9859e04adb18964dcce9bce546074c26dffbc2df372a016e8c845d4257000000000000000000000000000000000000f29657697d9c2b132b2dc2f5ea5122836582a7e85fe2bc166f17aefd9d861de0191f5277d4a3b5afb6f23d9eea2459f7844606e1202768d83c24cc791bde44a448022bbfa571fe029a7b2d5152639ee283894ab6168992ff0acc01b39a078f285ce615351f262019586eb9447bb3eaffd7b53d8f37ca6c5f1027dd5b7592996c8a7789ba108979cc9ad07ed86682843e2eaa855dd01443ee6ffde1811f10039d5d14458177096e15cc4d8f2582a1bea5ccb9f10f615c87c441dc50a244bc138a1cae9868c3079bafe69769000000000000000000e99b63029d219cd3545a8426b56554a9f265d3557eefb3602894507c256cb8ee9ebadfecb6afeb84ba757bfa8d00a5af0dd6aa1e8144ef8ef04410d52204c335408941b8eccc5c734cc6a05247142ed647f89bcb5c043acfb382b9cc918bc3cdc368983157851cdf678800aa7eb2a6cbc12c7ae23bc88b8f10223ab2a093429f3f6965bc5af0114cf6f246e891e20ecaad7059866506c3000000000c3230e901e885b7a4a36bdfdb5ce7a2e5807a0f4c1d461d1243fccf51b875b49490cd7d044e7a1e1a4c013fae1f070a8a37ab90da2efc6c875b3aab34b75a252072691fc97bef0fed8ee597ab83bb53f89c36bc2ee3ad54904542f66dc94132df75fc9944882d6f2e13b7057e0000000000000000000000000000000000001b726c0ccd24000000000000cfd2f4d005578b9ed06e1c41ef3b411066739de953d39b968caaca1507928d68c8f052"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffffffffffe89}, 0x48)
setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000000)=r1, 0x4)
r2 = socket$kcm(0x10, 0x2, 0x4)
sendmsg$inet(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000280)='\\\x00\x00', 0x3}], 0x1, 0x0, 0x0, 0x1f00c00e}, 0x0)

1.936883799s ago: executing program 2 (id=563):
syz_mount_image$btrfs(&(0x7f00000055c0), &(0x7f0000005600)='./file0\x00', 0x0, &(0x7f0000000040)={[{@compress_algo={'compress', 0x3d, 'zstd'}}]}, 0x1, 0x559a, &(0x7f0000005680)="$eJzs3X2QVWUdB/Bzd1lYZGI3BMGBFShfQEIhpVRS7kBBuDJtkjU2GQtioaAwzBI1ii04WLgam1kz5QxCiwjDUmszGmXlygyQk9PWjIPIgjLThjG9SMXEFjU2e+99Lveey+5eyVxfPh9m99zn/s7znOeeOX/c72WfcyMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACIoujgjtr/rB1ZV75+06hFt199cPSq0RNWVDWdHHWg+rzdl/absWjovuntdw6b0bH6SPX65tsu6IyiRKpfItN/3vSPX/+FufPmlIcBaz+Z3lZWdnfIdNfD6Ub/vCe7+uX/zI+iqCw2QGlmu7s0p52IHyBaXjhgj8pmbVsycEGyduvmp+ouX7J1XOFLp0t5X0+gr2Suq45T11Iy9bsktke2nXPpJfIu0XT/+AX3prwIAOB1mVST2mTfjmbe4mbb9fF6rJ2MtRtj7fAOoTG3cSbS4/bvbp5j4vU+mmcyHRUGdDvPWD1z/rPtmnj/WDsWNV7HPPN3zUSa8u7muSxW76t5AgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALyVvFa3Ys34z714sOyX549bvfLk4WvLL3zoq/8uWXrzS68dqlnzl7ah+6a33zlsRsfqI9Xrm2+7oDOKKlP9EunuiWknXr1kYvWcUeuf+N7ETc+OP16aGTds++XsHO0PD66siKIFOZWOMOzRwVFUk19INaPvFhZuTT2YHQoAAAC8k5yb+l2SbafjYFleO5FKk4nUvyAdFstmbVsycEGyduvmp+ouX7J13JmPV9PNeMnTjpdtV576SeQE4xB/4+OdqoddlxeM07P4iPE8P+X5l1+oGHHtT5+pOu+mlde/NPKax9tmfnP48UX7K+8YtGrc2CsK8n9lz/k/nDn5HwAAgP+F/B8fp2e95f/PzK+75Y5HvnJszD2HVw66+8H9G4eVH7nplsn7/jj8hosvvqz2xoL8PybvkAX5P8w45P+S6MzyPwAAALyV/b/zf7JgnJ71lv/bhzff/MB7Di2sbOt4evtlK/b0X3j1RUMOPHTR3In3XjdozPkNBfl/UnH5v1/utMOTz4UJL66IoknFn1QAAAAgT/h/91MfLYS8nv7kIJ7XW+dtGd3y6swvTxj78KH6P1Vtnvj5jUMe37lh5jd2PXf3/RPbzi7I/8ni8n/Zm/NyAQAAgCI0HTpnxNBPJ38e3X/01vnf/+yuR+9b+sWrLtnbOWvC2l9UP72jviD/1xSX/wf0zcsBAAAATuPE+GsW/mPnkd9e1/yJ+5qO/v5Lq0p/NaNp9/62hqZ/bh81e/XkgvxfW1z+Pyuzzax8SHfaE/4K4VsVUVTe9WBZurA3apyWLQAAAABvkJDT75ryfMm9A6edu2Xub06Me+KFPZ/aN3vxhnPWTGp69n2tiz9y4WMF+X9Zz/f/D3c6COv/8+7/V7D+P6eQvuvfVDcGAAAA4N2ocD1/uD1++psLuvv+/WLX///w6xv+mqiqf/ID8342q/P9zT/Z2zr1wZNVf5hz/OGW5MgnL32xIP/XF5f/S3O3b+T3/wEAAMAZeLt9/9+NBeP0rLf7/7c980j1o1d+6GtXza2buuN3H77iz68Mn9qwPXpl+UfbFx342K5fF+T/xuLyf9gOyn15reH83FMRRSO6HmTuJrgtTHdxrNBSllNIn/hYj7mhR6bQMiCnkLIs1uODFVE0tutBfazw3lBojBWODc4UNsYKbaGQuR6yhR/ECq3hSvvO4Mx044Ufh0JmgUVLWEExKLskItbj79316Cqctkd79uAAAADvKiE8Z7JsWX4zikfZlkRvO5zV2w4lve1Q2tsO/WI7xHfs7vmoNr8Qnv/Rt294ecBdD2yom7Jl04KqhrPX/euxyZNuX7Z2Z93SziF/W7euIP9vLC7/h1PRP73pbv1/FNb/Z77XMLv+vzYUKmOFllCoid8xoCYcIx12G8IxKmsyPY6NyBYAAADgHS18LlDax/MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA/7J373FW1nXiwL8zzIUZhplRMS+RISaKwTCMKYaZID/TnwQOq6WFJgSDjgxCXEzQTUTd1VzB2+ZtE0jdtIwoNbVUeGnekspLsKl5SfHSK41lS5Js133NnPM9nPOcOc5BQBn3/f5jzvecz/f6nMuc7/M85/sAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD/N2z85GVfeHmfj/xg3cKBi1eP+krfI4cMn3DMNTceu/jhb0/e777f//8+aw575sydR60955XRi245de+3QmjuKFeSKl5y6F/XNQwePabvotuvGbz0kYF/qUjXm46HXu1/StN3zoutru0dwh0lIZQlA4NrUoHy9P2aWF/fmhB2CJsCmRIt1akSyYbDA1UhLAmbApmq7qoKoSYrcOwT9624uD1xRVUIe4cQKpNtPFuZaqMqGRhQkQpUJwPTy1KBv76TkgncWZoKwBaLb4bMi355c26G+s7LFXj9lW+1jn2wksPrERP1hfO9MXIbdypLRfKB5i162vKqY5vIe3us9G7rBu+2vO18iact+4tU+hvKO5tClaF0csuUiXPaZsdHSkNDQ49CNW2j5/np9WdN2px0t3kdxg7Ub5XX4aoLe49d/OhRw2+tG35Dn0ELN25pNwtt3m2tMqRfc93meYxG+DzpBm+/vG9J/XzpCiHsf9v42798wcs3L7h87K4HPbHTsDc+u/vdLT+75YTxxx++fsVXf//jvPl//bvP/+PLOd6W5uSOrb5dm5qbx0dqYmJdbWpuDgAAAN1Gd9hr+srq/5722X3HDX185OrqW2+659SL7/v8tT9r3a/t4bE77fj8vvN+lDf/71fc8f94yL8me7QrQxjRkTi3LoRdOx5PBW6O3flqXQh7dqSacwMjE4GVIezWkRiYqSpRomcs0S8ReLU2HRiRCDwYA82JwI0xcEkicF4MLE8EJsXAykTgsBgIrbnj2K82PY6iA1UxMCG1EZfHsxD+XBtbS2yrZzJVAQAAbCXp2WF57t2scx22NEOcXi6v6ipDPAO7YIbKRA3JGWxmWlWwhrKuaijtqobMuOe/+/Dzai7pqua80zBKcjNcWXXLpT8aNumNu2e8tOG0Iz7x2quP1S/96afXXfPGU9Mr79/j8ofz5v+N7z7/r+ykIyV5x/9DGNfxN+YuTUfaMvEJzTkZAAAAgC3w1sADvvydsq/NfeH3jwz75K+vfez1lQ9/dO8zb1v7/Bk/+NZ3au4fnTf/H1Hc+f9xn0iPrMxhVdwNMbUuhMbcQKrag/MDqaPevdIBAAAA6A4yx+Mzx8Jb07epU7ST8+n8/M2bmT8e+B/Raf7131p2/Y6feGT2Q7W3zXhqw+NfWTl64bEz3xh05dmP7HvoQU+N/Gze/L+5uPP/q3NvU514MPbi8roQemYFHoq9bA906BcDLxyaG0iP/8G4AS6KVaVPTMhUdVEsMSEGGhOBJYVKPJYpsWtuIP1kZRo/NzOO1nSJrAAAAAC87+LugHhcPp7/v2LBXZf9x41/umzVgUtnnzz98de+V1H5zknL7zyxzwX39li008hJefP/CZt3/n/HPDjv9P62XiEMKQuhR/KHAauqUwsDxkBNSTpxT3Wqrh7JqhZUh3Bw+8CSVb2YXv+/LLnG4JNVqapiYNf+N60f0J64oSqEIdmBNeOXHtCemJMIZBr/YlUIH28fbbLxn/RMNV6ebPyqniHskRXIVDWpZwjtjVUkq7q/Mn0dg2RVyytD2CkrkKlqWGUIcwMA3VX8Xzo5+8FZc+dNndjW1jJzGybiTvyqMKW1raVh0vS2yZUF+jQ50eecdYzOyR9TsZe++V16jaLVx0ytKyad+aFgY3Zb6R35eWcOpu/HL0PlHeNsKs+5u39yyPvuld9EyPoqVWjIpdt4yNXZlWx6EvPqj/krQq/Qc86slpkNZ0ycPXvm0NTfYrM3pf7G40ypbTU0ua2qO+tbES+PgstlJbzXbTUgu5Ihs6fNGDJr7rzBrdMmntxycstpwz7VNKxp6P5NjUPaB5X+28VIB3RWc2Kk7ywtclhbcaS7l2VV8n58aEhISHS3xE2Xj39m0UcXV3538UmXPHH++WefcvrOt1057ft9p48fdOXnlkz9et78f8a7z//jp0784E+vz1Do+H99PMyfenzTYf4JMbCk2OP/9YWO5mdODOiXCMyPgfkO8wMAAPDhEHdHxr2Zcad07SvfOP1/Tjii9NA/HP2LpqGDdrnw1qkDbnx94+kf23vekmvLKvKv/ze/uN//b6X1/zNL1x9VaJn/gbFEY6H1/5PL/GfW/59faP3/5DL/mfX/l3wA6//PyQQSm+TP1v8HAAA+DN6/9f+7XN4/eYGAvAxdLu+fvEBAXoYul/Ev9gIBm73+/89/XrbDx47YrW/ZF56YuNedB/7mpGkP7vKjUVev+3RT/TfPWPPzZXnz/0uKm/9buB8AAAC2Hyfs+6UBC14a8vVzpj/ww8Ezdn7purOfH3HPL4/75MYxfddVr+v76bz5/5Li5v/v//p/odD5//0KBZoLLQxo/T8AAAC6qULr//3t42d987p+O24Y1O/M29+6emrJ8L2fO/XXbRc9NOrwj435xyWTrs2b/y8vbv4fT7sozckde/N2bWpNu5Bc025dbeYnAwAAANA9lIaGhvIi8+YsjDryvbf5dHop0HdLZ9vtE6vWnHvvdX8fcvP5C9Ydf3rtQUf+oeyQOydf99KCU/boX/Pc2rz5/8ri5v85v8tYdWHvsYsfPWr427fWDb+hz6CFGzcd/wcAAAC2nWL3SwAAAAAAAAAAAAAAAB+8Y1b95Kz/+uWY4+4cNu/qR3d+/OT//PqsM1on/aLtiHUHPLv0hk/tk/f7/zCuo1yh3//H6/7F3xf0yckdW+16/b/0/WNHL5vbsWThqtoQ9soOTF0wdYeQvjb/PtmBFScO3KU9sSBZ4u7nDnu5PXFSMnDk4B03tCc+kwhMiIsk7pYMxKsqbuidCMTlFZ9MBuL2WJ4MVKQDF/ZOjaMkua3+UJPaViXJbfV0TQh1WYHMtrqjJtVGSXKAVyQCmQF+LRmIAxybDpQme7WsV6pXMVATiy7uleoVAADbrfgtsDxMaW1raYxf4ePt7mW5t1HOkmXn5FdbUmTzv0svTbb6mKl1xaR7JL+LbrrWeHmobB/C0Lyvq9lZSjpGuXVq6WLT9Skw5K5WeystUC5pczddReERVaVG1DBpetvk8i4Hvn/XWZrKuswyNG+yk52ltGOTFlFLEX0pYkRFbpsiuhzvl4aGhh6JXMNjsD7k6OoVUezv9bPX+Sv0KsjOs3zUQQOOW/bcgRMWPXnQtKnhI5e9M2Li5FmHXPHiU0vnjxw0oUfe/L++uPl/Zfa4NqQvBjA/Xlnv4LoQJhQ5IgAAAPjwO+W05y674P5LX32hecDL04dcuuK3c6+aV1Z783mHP3336W+OX3jSlsYHDHtj6Kl3/ebcjU2jHrqy99X3X7PTkXU//H/Vvea+tWLQmy/cvVfe/L9fcfP/uAcrfSg4tbdjZbz+/7l1IXRcWr8+Fbg5DverdSHs2ZFqjiVSF9Q/KpZoTAVujjtMBsYSE5pzq+oZA8sTgVdr04GVicCDMZDeS3FTSO/KubQ2hAM6UuNyS8yIJeoTgaNjoF8i0BADjYlA7xgYkQi83jsdaE4EHo2B0Jq7rW7tnd5WAAAAmyM9zyrPvRuS87zlZV1lKOkqQ3VXGUq7ylDZVYZCo4j3fxwzlCdOXinJylSerLUqUUtehngx/M3uV16G8FhuzmTBvKbj+QeZ8w1KcjNccWbF9Dc/33/R8UPGrB/ftPhzc38a/uHtOW9d8OYvz6977pqNJXnz/8bi5v/Vubep1h+M8/9N1/9LBR6K3bs8njreLwZeODQ3kN4x8GCc7F6Uqao5XSI9ab8olhgRA/0SgRkxMCIRmDAuHViyS24gPdPONH5upvHWdImsAAAAALzv4g6CuJsmzv+fXTv+iWnjf3vQZX1nLzx/+VFffvrXx736i3t73v3d/osebitZuzpv/j+iuPl/bK9XdmPnxd6s7R3CHSWbepMJDK5JBeJ+jJr48/i+NSHskLWDI1OipTpVoiLRcHigKvUL9YpkVXdVpdYYiPePfeK+FRe3J66oCmHvrL0vmTaerUy1UZUMDKhIBaqTgellqUDc85MJ3FmaCsAWy+wVjC+o9KkuGfWdlyvw+vuwXBM0Oby8faCd5OvsN1fbSmXygfQ+1YzNe9ryqmObyHt7rPRu647vtnrvtuwvUulvKO9sClWG0sktUybOaZsdH8n+JWuebfQ8Z/9KtZj0Vngdzn/vve1aZbIDjYmPj8bOy3X+OiyJ1a26sPfYxY8eNfzWuuE39Bm0cGPR3Sgg/lB45rCr6rM377ZWGdKvuW73edLs86Q7/hvo52kLIYy7d+xFjYfcuHDSiP7X73xH7fDLvzT4lkMbnx1XM2eXw8e89sV5efP/5uLm/2WJ2w4b48acVRfCvlkbd1Xc/KPqUp+DWYHUp+RO+YHUIfeXagt+cgIAAMDWltndkdlf0Jq+TZ0Qnpwn5+dv3sz8cX/FiE7zF9vv/lecsnL0hAN/23f8XoccvM9Zdy04er+/Tbz+tT9Wj5z0wPd+tfr6vPn/hHef//dMdNPxf8f/2UYc/+/U9r4rumfygflbtCs6rzq2Ccf/O7W9v9sc/++U4/+O/3fG8f8uOP7fqe39acv7ljTDl64Qwr9f/vm/vX3Pbv02LC393pQH5vU//rLvL1r2k52f+efH/mn69H33/FXe/H9GcfN/6/91vmhfZv2/CYXW/5tRaP2/+db/AwAAtqkCC80l53l5q/flZUiu3peXocsFArtcYtD6f5u9/t+L/3Lpgr2mjv3GiWc9dnDvR+tHrRkz6O8nvbrnmuuevHLoIyf8/dt58//5xc3/48uhV3br3WX9v37jClR1SQzMsDAgAAAA26NCOwgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4YJ31xynnjVjw+J+ap39l/fLx32nd8fGHprzefMQPRy87es0pu5xyb581hz1z5s6j1p7zyuhFt5y691shtHaUK0kVLzn0r+saBo8e03fR7dcMXvrIwL9UpustT99+NCd3bPXt2hCWZD1SExPratvvbAocO3rZ3LL2xKraEPbKDkxdMHWH9sSNtSHskx1YceLAXdoTC5Il7n7usJfbEyclA0cO3nFDe+Iz6UBJsrv/1jvV3ZJkdy/uHUJdViDT3VN751aVaeOIdKA02cZ3a1JtxEBNLHpVTaqNGGiLJVp7hjCkLIQeyaoeqUxV1SNZ1U8rU1X1SFZ1dmUIB4cQypJVPV+RqqosOfLHKlJVxcCu/W9aP6A9sbQihCHZgTXjlx7QnpiZCGQaP6YihI+3v2SSjd9anmq8PNn4v5aHsEcIoSJZ4s2yVImKZIkXy0LYKSuwaSOWhTA38OEQP30mZz84a+68qRPb2lpmbsNERbqtqjClta2lYdL0tsmViT4VUpKVfuec9z72360/a1L77epjptYVky5Llyvv6HJTec7d/bf33sd+VWdXsun5yKs/5q8IvULPObNaZjacMXH27JlDU3+Lzd6U+tsjHU1tq6HdZVsNyK5kyOxpM4bMmjtvcOu0iSe3nNxy2rBPNQ1rGrp/U+OQ9kGl/26NkS59/0e6e1lWJe/H+19CQqK7JUpzPt0at/fP8bwv+ps6Wh4qOz6g86YV2VlKOka5NQY98j2O+L18TelyREPzJg55WZq6zrJ/3mRiU5aqVJaOr3V5k8Psmko7Nmm8XxoaGnoU2g71uXezN+8bW7B5n05vumLTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwv+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwLAAAAAAgzN86jJ4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAD//+GI8JI=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x44080, 0x0)
ioctl$FS_IOC_ENABLE_VERITY(r0, 0x40806685, &(0x7f0000000040)={0x1, 0x1, 0x1000, 0x0, 0x0, 0x0, 0x0, 0x0})
read$FUSE(r0, 0x0, 0x0)
io_uring_register$IORING_REGISTER_RESTRICTIONS(0xffffffffffffffff, 0xb, &(0x7f0000000080)=[@ioring_restriction_register_op={0x0, 0x1d}], 0x1)

1.836631745s ago: executing program 1 (id=564):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x200, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = eventfd(0x8c66)
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f0000000240)={0x27800000000, 0x0, 0x1, r2, 0x1})
ioctl$KVM_IOEVENTFD(r1, 0x4040ae79, &(0x7f00000000c0)={0x27800000000, 0x0, 0x1, r2})

1.836438635s ago: executing program 3 (id=565):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1007f}, 0x94)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd630080fc00082c00db5b6861589bcfe8875a060300000023000000000000000000000000ac1414aa33"], 0xfdef)
write$cgroup_subtree(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="8fedcb7907001175f37538e486dd6317ce2200"/34], 0xfdef)
r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00'}, 0x90)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r0, 0x5, 0x47, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x80040000, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50)

1.485099319s ago: executing program 0 (id=568):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1}}, 0x2}}, 0x2e)
close(r0)
connect$pppl2tp(r0, 0x0, 0x0)

1.245635806s ago: executing program 0 (id=569):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000800)=@base={0x5, 0x4, 0x8, 0xf}, 0x50)
r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000500)={r1}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x11, 0x19, &(0x7f0000000300)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}, [@snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x4}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r1}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r2, r0}, 0xc)

1.232076187s ago: executing program 3 (id=570):
syz_mount_image$ocfs2(&(0x7f0000004440), &(0x7f0000000040)='./file1\x00', 0x8c0, &(0x7f0000000600)=ANY=[@ANYBLOB="61636c2c6865617274626561743d6e6f6e652c6469725f726573765f6c6576656c3d30303030303030303030303030303030303030332c726573765f6c6576656c3d30303030303030303030303030303030303030362c636f686572656e63793d66756c6c2c6c6f63616c666c6f636b732c636f686572656e63793d66756c6c2c6e6f61636c2c004c98065b85e5b137d63b2211c62c402045083da9bddc3b0d88d44ecd24ba5288d428197284f332858b83349af2c7646f1e07e91120d7f23ce20389bbc031d81d654f1ca08f61c92d90e6ea478843c1ad942c7c257f9ff5348dd038e947775991ad90f8861dada21d5fa2de7042b5e2cbbcd1ada2b568e375812eb0bc448e68eda4c70cf1d5adf566142ed45924fe72a1eb1a914faf754b9d94bf0fdc1f98c708bd89940b5ef96e328240c39559b35bc83c15c15104f3b3fe1945f0278c34e2399dadcd9776ac659afcbb239569140ab408ad87f15b353941"], 0x1, 0x442a, &(0x7f0000004480)="$eJzs3c9vVNUeAPBzb/seLQ94LY8FLzFxEkk0apqWlVoSSymUFioGhRg3w7QdoDrtkHZqXLCoOxJXJi6MC6KJu65IF27xT3DjEtckunBjQkKsmZk7be/tTDrWTivk80nonXt+z3znnjl3cTlxonJ7bik3t5QrLOTKMzeXTuc+KZeW54sh3icH3T/t6UScxP7gXDl34b3rp0P4Yfanx+vr6+uhqjs0NbTl9e+/3Z3ZemyIM3Wq7TZvba98GEI4sW1cVV0hhA++DyEKIZxN0kaTY28I4Vio512/+/mN3B6N5sGj4pn806l7a8OnJlfvr7V+71EIX5f+//qt+V9e6hr++dU96h4AAAAAAAAAAAAAAAAAgGfc+NUr194dHAoPo9C9Gm1/Xnc8ObZ6PnZ9z7zY1nifJKX/7vsGAAAAAAAAAAAAAAAAAACAf5LN5/9z0fEmz/+PJceRFvXX3+78GOmciXeujJ0fHEr2f4+25b+RJP16tiv0N9n3Pbv/+9lM/eb7v2/vZ7ca42v02xeieCB1HscDAyF8m2z8fjI6HJfKS5XXbpaXF2b3bBjPrHT867v3p6KTbOjfbvxHM+13fv///237NlXPb+zdV+y5lo5/V8ty330WtRX/c5l6+xF/di8d/+5aWu/WAiP1CaAa/y+6d47/WKb9TsX/WAghF1XHmkvNANU1TDW91XqFtHT8/1VLS02dyQfZ6vp/kon/+Uz7BzX/r2R/iGgqHf9/19J6UiU2r//+eOfr/0Km/YOIf3X8K37/25KO/6F6YneqSO2TbHf+H8+036n4X4uTcR6LUt+A1aie3ur/qyMtHf+ebfmb939xW+u/i5n6+3X/1+i3cf/XmP5fier3fzSXjn9vy3LtXv8TmXqdnv9Haus/disd/8O1tPTaua/2t934T2ba71T8a6uSnkb8N+eTPw7V07+x/mtLOv7/qSfGW0us1P7W1n/Rzuv/S5n2D2L9Vx3/StzZXp8X6fgfaVmuGv8f2/j9v5yp1/n4hzBorb9r6fgfbVmudv337Bz/qUy9Tsf/5U42DgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPAMGE2OfSGKB1LncTwwEMK55PxkOBxNF2bz06XyzMdLIYwl6blwPLpVKk8XSvm5hfJsMV8olcozIZxP8k+EnmipVK7k5wt3Lmy01RvdLhYWK9PFQiWEMJ6kvxCONtqanqvMF+6EEC5u5P03Li/euV1YyM/OLb41ODg4GCY2xtAfFT+tFBcq9d7ruSFMbtTti7YMrpZ9aWMsR6KPysuLC4VSLf3yljql8kyhtKXOVJL3ZeiPKovLCzOFSjFfKt9q9HeQRpLj2MTV969eHtqWfyOqH0f3d1gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/EUPh9/8KoTQXT+LQwi5KHkRJf9SHjwqnsk/nbq3NnxqcvX+2uNmZQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPiTHTgQAAAAAADyf22EqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqKuzSP0oDQRQH4DdjoaXHsFp2O9sVRbRwRfAEegwPo0fxEt7BIkXaFCGQzELYP7BNUn1f82B+zLwH8wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACWe3zr3l/rJiLF1fYy4vfz7/84fy71+276/sUZZuR0nl66+4e6Kf+eRvltOVq1eZ9u1l8fMVF7P4M9Ge7TwbjP0Ny+zc3X972OlKuIaEt+k3KuqmVvAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOzYgQMBAAAAACD/10aoqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqwg4cCwAAAAAI87eOom8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4FcAAAD//0OnJ0Q=")
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x60)
setxattr$incfs_metadata(&(0x7f0000000240)='./file1\x00', &(0x7f0000000280), 0x0, 0x0, 0x1)
lsetxattr$trusted_overlay_upper(&(0x7f0000000100)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000440)=ANY=[], 0x50, 0x0)
setxattr$trusted_overlay_upper(&(0x7f0000000000)='./file1\x00', &(0x7f0000000080), &(0x7f00000002c0)={0x0, 0xfb, 0x52, 0x0, 0x3, "1116985844e23ed6af6671356ca50dad", "49bd7c4869c6b0d7812d6873f9e78c5c24e49230c639fe3a28daf7fc2c9cacac8c6d867ed8c543569fe5dbb522b908d54d2d1d3f143d4ac83abad30093"}, 0x52, 0x2)

1.073910387s ago: executing program 1 (id=571):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000500)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_NEWRULE={0x48, 0x6, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_EXPRESSIONS={0x1c, 0x4, 0x0, 0x1, [{0x18, 0x1, 0x0, 0x1, @synproxy={{0xd}, @val={0x4}}}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x24044010)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r1, &(0x7f0000000380)={0x0, 0x13, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a30000000002c000000030a010200000000000000000100fffe0900010073797a30000000000900030073797a3213000000dc000000060a010400000000000000000100000508000b4000000000b4000480200001800d00010073796e70726f7879000000000c000280060001400000000034000180080001006c6f670028000280080006400000000d110002402b24292d2d2a5d24402c2d400000000006000440000700003c0001800900010068617368000000002c0002800800074000000000080003400000001608000140000000120800024000000000080004400000000020000180080001006e61740014000280080003400000000008000540000000000900010073797a30"], 0x150}}, 0x0)

992.992663ms ago: executing program 0 (id=572):
syz_mount_image$hfs(&(0x7f0000000000), &(0x7f0000000440)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x4002, &(0x7f00000003c0)={[{@dir_umask={'dir_umask', 0x3d, 0x7}}, {@codepage={'codepage', 0x3d, 'iso8859-5'}}, {@iocharset={'iocharset', 0x3d, 'maccroatian'}}]}, 0xfd, 0x343, &(0x7f0000000bc0)="$eJzs3U1rE0EcBvBndpN0Y2td20rBg0i14Km09aB4aZHiZ/AgRW1TKMYKWkFFsHoW8SYIHnvzLPoV9CJ+gXrqQTzppXpwZV42mU1msunrtuT5gel2d17+szuzmWmICyLqWVfnNtYvbsp/ogwgBHAFCABEQAnAKYxGD1dWcwsKG1sCOqdoS7OwUnNljWByGLH8rYQBex/tjyRJku+5qX6lG8/3Ox4qhrBHsCUA+szoVMejA49s12ZcO9d0u3qLdYXFFrbwCINFhkNERMUz7/+BeZcYMPP3IADGzTz8qL7/pzLzm63i4jgUGu//gf49EfL8nFCH5HpvebVeW9RLOHn1g3SV6CrL2SeS5umuQPessN+aclm1uKlYgurScr02saYKeIEZw0o2ol4XkTZE8UVbAaYAjLWvTYVjuZpXWr5+1YaybMO0J/7hTjU6F8CffuCNu7r5L13EJD6Lr2JexHiLxcb8r5QIeXLUlYpbhoqOf9JfomplrFNlWtkM/6Sq5LSpAR/fN1tZ9Z3XCKGMxUWWIlrn73Ea5+uKPxeGkP2zgm7dlL91KtcwUBJq1WDnmm4k+uvMNdJaV3WpXK9NLNyr+zr93nKu6MQrcV2M4Sc+YM6a/wcy9Tj8IzMzyoVKaXpGx/aUVErPdcxQA/iufxiSz7XMzS9HWf94idu4jMEHj5/cuVWv1+4Xv5EOlR1mP7vH8eiOaLrjnzP6p5UGkdyQZ9NbTtl/yLnxL0kS56ESDuIS6J5x6Z1uqjkkzD1vd1XIO2fLoVl/YgCzAMye9I6wk9qfNXL1NQvsKvtvebXVHneHTKM6gAGSVpU5FKKvq5FSbduznpPr6fGd3ofoyGlefYzeKDoYKoKcOwi9/rPWK5PqriNf4o1176QsySvcKnGquTbIlDekXo91t4JrFOsNqT/dyFlznbsAnG+pMUBaY9sHXbGJE4fxU8kOH2XMuneLOXzDTf79n4iIiIiIiIiIiIiIiIiIiIiIiIjoqNnutxHav06Qv5GtcbMH/+MNIiIiIiIiIiIiIiIiIiIiIiIiIiIiIqLdsZ7/C4TqiTEV1/N/Oz2pSQn1E2KivXj+b9jF83/F2jZaSUQu/wMAAP//DVRYOg==")
r0 = syz_open_dev$loop(&(0x7f0000000100), 0x6, 0x20000)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0)
ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd00000080190000000000d97f7549acbd8989001800", [0x0, 0x2000000000001]}})
open$dir(0x0, 0x103201, 0x3)

882.69267ms ago: executing program 1 (id=573):
r0 = creat(&(0x7f0000000080)='./bus\x00', 0xad)
fcntl$setstatus(r0, 0x4, 0x46100)
r1 = syz_io_uring_setup(0x70ca, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x3, 0x179}, &(0x7f0000000100)=<r2=>0x0, &(0x7f00000007c0)=<r3=>0x0, &(0x7f0000000000))
syz_io_uring_submit(r2, r3, 0x0, &(0x7f0000000000))
io_uring_enter(r1, 0x4d10, 0x2, 0x2, 0x0, 0x0)

753.859179ms ago: executing program 0 (id=574):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r0)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r2=>0x0})
sendmsg$NL80211_CMD_SET_WIPHY(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)={0x24, 0x0, 0x300, 0x70bd2a, 0x25dfdbfb, {}, [@NL80211_ATTR_WIPHY_FRAG_THRESHOLD={0x8, 0x3f, 0x7}, @NL80211_ATTR_TXQ_QUANTUM={0x8, 0x10c, 0x4}]}, 0x24}, 0x1, 0x0, 0x0, 0x24008054}, 0x4004000)
sendmsg$NL80211_CMD_SET_COALESCE(r0, &(0x7f0000000200)={0x0, 0xffffffffffffff8c, &(0x7f0000000b00)={&(0x7f0000000040)={0x28, r1, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r2}, @void}}}, 0x28}}, 0x0)

688.066323ms ago: executing program 1 (id=575):
r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0)
r1 = dup(r0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000)
r2 = socket$inet6_mptcp(0xa, 0x1, 0x106)
getsockopt$inet6_mptcp_buf(r2, 0x11c, 0x4, &(0x7f00000020c0)=""/156, &(0x7f0000000040)=0x9c)

390.248264ms ago: executing program 1 (id=576):
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f0000000000)='./bus\x00', 0x30040a9, 0x0, 0xf, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@nfs_export_on}]})
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0, 0x1)
open_by_handle_at(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="02000000fb"], 0x200000)

383.565964ms ago: executing program 0 (id=577):
r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000280)={0xc, 0x0, <r1=>0x0})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x1, r1, 0x0, 0x4, 0xfffffffffffffa72})
ioctl$IOMMU_TEST_OP_ADD_RESERVED(r0, 0x3ba0, &(0x7f0000000480)={0x48, 0x1, r1, 0x0, 0x1000, 0x2000})
ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000007c0)={0x28, 0x6, r1, 0x0, &(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1004000})

363.749135ms ago: executing program 2 (id=578):
ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f0000001080)={0x0, 0x2b, 0x1, [0x7, 0x40, 0x4, 0x1d, 0x8], [0x81, 0x80, 0xfffffffffffffffc, 0x2, 0x4, 0xfffffffffffffffb, 0x5, 0x7fffffff, 0x1, 0x1, 0x7, 0xf, 0x8000000000000001, 0xa, 0x10000000000e, 0x80, 0xfffffffffffffff8, 0x7faf, 0x938, 0x8, 0x6, 0xfffffffffffff664, 0x3, 0x80000000, 0xfb, 0x3, 0x20000000007, 0x3, 0x5, 0x400000008000008, 0x9, 0x9, 0xc, 0x6, 0xfffd, 0x4, 0xf4, 0xfffffffbfffdfffa, 0x3, 0x800000000000000, 0x5617, 0x1, 0x2, 0x5, 0x2, 0x2, 0x4000006, 0x71, 0x1, 0xfc4, 0x75, 0x40800cb14, 0x3b, 0x80000004, 0x8000000000000001, 0x40000000000756, 0x3, 0x0, 0x1246, 0x3ff, 0x4, 0x642, 0x66, 0x9, 0x1, 0x1, 0x8, 0x401, 0x1, 0x5, 0x9, 0x5, 0xfff, 0xfffffffffffffffe, 0x0, 0x400000000100001, 0xd32d, 0x8, 0x632, 0x7, 0x2, 0x8000000000000000, 0xfffffffffffffff9, 0x1, 0x5, 0x3, 0x7, 0x4, 0xd7, 0x8, 0x3, 0xb, 0x8, 0x8, 0x145, 0x5e9, 0xe51a, 0x40000000053ed, 0x2, 0x80, 0x0, 0x1, 0x402, 0x2, 0x5, 0x8000, 0x4, 0x0, 0xffff, 0x1, 0x19, 0x8, 0x2000000009, 0x4b3, 0x0, 0x34d8, 0xfff2, 0x9, 0xbf7, 0x100000000000b1, 0x8000000000000001]})
r0 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002)
ioctl$SG_SET_FORCE_PACK_ID(r0, 0x227b, &(0x7f00000001c0)=0x2001)
r1 = fcntl$dupfd(r0, 0x0, r0)
readv(r1, &(0x7f0000000080)=[{&(0x7f0000001140)=""/136, 0x3f}], 0x1)

219.751415ms ago: executing program 0 (id=579):
getpid()
r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000980)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x50)
bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000480)={r0, <r1=>0xffffffffffffffff}, 0x4)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0xc, 0x10, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000020000007b8a00fe0000000087080000000000007b8af0ff00000000bda100000000000027000000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r1, @ANYBLOB="0000000000000000b704000008000000850000004900000095"], &(0x7f0000000440)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000007c0)={r2, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000680)="76389e6a65585578f830e9000000", 0x0, 0x10001, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)

0s ago: executing program 1 (id=580):
r0 = socket$can_j1939(0x1d, 0x2, 0x7)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000000)={'vxcan1\x00', <r1=>0x0})
bind$can_j1939(r0, &(0x7f00000000c0)={0x1d, r1, 0x2, {0x1, 0xff, 0x1}}, 0x18)
connect$can_j1939(r0, &(0x7f0000000140)={0x1d, r1, 0x0, {0x1, 0xf1, 0xa8fe8ad4eea2351f}, 0x2}, 0x18)
sendmmsg(r0, &(0x7f0000003e40), 0x3fffffffffffe3d, 0xf5)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.1.79' (ED25519) to the list of known hosts.
[   72.794636][ T5757] cgroup: Unknown subsys name 'net'
[   72.906093][ T5757] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   74.610369][ T5757] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   76.637192][   T51] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   76.645971][   T51] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   76.658023][   T51] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   76.671592][   T51] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   76.679580][   T51] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   76.689730][ T5771] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   76.718266][ T5771] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   76.736052][ T5771] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   76.747724][ T5771] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   76.768827][ T5771] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   76.779109][ T5771] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   76.787631][ T5771] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   76.852927][ T5771] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   76.863481][ T5771] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   76.871541][ T5084] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   76.891436][ T5084] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   76.899498][ T5084] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   76.907085][ T5084] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   76.909553][ T5781] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   76.928727][ T5781] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   76.938173][ T5781] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   76.946805][ T5781] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   76.954973][ T5781] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   76.962848][ T5781] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   77.307257][ T5777] chnl_net:caif_netlink_parms(): no params data found
[   77.321538][ T5768] chnl_net:caif_netlink_parms(): no params data found
[   77.402294][ T5772] chnl_net:caif_netlink_parms(): no params data found
[   77.532750][ T5777] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.540485][ T5777] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.547997][ T5777] bridge_slave_0: entered allmulticast mode
[   77.554996][ T5777] bridge_slave_0: entered promiscuous mode
[   77.574129][ T5768] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.582070][ T5768] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.589473][ T5768] bridge_slave_0: entered allmulticast mode
[   77.596283][ T5768] bridge_slave_0: entered promiscuous mode
[   77.605219][ T5777] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.612587][ T5777] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.619936][ T5777] bridge_slave_1: entered allmulticast mode
[   77.626785][ T5777] bridge_slave_1: entered promiscuous mode
[   77.651204][ T5768] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.660163][ T5768] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.670643][ T5768] bridge_slave_1: entered allmulticast mode
[   77.678798][ T5768] bridge_slave_1: entered promiscuous mode
[   77.727047][ T5777] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   77.763941][ T5777] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   77.773455][ T5778] chnl_net:caif_netlink_parms(): no params data found
[   77.788702][ T5768] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   77.801348][ T5768] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   77.810798][ T5772] bridge0: port 1(bridge_slave_0) entered blocking state
[   77.818619][ T5772] bridge0: port 1(bridge_slave_0) entered disabled state
[   77.825784][ T5772] bridge_slave_0: entered allmulticast mode
[   77.832930][ T5772] bridge_slave_0: entered promiscuous mode
[   77.873738][ T5772] bridge0: port 2(bridge_slave_1) entered blocking state
[   77.881304][ T5772] bridge0: port 2(bridge_slave_1) entered disabled state
[   77.888915][ T5772] bridge_slave_1: entered allmulticast mode
[   77.895764][ T5772] bridge_slave_1: entered promiscuous mode
[   77.912778][ T5777] team0: Port device team_slave_0 added
[   77.922337][ T5777] team0: Port device team_slave_1 added
[   77.943908][ T5768] team0: Port device team_slave_0 added
[   77.995215][ T5768] team0: Port device team_slave_1 added
[   78.006797][ T5772] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   78.027114][ T5772] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   78.090998][ T5777] batman_adv: batadv0: Adding interface: batadv_slave_0
[   78.098207][ T5777] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.124453][ T5777] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   78.138261][ T5777] batman_adv: batadv0: Adding interface: batadv_slave_1
[   78.145276][ T5777] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.171251][ T5777] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   78.206073][ T5772] team0: Port device team_slave_0 added
[   78.228700][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_0
[   78.235691][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.263070][ T5768] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   78.278210][ T5768] batman_adv: batadv0: Adding interface: batadv_slave_1
[   78.285486][ T5768] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.311681][ T5768] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   78.323137][ T5778] bridge0: port 1(bridge_slave_0) entered blocking state
[   78.333803][ T5778] bridge0: port 1(bridge_slave_0) entered disabled state
[   78.341168][ T5778] bridge_slave_0: entered allmulticast mode
[   78.348491][ T5778] bridge_slave_0: entered promiscuous mode
[   78.357709][ T5772] team0: Port device team_slave_1 added
[   78.382320][ T5778] bridge0: port 2(bridge_slave_1) entered blocking state
[   78.390310][ T5778] bridge0: port 2(bridge_slave_1) entered disabled state
[   78.398409][ T5778] bridge_slave_1: entered allmulticast mode
[   78.405365][ T5778] bridge_slave_1: entered promiscuous mode
[   78.447281][ T5778] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   78.479386][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_0
[   78.486515][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.512816][ T5772] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   78.526747][ T5778] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   78.570484][ T5777] hsr_slave_0: entered promiscuous mode
[   78.577226][ T5777] hsr_slave_1: entered promiscuous mode
[   78.587688][ T5772] batman_adv: batadv0: Adding interface: batadv_slave_1
[   78.594686][ T5772] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.621098][ T5772] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   78.646939][ T5778] team0: Port device team_slave_0 added
[   78.655462][ T5778] team0: Port device team_slave_1 added
[   78.673313][ T5768] hsr_slave_0: entered promiscuous mode
[   78.680527][ T5768] hsr_slave_1: entered promiscuous mode
[   78.686596][ T5768] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   78.695011][ T5768] Cannot create hsr debugfs directory
[   78.733237][ T5778] batman_adv: batadv0: Adding interface: batadv_slave_0
[   78.738566][ T5773] Bluetooth: hci0: command tx timeout
[   78.740271][ T5778] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.771959][ T5778] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   78.807569][ T5773] Bluetooth: hci1: command tx timeout
[   78.808154][ T5778] batman_adv: batadv0: Adding interface: batadv_slave_1
[   78.820330][ T5778] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   78.846353][ T5778] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   78.943671][ T5772] hsr_slave_0: entered promiscuous mode
[   78.950514][ T5772] hsr_slave_1: entered promiscuous mode
[   78.956614][ T5772] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   78.965168][ T5772] Cannot create hsr debugfs directory
[   78.976048][ T5778] hsr_slave_0: entered promiscuous mode
[   78.983215][ T5778] hsr_slave_1: entered promiscuous mode
[   78.989342][ T5778] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   78.997074][ T5778] Cannot create hsr debugfs directory
[   79.047546][ T5773] Bluetooth: hci3: command tx timeout
[   79.053269][ T5773] Bluetooth: hci2: command tx timeout
[   79.366433][ T5768] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   79.383527][ T5768] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   79.393628][ T5768] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   79.404267][ T5768] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   79.503585][ T5777] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   79.516401][ T5777] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   79.526561][ T5777] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   79.541585][ T5777] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   79.640079][ T5768] 8021q: adding VLAN 0 to HW filter on device bond0
[   79.653130][ T5778] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   79.665033][ T5778] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   79.676118][ T5778] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   79.685728][ T5778] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   79.753321][ T5768] 8021q: adding VLAN 0 to HW filter on device team0
[   79.771946][ T5772] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   79.786159][ T5772] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   79.820300][ T5772] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   79.836678][ T2943] bridge0: port 1(bridge_slave_0) entered blocking state
[   79.844097][ T2943] bridge0: port 1(bridge_slave_0) entered forwarding state
[   79.865019][ T5772] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   79.895244][ T2943] bridge0: port 2(bridge_slave_1) entered blocking state
[   79.902470][ T2943] bridge0: port 2(bridge_slave_1) entered forwarding state
[   80.033024][ T5777] 8021q: adding VLAN 0 to HW filter on device bond0
[   80.054273][ T5778] 8021q: adding VLAN 0 to HW filter on device bond0
[   80.070417][ T5777] 8021q: adding VLAN 0 to HW filter on device team0
[   80.120875][   T35] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.128222][   T35] bridge0: port 1(bridge_slave_0) entered forwarding state
[   80.153617][   T12] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.160872][   T12] bridge0: port 2(bridge_slave_1) entered forwarding state
[   80.185205][ T5778] 8021q: adding VLAN 0 to HW filter on device team0
[   80.216718][   T12] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.223918][   T12] bridge0: port 1(bridge_slave_0) entered forwarding state
[   80.292203][ T2943] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.299450][ T2943] bridge0: port 2(bridge_slave_1) entered forwarding state
[   80.395323][ T5772] 8021q: adding VLAN 0 to HW filter on device bond0
[   80.475284][ T5772] 8021q: adding VLAN 0 to HW filter on device team0
[   80.494936][   T49] bridge0: port 1(bridge_slave_0) entered blocking state
[   80.502204][   T49] bridge0: port 1(bridge_slave_0) entered forwarding state
[   80.541422][   T49] bridge0: port 2(bridge_slave_1) entered blocking state
[   80.548706][   T49] bridge0: port 2(bridge_slave_1) entered forwarding state
[   80.581130][ T5768] 8021q: adding VLAN 0 to HW filter on device batadv0
[   80.743305][ T5768] veth0_vlan: entered promiscuous mode
[   80.774518][ T5768] veth1_vlan: entered promiscuous mode
[   80.808536][ T5773] Bluetooth: hci0: command tx timeout
[   80.881654][ T5777] 8021q: adding VLAN 0 to HW filter on device batadv0
[   80.898612][ T5773] Bluetooth: hci1: command tx timeout
[   80.926595][ T5768] veth0_macvtap: entered promiscuous mode
[   80.973897][ T5768] veth1_macvtap: entered promiscuous mode
[   81.024036][ T5777] veth0_vlan: entered promiscuous mode
[   81.043854][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_0
[   81.063329][ T5777] veth1_vlan: entered promiscuous mode
[   81.075451][ T5778] 8021q: adding VLAN 0 to HW filter on device batadv0
[   81.098851][ T5768] batman_adv: batadv0: Interface activated: batadv_slave_1
[   81.126801][ T5768] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   81.140516][ T5773] Bluetooth: hci2: command tx timeout
[   81.140560][ T5781] Bluetooth: hci3: command tx timeout
[   81.147318][ T5768] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   81.161999][ T5768] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   81.170901][ T5768] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   81.220121][ T5772] 8021q: adding VLAN 0 to HW filter on device batadv0
[   81.314552][ T5777] veth0_macvtap: entered promiscuous mode
[   81.355514][ T2943] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   81.359612][ T5777] veth1_macvtap: entered promiscuous mode
[   81.382295][ T5772] veth0_vlan: entered promiscuous mode
[   81.391235][ T2943] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   81.412922][ T5778] veth0_vlan: entered promiscuous mode
[   81.443965][ T4231] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   81.449643][ T5778] veth1_vlan: entered promiscuous mode
[   81.453592][ T4231] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   81.473140][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   81.484842][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   81.497062][ T5777] batman_adv: batadv0: Interface activated: batadv_slave_0
[   81.519610][ T5772] veth1_vlan: entered promiscuous mode
[   81.543527][ T5777] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   81.556201][ T5777] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   81.569141][ T5777] batman_adv: batadv0: Interface activated: batadv_slave_1
[   81.586637][ T5777] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   81.596075][ T5777] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   81.612140][ T5777] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   81.621310][ T5777] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   81.764642][ T5778] veth0_macvtap: entered promiscuous mode
[   81.813449][ T5778] veth1_macvtap: entered promiscuous mode
[   81.831742][ T5772] veth0_macvtap: entered promiscuous mode
[   81.861572][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   81.869659][ T5772] veth1_macvtap: entered promiscuous mode
[   81.875853][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   81.898663][ T5778] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   81.910694][ T5778] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   81.921672][ T5778] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   81.933043][ T5778] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   81.945423][ T5778] batman_adv: batadv0: Interface activated: batadv_slave_0
[   81.969427][ T5778] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   81.980246][ T5778] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   81.990806][ T5778] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   82.001526][ T5778] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.013288][ T5778] batman_adv: batadv0: Interface activated: batadv_slave_1
[   82.037809][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   82.055940][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.072272][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   82.083141][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.094173][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   82.105020][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.118256][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_0
[   82.161032][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   82.175460][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.186721][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   82.198231][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.208433][ T5772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   82.219588][ T5772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   82.232149][ T5772] batman_adv: batadv0: Interface activated: batadv_slave_1
[   82.242423][ T5778] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   82.253741][ T5778] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   82.263853][ T5778] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   82.273566][ T5778] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   82.294761][ T5772] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   82.304890][ T5772] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   82.315726][ T5772] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   82.328527][ T5772] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   82.348606][   T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   82.370169][   T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   82.647866][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   82.668888][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   82.744466][   T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   82.779501][   T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   82.846329][ T4231] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   82.874469][ T4231] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   82.897822][ T5781] Bluetooth: hci0: command tx timeout
[   82.948736][ T1208] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   82.977951][ T5781] Bluetooth: hci1: command tx timeout
[   82.990307][ T3464] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   83.011530][ T3464] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   83.199371][ T1208] usb 1-1: Using ep0 maxpacket: 8
[   83.209173][ T5781] Bluetooth: hci3: command tx timeout
[   83.210933][ T5773] Bluetooth: hci2: command tx timeout
[   83.234266][ T1208] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[   83.245875][ T1208] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[   83.263636][ T1208] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 168
[   83.295093][ T1208] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[   83.319025][ T1208] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[   83.331485][ T1208] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   83.577557][ T5809] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   83.596844][ T1208] usb 1-1: GET_CAPABILITIES returned 0
[   83.636241][ T1208] usbtmc 1-1:16.0: can't read capabilities
[   83.674799][ T5850] syz.1.6[5850]: memfd_create() called without MFD_EXEC or MFD_NOEXEC_SEAL set
[   83.705887][ T5850] loop1: detected capacity change from 0 to 64
[   83.777601][ T5809] usb 4-1: Using ep0 maxpacket: 16
[   83.787575][ T5809] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   83.827468][ T5809] usb 4-1: config 0 has no interfaces?
[   83.836250][ T5809] usb 4-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[   83.856055][ T5809] usb 4-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[   83.866171][ T5809] usb 4-1: Product: syz
[   83.876318][ T5809] usb 4-1: Manufacturer: syz
[   83.886580][ T5809] usb 4-1: SerialNumber: syz
[   83.906451][ T5809] usb 4-1: config 0 descriptor??
[   83.981546][ T5809] usb 1-1: USB disconnect, device number 2
[   84.367676][ T5808] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[   84.457810][ T5834] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[   84.550070][ T5808] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[   84.560871][ T5808] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[   84.575924][ T5808] usb 3-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=be.87
[   84.586490][ T5808] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   84.599602][ T5808] usb 3-1: config 0 descriptor??
[   84.648140][ T5834] usb 2-1: Using ep0 maxpacket: 16
[   84.675911][ T5834] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   84.698465][ T5834] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   84.721347][ T5809] usb 4-1: USB disconnect, device number 2
[   84.729682][ T5834] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17
[   84.765154][ T5834] usb 2-1: New USB device found, idVendor=05ac, idProduct=8241, bcdDevice= 0.00
[   84.789076][ T5834] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   84.831728][ T5834] usb 2-1: config 0 descriptor??
[   84.968372][ T5773] Bluetooth: hci0: command tx timeout
[   85.048689][ T5773] Bluetooth: hci1: command tx timeout
[   85.052652][ T5854] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   85.098423][ T5854] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   85.143533][  T788] usb 3-1: USB disconnect, device number 2
[   85.288031][ T5781] Bluetooth: hci2: command tx timeout
[   85.293218][ T5834] input: HID 05ac:8241 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:05AC:8241.0001/input/input5
[   85.293874][ T5773] Bluetooth: hci3: command tx timeout
[   85.453774][ T5834] appleir 0003:05AC:8241.0001: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 05ac:8241] on usb-dummy_hcd.1-1/input0
[   85.521983][ T5834] usb 2-1: USB disconnect, device number 2
[   85.696656][ T5872] fido_id[5872]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory
[   85.722689][ T5876] loop0: detected capacity change from 0 to 512
[   85.829107][ T5775] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   85.898331][ T5878] loop3: detected capacity change from 0 to 2048
[   86.255075][ T5888] syz.3.22 uses obsolete (PF_INET,SOCK_PACKET)
[   86.965592][ T5901] loop1: detected capacity change from 0 to 2048
[   87.076389][ T5901] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   87.152012][    T8] cfg80211: failed to load regulatory.db
[   87.171474][ T5901] ext4 filesystem being mounted at /5/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[   87.412088][ T5901] fs-verity: sha512 using implementation "sha512-avx2"
[   87.427406][    C1] sched: RT throttling activated
[   87.438629][   T28] audit: type=1326 audit(1775572257.536:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5902 comm="syz.2.29" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fa7b859c819 code=0x0
[   87.672201][ T5772] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   87.706189][ T5893] loop0: detected capacity change from 0 to 131072
[   87.722578][ T5893] F2FS-fs (loop0): invalid crc value
[   87.753614][ T5893] F2FS-fs (loop0): Found nat_bits in checkpoint
[   87.834853][ T5893] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[   87.878111][ T5915] loop1: detected capacity change from 0 to 256
[   87.889388][ T5915] =======================================================
[   87.889388][ T5915] WARNING: The mand mount option has been deprecated and
[   87.889388][ T5915]          and is ignored by this kernel. Remove the mand
[   87.889388][ T5915]          option from the mount to silence this warning.
[   87.889388][ T5915] =======================================================
[   88.177667][ T5915] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x9059ffb0, utbl_chksum : 0xe619d30d)
[   88.360274][ T5899] loop3: detected capacity change from 0 to 32768
[   88.417517][ T5806] psmouse serio2: Failed to reset mouse on : -5
[   88.453857][ T5899] XFS (loop3): DAX unsupported by block device. Turning off DAX.
[   88.480045][ T5899] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   88.644902][ T5899] XFS (loop3): Ending clean mount
[   88.679596][ T5899] XFS (loop3): Quotacheck needed: Please wait.
[   88.809420][ T5899] XFS (loop3): Quotacheck: Done.
[   89.123974][ T5778] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[   89.352858][ T5928] loop1: detected capacity change from 0 to 40427
[   89.370728][ T5928] F2FS-fs (loop1): Insane cp_payload (553648128 >= 504)
[   89.402490][ T5928] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[   89.425623][ T5928] F2FS-fs (loop1): invalid crc value
[   89.455047][ T5928] F2FS-fs (loop1): Found nat_bits in checkpoint
[   89.631179][ T5928] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[   89.646641][ T5928] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   89.663836][ T5933] syzkaller1: entered promiscuous mode
[   89.670404][ T5933] syzkaller1: entered allmulticast mode
[   89.803476][   T28] audit: type=1800 audit(1775572259.906:3): pid=5928 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.33" name="bus" dev="loop1" ino=10 res=0 errno=0
[   89.852911][ T5928] syz.1.33: attempt to access beyond end of device
[   89.852911][ T5928] loop1: rw=34817, sector=77832, nr_sectors = 8 limit=40427
[   89.923489][ T5941] batadv_slave_0: entered promiscuous mode
[   89.941755][ T5940] batadv_slave_0: left promiscuous mode
[   89.972265][ T5772] syz-executor: attempt to access beyond end of device
[   89.972265][ T5772] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   90.039427][ T5772] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[   90.140885][ T5946] loop0: detected capacity change from 0 to 512
[   90.461168][ T5950] loop1: detected capacity change from 0 to 764
[   90.882032][ T5960] netlink: 'syz.0.45': attribute type 11 has an invalid length.
[   90.927092][ T5962] syzkaller1: entered promiscuous mode
[   90.933010][ T5962] syzkaller1: entered allmulticast mode
[   91.444353][ T5977] process 'syz.1.52' launched './file0' with NULL argv: empty string added
[   91.731945][ T5983] loop3: detected capacity change from 0 to 4096
[   92.609487][ T5769] I/O error, dev loop3, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[   92.931428][ T5986] loop0: detected capacity change from 0 to 131072
[   92.940455][ T5806] misc userio: Buffer overflowed, userio client isn't keeping up
[   92.956798][ T5986] F2FS-fs (loop0): Wrong CP boundary, start(512) end(1536) blocks(0)
[   92.965047][ T5986] F2FS-fs (loop0): Can't find valid F2FS filesystem in 1th superblock
[   93.014265][ T5986] F2FS-fs (loop0): invalid crc value
[   93.039556][ T5986] F2FS-fs (loop0): Found nat_bits in checkpoint
[   93.093985][ T5986] F2FS-fs (loop0): Try to recover 1th superblock, ret: 0
[   93.101347][ T5986] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e4
[   93.282681][ T6003] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   93.304929][ T6003] netlink: 'syz.1.63': attribute type 1 has an invalid length.
[   94.127552][   T27] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[   94.220060][ T5806] input: PS/2 Generic Mouse as /devices/serio2/input/input6
[   94.341253][   T27] usb 2-1: New USB device found, idVendor=055f, idProduct=c420, bcdDevice=6a.33
[   94.360477][   T27] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   94.382305][   T27] usb 2-1: config 0 descriptor??
[   94.403045][   T27] gspca_main: sunplus-2.14.0 probing 055f:c420
[   94.477542][ T5806] psmouse serio2: Failed to enable mouse on 
[   95.239164][   T27] gspca_sunplus: reg_w_riv err -71
[   95.255690][   T27] sunplus: probe of 2-1:0.0 failed with error -71
[   95.277251][   T27] usb 2-1: USB disconnect, device number 3
[   95.388442][ T6038] loop0: detected capacity change from 0 to 32768
[   95.415160][ T6040] iommufd_mock iommufd_mock1: Adding to iommu group 0
[   95.501726][ T6038] syz.0.77: attempt to access beyond end of device
[   95.501726][ T6038] loop14: rw=0, sector=8, nr_sectors = 8 limit=0
[   95.567527][ T6038] lbmIODone: I/O error in JFS log
[   95.575509][ T6038] *** Log Format Error ! ***
[   95.596353][ T6038] lmLogInit: exit(-22)
[   95.611410][ T6038] lmLogOpen: exit(-22)
[   95.715839][ T6038] jfs_dirty_inode called on read-only volume
[   95.738138][ T6038] Is remount racy?
[   96.497581][  T788] psmouse serio3: Failed to reset mouse on : -5
[   96.498309][ T5834] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[   96.647517][    T8] usb 2-1: new high-speed USB device number 4 using dummy_hcd
[   96.701869][ T5834] usb 4-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[   96.711211][ T5834] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   96.721640][ T5834] usb 4-1: config 0 descriptor??
[   96.738388][ T5834] gspca_main: cpia1-2.14.0 probing 0813:0001
[   96.827656][    T8] usb 2-1: Using ep0 maxpacket: 16
[   96.835308][    T8] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   96.846596][    T8] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0
[   96.856665][    T8] usb 2-1: config 0 interface 0 has no altsetting 0
[   96.863582][    T8] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[   96.873438][    T8] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   96.885977][    T8] usb 2-1: config 0 descriptor??
[   96.979931][ T6069] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   97.153424][ T5834] cpia1 4-1:0.0: unexpected state after lo power cmd: 00
[   97.548728][ T5806] usb 2-1: USB disconnect, device number 4
[   97.757836][ T5834] gspca_cpia1: usb_control_msg 05, error -71
[   97.764111][ T5834] cpia1 4-1:0.0: unexpected systemstate: 00
[   97.777626][ T5834] usb 4-1: USB disconnect, device number 3
[   98.322746][ T6083] loop2: detected capacity change from 0 to 128
[   98.340681][ T6083] FAT-fs (loop2): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[   98.362417][ T6083] FAT-fs (loop2): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[   98.389639][   T27] usb 2-1: new high-speed USB device number 5 using dummy_hcd
[   98.600116][   T27] usb 2-1: Using ep0 maxpacket: 8
[   98.614080][   T27] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[   98.625918][   T27] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[   98.636920][   T27] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   98.654093][   T27] usb 2-1: config 0 descriptor??
[   98.892151][   T27] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[   99.036269][ T6089] loop3: detected capacity change from 0 to 32768
[   99.107556][   T27] usb 2-1: USB disconnect, device number 5
[   99.147300][ T6089] JBD2: Ignoring recovery information on journal
[   99.262094][ T6089] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[   99.487191][ T6089] (syz.3.100,6089,1):ocfs2_rename:1690 ERROR: status = -39
[   99.529923][ T6089] syz.3.100 (6089) used greatest stack depth: 18768 bytes left
[   99.583327][ T5778] ocfs2: Unmounting device (7,3) on (node local)
[   99.906605][ T6106] netlink: 'syz.3.103': attribute type 4 has an invalid length.
[   99.970969][ T6108] netlink: 16 bytes leftover after parsing attributes in process `syz.2.107'.
[  100.027653][   T27] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  100.077485][  T788] misc userio: Buffer overflowed, userio client isn't keeping up
[  100.132497][ T6112] loop2: detected capacity change from 0 to 164
[  100.149852][ T6112] Unable to read rock-ridge attributes
[  100.238784][   T27] usb 2-1: Using ep0 maxpacket: 32
[  100.254060][   T27] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  100.287474][   T27] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  100.317509][   T27] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00
[  100.338856][   T27] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  100.364216][   T27] usb 2-1: config 0 descriptor??
[  100.392110][ T6118] input: syz1 as /devices/virtual/input/input8
[  100.679106][    T8] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  100.874742][    T8] usb 3-1: config 220 has an invalid interface number: 76 but max is 2
[  100.883187][    T8] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config
[  100.902863][    T8] usb 3-1: config 220 has no interface number 2
[  100.912203][    T8] usb 3-1: config 220 interface 1 altsetting 5 bulk endpoint 0x82 has invalid maxpacket 56
[  100.929406][    T8] usb 3-1: config 220 interface 1 altsetting 5 endpoint 0x3 has invalid maxpacket 16384, setting to 64
[  100.944724][    T8] usb 3-1: config 220 interface 1 altsetting 5 has 2 endpoint descriptors, different from the interface descriptor's value: 12
[  100.964700][    T8] usb 3-1: config 220 interface 0 has no altsetting 0
[  100.972238][    T8] usb 3-1: config 220 interface 76 has no altsetting 0
[  100.984394][    T8] usb 3-1: config 220 interface 1 has no altsetting 0
[  100.995977][    T8] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9
[  101.012141][    T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  101.023102][    T8] usb 3-1: Product: syz
[  101.032579][    T8] usb 3-1: Manufacturer: syz
[  101.039028][    T8] usb 3-1: SerialNumber: syz
[  101.314979][    T8] usb 3-1: selecting invalid altsetting 0
[  101.332255][    T8] usb 3-1: Found UVC 7.01 device syz (8086:0b07)
[  101.345497][    T8] usb 3-1: No valid video chain found.
[  101.383003][    T8] usb 3-1: selecting invalid altsetting 0
[  101.394263][    T8] usbtest: probe of 3-1:220.1 failed with error -22
[  101.415267][    T8] usb 3-1: USB disconnect, device number 3
[  101.501850][   T27] savu 0003:1E7D:2D5A.0003: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.1-1/input0
[  102.481309][   T27] usb 2-1: USB disconnect, device number 6
[  102.600184][ T6122] loop3: detected capacity change from 0 to 262144
[  102.626361][ T6122] BTRFS: device fsid 7e32c2af-f87a-45a1-bcba-64dea7c56a53 devid 1 transid 8 /dev/loop3 scanned by syz.3.114 (6122)
[  102.663788][ T6122] BTRFS info (device loop3): first mount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  102.674515][ T6122] BTRFS info (device loop3): using xxhash64 (xxhash64-generic) checksum algorithm
[  102.684108][ T6122] BTRFS info (device loop3): using free space tree
[  102.714704][ T6132] loop2: detected capacity change from 0 to 512
[  102.730026][ T6132] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  102.746103][ T6132] EXT4-fs (loop2): encrypted files will use data=ordered instead of data journaling mode
[  102.788991][ T6132] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a00ec019, mo2=0002]
[  102.798104][ T6132] System zones: 1-12
[  102.840283][ T6132] EXT4-fs (loop2): 1 truncate cleaned up
[  102.847549][ T6122] BTRFS info (device loop3): enabling ssd optimizations
[  102.890063][ T6132] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  102.910488][  T788] input: PS/2 Generic Mouse as /devices/serio3/input/input7
[  103.010303][ T5778] BTRFS info (device loop3): last unmount of filesystem 7e32c2af-f87a-45a1-bcba-64dea7c56a53
[  103.051193][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  103.171681][  T788] psmouse serio3: Failed to enable mouse on 
[  104.057650][    T8] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  104.082516][ T6152] syz.2.120: attempt to access beyond end of device
[  104.082516][ T6152] loop5: rw=2048, sector=0, nr_sectors = 8 limit=0
[  104.132568][ T6152] SQUASHFS error: Failed to read block 0x0: -5
[  104.250676][    T8] usb 1-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0
[  104.271580][    T8] usb 1-1: config 0 interface 0 has no altsetting 0
[  104.301907][    T8] usb 1-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b
[  104.328041][    T8] usb 1-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2
[  104.356728][    T8] usb 1-1: Product: syz
[  104.366870][    T8] usb 1-1: Manufacturer: syz
[  104.376991][    T8] usb 1-1: SerialNumber: syz
[  104.390088][    T8] usb 1-1: config 0 descriptor??
[  104.423262][    T8] usb 1-1: selecting invalid altsetting 0
[  104.866673][ T5834] usb 1-1: USB disconnect, device number 3
[  105.306724][ T6164] loop1: detected capacity change from 0 to 32768
[  105.363667][ T6164] XFS (loop1): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  105.521897][ T6164] XFS (loop1): Ending clean mount
[  105.549596][ T6164] XFS (loop1): Quotacheck needed: Please wait.
[  105.673028][ T6164] XFS (loop1): Quotacheck: Done.
[  105.959293][ T5772] XFS (loop1): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  105.978487][ T6183] loop2: detected capacity change from 0 to 512
[  106.037336][ T6183] EXT4-fs error (device loop2): ext4_orphan_get:1404: inode #15: comm syz.2.128: inode has both inline data and extents flags
[  106.092995][ T6183] EXT4-fs error (device loop2): ext4_orphan_get:1409: comm syz.2.128: couldn't read orphan inode 15 (err -117)
[  106.147026][ T6183] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  106.182791][ T6187] loop0: detected capacity change from 0 to 256
[  106.275009][ T6187] exFAT-fs (loop0): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d)
[  106.302523][ T6169] loop3: detected capacity change from 0 to 32768
[  106.343227][ T6187] exFAT-fs (loop0): error, tried to truncate zeroed cluster.
[  106.352334][ T6169] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop3 scanned by syz.3.125 (6169)
[  106.387076][ T6187] exFAT-fs (loop0): Filesystem has been set read-only
[  106.488622][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  106.505660][ T6169] BTRFS info (device loop3): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  106.545642][ T6169] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  106.609957][ T6169] BTRFS info (device loop3): using free space tree
[  106.771392][ T6169] BTRFS info (device loop3): enabling ssd optimizations
[  106.803727][ T6169] BTRFS info (device loop3): auto enabling async discard
[  106.917560][ T5834] psmouse serio4: Failed to reset mouse on : -5
[  107.133934][ T5778] BTRFS info (device loop3): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  107.281930][ T5769] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 10 /dev/loop3 scanned by udevd (5769)
[  107.697693][ T5806] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  107.896262][ T6227] overlayfs: failed to clone lowerpath
[  107.907562][ T5806] usb 4-1: Using ep0 maxpacket: 16
[  107.920708][ T5806] usb 4-1: config 1 has an invalid descriptor of length 251, skipping remainder of the config
[  107.939615][ T6227] overlayfs: failed to clone lowerpath
[  107.947842][ T5806] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  107.966973][ T6227] overlayfs: failed to clone lowerpath
[  107.975173][ T5806] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  107.986266][ T5806] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  108.007713][ T5806] usb 4-1: Product: syz
[  108.011976][ T5806] usb 4-1: Manufacturer: syz
[  108.027846][ T5806] usb 4-1: SerialNumber: syz
[  108.142523][  T787] IPVS: starting estimator thread 0...
[  108.237643][ T6235] IPVS: using max 17 ests per chain, 40800 per kthread
[  108.244365][ T5806] usb 4-1: 0:2 : does not exist
[  108.271298][ T5806] usb 4-1: 5:0: failed to get current value for ch 0 (-22)
[  108.313887][ T5806] usb 4-1: USB disconnect, device number 4
[  108.374340][ T5769] udevd[5769]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  108.444779][ T6240] loop2: detected capacity change from 0 to 8192
[  108.457228][ T6240] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  108.471698][ T6240] REISERFS (device loop2): found reiserfs format "3.6" with non-standard journal
[  108.482409][ T6240] REISERFS (device loop2): using ordered data mode
[  108.489144][ T6240] reiserfs: using flush barriers
[  108.503231][ T6240] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 7, max trans age 7
[  108.521041][ T6240] REISERFS (device loop2): checking transaction log (loop2)
[  108.540877][ T6240] REISERFS (device loop2): Using r5 hash to sort names
[  108.552761][ T6240] REISERFS warning (device loop2): vs-13060 reiserfs_update_sd_size: stat data of object [1 2 0x0 SD] (nlink == 1) not found (pos 2)
[  108.568795][ T6240] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  108.931375][ T6248] input: syz0 as /devices/virtual/input/input10
[  110.237222][ T6285] netlink: 8 bytes leftover after parsing attributes in process `syz.3.164'.
[  110.247561][ T6285] netlink: 'syz.3.164': attribute type 29 has an invalid length.
[  110.255327][ T6285] netlink: 4 bytes leftover after parsing attributes in process `syz.3.164'.
[  110.448606][ T6283] loop2: detected capacity change from 0 to 32768
[  110.461301][ T6283] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 scanned by syz.2.163 (6283)
[  110.497595][ T6283] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  110.530005][ T6283] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  110.538452][ T5834] misc userio: Buffer overflowed, userio client isn't keeping up
[  110.543789][ T6283] BTRFS info (device loop2): enabling auto defrag
[  110.556173][ T6283] BTRFS info (device loop2): use no compression
[  110.565390][ T6283] BTRFS info (device loop2): force clearing of disk cache
[  110.579732][ T6283] BTRFS info (device loop2): max_inline at 4096
[  110.586323][ T6283] BTRFS info (device loop2): disabling free space tree
[  110.697570][ T6283] BTRFS info (device loop2): enabling ssd optimizations
[  110.704581][ T6283] BTRFS info (device loop2): auto enabling async discard
[  110.738811][ T6283] BTRFS info (device loop2): rebuilding free space tree
[  110.753560][ T6307] capability: warning: `syz.0.167' uses 32-bit capabilities (legacy support in use)
[  110.813805][ T6283] BTRFS info (device loop2): disabling free space tree
[  110.823366][ T6283] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  110.856753][ T6283] BTRFS info (device loop2): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  111.032744][ T5768] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  111.806744][ T5834] input: PS/2 Generic Mouse as /devices/serio4/input/input9
[  112.067061][ T5834] psmouse serio4: Failed to enable mouse on 
[  112.745285][ T6349] loop1: detected capacity change from 0 to 512
[  113.054241][ T6340] loop2: detected capacity change from 0 to 32768
[  113.101829][ T6340] XFS (loop2): Mounting V5 Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  113.243843][ T6340] XFS (loop2): Ending clean mount
[  113.385898][ T6368] warning: `syz.3.186' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  113.595582][ T5768] XFS (loop2): Unmounting Filesystem 986211a9-7d00-4ebf-a576-e3de63fa2cbd
[  114.171046][ T6355] loop1: detected capacity change from 0 to 32768
[  114.239262][ T6355] XFS (loop1): Mounting V5 Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  114.330971][ T6355] XFS (loop1): Ending clean mount
[  114.428747][ T6398] netlink: 'syz.0.193': attribute type 2 has an invalid length.
[  114.478636][ T6400] netlink: 4 bytes leftover after parsing attributes in process `syz.2.194'.
[  114.489677][ T5772] XFS (loop1): Unmounting Filesystem d7dc424e-7990-42cb-9f91-9cb7200a101d
[  114.922574][ T6411] loop3: detected capacity change from 0 to 256
[  114.939360][ T6411] exfat: Deprecated parameter 'namecase'
[  114.945116][ T6411] exfat: Deprecated parameter 'utf8'
[  114.976832][ T6411] exfat: Deprecated parameter 'namecase'
[  115.062471][ T6411] exFAT-fs (loop3): failed to load upcase table (idx : 0x0001fe89, chksum : 0xbf24f927, utbl_chksum : 0xe619d30d)
[  115.635024][ T6435] loop3: detected capacity change from 0 to 128
[  115.774024][ T6442] loop1: detected capacity change from 0 to 64
[  116.006185][ T6448] loop2: detected capacity change from 0 to 512
[  116.079458][ T6448] FAT-fs (loop2): unable to read block(16384) for building NFS inode
[  116.345820][ T6456] overlayfs: failed to decode file handle (len=0, type=251, flags=0, err=-22)
[  116.501941][ T6461] overlayfs: "xino=on" is useless with all layers on same fs, ignore.
[  116.901449][ T6451] loop1: detected capacity change from 0 to 32768
[  116.938882][ T6451] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop1 scanned by syz.1.213 (6451)
[  117.004445][ T6451] BTRFS info (device loop1): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  117.046717][ T6451] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  117.072332][ T6451] BTRFS info (device loop1): enabling disk space caching
[  117.087648][ T6451] BTRFS info (device loop1): force clearing of disk cache
[  117.100196][ T6476] netlink: 36 bytes leftover after parsing attributes in process `syz.2.224'.
[  117.111974][ T6451] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  117.125707][ T6476] netlink: 45 bytes leftover after parsing attributes in process `syz.2.224'.
[  117.134989][ T6451] BTRFS info (device loop1): use zstd compression, level 3
[  117.146348][ T6451] BTRFS info (device loop1): disk space caching is enabled
[  117.278292][ T6451] BTRFS info (device loop1): enabling ssd optimizations
[  117.303060][ T6451] BTRFS info (device loop1): auto enabling async discard
[  117.338270][ T6451] BTRFS info (device loop1): rebuilding free space tree
[  117.364894][ T6451] BTRFS info (device loop1): disabling free space tree
[  117.368021][    T8] usb 4-1: new high-speed USB device number 5 using dummy_hcd
[  117.383518][ T6451] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  117.397731][ T6451] BTRFS info (device loop1): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  117.588370][    T8] usb 4-1: Using ep0 maxpacket: 16
[  117.641920][    T8] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  117.671122][    T8] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  117.700826][    T8] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  117.731098][    T8] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  117.738593][ T6509] netlink: 256 bytes leftover after parsing attributes in process `syz.2.229'.
[  117.754880][    T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  117.767674][ T5773] Bluetooth: hci0: command tx timeout
[  117.789935][    T8] usb 4-1: Product: syz
[  117.805826][ T5772] BTRFS info (device loop1): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  117.821246][    T8] usb 4-1: Manufacturer: syz
[  117.825913][    T8] usb 4-1: SerialNumber: syz
[  118.195076][ T6520] netlink: 7 bytes leftover after parsing attributes in process `syz.1.230'.
[  118.218957][ T6520] netlink: 16 bytes leftover after parsing attributes in process `syz.1.230'.
[  118.240244][ T6520] netlink: 16 bytes leftover after parsing attributes in process `syz.1.230'.
[  118.295658][    T8] usb 4-1: 0:2 : does not exist
[  118.369067][ T5809] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  118.647860][ T5809] usb 3-1: Using ep0 maxpacket: 8
[  118.692900][ T5809] usb 3-1: config 179 has an invalid interface number: 65 but max is 0
[  118.767773][ T5809] usb 3-1: config 179 has no interface number 0
[  118.865659][ T5809] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  118.948863][ T5809] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  119.015327][ T5809] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  119.034998][    T8] usb 4-1: USB disconnect, device number 5
[  119.041835][ T5809] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  119.055291][ T5809] usb 3-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  119.075149][ T5809] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  119.102405][ T5809] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  119.131945][ T6516] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22
[  119.503329][    T8] input: Generic X-Box pad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:179.65/input/input11
[  119.550187][ T6576] af_packet: tpacket_rcv: packet too big, clamped from 1 to 4294967272. macoff=96
[  119.751863][ T6516] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  119.770064][ T6516] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  120.247257][  T787] usb 3-1: USB disconnect, device number 4
[  120.247330][    C0] xpad 3-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  120.247433][    C0] xpad 3-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  120.725615][ T6602] loop3: detected capacity change from 0 to 512
[  120.757113][ T6602] EXT4-fs (loop3): Test dummy encryption mode enabled
[  120.779676][ T6602] EXT4-fs (loop3): encrypted files will use data=ordered instead of data journaling mode
[  120.798014][ T6602] EXT4-fs error (device loop3): ext4_orphan_get:1430: comm syz.3.246: bad orphan inode 131083
[  120.816785][ T6602] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  121.037188][ T6602] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni"
[  121.296912][ T6602] fscrypt: AES-256-XTS using implementation "xts-aes-aesni"
[  121.427529][ T5778] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  121.559352][ T6613] loop2: detected capacity change from 0 to 32768
[  121.628824][ T6613] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  121.695928][ T6613] (syz.2.249,6613,1):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: directory entry overrun - offset=0, inode=65, rec_len=16, name_len=1
[  121.756104][ T6613] (syz.2.249,6613,0):ocfs2_check_dir_entry:325 ERROR: bad entry in directory #65: directory entry overrun - offset=0, inode=65, rec_len=16, name_len=1
[  121.997915][ T5768] ocfs2: Unmounting device (7,2) on (node local)
[  122.361498][ T6620] loop3: detected capacity change from 0 to 32768
[  122.449302][   T28] audit: type=1800 audit(1775572292.556:4): pid=6620 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.250" name="file1" dev="loop3" ino=4 res=0 errno=0
[  122.511928][ T6638] netlink: 20 bytes leftover after parsing attributes in process `syz.0.259'.
[  123.351207][ T6666] loop3: detected capacity change from 0 to 128
[  123.428935][ T6666] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  123.482376][ T6666] hpfs: filesystem error: improperly stopped
[  123.503495][ T6666] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  123.517817][ T6666] hpfs: You really don't want any checks? You are crazy...
[  123.526322][ T6666] hpfs: hpfs_map_sector(): read error
[  123.537501][ T6666] hpfs: code page support is disabled
[  123.551905][ T6666] hpfs: hpfs_map_4sectors(): unaligned read
[  123.568185][ T6666] hpfs: hpfs_map_4sectors(): unaligned read
[  123.577770][ T6666] hpfs: filesystem error: unable to find root dir
[  123.630410][ T6666] hpfs: hpfs_map_4sectors(): unaligned read
[  124.272240][ T6691] GUP no longer grows the stack in syz.3.278 (6691): 200000004000-20000000a000 (200000002000)
[  124.327897][ T6691] CPU: 0 PID: 6691 Comm: syz.3.278 Not tainted syzkaller #0
[  124.335271][ T6691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  124.345446][ T6691] Call Trace:
[  124.348753][ T6691]  <TASK>
[  124.351715][ T6691]  dump_stack_lvl+0x18c/0x250
[  124.356549][ T6691]  ? show_regs_print_info+0x20/0x20
[  124.361878][ T6691]  ? load_image+0x420/0x420
[  124.366425][ T6691]  ? find_vma+0x134/0x1b0
[  124.370808][ T6691]  __get_user_pages+0xf0e/0x1380
[  124.375897][ T6691]  ? populate_vma_page_range+0x380/0x380
[  124.382708][ T6691]  get_user_pages_remote+0x3ea/0xbd0
[  124.388299][ T6691]  ? __might_sleep+0xe0/0xe0
[  124.392968][ T6691]  ? get_dump_page+0x200/0x200
[  124.397790][ T6691]  __access_remote_vm+0x1fd/0x570
[  124.402855][ T6691]  ? generic_access_phys+0x650/0x650
[  124.408266][ T6691]  ? alloc_pages+0x4dc/0x740
[  124.412901][ T6691]  ? do_raw_spin_unlock+0x121/0x230
[  124.418142][ T6691]  proc_pid_cmdline_read+0x453/0x840
[  124.423565][ T6691]  ? comm_show+0x150/0x150
[  124.428021][ T6691]  ? common_file_perm+0xb0/0x1f0
[  124.433183][ T6691]  ? fsnotify_perm+0x271/0x5e0
[  124.437997][ T6691]  do_iter_read+0x4fa/0xc90
[  124.442639][ T6691]  ? comm_show+0x150/0x150
[  124.447091][ T6691]  ? vfs_iter_read+0xa0/0xa0
[  124.451822][ T6691]  ? __import_iovec+0x5f2/0x850
[  124.456744][ T6691]  ? import_iovec+0x73/0xa0
[  124.461379][ T6691]  do_preadv+0x236/0x390
[  124.465761][ T6691]  ? do_writev+0x480/0x480
[  124.470255][ T6691]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  124.476374][ T6691]  ? lock_chain_count+0x20/0x20
[  124.481361][ T6691]  ? lockdep_hardirqs_on+0x98/0x150
[  124.486691][ T6691]  do_syscall_64+0x55/0xa0
[  124.491164][ T6691]  ? clear_bhb_loop+0x40/0x90
[  124.495876][ T6691]  ? clear_bhb_loop+0x40/0x90
[  124.500593][ T6691]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  124.506563][ T6691] RIP: 0033:0x7f3ba8b9c819
[  124.511028][ T6691] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  124.530785][ T6691] RSP: 002b:00007f3ba6df6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000127
[  124.539363][ T6691] RAX: ffffffffffffffda RBX: 00007f3ba8e15fa0 RCX: 00007f3ba8b9c819
[  124.547380][ T6691] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000003
[  124.555474][ T6691] RBP: 00007f3ba8c32c91 R08: 00000000fffffff9 R09: 0000000000000000
[  124.563477][ T6691] R10: 0000000000000016 R11: 0000000000000246 R12: 0000000000000000
[  124.571517][ T6691] R13: 00007f3ba8e16038 R14: 00007f3ba8e15fa0 R15: 00007ffe6bd92558
[  124.579626][ T6691]  </TASK>
[  125.268760][ T6696] loop2: detected capacity change from 0 to 8192
[  125.331744][ T6696] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  125.418761][ T6696] REISERFS (device loop2): found reiserfs format "3.5" with non-standard journal
[  125.462342][ T6696] REISERFS (device loop2): using ordered data mode
[  125.495366][ T6696] reiserfs: using flush barriers
[  125.533778][ T6696] REISERFS (device loop2): journal params: device loop2, size 512, journal first block 18, max trans len 256, max batch 225, max commit age 30, max trans age 30
[  125.606667][ T6696] REISERFS (device loop2): checking transaction log (loop2)
[  125.671729][ T6696] REISERFS (device loop2): Using r5 hash to sort names
[  125.700443][ T6696] REISERFS (device loop2): Created .reiserfs_priv - reserved for xattr storage.
[  126.575214][ T6688] loop1: detected capacity change from 0 to 262144
[  126.591676][ T6688] F2FS-fs (loop1): invalid crc value
[  126.610579][ T6688] F2FS-fs (loop1): Found nat_bits in checkpoint
[  126.668572][ T6688] F2FS-fs (loop1): Start checkpoint disabled!
[  126.680695][ T6708] overlayfs: failed to clone upperpath
[  126.686417][ T6688] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  126.707654][ T5809] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  126.911159][ T5809] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  126.928754][ T5809] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2
[  126.968677][ T5809] usb 3-1: config 1 has no interface number 0
[  126.981371][ T6716] team0: Port device syz_tun added
[  126.990986][ T5809] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  127.037513][ T5809] usb 3-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping
[  127.065148][ T5809] usb 3-1: too many endpoints for config 1 interface 1 altsetting 1: 247, using maximum allowed: 30
[  127.085595][ T5809] usb 3-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 247
[  127.109236][ T5809] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  127.120917][ T6716] team0: Port device syz_tun removed
[  127.127880][ T5809] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  127.136504][ T5809] usb 3-1: Product: syz
[  127.145713][ T6716] bridge_slave_0: left allmulticast mode
[  127.153165][ T5809] usb 3-1: Manufacturer: syz
[  127.165669][ T5809] usb 3-1: SerialNumber: syz
[  127.178267][ T6716] bridge_slave_0: left promiscuous mode
[  127.199479][ T6716] bridge0: port 1(bridge_slave_0) entered disabled state
[  127.229916][ T6716] bridge_slave_1: left allmulticast mode
[  127.238268][ T6716] bridge_slave_1: left promiscuous mode
[  127.244692][ T6716] bridge0: port 2(bridge_slave_1) entered disabled state
[  127.270454][ T6716] bond0: (slave bond_slave_0): Releasing backup interface
[  127.302027][ T6716] bond0: (slave bond_slave_1): Releasing backup interface
[  127.366955][ T6716] team0: Port device team_slave_0 removed
[  127.414582][ T6716] team0: Port device team_slave_1 removed
[  127.431163][ T6716] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  127.444415][ T6716] batman_adv: batadv0: Removing interface: batadv_slave_0
[  127.456565][ T6716] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  127.465309][ T6716] batman_adv: batadv0: Removing interface: batadv_slave_1
[  127.605003][ T6718] 8021q: adding VLAN 0 to HW filter on device bond1
[  128.208526][ T5809] cdc_ncm 3-1:1.1: bind() failure
[  128.240057][ T5809] usb 3-1: USB disconnect, device number 5
[  128.869340][ T6742] netlink: 24 bytes leftover after parsing attributes in process `syz.2.299'.
[  129.436324][ T6738] loop1: detected capacity change from 0 to 32768
[  129.452500][ T6750] loop2: detected capacity change from 0 to 512
[  129.478804][ T6750] EXT4-fs: Ignoring removed bh option
[  129.508734][ T6750] EXT4-fs (loop2): warning: mounting unchecked fs, running e2fsck is recommended
[  129.577820][ T6750] EXT4-fs (loop2): 1 truncate cleaned up
[  129.585257][ T6750] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  129.595730][   T28] audit: type=1800 audit(1775572299.686:5): pid=6738 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.287" name="file1" dev="loop1" ino=4 res=0 errno=0
[  129.656254][ T6750] EXT4-fs error (device loop2): ext4_validate_block_bitmap:439: comm syz.2.302: bg 0: block 465: padding at end of block bitmap is not set
[  129.715020][ T6750] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 131075 with max blocks 1 with error 28
[  129.767584][ T6750] EXT4-fs (loop2): This should not happen!! Data will be lost
[  129.767584][ T6750] 
[  129.799173][ T6750] EXT4-fs (loop2): Total free blocks count 0
[  129.816947][ T6746] loop3: detected capacity change from 0 to 32768
[  129.824794][ T6750] EXT4-fs (loop2): Free/Dirty block details
[  129.833867][ T6746] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 scanned by syz.3.300 (6746)
[  129.867680][ T6750] EXT4-fs (loop2): free_blocks=0
[  129.882175][ T6750] EXT4-fs (loop2): dirty_blocks=2
[  129.919027][ T6750] EXT4-fs (loop2): Block reservation details
[  129.933601][ T6746] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  129.944775][ T6750] EXT4-fs (loop2): i_reserved_data_blocks=2
[  129.959749][ T6746] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  130.012613][ T6746] BTRFS info (device loop3): setting nodatasum
[  130.039398][ T6746] BTRFS info (device loop3): force zlib compression, level 3
[  130.067565][ T6746] BTRFS info (device loop3): setting incompat feature flag for COMPRESS_LZO (0x8)
[  130.091190][ T6746] BTRFS info (device loop3): use lzo compression, level 0
[  130.102969][ T4231] EXT4-fs (loop2): Delayed block allocation failed for inode 15 at logical offset 0 with max blocks 1 with error 28
[  130.110157][ T6746] BTRFS info (device loop3): turning on flush-on-commit
[  130.148020][ T6746] BTRFS info (device loop3): enabling auto defrag
[  130.168119][ T6746] BTRFS info (device loop3): max_inline at 4096
[  130.187693][ T6746] BTRFS info (device loop3): using free space tree
[  130.377493][ T6746] BTRFS info (device loop3): enabling ssd optimizations
[  130.428655][ T6783] netlink: 56 bytes leftover after parsing attributes in process `syz.0.309'.
[  130.558248][ T5778] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  130.988125][ T6792] netlink: 20 bytes leftover after parsing attributes in process `syz.1.308'.
[  131.008279][ T6792] 8021q: VLANs not supported on ip_vti0
[  132.693808][ T6834] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[  132.822779][ T6832] loop1: detected capacity change from 0 to 40427
[  132.850664][ T6832] F2FS-fs (loop1): invalid crc value
[  132.865205][ T6832] F2FS-fs (loop1): Found nat_bits in checkpoint
[  132.961259][ T6832] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  133.181878][ T5772] syz-executor: attempt to access beyond end of device
[  133.181878][ T5772] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  133.220182][ T1290] ieee802154 phy0 wpan0: encryption failed: -22
[  133.227041][ T1290] ieee802154 phy1 wpan1: encryption failed: -22
[  133.245173][ T5772] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[  133.283311][ T6849] loop2: detected capacity change from 0 to 1024
[  133.426936][ T6849] hfsplus: found bad thread record in catalog
[  133.445626][ T6849] hfsplus: found bad thread record in catalog
[  133.470631][   T28] audit: type=1800 audit(1775572303.576:6): pid=6849 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.338" name="file2" dev="loop2" ino=3 res=0 errno=0
[  133.543504][ T6853] netlink: 4 bytes leftover after parsing attributes in process `syz.3.341'.
[  133.563450][ T6853] hsr_slave_0: left promiscuous mode
[  133.576877][ T6853] hsr_slave_1: left promiscuous mode
[  133.589570][ T4231] hfsplus: found bad thread record in catalog
[  133.596339][ T4231] hfsplus: found bad thread record in catalog
[  133.605721][ T4231] hfsplus: b-tree write err: -5, ino 3
[  134.297897][ T5831] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  134.490740][ T5831] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  134.506803][ T5831] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[  134.523651][ T5831] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  134.543579][ T5831] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  134.565885][ T6863] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  134.600934][ T5831] usb 2-1: Quirk or no altest; falling back to MIDI 1.0
[  134.895762][ T5831] usb 2-1: USB disconnect, device number 7
[  135.417064][ T6877] loop2: detected capacity change from 0 to 40427
[  135.471724][ T6877] F2FS-fs (loop2): Invalid SB checksum offset: 0
[  135.488857][ T6877] F2FS-fs (loop2): Can't find valid F2FS filesystem in 2th superblock
[  135.508970][ T6877] F2FS-fs (loop2): invalid crc value
[  135.744768][ T6877] F2FS-fs (loop2): Try to recover 2th superblock, ret: 0
[  135.771308][ T6877] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  135.856874][   T28] audit: type=1800 audit(1775572305.956:7): pid=6877 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.352" name="file1" dev="loop2" ino=10 res=0 errno=0
[  135.979404][ T5768] syz-executor: attempt to access beyond end of device
[  135.979404][ T5768] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  135.998820][ T5768] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  136.295248][ T6898] loop2: detected capacity change from 0 to 2048
[  136.308419][ T6898] EXT4-fs: Ignoring removed i_version option
[  136.327951][  T787] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  136.354533][ T6898] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  136.369864][ T6898] ext4 filesystem being mounted at /97/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  136.395677][ T6898] EXT4-fs (loop2): shut down requested (0)
[  136.441394][ T5768] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  136.523273][  T787] usb 2-1: Using ep0 maxpacket: 32
[  136.552005][  T787] usb 2-1: config index 0 descriptor too short (expected 156, got 27)
[  136.566686][  T787] usb 2-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30
[  136.592969][  T787] usb 2-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 7
[  136.620870][  T787] usb 2-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144
[  136.637179][  T787] usb 2-1: config 0 interface 0 has no altsetting 0
[  136.693825][  T787] usb 2-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66
[  136.714133][  T787] usb 2-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172
[  136.727217][  T787] usb 2-1: Product: syz
[  136.737215][  T787] usb 2-1: Manufacturer: syz
[  136.751259][  T787] usb 2-1: SerialNumber: syz
[  136.772977][  T787] usb 2-1: config 0 descriptor??
[  136.800082][  T787] ldusb 2-1:0.0: Interrupt out endpoint not found (using control endpoint instead)
[  136.856861][  T787] ldusb 2-1:0.0: LD USB Device #0 now attached to major 180 minor 0
[  136.890467][ T6910] Illegal XDP return value 4291358720 on prog  (id 22) dev N/A, expect packet loss!
[  137.275207][  T787] usb 2-1: USB disconnect, device number 8
[  137.281568][    C0] ldusb 2-1:0.0: usb_submit_urb failed (-19)
[  137.309581][ T6896] ldusb 2-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71
[  137.364420][  T787] ldusb 2-1:0.0: LD USB Device #0 now disconnected
[  137.525480][ T6916] loop3: detected capacity change from 0 to 2048
[  137.618653][ T6916] UDF-fs: error (device loop3): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  137.683430][ T6916] UDF-fs: warning (device loop3): udf_load_vrs: No anchor found
[  137.727690][ T6916] UDF-fs: Scanning with blocksize 512 failed
[  137.774440][ T6916] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  138.397479][ T5773] Bluetooth: hci3: link tx timeout
[  138.406223][ T5773] Bluetooth: hci3: killing stalled connection 11:aa:aa:aa:aa:aa
[  138.420553][ T6920] syzkaller1: entered promiscuous mode
[  138.446498][ T6920] syzkaller1: entered allmulticast mode
[  138.738371][ T6918] loop2: detected capacity change from 0 to 32768
[  138.765527][ T6918] (syz.2.367,6918,0):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  138.790451][ T6918] (syz.2.367,6918,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  138.846181][ T6918] JBD2: Ignoring recovery information on journal
[  139.028630][ T6918] ocfs2: Mounting device (7,2) on (node local, slot 0) with ordered data mode.
[  139.538918][ T5768] ocfs2: Unmounting device (7,2) on (node local)
[  140.490587][ T5773] Bluetooth: hci3: command 0x0406 tx timeout
[  141.317502][    T8] usb 4-1: new high-speed USB device number 6 using dummy_hcd
[  141.509466][    T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0
[  141.528901][    T8] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0
[  141.547572][    T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0
[  141.588739][    T8] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0
[  141.607606][    T8] usb 4-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b
[  141.632505][ T6970] loop2: detected capacity change from 0 to 40427
[  141.639155][    T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  141.646891][    T8] usb 4-1: config 0 descriptor??
[  141.688159][ T6970] F2FS-fs (loop2): Invalid log_blocksize (268), supports only 12
[  141.716642][ T6970] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  141.747293][ T6970] F2FS-fs (loop2): invalid crc value
[  141.765243][ T6970] F2FS-fs (loop2): Found nat_bits in checkpoint
[  141.876647][    T8] hdpvr 4-1:0.0: firmware version 0x8 dated 5
[  141.970386][ T6970] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  141.987721][ T6970] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  142.341224][    T8] hdpvr 4-1:0.0: Could not setup controls
[  142.382865][    T8] hdpvr 4-1:0.0: registering videodev failed
[  142.434108][    T8] hdpvr: probe of 4-1:0.0 failed with error -71
[  142.507939][    T8] usb 4-1: USB disconnect, device number 6
[  143.053675][ T7000] loop2: detected capacity change from 0 to 2048
[  143.103816][ T7000] UDF-fs: error (device loop2): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  143.138939][ T7000] UDF-fs: warning (device loop2): udf_load_vrs: No anchor found
[  143.169453][ T7000] UDF-fs: Scanning with blocksize 512 failed
[  143.209306][ T7000] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  144.248654][ T7017] loop1: detected capacity change from 0 to 256
[  144.282883][ T7017] FAT-fs (loop1): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  145.827713][    T8] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  146.017581][    T8] usb 2-1: Using ep0 maxpacket: 8
[  146.039931][    T8] usb 2-1: New USB device found, idVendor=0582, idProduct=0025, bcdDevice= 0.40
[  146.057798][    T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  146.077858][    T8] usb 2-1: Product: syz
[  146.082449][    T8] usb 2-1: Manufacturer: syz
[  146.087099][    T8] usb 2-1: SerialNumber: syz
[  146.746940][    T8] usb 2-1: uac_clock_source_is_valid(): cannot get clock validity for id 0
[  146.766339][    T8] usb 2-1: clock source 0 is not valid, cannot use
[  146.806096][ T7068] loop3: detected capacity change from 0 to 32768
[  146.838025][ T7068] (syz.3.431,7068,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  146.884597][ T7068] (syz.3.431,7068,1):ocfs2_block_check_validate:402 ERROR: CRC32 failed: stored: 0xb3775c19, computed 0x2dd1c265. Applying ECC.
[  146.966887][ T7068] JBD2: Ignoring recovery information on journal
[  146.999094][    T8] usb 2-1: uac_clock_source_is_valid(): cannot get clock validity for id 0
[  147.021181][ T7059] loop2: detected capacity change from 0 to 40427
[  147.027651][    T8] usb 2-1: uac_clock_source_is_valid(): cannot get clock validity for id 0
[  147.036382][    T8] usb 2-1: clock source 0 is not valid, cannot use
[  147.053777][    T8] usb 2-1: 2:1: cannot get freq (v2/v3): err -71
[  147.063234][    T8] usb 2-1: uac_clock_source_is_valid(): cannot get clock validity for id 0
[  147.073479][ T7059] F2FS-fs (loop2): Wrong MAIN_AREA boundary, start(4096) end(12800) block(12288)
[  147.088361][ T7059] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[  147.102446][ T7068] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  147.127701][ T7059] F2FS-fs (loop2): build fault injection attr: rate: 0, type: 0x35f7
[  147.154593][    T8] usb 2-1: USB disconnect, device number 9
[  147.180838][ T7059] F2FS-fs (loop2): build fault injection attr: rate: 690, type: 0x7ffff
[  147.229007][ T7059] F2FS-fs (loop2): Image doesn't support compression
[  147.298768][ T7059] F2FS-fs (loop2): invalid crc value
[  147.323539][ T7059] F2FS-fs (loop2): Found nat_bits in checkpoint
[  147.396318][ T7088] udevd[7088]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  147.513352][ T7059] F2FS-fs (loop2): Start checkpoint disabled!
[  147.557796][ T7059] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[  147.565253][ T7059] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e6
[  147.746944][ T7059] F2FS-fs (loop2): inject page get in f2fs_pagecache_get_page of generic_perform_write+0x2fe/0x5c0
[  147.828966][ T5778] ocfs2: Unmounting device (7,3) on (node local)
[  147.835841][ T7096] syz.2.427: attempt to access beyond end of device
[  147.835841][ T7096] loop2: rw=2049, sector=45096, nr_sectors = 40 limit=40427
[  147.871734][ T7059] syz.2.427: attempt to access beyond end of device
[  147.871734][ T7059] loop2: rw=2049, sector=45136, nr_sectors = 32 limit=40427
[  148.210864][   T35] kworker/u4:2: attempt to access beyond end of device
[  148.210864][   T35] loop2: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  148.269655][   T35] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  148.285299][   T35] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  149.511572][ T7130] netlink: 4 bytes leftover after parsing attributes in process `syz.2.450'.
[  149.863274][ T7137] loop1: detected capacity change from 0 to 1024
[  149.905083][ T7137] EXT4-fs: Ignoring removed bh option
[  149.979810][ T7139] netlink: 4 bytes leftover after parsing attributes in process `syz.2.455'.
[  150.010774][ T7137] EXT4-fs (loop1): mounted filesystem 00000000-0000-0006-0000-000000000000 r/w without journal. Quota mode: writeback.
[  150.053592][ T7137] ext4 filesystem being mounted at /95/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  150.236259][ T7137] EXT4-fs error (device loop1): ext4_map_blocks:718: inode #15: comm syz.1.452: lblock 0 mapped to illegal pblock 0 (length 1)
[  150.279094][ T7137] EXT4-fs (loop1): Remounting filesystem read-only
[  150.361370][ T5772] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0006-0000-000000000000.
[  152.547900][    T8] usb 3-1: new high-speed USB device number 6 using dummy_hcd
[  152.744840][    T8] usb 3-1: New USB device found, idVendor=055f, idProduct=c420, bcdDevice=6a.33
[  152.769164][    T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  152.798653][    T8] usb 3-1: config 0 descriptor??
[  152.825609][    T8] gspca_main: sunplus-2.14.0 probing 055f:c420
[  153.081371][ T7213] netlink: 16 bytes leftover after parsing attributes in process `syz.1.484'.
[  153.670027][    T8] gspca_sunplus: reg_w_riv err -71
[  153.687827][    T8] sunplus: probe of 3-1:0.0 failed with error -71
[  153.715065][    T8] usb 3-1: USB disconnect, device number 6
[  153.940068][ T7221] loop1: detected capacity change from 0 to 32768
[  153.983451][ T7221] JBD2: Ignoring recovery information on journal
[  154.025870][ T7221] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  154.134566][ T7221] (syz.1.489,7221,1):ocfs2_rename:1690 ERROR: status = -39
[  154.195560][ T5772] ocfs2: Unmounting device (7,1) on (node local)
[  154.877514][  T788] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  155.077553][  T788] usb 2-1: Using ep0 maxpacket: 16
[  155.108595][  T788] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  155.137580][  T788] usb 2-1: config 0 has no interfaces?
[  155.150352][  T788] usb 2-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  155.172297][  T788] usb 2-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3
[  155.190689][  T788] usb 2-1: Product: syz
[  155.203810][  T788] usb 2-1: Manufacturer: syz
[  155.214496][  T788] usb 2-1: SerialNumber: syz
[  155.238525][  T788] usb 2-1: config 0 descriptor??
[  156.104046][ T5809] usb 2-1: USB disconnect, device number 10
[  156.657529][  T788] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  156.737825][ T7256] loop3: detected capacity change from 0 to 40427
[  156.746473][ T7256] F2FS-fs (loop3): Wrong MAIN_AREA boundary, start(4096) end(12800) block(12288)
[  156.756384][ T7256] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[  156.764915][ T7256] F2FS-fs (loop3): build fault injection attr: rate: 0, type: 0x35f7
[  156.775438][ T7256] F2FS-fs (loop3): build fault injection attr: rate: 690, type: 0x7ffff
[  156.798542][ T7256] F2FS-fs (loop3): Image doesn't support compression
[  156.807849][ T7256] F2FS-fs (loop3): invalid crc value
[  156.834800][ T7256] F2FS-fs (loop3): Found nat_bits in checkpoint
[  156.857628][  T788] usb 2-1: Using ep0 maxpacket: 32
[  156.866141][  T788] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  156.890375][  T788] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  156.927474][  T788] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  156.935992][  T788] usb 2-1: Product: syz
[  156.957410][  T788] usb 2-1: Manufacturer: syz
[  156.962084][  T788] usb 2-1: SerialNumber: syz
[  156.988664][  T788] usb 2-1: config 0 descriptor??
[  156.999253][ T7264] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[  157.008886][  T788] hub 2-1:0.0: bad descriptor, ignoring hub
[  157.021624][  T788] hub: probe of 2-1:0.0 failed with error -5
[  157.042165][ T7256] F2FS-fs (loop3): Start checkpoint disabled!
[  157.078215][ T7256] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[  157.085402][ T7256] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e6
[  157.230099][ T7256] F2FS-fs (loop3): inject page get in f2fs_pagecache_get_page of generic_perform_write+0x2fe/0x5c0
[  157.254563][ T7256] syz.3.504: attempt to access beyond end of device
[  157.254563][ T7256] loop3: rw=2049, sector=45096, nr_sectors = 72 limit=40427
[  157.292331][ T7283] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  157.326008][ T7283] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  157.489131][ T6545] kworker/u4:13: attempt to access beyond end of device
[  157.489131][ T6545] loop3: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  157.507044][ T6545] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  157.521543][ T6545] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[  157.710727][ T7276] loop2: detected capacity change from 0 to 32768
[  157.765383][ T7276] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  157.944495][ T7276] XFS (loop2): Ending clean mount
[  157.960062][ T7276] XFS (loop2): Quotacheck needed: Please wait.
[  158.020546][ T7276] XFS (loop2): Quotacheck: Done.
[  158.158976][ T5768] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[  158.625652][ T7309] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  158.649333][ T7309] overlayfs: maximum fs stacking depth exceeded
[  158.918656][ T5806] kernel write not supported for file /vcs (pid: 5806 comm: kworker/1:3)
[  159.660387][ T5806] usb 2-1: USB disconnect, device number 11
[  159.813686][ T7332] Bluetooth: MGMT ver 1.22
[  160.137617][   T27] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  160.296417][ T7328] loop2: detected capacity change from 0 to 40427
[  160.315971][ T7328] F2FS-fs (loop2): invalid crc value
[  160.343690][   T27] usb 2-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08
[  160.371974][   T27] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  160.396344][ T7328] F2FS-fs (loop2): Found nat_bits in checkpoint
[  160.413539][   T27] usb 2-1: config 0 descriptor??
[  160.448767][   T27] gspca_main: cpia1-2.14.0 probing 0813:0001
[  160.606872][ T7328] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e5
[  160.857378][   T27] cpia1 2-1:0.0: unexpected state after lo power cmd: 00
[  160.897662][   T28] audit: type=1800 audit(1775572586.952:8): pid=7328 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.531" name="file1" dev="loop2" ino=10 res=0 errno=0
[  160.936780][ T5768] syz-executor: attempt to access beyond end of device
[  160.936780][ T5768] loop2: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  160.987772][ T5768] F2FS-fs (loop2): Stopped filesystem due to reason: 3
[  161.260053][   T27] gspca_cpia1: usb_control_msg 02, error -71
[  161.296612][   T27] gspca_cpia1: usb_control_msg 05, error -71
[  161.330771][   T27] cpia1 2-1:0.0: unexpected systemstate: 00
[  161.368497][   T27] usb 2-1: USB disconnect, device number 12
[  162.399076][ T7354] overlayfs: "xino" feature enabled using 3 upper inode bits.
[  162.434681][ T7354] overlayfs: maximum fs stacking depth exceeded
[  162.828956][ T7359] netlink: 8 bytes leftover after parsing attributes in process `syz.2.545'.
[  162.886592][ T7359] netlink: 'syz.2.545': attribute type 29 has an invalid length.
[  162.901959][ T7359] netlink: 4 bytes leftover after parsing attributes in process `syz.2.545'.
[  163.459193][ T7350] loop1: detected capacity change from 0 to 32768
[  163.506653][ T7350] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop1 scanned by syz.1.542 (7350)
[  163.583677][ T7350] BTRFS info (device loop1): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  163.604150][ T7350] BTRFS info (device loop1): using blake2b (blake2b-256-generic) checksum algorithm
[  163.623198][ T7350] BTRFS info (device loop1): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  163.717652][ T7350] BTRFS info (device loop1): use zstd compression, level 3
[  163.725183][ T7350] BTRFS info (device loop1): using free space tree
[  163.888475][ T7350] BTRFS info (device loop1): enabling ssd optimizations
[  163.942506][ T7350] BTRFS info (device loop1): auto enabling async discard
[  164.039239][   T28] audit: type=1800 audit(1775572590.152:9): pid=7350 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.542" name="file1" dev="loop1" ino=260 res=0 errno=0
[  164.074103][ T7350] fs-verity: sha256 using implementation "sha256-avx2"
[  164.129861][ T7350] BTRFS info (device loop1): setting compat-ro feature flag for VERITY (0x4)
[  164.274973][ T5772] BTRFS info (device loop1): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  164.349059][ T7394] loop2: detected capacity change from 0 to 256
[  164.381745][ T7394] exfat: Deprecated parameter 'namecase'
[  164.415514][ T7394] exfat: Deprecated parameter 'utf8'
[  164.437467][ T7394] exfat: Deprecated parameter 'namecase'
[  164.560142][ T7394] exFAT-fs (loop2): failed to load upcase table (idx : 0x0001fe89, chksum : 0xbf24f927, utbl_chksum : 0xe619d30d)
[  166.170299][ T7421] loop2: detected capacity change from 0 to 32768
[  166.212158][ T7421] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop2 scanned by syz.2.563 (7421)
[  166.275967][ T7421] BTRFS info (device loop2): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  166.307222][ T7421] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm
[  166.337881][ T7421] BTRFS info (device loop2): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  166.391533][ T7421] BTRFS info (device loop2): use zstd compression, level 3
[  166.417525][ T7421] BTRFS info (device loop2): using free space tree
[  166.684421][ T7421] BTRFS info (device loop2): enabling ssd optimizations
[  166.744852][ T7421] BTRFS info (device loop2): auto enabling async discard
[  166.837322][ T7461] netlink: 4 bytes leftover after parsing attributes in process `syz.0.574'.
[  166.890849][   T28] audit: type=1800 audit(1775572593.002:10): pid=7421 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.563" name="file1" dev="loop2" ino=260 res=0 errno=0
[  166.931222][ T7421] BTRFS info (device loop2): setting compat-ro feature flag for VERITY (0x4)
[  167.056629][ T5768] BTRFS info (device loop2): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  167.134792][ T7436] loop3: detected capacity change from 0 to 32768
[  167.234709][ T7467] overlayfs: failed to decode file handle (len=0, type=251, flags=0, err=-22)
[  167.285675][ T7436] JBD2: Ignoring recovery information on journal
[  167.400345][ T7436] ocfs2: Mounting device (7,3) on (node local, slot 0) with ordered data mode.
[  167.551924][ T7436] 
[  167.554332][ T7436] ======================================================
[  167.561381][ T7436] WARNING: possible circular locking dependency detected
[  167.568423][ T7436] syzkaller #0 Not tainted
[  167.572864][ T7436] ------------------------------------------------------
[  167.579922][ T7436] syz.3.570/7436 is trying to acquire lock:
[  167.585843][ T7436] ffff88805b92df58 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#2){+.+.}-{3:3}, at: ocfs2_reserve_suballoc_bits+0x16e/0x44c0
[  167.599134][ T7436] 
[  167.599134][ T7436] but task is already holding lock:
[  167.606629][ T7436] ffff88805e3ba378 (&oi->ip_xattr_sem){++++}-{3:3}, at: ocfs2_xattr_set+0x476/0x13e0
[  167.616187][ T7436] 
[  167.616187][ T7436] which lock already depends on the new lock.
[  167.616187][ T7436] 
[  167.626625][ T7436] 
[  167.626625][ T7436] the existing dependency chain (in reverse order) is:
[  167.635758][ T7436] 
[  167.635758][ T7436] -> #4 (&oi->ip_xattr_sem){++++}-{3:3}:
[  167.643645][ T7436]        down_read+0x46/0x2e0
[  167.648458][ T7436]        ocfs2_init_acl+0x30a/0x770
[  167.653698][ T7436]        ocfs2_mknod+0x140f/0x2300
[  167.659036][ T7436]        ocfs2_mkdir+0x196/0x430
[  167.663997][ T7436]        vfs_mkdir+0x296/0x440
[  167.668877][ T7436]        do_mkdirat+0x1dc/0x450
[  167.673763][ T7436]        __x64_sys_mkdirat+0x89/0xa0
[  167.679076][ T7436]        do_syscall_64+0x55/0xa0
[  167.684142][ T7436]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  167.690665][ T7436] 
[  167.690665][ T7436] -> #3 (&journal->j_trans_barrier){.+.+}-{3:3}:
[  167.699196][ T7436]        down_read+0x46/0x2e0
[  167.703949][ T7436]        ocfs2_start_trans+0x3a8/0x6f0
[  167.709524][ T7436]        ocfs2_reserve_suballoc_bits+0x7ad/0x44c0
[  167.715969][ T7436]        ocfs2_reserve_new_metadata_blocks+0x416/0x9a0
[  167.722954][ T7436]        ocfs2_extend_dir+0xcca/0x48b0
[  167.728604][ T7436]        ocfs2_prepare_dir_for_insert+0x315b/0x56b0
[  167.735242][ T7436]        ocfs2_mknod+0x81b/0x2300
[  167.740398][ T7436]        ocfs2_mkdir+0x196/0x430
[  167.745519][ T7436]        vfs_mkdir+0x296/0x440
[  167.750380][ T7436]        do_mkdirat+0x1dc/0x450
[  167.755239][ T7436]        __x64_sys_mkdirat+0x89/0xa0
[  167.760637][ T7436]        do_syscall_64+0x55/0xa0
[  167.765593][ T7436]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  167.772043][ T7436] 
[  167.772043][ T7436] -> #2 (sb_internal#3){.+.+}-{0:0}:
[  167.779712][ T7436]        ocfs2_start_trans+0x2a9/0x6f0
[  167.785183][ T7436]        ocfs2_reserve_suballoc_bits+0x7ad/0x44c0
[  167.791693][ T7436]        ocfs2_reserve_new_metadata_blocks+0x416/0x9a0
[  167.798545][ T7436]        ocfs2_extend_dir+0xcca/0x48b0
[  167.804009][ T7436]        ocfs2_prepare_dir_for_insert+0x315b/0x56b0
[  167.811132][ T7436]        ocfs2_mknod+0x81b/0x2300
[  167.816192][ T7436]        ocfs2_mkdir+0x196/0x430
[  167.821153][ T7436]        vfs_mkdir+0x296/0x440
[  167.825921][ T7436]        do_mkdirat+0x1dc/0x450
[  167.830780][ T7436]        __x64_sys_mkdirat+0x89/0xa0
[  167.836073][ T7436]        do_syscall_64+0x55/0xa0
[  167.841035][ T7436]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  167.847470][ T7436] 
[  167.847470][ T7436] -> #1 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#3){+.+.}-{3:3}:
[  167.858099][ T7436]        down_write+0x97/0x200
[  167.862967][ T7436]        ocfs2_reserve_suballoc_bits+0x16e/0x44c0
[  167.869388][ T7436]        ocfs2_reserve_clusters_with_limit+0x3bd/0xc20
[  167.876328][ T7436]        ocfs2_reserve_suballoc_bits+0x78b/0x44c0
[  167.882936][ T7436]        ocfs2_reserve_new_metadata_blocks+0x416/0x9a0
[  167.889809][ T7436]        ocfs2_extend_dir+0xcca/0x48b0
[  167.895287][ T7436]        ocfs2_prepare_dir_for_insert+0x315b/0x56b0
[  167.901981][ T7436]        ocfs2_mknod+0x81b/0x2300
[  167.907045][ T7436]        ocfs2_mkdir+0x196/0x430
[  167.912014][ T7436]        vfs_mkdir+0x296/0x440
[  167.916794][ T7436]        do_mkdirat+0x1dc/0x450
[  167.921656][ T7436]        __x64_sys_mkdirat+0x89/0xa0
[  167.926949][ T7436]        do_syscall_64+0x55/0xa0
[  167.932075][ T7436]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  167.938503][ T7436] 
[  167.938503][ T7436] -> #0 (&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#2){+.+.}-{3:3}:
[  167.949049][ T7436]        __lock_acquire+0x2df1/0x7d40
[  167.954435][ T7436]        lock_acquire+0x19e/0x420
[  167.959468][ T7436]        down_write+0x97/0x200
[  167.964244][ T7436]        ocfs2_reserve_suballoc_bits+0x16e/0x44c0
[  167.970692][ T7436]        ocfs2_reserve_new_metadata_blocks+0x416/0x9a0
[  167.977564][ T7436]        ocfs2_init_xattr_set_ctxt+0x30b/0x710
[  167.983817][ T7436]        ocfs2_xattr_set+0xc3f/0x13e0
[  167.989297][ T7436]        __vfs_setxattr+0x431/0x470
[  167.994507][ T7436]        __vfs_setxattr_noperm+0x12d/0x5e0
[  168.000408][ T7436]        vfs_setxattr+0x16b/0x2f0
[  168.005589][ T7436]        path_setxattr+0x3f3/0x5d0
[  168.010822][ T7436]        __x64_sys_setxattr+0xbb/0xd0
[  168.016240][ T7436]        do_syscall_64+0x55/0xa0
[  168.021191][ T7436]        entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  168.027626][ T7436] 
[  168.027626][ T7436] other info that might help us debug this:
[  168.027626][ T7436] 
[  168.038164][ T7436] Chain exists of:
[  168.038164][ T7436]   &ocfs2_sysfile_lock_key[args->fi_sysfile_type]#2 --> &journal->j_trans_barrier --> &oi->ip_xattr_sem
[  168.038164][ T7436] 
[  168.055150][ T7436]  Possible unsafe locking scenario:
[  168.055150][ T7436] 
[  168.062697][ T7436]        CPU0                    CPU1
[  168.068071][ T7436]        ----                    ----
[  168.073436][ T7436]   lock(&oi->ip_xattr_sem);
[  168.078038][ T7436]                                lock(&journal->j_trans_barrier);
[  168.085850][ T7436]                                lock(&oi->ip_xattr_sem);
[  168.092968][ T7436]   lock(&ocfs2_sysfile_lock_key[args->fi_sysfile_type]#2);
[  168.100263][ T7436] 
[  168.100263][ T7436]  *** DEADLOCK ***
[  168.100263][ T7436] 
[  168.108424][ T7436] 3 locks held by syz.3.570/7436:
[  168.113478][ T7436]  #0: ffff88807ee92418 (sb_writers#23){.+.+}-{0:0}, at: mnt_want_write+0x41/0x90
[  168.122740][ T7436]  #1: ffff88805e3ba658 (&sb->s_type->i_mutex_key#30){+.+.}-{3:3}, at: vfs_setxattr+0x144/0x2f0
[  168.133206][ T7436]  #2: ffff88805e3ba378 (&oi->ip_xattr_sem){++++}-{3:3}, at: ocfs2_xattr_set+0x476/0x13e0
[  168.143142][ T7436] 
[  168.143142][ T7436] stack backtrace:
[  168.149045][ T7436] CPU: 1 PID: 7436 Comm: syz.3.570 Not tainted syzkaller #0
[  168.156420][ T7436] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026
[  168.166833][ T7436] Call Trace:
[  168.170136][ T7436]  <TASK>
[  168.173167][ T7436]  dump_stack_lvl+0x18c/0x250
[  168.177860][ T7436]  ? load_image+0x420/0x420
[  168.182377][ T7436]  ? show_regs_print_info+0x20/0x20
[  168.187597][ T7436]  ? print_circular_bug+0x12b/0x1a0
[  168.193538][ T7436]  check_noncircular+0x2fc/0x400
[  168.198596][ T7436]  ? print_deadlock_bug+0x5d0/0x5d0
[  168.203981][ T7436]  ? lockdep_lock+0xf5/0x230
[  168.208596][ T7436]  ? _find_first_zero_bit+0xd3/0x100
[  168.213976][ T7436]  __lock_acquire+0x2df1/0x7d40
[  168.218853][ T7436]  ? __lock_acquire+0x7d40/0x7d40
[  168.223973][ T7436]  ? verify_lock_unused+0x140/0x140
[  168.229274][ T7436]  ? __mutex_unlock_slowpath+0x1b4/0x6c0
[  168.234919][ T7436]  ? do_raw_spin_lock+0x11f/0x2c0
[  168.239966][ T7436]  ? mutex_unlock+0x10/0x10
[  168.244478][ T7436]  lock_acquire+0x19e/0x420
[  168.248994][ T7436]  ? ocfs2_reserve_suballoc_bits+0x16e/0x44c0
[  168.255071][ T7436]  ? ocfs2_get_system_file_inode+0x202/0x850
[  168.261161][ T7436]  ? __might_sleep+0xe0/0xe0
[  168.265770][ T7436]  ? read_lock_is_recursive+0x20/0x20
[  168.271262][ T7436]  ? ocfs2_fast_symlink_read_folio+0x550/0x550
[  168.277548][ T7436]  ? verify_lock_unused+0x140/0x140
[  168.282766][ T7436]  ? check_noncircular+0x18a/0x400
[  168.287982][ T7436]  down_write+0x97/0x200
[  168.292236][ T7436]  ? ocfs2_reserve_suballoc_bits+0x16e/0x44c0
[  168.298311][ T7436]  ? down_read_killable+0x340/0x340
[  168.303533][ T7436]  ocfs2_reserve_suballoc_bits+0x16e/0x44c0
[  168.309528][ T7436]  ? mark_lock+0x94/0x320
[  168.313958][ T7436]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  168.319950][ T7436]  ? lock_chain_count+0x20/0x20
[  168.324819][ T7436]  ? _raw_spin_unlock_irqrestore+0x86/0x120
[  168.330732][ T7436]  ? lockdep_hardirqs_on+0x98/0x150
[  168.335952][ T7436]  ? ocfs2_block_group_search+0x470/0x470
[  168.341768][ T7436]  ? _raw_spin_unlock_irqrestore+0xc5/0x120
[  168.347674][ T7436]  ? _raw_spin_unlock+0x40/0x40
[  168.352554][ T7436]  ? stack_trace_save+0xaa/0x100
[  168.357507][ T7436]  ? stack_trace_snprint+0xf0/0xf0
[  168.362724][ T7436]  ? __stack_depot_save+0x560/0x630
[  168.367940][ T7436]  ? kasan_set_track+0x5f/0x70
[  168.372715][ T7436]  ? kasan_set_track+0x4e/0x70
[  168.377580][ T7436]  ? __kasan_kmalloc+0x8f/0xa0
[  168.382363][ T7436]  ? ocfs2_reserve_new_metadata_blocks+0x10d/0x9a0
[  168.388871][ T7436]  ? ocfs2_init_xattr_set_ctxt+0x30b/0x710
[  168.394777][ T7436]  ? ocfs2_xattr_set+0xc3f/0x13e0
[  168.399905][ T7436]  ? __vfs_setxattr+0x431/0x470
[  168.404852][ T7436]  ? __vfs_setxattr_noperm+0x12d/0x5e0
[  168.410327][ T7436]  ? vfs_setxattr+0x16b/0x2f0
[  168.415134][ T7436]  ? path_setxattr+0x3f3/0x5d0
[  168.420025][ T7436]  ? __x64_sys_setxattr+0xbb/0xd0
[  168.425254][ T7436]  ? do_syscall_64+0x55/0xa0
[  168.429860][ T7436]  ? entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  168.436143][ T7436]  ocfs2_reserve_new_metadata_blocks+0x416/0x9a0
[  168.442573][ T7436]  ? ocfs2_init_steal_slots+0x160/0x160
[  168.448135][ T7436]  ? ocfs2_xattr_block_set+0x2e30/0x2e30
[  168.453873][ T7436]  ocfs2_init_xattr_set_ctxt+0x30b/0x710
[  168.459632][ T7436]  ? ocfs2_xattr_set+0xc05/0x13e0
[  168.464673][ T7436]  ? ocfs2_prepare_refcount_xattr+0xff0/0xff0
[  168.470873][ T7436]  ? ocfs2_truncate_log_needs_flush+0x130/0x310
[  168.477154][ T7436]  ? ocfs2_remove_btree_range+0x15e0/0x15e0
[  168.483066][ T7436]  ? down_write+0x16e/0x200
[  168.487606][ T7436]  ? down_read_killable+0x340/0x340
[  168.492988][ T7436]  ? up_write+0x1c3/0x410
[  168.497328][ T7436]  ocfs2_xattr_set+0xc3f/0x13e0
[  168.502208][ T7436]  ? __ocfs2_xattr_set_handle+0xf40/0xf40
[  168.508025][ T7436]  ? aa_get_newest_label+0xfd/0x5c0
[  168.513249][ T7436]  ? ocfs2_inode_unlock_tracker+0x270/0x2e0
[  168.519153][ T7436]  ? __rwlock_init+0x150/0x150
[  168.523929][ T7436]  ? do_raw_spin_unlock+0x121/0x230
[  168.529151][ T7436]  ? put_pid+0xde/0x120
[  168.533323][ T7436]  ? ocfs2_xattr_user_set+0xab/0xf0
[  168.538534][ T7436]  ? ocfs2_xattr_user_get+0xe0/0xe0
[  168.544008][ T7436]  __vfs_setxattr+0x431/0x470
[  168.548728][ T7436]  __vfs_setxattr_noperm+0x12d/0x5e0
[  168.554140][ T7436]  vfs_setxattr+0x16b/0x2f0
[  168.558761][ T7436]  ? xattr_permission+0x470/0x470
[  168.563888][ T7436]  ? __mnt_want_write+0x223/0x2a0
[  168.568928][ T7436]  ? path_setxattr+0x3a1/0x5d0
[  168.573704][ T7436]  path_setxattr+0x3f3/0x5d0
[  168.578313][ T7436]  ? simple_xattrs_free+0x150/0x150
[  168.583529][ T7436]  ? lockdep_hardirqs_on_prepare+0x40d/0x770
[  168.589613][ T7436]  ? lock_chain_count+0x20/0x20
[  168.594494][ T7436]  __x64_sys_setxattr+0xbb/0xd0
[  168.599365][ T7436]  do_syscall_64+0x55/0xa0
[  168.603792][ T7436]  ? clear_bhb_loop+0x40/0x90
[  168.608479][ T7436]  ? clear_bhb_loop+0x40/0x90
[  168.613610][ T7436]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  168.619612][ T7436] RIP: 0033:0x7f3ba8b9c819
[  168.624048][ T7436] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  168.643662][ T7436] RSP: 002b:00007f3ba6df6028 EFLAGS: 00000246 ORIG_RAX: 00000000000000bc
[  168.652175][ T7436] RAX: ffffffffffffffda RBX: 00007f3ba8e15fa0 RCX: 00007f3ba8b9c819
[  168.660158][ T7436] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000200000000240
[  168.668244][ T7436] RBP: 00007f3ba8c32c91 R08: 0000000000000001 R09: 0000000000000000
[  168.676610][ T7436] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  168.684680][ T7436] R13: 00007f3ba8e16038 R14: 00007f3ba8e15fa0 R15: 00007ffe6bd92558
[  168.692841][ T7436]  </TASK>
[  168.734886][ T7476] vxcan1: tx drop: invalid sa for name 0x0000000000000002
[  168.866408][ T5778] ocfs2: Unmounting device (7,3) on (node local)