last executing test programs:

14.756420874s ago: executing program 0 (id=528):
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[], 0x60}, 0x1, 0x0, 0x0, 0x2000010}, 0x0)
pipe2$9p(&(0x7f0000000240)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff}, 0x0)
splice(r2, &(0x7f0000000280), r1, 0x0, 0x800, 0x0)
preadv(0xffffffffffffffff, &(0x7f0000000580)=[{&(0x7f0000000640)=""/102396, 0x18ffc}, {0x0}], 0x2, 0x0, 0x0)
r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
preadv(r3, &(0x7f0000000480)=[{&(0x7f0000019640)=""/102400, 0x19000}, {&(0x7f00000003c0)=""/178, 0xb2}, {&(0x7f0000000100)=""/23, 0x17}, {&(0x7f0000000300)=""/32, 0x20}, {&(0x7f0000032640)=""/208, 0xd0}], 0x5, 0x4, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='memory.events.local\x00', 0x275a, 0x0)
bpf$PROG_LOAD_XDP(0x5, &(0x7f00000001c0)={0x12, 0x3, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8, r4}, 0x90)
syz_emit_vhci(&(0x7f0000000180)=ANY=[@ANYBLOB="04040a004000008a47e6c71f"], 0xd)
r5 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00')
syz_emit_vhci(&(0x7f0000000340)=ANY=[@ANYRES8=r1, @ANYRESHEX=r2], 0x3b)
setgroups(0x400000000000026f, &(0x7f0000000080)=[0x0, 0xee00])
read$FUSE(r5, &(0x7f0000003680)={0x2020}, 0x2020)
ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0)
r6 = creat(0x0, 0x0)
add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0)
openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0)
r7 = syz_open_dev$vim2m(&(0x7f0000000040), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r7, 0xc0145608, &(0x7f00000001c0)={0x20, 0x2, 0x4})
ioctl$vim2m_VIDIOC_QBUF(r7, 0xc058560f, &(0x7f00000005c0)=@fd={0x0, 0x2, 0x4, 0x0, 0x0, {0x0, 0xea60}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "147cedad"}, 0x1})
syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r8, 0x8933, &(0x7f0000000380)={'wlan0\x00'})
sendto$inet6(r6, &(0x7f0000000080)="4c00000012001f15b9409b849ac00a00a5784004000000000000030038c88cc055c5ac27a6c5b068d0bf46d323452536005ad94a461cdbfee9bdb942352359a351d1ec0cffc8792cd8000080", 0x4c, 0x40084, 0x0, 0x0)

13.874465945s ago: executing program 0 (id=539):
write$binfmt_script(0xffffffffffffffff, 0x0, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, 0xffffffffffffffff, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x100002, 0x0)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0xe, &(0x7f0000001840)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000f0ffffff7a0af0ff0000000079a4f0ff00000000b706000000000081ad64020000000000450404000100ff0f1704000001130a00b7050000010000006a0af2fe0000000085000000a3000000b700000000000000950000000000000000e154cd8445974b26c933f7ffffffffe4fbffffff55bb2007ee51050512b5b42128aa090a79507df79f298129daa7a6b2f91af50342115e17392ac627c87881c000006146001e04aeacea799a22a216798b5adc43eb27d53319d0ad229e5752548300000000dbc2777df150b7cdd77b85b941092314fd085f028f2ed1a4535550614e09d6378198a6097a670838337af2abd55a87ac0394b2f92ffab7d153d62058d0a413b2173619ccf55520f22c9ca8b6712f3024b7041b1df65b3e1b9bf115646d14ce53d13d0ccacda1ef0900094fa737c28b99938512c816fdcceaede3faedc51d29a47fc813a2ec00f4c7a53ac271fefc583eec8912c37562d6d7f4ea6bf97f2f33e2ea2e534300bcb3fdc4b4861004eefbda7f54f82a804da4f85db47a4a69bf9bc5fa96ee293fbd165a5a68488e40b030166565a097b1b44b451de7368ca69f6f8db03d4b7745fef1d04ec633dee254a6d491b849a5a787e814c4fd21a18986252a70f8f92eb6f0e8c7db4bf23242a18159f09943b1b0452d1b72183aacf4a84f9130b775dd4e9e3070756f97ad791fa99dac06b57479321a0574fb30ff0000001989328c8ddc20ea011bf5742e0e0d4334db8b20ce3f9f16cb7fc20fb4791ec85821d0c48fb657c29b309c73f0d77e7cde65a82b94c461d7962b0d2277a84af326f37f3e2c35a61ec45c3af97a8f17da954aff3fc8c108755f75ca13fb7c8bbd8b6e7dac1aba4b2059ba4b923a1188dd61dc7de058a4dfa7e85a8bdf1d41a2d8bd044d66f47cc180f82c5f573c6d294d3665016ac59dda0fde4745db06753a7ac74a2d32f7528751313694bf5700b20ef0c248ddd3da32396a614cacad4ae52066bb5d4045c958549b7dcb98a6273b8c651e24d9f679e4fbe948dfb4cc4a389469608241730459f0123fd39206000000000000eb55dad46de56ef907b059b90b8aa49afb9a79ae5498f6589880ed6eea7f9c670012be05e7de0940313c5870786554df26236ebced9390cb6941b8375d936a7d2120eca291963eb2d537d8ee4de5c183c960119451c31539b22809e1d7f0cda06a9fa87d64cb77872a2cd8a104e16bb1a2bacf13464ca03aff14a9aa4bd9530243ff98df3347f0e399d1b9f27e3c33269c0e153b28b2d4410572bc45b9d3fa02208d304d455c36300000000022320178b00cc6ed7966130b547dbf8b497af002000000cd1d00000020000000ef19349ee7f31abc11c800000000000000000000000928ee53595a779d243a48cea769470424d28804c04b2c4324ab7f4a5c81921f0128dfd70b438af60b060000000000000056642b49b745f3bf2cf7908b6d7d748308eea09fc361b4735efbf3411718d6ee7aebf9ef679dbfae9fb4a79f8a836804ed3a000000002a12043408cd60b687dcff91af19010000000000000000456f7d2a42bd13da202274f20675eb781925441578e93046aaddea8ec4ca37f71c2710a7ea8ae0dc214e1cc275b26adfa892e6de92000000000000000000ddff004cff9ec7ffff35e62f4eeee50e5bafecea4d4134f9d006c8d6883eca5c9c58c9e93311ab5009c68c73de2f04f15d005387577f480000ea65559eb00e76e9d0ada201bcbb5c252b28a60ca770663da451790cc36000906d5a9fad98c308e39bd5ffb6151d79c1cee1cd103c1962f4759286db3633be3f00000015762e5f5a3a0bc33fdbe28a5ffc83f2b485185cc92ce7f791e8f6429309d6adab4b7e508e5bf024ed8f8a005f2bbf96c89739f5cf1e750d50517a59a3ad09e8802e8f4f535447cc0fc9d5f99a73145dfcedad69da9cd4375c624600e78f4458544714f29611f95d4a31838eeb20c20bb82aa31771cd379ec83554cea5e6539db7384e1f58d81f2f2653c4d9818708e27c89b552d7fcd116bce9c764c714c9402c21d181aac59efb28d4f91652f6750b6ec962802c0320f8059195729d60c534e48e8ff0755b67fe4c25edb85bcff24c757aa8090000000000008c420eb4304f66e3a37aaf000000c42a570f0e1dd5fd545470f862f8c3c14fa9ecd1e877b0d8ca84c044859e85e6158f9184bc61a9a284db80e4636c25b96174327d82761c26e329555f9290af4100000000000000749efd040000000000000034137f5ab0d534b8d63e4ca3b671f2de1cdf519192c6b59a601fd419adc16e2055b85058f793484305d7a175979d54000004408996ec5db6a4d15b71ee855a47bc00edf5e9020c09ab004321610b857e8717764b633b21cb32f0e03280e09758bd445ab91d20baca005452b79d7b574a247f1d2fe45b3c4e93da3d51de647c10dd49944dc87c92332af00f191b66b6a6f732a91f0e2e9120be61e58c79d497247d278888901d442ad7f8536605a644e9e3d769db497c3960dfde12182334caee994adc38a436367a54b9e182b78e9a0ceb9a2c4f63902c1ad1a7c5a08d0920a23c2a86abbdf357849a651733e57f31019876026888c8ccb85c86b4f8ffffff7f000000002c331fca0e541b7ca211c28ed61c525708a13d115b43f8b1894c8fa8a14dc4810f61ae96c18cc7130000000000002100000000000000000001000027c9a46157a3609b6fd9843ee19ec647249a9375de5858818f3c4a4fa6ce46f4d42b07199de8b99231ace58c77819ee214e49666c464d35ca9b5143ed3b3dc8c17a23692759ccf5a205311b7ab22532697b861dfb54609fd88e6043bd52ae84c1bb0c8a6c769f952283a1f4e3842edb3d42c68a27ef6a1296dfff4a979369b0e8ebc62887aa46e820a74f91381dcc198e353047db70686d147357024eb3cb94f1e89cb5ba0a56aa046b4dc521a3d9356b4b8b5917c4c860495b240e80063bde261fd000000000072716bc8e139c49b91c76bea3858f7ca208d31330d89069f96f66e2e7748a2ff93060ff073b3a113e47edf0672fda649e8ca5095f2a161bf60b876f7d116d2b0976cf2ec447c030931651dd315003b7a6a5433a2bb3c035fc6846abe389b25c988f0bbb889560ae99ec4b227eda2e63a1c31a2c2bd48a822cbe92b6524e0cd8020ecaa34e19e7141d5e221509342bfe7d294d1eb3de6a50ca0301f89c2ee62714ee5f72d8805dd1bfbd081f6a5d1f1289dfe14cb9194e26a44fac273461fc5c0e0a33db7f2d43ea8086cf059f403a2640b6bfb74dd35f5a31059c01517cf4b6641fce9a24b96767b837ca037a1199735c375c705c798e0e208e4a5259d0bfa526b462af45a6eab34000000000000000000000000c4426344ec1a3366515dee221e747f55d7dd02534bc503b9b28277c253e410986bef2111a99cc448d652929f8a67a6a1d3f00dcad91aff42961f8f3b555d9e8aade3f85714a1d3ef29acd4d49b62339c10c2ec0dac4728288e78980c1184d8223edbccbf9258b7374e79a1f8bf3fb73c8c6dbb7bbdfc399847a11921f97eba0ea14c4fed9a71eedb97c02461792e3a49dac16c60c3fcaab222025d78963c3ac899fa8b63f58a30212c9b2d7fe751e2046b78f86e22861b6504c667350244dd6d9189a8b9c45f8aaff9db694811ca86ed978f23eed7459c0382074170cf1e25b0e9ba3d1cc309353eea4cd8ab96bafda393276bdd8d32ead8db9e1b54d2d3d50e2815268fc1a6ec566981bc8ca2a4583f3d40e8173d3d0f4f25cfe6cc1897449ba5f26a9d66ac73e6f5c401376f23a314e0b9ff997d22f3e34b7524642e248aa813edaa626f000000000000000000000000000000005519fe545110a9c01d6f0da7b0731b19ae17b64d6eb1a47675aea60371f629ed3446beb20bf2bab80e451b4139dc6c87e6b395edc142e24b596f636f8c248beeb268dbbf120b26693f73a6362e7c6bff6b08514763f6fbe6c914baf7e25ac7e8d36babeb6c58d012cf7b1ffbe996204af87412b9b21da1dfb01aa5a4ff142deb3bd70d11cf71752bdb33f1dfb6ef107ef3cb0016b2b6dcffb0be5a95d56172098ebf6075cc048f94350e2adb108eabccfae942bbca66ea83139ab4062963be6d549907b17d95b248201322cd8cc6540b6e369c7ebd9b98ca3dab43e84ecf9e66be246847b40feadfebcbb566d4e243bd8f279db0c7f5320ca6bf5cea49671ca89eedbb79028af6d459d6fe81071e700136fdb9234ce00d6ce181421dc659fc73ad25cdf97e5a6f4e5e05394e70fdf1ef4b41c376ba0222a87d8d5609f535a6a6fbbd60fc633064a94c252ac127b7467ec036ed883e252cb8727208712e4296f106c6527ff939552e23c2140c0000000000000000000000000000000000f565b8c79e9b58ff30e1acf99deb2eb969152da1c45d5c52a7c9b562e230d1d72dd77dcdd86c19e1c9a07a9b"], &(0x7f0000000b80)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0xfffffedf, 0x10, &(0x7f0000000040)}, 0x48)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000700)={r0, 0x31, &(0x7f0000000240)={0x0, <r1=>0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4e, 0x0, 0x0, 0xfffffffffffffe9a, 0x0, 0x0, 0x0, 0x0}}, 0x10)
r2 = bpf$BPF_PROG_GET_FD_BY_ID(0xd, &(0x7f00000004c0)={r1}, 0x4)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000180)={r2, 0x0, 0x15, 0x0, &(0x7f0000000200)="63eced8e46dc3f0adf33c9f7b986", 0x0, 0xf000, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x48)
ioctl$KVM_NMI(0xffffffffffffffff, 0xae9a)

13.584755404s ago: executing program 0 (id=543):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=@newsa={0x184, 0x10, 0x713, 0x0, 0x0, {{@in6=@remote, @in=@dev}, {@in=@remote, 0x0, 0x32}, @in6=@loopback, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_crypt={0x48, 0x2, {{'ecb(cipher_null)\x00'}}}, @algo_auth_trunc={0x4c, 0x14, {{'sha1\x00'}, 0x0, 0x7}}]}, 0x184}}, 0x0)

13.463802351s ago: executing program 0 (id=546):
syz_mount_image$ext4(&(0x7f0000000100)='ext4\x00', &(0x7f0000000500)='./file0\x00', 0x2008002, &(0x7f0000000080), 0x1, 0x53d, &(0x7f0000000a80)="$eJzs3c9vHFcdAPDvjH82TesEeoAKSIBCQFF2400bVb20uYBQVQlRcUAcUmNvLJNdr/GuS20s4f4NIIHECf4EDkgckHriwI0jEgeEVA5IASxQjATSopkdO1t7TZbsepd6Px9pMvPmzcz3vWxm39u3m3kBTKyrEbEXEbMR8VZELBT7k2KJ1zpLdtzD/d3lg/3d5STa7Tf/muT52b7oOifzdHHN+Yj42pcjvpWcjNvc3rm/VKtVN4t0uVXfKDe3d26s1ZdWq6vV9Url9uLtmy/feqkytLpeqf/8wZfWXv/6r375yfd/u/fF72XFuljkdddjmDpVnzmKk5mOiNfPItgYTBXr2TGXgyeTRsRHIuIz+f2/EFP5v04A4DxrtxeivdCdBgDOuzQfA0vSUkSkadEJKHXG8J6LC2mt0Wxdv9fYWl/pjJVdipn03lqtevPy3O+/kx88k2TpxTwvz8/TlWPpWxFxOSJ+OPdUni4tN2or4+nyAMDEe7q7/Y+If8ylaanU16k9vtUDAD405sddAABg5LT/ADB5tP8AMHn6aP+LL/v3zrwsAMBo+PwPAJNH+w8Ak0f7DwAT5atvvJEt7YPi+dcrb29v3W+8fWOl2rxfqm8tl5Ybmxul1UZjNX9mT/1x16s1GhuLL8bWO+VWtdkqN7d37tYbW+utu/lzve9WZ0ZSKwDgv7l85b3fJRGx98pT+RJdczloq+F8S8ddAGBspgY5WQcBPtTM9gWTq68mPO8k/ObMywKMR8+Hec/33PygH/8PQfzOCP6vXPt4/+P/5niG88X4P0yuJxv/f3Xo5QBGz/g/TK52Ozk+5//sURYAcC4N8BO+9veH1QkBxupxk3kP5ft/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOGcuRsS3I0lL+VzgafZnWipFPBMRl2ImubdWq96MiGfjSkTMzGXpxXEXGgAYUPrnpJj/69rCCxeP584m/5zL1xHx3Z+8+aN3llqtzcVs/9+O9s8dTh9WeXTeAPMKAgBDlrfflWLd9UH+4f7u8uEyyvI8uBP/LqYiXj7Y382XTs50ZDsj5vO+xIW/JzFdnDMfEc9HxNQQ4u+9GxEf61X/JB8buVTMfNodP4rYz4w0fvqB+Gme11lnna+PDqEsMGneuxMRr/W6/9K4mq973//z+TvU4B7c6Vzs8L3voCv+dBFpqkf87J6/2m+MF3/9lRM72wudvHcjnp/uFT85ip+cEv+FPuP/4ROf+sGrp+S1fxpxLXrH745VbtU3ys3tnRtr9aXV6mp1vVK5vXj75su3XqqU8zHq8uFI9Ul/eeX6s6eVLav/hVPiz/es/+zRuZ/rs/4/+9db3/z0o+Tc8fhf+Gzv1/+5nvE7sjbx833GX7rwi1On787ir5xS/8e9/tf7jP/+n3ZW+jwUABiB5vbO/aVarbo50Eb2KXQY1zmxkRWxv4MPu4uDBf1jnEUtnnBj5qz+Vs98Y/qorzjcK38ju+KIq5MOvRYDbTwcVazxvScBo/Hoph93SQAAAAAAAAAAAAAAgNOM4r8ujbuOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnF//CQAA//+zi8zo")
syz_mount_image$vfat(&(0x7f0000000140), &(0x7f0000000040)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x802053, 0x0, 0xfc, 0x0, &(0x7f00000000c0))
syz_mount_image$fuse(0x0, &(0x7f0000001900)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
getsockopt$IP_SET_OP_GET_FNAME(0xffffffffffffffff, 0x1, 0x53, 0x0, 0x0)
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x8048ae66, &(0x7f0000000240)={[{}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x5}]})
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='pids.events\x00', 0x275a, 0x0)
write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f00005d4000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, &(0x7f0000000040)="5b0f01c2c29c028ed0660f388236af0083ee2c0f20c06635000004200f22c0643e1f0fb7c2", 0x25}], 0x1, 0x0, 0x0, 0x0)
preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil})
r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000380)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
openat$incfs(0xffffffffffffffff, &(0x7f0000000080)='.pending_reads\x00', 0x0, 0x0)
lchown(&(0x7f00000006c0)='./file0\x00', 0x0, 0xee01)
creat(&(0x7f0000000180)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x7c)
mount$bind(&(0x7f0000000500)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x1010d1, 0x0)
stat(&(0x7f0000000300)='./file0\x00', &(0x7f0000000340))
socket$nl_xfrm(0x10, 0x3, 0x6)
mkdir(&(0x7f0000000300)='./file0\x00', 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x800007)
r4 = getpid()
sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)

12.38253841s ago: executing program 0 (id=558):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f000000c280)={&(0x7f0000000380)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x5}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x78, 0x3, 0xa, 0x301, 0x0, 0x0, {0x5}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_COUNTERS={0x1c, 0x8, 0x0, 0x1, [@NFTA_COUNTER_PACKETS={0xc}, @NFTA_COUNTER_BYTES={0xc}]}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_FLAGS={0x8, 0xa, 0x1, 0x0, 0x3}, @NFTA_CHAIN_HOOK={0x28, 0x4, 0x0, 0x1, [@NFTA_HOOK_PRIORITY={0x8}, @NFTA_HOOK_HOOKNUM={0x8}, @NFTA_HOOK_DEV={0x14, 0x3, 'syzkaller1\x00'}]}]}], {0x14}}, 0xc0}}, 0x0)

8.722522726s ago: executing program 3 (id=594):
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000280)=<r1=>0x0)
sched_setscheduler(r1, 0x0, 0x0)
stat(0x0, 0x0)
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
ioctl$UI_DEV_SETUP(r2, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00', 0x50})
syz_io_uring_setup(0x31a9, &(0x7f0000000080)={0x0, 0x0, 0x2284}, &(0x7f0000000000), &(0x7f0000000200))
ioctl$UI_DEV_CREATE(r2, 0x5501)
write$input_event(r2, &(0x7f0000000000)={{0x77359400}}, 0xfe4f)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'veth0_macvtap\x00'})
socket(0x0, 0x80802, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, &(0x7f00000004c0)=@v2={0x2, @aes256, 0x0, '\x00', @c})
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, 0x0, 0x0}, 0x90)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0)

8.156869896s ago: executing program 3 (id=601):
r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0)
write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9)
ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0)
io_uring_setup(0x5237, &(0x7f00000004c0))
ioctl$SNDCTL_DSP_SPEED(r0, 0xc004500a, &(0x7f0000000040))
close_range(r0, 0xffffffffffffffff, 0x0)
openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)

8.012487873s ago: executing program 2 (id=604):
syz_mount_image$vfat(&(0x7f0000000280), &(0x7f00000002c0)='./file0\x00', 0x10000, 0xffffffffffffffff, 0x0, 0x0, 0x0)
r0 = syz_open_procfs(0x0, &(0x7f0000000240)='mountinfo\x00')
mount(0x0, &(0x7f0000000040)='./file0/../file0/../file0\x00', &(0x7f0000000100)='devpts\x00', 0x0, 0x0)
mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', 0x0, 0x1210020, &(0x7f00000005c0)={[{@gid={'gid', 0x3d, 0xee01}}, {}]})
read$FUSE(r0, &(0x7f0000004540)={0x2020}, 0x2020)

7.973383789s ago: executing program 2 (id=605):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, 0x0, 0x0)
socket(0x10, 0x0, 0x0)
r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0)
read$FUSE(r3, &(0x7f00000021c0)={0x2020}, 0x2020)
syz_fuse_handle_req(r3, &(0x7f0000008380)="000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000080000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000062c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
fcntl$lock(0xffffffffffffffff, 0x5, &(0x7f0000000740))
lgetxattr(&(0x7f0000000040)='./cgroup.net/cgroup.procs\x00', &(0x7f0000000080)=@random={'security.', 'trusted.'}, 0x0, 0x0)
process_vm_readv(0x0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)

7.930574246s ago: executing program 4 (id=606):
socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(0xffffffffffffffff, 0x0, 0x0)
shutdown(0xffffffffffffffff, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200))
r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x101041)
openat$sequencer(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0)
write$sndseq(r0, &(0x7f0000000080)=[{0xc, 0x0, 0x0, 0xfd, @tick, {}, {0xe}, @result}], 0x1c)

7.220609372s ago: executing program 3 (id=609):
socket(0x0, 0x0, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0)
setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x0, 0x0, 0x0, 0xe4}]}, 0x10)
r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
ioctl$int_in(r0, 0x40000000af01, 0x0)
sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a010400000000000000000100000008000240000000020900010073797a300000000014000000110001"], 0x50}}, 0x0)
r1 = socket$packet(0x11, 0x3, 0x300)
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000240))
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000380)={0x1, 0x0, 0x0, &(0x7f0000000700)=""/4096, &(0x7f0000000280)=""/252})
r2 = dup(r1)
ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x1, r2})

7.015166384s ago: executing program 2 (id=612):
r0 = creat(&(0x7f0000000040)='./bus\x00', 0x0)
mount(&(0x7f0000000380)=@loop={'/dev/loop', 0x0}, &(0x7f0000000140)='./bus\x00', 0x0, 0x0, 0x0)
ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000280)=<r1=>0x0)
sched_setscheduler(r1, 0x0, 0x0)
stat(0x0, 0x0)
r2 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10)
ioctl$UI_DEV_SETUP(r2, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00', 0x50})
syz_io_uring_setup(0x31a9, &(0x7f0000000080)={0x0, 0x0, 0x2284}, &(0x7f0000000000), &(0x7f0000000200))
ioctl$UI_DEV_CREATE(r2, 0x5501)
write$input_event(r2, &(0x7f0000000000)={{0x77359400}}, 0xfe4f)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'veth0_macvtap\x00'})
socket(0x0, 0x80802, 0x0)
ioctl$FS_IOC_SET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x800c6613, &(0x7f00000004c0)=@v2={0x2, @aes256, 0x0, '\x00', @c})
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, 0x0, 0x0}, 0x90)
setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x32, 0x0, 0x0)

6.984639303s ago: executing program 3 (id=613):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000070000000000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000240)={&(0x7f0000000080)='kfree\x00', r0}, 0x10)
timerfd_create(0x6, 0x0)

3.815829196s ago: executing program 3 (id=614):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_DREG={0x8}, @NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x14}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x7c}}, 0x0)

3.782178175s ago: executing program 4 (id=616):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, 0x0, 0x0)
bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10)
socket$nl_netfilter(0x10, 0x3, 0xc)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.memory_pressure_enabled\x00', 0x275a, 0x0)
ftruncate(r1, 0x100c17a)
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r5 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x6, 0xf, &(0x7f0000000900)=@ringbuf={{0x18, 0x7}, {{0x18, 0x1, 0x1, 0x0, r5}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x8a}}}, &(0x7f0000000480)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
truncate(0x0, 0x0)
getsockopt$inet_int(0xffffffffffffffff, 0x0, 0x22, 0x0, &(0x7f0000000140))
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10)
getsockopt$inet6_mreq(r1, 0x29, 0x1c, &(0x7f00000001c0)={@ipv4={""/10, ""/2, @empty}}, &(0x7f0000000240)=0x14)
socket$nl_route(0x10, 0x3, 0x0)
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x40}, 0x90)
setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000d40)='highspeed\x00', 0xa)

3.749035707s ago: executing program 2 (id=617):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x3, &(0x7f0000000040)=@framed, &(0x7f0000000000)='GPL\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000004c0)='contention_begin\x00', r0}, 0x10)
mkdir(&(0x7f0000000440)='./file1\x00', 0x0)
mount(0x0, &(0x7f00000004c0)='./file1\x00', &(0x7f00000002c0)='tmpfs\x00', 0x0, 0x0)
chdir(&(0x7f0000000080)='./file1\x00')
mknod(&(0x7f0000000140)='./file0\x00', 0x1000, 0x0)
openat(0xffffffffffffff9c, &(0x7f000000c380)='./file0\x00', 0x0, 0x0)
r1 = open$dir(&(0x7f0000000140)='./file0\x00', 0x1, 0x0)
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0)
ftruncate(r2, 0x2000009)
sendfile(r1, r2, 0x0, 0x6)
mknod(&(0x7f0000000080)='./bus\x00', 0x1000, 0x0)
open(&(0x7f00000002c0)='./bus\x00', 0x0, 0x0)
r3 = open$dir(&(0x7f0000000100)='./file0\x00', 0x0, 0x0)
r4 = creat(&(0x7f0000000000)='./bus\x00', 0x0)
tee(r3, r4, 0x6, 0x0)

3.658836347s ago: executing program 3 (id=620):
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000080)='./file0\x00', 0x0, &(0x7f0000000480)=ANY=[@ANYBLOB="6c617a7974696d652c6e6f696e6c696e655f78617474722c6c617a7974696d652c6e6f626172726965722c6163746976655f6c6f67733d342c757365725f78617474722c6d6f64653d6c66732c616c6c6f635f6d6f64653d64656661756c742c00be9ee044c45511e65887f6fac9eba6d787c3684a836f23dbf8ad3dd5931c08b4d8bde7e8acbbf3bf3326f2faa5952a332ad2ced40c98a2affa2dad4d623f9ff3ffa81e45095548ab6200f069d0f63d20fd71d3043b0dd5c4cf9785f3f531abc19bc1678f5e0b33006bd1049ca45fd8500d67a5aa6e1c23d900000000007867738729e703bb122283fb2fae9813a0cfefcdf3dc968af1cf80e96649d943198a96d9b1af9c91506b30922be8537f54e65cf60c6b6a5798955796aea325770d6ccc93a95fad93b2c7bad114fcbc55036a301c23b07073c71555791db8919235022bb0ee4294211ab9b43f3fbedecd223722d937aa22b31e2e9c97e5ea94e4ab83d4e5811c7556813c334aec856af0a0c12b3c93ba5aa906c6e2268a0c6cbbb13f496d87c608604eb02b2c031d5ae40c75"], 0x1, 0x5500, &(0x7f000000ad00)="$eJzs3E1rY9UfB/CTPkzn6T//Ii7czYVBaGESmj4Muqs6gw/YofiwcKVpkobMJLmlSdPalQuX4sJ3IgquXPoaXLh2Jy4Ud4KSe05lqg4ojcl0+vnA7ffek5vf/Z1QWs5NSAAurMXsl59K4Ua4EkKYDSFcD6HYL6WtsBnjuRDCzRDCzCNbKY3/MXAphHA1hHBjVDzWLKWHPrs9vLXx4xs/f/3twty1z7/6bnqzBqbt+RBCdy/uH3Zj5q2YD9J4bdgusrs+TBkf6D5Mx3nMw+ZOUeGwdnJerci1Vjw/3zvoj3K3U6uPstXeLcb3evGC/WHrpE7xhAe1/eK40dwpst3Pi2wdx76OjuPftuP+INZppHofFuXDYHCScbx51Izz2XtYZL03SOOxbt5oHo1ymDJdLtTzTqPoY+csr/ST7c127+AoGzb3++28l21Uqi9UqnfK1f280Rw018u1buPOerbU6oxOKw+ate5mK89bnWalnneXs6VWvV6uVrOlu82ddq2XVauVtcpKeWM57d3OXr3/btZpZEujfLndOxi0O/1sN9/P4jOWs9XK2ovL2a1q9vbWdrb91r17W9vvvH/3vfsvbb3+SjrpL21lS6srq6vl6kp5tbp8fuc/+l//r+b/cWp6jPOHMylNuwGA88f6H5iG877+D9b/Y2H9f7HnD2di/Q8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcGF9P//Fa8XOYjy+lsb/l4aeScelEMJMCOG3vzEbLp2qOZvqzD/m/Pk/9fBNKRQVRtdYSNvVEMJm2n79/3/9KgAAAMDT68uPbn4aV+vxx+K0G2KS4k2bmesfjKleKYQwv/jDGKqEdLMpPHv2rqLR7/dcOBpTteIG1uUxFYu33ObGVe0fmT0Vlx+JUoyZibYDAABMxOmVwGRXIQAAAEzSJ9NugOko3mlNn8VPH+BfiJHeELxy6ggAAAB4Ui08/qHSJPsAAAAApqJY//v+PwAAAHi6xe//AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgN/ZuZ+c1KEoDsCnhb7H+2MkxrlbcQbLcAkOHRoW4CZYAm7BDbAGnLkEA4a2RGswMeltG8n3Je3lNuTHKWFy7iUFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC69Fys5o/3Vw9tc7a7dtLcDQAAAHDMpljNyxfTav6vvn5WX7qo51lE5BFxrHcfxa9G5qjOKb54f/GphqeIMmH/Gb/r429EXNfH63nX3wIAAACcrvViOau69eo0Hbog+lQt2uT/bxLlZRFRTF8SpeX702WisPL3PY67RGnlAtYkUVi15DZOlfYto8Yw+TBk1ZD3Wg4AANCLZifQbxcCAABAn26HLoBhZHHYyjzsBZf/vH/fEPzTmAEAAAA/UDZ0AQAAAEDnyv7f8/8AAADgtFXP/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBLm2I1Xy+Ws7Y52107ae4GAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADe2J93FAiBMAiDves7k7n/YaVBU1OTKhA+/sZgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4M3v/vJ/YmqcSeZeG0vPI8naqbF1auydG0d/GF+/BgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBif15SIASCIArmjP+d9P0PKwl6BhEioOFRRS0aAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4ot/98n9iapxJ5k4bS8cjydpVY+uqsfegcfRgvP0bAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBi5/5946biAIA/2+crLSCOgG4IQiAxwEKv19LSlQEUMfAnIEXptQSu/Ggz0KpCysKGMndBMCKEBApb/4fOrdSlbB1uKBITA8g+O3k9InEExb4kn4/0/L62LL/vs6UoXz8nAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANQm7+zGWbHpTeO0Onbv8a21or8/0xfubD1YLloRJ00mfTi8HO8k/fYSAQAA4PjI6vo+hPAw314p+rRX1v95fU5R83/37DSu6/nZur/u69q/aL/+8ujFnYF603GKi15eH4/O/DOVzsHNcrE9969ndMo7X757ycoHkr6/+cIkL+9n8s3du+92y/BEE9kCAPtxuu6roP59qOiHbSYGwLHRiQrvuv7Peu3mBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANCE7mZ4uo6TEMJyZzcu3H98a63sZ/bvbD1YrtuF27e34msWl8hDCJfXx6MzTU3kELh+4+Ynq+Px6FrzwSshhPZGr4IP5zgnhDYz3EeQtP9wFylIq9uxKPkcjqDFH0oAABxJedWKcuVhvr1SHEuWQvjr+yfr/9ejOMT1/0wf1/+PPrpwLx4rrv+Hjc1w8Q02rn4+uH7j5pvrV1evjK6MPn3r7PDt4bmL589fHJTvSgbemAAAAPD/dKsW1//pUgiTmfX/U1Ec5qz/v/h2+FU8Vqb+39Puol/bmQAAABxvz7/6x+/JHseTbjd8ubqxcW043e7sn51uW0j1PztRtbj+z5bazgoAAABowmQzeWL9/1IUhznX/5/54aWf4mtmIYST1fr/6bXPxpeam05L/pzrrCb+nPjApwoAAMBCO1m1eP0/L7//T3c+eUhDCG+8No2rfwM4V/2fvff1j/FY8ff/55qb4kJK+9P7Ufb9EDr9tjMCAADgKHuqakWx/1u+vfLxz6c+6Pr+HwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKBpfwcAAP//DN067Q==")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1817c1, 0x0)
ioctl$F2FS_IOC_START_ATOMIC_WRITE(r0, 0xf501, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000400)=ANY=[], 0xda00)
r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10)
r2 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[@ANYBLOB="18050000000000000000000000000000b7080000000000007b8af8ff00000000b7080000000000007b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYRES32=r2, @ANYBLOB="0000000000000000b704000008000000850000009500000095"], 0x0, 0xfff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x0, 0x10, &(0x7f0000000580)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000700)='kmem_cache_free\x00', r3}, 0x10)
syz_emit_ethernet(0x2a, &(0x7f0000000380)={@local, @empty, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x33, 0x0, @private, @broadcast}, {0x0, 0x0, 0x8}}}}}, 0x0)
ioctl$F2FS_IOC_COMMIT_ATOMIC_WRITE(r0, 0xf502, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x2, 0x4, 0x6, 0x5, 0x1000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00'}, 0x10)
r6 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53048de)
write$binfmt_script(r6, &(0x7f0000000300)={'#! ', './file0'}, 0xb)

3.146018631s ago: executing program 2 (id=621):
syz_mount_image$btrfs(&(0x7f0000005100), &(0x7f0000005140)='./file0\x00', 0x0, &(0x7f0000005180), 0x11, 0x5109, &(0x7f000000f400)="$eJzs3U+IVVUcB/Dz5o8zKcw8QcighS3chhQtVIYeYZCL9KUQtDAnF0EIMtguwWxEEIwaCaSsQAuG3MgDIUGYEBe1CTRJEFqY4KaVQrtaFO/de968d67vvueojennEzP3nvu759zzHncx35fnvgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAhhDVv194vq09tvHJh4eyWg7MHGsdvzh89EkKldbyS13e/8tqOd3fufn08dph+I9tWq72GzLr+njVWdB1s9uv+eSeEMJoMMJxvXx0ujNq5u784YKlrx/adnj25fdPCmvVTl3bNnyu+dJrGl3sCyyW/r24t3ku11u+h5Ix2u+PWq3Tdoln/9Ib7T14EAHBPNtRbm/afo/mfuO32obSetGtJey5px78Q5jobS5GNu6LXPNel9WWaZy2LCmM955nU8/e/3a6n/ZN2EjXuYZ7dp+aRZrzXPGeS+nLNEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOBRcqb2wday+tTGKxcWzm45OHugcfzm/NEjIVRbxytZufL07RMjY9e3/fDRja9PvrT66t/Deb+4Hek4OVyPOxsnQ9jTUbkVh/1jIoR6d6HVDF8UC++1drbGAgAAAI+TZ1q/h9rtLA6OdrUrrTRZaf0XZWHx2rF9p2dPbt+0sGb91KVd8+eWPl69x3i1u47XblcXfyodwTjG33S8xXo8dX9hnHLpiGmeP//Ltq/K+hfyf7U8/8d3Tv4HAADgfsj/6Tjl+uX/PZufnSnrX8j/67ouWcj/ccYx/w+FpeV/AAAAeJQ97PxfK4xTrl/+f/Hwm9+X9S/k/w2D5f+RzmnHgz/HCe+dDGFDv6kDAAAAPcT/77740ULM69knB2lev/rNU7+WjVfI/7XB8v/oA31VAAAAwP3YXr3xfFm9kP/rg+X/sYc6awAAAOBefF75ZLasXsj/04Pl/5X5Nl/5kHX6Mf4rhM8mQxhv7sxkhZ/C3MvtAgAAAPCAxJz+6cffXi47r5D/Z8qf/x+fdBDX/3c9/6+w/r+jkD31b7MHAwAAAPAkKq7nj4/Hz765oNf37w+6/n/i5u3vyq5fyP+HBsv/w53bB/n9fwAAALAE/7fv/3urME65fs///2von4tl/Qv5f26w/B+3qzpf3sX4/hyeDGFtcyd/muCZeLm9SaEx2lFoqSc9dsYeeaEx1lFomUl6vDAZwnPNnUNJYXUszCWFOxN54VRSuBwL+f3QLpxNChfjnXZiIp9uWjgfC/kCi0ZcQbGqvSQi6fFnrx7Nwl17/Na+OAAAwBMlhuc8y452N0MaZRuVfies7HfCUL8ThvudMJKckJ7Y63iY7i7E4x/uOP1lKFHI/6cGy//xrViRbXqt/w9x/X/+vYbt9f/TsVBNCo1YqKdPDKjHa2Rh91i8RrWe97iztl0AAACAx1r8XGB4mecBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/7J3rzFyXfUBwM8+Z3e93l0TpASKYAElIZW8Xm+wpZAgbKAEgQSbynyoUISNvUk33iTGDwmHh9YOQaAUNSkpCShQuxUUf0lWVIhHgVioGFVN1SiVkNOURwgUIUFNSJSKOpGrmXvP7J1zdx6Odx1v+vtJ3jkz//O8c2c85947ZwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgP8fjt3xhotaxd981SPf/u4Db//44Y8s3P3EVz51RwjTtce7snDXxac+11s5+Z7vHfrpF7+wad2jp/vzcnk8rKn+6c7vfCLW+ou1IXyjK4TeNLB+OAv05feHY32vGg5hXVgM1EvMDGUl0obDDwZDOBIWA/WqvjUYwnAhsO3R7z/0mWrinsEQLg0hVNI2flzJ2hhMA5f1Z4GhNHBrbxb4nzOZeuCb3VkAzll8MdR3+oXpxgxjS5drsv/1LVvHXlzp8HpiYqx5vt9uXeFOFfSnD0yf09NWqo4VUXp5HPdqWwWvttJ2vsvTVvwglX9CObMYqoTuXTM37Dgwtz8+0h0mJnqa1bRCz/NjT31059mkV81+GDswtiz74b2f//nHvvTktfff98l3XP/gM78fP9dunixs0mJ6pVVCvs+tmucx2uL9ZBW8/EqfksbbPm21Ii/xD12f/tnf/kmreGn+P9Z6/h9353jb3ZA71np6JJubx0eGY+LUSDY3BwAAgFVjNRw1nf/K1VOt6ivN/8c7O/8fT/nnk/lstMdD2FJL3D4awiW1x7PAsdjcB0dDeG0tNd0Y2JoEjofwilriinpVSYmBWGI8CfxqJA9sSQInYmA6CXw5Bu5KAp+IgYUksDMGjieBt8ZAmG0cxx+P5OPoODAYA9uzjbgQr0J4eiS2lmyrx+tVAQAALJN8dtjXeLdwrcO5ZojTy4XBdhniFdhNM1SSGtIZbH1a1bSG3nY1dLeroT7u+dbDL9Xc1a7m0mUYXY0Z9n70d38WWijN/ydbz/8rS3Skq3T+P4Tran9j7u48MlePb59uyAAAAACcgzVbb9nWKl6a/2/p7Pr/eEykp5A5PBwPQ+weDWGyMZBVe3U5kJ31XpMHAAAAYDWon4+vnwufzW+zS7TT+XQ5//RZ5o8n/rcsmf/X73zTTa36W5r/T3d2/f9Q423WiROxF58dDWGgEPhh7GU1UDMeAz97S2MgH/+JuAHujFXlFybUq7ozltgeA5NJ4EizEo/US1zSGMifrHrjt9fHMZuXKAQAAADgvIuHA+J5+Xj9/2MHTr6tVbnS/H/72V3/X5sHly7vn1sTwobeEHrSLwY8PJQtDBgDw1154rtDWV09aVWHhkK4pjqwtKon8vX/e9M1Bh8dzKqKgUte99WnLqsm/m4whA3FwI/ef3RTNbE/CdQbf99gCK+pjjZt/OsDWeN9aeP3DoTw6kKgXtUHB0KoNtafVvX9Sv47BmlVD1ZCuKgQqFe1uRLCwQDAKhX/K91VfHDfwdt275ibm9m7gol4DH8w3DA7NzOx89a5XZUmfdqV9LlhGaND5TE1XQ4p8Xi+RNGx564a6SRd/57gZLEv+XH80oWD+f34WaivNs6pvoa7V6ZDfsPry02EwiepF2vIQ8VKFp/EUv0xf39YEwYO7JvZO/HhHfv3792Y/e00+1T2Nw4q21Yb0201tFTfLoDd4/JiJRv237xnw76Dt62fvXnHjTM3ztwyNfnGTZs3TU1u3ryhOqrJ7G+boV6+VNXJUM8cPf9DfWVvoZLz8a4hISGx2hLztx9d0+rtpzT/39N6/h/fdeI7f74+Q7Pz/2PxNH/2+OJp/u0xcKTT8/9jzc7m1y8MGE8C8zEw7zQ/AAAALw3xcGQ87BiPWvcfvfI3rcqV5v/znX3/f5nW/68vXf+uZsv8XxFLTDZb/z9d5r++/v98s/X/02X+6+v/H3kR1v8/UA8km+Rp6/8DAAAvBedv/f+2y/unPxBQytB2ef/0BwJKGdou49/pDwSc9fr/Uzf99BehhdL8/67O5v8W7gcAAIALx93/9NRrWsVL8/8jnc3/z//6f6HZ9f/jzQLTzRYGtP4fAAAAq1Sz9f/OjP7F+1qVK83/Fzqb/8fLLrobcsdaT49ka9qFdE27UyP1rwwAAADA6tAdJib6OszbsDLq1hfe5mP5UqCt0kU/vPq/bmxVX2n+f7yz+X/D9zLu/fzPP/alJ6+9//R9n3zH9Q8+8/vxxfP/AAAAwMrp9LgEAAAAAAAAAAAAAADw4jvwgX891Spe+v5/uK72eLPv/8ff/YvfL3h5Q+5Ya/v1//L72979wMHakoUPj4Tw+mJg9+Hd60L+2/yXFwMPXX/FxdXE4bTEd37y1l9WEx9IA+9c/7Jnq4lrksD2uEjiK9JA/FXFZ9cmgbi84r+ngbg9FtJAfx749NpsHF3ptvr1cLatutJt9R/DIYwWAvVt9Y3hrI2udID3JIH6AD+UBuIA35MHutNePbAm61UMDMeif7Mm6xUAABes+CmwL9wwOzczGT/Cx9tX9jbeRg1Llh0qV9vTYfOP50uTHXvuqpFO0j3pZ9HF3xrvC5XqEDaWPq4Ws3TVRrk8tbTZdC9vMuR2q72t1Kbrbz6iwWxEEztvndvV13bgV7bPMtXbNsvG0mSnmKW7tkk7qKWDvnQwog63TQddjve7w8RET5LrTTE4Fhq02yM6/b5+cZ2/ZntBMc+hub7nW9VXmv+PdTb/rxTH9Wz+YwDz8Zf1/nLUMv8AAACwsj699Q/3xX/fGX3vf7bKW5r/j3c2/48HxvJTwdnRjuPx9/9vHw2h9tP6Y1ngWGzug6MhvLaWmo4lsh/Uf1csMZkFjsUDJlfEEtunG6saiIGFJPCrkTxwPAmciIH8KMVXQ34o5+6REDbVUtc1ltgTS4wlgffGwHgSmIiBySSwNga2JIHfrM0D00ngX2IgzDZuq39Ym28rAACAs5HPs/oa74Z0nrfQ2y5DV7sMQ+0ydLfLUGmXodko4v2vxQx9xfPxeYb4UF9a62BSSylD/DH8s+5XKUN4pDFnWrDUdP1KkrHGnDHDtoXDa0MLpfn/ZGfz/6HG26z1E3H+v/j7f1ngh7F7n42Xjo/HwM/e0hjIDwyciJPdO+tVTecl8kn7nbHElhgYTwJ7YmBLEth+XR44cnFjIJ9p1xu/vd74bF6iEAAAAIDzLh4giIdp4vz/vwee/+tW5Urz/y2dzf9je2uKjX0i1vqLtSF8o2uxN/XA+uEsEI9jDMevx79qOIR1hQMc9RIzQ1mJ/qTh8IPB7Bvq/WlV3xrMvnwQ72979PsPfaaauGcwhEsLR1/qbfy4krUxmAYu688CQ2ng1t4sEI/81APf7M4CcM7qRwXjDpVf6lI3tnS5JvvfS+U3QdPhlY6BLpFvqe9crZRK+kB+TLXu7J62UnWsjHT7H/dqWw2vtufz/4Pr/fJqK36QOpNsnuoQu3fN3LDjwNz++Ejxm6wlK/Q8F7+l2kl6GfbD+Rfe26i7aaSSdmAyefuYXLrc0vthV6zu3s///GNfevLa++/75Duuf/CZ34+362C7/Td+UfiWm/535GRh8660Ssj3uQv+/SR9YNr7yWr4byB9YNzTFkK4Y+GSp1vFS/P/6c7m/73Jbc0f4sbcNxrCGwob9+G4+d82mr0PFgLZu+RF5UB2yv3JkabvnAAAALDc6oc76scLZvPb7ILwdJ5czj99lvnj8YotS+bvtN8fufTSf2wVL83/t7ee/w8k3XT+3/l/Vojz/0u60A9FD6QPzJ/ToehSdayI0svD+f+wCl5tpTM1zv8H5/+X7N8ynP9vzvn/lpz/X90u9Ket9Clpjw9dIYTBr1/9SKt4af6/p7P5v/X/ll60r77+3/Zm6//tabb+37z1/wAAgBXVZKG5dJ5XWr2vlCFdva+Uoe0CgW2XGLT+31mv/zf0V+//XWihNP+f72z+H3eHNcXWV8v6f+PXNanqrhjYY2FAAAAALkTNDhAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADw4vrVyaG3t4q/+apHvv3dB97+8cMfWbj7ia986o4QZmuPd2XhrotPfa63cvI93zv00y9+YdO6R09X8nJ9+e0fNeSOtZ4eCeFI4ZHhmDg1Ur2zGNj27gcO9lYTD4+E8PpiYPfh3euqiS+PhHB5MfDQ9VdcXE0cTkt85ydv/WU18YE08M71L3u2mrgmD3Sl3b1/bdbdrrS7n1kbwmghUO/uTWsbq6q3cW0e6E7b+PvhrI0YGI5F7xvO2oiBuVhidiCEDb0h9KRV/XMlq6onrerblayqnrSqj1dCuCaE0JtW9ZP+rKredOT/1p9VFQOXvO6rT11WTRzpD2FDMfCj9x/dVE18KAnUG//T/hBeU91l0sa/1pc13pc2fk9fCK8OIfSnJZ7pzUr0pyWe6A3hokKg3vif94ZwMPCSEN98dhUf3Hfwtt075uZm9q5goj9vazDcMDs3M7Hz1rldlaRPzXQV0mcOlePdHY798ac+urN6e+y5q0Y6Sffm5fpqXZ7qa7h75XL1vmuFeh/7NVSsZPH5KNUf8/eHNWHgwL6ZvRMf3rF//96N2d9Os09lf3vyaLatNi7XturUC91Wlxcr2bD/5j0b9h28bf3szTtunLlx5papyTdu2rxpanLz5g3VUU1mf5djqEfL8Z4VHuorewuVnI83AAkJidWW6G54d5u80P/LLn3QX+xoX6jU3qBL04pilq7aKJdj0Ftbx89y0NUeNf+c0nZEG0sTh1KWqfZZrixNJhazDGZZap/rSpPDYk3dtU0a73eHiYmm/9ONNd4tbr7fLrF5O/VYvuk6TQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwf+zAgQAAAAAAkP9rI1RVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVhBw4EAAAAAID8XxuhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqCjtwLAAAAAAgzN86jJ4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAC4FAAA///jqU04")
r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
fallocate(r0, 0x0, 0x0, 0x1001f0)
fallocate(r0, 0x3, 0x0, 0x10000)
r1 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0)
pwritev2(r1, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x1}], 0x1, 0x0, 0x0, 0x0)

3.088560557s ago: executing program 0 (id=623):
bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x19, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x3, 0x3, 0x0, 0x1, 0x18}]}, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x80)

2.838535888s ago: executing program 4 (id=626):
r0 = socket$inet6(0xa, 0x3, 0x3c)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x0, 0x0, @remote, 0x7}, 0x1c)
sendmmsg$inet(r0, &(0x7f0000000000)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000800)="3cae1baf930b4569b9ddef9797ffd935c7d80e6466b3e4e62dc9603583f5d4b61fbc65b6ac744d7319535e75bf552062e4cfde1ba7ce29263322e18ea9740aa82ca692f123993e57cda00d2b1f4e799bd41e3f76258180fa91a42aaa8b1ebc4e0ea8fb12f2c71e6e5bc57a8e91f254005514721d93c13c5606ae1fea7f31f558d562bd5a8dfb0b9fed873efa221fccffa847cd374c92e6cbb03e6a9de890ce323f000000abcc6c01326d588495b7c1a7db31ec4129e6336f26bb9e0b7552af3cd2d5dda1632799bbc98425c433384d8a8e4071ff39a36dfdfdf05af35a4ddd340cfecd7ec935f4ce7d3e851583ba1cf53a90a7f7bce5703de57ce93ddef7849b30a01de0637e6d5e507b801d32e582e0c2d564539ebfc84c098a23e765552767b122885fb1629e9c180be47da7931bd125b80de15aab0c56a2edf2e0483b87f5ab299dc046076203dea10ccbfc631d5bf4a87ce67004519f248f086346ce6a8a9d181789a59f81d9b7f6781daac3e229914b8b8998c15c3b6302a519331cb05995bc60b7cb872dd3b5b43331c77c5d72e21f7bd2b1a915ff3204e3f20d3a20b22d6a58155b5a4ebf6d1d1cd90c656ecada531c07ff91deb3efa91762cdecfbcc43553750f22ac5c18cc5e8b6f790c2f4e6373af9f98d10e6df49ff8e5cbcbd68e11ed0b967add11410dc2e34f08dbfaf8eb95d4d1153b4c6093192a340eb30fcc71619888c6486746a049585d249efb96b9cace83320b8f96b40ebe3a9a788d05a053380d1026b9434df87a3a387549bcabe88684c4dbf0da9a5212f3dbc8d1dff240856691243b203d7edd4d3cc89a38a6c80fdb1229a01044af7aaecb20d5570ebf24b30bbc6dfc3f70d85cd9f0d60ebd8fedd161d199d9997a0e2d18d1c99bc7158564e0ddb4673055de196535d706d142e1dc7d404583923cb1b286cfc5418884ac7e605d93652dc48ff690894405a0b6abc3c4d0f6a16c0a95c0508bd7eeffcd1da0b17f7701448658864b429e9472edfeffbf34d6e7c78f4aa73c0", 0x2de}, {&(0x7f0000001400)="ab29d92826349952eb8f7a2a74f535bc9739c1df57144c51a3391625b8b5354134b06ef1355506aeae96e3f097503998f375a054cf3d7de4fe53ea51518955349cdbadca60e1c65cc18dbe99369be03e492fb55fc9067bb6f7f7c3ee1720000000054a63ac58225ed0502f5ac8999e0c74a5dbb320bd54ec813e8bee6bfa5cbfb0726ac1b6ad97d802d5fae186f0769421fb965c7396854e2a3ac844a3769f8449901ba5e2b2da1ff6119aeb26ac204cfc6b54be73b6f195491ae2c0cb26b0cba61dae7a17740e8112ff188919c6e2e31a2a074863edba4a0e37b61faec4a42c29d7f9e48a43b8cb7d3c5a1e5aa67f87538140f8d633a54bceb8b1dda2397ea147d3b26e903f608b6ab1844ea7cf630d828f18bba0f0f85e2e6316ae1ed9a2a7d08a05c170cb76bf111930df0cf760f7768571afdefe82a95296cee7c010f748a97046efcc774e7d85edbd5058104fef4942fb4430da89f67d1fea33bf2acfb793a610b3738b393eed8633fc8e8f630932206960e9076c7d7fc99fce018701c50d39b811a7427a7a9fcb340c2755541f228462010ec40ba945a0febd460dad5d548f1be090f5dbaa8ae8835dc47ed2537681827f6129759272574cf58f2f33e47a0e416573cfdcfb44ed9dd4ce41af4de9c471c49f12f090934c3b32f2f4777c65b1574826727f5f62373e140cd97dc8e1e2f52b77d75d3aa634a1049df536055a1736428cad9dbd2bf38e4365f9cf6bc8dcf9045d258c335080dadca4033afe77aae529c8d4d9a20c7f656e814f70", 0x22f}], 0x2, 0x0, 0x0, 0x900}}], 0x2, 0x0)

848.055767ms ago: executing program 4 (id=627):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000023c0)={<r1=>0xffffffffffffffff})
r2 = syz_genetlink_get_family_id$team(&(0x7f00000026c0), 0xffffffffffffffff)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r3}, 0x10)
ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000002700)={'team0\x00', <r4=>0x0})
sendmsg$TEAM_CMD_OPTIONS_GET(r0, &(0x7f0000002b00)={0x0, 0x0, &(0x7f0000002ac0)={&(0x7f0000002800)={0x20, r2, 0xe31, 0x0, 0x0, {}, [{{0x8, 0x1, r4}, {0x4}}]}, 0x20}}, 0x0)

679.022625ms ago: executing program 4 (id=629):
getresgid(&(0x7f0000000140), &(0x7f00000002c0)=<r0=>0x0, &(0x7f0000000000)=<r1=>0x0)
syz_mount_image$msdos(&(0x7f00000000c0), &(0x7f0000000200)='./file0\x00', 0x10814, &(0x7f0000000cc0)=ANY=[@ANYBLOB='umask=00000000000000000000000,flush,nodots,dots,gid=', @ANYRESHEX=r1, @ANYBLOB="00006b746769643d0092", @ANYRESOCT, @ANYBLOB="1500bba7d41fabba4332de3ca642acf6f8de847e3f21783608008708a887d30aaf0a14b0691d48445fe3b4d1ddde1b81337b2c3b5f88535d7f6fa931b84783704494cebe49ca9f6269b05edde0246c360d0566b4056f0f02ccab035d3d0a5cde0b31bd424949fe23c0a0a25691738006c5c6acdf101fecdb4f79abdfb95c6afaea03dd5903b5240565f31504c207a9a2aa6c8108fb973081e90412a3c6cfa3b2513693727fad9acd8108acb8b90fab033c9dac0dc3e5a61c513e7b5edc5d76320f0e54045ea2b7b8fb1f78d3d346e26ee5ed6926cea1ffe0a1", @ANYRESOCT=r0], 0x1, 0x1fa, &(0x7f0000000500)="$eJzs2zFrE2EYB/Dn2rRe7GAHJ1E4cHEK6icwSAUxIEQy6GSgurQipEsUxH4eZz+EX8alg2SLXO5om2sLjWdyEn8/ON6H/O/guSF53uHN27sfDvY/Hr3f+nISaZLFRsSTmETs5lUpKdd0Vm/HnCTq+FXraQDgj/T7w27TPbBco1F3eDsidi4kg2+NNAQAAAAAAAAAAEBti5z/34j4Wj3/f7zifgGA+pz/X1/tch2NusN7xf6twvl/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoDmT6fTWNL/Sci2vGxGRRkQ7Im5GRCsi8s+b7hcAqG8ynZ/7V83/iEgiwvwHgDXw6vWbF91eb6+fZWnEz+PxYDwo1iJ/9ry39zCb2T176mQ8Hmye5o+KPJvPt2b7hjx/fGm+HQ/uF3mePX3Zq+Q7sb/81weA/1InO3Vuvm+WV0Snc1mez+eiOrc/qMzvVtxprew1AIAFHH36fDA8PHw3+utFsthT7bKhq+/53lpWq4prFT+Sf6INRd0ivc7NDf8wAUt39qWvJmkzDQEAAAAAAAAAAAAAABes4i9HTb8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADr53cAAAD//8h6UUs=")
r2 = syz_init_net_socket$rose(0xb, 0x5, 0x0)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000001800), 0x4)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r3, 0x0)
getsockopt$rose(r2, 0x104, 0x7, 0x0, &(0x7f0000000040))

678.123009ms ago: executing program 1 (id=630):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @meta={{0x9}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_META_DREG={0x8}, @NFTA_META_KEY={0x8, 0x2, 0x1, 0x0, 0x14}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x7c}}, 0x0)

512.687537ms ago: executing program 1 (id=631):
r0 = add_key(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe)
r1 = socket$inet(0x2, 0x1, 0x0)
syz_emit_ethernet(0x34e, &(0x7f0000000140)={@local, @link_local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "00ed04", 0x318, 0x3a, 0xff, @remote, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x19, 0xa, "a78c000005dc8080a2030003004023493b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34060600000000000000dac15084dbaf736b41e5af0502"}, {0x0, 0x1, "000005000000000026000400"}, {0x0, 0x18, "fe906d26efe39393fe08f73eabc5977b1190a3a6ad8338f1511cdd10c35d8f6de79fc7fd175f75649fa368a32c829af02d7f44d92324a7051e460a13ddde25a5b85b9d930914625d8a049b4cf0d129806a610ad8477a2499a9a0527f75b655a6653d0363a979acf93f88eea07d68423e90280409de1657275f716a2bf3915d1783e8eb477b0d1170f0ecbdef4c23e1b76e9ab3d2fbe4b34438d2a77577edd0ebed9682b851b380ae0cab282af9d7ebe668177704c5fd4698c934de4731f3f61effc978"}, {0x0, 0x1d, "06aa85616177c61bc943afcb84619755403946b0730a18d5c38cf7dcad830f2dc8674b87ba8b58f81ece27975cc39e595e9af90b4fe92a38d25551c2d9ebfc5dfc5a2a501b7e483de3f808895c5f4a1a2367bc591dd8b094822ff0dea07c9a1f643c822a18b79f7c5eba31fb68b2d734a6671e27182aee4df24a4a5cf390dab23b500b0c0272479611e4f7f4299ec4d926d443367b105185e6ecd9602ba95392343e9bbd047ef6bc1ba42399907ccd0a562db212baa39eb8164e240069f656d3a05fecf894222a141123f5ac010000000000000090aa235a670670ffc5dc49dfb58d00000000000000"}, {0x0, 0xb, "17dcea468000000000054740a5d4901b0aeff04c0300f3c75dc2d227a83b89483b1084743475671545e65eb2bce9ac946a3f0e2bc4000091394c02bcfbbb7d71138537d68e2d2c6393a9f3cc271a9ff09a48b5b303f4f0"}, {0xe, 0x7, "b8a3e10000a3e1100000006f00ffc0ffff00000000600000ff0bc0fe000000000000000000000000d9a0274400"/55}, {0x0, 0xc, "5e14f0e74d2d42cfb3f27fafb60845f90b6dfc2e37bc87c6905bbc94d33e1ea71a28105f543e868a8a53b360a9d33e2b1e26eb1d180600027628cf9ef083611c9f6ae2e1eb3d8bf9c6ab2642c4808298e62afbf03269f1f98aea6ab3beb5fdc5fdaabc2c"}]}}}}}}, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000356ffc)=0xffffffffffffff40, 0x4)
bind$inet(r1, &(0x7f0000e15000)={0x2, 0x4e20, @multicast2}, 0x10)
r2 = socket$inet(0x2, 0x1, 0x0)
setsockopt$sock_int(r2, 0x1, 0x23, &(0x7f0000356ffc)=0xffffffffffffff40, 0x4)
bind$inet(r2, &(0x7f0000e15000)={0x2, 0x4e20, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10)
setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x33, &(0x7f00000a2000)={0x1, &(0x7f0000000200)=[{0x6}]}, 0x10)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
capset(0x0, &(0x7f0000000100))
r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0)
fcntl$dupfd(r3, 0x0, r3)
ioctl$SCSI_IOCTL_GET_PCI(0xffffffffffffffff, 0x2284, 0x0)
r4 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0)
ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0xc1105517, &(0x7f0000000100)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x3, 0x0, 0xffff, 0x0, 0x1, 0x0, 'syz0\x00', &(0x7f0000000080)=['/dev/snd/controlC#\x00'], 0x13})
listen(r2, 0x0)
r5 = add_key$keyring(&(0x7f0000000000), &(0x7f00000004c0)={'syz', 0x3}, 0x0, 0x0, r0)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r0, 0x0, 0x0)
keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r5, &(0x7f0000000180)='asymmetric\x00', &(0x7f00000001c0)=@keyring={'key_or_keyring:', r0})

462.096803ms ago: executing program 1 (id=632):
r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000001f80), 0x2, 0x0)
write$FUSE_NOTIFY_DELETE(r0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="45000000060000000000000000000000000000000000000000000000000000001c"], 0x45)

433.533363ms ago: executing program 1 (id=633):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0))
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f0000000000)='./bus\x00', 0x21081e, &(0x7f00000001c0)={[{@grpquota}, {@inode_readahead_blks={'inode_readahead_blks', 0x3d, 0x800}}, {@minixdf}]}, 0x1, 0x4fa, &(0x7f0000000ac0)="$eJzs3c9vG1kdAPCvnThx0uwmu+wBEOyW3YWCqjqJuxut9gDLCSFUCdEjSG1I3CiKHUexU5rQQ3rmikQlTnDkD+DcE3cuCG5cygGJHxGoQeLg1YwnqZvaTdQkdhR/PtJo3ps39fe9pvNe/U3iF8DQuhoRuxExFhF3I2I6u57LjvisfST3Pdt7uLS/93ApF63W7X/l0vbkWnT8mcSV7DWLEfGj70X8NPdy3Mb2ztpitVrZzOqzzdrGbGN758ZqbXGlslJZL5cX5hfmPrn5cfnMxvpebSwrffXpH3e/9fOkW1PZlc5xnKX20AuHcRKjEfGD8wg2ACPZeMYG3RFeSz4i3o6I99PnfzpG0q8mAHCZtVrT0ZrurAMAl10+zYHl8qUsFzAV+Xyp1M7hvROT+Wq90bx+r761vtzOlc1EIX9vtVqZy3KFM1HIJfX5tPy8Xj5SvxkRb0XEL8cn0nppqV5dHuR/fABgiF05sv7/d7y9/gMAl1xx0B0AAPrO+g8Aw8f6DwDDx/oPAMOnvf5PDLobAEAfef8PAMPH+g8AQ+WHt24lR2s/+/zr5fvbW2v1+zeWK421Um1rqbRU39wordTrK+ln9tSOe71qvb4x/1FsPZj59kajOdvY3rlTq2+tN++kn+t9p1JI79rtw8gAgF7eeu/JX3LJivzpRHpEx14OhYH2DDhv+UF3ABiYkUF3ABgYu33B8DrFe3zpAbgkumzR+4Jit18QarVarfPrEnDOrn1J/h+GVUf+308Bw5CR/4fhJf8Pw6vVyp10z/846Y0AwMUmxw/0+P7/29n5d9k3B36yfPSOx+fZKwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALjYDvb/LWV7gU9FPl8qRbwRETNRyN1brVbmIuLNiPjzeGE8qc8PuM8AwGnl/57L9v+6Nv3h1AtN7145LI5FxM9+fftXDxabzc0/RYzl/j1+cL35OLte7n/vAYDjHazT6bnjjfyzvYdLB0c/+/OP70ZEsR1/f28s9g/jj8Zoei5GISIm/5PL6m25jtzFaew+iogvdht/LqbSHEh759Oj8ZPYb/Q1fv6F+Pm0rX1O/i6+cAZ9gWHzJJl/Puv2/OXjanru/vwX0xnq9LL5L3mppf10Dnwe/2D+G+kx/109aYyP/vD9dmni5bZHEV8ejTiIvd8x/xzEz/WI/+EJ4//1K+++36ut9ZuIa9E9fmes2WZtY7axvXNjtba4UlmprJfLC/MLc5/c/Lg8m+aoZ3uvBv/89PqbvdqS8U/2iF88ZvxfP+H4f/v/uz/+2ivif/ODbvHz8c4r4idr4jdOGH9x8vfFXm1J/OUe4z/u63/9hPGf/m3npW3DAYDBaWzvrC1Wq5VNBYWLX0j+yV6AbnQtfKdfscaie9MvPmg/00eaWq3XitVrxjiLrBtwERw+9BHxv0F3BgAAAAAAAAAAAAAA6Kofv7E06DECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABweX0eAAD//19xzyM=")
fchownat(0xffffffffffffff9c, &(0x7f0000000480)='./file0\x00', 0x0, 0x0, 0x0)

362.11643ms ago: executing program 4 (id=634):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000300)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x54c, 0x268, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0)
syz_usb_control_io(r0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000500)={{r1}, &(0x7f0000000180), &(0x7f00000004c0)=r2}, 0x20)
syz_usb_control_io$hid(r0, &(0x7f0000000780)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="002205"], 0x0}, 0x0)

110.593432ms ago: executing program 1 (id=635):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
connect$pppl2tp(r1, &(0x7f0000000980)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32)
connect$pppl2tp(r0, &(0x7f0000000980)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}, 0x1, 0x3}}, 0x26)
getsockopt$bt_BT_SECURITY(r0, 0x111, 0x4, 0x0, 0x20001100)

64.554779ms ago: executing program 2 (id=636):
r0 = socket$inet6(0xa, 0x6, 0x0)
setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000f59ffc)=0x4, 0x4)
bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c)
r1 = socket$inet6(0xa, 0x6, 0x0)
setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000080)=0x5, 0x4)
bind$inet6(r1, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast1, 0x2}, 0x1c)

0s ago: executing program 1 (id=637):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000000)={'filter\x00', 0x104, 0x4, 0x3d0, 0x100, 0x100, 0x100, 0x2e8, 0x2e8, 0x2e8, 0x4, 0x0, {[{{@arp={@remote, @multicast2, 0x0, 0x0, 0x0, 0x0, {@mac=@link_local={0x2, 0x80, 0xc2, 0x7}}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'bridge0\x00', 'erspan0\x00'}, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x0, 0x4}}}, {{@uncond, 0xc0, 0x100}, @unspec=@RATEEST={0x40, 'RATEEST\x00', 0x0, {'syz0\x00', 0x0, 0x2}}}, {{@arp={@remote, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, {}, {@mac=@multicast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0_vlan\x00', 'veth1_macvtap\x00'}, 0xc0, 0xe8}, @unspec=@CLASSIFY={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x420)

kernel console output (not intermixed with test programs):

Warning: Permanently added '10.128.0.61' (ED25519) to the list of known hosts.
[   49.100590][ T5084] cgroup: Unknown subsys name 'net'
[   49.227742][ T5084] cgroup: Unknown subsys name 'rlimit'
Setting up swapspace version 1, size = 127995904 bytes
[   50.341903][ T5084] Adding 124996k swap on ./swap-file.  Priority:0 extents:1 across:124996k 
[   53.581361][ T5096] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[   53.588885][ T5096] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[   53.596322][ T5096] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[   53.614615][ T5096] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[   53.626286][ T5100] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[   53.633723][ T5100] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[   53.641328][ T5100] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[   53.650705][   T53] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[   53.658033][   T53] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[   53.665969][   T53] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[   53.673577][   T53] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[   53.680822][   T53] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[   53.731907][ T5096] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[   53.747495][ T5096] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[   53.762790][ T5096] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[   53.770485][ T5096] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[   53.779017][ T5096] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[   53.783230][ T5101] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[   53.793411][ T5101] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[   53.802400][   T53] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[   53.804036][ T5096] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   53.817747][ T5096] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[   53.824995][ T4497] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   53.832463][ T4497] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[   53.840291][ T4497] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[   53.852295][ T4497] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[   53.857647][ T5096] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[   53.859567][ T4497] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[   53.867161][ T5096] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[   53.880650][ T5096] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[   54.082257][ T5093] chnl_net:caif_netlink_parms(): no params data found
[   54.162031][ T5097] chnl_net:caif_netlink_parms(): no params data found
[   54.251923][ T5093] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.259302][ T5093] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.266552][ T5093] bridge_slave_0: entered allmulticast mode
[   54.273644][ T5093] bridge_slave_0: entered promiscuous mode
[   54.280677][ T5093] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.287859][ T5093] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.295870][ T5093] bridge_slave_1: entered allmulticast mode
[   54.302792][ T5093] bridge_slave_1: entered promiscuous mode
[   54.325725][ T5097] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.332910][ T5097] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.340154][ T5097] bridge_slave_0: entered allmulticast mode
[   54.346855][ T5097] bridge_slave_0: entered promiscuous mode
[   54.389328][ T5097] bridge0: port 2(bridge_slave_1) entered blocking state
[   54.396573][ T5097] bridge0: port 2(bridge_slave_1) entered disabled state
[   54.403911][ T5097] bridge_slave_1: entered allmulticast mode
[   54.410376][ T5097] bridge_slave_1: entered promiscuous mode
[   54.447103][ T5093] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.458258][ T5093] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.496729][ T5093] team0: Port device team_slave_0 added
[   54.517553][ T5097] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   54.536011][ T5093] team0: Port device team_slave_1 added
[   54.548159][ T5103] chnl_net:caif_netlink_parms(): no params data found
[   54.559559][ T5097] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   54.583684][ T5107] chnl_net:caif_netlink_parms(): no params data found
[   54.624575][ T5093] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.631644][ T5093] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.657626][ T5093] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.696282][ T5093] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.703456][ T5093] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.729602][ T5093] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.749027][ T5097] team0: Port device team_slave_0 added
[   54.768482][ T5097] team0: Port device team_slave_1 added
[   54.799354][ T5097] batman_adv: batadv0: Adding interface: batadv_slave_0
[   54.806572][ T5097] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.832938][ T5097] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   54.848175][ T5105] chnl_net:caif_netlink_parms(): no params data found
[   54.876034][ T5097] batman_adv: batadv0: Adding interface: batadv_slave_1
[   54.883077][ T5097] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   54.909438][ T5097] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   54.970267][ T5093] hsr_slave_0: entered promiscuous mode
[   54.976748][ T5093] hsr_slave_1: entered promiscuous mode
[   54.984384][ T5103] bridge0: port 1(bridge_slave_0) entered blocking state
[   54.991486][ T5103] bridge0: port 1(bridge_slave_0) entered disabled state
[   54.998944][ T5103] bridge_slave_0: entered allmulticast mode
[   55.005760][ T5103] bridge_slave_0: entered promiscuous mode
[   55.023138][ T5107] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.030369][ T5107] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.037811][ T5107] bridge_slave_0: entered allmulticast mode
[   55.044769][ T5107] bridge_slave_0: entered promiscuous mode
[   55.052204][ T5107] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.059505][ T5107] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.066869][ T5107] bridge_slave_1: entered allmulticast mode
[   55.073860][ T5107] bridge_slave_1: entered promiscuous mode
[   55.088370][ T5103] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.095701][ T5103] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.102929][ T5103] bridge_slave_1: entered allmulticast mode
[   55.109401][ T5103] bridge_slave_1: entered promiscuous mode
[   55.167014][ T5103] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.180831][ T5107] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.206362][ T5103] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.229373][ T5107] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.254030][ T5097] hsr_slave_0: entered promiscuous mode
[   55.260735][ T5097] hsr_slave_1: entered promiscuous mode
[   55.266790][ T5097] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   55.274650][ T5097] Cannot create hsr debugfs directory
[   55.315294][ T5103] team0: Port device team_slave_0 added
[   55.334067][ T5107] team0: Port device team_slave_0 added
[   55.340105][ T5105] bridge0: port 1(bridge_slave_0) entered blocking state
[   55.347277][ T5105] bridge0: port 1(bridge_slave_0) entered disabled state
[   55.354676][ T5105] bridge_slave_0: entered allmulticast mode
[   55.361608][ T5105] bridge_slave_0: entered promiscuous mode
[   55.378037][ T5103] team0: Port device team_slave_1 added
[   55.388881][ T5107] team0: Port device team_slave_1 added
[   55.395190][ T5105] bridge0: port 2(bridge_slave_1) entered blocking state
[   55.402293][ T5105] bridge0: port 2(bridge_slave_1) entered disabled state
[   55.409695][ T5105] bridge_slave_1: entered allmulticast mode
[   55.416940][ T5105] bridge_slave_1: entered promiscuous mode
[   55.490443][ T5103] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.497482][ T5103] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.523942][ T5103] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.539495][ T5107] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.547365][ T5107] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.573311][ T5107] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.586194][ T5105] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[   55.600186][ T5103] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.607148][ T5103] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.633155][ T5103] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.648468][ T5107] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.655625][ T5107] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.681623][ T5107] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   55.694115][ T5105] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[   55.723029][ T5096] Bluetooth: hci0: command tx timeout
[   55.762131][ T5105] team0: Port device team_slave_0 added
[   55.794049][ T5105] team0: Port device team_slave_1 added
[   55.803601][ T5096] Bluetooth: hci1: command tx timeout
[   55.823395][ T5107] hsr_slave_0: entered promiscuous mode
[   55.829669][ T5107] hsr_slave_1: entered promiscuous mode
[   55.836707][ T5107] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   55.844325][ T5107] Cannot create hsr debugfs directory
[   55.865316][ T5103] hsr_slave_0: entered promiscuous mode
[   55.871489][ T5103] hsr_slave_1: entered promiscuous mode
[   55.877768][ T5103] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   55.885401][ T5096] Bluetooth: hci2: command tx timeout
[   55.885615][ T5103] Cannot create hsr debugfs directory
[   55.936245][ T5105] batman_adv: batadv0: Adding interface: batadv_slave_0
[   55.943343][ T5105] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   55.969916][ T5105] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[   55.972755][ T5100] Bluetooth: hci4: command tx timeout
[   55.981800][ T5105] batman_adv: batadv0: Adding interface: batadv_slave_1
[   55.993037][ T5096] Bluetooth: hci3: command tx timeout
[   55.994281][ T5105] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[   56.025041][ T5105] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[   56.078335][ T5093] netdevsim netdevsim3 netdevsim0: renamed from eth0
[   56.088612][ T5093] netdevsim netdevsim3 netdevsim1: renamed from eth1
[   56.117944][ T5093] netdevsim netdevsim3 netdevsim2: renamed from eth2
[   56.157762][ T5093] netdevsim netdevsim3 netdevsim3: renamed from eth3
[   56.170203][ T5105] hsr_slave_0: entered promiscuous mode
[   56.177027][ T5105] hsr_slave_1: entered promiscuous mode
[   56.183316][ T5105] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[   56.190861][ T5105] Cannot create hsr debugfs directory
[   56.236546][ T5097] netdevsim netdevsim1 netdevsim0: renamed from eth0
[   56.249093][ T5097] netdevsim netdevsim1 netdevsim1: renamed from eth1
[   56.278906][ T5097] netdevsim netdevsim1 netdevsim2: renamed from eth2
[   56.312235][ T5097] netdevsim netdevsim1 netdevsim3: renamed from eth3
[   56.396788][ T5107] netdevsim netdevsim0 netdevsim0: renamed from eth0
[   56.406217][ T5107] netdevsim netdevsim0 netdevsim1: renamed from eth1
[   56.415522][ T5107] netdevsim netdevsim0 netdevsim2: renamed from eth2
[   56.425472][ T5107] netdevsim netdevsim0 netdevsim3: renamed from eth3
[   56.491269][ T5103] netdevsim netdevsim2 netdevsim0: renamed from eth0
[   56.516862][ T5103] netdevsim netdevsim2 netdevsim1: renamed from eth1
[   56.527056][ T5103] netdevsim netdevsim2 netdevsim2: renamed from eth2
[   56.546685][ T5103] netdevsim netdevsim2 netdevsim3: renamed from eth3
[   56.617001][ T5105] netdevsim netdevsim4 netdevsim0: renamed from eth0
[   56.626397][ T5105] netdevsim netdevsim4 netdevsim1: renamed from eth1
[   56.648295][ T5105] netdevsim netdevsim4 netdevsim2: renamed from eth2
[   56.658067][ T5105] netdevsim netdevsim4 netdevsim3: renamed from eth3
[   56.694593][ T5093] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.713054][ T5097] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.727871][ T5093] 8021q: adding VLAN 0 to HW filter on device team0
[   56.746676][   T25] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.753807][   T25] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.768352][ T5107] 8021q: adding VLAN 0 to HW filter on device bond0
[   56.788647][ T5143] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.795817][ T5143] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.811816][ T5097] 8021q: adding VLAN 0 to HW filter on device team0
[   56.849115][ T5107] 8021q: adding VLAN 0 to HW filter on device team0
[   56.866287][ T5143] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.873524][ T5143] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.881882][ T5143] bridge0: port 1(bridge_slave_0) entered blocking state
[   56.889017][ T5143] bridge0: port 1(bridge_slave_0) entered forwarding state
[   56.963527][   T25] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.970655][   T25] bridge0: port 2(bridge_slave_1) entered forwarding state
[   56.983963][   T25] bridge0: port 2(bridge_slave_1) entered blocking state
[   56.991105][   T25] bridge0: port 2(bridge_slave_1) entered forwarding state
[   57.018345][ T5103] 8021q: adding VLAN 0 to HW filter on device bond0
[   57.044982][ T5103] 8021q: adding VLAN 0 to HW filter on device team0
[   57.066508][ T5105] 8021q: adding VLAN 0 to HW filter on device bond0
[   57.091035][ T5143] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.098205][ T5143] bridge0: port 1(bridge_slave_0) entered forwarding state
[   57.124898][ T5143] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.132029][ T5143] bridge0: port 2(bridge_slave_1) entered forwarding state
[   57.169957][ T5093] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.216399][ T5105] 8021q: adding VLAN 0 to HW filter on device team0
[   57.281175][   T25] bridge0: port 1(bridge_slave_0) entered blocking state
[   57.288329][   T25] bridge0: port 1(bridge_slave_0) entered forwarding state
[   57.349234][   T25] bridge0: port 2(bridge_slave_1) entered blocking state
[   57.356385][   T25] bridge0: port 2(bridge_slave_1) entered forwarding state
[   57.378620][ T5093] veth0_vlan: entered promiscuous mode
[   57.411035][ T5093] veth1_vlan: entered promiscuous mode
[   57.454298][ T5097] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.497445][ T5093] veth0_macvtap: entered promiscuous mode
[   57.518358][ T5093] veth1_macvtap: entered promiscuous mode
[   57.541765][ T5107] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.563334][ T5093] batman_adv: batadv0: Interface activated: batadv_slave_0
[   57.580940][ T5103] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.611333][ T5093] batman_adv: batadv0: Interface activated: batadv_slave_1
[   57.629081][ T5093] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   57.643707][ T5093] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   57.653600][ T5093] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   57.662313][ T5093] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   57.690477][ T5097] veth0_vlan: entered promiscuous mode
[   57.719934][ T5097] veth1_vlan: entered promiscuous mode
[   57.734795][ T5105] 8021q: adding VLAN 0 to HW filter on device batadv0
[   57.768825][ T5103] veth0_vlan: entered promiscuous mode
[   57.799899][ T5107] veth0_vlan: entered promiscuous mode
[   57.805976][ T5096] Bluetooth: hci0: command tx timeout
[   57.822095][ T5103] veth1_vlan: entered promiscuous mode
[   57.849000][ T5107] veth1_vlan: entered promiscuous mode
[   57.883940][ T5096] Bluetooth: hci1: command tx timeout
[   57.887483][ T5097] veth0_macvtap: entered promiscuous mode
[   57.908850][ T2820] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   57.920492][ T2820] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   57.930308][ T5097] veth1_macvtap: entered promiscuous mode
[   57.950705][ T5097] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   57.961296][ T5097] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   57.971985][ T5096] Bluetooth: hci2: command tx timeout
[   57.979402][ T5097] batman_adv: batadv0: Interface activated: batadv_slave_0
[   58.005820][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.014154][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.021507][ T5107] veth0_macvtap: entered promiscuous mode
[   58.030632][ T5097] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   58.041892][ T5097] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.054144][ T5096] Bluetooth: hci3: command tx timeout
[   58.055384][ T5100] Bluetooth: hci4: command tx timeout
[   58.060638][ T5097] batman_adv: batadv0: Interface activated: batadv_slave_1
[   58.090979][ T5107] veth1_macvtap: entered promiscuous mode
[   58.105949][ T5103] veth0_macvtap: entered promiscuous mode
[   58.118478][ T5097] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   58.128800][ T5097] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   58.138054][ T5097] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   58.147291][ T5097] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   58.174240][ T5103] veth1_macvtap: entered promiscuous mode
[   58.192336][ T5103] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   58.219562][ T5103] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.242991][ T5103] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   58.244225][ T5175] loop3: detected capacity change from 0 to 2048
[   58.253812][ T5103] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.275514][ T5103] batman_adv: batadv0: Interface activated: batadv_slave_0
[   58.298764][ T5107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   58.311886][ T5107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.314057][ T5175] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   58.322348][ T5107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   58.346370][ T5107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.356286][ T5107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   58.367696][ T5107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.378941][ T5107] batman_adv: batadv0: Interface activated: batadv_slave_0
[   58.388891][ T5103] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   58.401434][ T5103] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.411400][ T5103] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   58.422379][ T5103] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.436303][ T5103] batman_adv: batadv0: Interface activated: batadv_slave_1
[   58.468840][ T5107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   58.479759][ T5107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.489749][ T5107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   58.501936][ T5107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.514341][ T5107] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   58.527425][ T5107] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   58.541427][ T5107] batman_adv: batadv0: Interface activated: batadv_slave_1
[   58.825807][ T5105] veth0_vlan: entered promiscuous mode
[   58.840207][ T5103] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   58.850534][ T5103] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   58.859373][ T5103] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   58.868240][ T5103] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   58.895439][ T5107] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   58.904778][ T5107] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   58.914144][ T5107] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   58.923380][ T5107] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   58.934428][   T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.942275][   T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   58.947640][ T5105] veth1_vlan: entered promiscuous mode
[   58.987099][   T57] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   58.997240][   T57] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.020485][ T5105] veth0_macvtap: entered promiscuous mode
[   59.058819][ T5105] veth1_macvtap: entered promiscuous mode
[   59.080539][   T57] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.102630][   T57] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.146653][ T5093] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   59.202484][ T2809] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.210750][ T2809] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.215868][ T5182] loop1: detected capacity change from 0 to 256
[   59.226373][   T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.263909][   T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.306170][ T5105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   59.317650][ T5105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.329078][ T5105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   59.341855][ T5105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.351957][ T5105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   59.363058][ T5105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.373093][ T5105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[   59.383724][ T5105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.396873][ T5105] batman_adv: batadv0: Interface activated: batadv_slave_0
[   59.421401][ T5186] loop1: detected capacity change from 0 to 1024
[   59.427886][ T2820] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.429342][ T5105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   59.437935][ T2820] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.459268][ T5105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.469858][ T5186] EXT4-fs: Ignoring removed oldalloc option
[   59.478899][ T5105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   59.489970][ T5186] EXT4-fs (loop1): stripe (3) is not aligned with cluster size (16), stripe is disabled
[   59.500068][ T5105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.512281][ T5105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   59.526752][ T5105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.537461][ T5105] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[   59.541519][ T5186] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   59.550833][ T5105] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[   59.576904][ T5105] batman_adv: batadv0: Interface activated: batadv_slave_1
[   59.576979][ T5192] loop2: detected capacity change from 0 to 64
[   59.594579][ T5192] hfs: unable to parse mount options
[   59.607111][ T5105] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[   59.616089][ T5105] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[   59.626291][ T5105] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[   59.635063][ T5105] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[   59.682324][ T5192] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details.
[   59.745829][ T5097] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   59.792188][ T2820] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.801030][ T2820] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.864946][   T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[   59.875177][   T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[   59.894389][ T5100] Bluetooth: hci0: command tx timeout
[   59.969251][ T5100] Bluetooth: hci1: command tx timeout
[   60.004173][ T5199] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   60.112985][ T5100] Bluetooth: hci2: command tx timeout
[   60.123393][ T5100] Bluetooth: hci3: command tx timeout
[   60.132866][ T5100] Bluetooth: hci4: command tx timeout
[   60.433471][ T5199] Bluetooth: MGMT ver 1.23
[   60.448649][ T5199] Bluetooth: hci3: invalid length 0, exp 2 for type 0
[   60.621546][ T5100] Bluetooth: Unknown BR/EDR signaling command 0x10
[   60.639385][ T5100] Bluetooth: Wrong link type (-22)
[   60.644766][ T5100] Bluetooth: Unknown BR/EDR signaling command 0x0d
[   60.651328][ T5100] Bluetooth: Wrong link type (-22)
[   60.656565][ T5100] Bluetooth: Unknown BR/EDR signaling command 0x11
[   60.663162][ T5100] Bluetooth: Wrong link type (-22)
[   60.836360][ T5223] loop0: detected capacity change from 0 to 1024
[   60.849623][ T5223] EXT4-fs: Ignoring removed oldalloc option
[   60.884181][ T5223] EXT4-fs (loop0): stripe (3) is not aligned with cluster size (16), stripe is disabled
[   60.939952][ T5223] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   60.973923][ T5144] IPVS: starting estimator thread 0...
[   61.083143][ T5232] IPVS: using max 46 ests per chain, 110400 per kthread
[   61.178735][ T5107] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   61.208668][ T5240] loop4: detected capacity change from 0 to 1024
[   61.224180][ T5240] ext4: Unknown parameter 'euid<00000000000000000000'
[   61.268488][ T5208] loop3: detected capacity change from 0 to 32768
[   61.281489][ T5208] XFS: ikeep mount option is deprecated.
[   61.331933][ T5249] loop0: detected capacity change from 0 to 64
[   61.350848][ T5208] XFS (loop3): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   61.380573][ T5249] hfs: unable to parse mount options
[   61.466913][    T0] NOHZ tick-stop error: local softirq work is pending, handler #10!!!
[   61.468537][ T5255] netlink: 830 bytes leftover after parsing attributes in process `syz.4.20'.
[   61.518618][ T5208] XFS (loop3): Ending clean mount
[   61.550349][ T5208] XFS (loop3): Quotacheck needed: Please wait.
[   61.631248][ T5208] XFS (loop3): Quotacheck: Done.
[   61.703696][ T5255] loop4: detected capacity change from 0 to 512
[   61.710974][ T5093] XFS (loop3): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   61.744079][ T5255] EXT4-fs: Invalid want_extra_isize 5
[   61.871178][ T5272] netlink: 'syz.2.30': attribute type 10 has an invalid length.
[   62.316022][ T5096] Bluetooth: hci1: command tx timeout
[   62.321487][ T5096] Bluetooth: hci2: command tx timeout
[   62.330085][ T4497] Bluetooth: hci4: command tx timeout
[   62.335784][ T5101] Bluetooth: hci3: command tx timeout
[   62.341424][ T5100] Bluetooth: hci0: command tx timeout
[   62.379967][ T5272] team0: Port device geneve1 added
[   62.790926][ T5262] loop1: detected capacity change from 0 to 40427
[   62.802664][ T5262] F2FS-fs (loop1): invalid crc value
[   62.828641][ T5262] F2FS-fs (loop1): Found nat_bits in checkpoint
[   62.867979][ T5262] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[   62.898997][ T5097] syz-executor: attempt to access beyond end of device
[   62.898997][ T5097] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   62.913427][ T5097] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[   64.363678][ T5273] Bluetooth: hci1: command tx timeout
[   66.090409][ T5287] loop2: detected capacity change from 0 to 128
[   66.102703][    C0] eth0: bad gso: type: 1, size: 1408
[   66.108757][    C0] eth0: bad gso: type: 1, size: 1408
[   66.125806][    C0] eth0: bad gso: type: 1, size: 1408
[   66.132036][    C0] eth0: bad gso: type: 1, size: 1408
[   66.228488][ T5292] loop3: detected capacity change from 0 to 2048
[   66.243320][ T5292] =======================================================
[   66.243320][ T5292] WARNING: The mand mount option has been deprecated and
[   66.243320][ T5292]          and is ignored by this kernel. Remove the mand
[   66.243320][ T5292]          option from the mount to silence this warning.
[   66.243320][ T5292] =======================================================
[   66.320174][ T5287] FAT-fs (loop2): error, invalid access to FAT (entry 0x00000100)
[   66.330042][ T5287] FAT-fs (loop2): Filesystem has been set read-only
[   66.412192][ T5302] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list
[   66.414021][ T5304] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[   66.480202][ T5304] evm: overlay not supported
[   66.485501][   T29] audit: type=1804 audit(1720523728.342:2): pid=5304 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.1.39" name="/newroot/6/bus/file0" dev="overlay" ino=6902 res=1 errno=0
[   67.223635][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   67.326074][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   67.545897][ T5323] loop3: detected capacity change from 0 to 1024
[   67.553335][ T5323] ext4: Unknown parameter 'euid<00000000000000000000'
[   67.699354][ T5331] sch_tbf: burst 0 is lower than device lo mtu (65550) !
[   68.059225][ T5318] loop1: detected capacity change from 0 to 32768
[   68.067181][ T5318] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.46 (5318)
[   68.100040][ T5318] BTRFS info (device loop1): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[   68.105046][ T5343] loop2: detected capacity change from 0 to 2048
[   68.110336][ T5318] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[   68.128302][ T5318] BTRFS info (device loop1): using free-space-tree
[   68.256214][ T5332] loop3: detected capacity change from 0 to 512
[   68.312204][ T5332] EXT4-fs: Invalid want_extra_isize 5
[   69.066912][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   69.461906][ T5316] loop4: detected capacity change from 0 to 40427
[   69.473452][    T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!!
[   69.515770][ T5316] F2FS-fs (loop4): invalid crc value
[   69.541259][ T5316] F2FS-fs (loop4): Failed to start F2FS issue_checkpoint_thread (-4)
[   69.599079][    C0] eth0: bad gso: type: 1, size: 1408
[   69.605481][ T5383] netlink: 12 bytes leftover after parsing attributes in process `syz.2.62'.
[   69.654005][ T5383] tipc: Started in network mode
[   69.675977][ T5383] tipc: Node identity ., cluster identity 8
[   70.035254][ T5403] loop2: detected capacity change from 0 to 512
[   71.518793][ T5398] sched: RT throttling activated
[   71.683296][ T1248] ieee802154 phy0 wpan0: encryption failed: -22
[   71.689619][ T1248] ieee802154 phy1 wpan1: encryption failed: -22
[   72.550344][ T5401] loop3: detected capacity change from 0 to 1024
[   72.732786][ T5401] hfsplus: invalid attributes max_key_len 0
[   72.738813][ T5401] hfsplus: failed to load attributes file
[   72.819222][ T5403] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a842c01c, mo2=0002]
[   72.827681][ T5403] System zones: 0-2, 18-18, 34-35
[   72.833567][ T5403] EXT4-fs: error -4 creating inode table initialization thread
[   72.841258][ T5403] EXT4-fs (loop2): mount failed
[   72.854222][ T5405] loop0: detected capacity change from 0 to 2048
[   72.958371][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   73.061018][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   73.265711][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   73.367897][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   73.470796][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[   73.778305][ T5420] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off.
[   73.924192][   T29] audit: type=1804 audit(1720523735.782:3): pid=5420 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.73" name="/newroot/19/bus/file0" dev="overlay" ino=8225 res=1 errno=0
[   74.062468][ T5097] BTRFS info (device loop1): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[   74.409318][ T5445] loop3: detected capacity change from 0 to 1024
[   74.420017][ T5445] hfsplus: invalid attributes max_key_len 0
[   74.426165][ T5445] hfsplus: failed to load attributes file
[   76.780341][  T927] cfg80211: failed to load regulatory.db
[   76.867769][ T5472] Bluetooth: hci3: unsupported parameter 64512
[   76.902814][ T5472] Bluetooth: hci3: invalid length 0, exp 2 for type 3
[   77.032220][    C0] eth0: bad gso: type: 1, size: 1408
[   77.655825][  T930] usb 4-1: new high-speed USB device number 2 using dummy_hcd
[   77.686365][ T5486] loop1: detected capacity change from 0 to 4096
[   77.705046][ T5486] ntfs3: loop1: Different NTFS sector size (1024) and media sector size (512).
[   77.845305][  T930] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   77.877432][  T930] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   77.897555][  T930] usb 4-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00
[   77.935784][  T930] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   78.092726][  T930] usb 4-1: config 0 descriptor??
[   78.472467][ T5510] loop4: detected capacity change from 0 to 512
[   78.504415][ T5510] EXT4-fs (loop4): feature flags set on rev 0 fs, running e2fsck is recommended
[   78.578978][ T5510] EXT4-fs error (device loop4): ext4_orphan_get:1394: inode #17: comm syz.4.108: iget: bad i_size value: -6917529027641081756
[   78.616251][ T5510] EXT4-fs error (device loop4): ext4_orphan_get:1399: comm syz.4.108: couldn't read orphan inode 17 (err -117)
[   78.630566][ T5510] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   78.648592][  T930] hid-thrustmaster 0003:044F:B65D.0001: unknown main item tag 0x0
[   78.661981][  T930] hid-thrustmaster 0003:044F:B65D.0001: hidraw0: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.3-1/input0
[   78.676433][  T930] hid-thrustmaster 0003:044F:B65D.0001: Wrong number of endpoints?
[   78.832279][ T5526] autofs4:pid:5526:validate_dev_ioctl: invalid path supplied for cmd(0xc018937e)
[   78.942290][ T5526] loop2: detected capacity change from 0 to 1024
[   79.190850][ T5105] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   79.308554][ T5530] netlink: 'syz.4.113': attribute type 2 has an invalid length.
[   79.346223][    C0] hid-thrustmaster 0003:044F:B65D.0001: URB to get model id failed with error -71
[   79.356612][  T930] usb 4-1: USB disconnect, device number 2
[   79.369845][ T5530] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.113'.
[   79.489879][   T12] hfsplus: b-tree write err: -5, ino 4
[   79.830183][ T5515] loop1: detected capacity change from 0 to 40427
[   80.167238][ T5515] F2FS-fs (loop1): invalid crc value
[   80.274166][ T5555] ALSA: seq fatal error: cannot create timer (-22)
[   80.313517][ T5515] F2FS-fs (loop1): Found nat_bits in checkpoint
[   80.733076][ T5515] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[   80.776152][ T5561] netlink: 32 bytes leftover after parsing attributes in process `syz.0.121'.
[   80.820976][ T5515] syz.1.109: attempt to access beyond end of device
[   80.820976][ T5515] loop1: rw=2049, sector=53248, nr_sectors = 16 limit=40427
[   80.850589][ T5515] syz.1.109: attempt to access beyond end of device
[   80.850589][ T5515] loop1: rw=34817, sector=53248, nr_sectors = 8 limit=40427
[   80.869041][ T5515] syz.1.109: attempt to access beyond end of device
[   80.869041][ T5515] loop1: rw=524288, sector=53248, nr_sectors = 8 limit=40427
[   80.892145][ T5515] syz.1.109: attempt to access beyond end of device
[   80.892145][ T5515] loop1: rw=524288, sector=53264, nr_sectors = 16 limit=40427
[   80.911456][ T5515] syz.1.109: attempt to access beyond end of device
[   80.911456][ T5515] loop1: rw=0, sector=53272, nr_sectors = 8 limit=40427
[   80.952970][ T5515] syz.1.109: attempt to access beyond end of device
[   80.952970][ T5515] loop1: rw=0, sector=53272, nr_sectors = 8 limit=40427
[   80.989040][ T5515] syz.1.109: attempt to access beyond end of device
[   80.989040][ T5515] loop1: rw=0, sector=53272, nr_sectors = 8 limit=40427
[   81.014156][ T5515] syz.1.109: attempt to access beyond end of device
[   81.014156][ T5515] loop1: rw=0, sector=53272, nr_sectors = 8 limit=40427
[   81.051422][ T5097] syz-executor: attempt to access beyond end of device
[   81.051422][ T5097] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   81.067162][ T5097] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[   81.276377][ T5579] capability: warning: `syz.1.127' uses deprecated v2 capabilities in a way that may be insecure
[   81.389571][ T5587] netlink: 'syz.1.132': attribute type 2 has an invalid length.
[   81.397300][ T5587] netlink: 209852 bytes leftover after parsing attributes in process `syz.1.132'.
[   81.694410][ T5601] loop4: detected capacity change from 0 to 1024
[   81.707650][ T5601] EXT4-fs: Ignoring removed mblk_io_submit option
[   81.738541][ T5601] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   81.775456][ T5105] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   81.857090][ T5612] netlink: 32 bytes leftover after parsing attributes in process `syz.0.142'.
[   82.528441][   T29] audit: type=1326 audit(1720523744.392:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5630 comm="syz.3.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef8eb75bd9 code=0x7ffc0000
[   82.636556][   T29] audit: type=1326 audit(1720523744.392:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5630 comm="syz.3.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fef8eb75bd9 code=0x7ffc0000
[   82.745159][ T5634] netlink: 4 bytes leftover after parsing attributes in process `syz.3.150'.
[   82.755131][   T29] audit: type=1326 audit(1720523744.392:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5630 comm="syz.3.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef8eb75bd9 code=0x7ffc0000
[   82.805369][   T29] audit: type=1326 audit(1720523744.392:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5630 comm="syz.3.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef8eb75bd9 code=0x7ffc0000
[   82.830358][ T5617] loop0: detected capacity change from 0 to 32768
[   82.867370][ T5617] BTRFS: device fsid 34a2da50-e117-4d40-8878-8e0fb0127b5f devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.145 (5617)
[   82.910619][   T29] audit: type=1326 audit(1720523744.392:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5630 comm="syz.3.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fef8eb75bd9 code=0x7ffc0000
[   82.968212][   T29] audit: type=1326 audit(1720523744.432:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5630 comm="syz.3.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef8eb75bd9 code=0x7ffc0000
[   82.996400][ T5617] BTRFS info (device loop0): first mount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f
[   83.042843][ T5617] BTRFS info (device loop0): using xxhash64 (xxhash64-generic) checksum algorithm
[   83.054796][   T29] audit: type=1326 audit(1720523744.432:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5630 comm="syz.3.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fef8eb6cc27 code=0x7ffc0000
[   83.084502][ T5617] BTRFS info (device loop0): using free-space-tree
[   83.127560][   T29] audit: type=1326 audit(1720523744.432:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5630 comm="syz.3.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fef8eb115c9 code=0x7ffc0000
[   83.202418][   T29] audit: type=1326 audit(1720523744.432:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5630 comm="syz.3.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef8eb75bd9 code=0x7ffc0000
[   83.272365][   T29] audit: type=1326 audit(1720523744.432:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5630 comm="syz.3.149" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fef8eb6cc27 code=0x7ffc0000
[   83.831621][ T5107] BTRFS info (device loop0): last unmount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f
[   84.192685][  T927] usb 1-1: new high-speed USB device number 2 using dummy_hcd
[   84.237952][ T5138] libceph: connect (1)[c::]:6789 error -101
[   84.262409][ T5636] loop3: detected capacity change from 0 to 40427
[   84.292714][ T5138] libceph: mon0 (1)[c::]:6789 connect error
[   84.412682][  T927] usb 1-1: Using ep0 maxpacket: 32
[   84.419399][  T927] usb 1-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[   84.439522][ T5636] F2FS-fs (loop3): Found nat_bits in checkpoint
[   84.868398][  T927] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   84.886752][ T5138] libceph: connect (1)[c::]:6789 error -101
[   84.925026][  T927] usb 1-1: config 0 descriptor??
[   84.935574][ T5138] libceph: mon0 (1)[c::]:6789 connect error
[   84.960205][  T927] gspca_main: nw80x-2.14.0 probing 055f:d001
[   85.005200][ T5636] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   85.126065][ T5636] syz.3.151: attempt to access beyond end of device
[   85.126065][ T5636] loop3: rw=2049, sector=53248, nr_sectors = 128 limit=40427
[   85.226475][ T5093] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[   85.293669][ T5677] ceph: No mds server is up or the cluster is laggy
[   85.410270][ T5692] vxcan0: entered promiscuous mode
[   85.425185][ T5692] vlan2: entered allmulticast mode
[   85.431376][ T5692] vxcan0: entered allmulticast mode
[   86.215675][ T5713] loop1: detected capacity change from 0 to 1024
[   86.233833][ T5713] EXT4-fs: Ignoring removed mblk_io_submit option
[   86.377098][ T5713] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   86.464617][  T927] gspca_nw80x: reg_w err -71
[   86.472768][  T927] nw80x 1-1:0.0: probe with driver nw80x failed with error -71
[   86.501869][  T927] usb 1-1: USB disconnect, device number 2
[   86.531182][ T5097] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   86.744382][ T5746] loop3: detected capacity change from 0 to 128
[   86.873746][ T5753] iommufd_mock iommufd_mock0: Adding to iommu group 0
[   87.097814][ T5764] loop4: detected capacity change from 0 to 1024
[   87.099584][ T5769] binder: 5765:5769 ioctl c0306201 20000580 returned -14
[   87.119552][ T5764] EXT4-fs: Ignoring removed mblk_io_submit option
[   87.172254][ T5764] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   87.281891][ T5105] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   87.310863][ T5784] loop0: detected capacity change from 0 to 128
[   87.342059][ T5784] EXT4-fs (loop0): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[   87.442326][ T5792] iommufd_mock iommufd_mock0: Adding to iommu group 0
[   87.472802][ T5784] ext4 filesystem being mounted at /40/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[   87.720990][ T5784] syz.0.194 (pid 5784) is setting deprecated v1 encryption policy; recommend upgrading to v2.
[   87.802756][  T930] usb 5-1: new high-speed USB device number 2 using dummy_hcd
[   87.984806][ T5107] EXT4-fs (loop0): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[   88.094652][ T5806] loop2: detected capacity change from 0 to 256
[   88.132602][  T930] usb 5-1: Using ep0 maxpacket: 32
[   88.145409][  T930] usb 5-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[   88.199430][  T930] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   88.249280][  T930] usb 5-1: config 0 descriptor??
[   88.269369][  T930] gspca_main: nw80x-2.14.0 probing 055f:d001
[   88.448186][ T5815] loop0: detected capacity change from 0 to 1024
[   88.480253][ T5815] EXT4-fs: Ignoring removed mblk_io_submit option
[   88.551586][ T5815] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   88.627846][ T5795] loop1: detected capacity change from 0 to 40427
[   88.707839][ T5795] F2FS-fs (loop1): invalid crc value
[   88.714928][ T5107] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   88.740272][ T5795] F2FS-fs (loop1): Found nat_bits in checkpoint
[   88.896422][ T5795] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e4
[   88.949999][ T5795] bio_check_eod: 1 callbacks suppressed
[   88.950034][ T5795] syz.1.198: attempt to access beyond end of device
[   88.950034][ T5795] loop1: rw=2049, sector=53248, nr_sectors = 16 limit=40427
[   89.002981][ T5795] syz.1.198: attempt to access beyond end of device
[   89.002981][ T5795] loop1: rw=34817, sector=53248, nr_sectors = 8 limit=40427
[   89.050538][ T5795] syz.1.198: attempt to access beyond end of device
[   89.050538][ T5795] loop1: rw=524288, sector=53248, nr_sectors = 8 limit=40427
[   89.100815][ T5795] syz.1.198: attempt to access beyond end of device
[   89.100815][ T5795] loop1: rw=524288, sector=53264, nr_sectors = 16 limit=40427
[   89.163131][ T5795] syz.1.198: attempt to access beyond end of device
[   89.163131][ T5795] loop1: rw=0, sector=53272, nr_sectors = 8 limit=40427
[   89.233107][ T5795] syz.1.198: attempt to access beyond end of device
[   89.233107][ T5795] loop1: rw=0, sector=53272, nr_sectors = 8 limit=40427
[   89.315335][ T5097] syz-executor: attempt to access beyond end of device
[   89.315335][ T5097] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   89.447964][ T5097] F2FS-fs (loop1): Stopped filesystem due to reason: 3
[   89.494567][  T930] gspca_nw80x: reg_w err -71
[   89.501617][  T930] nw80x 5-1:0.0: probe with driver nw80x failed with error -71
[   90.856478][  T930] usb 5-1: USB disconnect, device number 2
[   90.926061][    C0] eth0: bad gso: type: 1, size: 1408
[   91.334482][ T5853] netlink: 4 bytes leftover after parsing attributes in process `syz.2.217'.
[   91.390668][ T5853] vxcan0: left allmulticast mode
[   91.631629][ T5846] loop0: detected capacity change from 0 to 32768
[   91.639014][ T5846] xfs: Unknown parameter 'biosize'
[   91.887120][   T51] usb 5-1: new high-speed USB device number 3 using dummy_hcd
[   92.043853][ T5871] loop0: detected capacity change from 0 to 32768
[   92.066498][ T5871] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.223 (5871)
[   92.096115][   T51] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[   92.117651][ T5871] BTRFS info (device loop0): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[   92.124524][   T51] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[   92.138637][ T5871] BTRFS info (device loop0): using sha256 (sha256-avx2) checksum algorithm
[   92.154546][   T51] usb 5-1: New USB device found, idVendor=046d, idProduct=c086, bcdDevice= 0.00
[   92.159695][ T5871] BTRFS info (device loop0): using free-space-tree
[   92.176208][   T51] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   92.206627][   T51] usb 5-1: config 0 descriptor??
[   92.351860][ T5899] loop2: detected capacity change from 0 to 2048
[   92.411419][ T5899] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   92.957468][ T5867] netlink: 28 bytes leftover after parsing attributes in process `syz.4.222'.
[   92.976797][ T5867] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[   92.998901][ T5103] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   93.009404][ T5867] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[   93.041925][   T51] hid (null): report_id 0 is invalid
[   93.048860][   T51] logitech-hidpp-device 0003:046D:C086.0002: report_id 0 is invalid
[   93.059060][   T51] logitech-hidpp-device 0003:046D:C086.0002: item 0 0 1 8 parsing failed
[   93.068780][   T51] logitech-hidpp-device 0003:046D:C086.0002: hidpp_probe:parse failed
[   93.077200][   T51] logitech-hidpp-device 0003:046D:C086.0002: probe with driver logitech-hidpp-device failed with error -22
[   93.331489][  T930] usb 5-1: USB disconnect, device number 3
[   93.409560][ T5926] loop1: detected capacity change from 0 to 512
[   93.429794][ T5926] EXT4-fs: quotafile must be on filesystem root
[   94.023895][ T5934] loop3: detected capacity change from 0 to 256
[   94.278257][ T5943] netlink: 4 bytes leftover after parsing attributes in process `syz.2.239'.
[   94.509608][ T5107] BTRFS info (device loop0): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[   94.597897][ T5958] netlink: 'syz.2.246': attribute type 20 has an invalid length.
[   95.097049][ T5972] loop0: detected capacity change from 0 to 512
[   95.122411][ T5972] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[   95.133860][ T5955] loop3: detected capacity change from 0 to 40427
[   95.166534][ T5955] F2FS-fs (loop3): Invalid log sectorsize (2)
[   95.177224][ T5972] EXT4-fs error (device loop0): mb_free_blocks:1948: group 0, inode 11: block 64:freeing already freed block (bit 63); block bitmap corrupt.
[   95.183784][ T5955] F2FS-fs (loop3): Can't find valid F2FS filesystem in 1th superblock
[   95.274241][ T5955] F2FS-fs (loop3): Found nat_bits in checkpoint
[   95.310129][ T5972] EXT4-fs (loop0): Remounting filesystem read-only
[   95.318208][ T5972] EXT4-fs (loop0): 1 truncate cleaned up
[   95.324146][ T5273] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[   95.332575][ T5273] Bluetooth: hci2: Injecting HCI hardware error event
[   95.339428][ T5273] Bluetooth: hci2: hardware error 0x00
[   95.343674][ T5972] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[   95.449114][ T5955] F2FS-fs (loop3): Try to recover 1th superblock, ret: 0
[   95.461351][ T5955] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[   95.489663][ T5980] netlink: 209844 bytes leftover after parsing attributes in process `syz.1.251'.
[   95.540676][ T5107] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   95.591408][ T5093] syz-executor: attempt to access beyond end of device
[   95.591408][ T5093] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[   95.637491][ T5093] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[   95.808171][ T5989] loop4: detected capacity change from 0 to 2048
[   95.855147][ T5990] loop1: detected capacity change from 0 to 1024
[   95.862115][ T5990] EXT4-fs: Ignoring removed nomblk_io_submit option
[   95.885856][ T5989] NILFS (loop4): invalid segment: Checksum error in segment payload
[   95.944289][ T5989] NILFS (loop4): trying rollback from an earlier position
[   95.973341][ T5990] EXT4-fs: Quota format mount options ignored when QUOTA feature is enabled
[   96.013535][ T5986] loop0: detected capacity change from 0 to 32768
[   96.023043][ T5986] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.256 (5986)
[   96.038595][ T5989] NILFS (loop4): recovery complete
[   96.046667][ T5990] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e055c01c, mo2=0002]
[   96.056298][ T5990] System zones: 0-1, 3-36
[   96.056943][ T5986] BTRFS info (device loop0): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   96.070845][ T5986] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[   96.079577][ T5986] BTRFS info (device loop0): using free-space-tree
[   96.105207][ T5994] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[   96.126646][ T5990] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[   96.191771][   T29] kauditd_printk_skb: 49 callbacks suppressed
[   96.191788][   T29] audit: type=1800 audit(1720523758.042:63): pid=5989 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.257" name="bus" dev="loop4" ino=12 res=0 errno=0
[   96.295369][   T29] audit: type=1804 audit(1720523758.162:64): pid=6005 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.4.257" name="/newroot/50/file0/bus" dev="loop4" ino=12 res=1 errno=0
[   96.836586][ T5097] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[   97.402588][ T5273] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[   97.487398][ T5107] BTRFS info (device loop0): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[   97.635180][ T6033] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[   97.780521][ T6042] netlink: 209844 bytes leftover after parsing attributes in process `syz.1.268'.
[   97.780659][ T6043] loop0: detected capacity change from 0 to 2048
[   97.850660][ T5142] usb 4-1: new high-speed USB device number 3 using dummy_hcd
[   97.911831][ T6046] netlink: 'syz.4.269': attribute type 10 has an invalid length.
[   97.937813][ T6046] team0: Port device geneve1 added
[   98.088735][ T6043] UDF-fs: error (device loop0): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[   98.315454][ T6011] loop2: detected capacity change from 0 to 32768
[   98.329834][ T6011] XFS: ikeep mount option is deprecated.
[   98.341683][ T6011] XFS: ikeep mount option is deprecated.
[   98.354232][ T6043] loop0: detected capacity change from 2048 to 0
[   98.372551][ T6049] UDF-fs: error (device loop0): udf_verify_fi: directory (ino 1376) has entry at pos 0 with incorrect tag 0
[   98.390320][ T6011] XFS (loop2): Mounting V5 Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   98.410562][ T5107] UDF-fs: error (device loop0): udf_verify_fi: directory (ino 1376) has entry at pos 0 with incorrect tag 0
[   98.426398][ T5107] UDF-fs: error (device loop0): udf_verify_fi: directory (ino 1376) has entry at pos 0 with incorrect tag 0
[   98.523800][ T6011] XFS (loop2): Ending clean mount
[   98.532172][ T5142] usb 4-1: Using ep0 maxpacket: 32
[   98.538160][ T5107] syz-executor: attempt to access beyond end of device
[   98.538160][ T5107] loop0: rw=2049, sector=128, nr_sectors = 1 limit=0
[   98.685865][ T5142] usb 4-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[   98.711882][ T5142] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[   98.728817][ T6011] XFS (loop2): Quotacheck needed: Please wait.
[   98.755821][ T5107] Buffer I/O error on dev loop0, logical block 128, lost sync page write
[   98.809832][ T5142] usb 4-1: config 0 descriptor??
[   98.823382][ T6011] XFS (loop2): Quotacheck: Done.
[   98.905946][ T5142] gspca_main: nw80x-2.14.0 probing 055f:d001
[   99.495033][ T5142] gspca_nw80x: reg_w err -110
[   99.499807][ T5142] nw80x 4-1:0.0: probe with driver nw80x failed with error -110
[   99.574168][ T2809] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   99.613845][ T5103] XFS (loop2): Unmounting Filesystem bfdc47fc-10d8-4eed-a562-11a831b3f791
[   99.724066][ T2809] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   99.813880][ T2809] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   99.898066][  T930] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0
[   99.917836][  T930] hid-generic 0000:0000:0000.0003: hidraw0: <UNKNOWN> HID v0.00 Device [syz1] on syz0
[   99.930971][ T2809] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[   99.968972][   T53] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[   99.980101][   T53] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[   99.990276][ T6061] loop4: detected capacity change from 0 to 32768
[  100.000578][   T53] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  100.011878][   T53] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  100.020466][   T53] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  100.030065][   T53] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  100.053355][ T6061] XFS (loop4): Mounting V5 Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  100.134837][ T6087] Bluetooth: hci3: service_discovery: expected 4 bytes, got 7 bytes
[  100.144934][ T6061] XFS (loop4): Ending clean mount
[  100.181158][ T2809] bridge_slave_1: left allmulticast mode
[  100.189108][ T2809] bridge_slave_1: left promiscuous mode
[  100.204957][ T6061] XFS (loop4): Quotacheck needed: Please wait.
[  100.218725][ T2809] bridge0: port 2(bridge_slave_1) entered disabled state
[  100.240287][ T6061] XFS (loop4): Quotacheck: Done.
[  100.253822][ T2809] bridge_slave_0: left allmulticast mode
[  100.260917][ T2809] bridge_slave_0: left promiscuous mode
[  100.269182][ T2809] bridge0: port 1(bridge_slave_0) entered disabled state
[  100.335258][ T6061] XFS (loop4): User initiated shutdown received.
[  100.370647][ T6061] XFS (loop4): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x110/0x160 (fs/xfs/xfs_fsops.c:447).  Shutting down filesystem.
[  100.397699][ T6092] dlm: no local IP address has been set
[  100.404424][ T6092] dlm: cannot start dlm midcomms -107
[  100.572345][ T6061] XFS (loop4): Please unmount the filesystem and rectify the problem(s)
[  100.747134][ T6061] syz.4.273 uses obsolete (PF_INET,SOCK_PACKET)
[  100.749640][ T5142] usb 4-1: USB disconnect, device number 3
[  100.788664][ T5105] XFS (loop4): Unmounting Filesystem ed37bf6e-74ea-4e01-afba-5fee274b0f3a
[  100.789509][ T6095] netlink: 9 bytes leftover after parsing attributes in process `syz.3.283'.
[  100.829202][ T2809] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  100.855068][ T2809] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  100.894710][ T2809] bond0 (unregistering): Released all slaves
[  102.046209][   T53] Bluetooth: hci4: command tx timeout
[  102.055010][ T2809] hsr_slave_0: left promiscuous mode
[  102.074011][ T2809] hsr_slave_1: left promiscuous mode
[  102.096464][ T2809] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  102.119318][ T2809] batman_adv: batadv0: Removing interface: batadv_slave_0
[  102.133802][ T6104] loop1: detected capacity change from 0 to 32768
[  102.157491][ T6104] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.287 (6104)
[  102.183290][ T2809] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  102.197311][ T6104] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  102.220697][ T6104] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  102.221058][ T2809] batman_adv: batadv0: Removing interface: batadv_slave_1
[  102.241704][ T6104] BTRFS info (device loop1): using free-space-tree
[  102.275492][ T2809] veth1_macvtap: left promiscuous mode
[  102.293447][ T2809] veth0_macvtap: left promiscuous mode
[  102.321645][ T2809] veth1_vlan: left promiscuous mode
[  102.328856][ T2809] veth0_vlan: left promiscuous mode
[  102.391249][ T6111] loop4: detected capacity change from 0 to 32768
[  102.400912][ T6111] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.284 (6111)
[  102.427046][ T6111] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  102.454324][ T6111] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  102.507473][ T6111] BTRFS info (device loop4): using free-space-tree
[  102.516971][ T6106] loop2: detected capacity change from 0 to 32768
[  102.544425][ T6104] netlink: 8 bytes leftover after parsing attributes in process `syz.1.287'.
[  102.639948][ T6106] XFS (loop2): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  102.740038][ T6106] XFS (loop2): Ending clean mount
[  102.895326][ T5103] XFS (loop2): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  102.912308][ T5105] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  103.138998][ T2809] team0 (unregistering): Port device team_slave_1 removed
[  103.196734][ T2809] team0 (unregistering): Port device team_slave_0 removed
[  103.197097][ T6187] netlink: 9 bytes leftover after parsing attributes in process `syz.2.295'.
[  103.311538][ T6190] overlayfs: missing 'lowerdir'
[  104.122817][   T53] Bluetooth: hci4: command tx timeout
[  105.716893][    C0] eth0: bad gso: type: 1, size: 1408
[  106.443171][   T53] Bluetooth: hci4: command tx timeout
[  106.447847][ T6071] chnl_net:caif_netlink_parms(): no params data found
[  106.529031][ T6198] dlm: no local IP address has been set
[  106.534935][ T6198] dlm: cannot start dlm midcomms -107
[  106.842400][ T5097] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  107.093885][ T6071] bridge0: port 1(bridge_slave_0) entered blocking state
[  107.125272][ T6071] bridge0: port 1(bridge_slave_0) entered disabled state
[  107.133364][ T6071] bridge_slave_0: entered allmulticast mode
[  107.164170][ T6071] bridge_slave_0: entered promiscuous mode
[  107.179491][ T6071] bridge0: port 2(bridge_slave_1) entered blocking state
[  107.199019][ T6071] bridge0: port 2(bridge_slave_1) entered disabled state
[  107.206303][ T6071] bridge_slave_1: entered allmulticast mode
[  107.223348][ T6071] bridge_slave_1: entered promiscuous mode
[  107.339915][ T6071] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  107.357081][ T6071] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  107.405235][ T6071] team0: Port device team_slave_0 added
[  107.417320][ T6071] team0: Port device team_slave_1 added
[  107.456769][ T6071] batman_adv: batadv0: Adding interface: batadv_slave_0
[  107.464716][ T6071] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  107.493923][ T6071] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  107.510984][ T6071] batman_adv: batadv0: Adding interface: batadv_slave_1
[  107.519023][ T6071] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  107.549563][ T6071] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  107.608508][ T6071] hsr_slave_0: entered promiscuous mode
[  107.619393][ T6071] hsr_slave_1: entered promiscuous mode
[  107.629314][ T6071] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  107.645086][ T6071] Cannot create hsr debugfs directory
[  107.666088][ T6224] loop1: detected capacity change from 0 to 32768
[  107.739094][ T6224] XFS (loop1): Mounting V5 Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  107.815804][ T6224] XFS (loop1): Ending clean mount
[  107.938835][ T5097] XFS (loop1): Unmounting Filesystem a2f82aab-77f8-4286-afd4-a8f747a74bab
[  108.196437][  T927] libceph: connect (1)[c::]:6789 error -101
[  108.202454][  T927] libceph: mon0 (1)[c::]:6789 connect error
[  108.237810][ T6254] loop4: detected capacity change from 0 to 32768
[  108.253849][ T6254] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.307 (6254)
[  108.334044][ T6254] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  108.385956][ T6254] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  108.433785][ T6254] BTRFS info (device loop4): using free-space-tree
[  108.483021][  T927] libceph: connect (1)[c::]:6789 error -101
[  108.511119][  T927] libceph: mon0 (1)[c::]:6789 connect error
[  108.522965][   T53] Bluetooth: hci4: command tx timeout
[  108.707593][ T6289] overlayfs: missing 'lowerdir'
[  108.762122][ T6071] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  109.178173][   T51] libceph: connect (1)[c::]:6789 error -101
[  109.190029][ T6071] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  109.196918][   T51] libceph: mon0 (1)[c::]:6789 connect error
[  109.204608][ T5105] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  111.615073][  T927] libceph: connect (1)[c::]:6789 error -101
[  111.621082][  T927] libceph: mon0 (1)[c::]:6789 connect error
[  111.633651][ T6071] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  111.923921][ T6259] ceph: No mds server is up or the cluster is laggy
[  111.930117][ T6071] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  112.233131][ T6296] dlm: no local IP address has been set
[  112.238814][ T6296] dlm: cannot start dlm midcomms -107
[  112.769026][ T6303] input: syz0 as /devices/virtual/input/input5
[  112.839263][ T6071] 8021q: adding VLAN 0 to HW filter on device bond0
[  112.909320][ T6071] 8021q: adding VLAN 0 to HW filter on device team0
[  112.920099][    C0] eth0: bad gso: type: 1, size: 1408
[  112.943875][ T5138] bridge0: port 1(bridge_slave_0) entered blocking state
[  112.951005][ T5138] bridge0: port 1(bridge_slave_0) entered forwarding state
[  112.983722][ T5138] bridge0: port 2(bridge_slave_1) entered blocking state
[  112.990863][ T5138] bridge0: port 2(bridge_slave_1) entered forwarding state
[  113.122611][  T927] usb 3-1: new high-speed USB device number 2 using dummy_hcd
[  113.232718][ T5151] usb 2-1: new high-speed USB device number 2 using dummy_hcd
[  113.327880][  T927] usb 3-1: Using ep0 maxpacket: 16
[  113.337486][ T6071] 8021q: adding VLAN 0 to HW filter on device batadv0
[  113.353978][  T927] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3
[  113.375001][  T927] usb 3-1: config 1 has no interface number 1
[  113.381116][  T927] usb 3-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping
[  113.421817][  T927] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0
[  113.422569][ T5151] usb 2-1: Using ep0 maxpacket: 32
[  113.445025][ T6071] veth0_vlan: entered promiscuous mode
[  113.456797][  T927] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  113.470629][ T6071] veth1_vlan: entered promiscuous mode
[  113.483491][ T5151] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  113.498344][  T927] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  113.510950][  T927] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  113.526023][ T5151] usb 2-1: New USB device found, idVendor=05ac, idProduct=024e, bcdDevice= 0.40
[  113.527401][ T6071] veth0_macvtap: entered promiscuous mode
[  113.545611][  T927] usb 3-1: Product: syz
[  113.549785][  T927] usb 3-1: Manufacturer: syz
[  113.556283][  T927] usb 3-1: SerialNumber: syz
[  113.562443][ T5151] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  113.565116][ T6071] veth1_macvtap: entered promiscuous mode
[  113.592613][ T5151] usb 2-1: Product: syz
[  113.596788][ T5151] usb 2-1: Manufacturer: syz
[  113.601384][ T5151] usb 2-1: SerialNumber: syz
[  113.609557][ T6071] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  113.624036][ T6071] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  113.629254][ T6314] loop3: detected capacity change from 0 to 32768
[  113.635010][ T6071] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  113.657496][ T5151] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input6
[  113.678576][ T6314] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.318 (6314)
[  113.687098][ T6071] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  113.738724][ T6314] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  113.739515][ T6071] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  113.760227][ T6314] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  113.767666][ T6071] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  113.778911][ T6314] BTRFS info (device loop3): using free-space-tree
[  113.827429][ T6318] loop4: detected capacity change from 0 to 40427
[  113.850265][ T6071] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  113.871220][ T6071] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  113.881075][ T6318] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  113.881101][ T6318] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  113.891889][ T6071] batman_adv: batadv0: Interface activated: batadv_slave_0
[  113.909845][ T5151] usb 2-1: USB disconnect, device number 2
[  113.916138][ T4537] bcm5974 2-1:1.0: could not read from device
[  113.924455][ T4537] bcm5974 2-1:1.0: could not read from device
[  113.933436][ T6071] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  113.943951][ T6071] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  113.946283][ T5294] bcm5974 2-1:1.0: could not read from device
[  113.953849][ T6071] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  113.953865][ T6071] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  113.953877][ T6071] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  113.982665][ T6318] F2FS-fs (loop4): invalid crc value
[  113.996985][ T6071] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  114.007229][ T6071] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  114.019656][ T6071] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  114.036658][ T6071] batman_adv: batadv0: Interface activated: batadv_slave_1
[  114.043122][ T6318] F2FS-fs (loop4): Found nat_bits in checkpoint
[  114.066799][  T927] usb 3-1: found format II with max.bitrate = 0, frame size=0
[  114.078880][ T6071] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  114.085139][  T927] usb 3-1: 2:1 : invalid UAC_FORMAT_TYPE desc
[  114.112873][ T6071] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  114.135056][  T927] usb 3-1: USB disconnect, device number 2
[  114.149299][ T6071] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  114.173993][ T6071] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  114.250390][ T6318] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  114.271270][ T6318] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  114.362433][ T5093] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  114.383373][ T2809] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.391225][ T2809] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  114.393549][ T5296] udevd[5296]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  114.523223][ T2488] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  114.561435][ T2488] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  115.299040][ T6382] loop2: detected capacity change from 0 to 512
[  115.346066][ T6382] EXT4-fs (loop2): bad geometry: first data block 65531 is beyond end of filesystem (256)
[  115.437747][ T6384] overlayfs: missing 'lowerdir'
[  115.530401][ T6383] loop3: detected capacity change from 0 to 2048
[  115.692176][ T6383] NILFS (loop3): invalid segment: Checksum error in segment payload
[  115.732620][ T6383] NILFS (loop3): trying rollback from an earlier position
[  115.809141][ T6383] NILFS (loop3): recovery complete
[  115.862232][ T6396] netlink: 8 bytes leftover after parsing attributes in process `syz.1.327'.
[  115.875160][ T6397] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  115.957406][   T29] audit: type=1800 audit(1720523777.812:65): pid=6383 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.323" name="bus" dev="loop3" ino=12 res=0 errno=0
[  116.023523][   T29] audit: type=1326 audit(1720523777.892:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6401 comm="syz.1.329" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7faefaf75bd9 code=0x0
[  116.099290][ T6405] netlink: 4 bytes leftover after parsing attributes in process `syz.2.330'.
[  116.117000][   T29] audit: type=1804 audit(1720523777.972:67): pid=6408 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.323" name="/newroot/58/file0/bus" dev="loop3" ino=12 res=1 errno=0
[  116.495191][ T6393] loop0: detected capacity change from 0 to 32768
[  116.531496][ T6393] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop0 (7:0) scanned by syz.0.326 (6393)
[  116.564991][ T6393] BTRFS info (device loop0): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  116.593228][ T6434] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  116.601172][ T6393] BTRFS info (device loop0): using crc32c (crc32c-intel) checksum algorithm
[  116.614868][ T6393] BTRFS info (device loop0): disk space caching is enabled
[  116.660669][ T6447] netlink: 24 bytes leftover after parsing attributes in process `syz.4.338'.
[  116.684307][  T927] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  116.735960][ T6393] BTRFS info (device loop0): rebuilding free space tree
[  116.753802][ T6393] BTRFS info (device loop0): disabling free space tree
[  116.760944][ T6393] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  116.771327][ T6393] BTRFS info (device loop0): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  116.872452][ T6071] BTRFS info (device loop0): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  116.884088][  T927] usb 3-1: Using ep0 maxpacket: 32
[  116.893078][ T6458] capability: warning: `syz.3.339' uses 32-bit capabilities (legacy support in use)
[  116.919379][  T927] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  116.951797][  T927] usb 3-1: New USB device found, idVendor=05ac, idProduct=024e, bcdDevice= 0.40
[  116.966807][  T927] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  116.977578][  T927] usb 3-1: Product: syz
[  116.982022][  T927] usb 3-1: Manufacturer: syz
[  116.986960][  T927] usb 3-1: SerialNumber: syz
[  117.116403][  T927] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input7
[  117.320417][ T4537] bcm5974 3-1:1.0: could not read from device
[  117.394223][ T4537] bcm5974 3-1:1.0: could not read from device
[  117.411652][  T927] usb 3-1: USB disconnect, device number 3
[  117.444204][ T6465] loop4: detected capacity change from 0 to 65536
[  117.476086][ T4537] bcm5974 3-1:1.0: could not read from device
[  118.599858][ T4537] bcm5974 3-1:1.0: could not read from device
[  118.651614][ T6465] XFS (loop4): Mounting V5 Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  118.729783][ T6465] XFS (loop4): Ending clean mount
[  118.738991][ T6465] XFS (loop4): Quotacheck needed: Please wait.
[  118.764825][ T6465] XFS (loop4): Quotacheck: Done.
[  118.787417][   T29] audit: type=1326 audit(1720523780.642:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6498 comm="syz.3.351" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fef8eb75bd9 code=0x0
[  118.881638][ T6502] loop0: detected capacity change from 0 to 256
[  119.803260][ T6511] netlink: 8 bytes leftover after parsing attributes in process `syz.0.352'.
[  119.962496][ T6514] netlink: 8 bytes leftover after parsing attributes in process `syz.1.355'.
[  120.091595][ T5105] XFS (loop4): Unmounting Filesystem d6f69dbd-8c5d-46be-b88e-92c0ae88ceb2
[  120.475277][ T6535] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  120.524008][ T6540] loop3: detected capacity change from 0 to 256
[  120.622811][ T5144] usb 2-1: new high-speed USB device number 3 using dummy_hcd
[  120.717217][ T6520] loop2: detected capacity change from 0 to 32768
[  120.725661][ T6520] BTRFS: device fsid 34a2da50-e117-4d40-8878-8e0fb0127b5f devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.358 (6520)
[  120.827492][ T6545] netlink: 8 bytes leftover after parsing attributes in process `syz.3.367'.
[  120.916348][ T6520] BTRFS info (device loop2): first mount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f
[  121.082020][ T6520] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm
[  121.117646][ T6520] BTRFS info (device loop2): using free-space-tree
[  121.182865][ T5144] usb 2-1: Using ep0 maxpacket: 32
[  121.208900][ T5144] usb 2-1: config 0 has no interfaces?
[  121.240819][ T5144] usb 2-1: New USB device found, idVendor=1557, idProduct=8150, bcdDevice=29.ed
[  121.270537][ T5144] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  121.295865][ T5144] usb 2-1: Product: syz
[  121.312305][ T5144] usb 2-1: Manufacturer: syz
[  121.334558][ T5144] usb 2-1: SerialNumber: syz
[  121.363848][ T5151] usb 1-1: new high-speed USB device number 3 using dummy_hcd
[  121.379075][ T5144] usb 2-1: config 0 descriptor??
[  121.388595][   T29] audit: type=1326 audit(1720523783.252:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6566 comm="syz.4.370" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff610d75bd9 code=0x0
[  121.425934][ T5103] BTRFS info (device loop2): last unmount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f
[  121.546699][ T6575] netlink: 8 bytes leftover after parsing attributes in process `syz.2.371'.
[  121.564873][ T5151] usb 1-1: Using ep0 maxpacket: 32
[  121.571903][ T5151] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0
[  121.601419][ T5151] usb 1-1: New USB device found, idVendor=05ac, idProduct=024e, bcdDevice= 0.40
[  121.618370][ T5151] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  121.645147][ T5151] usb 1-1: Product: syz
[  121.666336][ T5151] usb 1-1: Manufacturer: syz
[  121.675879][ T5151] usb 1-1: SerialNumber: syz
[  121.699710][ T5151] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input8
[  121.819355][ T6580] netlink: 8 bytes leftover after parsing attributes in process `syz.2.375'.
[  121.913901][ T4537] bcm5974 1-1:1.0: could not read from device
[  121.923342][ T4537] bcm5974 1-1:1.0: could not read from device
[  121.938973][ T5151] usb 1-1: USB disconnect, device number 3
[  121.940085][ T4537] bcm5974 1-1:1.0: could not read from device
[  121.954656][ T4537] bcm5974 1-1:1.0: could not read from device
[  122.263874][ T6590] loop4: detected capacity change from 0 to 256
[  122.280409][ T6590] vfat: Unknown parameter 'dont_hash'
[  122.617180][ T6596] kvm: emulating exchange as write
[  123.260912][  T927] usb 2-1: USB disconnect, device number 3
[  126.600757][ T6598] input: syz0 as /devices/virtual/input/input9
[  126.770575][ T6608] loop3: detected capacity change from 0 to 4096
[  126.779855][ T6608] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512).
[  126.816897][ T6615] loop4: detected capacity change from 0 to 1024
[  126.836403][ T6608] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  126.849400][ T6608] ntfs3: loop3: Failed to load $Extend (-22).
[  126.869942][ T6608] ntfs3: loop3: Failed to initialize $Extend.
[  127.068237][   T29] audit: type=1800 audit(1720523788.932:70): pid=6618 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=set_data cause=unavailable-hash-algorithm comm="syz.0.389" name="/newroot/12/file0" dev="tmpfs" ino=79 res=0 errno=0
[  127.131764][ T6629] loop3: detected capacity change from 0 to 512
[  127.188834][ T6629] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  127.201643][ T6629] ext4 filesystem being mounted at /74/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  127.253885][ T6601] loop2: detected capacity change from 0 to 32768
[  127.254801][ T6629] overlayfs: missing 'workdir'
[  127.261384][ T6601] BTRFS: device fsid 34a2da50-e117-4d40-8878-8e0fb0127b5f devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.383 (6601)
[  127.329545][ T6601] BTRFS info (device loop2): first mount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f
[  127.342596][   T51] usb 1-1: new high-speed USB device number 4 using dummy_hcd
[  127.367178][ T6601] BTRFS info (device loop2): using xxhash64 (xxhash64-generic) checksum algorithm
[  127.380403][ T6601] BTRFS info (device loop2): using free-space-tree
[  127.532499][ T5103] BTRFS info (device loop2): last unmount of filesystem 34a2da50-e117-4d40-8878-8e0fb0127b5f
[  127.545650][   T51] usb 1-1: Using ep0 maxpacket: 8
[  127.562243][   T51] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  127.575064][   T51] usb 1-1: config 0 has no interface number 0
[  127.583005][   T51] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  127.595226][   T51] usb 1-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  127.606375][   T51] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  127.645134][   T51] usb 1-1: config 0 descriptor??
[  127.668056][   T51] iowarrior 1-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  127.918977][ T6653] Zero length message leads to an empty skb
[  127.971831][ T5093] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  128.014142][ T5151] usb 1-1: USB disconnect, device number 4
[  128.040175][ T5151] iowarrior 1-1:0.1: I/O-Warror #0 now disconnected
[  128.180364][ T6667] ceph: missing cluster fsid
[  128.192882][ T6667] ceph: separator ':' missing in source
[  128.269313][ T6670] netlink: 'syz.3.400': attribute type 1 has an invalid length.
[  128.377439][    C0] eth0: bad gso: type: 1, size: 1408
[  128.436051][ T6658] loop4: detected capacity change from 0 to 32768
[  128.450205][ T6658] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.395 (6658)
[  128.484304][ T6658] BTRFS info (device loop4): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  128.484379][ T6658] BTRFS info (device loop4): using crc32c (crc32c-intel) checksum algorithm
[  128.484409][ T6658] BTRFS info (device loop4): using free-space-tree
[  128.746919][ T5105] BTRFS info (device loop4): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  128.784207][ T6706] loop3: detected capacity change from 0 to 64
[  128.827025][ T6708] ceph: missing cluster fsid
[  128.849272][ T6708] ceph: separator ':' missing in source
[  129.128409][ T6716] veth0_vlan: entered allmulticast mode
[  129.700098][ T6715] loop4: detected capacity change from 0 to 1024
[  129.824547][ T6723] loop3: detected capacity change from 0 to 4096
[  129.841180][ T6723] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512).
[  129.972640][ T6723] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  129.978599][ T6727] loop4: detected capacity change from 0 to 2048
[  130.000613][ T6735] loop1: detected capacity change from 0 to 128
[  130.002291][ T6723] ntfs3: loop3: Failed to load $Extend (-22).
[  130.023153][ T6727] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=787, location=787
[  130.037790][ T6723] ntfs3: loop3: Failed to initialize $Extend.
[  130.053835][ T6727] UDF-fs: error (device loop4): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  130.064839][ T6735] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=256, location=256
[  130.073763][ T6727] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=1043, location=1043
[  130.077255][ T6735] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  130.102859][ T6727] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=787, location=787
[  130.119259][ T6727] UDF-fs: error (device loop4): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  130.130132][ T6727] UDF-fs: error (device loop4): udf_read_tagged: read failed, block=1043, location=1043
[  130.143302][ T6727] UDF-fs: warning (device loop4): udf_fill_super: No partition found (1)
[  130.214351][ T5151] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  130.242915][ T6739] loop3: detected capacity change from 0 to 256
[  130.271696][ T6743] loop4: detected capacity change from 0 to 512
[  130.290781][ T6743] EXT4-fs: Ignoring removed i_version option
[  130.299848][ T6743] EXT4-fs: Ignoring removed nobh option
[  130.310185][ T6743] EXT4-fs (loop4): encrypted files will use data=ordered instead of data journaling mode
[  130.419063][ T6743] EXT4-fs warning (device loop4): ext4_expand_extra_isize_ea:2856: Unable to expand inode 15. Delete some EAs or run e2fsck.
[  130.434253][ T6743] EXT4-fs (loop4): 1 truncate cleaned up
[  130.440371][ T6743] EXT4-fs (loop4): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  130.453909][ T5151] usb 3-1: Using ep0 maxpacket: 8
[  130.524974][ T6751] netlink: 8 bytes leftover after parsing attributes in process `syz.3.422'.
[  130.652651][   T51] usb 1-1: new high-speed USB device number 5 using dummy_hcd
[  130.856189][   T51] usb 1-1: config 0 has no interfaces?
[  130.856651][ T5151] usb 3-1: config 0 has an invalid interface number: 1 but max is 0
[  130.865648][   T51] usb 1-1: New USB device found, idVendor=19d2, idProduct=0040, bcdDevice=85.1f
[  130.882704][   T51] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  130.890776][   T51] usb 1-1: Product: syz
[  130.895422][   T51] usb 1-1: Manufacturer: syz
[  130.900305][   T51] usb 1-1: SerialNumber: syz
[  130.902103][ T6752] loop1: detected capacity change from 0 to 64
[  130.911433][ T5151] usb 3-1: config 0 has no interface number 0
[  130.915289][   T51] usb 1-1: config 0 descriptor??
[  130.929131][ T5151] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  130.954394][ T5151] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  130.964681][ T5105] EXT4-fs (loop4): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  130.980963][ T5151] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  131.006271][ T5151] usb 3-1: config 0 descriptor??
[  131.050287][ T5151] iowarrior 3-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0
[  131.150218][ T6756] loop3: detected capacity change from 0 to 256
[  131.263959][ T6756] syz.3.428: attempt to access beyond end of device
[  131.263959][ T6756] loop3: rw=2049, sector=256, nr_sectors = 128 limit=256
[  131.309737][ T5144] usb 1-1: USB disconnect, device number 5
[  131.332197][ T6756] syz.3.428: attempt to access beyond end of device
[  131.332197][ T6756] loop3: rw=2049, sector=384, nr_sectors = 12 limit=256
[  131.478941][ T6766] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state.
[  131.511034][  T927] usb 3-1: USB disconnect, device number 4
[  131.533733][  T927] iowarrior 3-1:0.1: I/O-Warror #0 now disconnected
[  131.802728][ T5273] Bluetooth: hci4: command 0x0405 tx timeout
[  132.163926][ T6781] loop1: detected capacity change from 0 to 512
[  132.206568][ T6781] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  132.219243][ T6781] ext4 filesystem being mounted at /81/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  132.258696][ T6781] overlayfs: missing 'workdir'
[  132.384869][ T6785] loop3: detected capacity change from 0 to 2048
[  132.396967][ T6785] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=787, location=787
[  132.418464][ T6785] UDF-fs: error (device loop3): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  132.434969][ T6785] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=1043, location=1043
[  132.446059][ T6785] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=787, location=787
[  132.462962][ T6785] UDF-fs: error (device loop3): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  132.497991][ T6785] UDF-fs: error (device loop3): udf_read_tagged: read failed, block=1043, location=1043
[  132.547289][ T6785] UDF-fs: warning (device loop3): udf_fill_super: No partition found (1)
[  132.794590][ T6801] netlink: 'syz.0.443': attribute type 3 has an invalid length.
[  132.846331][ T6801] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.443'.
[  132.874001][ T6801] bridge_slave_1: left allmulticast mode
[  132.879711][ T6801] bridge_slave_1: left promiscuous mode
[  132.885494][ T6801] bridge0: port 2(bridge_slave_1) entered disabled state
[  132.900448][ T6801] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  133.024966][ T6808] netlink: 'syz.2.444': attribute type 75 has an invalid length.
[  133.087812][ T1248] ieee802154 phy0 wpan0: encryption failed: -22
[  133.096414][ T1248] ieee802154 phy1 wpan1: encryption failed: -22
[  133.150708][ T5097] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  133.298177][   T53] Bluetooth: Unknown BR/EDR signaling command 0x0e
[  133.304796][   T53] Bluetooth: Wrong link type (-22)
[  133.310093][   T53] Bluetooth: hci1: link tx timeout
[  133.315314][   T53] Bluetooth: hci1: killing stalled connection 10:aa:aa:aa:aa:aa
[  133.323481][   T53] Bluetooth: hci1: link tx timeout
[  133.328643][   T53] Bluetooth: hci1: killing stalled connection 11:aa:aa:aa:aa:aa
[  133.572612][  T927] usb 1-1: new high-speed USB device number 6 using dummy_hcd
[  133.693251][ T6827] loop1: detected capacity change from 0 to 2048
[  133.734516][ T6827] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=787, location=787
[  133.747026][ T6827] UDF-fs: error (device loop1): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  133.760192][ T6827] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=1043, location=1043
[  133.770341][  T927] usb 1-1: Using ep0 maxpacket: 32
[  133.777985][ T6827] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=787, location=787
[  133.796333][  T927] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0
[  133.819258][ T6827] UDF-fs: error (device loop1): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  133.823439][  T927] usb 1-1: New USB device found, idVendor=3823, idProduct=0001, bcdDevice= 3.eb
[  133.829961][ T6827] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=1043, location=1043
[  133.848594][  T927] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  133.851633][ T6827] UDF-fs: warning (device loop1): udf_fill_super: No partition found (1)
[  133.865210][  T927] usb 1-1: Product: syz
[  133.865226][  T927] usb 1-1: Manufacturer: syz
[  133.865240][  T927] usb 1-1: SerialNumber: syz
[  133.904760][  T927] usb 1-1: config 0 descriptor??
[  133.912899][  T927] usbtouchscreen 1-1:0.0: probe with driver usbtouchscreen failed with error -12
[  134.220613][ T6839] loop1: detected capacity change from 0 to 128
[  134.270795][ T6839] EXT4-fs (loop1): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  134.284584][ T6839] ext4 filesystem being mounted at /87/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  134.537123][ T5151] usb 1-1: USB disconnect, device number 6
[  134.639136][ T6842] netlink: 'syz.3.459': attribute type 3 has an invalid length.
[  134.699039][ T6842] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.459'.
[  134.725635][ T6844] mmap: syz.4.460 (6844) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst.
[  134.751348][ T6835] loop2: detected capacity change from 0 to 32768
[  134.751523][ T6842] bridge_slave_1: left allmulticast mode
[  134.765876][ T6842] bridge_slave_1: left promiscuous mode
[  134.770638][ T6835] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.457 (6835)
[  134.771641][ T6842] bridge0: port 2(bridge_slave_1) entered disabled state
[  134.815586][ T6835] BTRFS info (device loop2): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  134.835016][ T6835] BTRFS info (device loop2): using sha256 (sha256-avx2) checksum algorithm
[  134.843841][ T6835] BTRFS info (device loop2): using free-space-tree
[  134.845917][ T6842] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check.
[  135.234370][ T5097] EXT4-fs (loop1): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  135.402973][   T53] Bluetooth: hci1: command 0x0406 tx timeout
[  135.761496][   T29] audit: type=1326 audit(1720523797.622:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.3.465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef8eb75bd9 code=0x7ffc0000
[  135.826241][   T29] audit: type=1326 audit(1720523797.662:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.3.465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef8eb75bd9 code=0x7ffc0000
[  135.849364][    C0] vkms_vblank_simulate: vblank timer overrun
[  135.868895][ T6880] loop1: detected capacity change from 0 to 2048
[  135.908278][ T6880] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=787, location=787
[  135.924284][ T6880] UDF-fs: error (device loop1): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  135.949196][ T6880] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=1043, location=1043
[  135.963296][ T6880] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=787, location=787
[  135.982072][ T6880] UDF-fs: error (device loop1): udf_read_tagged: tag version 0x0000 != 0x0002 || 0x0003, block 0
[  135.993742][ T6880] UDF-fs: error (device loop1): udf_read_tagged: read failed, block=1043, location=1043
[  136.005052][ T6880] UDF-fs: warning (device loop1): udf_fill_super: No partition found (1)
[  136.051596][ T6888] kvm: requested 4190 ns i8254 timer period limited to 200000 ns
[  136.082769][ T5142] usb 4-1: new high-speed USB device number 4 using dummy_hcd
[  136.095417][ T6888] kvm: pic: non byte read
[  136.102795][ T6888] kvm: pic: non byte read
[  136.110815][ T6888] kvm: pic: non byte read
[  136.285472][ T5142] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 32
[  136.312085][ T5142] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  136.328005][ T5142] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  136.330654][ T6899] team_slave_0: Device is already in use.
[  136.351932][ T5142] usb 4-1: Product: ࠝ
[  136.358997][ T5142] usb 4-1: Manufacturer: Ḩ
[  136.469103][ T6905] netlink: 8 bytes leftover after parsing attributes in process `syz.4.477'.
[  136.478718][ T6903] Non-string source
[  136.975272][   T29] audit: type=1326 audit(1720523798.802:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.3.465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7fef8eb75bd9 code=0x7ffc0000
[  137.115777][   T29] audit: type=1326 audit(1720523798.802:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.3.465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef8eb75bd9 code=0x7ffc0000
[  137.151620][ T6882] netlink: 8 bytes leftover after parsing attributes in process `syz.3.465'.
[  137.173272][   T29] audit: type=1326 audit(1720523798.802:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.3.465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef8eb75bd9 code=0x7ffc0000
[  137.217051][   T29] audit: type=1326 audit(1720523798.812:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.3.465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fef8eb75bd9 code=0x7ffc0000
[  137.234485][ T5103] BTRFS info (device loop2): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  137.242411][ T4497] Bluetooth: hci0: Unknown advertising packet type: 0x14
[  137.250094][   T29] audit: type=1326 audit(1720523798.822:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.3.465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef8eb75bd9 code=0x7ffc0000
[  137.289536][   T29] audit: type=1326 audit(1720523798.822:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.3.465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef8eb75bd9 code=0x7ffc0000
[  137.315020][   T29] audit: type=1326 audit(1720523798.902:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.3.465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fef8eb75bd9 code=0x7ffc0000
[  137.337601][   T29] audit: type=1326 audit(1720523798.922:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6875 comm="syz.3.465" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fef8eb75bd9 code=0x7ffc0000
[  137.372002][ T5142] cdc_ncm 4-1:1.0: bind() failure
[  137.380029][ T5142] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found
[  137.398795][ T5142] cdc_ncm 4-1:1.1: bind() failure
[  137.414499][ T5142] usb 4-1: USB disconnect, device number 4
[  137.482621][ T4497] Bluetooth: hci1: command 0x0406 tx timeout
[  137.527521][ T5273] Bluetooth: Unknown BR/EDR signaling command 0x0e
[  137.527542][ T5273] Bluetooth: Wrong link type (-22)
[  137.562764][ T5273] Bluetooth: hci4: command 0x0405 tx timeout
[  137.573298][ T6928] loop1: detected capacity change from 0 to 128
[  137.595295][ T6928] FAT-fs (loop1): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  137.626190][ T6928] FAT-fs (loop1): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  137.808858][ T6941] netlink: 4 bytes leftover after parsing attributes in process `syz.0.488'.
[  137.810017][ T6940] netlink: 8 bytes leftover after parsing attributes in process `syz.2.489'.
[  137.832198][ T6941] netlink: 4 bytes leftover after parsing attributes in process `syz.0.488'.
[  137.842706][ T6941] netlink: 16 bytes leftover after parsing attributes in process `syz.0.488'.
[  138.008688][ T6950] loop1: detected capacity change from 0 to 64
[  138.029932][ T6946] loop0: detected capacity change from 0 to 4096
[  138.039222][ T6946] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512).
[  138.094275][ T6946] ntfs3: loop0: Mark volume as dirty due to NTFS errors
[  138.108535][ T6953] netlink: 8 bytes leftover after parsing attributes in process `syz.3.493'.
[  138.109246][ T6946] ntfs3: loop0: Failed to initialize $Extend/$Reparse.
[  138.153414][ T6946] ntfs3: loop0: ino=1a, ntfs_sync_fs failed, -22.
[  138.188260][ T6071] ntfs3: loop0: ino=1a, ntfs_sync_fs failed, -22.
[  138.362746][ T5100] Bluetooth: hci3: Opcode 0x206a failed: -110
[  138.364329][   T53] Bluetooth: hci3: command 0x206a tx timeout
[  138.617567][ T6965] loop3: detected capacity change from 0 to 128
[  138.625004][ T6967] warning: `syz.0.499' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211
[  138.639413][ T6965] FAT-fs (loop3): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  138.661089][ T6965] FAT-fs (loop3): Invalid FSINFO signature: 0x41615252, 0x80417272 (sector = 1)
[  138.693479][ T6969] xt_CT: You must specify a L4 protocol and not use inversions on it
[  138.778246][ T6973] netlink: 8 bytes leftover after parsing attributes in process `syz.0.502'.
[  138.809753][ T6975] sctp: [Deprecated]: syz.3.503 (pid 6975) Use of struct sctp_assoc_value in delayed_ack socket option.
[  138.809753][ T6975] Use struct sctp_sack_info instead
[  139.073458][ T6983] loop0: detected capacity change from 0 to 4096
[  139.471666][ T6983] ntfs3: loop0: Different NTFS sector size (4096) and media sector size (512).
[  139.638545][ T6983] ntfs3: loop0: Mark volume as dirty due to NTFS errors
[  139.661550][ T6983] ntfs3: loop0: Failed to initialize $Extend/$Reparse.
[  140.192300][ T6983] ntfs3: loop0: ino=1a, ntfs_sync_fs failed, -22.
[  140.221558][ T6071] ntfs3: loop0: ino=1a, ntfs_sync_fs failed, -22.
[  140.274908][ T7010] sctp: [Deprecated]: syz.4.516 (pid 7010) Use of struct sctp_assoc_value in delayed_ack socket option.
[  140.274908][ T7010] Use struct sctp_sack_info instead
[  140.281600][ T7012] netlink: 8 bytes leftover after parsing attributes in process `syz.0.515'.
[  140.342645][ T7014] netlink: 104 bytes leftover after parsing attributes in process `syz.4.517'.
[  141.054930][ T7035] sctp: [Deprecated]: syz.3.527 (pid 7035) Use of struct sctp_assoc_value in delayed_ack socket option.
[  141.054930][ T7035] Use struct sctp_sack_info instead
[  141.097169][ T7037] IPVS: set_ctl: invalid protocol: 0 224.0.0.2:0
[  141.200529][   T53] Bluetooth: hci4: unexpected event 0x30 length: 56 > 3
[  141.978722][ T7063] loop4: detected capacity change from 0 to 64
[  142.044805][ T7067] IPVS: set_ctl: invalid protocol: 0 224.0.0.2:0
[  142.047030][   T29] kauditd_printk_skb: 11 callbacks suppressed
[  142.047044][   T29] audit: type=1326 audit(1720523803.912:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7061 comm="syz.3.537" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fef8eb75bd9 code=0x0
[  142.243290][ T7074] xt_CT: You must specify a L4 protocol and not use inversions on it
[  142.407435][ T7089] loop0: detected capacity change from 0 to 512
[  142.449189][ T7089] EXT4-fs (loop0): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  142.477272][ T7089] ext4 filesystem being mounted at /45/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  142.510191][ T7089] EXT4-fs error (device loop0): ext4_do_update_inode:5149: inode #2: comm syz.0.546: corrupted inode contents
[  142.535160][ T7089] EXT4-fs error (device loop0): ext4_dirty_inode:6009: inode #2: comm syz.0.546: mark_inode_dirty error
[  142.536357][ T7097] netlink: 32 bytes leftover after parsing attributes in process `syz.2.547'.
[  142.562257][ T7089] EXT4-fs error (device loop0): ext4_do_update_inode:5149: inode #2: comm syz.0.546: corrupted inode contents
[  142.569852][ T7097] netlink: 4 bytes leftover after parsing attributes in process `syz.2.547'.
[  142.603657][ T7089] EXT4-fs error (device loop0): __ext4_ext_dirty:202: inode #2: comm syz.0.546: mark_inode_dirty error
[  143.252716][   T53] Bluetooth: hci4: command 0x0405 tx timeout
[  143.299206][ T7103] loop1: detected capacity change from 0 to 32768
[  143.337279][ T7103] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.549 (7103)
[  143.407530][ T7123] IPVS: set_ctl: invalid protocol: 0 224.0.0.2:0
[  143.441918][ T7103] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  143.455872][ T6071] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 3: comm syz-executor: path /45/file0: bad entry in directory: rec_len is smaller than minimal - offset=12, inode=514, rec_len=0, size=2048 fake=0
[  143.478904][ T7103] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  143.488760][ T6071] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 12: comm syz-executor: path /45/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5066064, rec_len=1, size=2048 fake=0
[  143.514955][ T7103] BTRFS info (device loop1): using free-space-tree
[  143.526293][ T6071] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 13: comm syz-executor: path /45/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653246737, rec_len=1, size=2048 fake=0
[  143.593474][ T6071] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 14: comm syz-executor: path /45/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3, rec_len=0, size=2048 fake=0
[  143.692625][ T6071] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 15: comm syz-executor: path /45/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=5, rec_len=0, size=2048 fake=0
[  143.759134][ T7153] loop4: detected capacity change from 0 to 128
[  143.769108][ T6071] EXT4-fs error (device loop0): ext4_readdir:260: inode #2: block 16: comm syz-executor: path /45/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=3653245223, rec_len=1, size=2048 fake=0
[  143.790220][    C1] vkms_vblank_simulate: vblank timer overrun
[  143.811963][ T7153] VFS: Found a Xenix FS (block size = 1024) on device loop4
[  143.826235][ T7153] sysv_free_inode: inode 0,1,2 or nonexistent inode
[  143.940793][ T5097] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  144.925772][ T7153] loop4: detected capacity change from 0 to 32768
[  144.956172][ T7153] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop4 (7:4) scanned by syz.4.562 (7153)
[  145.004308][ T7153] BTRFS info (device loop4): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  145.071269][ T7153] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  145.114148][ T7153] BTRFS info (device loop4): using free-space-tree
[  145.488638][ T5105] BTRFS info (device loop4): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  145.632481][ T7202] loop3: detected capacity change from 0 to 1024
[  145.750063][ T7206] loop1: detected capacity change from 0 to 512
[  145.812710][ T7206] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  145.867272][ T7206] ext4 filesystem being mounted at /111/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  145.985302][   T29] audit: type=1800 audit(1720523807.852:93): pid=7206 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.576" name="bus" dev="loop1" ino=18 res=0 errno=0
[  146.053347][ T7220] openvswitch: netlink: Missing key (keys=40, expected=80)
[  146.126541][ T5097] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  146.283332][ T7222] wireguard0: entered promiscuous mode
[  146.288836][ T7222] wireguard0: entered allmulticast mode
[  146.389203][ T7224] loop1: detected capacity change from 0 to 8192
[  146.412396][ T2820] hfsplus: b-tree write err: -5, ino 4
[  146.453624][ T7224] REISERFS warning:  read_super_block: reiserfs filesystem is deprecated and scheduled to be removed from the kernel in 2025
[  146.516074][ T7224] REISERFS (device loop1): found reiserfs format "3.6" with non-standard journal
[  146.625959][ T7229] loop2: detected capacity change from 0 to 4096
[  146.702420][ T7229] ntfs3: loop2: Failed to load $MFT (-22).
[  146.853648][   T29] audit: type=1326 audit(1720523808.722:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7250 comm="syz.4.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff610d75bd9 code=0x7ffc0000
[  146.912214][ T4552] udevd[4552]: worker [6632] terminated by signal 33 (Unknown signal 33)
[  146.920107][   T29] audit: type=1326 audit(1720523808.722:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7250 comm="syz.4.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff610d75bd9 code=0x7ffc0000
[  146.948012][ T4552] udevd[4552]: worker [6632] failed while handling '/devices/virtual/block/loop2'
[  146.962565][   T29] audit: type=1326 audit(1720523808.722:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7250 comm="syz.4.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff610d75bd9 code=0x7ffc0000
[  147.065847][   T29] audit: type=1326 audit(1720523808.732:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7250 comm="syz.4.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff610d75bd9 code=0x7ffc0000
[  147.142575][   T29] audit: type=1326 audit(1720523808.752:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7250 comm="syz.4.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff610d75bd9 code=0x7ffc0000
[  147.238521][   T29] audit: type=1326 audit(1720523808.752:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7250 comm="syz.4.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff610d75bd9 code=0x7ffc0000
[  147.296671][   T29] audit: type=1326 audit(1720523808.752:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7250 comm="syz.4.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ff610d6cc27 code=0x7ffc0000
[  147.299038][ T7266] input: syz1 as /devices/virtual/input/input11
[  147.427968][   T29] audit: type=1326 audit(1720523808.752:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7250 comm="syz.4.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff610d115c9 code=0x7ffc0000
[  147.473220][   T29] audit: type=1326 audit(1720523808.752:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7250 comm="syz.4.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ff610d6cc27 code=0x7ffc0000
[  147.503393][   T29] audit: type=1326 audit(1720523808.752:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7250 comm="syz.4.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff610d115c9 code=0x7ffc0000
[  147.560558][   T29] audit: type=1326 audit(1720523808.752:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7250 comm="syz.4.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ff610d6cc27 code=0x7ffc0000
[  147.590594][   T29] audit: type=1326 audit(1720523808.752:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7250 comm="syz.4.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7ff610d115c9 code=0x7ffc0000
[  147.646651][   T29] audit: type=1326 audit(1720523808.752:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7250 comm="syz.4.590" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7ff610d6cc27 code=0x7ffc0000
[  148.067827][ T7304] loop1: detected capacity change from 0 to 1024
[  148.762250][    C0] eth0: bad gso: type: 1, size: 1408
[  151.882653][ T7321] input: syz1 as /devices/virtual/input/input12
[  152.238605][ T7339] loop1: detected capacity change from 0 to 512
[  152.268015][ T7339] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  152.281530][ T7339] ext4 filesystem being mounted at /124/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  152.579075][ T6071] EXT4-fs (loop0): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  152.653210][   T57] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  152.714246][ T5097] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  152.764086][   T57] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  152.874680][   T57] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  152.897625][ T7338] loop3: detected capacity change from 0 to 40427
[  153.000657][ T7338] F2FS-fs (loop3): Found nat_bits in checkpoint
[  153.001855][   T57] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  154.973592][ T7338] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  155.046483][   T57] bridge_slave_0: left allmulticast mode
[  155.052188][   T57] bridge_slave_0: left promiscuous mode
[  155.061413][   T57] bridge0: port 1(bridge_slave_0) entered disabled state
[  155.091231][ T7338] syz.3.620: attempt to access beyond end of device
[  155.091231][ T7338] loop3: rw=2049, sector=53248, nr_sectors = 112 limit=40427
[  155.158382][ T7365] loop4: detected capacity change from 0 to 256
[  155.203932][ T5100] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  155.212987][ T5100] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  155.220367][ T5100] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  155.229443][ T5100] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  155.237779][ T5100] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  155.245123][ T5100] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  155.268658][ T7365] FAT-fs (loop4): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  155.363170][ T7347] loop2: detected capacity change from 0 to 32768
[  155.371256][ T7347] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.621 (7347)
[  155.433249][ T7347] BTRFS info (device loop2): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  155.449049][ T7376] loop1: detected capacity change from 0 to 512
[  155.460486][ T7347] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[  155.472881][ T7347] BTRFS info (device loop2): using free-space-tree
[  155.482798][   T57] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  155.504274][   T57] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  155.519194][   T57] bond0 (unregistering): Released all slaves
[  155.548164][ T7376] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  155.601559][ T7376] ext4 filesystem being mounted at /131/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  155.727853][ T5097] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  155.751927][ T5103] BTRFS info (device loop2): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  155.792643][ T5142] usb 5-1: new high-speed USB device number 4 using dummy_hcd
[  155.896132][ T2820] ==================================================================
[  155.904230][ T2820] BUG: KASAN: slab-use-after-free in l2tp_tunnel_del_work+0xe5/0x330
[  155.912320][ T2820] Read of size 8 at addr ffff888067f798b8 by task kworker/u8:8/2820
[  155.920320][ T2820] 
[  155.922653][ T2820] CPU: 1 UID: 0 PID: 2820 Comm: kworker/u8:8 Not tainted 6.10.0-rc7-next-20240709-syzkaller #0
[  155.932986][ T2820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  155.943140][ T2820] Workqueue: l2tp l2tp_tunnel_del_work
[  155.948631][ T2820] Call Trace:
[  155.951929][ T2820]  <TASK>
[  155.954866][ T2820]  dump_stack_lvl+0x241/0x360
[  155.959557][ T2820]  ? __pfx_dump_stack_lvl+0x10/0x10
[  155.964764][ T2820]  ? __pfx__printk+0x10/0x10
[  155.969360][ T2820]  ? _printk+0xd5/0x120
[  155.973518][ T2820]  ? __virt_addr_valid+0x183/0x530
[  155.978644][ T2820]  ? __virt_addr_valid+0x183/0x530
[  155.983763][ T2820]  print_report+0x169/0x550
[  155.988274][ T2820]  ? __virt_addr_valid+0x183/0x530
[  155.993400][ T2820]  ? __virt_addr_valid+0x183/0x530
[  155.998528][ T2820]  ? __virt_addr_valid+0x45f/0x530
[  156.003667][ T2820]  ? __phys_addr+0xba/0x170
[  156.008185][ T2820]  ? l2tp_tunnel_del_work+0xe5/0x330
[  156.013478][ T2820]  kasan_report+0x143/0x180
[  156.017995][ T2820]  ? l2tp_tunnel_del_work+0xe5/0x330
[  156.023293][ T2820]  l2tp_tunnel_del_work+0xe5/0x330
[  156.028421][ T2820]  ? process_scheduled_works+0x945/0x1830
[  156.034153][ T2820]  process_scheduled_works+0xa2c/0x1830
[  156.039728][ T2820]  ? __pfx_process_scheduled_works+0x10/0x10
[  156.045733][ T2820]  ? __pfx__raw_spin_lock_irq+0x10/0x10
[  156.051296][ T2820]  ? assign_work+0x364/0x3d0
[  156.055900][ T2820]  worker_thread+0x86d/0xd40
[  156.060483][ T2820]  ? rcu_is_watching+0x15/0xb0
[  156.065250][ T2820]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  156.071145][ T2820]  ? __kthread_parkme+0x169/0x1d0
[  156.076168][ T2820]  ? __pfx_worker_thread+0x10/0x10
[  156.081269][ T2820]  kthread+0x2f0/0x390
[  156.085334][ T2820]  ? __pfx_worker_thread+0x10/0x10
[  156.090437][ T2820]  ? __pfx_kthread+0x10/0x10
[  156.095022][ T2820]  ret_from_fork+0x4b/0x80
[  156.099433][ T2820]  ? __pfx_kthread+0x10/0x10
[  156.104017][ T2820]  ret_from_fork_asm+0x1a/0x30
[  156.108798][ T2820]  </TASK>
[  156.111810][ T2820] 
[  156.114122][ T2820] Allocated by task 7400:
[  156.118434][ T2820]  kasan_save_track+0x3f/0x80
[  156.123103][ T2820]  __kasan_kmalloc+0x98/0xb0
[  156.127681][ T2820]  __kmalloc_noprof+0x1fc/0x400
[  156.132524][ T2820]  l2tp_session_create+0x3b/0xc20
[  156.137539][ T2820]  pppol2tp_connect+0xca3/0x17a0
[  156.142467][ T2820]  __sys_connect+0x2df/0x310
[  156.147051][ T2820]  __x64_sys_connect+0x7a/0x90
[  156.151803][ T2820]  do_syscall_64+0xf3/0x230
[  156.156294][ T2820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.162181][ T2820] 
[  156.164488][ T2820] Freed by task 7370:
[  156.168447][ T2820]  kasan_save_track+0x3f/0x80
[  156.173110][ T2820]  kasan_save_free_info+0x40/0x50
[  156.178122][ T2820]  poison_slab_object+0xe0/0x150
[  156.183045][ T2820]  __kasan_slab_free+0x37/0x60
[  156.187793][ T2820]  kfree+0x149/0x360
[  156.191674][ T2820]  __sk_destruct+0x58/0x5f0
[  156.196161][ T2820]  rcu_core+0xafd/0x1830
[  156.200393][ T2820]  handle_softirqs+0x2c4/0x970
[  156.205142][ T2820]  __irq_exit_rcu+0xf4/0x1c0
[  156.209718][ T2820]  irq_exit_rcu+0x9/0x30
[  156.213948][ T2820]  sysvec_apic_timer_interrupt+0xa6/0xc0
[  156.219566][ T2820]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[  156.225533][ T2820] 
[  156.227841][ T2820] Last potentially related work creation:
[  156.233568][ T2820]  kasan_save_stack+0x3f/0x60
[  156.238254][ T2820]  __kasan_record_aux_stack+0xac/0xc0
[  156.243657][ T2820]  call_rcu+0x167/0xa70
[  156.247819][ T2820]  pppol2tp_release+0x24b/0x350
[  156.252660][ T2820]  sock_close+0xbc/0x240
[  156.256894][ T2820]  __fput+0x24a/0x8a0
[  156.260862][ T2820]  task_work_run+0x24f/0x310
[  156.265434][ T2820]  syscall_exit_to_user_mode+0x168/0x370
[  156.271054][ T2820]  do_syscall_64+0x100/0x230
[  156.275632][ T2820]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[  156.281518][ T2820] 
[  156.283826][ T2820] The buggy address belongs to the object at ffff888067f79800
[  156.283826][ T2820]  which belongs to the cache kmalloc-1k of size 1024
[  156.297862][ T2820] The buggy address is located 184 bytes inside of
[  156.297862][ T2820]  freed 1024-byte region [ffff888067f79800, ffff888067f79c00)
[  156.311735][ T2820] 
[  156.314055][ T2820] The buggy address belongs to the physical page:
[  156.320457][ T2820] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x67f78
[  156.329323][ T2820] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[  156.338080][ T2820] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[  156.346061][ T2820] page_type: 0xfdffffff(slab)
[  156.350725][ T2820] raw: 00fff00000000040 ffff888015041dc0 0000000000000000 dead000000000001
[  156.359294][ T2820] raw: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000
[  156.367867][ T2820] head: 00fff00000000040 ffff888015041dc0 0000000000000000 dead000000000001
[  156.376523][ T2820] head: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000
[  156.385177][ T2820] head: 00fff00000000003 ffffea00019fde01 ffffffffffffffff 0000000000000000
[  156.393829][ T2820] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[  156.402476][ T2820] page dumped because: kasan: bad access detected
[  156.408876][ T2820] page_owner tracks the page as allocated
[  156.414581][ T2820] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5107, tgid 5107 (syz-executor), ts 56848345143, free_ts 12672927880
[  156.435929][ T2820]  post_alloc_hook+0x1f3/0x230
[  156.440684][ T2820]  get_page_from_freelist+0x2ccb/0x2d80
[  156.446215][ T2820]  __alloc_pages_noprof+0x256/0x6c0
[  156.451396][ T2820]  alloc_slab_page+0x5f/0x120
[  156.456144][ T2820]  allocate_slab+0x5a/0x2f0
[  156.460630][ T2820]  ___slab_alloc+0xcd1/0x14b0
[  156.465286][ T2820]  __slab_alloc+0x58/0xa0
[  156.469600][ T2820]  __kmalloc_node_noprof+0x286/0x440
[  156.474869][ T2820]  qdisc_alloc+0x97/0xa80
[  156.479181][ T2820]  qdisc_create_dflt+0x62/0x4b0
[  156.484016][ T2820]  dev_activate+0x3c0/0x1240
[  156.488598][ T2820]  __dev_open+0x352/0x450
[  156.492909][ T2820]  __dev_change_flags+0x1e2/0x6f0
[  156.497917][ T2820]  dev_change_flags+0x8b/0x1a0
[  156.502666][ T2820]  do_setlink+0xccd/0x41f0
[  156.507065][ T2820]  rtnl_newlink+0x17a9/0x2070
[  156.511741][ T2820] page last free pid 1 tgid 1 stack trace:
[  156.517539][ T2820]  free_unref_page+0xd22/0xea0
[  156.522302][ T2820]  free_contig_range+0x9e/0x160
[  156.527141][ T2820]  destroy_args+0x8a/0x890
[  156.531564][ T2820]  debug_vm_pgtable+0x4be/0x550
[  156.536402][ T2820]  do_one_initcall+0x248/0x880
[  156.541154][ T2820]  do_initcall_level+0x157/0x210
[  156.546081][ T2820]  do_initcalls+0x3f/0x80
[  156.550403][ T2820]  kernel_init_freeable+0x435/0x5d0
[  156.555599][ T2820]  kernel_init+0x1d/0x2b0
[  156.559917][ T2820]  ret_from_fork+0x4b/0x80
[  156.564322][ T2820]  ret_from_fork_asm+0x1a/0x30
[  156.569076][ T2820] 
[  156.571380][ T2820] Memory state around the buggy address:
[  156.577089][ T2820]  ffff888067f79780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[  156.585136][ T2820]  ffff888067f79800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  156.593179][ T2820] >ffff888067f79880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  156.601228][ T2820]                                         ^
[  156.607100][ T2820]  ffff888067f79900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  156.615143][ T2820]  ffff888067f79980: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  156.623193][ T2820] ==================================================================
[  156.631306][ T2820] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[  156.638501][ T2820] CPU: 1 UID: 0 PID: 2820 Comm: kworker/u8:8 Not tainted 6.10.0-rc7-next-20240709-syzkaller #0
[  156.648832][ T2820] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[  156.658892][ T2820] Workqueue: l2tp l2tp_tunnel_del_work
[  156.664374][ T2820] Call Trace:
[  156.667664][ T2820]  <TASK>
[  156.670599][ T2820]  dump_stack_lvl+0x241/0x360
[  156.675293][ T2820]  ? __pfx_dump_stack_lvl+0x10/0x10
[  156.680500][ T2820]  ? __pfx__printk+0x10/0x10
[  156.685096][ T2820]  ? rcu_is_watching+0x15/0xb0
[  156.689878][ T2820]  ? vscnprintf+0x5d/0x90
[  156.694214][ T2820]  panic+0x349/0x870
[  156.698114][ T2820]  ? check_panic_on_warn+0x21/0xb0
[  156.703228][ T2820]  ? __pfx_panic+0x10/0x10
[  156.707651][ T2820]  ? trace_irq_enable+0x2c/0x120
[  156.712603][ T2820]  ? _raw_spin_unlock_irqrestore+0xd8/0x140
[  156.718519][ T2820]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  156.724427][ T2820]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[  156.730765][ T2820]  ? print_report+0x502/0x550
[  156.735452][ T2820]  check_panic_on_warn+0x86/0xb0
[  156.740396][ T2820]  ? l2tp_tunnel_del_work+0xe5/0x330
[  156.745781][ T2820]  end_report+0x77/0x160
[  156.750034][ T2820]  kasan_report+0x154/0x180
[  156.754553][ T2820]  ? l2tp_tunnel_del_work+0xe5/0x330
[  156.759853][ T2820]  l2tp_tunnel_del_work+0xe5/0x330
[  156.764981][ T2820]  ? process_scheduled_works+0x945/0x1830
[  156.770703][ T2820]  process_scheduled_works+0xa2c/0x1830
[  156.776250][ T2820]  ? __pfx_process_scheduled_works+0x10/0x10
[  156.782229][ T2820]  ? __pfx__raw_spin_lock_irq+0x10/0x10
[  156.787861][ T2820]  ? assign_work+0x364/0x3d0
[  156.792450][ T2820]  worker_thread+0x86d/0xd40
[  156.797035][ T2820]  ? rcu_is_watching+0x15/0xb0
[  156.801798][ T2820]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[  156.807694][ T2820]  ? __kthread_parkme+0x169/0x1d0
[  156.812716][ T2820]  ? __pfx_worker_thread+0x10/0x10
[  156.817824][ T2820]  kthread+0x2f0/0x390
[  156.821888][ T2820]  ? __pfx_worker_thread+0x10/0x10
[  156.826997][ T2820]  ? __pfx_kthread+0x10/0x10
[  156.831584][ T2820]  ret_from_fork+0x4b/0x80
[  156.836000][ T2820]  ? __pfx_kthread+0x10/0x10
[  156.840583][ T2820]  ret_from_fork_asm+0x1a/0x30
[  156.845347][ T2820]  </TASK>
[  156.848567][ T2820] Kernel Offset: disabled
[  156.852875][ T2820] Rebooting in 86400 seconds..