last executing test programs:

2m9.758608348s ago: executing program 32 (id=413):
r0 = userfaultfd(0x80001)
ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x27c})
ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1})
mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0xc, 0x32, 0x0, 0xffffd000)
ioctl$UFFDIO_CONTINUE(r0, 0xc020aa07, 0x0)

2m3.441282458s ago: executing program 33 (id=576):
mkdir(&(0x7f0000000040)='./file0\x00', 0x0)
pipe2$9p(&(0x7f0000000240)={0xffffffffffffffff, <r0=>0xffffffffffffffff}, 0x0)
r1 = dup(r0)
r2 = open(&(0x7f0000000080)='./file0\x00', 0x280a00, 0x140)
mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000400)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r1}})

35.125877428s ago: executing program 5 (id=2415):
preadv(0xffffffffffffffff, &(0x7f00000003c0)=[{0x0}, {&(0x7f00000001c0)=""/83, 0x53}], 0x2, 0x154, 0x0)
setitimer(0x1, &(0x7f0000000000)={{0x100, 0x5}, {0xb, 0x4}}, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0)
write$binfmt_elf64(r0, &(0x7f00000003c0)=ANY=[@ANYBLOB="7f454c4600000007"], 0x78)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0)
setitimer(0x1, &(0x7f0000000000)={{0x0, 0x2710}, {0x77359400}}, 0x0)

35.112590609s ago: executing program 5 (id=2416):
syz_read_part_table(0x59d, &(0x7f0000000000)="$eJzs0r1Lu1cUB/CbgKSFSkQEBzsIBpdGhTjokAxWYprFiFiR0llw0EFwcJCU6OzLP6D4BuIidnYUI4hCnCSjOBcUl0wprU+hrV3aYkp/fD5LuPece08u3yfwvxYPPzWbzVgIoZn4+6e/Pc1PFHunxqZnQoiF70MI+S+/+LUSizp+u/U8WpeidTGRqe3fjL+cdtz23VdTh/GofhEP4YcQwuLjUfLfvo1P31nuKrm+sVzYXM0tPBTWnobnB/I9W/mlnZGDbHm2OzsXfVgX8dbMT9VGj++apefd9sG2aq2RuY760rGPmc9/68/573VV6pXGZP/JylC6s35Z3o5yf5U/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwwc5yV8n1jeXC5mpu4aGw9jQ8P5Dv2cov7YwcZMuz3dm5+FvfRbw181O10eO7Zul5t32wrVprZK6jvnTs3dGvf/yYv0QLfRX+mP9eV6VeaUz2n6wMpTvrl+XtKPfX9/kDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPyl/ESxd2pseiaEWPgshPDN/Xd9v+w3E2/1WNR3Hv2Wov1iIlPbvxl/Oe247buvpg6nEiEkfnfv4uNR8vNWPoR/5OcAAAD//8gGhpo=")
syz_emit_ethernet(0x0, 0x0, 0x0)
r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, 0x0, 0x0}, 0x94)
r1 = dup(r0)
ioctl$PTP_EXTTS_REQUEST2(r1, 0xc0603d0f, &(0x7f0000000040))

34.99012727s ago: executing program 5 (id=2420):
r0 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80)
bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r0, 0x10, 0x25, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1}, 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x18)
close(0x4)

34.847431463s ago: executing program 5 (id=2426):
syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000080)='./file0\x00', 0xa08886, &(0x7f0000000040)=ANY=[@ANYRES32=0x0], 0x1, 0x2b0, &(0x7f00000015c0)="$eJzs3F9IU30cx/Gvzkd9fNDJw8MDzwPVt7ypiIPbdaAjXEgDo1xYQnDMsxo7bWNnrCbhFgTedNFN/64riBCE6CIIxC66CiW866I777zIrpKITsxpbja1TJ3k+3Wxfdn39zn8zp8dtt9gs0dvXY5FHCNipqW2sUZqOyUv8zXSKrWyJC+Hroy92XP67LkTgVCo65RqMNDr86tqy77x/mujBybSf5151vKiQSZbz8/O+Wcm/538b/ZL76Woo1FH44m0mjqQSKTNAdvSwTtOzFA9aVumY2k07lipsn7ETiSTWTXjg81NyZTlOGrGsxqzsppOaDqVVfOiGY2rYRja3CRY22jmfmD1bvjJvOvKXPq16zbkxXXdwouN2zg9VNnC+XfdkvN/s9pTwjYquak3itgjmXAmXHwu9gMRiYotlrSLVz5L4RpxH4y5C5dK4fGqfyw0ffjVS1VtlWE7t5jPZcKe8rxPvK6nmCkq1sHuUJdPi8rzf0hTad4vXvmnct5fMV8vB9tK8oZ4ZfqCJMSWqfH9H2d6Ru4u5Yd9qsd6Qivyf8rg8mF6/KFK5wcAAAAAAAAAgI0w9JuK6/dGYcCNIVVtXtEv5iv9PrC0Pl8Q7A51tVdcn6+T/+uquOMAAAAAAOwiTnYoZtq2lfrFovBVfjO28/sVD6//+OC9wbXHtHV4pjrf5pM7Yb9+ovjUtyOmUV7I4urTeoM9m/xOWS7eb8p2ahbnt/qY4/3vnq67nfrvjs9qJrb+rgQAAABgKyx/6O+QXOR5Jtd35Ha15wQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwG6zgb8cm7pXqaWF4u9HlVrV3kcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC1fA0AAP//06jNAA==")
syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0x18808, 0x0, 0xf7, 0x0, 0x0)
mount$incfs(&(0x7f0000000300)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f0000000280), 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0)
r1 = openat$incfs(r0, &(0x7f0000000180)='.pending_reads\x00', 0x10b441, 0x0)
ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f00000009c0)={{}, {0x6}, 0x275811dc9b521827, 0x0, 0x0, 0x0, &(0x7f0000000480)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0, 0x0, 0x0})

34.779341574s ago: executing program 5 (id=2427):
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
sendmsg$inet(r1, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000900)=[{&(0x7f00000013c0)="d080", 0x2}], 0x1}, 0x20000801)
recvmsg(r2, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x300}, 0x40002002)

34.679608395s ago: executing program 5 (id=2432):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe3000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, 0x0}], 0x1, 0x90, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fdb000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x6c, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

34.635054826s ago: executing program 34 (id=2432):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x40, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe3000/0x18000)=nil, &(0x7f0000000280)=[@textreal={0x8, 0x0}], 0x1, 0x90, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fdb000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x6c, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

32.436910121s ago: executing program 7 (id=2487):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0x1, 0x0, 0x1}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000007c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000880)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r1}, 0x10)
r2 = add_key$keyring(&(0x7f0000000080), &(0x7f00000002c0)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff)
keyctl$restrict_keyring(0xa, r2, &(0x7f0000000300)='asymmetric\x00', &(0x7f0000000180)='i=Ov:cb2e\xdf\xff\xff\x04\x00\xff\xff\xff')

32.436398701s ago: executing program 7 (id=2488):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="05000000030000000400000002"], 0x50)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x20000000000000fe, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000005c0)={&(0x7f0000000580)='kmem_cache_free\x00', r1}, 0x10)
socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000040)={<r2=>0xffffffffffffffff})
sendmsg$inet(r2, &(0x7f0000000d40)={0x0, 0x7000000, &(0x7f00000023c0)=[{&(0x7f0000000b40)='?', 0x1}, {0x0, 0x1}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9}, 0x20001)

32.375219682s ago: executing program 7 (id=2489):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000080)=0xb309)
syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f0000000080)=ANY=[])
syz_usb_connect$printer(0x3, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="fb01"], 0x0)
syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f00000000c0)=ANY=[])

31.270766279s ago: executing program 4 (id=2528):
madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e)
mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil)
bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x14, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0xae, '\x00', 0x0, @fallback=0x35, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7fff}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10)
madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15)

31.20930032s ago: executing program 4 (id=2529):
r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f0000001440)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000700)='signal_generate\x00', r2}, 0x10)
ptrace(0x10, r0)

31.1824613s ago: executing program 4 (id=2530):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000b00)=ANY=[@ANYBLOB="12010000e09d7040460a2196324f01020301090224000100000000090400000206d3450009050102100000000009058b0240"], 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000700)={0x84, &(0x7f0000000680)=ANY=[@ANYBLOB="400a060000006eea6ff99e"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000500)={0x44, &(0x7f0000000240)=ANY=[@ANYBLOB="20131d00000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000a80)={0x1c, &(0x7f0000000900)=ANY=[@ANYBLOB="4014ef"], 0x0, 0x0})

30.362608493s ago: executing program 7 (id=2561):
syz_mount_image$ext4(&(0x7f0000001140)='ext4\x00', &(0x7f00000007c0)='./file1\x00', 0x410c84, &(0x7f00000002c0)={[{@jqfmt_vfsold}, {@barrier_val={'barrier', 0x3d, 0x7}}, {@dioread_nolock}]}, 0x21, 0x795, &(0x7f00000020c0)="$eJzs3c9rHFUcAPDvbH61aTQRBK2ngKCB0sTU2Cp6qHgQwUJBz7Zhsw01m2zpbkoTAlpE8CKoeBD00rM/6s2rP676L3jyIJaqabHiQSKzmU22zW6abJNs634+MM17M7N97zszb97b3cdsAB1rOP0nF3EwIj5IIgaz9UlE9FRT3RHHV/e7ubyUT5ckVlZe+yOp7nNjeSkfda9JHcgyj0bE9+9GHMptLLe8sDgzWSwWzmf5scrsubHyQm9ETE4XpgtzR8cnJo4ce+bY0YbV7m4l1r9+Why4+uHLT351/J93Hrny/g9JHI+BbFt9HDtlOIazY9KTHsJbvLTThbVZ0u4K0JK0aXZlDepgDEZXa00LALiPvJWN8iNWAICOkWzo+fcbCwDA/1rtc4Aby0v52tK+TyP23rUXI2Lfavy17zdXt3Rn39ntq35C0n8jueWbkSQihnag/OGI+OybN75IlzT/8/OddfyB9nn7UkScHhreeP9PNsxZ2K6nYvXe2khv9nf4tvWd1v9AO32bjn+eXRv/1c3jya2Nf6LB+KevQdttxR3b//4dKGQT6fjvhbq5bevjv7VJa0NdWe6B6pivJzlztlhI720PRsRI9PSl+fFNyhi5/u/1Ztvqx39/fvTm52n56d/1PXK/dffd+pqpycrk3cRc79qliMe6G8WfrJ3/pMn49+QWy3jlufc+bbYtjT+Nt7ZsjD9ane63JSuXI55oeP7XW0KyPj9x8fDZ2dvmJ45VL4ex2kXRwNe/fNLfrPz6858uafm19wJ7IT3//ZvHP5TUz9csb7+MHy8Pftds253jb3z99yavV9O1ccTFyUrl/HhEb/LqxvVH1l9by9f2T+Mfebxx+9/s+k/fE55uFFCDM9199fcvW49/d6XxT23r/G8/ceXmTFez8rd2/ieqqZFszVbuf1ut4N0cOwAAAAAAAAAAAAAAAAAAAAAAAADYqlxEDESSG11L53Kjo6u/4f1w9OeKpXLl0JnS/NxUVH8reyh6crVHXQ7WPQ91PHsefi1/5Lb80xHxUER83Lc/6c4erjrV7uABAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIHOgye//p37ta3ftAIBds6/dFQAA9pz+HwA6j/4fADqP/h8AOo/+HwA6j/4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACAXXbyxIl0Wfl7eSmf5qcuLMzPlC4cniqUZ0Zn5/Oj+YE4NzpdKk0XC6P50uyd/r9iqXRuIubmL45VCuXKWHlh8dRsaX6ucurs7OR04VShZ0+iAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIDtKS8szkwWi4XzEi0kVu6NarQ/0ZVdTrtQRBIR7Q9w0xreG9XY4USbb0wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA94n/AgAA///fHxMa")
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
openat$dir(0xffffffffffffff9c, 0x0, 0x242, 0x18e)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000b80), 0x8, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@metacopy_on}]})

30.190585926s ago: executing program 7 (id=2562):
syz_mount_image$ext4(&(0x7f0000000240)='ext4\x00', &(0x7f00000000c0)='mnt\x00', 0x4, &(0x7f0000000000), 0x0, 0x236, &(0x7f0000000300)="$eJzs3TFoM2UcBvDnLomf/b4gVRdBUEFEtFDqJrjURaEgpYgIKlREXJRWqC1urZOLg84qnVyKuFkdpUtxUQSnqh3qImhxsDjoELlcK9VGFFNz8t3vB5fcJe97//e4e95kOS5Aa00nmU/SSTKTpJekON/grnqZPt3cntpfTgaDx38shu3q7dpZv2tJtpI8mGSvLPJiN9nYffro54NH731jvXfPe7tPTU30IE8dHx0+dvLu4usfLjyw8fmX3y8WmU//D8d1+YoRn3WL5Jb/otj/RNFtegT8E0uvfvBVlftbk9w9zH8vZeqT9+baDXu93P/OX/V964cvbp/kWIHLNxj0qt/ArQHQOmWSfopyNkm9Xpazs/V/+K87V8uXVtdemXlhdX3l+aZnKuCy9JPDRz6+8tG1P+X/u06df+D6VeX/iaWdb6r1k07TowEmqcr/zLOb90X+oXXkH9pL/qG95B/aS/6hveQf2kv+ob3kH9pL/qG95B/a63z+AYB2GVxp+g5koClNzz8AAAAAAAAAAAAAAAAAAMBF21P7y2fLpGp++nZy/HCS7qj6neHziJMbh69XfyqqZr8r6m5jeebOMXcwpvcbvvv6pm+brf/ZHc3W31xJtl5LMtftXrz+itPr79+7+W++7z03ZoExPfRks/V/3Wm2/sJB8kk1/8yNmn/K3DZ8Hz3/9KvzN2b9l38ZcwcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABMzG8BAAD//8n0bSk=")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000540)='mnt\x00', 0x0, 0x0)
ioctl$FS_IOC_ADD_ENCRYPTION_KEY(r0, 0xc0506617, &(0x7f0000000580)={@id={0x2, 0x0, @a}, 0x40, 0x0, '\x00', @a})
mkdirat(0xffffffffffffff9c, &(0x7f0000000640)='mnt/encrypted_dir\x00', 0x0)
r1 = openat(0xffffffffffffff9c, &(0x7f0000000680)='mnt/encrypted_dir\x00', 0xd8800, 0x81)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY_ALL_USERS(r1, 0xc0406619, &(0x7f0000000080)={@desc={0x1, 0x0, @desc3}})

30.006627819s ago: executing program 7 (id=2564):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70300001d000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
r2 = socket$nl_route(0x10, 0x3, 0x0)
connect$netlink(r2, &(0x7f0000000280)=@proc={0x10, 0x0, 0x25dfdbfc}, 0xc)
sendmsg$nl_route(r2, &(0x7f0000000300)={&(0x7f0000000080), 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c00000021000f0000f901000000000002"], 0x1c}}, 0x8000)

29.994581239s ago: executing program 35 (id=2564):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="07000000040000000802000021"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70300001d000000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x18)
r2 = socket$nl_route(0x10, 0x3, 0x0)
connect$netlink(r2, &(0x7f0000000280)=@proc={0x10, 0x0, 0x25dfdbfc}, 0xc)
sendmsg$nl_route(r2, &(0x7f0000000300)={&(0x7f0000000080), 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c00000021000f0000f901000000000002"], 0x1c}}, 0x8000)

29.537682486s ago: executing program 3 (id=2571):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fd5000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="b9800000c00f3235002000003046d9ee45f43e99b99f020000b800000000ba000000003e6466f045809500100000b8460f01d1c7442400e9000000c744240218a4d8ebff1c24c441ade5d5b9b5000040b859000000ba000000000f3066baf80cb8788d688cef66bafc0cb80d000000ef", 0x70}], 0x1, 0x4f, 0x0, 0x0)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, 0x0}], 0x1, 0x1, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

29.150806772s ago: executing program 3 (id=2576):
r0 = socket$inet_udp(0x2, 0x2, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f000000bf00)={0x0, 0x0, &(0x7f000000bec0)={&(0x7f0000000000)=@ipv6_getaddr={0x18, 0x16, 0x21}, 0x18}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x40000000, 0x0, 0x0}, 0x0)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16)
connect$inet(r0, &(0x7f0000000200)={0x2, 0x0, @multicast2}, 0x10)
sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0)

28.936990766s ago: executing program 3 (id=2578):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_udp(0xa, 0x2, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000c80)={'lo\x00', <r2=>0x0})
r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f00000009c0)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000083850000007100000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r3}, 0x10)
sendmsg$nl_route_sched(r0, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=@newqdisc={0x9c, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x6c, 0x2, {{}, [@TCA_NETEM_LOSS={0x30, 0x2, 0x0, 0x1, [@NETEM_LOSS_GE={0x18}, @NETEM_LOSS_GI={0x18}]}, @TCA_NETEM_RATE={0x4, 0xd}, @TCA_NETEM_CORRUPT={0xc, 0x2}]}}}]}, 0x9c}}, 0x0)

28.66668485s ago: executing program 3 (id=2581):
syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000080)='./file0\x00', 0xa08886, &(0x7f0000000040)=ANY=[@ANYRES32=0x0], 0x1, 0x2b0, &(0x7f00000015c0)="$eJzs3F9IU30cx/Gvzkd9fNDJw8MDzwPVt7ypiIPbdaAjXEgDo1xYQnDMsxo7bWNnrCbhFgTedNFN/64riBCE6CIIxC66CiW866I777zIrpKITsxpbja1TJ3k+3Wxfdn39zn8zp8dtt9gs0dvXY5FHCNipqW2sUZqOyUv8zXSKrWyJC+Hroy92XP67LkTgVCo65RqMNDr86tqy77x/mujBybSf5151vKiQSZbz8/O+Wcm/538b/ZL76Woo1FH44m0mjqQSKTNAdvSwTtOzFA9aVumY2k07lipsn7ETiSTWTXjg81NyZTlOGrGsxqzsppOaDqVVfOiGY2rYRja3CRY22jmfmD1bvjJvOvKXPq16zbkxXXdwouN2zg9VNnC+XfdkvN/s9pTwjYquak3itgjmXAmXHwu9gMRiYotlrSLVz5L4RpxH4y5C5dK4fGqfyw0ffjVS1VtlWE7t5jPZcKe8rxPvK6nmCkq1sHuUJdPi8rzf0hTad4vXvmnct5fMV8vB9tK8oZ4ZfqCJMSWqfH9H2d6Ru4u5Yd9qsd6Qivyf8rg8mF6/KFK5wcAAAAAAAAAgI0w9JuK6/dGYcCNIVVtXtEv5iv9PrC0Pl8Q7A51tVdcn6+T/+uquOMAAAAAAOwiTnYoZtq2lfrFovBVfjO28/sVD6//+OC9wbXHtHV4pjrf5pM7Yb9+ovjUtyOmUV7I4urTeoM9m/xOWS7eb8p2ahbnt/qY4/3vnq67nfrvjs9qJrb+rgQAAABgKyx/6O+QXOR5Jtd35Ha15wQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwG6zgb8cm7pXqaWF4u9HlVrV3kcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIC1fA0AAP//06jNAA==")
syz_mount_image$ext4(0x0, &(0x7f0000000080)='./file0\x00', 0x18808, 0x0, 0xf7, 0x0, 0x0)
mount$incfs(&(0x7f0000000300)='./file0\x00', &(0x7f0000000400)='./file0\x00', &(0x7f0000000280), 0x0, 0x0)
r0 = openat(0xffffffffffffff9c, &(0x7f00000003c0)='./file0\x00', 0x0, 0x0)
r1 = openat$incfs(r0, &(0x7f0000000180)='.pending_reads\x00', 0x10b441, 0x0)
ioctl$INCFS_IOC_CREATE_FILE(r1, 0xc058671e, &(0x7f00000009c0)={{}, {0x6}, 0x275811dc9b521827, 0x0, 0x0, 0x0, &(0x7f0000000480)='\xe9\x1fq\x89Y\x1e\x923aK\x00', 0x0, 0x0, 0x0, 0x0})

28.570198201s ago: executing program 3 (id=2584):
r0 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x24008000}, 0x0)
sendmsg$TIPC_NL_MEDIA_SET(0xffffffffffffffff, &(0x7f0000000f40)={0x0, 0x0, &(0x7f0000000f00)={&(0x7f0000000000)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="010000000000000000000c000000280005801400f48004000200000000000800010000000000080001"], 0x3c}}, 0x0)
r1 = socket$inet6(0x10, 0x3, 0x0)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="2c000000190001000000000000000000021800000000fd000000ed0008000100ac1414003400080004"], 0x2c}}, 0x0)
sendto$inet6(r1, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b)

28.408380424s ago: executing program 4 (id=2587):
newfstatat(0xffffffffffffff9c, 0x0, 0x0, 0x6000)
lstat(0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000500)=ANY=[@ANYBLOB="0b00000005000000010001000900000001"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0xc, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000022007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000700)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='sys_enter\x00', r1}, 0x10)
getgroups(0x0, 0x0)

28.367690275s ago: executing program 4 (id=2588):
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x0, 0x0, 0xfc, 0x0, 0x0)
mount(0x0, &(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000280)='binfmt_misc\x00', 0x800, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mount(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140)='ramfs\x00', 0xc00, 0x0)
mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200)='cgroup2\x00', 0x4000, 0x0)
pivot_root(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file0/../file0\x00')

28.316068125s ago: executing program 3 (id=2589):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1100})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
mmap$binder(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1, 0x11, 0xffffffffffffffff, 0x10000)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x8, 0x0, &(0x7f0000000a00)=[@acquire], 0x0, 0x0, 0x0})

28.277118106s ago: executing program 36 (id=2589):
r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x1100})
r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000080)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0})
mmap$binder(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x1, 0x11, 0xffffffffffffffff, 0x10000)
ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000480)={0x8, 0x0, &(0x7f0000000a00)=[@acquire], 0x0, 0x0, 0x0})

28.263464626s ago: executing program 4 (id=2592):
r0 = epoll_create1(0x0)
r1 = socket(0x2, 0x80802, 0x0)
epoll_pwait(r0, &(0x7f0000000080)=[{}], 0x1, 0xab7, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000))
shutdown(r1, 0x0)
epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, &(0x7f0000000140)={0x40002000})

17.914155779s ago: executing program 9 (id=2764):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="05000000010000000a00000008"], 0x48)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000380)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000200), &(0x7f0000000240)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000580)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000002000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000008c0)={&(0x7f0000000040)='kmem_cache_free\x00', r2}, 0x18)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]})
epoll_pwait(0xffffffffffffffff, 0x0, 0x0, 0xfffffff3, 0x0, 0x0)

17.874216529s ago: executing program 9 (id=2766):
syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0600000004000000ff0f000007"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000400007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000180)='sys_enter\x00', r1}, 0x10)
wait4(0x0, 0x0, 0x0, 0x0)

17.665920373s ago: executing program 9 (id=2772):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000006c0)={&(0x7f0000000600)='sys_enter\x00', r1}, 0x10)
clock_settime(0x0, &(0x7f0000000140)={0x77359400})

17.578589484s ago: executing program 9 (id=2773):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000080)='./file1\x00', 0x10e, &(0x7f0000000280)={[{@init_itable_val={'init_itable', 0x3d, 0x957}}, {@nombcache}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x2a}}, {@stripe={'stripe', 0x3d, 0x8}}, {@orlov}, {@noload}]}, 0x4, 0x46b, &(0x7f00000009c0)="$eJzs289vFFUcAPDvTFt+IxXxBz/UKhobf2yhgHLwotHEgyYmXvBY20KQhRpaEyFE0Rg8GhITj8ajiX+BJ70Y9WTiVe+GhBguoqcxsztDd9fttsC2A93PJ9nueztv9r3vvHm7b+Z1AxhYY/mfJGJbRPweETua2fYCY82n69cuTP9z7cJ0Eln21l9Jo9zf1y5Ml0XL/bYWmfE0Iv00ib1d6p0/d/7UVL0+e7bITyycfm9i/tz5506enjoxe2L2zOTRo4cPHXzh+ckjfYnz3rytez6c27f7tbcvvzF97PI7P3+blPF3xNEnY702Ppllfa6uWttb0snwCnYYWsXGsGJ5N+TdNdIY/ztiKBY7b0e8+kmljQNWVVZYYvPFDFjHkqi6BUA1yi/6/Pq3fKzd7KN6V19qXgDlcV8vHs0tw5EWZUY6rm/7aSwijl3896v8EatzHwIAoM33+fzn2W7zvzQeaCl3T2xsrA2NFmspOyPivojYFRH3RzTKPhgRD3WrpMeCQOciyf/nP+mVW49uefn878Vibat9/lfO/mJ0qMhtb8R/JI2ozx5oHJOI8RjZePxkffZgjzp+eOW3z5fa1jr/yx95/eVcsGjHleGN7fvMTC1M3U7Mra5+HLFnuFv8yY2VgCQidkfEnlus4+TT3+xbatvy8fewknWmZWRfRzzV7P+L0RF/Kem9PjmxKT8fJvKz4EDXOn759dKbS9V/W/H3Qd7/W7qe/zfiH01a12vnb+bdm6P70h+fLXlNU7ul83/xhQ3F8wdTCwtnD0ZsSF5vNrr19cnFfct8WT6Pf3x/9/G/MxaPxN6IyE/ihyPikYh4tIjusYh4PCL29zgKP738xLu9jlD3+Df1eMf+yeOf6ej/0fYiHf2/mNgQna90Twyd+vG79ndcSfylvP8PN1LjxSuNz78ve8e1knbd7NkMAAAAd6s0IrZFktZupNO0Vmv+D/+u2JLW5+YXnjk+9/6ZmeZvBEZjJC3vdDXvB48k5f3P0Zb8ZEf+UHHf+IuhzY18bXquPlN18DDgtraO//KWb6359KffaMD614d1NOAuZfzD4DL+YXAZ/zC4uoz/zVW0A1h73b7/P6qgHcDa6xj/lv1ggLj+h8E1HFlSdRuAarR+//sggIExvzmW/5H8ekhkWZbdAc1YP4lI74hm9CeRrPIo2FZ1gDefqPqTCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAoD/+CwAA//9lEuuH")
bpf$PROG_LOAD(0x5, 0x0, 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x4008, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(0xffffffffffffffff, 0x8004587d, 0x0)
unlinkat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/file1\x00', 0x0)

17.290002838s ago: executing program 9 (id=2779):
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0)
bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000580)={0xffffffffffffffff, 0x0, 0x0}, 0x10)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x32600)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r0, 0x0)
r1 = socket(0x10, 0x803, 0x0)
getsockname$packet(r1, 0x0, &(0x7f0000000580))

17.070627262s ago: executing program 9 (id=2785):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001004900000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)

17.049550452s ago: executing program 37 (id=2785):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000007000000010001004900000001"], 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000080)={r0, &(0x7f0000000080), &(0x7f0000000200)=""/166}, 0x20)
bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000000)={{r0, <r1=>0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)}, 0x20)
r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000003000000650000000800000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, @fallback=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
syz_init_net_socket$bt_sco(0x1f, 0x5, 0x2)

13.008423995s ago: executing program 38 (id=2592):
r0 = epoll_create1(0x0)
r1 = socket(0x2, 0x80802, 0x0)
epoll_pwait(r0, &(0x7f0000000080)=[{}], 0x1, 0xab7, 0x0, 0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, r1, &(0x7f0000000000))
shutdown(r1, 0x0)
epoll_ctl$EPOLL_CTL_MOD(r0, 0x3, r1, &(0x7f0000000140)={0x40002000})

5.299686876s ago: executing program 1 (id=3058):
r0 = socket(0x10, 0x3, 0x0)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff00000006"], 0x48)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000002c0)='kmem_cache_free\x00', r2}, 0x18)
connect$netlink(r0, &(0x7f00000014c0)=@proc={0x10, 0x0, 0x1}, 0xc)
sendmsg$nl_route_sched(r0, &(0x7f0000000080)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f0000001540)=@newtaction={0x18, 0x30, 0x829, 0x0, 0x0, {}, [{0x4}]}, 0x18}}, 0x0)

5.285193186s ago: executing program 1 (id=3059):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0xb, 0x5, 0x400, 0x9, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{}, {}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)
mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil)

5.258698457s ago: executing program 1 (id=3060):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000000)='tlb_flush\x00', r1}, 0x10)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000300)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='tlb_flush\x00', r2}, 0x10)

5.235558697s ago: executing program 1 (id=3063):
mremap(&(0x7f0000001000/0x3000)=nil, 0x3000, 0x4000, 0x3, &(0x7f0000005000/0x4000)=nil)
bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000a80)={0x0, 0xffffffffffffffff, 0x0, 0x2c, &(0x7f0000000000)='/proc/sys/net/\x00\x00v4\x00\x00s/\x92ync_\x00le\xf44.\xab%nN\xd4\xa2\x88\x00\xd1l,'}, 0x30)
r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
fchdir(r0)
r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x8000, 0x0)
getdents64(r1, &(0x7f0000000f80)=""/4096, 0x1000)

5.204313748s ago: executing program 1 (id=3066):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x141, 0x48, 0x13, 0x44, 0x20, 0x424, 0x7500, 0x69ee, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xb8, 0x7, 0x2, 0x96, 0xd1, 0xca, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0xd, 0x0, 0x6}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000900)={0x84, &(0x7f00000003c0)={0x0, 0x17, 0x4, "abe763a8"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000001540)={0x44, &(0x7f0000001180)={0x0, 0x13, 0xa, "c9152375c679f56ff3aa"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000740)={0x44, &(0x7f0000000180)=ANY=[@ANYBLOB="601004"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

2.833118605s ago: executing program 2 (id=3126):
r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000001400)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000020000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x10)
r2 = socket$netlink(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'batadv_slave_0\x00', <r3=>0x0})
sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@newqdisc={0x38, 0x24, 0xd0f, 0x70bd2c, 0x25dfdbfd, {0x60, 0x0, 0x0, r3, {0x0, 0x3}, {0xffff, 0xffff}, {0xfff1, 0xfff2}}, [@qdisc_kind_options=@q_fq={{0x7}, {0xc, 0x2, [@TCA_FQ_QUANTUM={0x8, 0x3, 0x80000100}]}}]}, 0x38}, 0x1, 0x0, 0x0, 0x80d1}, 0x3000c81c)

2.774637786s ago: executing program 2 (id=3131):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0)
r1 = syz_pidfd_open(r0, 0x0)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100001f00702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000001000000b703000000000000850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10)
pidfd_send_signal(r1, 0x2, 0x0, 0x0)

2.748305137s ago: executing program 2 (id=3134):
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x1, 0x1, 0x86, 0x10, 0x20f4, 0xe05a, 0x6c6d, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x69, 0x2, 0x2, 0xff, 0x5a, 0xa3, 0x0, [], [{{0x9, 0x5, 0x4, 0x2, 0x10, 0x0, 0xfa}}, {{0x9, 0x5, 0x82, 0x2, 0x40}}]}}]}}]}}, 0x0)
syz_usb_control_io$printer(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000440)={0x2c, &(0x7f0000000280)={0x0, 0x16, 0x6, "20fc94453a41"}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000500)={0x44, &(0x7f00000001c0)={0x20, 0x0, 0x1, "1d"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

2.429947792s ago: executing program 1 (id=3141):
r0 = syz_usb_connect$cdc_ncm(0x2, 0x6e, &(0x7f0000000140)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5, 0x24, 0x0, 0x8000}, {0xd, 0x24, 0xf, 0x1, 0x1}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x400, 0x0, 0x1, 0x1}}, {{0x9, 0x5, 0x3, 0x2, 0x200, 0x0, 0x21}}}}}}}]}}, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000006c0)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x209, 0x4, 0x1000, 0x1, 0x10, 0x10, 0x10, 0x14, 0x2, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0})
syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0)
syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)

2.133865046s ago: executing program 8 (id=3143):
r0 = socket$inet6_udp(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r0, 0x29, 0x20, &(0x7f0000000000)={@loopback={0xfec0ffff00000000}, 0x8000000, 0x0, 0x3, 0x1, 0x2}, 0x20)
r1 = socket$inet6(0xa, 0x2, 0x0)
setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f0000000280)={@mcast2, 0x800, 0x0, 0x103, 0x1}, 0x20)
r2 = syz_open_procfs(0x0, &(0x7f0000000140)='net/ip6_flowlabel\x00')
pread64(r2, &(0x7f0000001480)=""/4122, 0x101a, 0x9a)

2.062667077s ago: executing program 8 (id=3144):
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]})
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r0, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
io_cancel(0x0, 0x0, 0x0)

2.055421638s ago: executing program 8 (id=3145):
chroot(0x0)
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="020000000400000005000000020000000410"], 0x50)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000010007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10)
prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]})
pivot_root(&(0x7f00000024c0)='./file0/../file0\x00', 0x0)

2.030255518s ago: executing program 8 (id=3147):
syz_mount_image$f2fs(&(0x7f00000004c0), &(0x7f0000000440)='./file0\x00', 0x2008410, &(0x7f0000001f80)=ANY=[@ANYBLOB="66617374626f6f742c71756f7461000000000000003b814e50a959736d65720f73ecea54b5e5be45ace9a88f723cb005aeff24212c651baef614d442ae89412ad3dcd0b7586d02002a6d6d65cacd4fc5002207ce994dda65c4b1d23a9bd5ba0f4ce5c2b5a5718c6aa918080002223d2753a5cac974110144cd0a1e368652324a41b31e1eb3b32dccbdf8f68bd96a45a75427a5f789d267fd92f6a5540200b81d5b9fa9b40fe4d7fbd50a6afc3a989c6d60045663c59cbdc4c700000000bc7f6b22df0191acf5912afdcc1c061835177068c40f757dd123d2600b1c544f1525aa8d00000000000000000000002e8b5c733d362417c17f527c0bfebec112d57fc69fabb9b31ef97b2147931ff60cdf666c25244218b1f1a6010000000100000020563b835d0e8e9a09070ef1691fcb2f37bda5d4e3d9d7a2d0ac82b45a53001057f321acc45d5e065a461de90100000077d200000000000040b78f0dd3836f5ab2f6a1a5b798bb7752f192c6b48e568973a59cd9c74bd9a14721856c5499cd8f93f8beaa9cf76718ce7244c8426803000000005c000208886b313bd01a22d576e414011a4f0a897515329f86d4585fa0ea17068f8af349696da4a2b3e24310ca52ec51bc23b57897cb55a2d513e6a00765ee3f58b471c54dd57f0af584afe4a21f92b515d7f2fa6fbb273ca0f751e684584320534667aea39ad7222c8ef531f514939177a47395e94c1723abb3fd44fd64fde4b45cc2f55f4ae05ff48648a4c998257856bcdcf2fa02010000001f54fb936570450e91c8d55abad76a7b7a000016f81ec9da9ccc1191c211632266d907e4d9b23496ae19bac24dc23c43f514f1b4af19988bbe61ee29a368a999435d6872d01b79c7821e875859dfbf3c57e4f1fb0be46cb5f7a0fa13516c0926d19dd2d5862085e1e4cb8279be17cba17ee4d06ad97b4ca282e73ea142b01b4a742fa11c0927ba811dd60903d575db449d775021b542db617086b3ed42e6e60fe043cff79b0c067c584bbf82657974c3736912b4b522052b9467d0da116ccc1652d861a420f09aaf67d3e9f6160100000001000000ae6335ad9896abd3cc00413638cb9bc62ab8054325d72e9144cf4f88702f586507e3147198e0bc4060a7c8f4dce73b653177ecf8228e6e6fae02510000000000000000000000000000f43739fdd2d24e50e0233acfe1c8639070fe00f40b0d01f8a0a35fcfe3ea10faf9c24b8488ed4ed83fb06a9a7c57442ede9e1fc2853b8f4d2241cff61d0125b7750e3fdae6a4ab9c776a191ed8098a780ea2bbaa64978cd3a6458fcc6b949bcbca0dceb7361f66e46731eba4f3aed335e7c8c541e82453218a19d39489e1525466ac93759787e767f601931d94c9c426489b741a6bc8abf475e4bf859e1ce7f7227069e9f51e25fa3d1b18dc565180a1af464a1dd697db85e2b27b90f6bd7cf1b6bc0bcd8ba552ced3d3cfbf9c9bc04f65b6f83cb40173b4bdc393d47e5da95b63a40ac18daf11e8d0706b47795fbe2b56d0ea7ffc5a59ede88621a08b25ca6ebe041317b62373a60951af33eb7954a9731aaa125add0913ed2435a207439e9122512d77096747a4b404459cebc8faff8f7a31758e630c75a1ff90402754d339dc21cf6b8e04e1aedf14df0b4aaf0e03194df3eb41ba066bc343b323a3162d7e7ba687633c2faa8f28b42364b72e3a457476fd6b2a54e670ba798172c44c4390f73fdab743a4cac88b2bd0545b8483f2e2f9846b138a4d8a7332978da70e9050417087c5ae034a735e8b448dd9701404", @ANYRES64], 0x1, 0x553b, &(0x7f000000ac00)="$eJzs3EtvG1UUAOA7TtPSJxFiwa4jVUiJVFt12lSwC9CKh0gV8ViwAsd2LLe2J4odJ2SFBEvEgn+CQGLFkt/AgjU7xALEDgnkuWNKKI9WduKk/T5pfGbujM+cO7ISnRnLAXhiLaS//pyES+FsCGEuhHAhCfl6Uiy51RieCyFcDiGU/rIkxfifA6dDCOdCCJdGyWPOpNj1+dXhlZWf3vjlm+/OnDr/xdffz27WwKw9H0LobsX13W6MWSvGu8V4bdjOY/fGsIhxR/desZ3FuNvcyDPs1sbH1fJ4vRWPz7Z2+qO42anVR7HV3szHt3rxhP1ha5wnf8Pd2na+3Whu5LHdz/LY2o917e3Hv237/UHM0yjyfZinD4PBOMbx5l4zzmfrXh7rvUExHvNmjebeKA6LWJwu1LNOI69jY5Irfby92e7t7KXD5na/nfXSlUr1hUr1Zrm6nTWag+aNcq3buHkjXWx1RoeVB81ad7WVZa1Os1LPukvpYqteL1er6eKt5ka71kur1cr1yrXyylKxdjV99c67aaeRLo7iy+3ezul2p59uZttpfMdSuly5/uJSeqWavr22nq6/dfv22vo77996785La6+/Uhz0QFnp4vK15eVy9Vp5ubp0DOY/+r/7kPMfTDL/T4qiH2H+yWSXB/6bDxjAI3ug/w/6f+DwnfT+P0yz/x+1VPr//+9/S5P3/xP1v8e1/z/B84eJ6P8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAJ5YP8x/+Vq+shC3zxfjF4uhZ4rtJIRQCiH8/g/mwukDOeeKPPP/cvz832r4Ngl5htE5zhTLuRDCarH89vRhXwUAAAB4fH310eXPYrceXxZmXRBHKd60KV34YEr5khDC/MKPU8pWGr08O6Vk+ef7VNibUrb8BtZTU0oWb7mdmla2hzI3Dh9fvD+YTyiJoXSk5QAAAEdi7kA42i4EAACAo/TprAtgNpIwfpQ5fhacf/P+/qPNswf2AQAAACdQMusCAAAAgEOX9/9+/w8AAAAeb/H3/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD4g537uU0ciOIA/GwwsP+0aLX3bWVvUEZKyDHHQAFpghJIC2mAGsgtJUQQYY+QHIEUiXGsoO+TPM7Y0W9mgMsbSwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6NJztZ4/3v97uDRnt79MntUAAAAAp2yr9bz+Y9r0f6Trv9KlP6lfREQZEadq90GMWpmDlFOd+f/q3RyeIuqEwxjjdHyPiP/peP3d9acAAAAA12uzXM2aar1ppn1PiM/UbNqUP28y5RURUU1fMqWVh+ZvprD69z2Mu0xp9QbWJFNYs+U2PH1vlGuQtkHrlFYyWdRfYt0ruxkXAADoU7sSOFOFAAAAcAVu+54A/SiOzfE547g5pQeC31o9AAAA4Asq+p4AAAAA0Lm6/vf+PwAAALhuzfv/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6NK2Ws83y9Xs3P3FB3N2+8vkWxEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwBv7844CIRAGYbB3fWcy9z+sNGhobFIFwsffGAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXOzPSwqEQBBEwZzxv5O+/2ElQc8gQgQ0PKqoRQMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXOzcP28cRRQA8Hd7t5c/gDAGuTCgIFFAQ+xLSEgJBcii4CMgWc45GC4EEhckskBuoEKu0yAoEUICmS7fIXUspQldChdGogbt3u5lkxhyiszuEv9+0uy8Pa9m3uydLD/P2gAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABAafedeCkp4m52mBnH5Wu39jZWsn7ngT5zY+v2fNayuPOoib55++CTb7eXqycn5ionX9WfDAAAAIdDt6zvI+JOur2U9clMXv+n5TVZzf/9M+O4rOcfrPt39jaOFl+aL+v/3369+8JkopnxPNmgq2uj4eLDqfT+oyW23rOPvKKX3/n8dy/d/A1J3t98fjfN72fn25s33+3n4ZE6sgUAHsfJsi+C8uehrB80mRgAh0avUniX9X93ptmcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOqwuxlPlXEnIuZ79+LMzt7Gyn79ja3b82U7e/36VnXMbIg0IlbXRsO0xrW03ZWr1z5ZHo2Gl+sPTkREc7MXwYdTXBPx79cUH89obhX/HHTakUajQVK8P23J5yCD8rN38CM39A0JAIAnVlq0rK6/k24vZa91ZiP++uH++v+1ShxT1v93Pzp7qzpXtf4f1LbC9ltYv/jZwpWr195Yu7h8YXhh+OmbpwZvDU6fO3Pm3EJ2rxYXViMZLjadJgAAAP9j/aJV6/9k9uH9/+OVOKas/z//bvBlda6u+n9f9zb9ms4EAADgMOpPoude+fOPzj5XdPr9+GJ5ff3yYHycnJ8aH2tN9zEdKVq1/u/ONp0VAAAAUIfdzc59+//nK3FMuf//9I8v/lwdsxsRxyIuRcTw5Mql0fn6ltNqdfyhcj5Rv+mVAgAA0JRjRavu/6f58//J5JGHJCJef3Ucl//rapr6v/ve1z9V56o+/3+6viW2UjI3vh95PxfRm2s6IwAAAJ5kR4uWFfu/p9tLH/9y/IO+5/8BAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA6vZ3AAAA//+pzDYD")
r0 = openat(0xffffffffffffff9c, &(0x7f0000000200)='./bus\x00', 0x141842, 0x9)
write$cgroup_devices(r0, &(0x7f0000000080)={'b', ' *:* ', 'm\x00'}, 0x8)
ioctl$F2FS_IOC_SET_PIN_FILE(r0, 0x4004f50d, &(0x7f0000000000)=0x201)
r1 = open(&(0x7f0000000000)='./bus\x00', 0x1, 0xc32a4cddd557707a)
fallocate(r1, 0x0, 0x0, 0x9000f4)

1.620869554s ago: executing program 8 (id=3153):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x5)
syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fd6000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, &(0x7f0000000280)="65420f706300c0420f78b800000100c4a13d73d4def242af66baf80cb840386286ef66bafc0cb8d08d0000ef66baf80cb84c468189ef66bafc0ced653e660f388130640fc71e0f35420ffade", 0x4c}], 0x1, 0x56, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

1.353564439s ago: executing program 8 (id=3158):
r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x56a, 0x331, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x80, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x1, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x4f8}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0x4}}}}}]}}]}}, 0x0)
syz_mount_image$ext4(&(0x7f0000000180)='ext4\x00', &(0x7f00000001c0)='./file0\x00', 0x800700, &(0x7f0000000000)={[{@nodioread_nolock}, {@sysvgroups}, {@debug_want_extra_isize={'debug_want_extra_isize', 0x3d, 0x4c}}, {@auto_da_alloc_val={'auto_da_alloc', 0x3d, 0x7ff}}, {@grpid}, {@acl}, {@usrjquota}, {@grpjquota}, {@usrquota}, {@dioread_lock}]}, 0x5, 0x47a, &(0x7f0000000200)="$eJzs28tvVNUfAPDvvX3A78ejFfEBolaJsfHR0oLKwo1GExcYTXSBy9oOpGGghtZECJFqDG5MDIlu3BiXJv4F7twYdWXiFveGhCgb0FXNnXtvmQ4zfTHMIPP5JNOec++5Pefbe8/cc8+ZCaBnjWQ/kojtEXEpIoby7MoCI/mv61fPTf999dx0EktLb/2Z1Mpdu3puuixaHretyIymEeknSVHJsoHsx/yZsyemqtXK6WLj+MLJ98bnz5x9dvbk1PHK8cqpycOHDx2ceOH5yefaEmcW17W9H87t2/PaOxdfnz568d2fv8vau73YXx9Hu4xkgf+1VNO474l2V9ZlO+rSSX8XG8KG9EVEf9EpL8VQ9MWNkzcUr36cp4a710DgtsnuTVta715cAu5iSXS7BUB3lDf67Pm3fHVo6HFHuPJS/gCUxX29eOV7+iMtygw0PN+200hEHF385+vsFbdpHgIAoN5n018eiWeajf/SuL+u3M5iDWU4Iu6JiF0RcW9E7I6I+yJqZR+IiAc3WP9IQ/7m8U96eVOBrVM2/nuxWNtaOf4rR38x3FfkdtTiH0iOzVYrB4r/yWgMbMnyE6vU8cMrv33eal/9+C97ZfWXY8GiHZf7GyboZqYWpvJVtFt35aOIvf3N4k+WVwKSiNgTEXs39qd3lonZp77d17BveYlx7fhX0YZ1pqVvIp7Mz/9iNMRf39hV1ifHt0a1cmC8vCpu9suvF95sVf+64/+qTSe8wZVK/rvu/DcWGd5aJGrrtfMbr+PC75+2fKbZ7PU/mLxdOy+DxbYPphYWTk9EDCZHavkV2ydvHFvmy/LZ9T+6v3n/31Uck9XzUERkF/HDEfFIRDxatP2xiHg8IvavEv9PL7feV8Yf6Sau/zbI4p9p+v63fP0PJ/Xr9ZtI9J348ftW9a/v/B+qpUaLLbX3vzWst4G38r8DAACA/4q09hn4JB1bTqfp2Fj+Gf7d8f+0Oje/8PSxufdPzeSflR+OgbSc6Roq5kOrs9XKRLJY/MV8fnSymCsu50sPFvPGX/T9r5Yfm56rznQ5duh121r0/8wffd1uHXDbNVtHmxzsQkOAjmvs/+nK7Pk3OtkYoKN8Xxt61xr9P+1UO4DOc/+H3tWs/59vyFsLgLuT+z/0Lv0fepf+D71L/4eedCvf6+/ZRBIRHav06Mn8TN0hsUeUiXQThydxZ0QhsWai2+9MAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7fFvAAAA///e3ua/")
syz_usb_control_io(r0, 0x0, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7020000111e6ca5b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x5, 0x3, &(0x7f0000000200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x3}}, 0x0, 0x3, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94)
syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000140)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0)

568.108441ms ago: executing program 6 (id=3191):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000e000018110000", @ANYRES32, @ANYBLOB="0000000000000000b708000000ffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000840)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10)
bpf$MAP_CREATE(0x300000000000000, &(0x7f0000000100)=@base={0x18, 0x4, 0x41, 0x0, 0x1, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x4002, 0x5}, 0x48)

534.465091ms ago: executing program 6 (id=3193):
r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x20000, 0x0)
ioctl$TCSETS(r0, 0x40045431, &(0x7f0000001200)={0x0, 0xffffff1e, 0xffffffff, 0x4, 0x16, "001bf100eeff0000a2c2000100000000002000"})
r1 = syz_open_pts(r0, 0x28101)
r2 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000100))
dup3(r1, r0, 0x0)

520.992322ms ago: executing program 6 (id=3195):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000180)='./bus\x00', 0x1000e, &(0x7f0000000300), 0x3, 0x445, &(0x7f0000000b00)="$eJzs28+PE1UcAPDvTLeLCLgr4g9+qKto3PhjlwVUDh7UaOIBExM96HGzuxCksIZdEyFEwRg8GWPi3Xj0X/CkF2M8mXjVuyEhhgvgqWbaGbYtbdktLUX6+SQD78282fe+nXnte/PaAEbWVPZPErE1Iv6MiIl6trnAVP2/q5fPLly7fHYhiWr13X+SWrkrl88uFEWL87bkmek0Iv0iid1t6l05feb4fKWydCrPz66e+Gh25fSZF46dmD+6dHTp5P5Dhw4emHv5pf0v9iXOrE1Xdn26vGfnWx988/bhr5rib4mjT6a6HXy6Wu1zdcO1rSGdjA2xIWxIKSKyy1Wu9f+JKMXaxZuINz8fauOAgapWq9UtnQ+fqwJ3sSSa87o8jIrigz6b/xZb6yDg1cENP4bu0mv1CVAW99V8qx8ZizQvU26Z3/bTVES8f+7f77ItBvMcAgCgyU/Z+Of5duO/NB5qKHdfvjY0GRH3R8T2iHggInZExIMRtbIPR8QjG6y/dZHkxvFPerGnwNYpG/+9kq9tNY//itFfTJby3LZa/OXkyLHK0r78NZmO8qYsP9eljp/f+OPrTscax3/ZltVfjAXzdlwc29R8zuL86vytxNzo0vmIXWPt4k+urwQkEbEzInb1WMexZ3/Y0+nYzePvog/rTNXvI56pX/9z0RJ/Iem+Pjl7T1SW9s0Wd8WNfvv9wjud6r+l+Psgu/73tr3/r8c/mTSu165svI4Lf33ZcU7T6/0/nrxXS4/n+z6ZX109NRcxnhyuN7px//61c4t8UT6Lf3pv+/6/PdZeid0Rkd3Ej0bEYxHxeN72JyLiyYjY2yX+X19/6sPe4x+sLP7FDV3/tcR4tO5pnygd/+XHpkonb4j/Wvfrf7CWms73rOf9bz3t6u1uBgAAgP+fNCK2RpLOXE+n6cxM/fvyOyLSyvLK6nNHlj8+uVj/jcBklNPiSddEw/PQuXxaX8+fj4j6VwuK4wfy58bfljbX8jMLy5XFYQcPI25Lh/6f+bs07NYBA+f3WjC69H8YXfo/jC79H0ZXm/6/eRjtAG6/dp//nw2hHcDt19L/LfvBCDH/h9Gl/8Po0v9hJK1sjpv/SL5rovhLPZ5+1yaifEc0Y2CJSO+IZkgMKDHc9yUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIB++S8AAP///fHg0g==")
unshare(0x20000400)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000840)='memory.events.local\x00', 0x275a, 0x0)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='cpuacct.usage_percpu\x00', 0x275a, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r1, 0x8004587d, &(0x7f0000000580)={@desc={0x1, 0x0, @desc4}})
fdatasync(r0)

414.681363ms ago: executing program 6 (id=3197):
r0 = socket$inet(0x2, 0x3, 0x4)
setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000000c0)='ip6_vti0\x00', 0x10)
connect$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @private=0xa010100}, 0x10)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}}, 0x24}}, 0x0)
sendmmsg$inet(r0, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10, 0x0}}], 0x68000, 0xe000)

344.674574ms ago: executing program 6 (id=3200):
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x94)
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x16, 0x0, 0x4, 0x1}, 0x50)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x78}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18)
syz_emit_ethernet(0xfffffffffffffeb5, &(0x7f0000000200)={@random="e90c630faca2", @link_local, @val={@val={0x88a8, 0x5, 0x1}, {0x8100, 0x0, 0x1, 0x2}}, {@ipv4={0x800, @udp={{0x5, 0x4, 0x2, 0x1c, 0x1c, 0x0, 0xe000, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x8}}}}}, 0x0)

344.125864ms ago: executing program 6 (id=3201):
openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0)
ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000080)=0xb309)
syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f0000000080)=ANY=[])
syz_usb_connect$printer(0x3, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="fb01"], 0x0)
syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f00000000c0)=ANY=[])

139.779457ms ago: executing program 0 (id=3205):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x1, 0x1, 0x0, 0x1000, &(0x7f0000fe6000/0x1000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000040)="ff5654da4949fa8346250066baa00066ed67a8f77b3737c7190fc75926640f0866b800000f08b80500000066b82a018ee00f01d8", 0x34}], 0x1, 0x8, 0x0, 0x0)
ioctl$KVM_RUN(r2, 0xae80, 0x0)

139.454837ms ago: executing program 0 (id=3206):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x200, 0xa)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2)
ioctl$KVM_CREATE_DEVICE(r1, 0xc00caee0, &(0x7f0000000100)={0x4, <r2=>0xffffffffffffffff})
ioctl$KVM_SET_DEVICE_ATTR(r2, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x1, 0x1, &(0x7f0000000180)=0x6})

139.086517ms ago: executing program 0 (id=3207):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0xa2, 0x0, 0x0)
r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x68803, 0x0)
ioctl$KVM_GET_SUPPORTED_CPUID(r3, 0xc008aec1, &(0x7f0000000000))

113.242628ms ago: executing program 2 (id=3208):
r0 = openat$kvm(0x0, &(0x7f00000002c0), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f00000000c0)={0x79, 0x0, 0x1})
ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000400000004"])
r2 = eventfd2(0x8, 0x1)
ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000080)={r2, 0x4})

112.635668ms ago: executing program 0 (id=3209):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x60242, 0x0)
ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000f40)={'pimreg\x00', 0x3c32})
sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010024bd7000fc0ddf2500000000", @ANYRES32=0x0, @ANYBLOB="1b0b04000300000008001b"], 0x28}, 0x1, 0x0, 0x0, 0x68010}, 0x0)
ioctl$TUNGETVNETHDRSZ(r1, 0x800454d7, 0x0)
pwrite64(r1, &(0x7f0000000480)="572654b114b1a904009a390786dd", 0xe, 0x100000000)

75.378998ms ago: executing program 2 (id=3210):
bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
sendmsg$tipc(0xffffffffffffffff, 0x0, 0x2000c041)
sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x48a, &(0x7f0000000000)={[{@jqfmt_vfsold}, {@usrjquota, 0x22}, {@errors_continue}, {@noload}, {@data_err_ignore}, {@usrjquota, 0x22}, {@errors_continue}, {@errors_remount}, {@noblock_validity}]}, 0x1, 0x44e, &(0x7f0000000900)="$eJzs3M1vG0UbAPDHdpw0bfMmbykfDS0ECiLiI2nSD3rgUgQSB5CQ4FDEKSRpFeo2qAkSrSIIHMIRVeKOOCLxF3ChXBBwQuIKd4QUoVwonIzW3k3dxE7ixIlL/ftJm8x4xpp5dnfs8azXAXSsoeRPLuJgRPwaEf3V7J0Vhqr/bq0sTP69sjCZi3L5jT9zlXp/rSxMZlWz5x2oZsrlDdpdejtiolSavprmR+cvvzc6d+36czOXJy5OX5y+Mn727KmTx7rPjJ9uSZx9SV8HP5w9euSVt268Nnn+xjs/fp3092BaXhtHqwxV925dT7a6sTbrq0nnutrYEZpSiIjkcBUr478/CtG7WtYfL3/S1s4Bu6pczpd7GhcvloF7WDJRBzpR9kaffP7Ntj2aetwVls/F6jrGrXSrlnRFPq1TTD8j7YahiDi/+M8XyRa7tA4BAFDr5rmIeLbe/C8fD9TU+196bWggIv4fEYci4r6IOBwR90dU6j4YEQ812f7aKyTr5z/l/m0FtkXJ/O+F9NrWnfO/bPYXA4U011eJv5i7MFOaPpHuk+Eo9iT5sQ3a+O6lXz5rVFY7/0u2pP1sLpj244+uNQt0UxPzEzuJudbyxxGDXfXiz63OeZP58ZGIGNxmGzNPf3W0Udnm8W+gBZPy8pcRT1WP/2KsiT+Ta3h9cuz5M+OnR/dFafrEaHZWrPfTz0uvN2p/R/G3wPLNcuyve/6vxj+Q2xcxd+36pcr12rnm21j67dOGn2m2e/53596spLvTxz6YmJ+/OhbRnXt1/ePjt5+b5bP6yfk/fLz++D8Ut/fEwxGRnMTHIuKRiHg07ftjEfF4RBzfIP4fXnzi3ebj32BVvoWS+Kc2O/5Re/ybTxQuff9N8/FnkuN/qpIaTh/ZyuvfVju4k30HAAAA/xX5ynfgc/mR1XQ+PzJS/Q7/4difL83OzT9zYfb9K1PV78oPRDGfrXT116yHjqVrw1l+fE3+ZLpu/Hmht5IfmZwtTbU7eOhwBxqM/8TvhXb3Dth17teCzmX8Q+cy/qFzGf/QuYx/6Fz1xv9HbegHsPc2ef/v3at+AHvP/B86l/EPncv4h47U8N74/I5u+ZdoU+Lb7p39VsPWE5G/S0K+ZxLFqFvUteUfs9hmoqduUbtfmQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFrj3wAAAP//j57jFA==")
mount(0x0, &(0x7f0000000240)='.\x00', 0x0, 0x2300021, &(0x7f00000002c0)='\x17\xec\xa5Y\xf0\xcc\xda\x84y\xb5\xb2Fm\xa4\xef\x90\x8a\x11\xa9\x81\xab\xb1\bZ\xc91\xd8(O[\xbd\xc5\n^\xa5\xc6\x7f+E\xef\xf3\xaa\xd8]0rQ#\x8f\x1c\x01\xcd\x1f\xf3\x11{\x01\xd8\xcc\x8e\xcec\xc4p\xe76;\x1f\xe6\xb0:\xaaP\x9fr\xeff\xe8\x98l\xbf\xed\xd0IG>\x8e\xe1\x10\xa6?\xcf\x85-\x03H\"\x92&\x1eF\xfe)\x16\xf0!I\x88|.z')

74.831229ms ago: executing program 2 (id=3211):
syz_mount_image$f2fs(&(0x7f0000000140), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f0000000a00)=ANY=[], 0x2, 0x5515, &(0x7f00000079c0)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0pdBd1Vn8AU7lFEXrjRN0pCZvJQmzdSuZuFSXPhNRMGVSz+DC9fuxIXiTlByz61OHQWhaWOnvx/cPPecnDx5TiiB596SAM6s+eyXn0pxLS5FxGxEXI3Iz0vFkVtL4YWIuB4RM08cpWL+j4nzEXE5Iq6Nk6ecpeKpz26Obqz++NbPX3974dyVz7/6bnq7BqbtxYjobqfzR93xF8XjiFYaPyjma6N2HrsroyKmJ7oPi3E/xUfNzW4eawfranlcbqX1/e3dwThudWr1cWy1t/L57V56w8GodZAnf8GD2k4+bjQ389ge9PPY2k917e2n77b9wTDlaRT5PsrTx3B4ENN8c6+Z9rP9MI/13rCYT3n7jebeOI6KWLxd1PudRl7H5hE/7P+wt9u93b1s1NwZtPu9bLVSfalSvV2u7vQbzWFzpVzrNm6vZAutznhZedisddda/X6r06zU+93FbKFVr5er1WzhTnOzXetl1WpluXKrvLpYnN3MXr/3XtZpZAvj+Gq7tztsdwbZVn8nS69YzJYqyy8vZjeq2TvrG9nG/bt31zfe/eDO+/deWX/ztWLRU2VlC0u3lpbK1VvlperiGdr/x0XRE9w/HElp2gUAnD76f2Aanur/x33wRPr/nfsRx9//h/5/Ik5V/3vW+/9j2D8cif4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODM+n7uizfyk/k0vlLM/6+Yeq4YlyJiJiJ++xuzcf5Qztkiz9w/rJ/7Sw3flCLPMH6PC8VxOSLWiuPX/x/3pwAAAADPri8fX/80devpYX7aBXGS0kWbmasfTihfKSLm5n+YULaZ8cPzE0qW/32fi70JZcsvYF2cULJ0ye3cpLL9K7OHwsUnQimFmRMtBwAAOBGHO4GT7UIAAAA4SZ9MuwCmoxQHtzIP7gXn/3n/5w3BS4dGAAAAwClUmnYBAAAAwLHL+3+//wcAAADPtvT7fwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA8Ds793ObOBDFAfgZ8ML+06LV3reVvUEZW0KOOSIKSBMUkANpIQ1QA7mlhAgiPBMCEYcgG1uJvk8ygy3zY8aCw7yRBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAALikh3I5vZv9vambs9nW08xoAAAAgFPW5XJavRmn8+/5+s986Xc+LyKiFxGn5u79+HKU2c855ev9t4f3l2/6cB9RJey+Y5iPbxHxLx9Pvy79FAAAAODzWs0XkzRbTy/jrjtEm1LRpvfjf0N5RUSU48eG0nq7vD8NhVW/70FcR65i1VQVsEb1c5Kq5DZoKu1dqr/7vmo3OmiK1Jx+SPtONjZ2AACgRf2jpt1ZCAAAAG266roDdKOIl6XM/VLgMDV5ee/r0RkAAADwARVddwAAAAA41+zcD1Tz/5b2/9va/w8AAAC6kfb/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4JLW5XK6mi8mdXM223qaGQ0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPLM/7ygQAmEQBnvXdyZz/8NKg6amJlUgfPyNwQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAm9/95f/E1DiTzL02lp5HkrVTY+vU2Ds3jv4wvn4NAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxf68pEAIBEEUzBn/O+n7H1YS9AwiREDDo4paNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPBFv/vl/8TUOJPMnTaWjkeStavG1lVj70Hj6MF4+zcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAxc79+8ZNxQEA/9o+X2kBEQLKEIRAYoCFptfS0g0xgCIG/gSkKL2W0Cs/2gy0qoAsbChzFwQjQkigsPV/6NxKXcrW4YYiMRfZZ+fcNBLHL/vafD7S8/ueZfl9n0+K8vV7CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAtfHb0zgrDguTOK3O3bx3db3ob+3pC9e3by8XrYiTNpN+NLzY/JAsdZcIAAAAB0dW1/cRcSffWS36dKGs//P6mqLm/+7pSVzX83vr/rqva/+i/frL3ed3B1qYjFPc9OzGaHjs4VR6/98s59szf3lFr3zy5buXrPxC0ve2nhvn5fNMvrlx451+GR5qI1sA4J84WvdVUP8+VPSDLhMD4MDoNQrvuv7PFrrNCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKAN4614so6TiFjuTePCrXtX1/frr2/fXq7bqWvXtuOr6T2LW+QRcXZjNDzW6mzm26XLV86vjUbDi+0HL0VEV6O/VU3//AczXBzRyfMR/EdBWn3Z85LPoxF0+EMJAIDHUl61oq6/k++sFueSxYj73z9Y/7/aiGPG+v/uh6duNsdq1v+D1mY4/1Y2L3y6cunyldc3LqydG54bfvzG8cGbgxOnT548vVK+K1nxxgQAAIB/5/6XEf099X+6+PD6/5FGHDPW/599O/iiOVam/t/XdNGv60wAAAAOtmdf/uP3ZJ/zSb8fn69tbl4cTI67n49Pjh2k+rcdqlqz/s8Wu84KAAAAaMN4K3lg/f9MI44Z1/+f+uGFn5r3zCLicLX+f3T9k9GZ9qYz19r4c+Ku5wgAAEC3Dletuf6fl/v/090tD2lEvPbKJK7+DeBM9X/27tc/Nsdq7v8/0d4U51K6NHkeZb8U0VvqOiMAAAAeZ09UrSj2f8t3Vj/6+cj7ffv/AQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAANr2ZwAAAP//IzpAng==")
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='memory.events\x00', 0x26e1, 0x0)
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0)
write$cgroup_int(r0, &(0x7f0000000200), 0x43451)
r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='memory.events\x00', 0x100002, 0x0)
write$cgroup_int(r1, &(0x7f0000000200), 0x43451)

6.69831ms ago: executing program 0 (id=3212):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10)
mprotect(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x4)
syz_emit_ethernet(0x92, &(0x7f0000000100)=ANY=[], 0x0)

0s ago: executing program 0 (id=3213):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0xfffffffd}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x38, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x18)
r2 = socket$nl_audit(0x10, 0x3, 0x9)
sendmsg$AUDIT_USER_AVC(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000180)=ANY=[@ANYBLOB="14000000530464"], 0x14}, 0x1, 0x0, 0x0, 0x24000841}, 0x4008840)

kernel console output (not intermixed with test programs):

t=2, SerialNumber=3
[  117.298455][  T289] usb 5-1: Product: syz
[  117.302744][  T289] usb 5-1: Manufacturer: syz
[  117.307341][  T289] usb 5-1: SerialNumber: syz
[  117.432134][ T5449] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[  117.439120][ T5449] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[  117.881153][   T39] dm9601: No valid MAC address in EEPROM, using 00:00:00:00:00:00
[  118.041080][   T20] cdc_ncm 2-1:1.0: MAC-Address: 42:42:42:42:42:42
[  118.047627][   T20] cdc_ncm 2-1:1.0: setting tx_max = 184
[  118.231247][  T289] cdc_ncm 5-1:1.1: bind() failure
[  118.252294][   T20] cdc_ncm 2-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.1-1, CDC NCM, 42:42:42:42:42:42
[  118.265580][   T20] usb 2-1: USB disconnect, device number 12
[  118.272076][   T20] cdc_ncm 2-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.1-1, CDC NCM
[  118.321107][   T39] dm9601 6-1:0.0 (unnamed net_device) (uninitialized): Error reading chip ID
[  118.331258][   T39] usb 6-1: USB disconnect, device number 15
[  118.435996][  T289] usb 5-1: USB disconnect, device number 16
[  120.238664][ T5486] loop3: detected capacity change from 0 to 2048
[  120.271172][ T5484] SELinux: failed to load policy
[  120.296496][ T5498] netlink: 'syz.5.2180': attribute type 1 has an invalid length.
[  120.305891][ T5486] EXT4-fs (loop3): Mount option "noacl" will be removed by 3.5
[  120.305891][ T5486] Contact linux-ext4@vger.kernel.org if you think we should keep it.
[  120.305891][ T5486] 
[  120.323953][ T5498] netlink: 36 bytes leftover after parsing attributes in process `syz.5.2180'.
[  120.374610][ T5486] EXT4-fs (loop3): mounted filesystem without journal. Opts: noacl,,errors=continue. Quota mode: none.
[  120.417386][ T5515] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=5515 comm=syz.6.2189
[  120.430065][ T5515] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=5515 comm=syz.6.2189
[  120.503885][   T30] kauditd_printk_skb: 80 callbacks suppressed
[  120.503899][   T30] audit: type=1326 audit(2000001891.546:1902): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5523 comm="syz.5.2193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7d685b9a9 code=0x7ffc0000
[  120.540955][   T20] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  120.613941][ T5530] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer.
[  120.615758][   T30] audit: type=1326 audit(2000001891.546:1903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5523 comm="syz.5.2193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=105 compat=0 ip=0x7fa7d685b9a9 code=0x7ffc0000
[  120.657429][ T5540] loop3: detected capacity change from 0 to 512
[  120.664900][   T30] audit: type=1326 audit(2000001891.546:1904): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5523 comm="syz.5.2193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7d685b9a9 code=0x7ffc0000
[  120.688884][   T30] audit: type=1326 audit(2000001891.546:1905): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5523 comm="syz.5.2193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=429 compat=0 ip=0x7fa7d685b9a9 code=0x7ffc0000
[  120.717143][ T5540] EXT4-fs (loop3): mounted filesystem without journal. Opts: grpquota,auto_da_alloc,minixdf,,errors=continue. Quota mode: writeback.
[  120.742761][   T30] audit: type=1326 audit(2000001891.546:1906): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5523 comm="syz.5.2193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7d685b9a9 code=0x7ffc0000
[  120.766831][   T30] audit: type=1326 audit(2000001891.576:1907): auid=4294967295 uid=60929 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5523 comm="syz.5.2193" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7d685b9a9 code=0x7ffc0000
[  120.790764][   T30] audit: type=1326 audit(2000001891.616:1908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5535 comm="syz.4.2198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f180726c9a9 code=0x7ffc0000
[  120.814371][   T20] usb 2-1: Using ep0 maxpacket: 32
[  120.823027][   T30] audit: type=1326 audit(2000001891.626:1909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5535 comm="syz.4.2198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f180726c9a9 code=0x7ffc0000
[  120.849876][ T5547] loop4: detected capacity change from 0 to 512
[  120.856873][ T5540] ext4 filesystem being mounted at /446/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  120.886768][   T30] audit: type=1326 audit(2000001891.626:1910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5535 comm="syz.4.2198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f180726c9a9 code=0x7ffc0000
[  120.920244][   T30] audit: type=1326 audit(2000001891.626:1911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5535 comm="syz.4.2198" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f180726c9a9 code=0x7ffc0000
[  120.948737][ T5547] EXT4-fs (loop4): Ignoring removed orlov option
[  120.962864][ T5547] EXT4-fs (loop4): mounting ext3 file system using the ext4 subsystem
[  120.975336][ T5547] EXT4-fs error (device loop4): ext4_xattr_ibody_find:2228: inode #15: comm syz.4.2202: corrupted in-inode xattr
[  120.991052][   T20] usb 2-1: config 0 has an invalid interface number: 184 but max is 0
[  120.992970][ T5555] loop3: detected capacity change from 0 to 128
[  120.999541][ T5547] EXT4-fs error (device loop4): ext4_orphan_get:1406: comm syz.4.2202: couldn't read orphan inode 15 (err -117)
[  121.017648][   T20] usb 2-1: config 0 has no interface number 0
[  121.024116][   T20] usb 2-1: config 0 interface 184 has no altsetting 0
[  121.025918][ T5555] EXT4-fs (loop3): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,discard,,errors=continue. Quota mode: none.
[  121.033207][ T5547] EXT4-fs (loop4): mounted filesystem without journal. Opts: jqfmt=vfsold,orlov,nodiscard,noload,nombcache,noblock_validity,init_itable=0x0000000000000601,inode_readahead_blks=0x0000000000008000,,errors=continue. Quota mode: none.
[  121.046109][ T5555] ext4 filesystem being mounted at /448/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  121.110986][    T6] usb 6-1: new high-speed USB device number 16 using dummy_hcd
[  121.221006][   T20] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  121.230760][   T20] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  121.238915][ T4600] usb 7-1: new high-speed USB device number 15 using dummy_hcd
[  121.248824][   T20] usb 2-1: Product: syz
[  121.253090][   T20] usb 2-1: Manufacturer: syz
[  121.257732][   T20] usb 2-1: SerialNumber: syz
[  121.263366][   T20] usb 2-1: config 0 descriptor??
[  121.278614][ T5565] loop3: detected capacity change from 0 to 128
[  121.293417][ T5565] EXT4-fs (loop3): Test dummy encryption mode enabled
[  121.300282][ T5565] EXT4-fs (loop3): Test dummy encryption mode enabled
[  121.301438][   T20] smsc75xx v1.0.0
[  121.311450][ T5565] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option
[  121.319014][ T5565] EXT4-fs (loop3): Ignoring removed nomblk_io_submit option
[  121.328558][ T5565] EXT4-fs (loop3): mounted filesystem without journal. Opts: test_dummy_encryption=v1,test_dummy_encryption=v1,nomblk_io_submit,nomblk_io_submit,,errors=continue. Quota mode: none.
[  121.349299][ T5565] ext4 filesystem being mounted at /451/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  121.360954][    T6] usb 6-1: Using ep0 maxpacket: 16
[  121.420388][ T5576] loop3: detected capacity change from 0 to 512
[  121.481094][    T6] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  121.484390][ T5576] EXT4-fs error (device loop3): ext4_do_update_inode:5235: inode #16: comm syz.3.2213: corrupted inode contents
[  121.492426][    T6] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  121.504524][ T5576] EXT4-fs error (device loop3): ext4_dirty_inode:6071: inode #16: comm syz.3.2213: mark_inode_dirty error
[  121.514077][    T6] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  121.526870][ T5576] EXT4-fs error (device loop3): ext4_do_update_inode:5235: inode #16: comm syz.3.2213: corrupted inode contents
[  121.538497][    T6] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  121.550532][ T5576] EXT4-fs error (device loop3): __ext4_ext_dirty:183: inode #16: comm syz.3.2213: mark_inode_dirty error
[  121.558863][    T6] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  121.570483][ T5576] EXT4-fs error (device loop3): ext4_do_update_inode:5235: inode #16: comm syz.3.2213: corrupted inode contents
[  121.582865][    T6] usb 6-1: config 0 descriptor??
[  121.590474][ T5576] EXT4-fs error (device loop3) in ext4_orphan_del:305: Corrupt filesystem
[  121.603476][ T5576] EXT4-fs error (device loop3): ext4_do_update_inode:5235: inode #16: comm syz.3.2213: corrupted inode contents
[  121.615559][ T4600] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  121.615657][ T5576] EXT4-fs error (device loop3): ext4_truncate:4304: inode #16: comm syz.3.2213: mark_inode_dirty error
[  121.626713][ T4600] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  121.647818][ T5576] EXT4-fs error (device loop3) in ext4_process_orphan:347: Corrupt filesystem
[  121.648903][ T4600] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  121.657391][ T5576] EXT4-fs (loop3): 1 truncate cleaned up
[  121.669763][ T4600] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  121.675413][ T5576] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  121.684438][ T4600] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  121.695563][ T5576] ext4 filesystem being mounted at /452/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  121.707466][ T4600] usb 7-1: config 0 descriptor??
[  121.769589][ T5580] netlink: 'syz.3.2216': attribute type 16 has an invalid length.
[  121.777519][ T5580] netlink: 'syz.3.2216': attribute type 17 has an invalid length.
[  121.788066][ T5580] IPv6: ADDRCONF(NETDEV_CHANGE): syz_tun: link becomes ready
[  121.795553][ T5580] IPv6: ADDRCONF(NETDEV_CHANGE): syz_tun: link becomes ready
[  121.812721][ T5580] tap0: tun_chr_ioctl cmd 1074025677
[  121.818072][ T5580] tap0: Linktype set failed because interface is up
[  121.971009][   T20] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -61
[  121.981922][   T20] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD
[  122.081920][    T6] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0
[  122.089271][    T6] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0
[  122.096533][    T6] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0
[  122.103748][    T6] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0
[  122.110983][    T6] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0
[  122.118204][    T6] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0
[  122.125442][    T6] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0
[  122.132686][    T6] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0
[  122.139879][    T6] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0
[  122.147105][    T6] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0
[  122.154344][    T6] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0
[  122.160977][ T3747] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  122.161566][    T6] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0
[  122.176359][    T6] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0
[  122.184566][ T4600] plantronics 0003:047F:FFFF.0016: No inputs registered, leaving
[  122.192392][    T6] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0
[  122.199600][    T6] microsoft 0003:045E:07DA.0015: unknown main item tag 0x0
[  122.208158][ T4600] plantronics 0003:047F:FFFF.0016: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.6-1/input0
[  122.223764][    T6] input: HID 045e:07da as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/0003:045E:07DA.0015/input/input19
[  122.243584][    T6] microsoft 0003:045E:07DA.0015: input,hidraw1: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0
[  122.340410][ T4600] usb 6-1: USB disconnect, device number 16
[  122.377267][ T5591] loop4: detected capacity change from 0 to 512
[  122.452647][ T5591] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  122.463790][ T5591] ext4 filesystem being mounted at /426/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  122.479594][ T5591] EXT4-fs error (device loop4): ext4_do_update_inode:5235: inode #2: comm syz.4.2220: corrupted inode contents
[  122.491606][ T5591] EXT4-fs error (device loop4): ext4_dirty_inode:6071: inode #2: comm syz.4.2220: mark_inode_dirty error
[  122.503788][ T5591] EXT4-fs error (device loop4): ext4_do_update_inode:5235: inode #2: comm syz.4.2220: corrupted inode contents
[  122.515824][ T5591] EXT4-fs error (device loop4): __ext4_ext_dirty:183: inode #2: comm syz.4.2220: mark_inode_dirty error
[  122.531044][ T3747] usb 4-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  122.533868][ T5591] EXT4-fs error (device loop4): ext4_do_update_inode:5235: inode #2: comm syz.4.2220: corrupted inode contents
[  122.542023][ T3747] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  122.554395][ T5591] EXT4-fs error (device loop4): ext4_dirty_inode:6071: inode #2: comm syz.4.2220: mark_inode_dirty error
[  122.564692][ T3747] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  122.576433][ T5591] EXT4-fs error (device loop4): ext4_do_update_inode:5235: inode #2: comm syz.4.2220: corrupted inode contents
[  122.585642][ T3747] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  122.620998][   T20] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000010: -71
[  122.631918][   T20] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to write HW_CFG: -71
[  122.641677][   T20] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  122.651145][   T20] smsc75xx: probe of 2-1:0.184 failed with error -71
[  122.662139][   T20] usb 2-1: USB disconnect, device number 13
[  122.691012][ T3747] usb 4-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  122.700182][ T3747] usb 4-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  122.709172][ T3747] usb 4-1: Manufacturer: syz
[  122.717351][ T3747] usb 4-1: config 0 descriptor??
[  123.160261][ T5615] loop5: detected capacity change from 0 to 131072
[  123.201732][ T3747] appleir 0003:05AC:8243.0017: unknown main item tag 0x0
[  123.208893][ T3747] appleir 0003:05AC:8243.0017: No inputs registered, leaving
[  123.217400][ T3747] appleir 0003:05AC:8243.0017: hiddev97,hidraw1: USB HID v0.00 Device [syz] on usb-dummy_hcd.3-1/input0
[  123.234962][ T5615] F2FS-fs (loop5): Wrong CP boundary, start(512) end(1536) blocks(0)
[  123.243102][ T5615] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  123.255375][ T5615] F2FS-fs (loop5): invalid crc value
[  123.275649][ T5615] F2FS-fs (loop5): Found nat_bits in checkpoint
[  123.304988][ T5615] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  123.312185][ T5615] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4
[  123.321064][   T39] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  123.500974][    C0] plantronics 0003:047F:FFFF.0016: usb_submit_urb(ctrl) failed: -1
[  123.518926][ T5615] F2FS-fs (loop5): Start checkpoint disabled!
[  123.541000][ T5582] usb 7-1: string descriptor 0 read error: -71
[  123.660990][   T39] usb 5-1: Using ep0 maxpacket: 16
[  123.731310][ T5645] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=5645 comm=syz.5.2240
[  123.781039][   T39] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  123.791424][   T39] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  123.924756][ T5653] loop5: detected capacity change from 0 to 40427
[  123.935442][ T5653] F2FS-fs (loop5): invalid crc value
[  123.942614][ T5653] F2FS-fs (loop5): Found nat_bits in checkpoint
[  123.961029][   T39] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  123.970208][   T39] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  123.978453][   T39] usb 5-1: Product: syz
[  123.982967][   T39] usb 5-1: Manufacturer: syz
[  123.986393][ T5653] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  123.987610][   T39] usb 5-1: SerialNumber: syz
[  124.015639][ T5653] F2FS-fs (loop5): access invalid blkaddr:4043309056
[  124.022398][ T5653] CPU: 0 PID: 5653 Comm: syz.5.2244 Tainted: G        W         5.15.189-syzkaller-00079-ga71626bd56a5 #0
[  124.033682][ T5653] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  124.043778][ T5653] Call Trace:
[  124.047043][ T5653]  <TASK>
[  124.049962][ T5653]  __dump_stack+0x21/0x30
[  124.054311][ T5653]  dump_stack_lvl+0xee/0x150
[  124.058917][ T5653]  ? show_regs_print_info+0x20/0x20
[  124.064125][ T5653]  dump_stack+0x15/0x20
[  124.068279][ T5653]  f2fs_is_valid_blkaddr+0xca0/0x12a0
[  124.073659][ T5653]  f2fs_map_blocks+0xd71/0x38a0
[  124.078516][ T5653]  ? f2fs_do_map_lock+0x80/0x80
[  124.083384][ T5653]  f2fs_mpage_readpages+0xae4/0x1de0
[  124.088668][ T5653]  ? dquot_release_reservation_block+0xa0/0xa0
[  124.094829][ T5653]  ? cgroup_rstat_updated+0xf5/0x370
[  124.100115][ T5653]  ? xas_nomem+0x6b/0x1d0
[  124.104442][ T5653]  f2fs_readahead+0xfc/0x240
[  124.109025][ T5653]  ? f2fs_set_data_page_dirty+0x520/0x520
[  124.114737][ T5653]  read_pages+0x16e/0xb00
[  124.119060][ T5653]  ? __lru_cache_activate_page+0x210/0x210
[  124.124857][ T5653]  ? page_cache_ra_unbounded+0x980/0x980
[  124.130492][ T5653]  page_cache_ra_unbounded+0x782/0x980
[  124.135958][ T5653]  ? read_cache_pages_invalidate_pages+0x1c0/0x1c0
[  124.142492][ T5653]  ? __stack_depot_save+0x34/0x480
[  124.147604][ T5653]  ondemand_readahead+0x8d3/0xe30
[  124.152631][ T5653]  ? slab_free_freelist_hook+0xc2/0x190
[  124.158195][ T5653]  ? kmem_cache_free+0x100/0x320
[  124.163137][ T5653]  ? page_cache_sync_ra+0x420/0x420
[  124.168346][ T5653]  page_cache_sync_ra+0x2c4/0x420
[  124.173401][ T5653]  ? force_page_cache_ra+0x460/0x460
[  124.178696][ T5653]  f2fs_readdir+0x468/0x990
[  124.183207][ T5653]  ? f2fs_fill_dentries+0xce0/0xce0
[  124.188402][ T5653]  ? down_read_killable+0xbb/0x110
[  124.193522][ T5653]  ? security_file_permission+0x83/0xa0
[  124.199063][ T5653]  iterate_dir+0x260/0x600
[  124.203476][ T5653]  ? f2fs_fill_dentries+0xce0/0xce0
[  124.208679][ T5653]  __se_sys_getdents+0xe5/0x240
[  124.213521][ T5653]  ? __x64_sys_getdents+0x90/0x90
[  124.218549][ T5653]  ? fillonedir+0x430/0x430
[  124.223054][ T5653]  ? __kasan_check_write+0x14/0x20
[  124.228161][ T5653]  ? switch_fpu_return+0x15d/0x2c0
[  124.233279][ T5653]  __x64_sys_getdents+0x7b/0x90
[  124.238133][ T5653]  x64_sys_call+0xb4/0x9a0
[  124.242552][ T5653]  do_syscall_64+0x4c/0xa0
[  124.246960][ T5653]  ? clear_bhb_loop+0x50/0xa0
[  124.251631][ T5653]  ? clear_bhb_loop+0x50/0xa0
[  124.256298][ T5653]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  124.262184][ T5653] RIP: 0033:0x7fa7d685b9a9
[  124.266589][ T5653] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  124.286190][ T5653] RSP: 002b:00007fa7d4ec4038 EFLAGS: 00000246 ORIG_RAX: 000000000000004e
[  124.294614][ T5653] RAX: ffffffffffffffda RBX: 00007fa7d6a82fa0 RCX: 00007fa7d685b9a9
[  124.302574][ T5653] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000004
[  124.310544][ T5653] RBP: 00007fa7d68ddd69 R08: 0000000000000000 R09: 0000000000000000
[  124.318554][ T5653] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  124.326517][ T5653] R13: 0000000000000000 R14: 00007fa7d6a82fa0 R15: 00007ffcf7dbf8b8
[  124.334485][ T5653]  </TASK>
[  124.343406][ T5653] attempt to access beyond end of device
[  124.343406][ T5653] loop5: rw=524288, want=45072, limit=40427
[  124.355535][ T5653] attempt to access beyond end of device
[  124.355535][ T5653] loop5: rw=0, want=45072, limit=40427
[  124.393365][ T1354] attempt to access beyond end of device
[  124.393365][ T1354] loop5: rw=2049, want=45104, limit=40427
[  124.553180][ T4600] usb 7-1: USB disconnect, device number 15
[  124.582998][ T5670] loop6: detected capacity change from 0 to 40427
[  124.592965][ T5670] F2FS-fs (loop6): Invalid log_blocksize (268), supports only 12
[  124.600749][ T5670] F2FS-fs (loop6): Can't find valid F2FS filesystem in 1th superblock
[  124.609180][   T39] usb 5-1: 0:2 : does not exist
[  124.615540][ T5670] F2FS-fs (loop6): invalid crc value
[  124.626646][ T5670] F2FS-fs (loop6): Found nat_bits in checkpoint
[  124.655751][   T39] usb 5-1: USB disconnect, device number 17
[  124.673226][ T5670] F2FS-fs (loop6): Try to recover 1th superblock, ret: 0
[  124.680543][ T5670] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  124.715199][ T5670] attempt to access beyond end of device
[  124.715199][ T5670] loop6: rw=2049, want=45104, limit=40427
[  124.715568][ T5685] loop5: detected capacity change from 0 to 128
[  124.727924][ T5670] attempt to access beyond end of device
[  124.727924][ T5670] loop6: rw=2049, want=45112, limit=40427
[  124.764007][ T1737] attempt to access beyond end of device
[  124.764007][ T1737] loop6: rw=2051, want=45112, limit=40427
[  124.775398][ T1737] F2FS-fs (loop6): Issue discard(5637, 5637, 2) failed, ret: -5
[  124.812119][ T5685] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  124.835580][ T5685] ext4 filesystem being mounted at /378/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  124.851279][ T5691] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2256'.
[  124.861953][  T765] udevd[765]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  124.892075][ T4600] usb 4-1: USB disconnect, device number 14
[  124.963092][ T5698] loop6: detected capacity change from 0 to 128
[  125.011851][ T5698] EXT4-fs (loop6): mounted filesystem without journal. Opts: journal_ioprio=0x0000000000000005,discard,,errors=continue. Quota mode: none.
[  125.036018][ T5698] ext4 filesystem being mounted at /252/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  125.073620][ T5707] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2263'.
[  125.110976][ T5714] input: syz1 as /devices/virtual/input/input20
[  125.172646][ T5726] loop6: detected capacity change from 0 to 128
[  125.191419][ T5726] EXT4-fs (loop6): Ignoring removed nobh option
[  125.220176][ T5726] EXT4-fs (loop6): mounted filesystem without journal. Opts: nobh,usrjquota=,,errors=continue. Quota mode: none.
[  125.245017][ T5726] ext4 filesystem being mounted at /254/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  125.481967][ T4600] kernel read not supported for file /537/oom_adj (pid: 4600 comm: kworker/0:5)
[  125.596199][ T5782] /dev/loop0: Can't open blockdev
[  125.689504][ T5797] loop3: detected capacity change from 0 to 1024
[  125.757454][ T5797] EXT4-fs (loop3): mounted filesystem without journal. Opts: acl,barrier,barrier=0x0000000000000000,sysvgroups,debug_want_extra_isize=0x0000000000000080,resuid=0x0000000000000000,nodelalloc,acl,noinit_itable,,errors=continue. Quota mode: none.
[  125.797404][ T5797] EXT4-fs error (device loop3): ext4_validate_block_bitmap:438: comm syz.3.2301: bg 0: block 88: padding at end of block bitmap is not set
[  125.903903][ T5821] loop3: detected capacity change from 0 to 256
[  125.944926][ T5838] loop6: detected capacity change from 0 to 256
[  125.952191][   T30] kauditd_printk_skb: 80 callbacks suppressed
[  125.952203][   T30] audit: type=1400 audit(2000002152.991:1992): avc:  denied  { read } for  pid=5835 comm="syz.1.2318" name="ppp" dev="devtmpfs" ino=154 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:ppp_device_t tclass=chr_file permissive=1
[  125.985659][ T5821] FAT-fs (loop3): bogus number of FAT sectors
[  125.992407][ T5821] FAT-fs (loop3): Can't find a valid FAT filesystem
[  126.025454][   T30] audit: type=1400 audit(2000002153.061:1993): avc:  denied  { rename } for  pid=5837 comm="syz.6.2317" name="file3" dev="loop6" ino=1048652 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  126.058902][   T30] audit: type=1400 audit(2000002153.061:1994): avc:  denied  { reparent } for  pid=5837 comm="syz.6.2317" name="file3" dev="loop6" ino=1048652 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  126.084215][   T30] audit: type=1400 audit(2000002153.061:1995): avc:  denied  { rmdir } for  pid=5837 comm="syz.6.2317" name="file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" dev="loop6" ino=1048653 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  126.193066][ T5833] loop4: detected capacity change from 0 to 40427
[  126.204527][ T5833] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  126.212665][ T5833] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  126.240248][ T5833] F2FS-fs (loop4): invalid crc value
[  126.248889][ T5850] xt_hashlimit: size too large, truncated to 1048576
[  126.262145][ T5833] F2FS-fs (loop4): Found nat_bits in checkpoint
[  126.330650][ T5833] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  126.338929][ T5833] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  126.449902][ T5833] overlayfs: failed to resolve './file0': -2
[  126.472597][    T8] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  126.484293][    T8] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  126.681747][ T5876] loop4: detected capacity change from 0 to 1024
[  126.731637][ T5880] loop5: detected capacity change from 0 to 2048
[  126.742610][ T5876] EXT4-fs (loop4): Ignoring removed bh option
[  126.761861][ T5876] EXT4-fs (loop4): mounted filesystem without journal. Opts: nodelalloc,dioread_lock,barrier=0x0000000000000000,nolazytime,debug_want_extra_isize=0x0000000000000080,lazytime,errors=remount-ro,stripe=0x0000000000000005,bh,init_itable,. Quota mode: none.
[  126.808984][ T5880] EXT4-fs (loop5): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  126.811330][ T5876] EXT4-fs error (device loop4): ext4_check_all_de:667: inode #12: block 7: comm syz.4.2327: bad entry in directory: rec_len is too small for name_len - offset=16, inode=14, rec_len=40, size=124 fake=0
[  126.840081][   T30] audit: type=1400 audit(2000002153.881:1996): avc:  denied  { mounton } for  pid=5879 comm="syz.5.2335" path="/390/file0/bus" dev="loop5" ino=18 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:unlabeled_t tclass=file permissive=1
[  126.863178][ T5876] EXT4-fs (loop4): Remounting filesystem read-only
[  126.871268][ T1354] EXT4-fs error (device loop5): ext4_validate_block_bitmap:438: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set
[  126.886152][ T1354] EXT4-fs error (device loop5) in ext4_mb_clear_bb:6183: Corrupt filesystem
[  126.896841][   T30] audit: type=1400 audit(2000002153.931:1997): avc:  denied  { unmount } for  pid=1354 comm="syz-executor" scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=filesystem permissive=1
[  126.934066][ T5886] SELinux: security policydb version 18 (MLS) not backwards compatible
[  126.948653][ T5886] SELinux: failed to load policy
[  126.977687][   T30] audit: type=1326 audit(2000002154.011:1998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5893 comm="syz.5.2340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7d685b9a9 code=0x7ffc0000
[  127.004881][   T30] audit: type=1326 audit(2000002154.011:1999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5893 comm="syz.5.2340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7d685b9a9 code=0x7ffc0000
[  127.035413][   T30] audit: type=1326 audit(2000002154.021:2000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5893 comm="syz.5.2340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa7d685b9a9 code=0x7ffc0000
[  127.059748][   T30] audit: type=1326 audit(2000002154.021:2001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=5893 comm="syz.5.2340" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa7d685b9a9 code=0x7ffc0000
[  127.139572][ T5909] netlink: 16 bytes leftover after parsing attributes in process `syz.5.2347'.
[  127.331522][ T5937] loop5: detected capacity change from 0 to 256
[  127.371187][ T5937] FAT-fs (loop5): Directory bread(block 64) failed
[  127.389571][ T5937] FAT-fs (loop5): Directory bread(block 65) failed
[  127.396397][ T5937] FAT-fs (loop5): Directory bread(block 66) failed
[  127.413083][ T5937] FAT-fs (loop5): Directory bread(block 67) failed
[  127.422056][ T5937] FAT-fs (loop5): Directory bread(block 68) failed
[  127.436222][ T5937] FAT-fs (loop5): Directory bread(block 69) failed
[  127.443451][ T5937] FAT-fs (loop5): Directory bread(block 70) failed
[  127.450082][ T5947] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2364'.
[  127.453237][ T5937] FAT-fs (loop5): Directory bread(block 71) failed
[  127.461071][ T5947] netlink: 'syz.3.2364': attribute type 6 has an invalid length.
[  127.467722][ T5937] FAT-fs (loop5): Directory bread(block 72) failed
[  127.478697][ T5947] netlink: 'syz.3.2364': attribute type 5 has an invalid length.
[  127.487713][ T5947] netlink: 'syz.3.2364': attribute type 4 has an invalid length.
[  127.495593][ T3747] usb 7-1: new high-speed USB device number 16 using dummy_hcd
[  127.503268][ T5937] FAT-fs (loop5): Directory bread(block 73) failed
[  127.546314][ T5956] loop3: detected capacity change from 0 to 512
[  127.557539][   T45] attempt to access beyond end of device
[  127.557539][   T45] loop5: rw=1, want=1236, limit=256
[  127.645328][ T5956] EXT4-fs (loop3): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  127.686844][ T5956] ext4 filesystem being mounted at /477/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  127.868064][ T5965] overlayfs: failed to resolve './file0': -2
[  127.874445][ T3747] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  127.911110][ T3747] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  127.931245][ T3747] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  127.949422][ T3747] usb 7-1: New USB device found, idVendor=0079, idProduct=0011, bcdDevice= 0.00
[  127.950998][    C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  127.959807][ T3747] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  127.974811][ T3747] usb 7-1: config 0 descriptor??
[  127.976010][ T5988] tmpfs: Unknown parameter 'nolazytime��'
[  128.094190][ T6010] input: syz1 as /devices/virtual/input/input21
[  128.433688][ T6039] netlink: 4 bytes leftover after parsing attributes in process `syz.5.2404'.
[  128.441905][ T3747] dragonrise 0003:0079:0011.0018: unbalanced delimiter at end of report description
[  128.452411][ T3747] dragonrise 0003:0079:0011.0018: parse failed
[  128.458646][ T3747] dragonrise: probe of 0003:0079:0011.0018 failed with error -22
[  128.656067][ T4600] usb 7-1: USB disconnect, device number 16
[  128.787455][ T6066] loop5: detected capacity change from 0 to 2048
[  128.833949][ T6066] Alternate GPT is invalid, using primary GPT.
[  128.843050][ T6066]  loop5: p2 p3 p7
[  128.951886][ T1031] udevd[1031]: inotify_add_watch(7, /dev/loop5p3, 10) failed: No such file or directory
[  128.953848][  T765] udevd[765]: inotify_add_watch(7, /dev/loop5p2, 10) failed: No such file or directory
[  128.964392][  T428] udevd[428]: inotify_add_watch(7, /dev/loop5p7, 10) failed: No such file or directory
[  129.043980][ T6087] loop5: detected capacity change from 0 to 128
[  129.093639][ T1354] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000074f)
[  129.107396][ T1354] FAT-fs (loop5): Filesystem has been set read-only
[  129.114563][ T1354] FAT-fs (loop5): error, invalid access to FAT (entry 0x0000074f)
[  129.238852][ T6095] loop4: detected capacity change from 0 to 2048
[  129.481711][ T6095] EXT4-fs (loop4): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  129.918070][  T285] EXT4-fs error (device loop4): ext4_validate_block_bitmap:438: comm syz-executor: bg 0: block 234: padding at end of block bitmap is not set
[  129.932937][  T285] EXT4-fs error (device loop4) in ext4_mb_clear_bb:6183: Corrupt filesystem
[  129.990939][ T6114] bridge0: port 1(bridge_slave_0) entered blocking state
[  130.030252][ T6114] bridge0: port 1(bridge_slave_0) entered disabled state
[  130.061424][ T6114] device bridge_slave_0 entered promiscuous mode
[  130.104117][ T6114] bridge0: port 2(bridge_slave_1) entered blocking state
[  130.111230][ T6114] bridge0: port 2(bridge_slave_1) entered disabled state
[  130.121098][ T6114] device bridge_slave_1 entered promiscuous mode
[  130.206490][ T6141] SELinux: failed to load policy
[  130.217544][ T6150] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2452'.
[  130.295134][  T505] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  130.302685][  T505] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  130.311818][  T505] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  130.320195][  T505] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  130.328680][  T505] bridge0: port 1(bridge_slave_0) entered blocking state
[  130.335849][  T505] bridge0: port 1(bridge_slave_0) entered forwarding state
[  130.336784][ T3985] kernel write not supported for file [eventfd] (pid: 3985 comm: kworker/1:6)
[  130.343965][  T505] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  130.366990][  T505] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  130.377299][  T505] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  130.385963][  T505] bridge0: port 2(bridge_slave_1) entered blocking state
[  130.393039][  T505] bridge0: port 2(bridge_slave_1) entered forwarding state
[  130.400612][  T505] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  130.426021][  T505] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  130.445142][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  130.457285][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  130.470563][ T6176] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2463'.
[  130.474382][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  130.487151][ T3747] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  130.491434][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  130.503671][ T6114] device veth0_vlan entered promiscuous mode
[  130.526001][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  130.538247][ T6114] device veth1_macvtap entered promiscuous mode
[  130.556746][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  130.565713][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  130.608244][ T6186] loop7: detected capacity change from 0 to 256
[  130.674658][ T6194] loop4: detected capacity change from 0 to 1024
[  130.695916][ T6194] EXT4-fs (loop4): Ignoring removed orlov option
[  130.719825][ T6194] EXT4-fs (loop4): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback.
[  130.742220][ T3747] usb 2-1: Using ep0 maxpacket: 16
[  130.861708][ T3747] usb 2-1: config 0 interface 0 has no altsetting 0
[  130.868752][ T3747] usb 2-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  130.908463][ T3747] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  130.955280][ T3747] usb 2-1: config 0 descriptor??
[  131.025122][ T6219] loop7: detected capacity change from 0 to 128
[  131.044737][ T6219] attempt to access beyond end of device
[  131.044737][ T6219] loop7: rw=2049, want=250, limit=128
[  131.057125][ T6219] attempt to access beyond end of device
[  131.057125][ T6219] loop7: rw=2049, want=222, limit=128
[  131.071287][   T30] kauditd_printk_skb: 96 callbacks suppressed
[  131.071303][   T30] audit: type=1326 audit(2000002158.111:2098): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6151 comm="syz.6.2455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbefb3429a9 code=0x7fc00000
[  131.103196][ T6219] Buffer I/O error on dev loop7, logical block 110, lost async page write
[  131.112964][   T30] audit: type=1326 audit(2000002158.111:2099): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6151 comm="syz.6.2455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbefb3429a9 code=0x7fc00000
[  131.136567][   T30] audit: type=1326 audit(2000002158.111:2100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6151 comm="syz.6.2455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbefb3429a9 code=0x7fc00000
[  131.160249][   T30] audit: type=1326 audit(2000002158.111:2101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6151 comm="syz.6.2455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbefb3429a9 code=0x7fc00000
[  131.184140][   T30] audit: type=1326 audit(2000002158.111:2102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6151 comm="syz.6.2455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbefb3429a9 code=0x7fc00000
[  131.208098][   T30] audit: type=1326 audit(2000002158.111:2103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6151 comm="syz.6.2455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbefb3429a9 code=0x7fc00000
[  131.236467][   T30] audit: type=1326 audit(2000002158.111:2104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6151 comm="syz.6.2455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbefb3429a9 code=0x7fc00000
[  131.260457][   T30] audit: type=1326 audit(2000002158.111:2105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6151 comm="syz.6.2455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbefb3429a9 code=0x7fc00000
[  131.284116][   T30] audit: type=1326 audit(2000002158.111:2106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6151 comm="syz.6.2455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbefb3429a9 code=0x7fc00000
[  131.308758][   T30] audit: type=1326 audit(2000002158.111:2107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6151 comm="syz.6.2455" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbefb3429a9 code=0x7fc00000
[  131.451932][   T10] device bridge_slave_1 left promiscuous mode
[  131.458264][   T10] bridge0: port 2(bridge_slave_1) entered disabled state
[  131.467557][   T10] device bridge_slave_0 left promiscuous mode
[  131.474170][   T10] bridge0: port 1(bridge_slave_0) entered disabled state
[  131.478546][ T3747] hid (null): unknown global tag 0xd
[  131.490263][ T3747] hid (null): unknown global tag 0xd
[  131.491432][   T10] device veth1_macvtap left promiscuous mode
[  131.513582][   T10] device veth0_vlan left promiscuous mode
[  131.517142][ T3747] hid (null): bogus close delimiter
[  131.528412][ T3747] hid (null): unknown global tag 0xc
[  131.615054][ T6243] loop3: detected capacity change from 0 to 4096
[  131.643848][ T6243] EXT4-fs (loop3): Test dummy encryption mode enabled
[  131.665840][ T6243] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  131.675684][ T6243] System zones: 0-5
[  131.684194][   T20] usb 2-1: USB disconnect, device number 14
[  131.690804][ T6243] EXT4-fs (loop3): mounted filesystem without journal. Opts: debug,delalloc,journal_ioprio=0x0000000000000000,test_dummy_encryption,nodiscard,min_batch_time=0x0000000000000004,acl,debug_want_extra_isize=0x0000000000000040,,errors=continue. Quota mode: writeback.
[  131.810989][ T3747] usb 8-1: new high-speed USB device number 2 using dummy_hcd
[  131.925928][ T6278] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2506'.
[  131.936361][ T6278] netlink: 12 bytes leftover after parsing attributes in process `syz.6.2506'.
[  131.981727][ T6285] SELinux:  Context  is not valid (left unmapped).
[  132.064222][ T3747] usb 8-1: Using ep0 maxpacket: 8
[  132.191273][ T3747] usb 8-1: config 179 has an invalid interface number: 65 but max is 0
[  132.208784][ T3747] usb 8-1: config 179 has no interface number 0
[  132.219980][ T3747] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  132.226645][ T6296] loop3: detected capacity change from 0 to 40427
[  132.238500][ T3747] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  132.249870][ T3747] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  132.261199][ T3747] usb 8-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  132.273286][ T3747] usb 8-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  132.286781][ T3747] usb 8-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  132.296038][ T3747] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  132.321322][ T6239] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  132.334299][ T6296] F2FS-fs (loop3): fault_injection options not supported
[  132.343436][ T6296] F2FS-fs (loop3): fault_type options not supported
[  132.372154][ T6296] F2FS-fs (loop3): invalid crc value
[  132.388961][ T6296] F2FS-fs (loop3): Found nat_bits in checkpoint
[  132.446570][ T6296] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  132.509482][ T6296] attempt to access beyond end of device
[  132.509482][ T6296] loop3: rw=34817, want=77856, limit=40427
[  132.528319][  T282] attempt to access beyond end of device
[  132.528319][  T282] loop3: rw=2049, want=45104, limit=40427
[  132.561750][ T3747] input: Generic X-Box pad as /devices/platform/dummy_hcd.7/usb8/8-1/8-1:179.65/input/input22
[  132.598065][ T6326] serio: Serial port ptm0
[  132.691051][ T6333] IPv6: ADDRCONF(NETDEV_CHANGE): syz_tun: link becomes ready
[  132.753198][ T6239] UDC core: couldn't find an available UDC or it's busy: -16
[  132.760610][ T6239] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  132.821567][ T6344] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=6344 comm=syz.3.2534
[  132.835007][ T6344] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=17 sclass=netlink_audit_socket pid=6344 comm=syz.3.2534
[  132.874787][ T6348] loop3: detected capacity change from 0 to 512
[  132.885211][ T6348] EXT4-fs (loop3): Unrecognized mount option "bh"data=ordered" or missing value
[  132.972432][ T3747] usb 8-1: USB disconnect, device number 2
[  132.980942][    C1] xpad 8-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  132.989381][   T39] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  133.015943][ T6363] loop3: detected capacity change from 0 to 512
[  133.082415][ T6363] EXT4-fs (loop3): mounted filesystem without journal. Opts: nodiscard,noinit_itable,barrier=0x0000000000000040,grpjquota=,errors=remount-ro,init_itable,. Quota mode: writeback.
[  133.100084][ T6363] ext4 filesystem being mounted at /527/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  133.171447][ T6370] input: syz0 as /devices/virtual/input/input23
[  133.204198][ T6374] input: syz0 as /devices/virtual/input/input24
[  133.261565][ T6380] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2550'.
[  133.349806][ T6387] netem: change failed
[  133.351049][   T39] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  133.364004][   T39] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  133.378623][ T4600] kernel read not supported for file /623/fdinfo (pid: 4600 comm: kworker/0:5)
[  133.421757][ T6391] SELinux: failed to load policy
[  133.516935][ T6404] loop7: detected capacity change from 0 to 2048
[  133.531397][   T39] usb 5-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  133.540574][   T39] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  133.550101][   T39] usb 5-1: Product: syz
[  133.554789][   T39] usb 5-1: Manufacturer: syz
[  133.559446][   T39] usb 5-1: SerialNumber: syz
[  133.565063][   T39] usb 5-1: config 0 descriptor??
[  133.573070][ T6404] EXT4-fs (loop7): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  133.581067][ T6336] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  133.592958][ T6336] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  133.613120][ T6404] EXT4-fs (loop7): mounted filesystem without journal. Opts: jqfmt=vfsold,barrier=0x0000000000000007,dioread_nolock,,errors=continue. Quota mode: none.
[  133.654607][ T6404] EXT4-fs error (device loop7): ext4_validate_block_bitmap:438: comm syz.7.2561: bg 0: block 32: padding at end of block bitmap is not set
[  133.673028][ T6404] overlayfs: failed to set xattr on upper
[  133.678818][ T6404] overlayfs: ...falling back to index=off,metacopy=off.
[  133.813185][ T6336] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  133.820349][ T6336] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  134.040260][ T6412] bridge0: port 1(bridge_slave_0) entered blocking state
[  134.048218][ T6412] bridge0: port 1(bridge_slave_0) entered disabled state
[  134.056071][ T6412] device bridge_slave_0 entered promiscuous mode
[  134.065263][ T6412] bridge0: port 2(bridge_slave_1) entered blocking state
[  134.072519][ T6412] bridge0: port 2(bridge_slave_1) entered disabled state
[  134.080496][ T6412] device bridge_slave_1 entered promiscuous mode
[  134.225710][ T6412] bridge0: port 2(bridge_slave_1) entered blocking state
[  134.232797][ T6412] bridge0: port 2(bridge_slave_1) entered forwarding state
[  134.240092][ T6412] bridge0: port 1(bridge_slave_0) entered blocking state
[  134.247153][ T6412] bridge0: port 1(bridge_slave_0) entered forwarding state
[  134.285649][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[  134.305550][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[  134.381743][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  134.389757][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  134.411257][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  134.419597][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  134.451171][   T10] bridge0: port 1(bridge_slave_0) entered blocking state
[  134.458359][   T10] bridge0: port 1(bridge_slave_0) entered forwarding state
[  134.481083][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  134.497212][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  134.513403][   T10] bridge0: port 2(bridge_slave_1) entered blocking state
[  134.520548][   T10] bridge0: port 2(bridge_slave_1) entered forwarding state
[  134.552875][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  134.562405][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  134.591158][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  134.602982][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  134.611514][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  134.643413][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  134.681560][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  134.691178][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  134.703171][ T6445] loop6: detected capacity change from 0 to 1024
[  134.710078][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  134.727111][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  134.755024][ T6412] device veth0_vlan entered promiscuous mode
[  134.786450][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  134.797004][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  134.813147][ T6445] EXT4-fs (loop6): mounted filesystem without journal. Opts: nodelalloc,nodioread_nolock,,errors=continue. Quota mode: none.
[  134.830074][ T6412] device veth1_macvtap entered promiscuous mode
[  134.838274][ T6445] ext4 filesystem being mounted at /299/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  134.861684][   T45] device bridge_slave_1 left promiscuous mode
[  134.867823][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[  134.875759][ T6445] EXT4-fs error (device loop6): ext4_map_blocks:740: inode #15: block 3: comm syz.6.2575: lblock 3 mapped to illegal pblock 3 (length 1)
[  134.902033][   T45] device bridge_slave_0 left promiscuous mode
[  134.908202][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[  134.922597][ T6445] EXT4-fs error (device loop6): ext4_ext_remove_space:2929: inode #15: comm syz.6.2575: pblk 0 bad header/extent: invalid extent entries - magic f30a, entries 2, max 4(4), depth 0(0)
[  134.940812][   T45] device veth1_macvtap left promiscuous mode
[  134.965068][   T45] device veth0_vlan left promiscuous mode
[  134.991857][ T6450] EXT4-fs error (device loop6): ext4_map_blocks:630: inode #15: block 3: comm syz.6.2575: lblock 3 mapped to illegal pblock 3 (length 1)
[  135.101005][   T39] dm9601 5-1:0.0 (unnamed net_device) (uninitialized): MDIO read error: -71
[  135.119891][ T6452] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2578'.
[  135.130030][ T6452] netem: change failed
[  135.141132][   T39] dm9601 5-1:0.0 eth1: register 'dm9601' at usb-dummy_hcd.4-1, Davicom DM96xx USB 10/100 Ethernet, 6e:ea:6f:f9:9e:00
[  135.151041][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  135.171544][   T39] usb 5-1: USB disconnect, device number 18
[  135.183934][   T39] dm9601 5-1:0.0 eth1: unregister 'dm9601' usb-dummy_hcd.4-1, Davicom DM96xx USB 10/100 Ethernet
[  135.185703][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  135.197172][ T6459] loop3: detected capacity change from 0 to 128
[  135.218801][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  135.240296][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  135.249062][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  135.308802][ T6465] loop6: detected capacity change from 0 to 128
[  135.312587][  T282] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000074f)
[  135.341335][  T282] FAT-fs (loop3): Filesystem has been set read-only
[  135.348127][  T282] FAT-fs (loop3): error, invalid access to FAT (entry 0x0000074f)
[  135.349591][ T6465] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  135.371859][ T6465] ext4 filesystem being mounted at /302/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  135.417250][ T6470] loop8: detected capacity change from 0 to 1024
[  135.438337][ T6465] EXT4-fs (loop6): shut down requested (1)
[  135.493792][ T6470] EXT4-fs (loop8): mounted filesystem without journal. Opts: user_xattr,nodioread_nolock,,errors=continue. Quota mode: none.
[  135.506940][ T6470] ext4 filesystem being mounted at /1/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  135.542999][ T6470] EXT4-fs error (device loop8): ext4_map_blocks:740: inode #15: block 1: comm syz.8.2585: lblock 1 mapped to illegal pblock 1 (length 7)
[  135.557820][ T6470] EXT4-fs (loop8): Delayed block allocation failed for inode 15 at logical offset 1 with max blocks 7 with error 117
[  135.570470][ T6470] EXT4-fs (loop8): This should not happen!! Data will be lost
[  135.570470][ T6470] 
[  135.731913][ T6485] kvm: MWAIT instruction emulated as NOP!
[  135.816810][ T6491] loop6: detected capacity change from 0 to 4096
[  135.875043][ T6491] EXT4-fs (loop6): Test dummy encryption mode enabled
[  135.902078][ T6487] bridge0: port 1(bridge_slave_0) entered blocking state
[  135.909130][ T6487] bridge0: port 1(bridge_slave_0) entered disabled state
[  135.921413][ T6491] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  135.939510][ T6491] System zones: 0-5
[  135.951023][ T6491] EXT4-fs (loop6): mounted filesystem without journal. Opts: debug,delalloc,journal_ioprio=0x0000000000000000,test_dummy_encryption,nodiscard,min_batch_time=0x0000000000000004,acl,debug_want_extra_isize=0x0000000000000040,,errors=continue. Quota mode: writeback.
[  135.976595][ T6487] device bridge_slave_0 entered promiscuous mode
[  136.011349][ T6487] bridge0: port 2(bridge_slave_1) entered blocking state
[  136.018401][ T6487] bridge0: port 2(bridge_slave_1) entered disabled state
[  136.044780][ T6487] device bridge_slave_1 entered promiscuous mode
[  136.088690][ T6501] netlink: 'syz.1.2598': attribute type 6 has an invalid length.
[  136.235810][ T6487] bridge0: port 2(bridge_slave_1) entered blocking state
[  136.242889][ T6487] bridge0: port 2(bridge_slave_1) entered forwarding state
[  136.250161][ T6487] bridge0: port 1(bridge_slave_0) entered blocking state
[  136.257254][ T6487] bridge0: port 1(bridge_slave_0) entered forwarding state
[  136.302280][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  136.311748][    T8] bridge0: port 1(bridge_slave_0) entered disabled state
[  136.321665][    T8] bridge0: port 2(bridge_slave_1) entered disabled state
[  136.332491][   T45] tipc: Left network mode
[  136.352392][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  136.368661][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  136.377419][    T8] bridge0: port 1(bridge_slave_0) entered blocking state
[  136.384488][    T8] bridge0: port 1(bridge_slave_0) entered forwarding state
[  136.392773][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  136.401170][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  136.409555][    T8] bridge0: port 2(bridge_slave_1) entered blocking state
[  136.416600][    T8] bridge0: port 2(bridge_slave_1) entered forwarding state
[  136.457754][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  136.465928][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  136.473956][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  136.482950][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  136.500522][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  136.509094][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  136.510996][ T3985] usb 7-1: new high-speed USB device number 17 using dummy_hcd
[  136.519629][ T6487] device veth0_vlan entered promiscuous mode
[  136.538204][ T6487] device veth1_macvtap entered promiscuous mode
[  136.545023][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  136.553259][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  136.561484][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  136.569751][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  136.578710][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  136.603749][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  136.611414][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  136.618915][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  136.627605][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  136.636404][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  136.645448][    T8] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  136.921490][ T3985] usb 7-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  136.940978][ T3985] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  136.957971][   T45] device bridge_slave_1 left promiscuous mode
[  136.964527][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[  136.970942][ T3985] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  136.981623][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[  136.981996][ T6541] loop8: detected capacity change from 0 to 16384
[  136.995906][ T3985] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  137.009067][ T3747] usb 10-1: new full-speed USB device number 2 using dummy_hcd
[  137.009120][   T45] device veth1_macvtap left promiscuous mode
[  137.024172][   T45] device veth0_vlan left promiscuous mode
[  137.101142][ T3985] usb 7-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  137.110223][ T3985] usb 7-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  137.131736][ T3985] usb 7-1: Manufacturer: syz
[  137.139609][ T3985] usb 7-1: config 0 descriptor??
[  137.221070][ T6545] input: syz0 as /devices/virtual/input/input25
[  137.401141][ T3747] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  137.419369][ T3747] usb 10-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  137.575297][ T6563] loop8: detected capacity change from 0 to 256
[  137.591099][ T3747] usb 10-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  137.600445][ T3747] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  137.609087][ T3747] usb 10-1: Product: syz
[  137.611808][ T3985] appleir 0003:05AC:8243.001A: unknown main item tag 0x0
[  137.623893][ T6563] exFAT-fs (loop8): failed to load upcase table (idx : 0x00010000, chksum : 0x4ec6003b, utbl_chksum : 0xe619d30d)
[  137.635896][ T3747] usb 10-1: Manufacturer: syz
[  137.641163][ T3985] appleir 0003:05AC:8243.001A: No inputs registered, leaving
[  137.648583][ T3747] usb 10-1: SerialNumber: syz
[  137.660865][ T3985] appleir 0003:05AC:8243.001A: hiddev96,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.6-1/input0
[  137.672213][ T6533] raw-gadget.1 gadget: fail, usb_ep_enable returned -22
[  137.693000][   T30] kauditd_printk_skb: 114 callbacks suppressed
[  137.693014][   T30] audit: type=1400 audit(2000002164.731:2222): avc:  denied  { setattr } for  pid=6562 comm="syz.8.2620" name="file1" dev="loop8" ino=1048689 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=file permissive=1
[  137.916282][ T6576] SELinux: unrecognized netlink message: protocol=6 nlmsg_type=258 sclass=netlink_xfrm_socket pid=6576 comm=syz.1.2626
[  138.050963][ T4600] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  138.182499][  T543] usb 7-1: USB disconnect, device number 17
[  138.411012][ T4600] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  138.422079][ T4600] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  138.432054][ T4600] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  138.445290][ T4600] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  138.454466][ T4600] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  138.464152][ T4600] usb 9-1: config 0 descriptor??
[  138.716920][ T6581] loop8: detected capacity change from 0 to 16384
[  138.801039][ T3747] cdc_ncm 10-1:1.0: MAC-Address: 42:42:42:42:42:42
[  138.807712][ T3747] cdc_ncm 10-1:1.0: setting tx_max = 184
[  138.941833][ T4600] plantronics 0003:047F:FFFF.001B: unknown main item tag 0xd
[  138.950472][ T4600] plantronics 0003:047F:FFFF.001B: No inputs registered, leaving
[  138.976619][ T4600] plantronics 0003:047F:FFFF.001B: hiddev96,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.8-1/input0
[  139.012600][ T3747] cdc_ncm 10-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.9-1, CDC NCM, 42:42:42:42:42:42
[  139.036269][ T3747] usb 10-1: USB disconnect, device number 2
[  139.066693][ T3747] cdc_ncm 10-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.9-1, CDC NCM
[  139.222378][  T543] usb 9-1: USB disconnect, device number 2
[  139.599358][ T6621] loop6: detected capacity change from 0 to 40427
[  139.619568][ T6621] F2FS-fs (loop6): invalid crc value
[  139.633447][ T6621] F2FS-fs (loop6): Found nat_bits in checkpoint
[  139.667866][ T6621] F2FS-fs (loop6): Start checkpoint disabled!
[  139.677304][   T30] audit: type=1326 audit(2000002166.721:2223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6632 comm="syz.1.2660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff71486c9a9 code=0x7ffc0000
[  139.711680][ T6621] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e6
[  139.727515][   T30] audit: type=1326 audit(2000002166.741:2224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6632 comm="syz.1.2660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=253 compat=0 ip=0x7ff71486c9a9 code=0x7ffc0000
[  139.758539][   T30] audit: type=1326 audit(2000002166.741:2225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6632 comm="syz.1.2660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff71486c9a9 code=0x7ffc0000
[  139.783015][   T30] audit: type=1326 audit(2000002166.741:2226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6632 comm="syz.1.2660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff71486c9a9 code=0x7ffc0000
[  139.842212][ T6644] netlink: 8 bytes leftover after parsing attributes in process `syz.8.2651'.
[  139.851176][   T30] audit: type=1326 audit(2000002166.741:2227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6632 comm="syz.1.2660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff71486c9a9 code=0x7ffc0000
[  139.895202][ T6644] netlink: 32 bytes leftover after parsing attributes in process `syz.8.2651'.
[  139.899958][   T30] audit: type=1326 audit(2000002166.741:2228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6632 comm="syz.1.2660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff71486c9a9 code=0x7ffc0000
[  139.942112][   T45] attempt to access beyond end of device
[  139.942112][   T45] loop6: rw=2049, want=40976, limit=40427
[  140.001811][   T30] audit: type=1326 audit(2000002166.741:2229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6632 comm="syz.1.2660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff71486c9a9 code=0x7ffc0000
[  140.046228][   T30] audit: type=1326 audit(2000002166.741:2230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6632 comm="syz.1.2660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=254 compat=0 ip=0x7ff71486c9a9 code=0x7ffc0000
[  140.100975][    C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured!
[  140.123064][   T30] audit: type=1326 audit(2000002166.741:2231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6632 comm="syz.1.2660" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff71486c9a9 code=0x7ffc0000
[  140.265686][ T6658] SELinux:  policydb string length 1245192 does not match expected length 8
[  140.300825][ T6658] SELinux: failed to load policy
[  140.344940][ T6669] loop8: detected capacity change from 0 to 512
[  140.524779][ T6669] EXT4-fs error (device loop8): ext4_orphan_get:1401: inode #15: comm syz.8.2667: casefold flag without casefold feature
[  140.561110][ T6669] EXT4-fs error (device loop8): ext4_orphan_get:1406: comm syz.8.2667: couldn't read orphan inode 15 (err -117)
[  140.621095][ T6669] EXT4-fs (loop8): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  140.668663][ T6690] loop6: detected capacity change from 0 to 512
[  140.770345][ T6690] EXT4-fs warning (device loop6): dx_probe:893: inode #2: comm syz.6.2676: dx entry: limit 0 != root limit 125
[  140.795213][ T6690] EXT4-fs warning (device loop6): dx_probe:966: inode #2: comm syz.6.2676: Corrupt directory, running e2fsck is recommended
[  140.843456][ T6690] EXT4-fs (loop6): Cannot turn on journaled quota: type 1: error -117
[  140.893838][ T6697] loop8: detected capacity change from 0 to 512
[  140.900178][ T6690] EXT4-fs error (device loop6): ext4_xattr_ibody_find:2228: inode #15: comm syz.6.2676: corrupted in-inode xattr
[  140.965190][ T6690] EXT4-fs (loop6): Remounting filesystem read-only
[  140.981041][ T6690] EXT4-fs error (device loop6): ext4_orphan_get:1406: comm syz.6.2676: couldn't read orphan inode 15 (err -117)
[  141.007904][ T6690] EXT4-fs (loop6): Remounting filesystem read-only
[  141.015802][ T6697] EXT4-fs error (device loop8): ext4_orphan_get:1401: inode #15: comm syz.8.2679: casefold flag without casefold feature
[  141.030976][ T6690] EXT4-fs (loop6): mounted filesystem without journal. Opts: dioread_lock,noblock_validity,abort,nodelalloc,user_xattr,grpjquota=.max_batch_time=0x0000000000000003,errors=remount-ro,jqfmt=vfsv1,grpid,,. Quota mode: writeback.
[  141.069826][ T6697] EXT4-fs error (device loop8): ext4_orphan_get:1406: comm syz.8.2679: couldn't read orphan inode 15 (err -117)
[  141.118742][ T6697] EXT4-fs (loop8): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  141.145293][ T6690] EXT4-fs warning (device loop6): dx_probe:893: inode #2: comm syz.6.2676: dx entry: limit 0 != root limit 125
[  141.199285][ T6690] EXT4-fs warning (device loop6): dx_probe:966: inode #2: comm syz.6.2676: Corrupt directory, running e2fsck is recommended
[  141.220137][ T6708] syz.1.2684[6708] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  141.220221][ T6708] syz.1.2684[6708] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  141.234615][ T6690] EXT4-fs error (device loop6): ext4_readdir:263: inode #2: block 255: comm syz.6.2676: path /326/file0: bad entry in directory: rec_len is smaller than minimal - offset=0, inode=0, rec_len=0, size=1024 fake=0
[  141.267631][ T6690] EXT4-fs (loop6): Remounting filesystem read-only
[  141.274745][ T6690] EXT4-fs error (device loop6): ext4_readdir:263: inode #2: block 8: comm syz.6.2676: path /326/file0: bad entry in directory: rec_len % 4 != 0 - offset=0, inode=33261, rec_len=1050, size=1024 fake=0
[  141.313328][ T6690] EXT4-fs (loop6): Remounting filesystem read-only
[  141.423374][ T6723] syz.6.2691[6723] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  141.423439][ T6723] syz.6.2691[6723] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  141.442944][ T6723] syz.6.2691[6723] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  141.461297][   T20] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  141.465539][ T6723] syz.6.2691[6723] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  141.722263][   T20] usb 10-1: Using ep0 maxpacket: 16
[  141.871013][   T20] usb 10-1: config 0 interface 0 has no altsetting 0
[  141.877749][   T20] usb 10-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  141.900924][   T20] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  141.916552][   T20] usb 10-1: config 0 descriptor??
[  142.164243][ T6706] loop9: detected capacity change from 0 to 512
[  142.202012][ T6706] EXT4-fs error (device loop9): ext4_xattr_inode_iget:404: comm syz.9.2683: inode #1: comm syz.9.2683: iget: illegal inode #
[  142.225222][ T6706] EXT4-fs error (device loop9): ext4_xattr_inode_iget:409: comm syz.9.2683: error while reading EA inode 1 err=-117
[  142.237871][ T6706] EXT4-fs error (device loop9): ext4_xattr_inode_iget:404: comm syz.9.2683: inode #1: comm syz.9.2683: iget: illegal inode #
[  142.257781][ T6706] EXT4-fs error (device loop9): ext4_xattr_inode_iget:409: comm syz.9.2683: error while reading EA inode 1 err=-117
[  142.291669][ T6706] EXT4-fs (loop9): 1 orphan inode deleted
[  142.297684][ T6706] EXT4-fs (loop9): mounted filesystem without journal. Opts: nodioread_nolock,sysvgroups,debug_want_extra_isize=0x000000000000004c,auto_da_alloc=0x00000000000007ff,grpid,acl,usrjquota=,grpjquota=,usrquota,dioread_lock,,errors=continue. Quota mode: writeback.
[  142.413489][ T6760] loop8: detected capacity change from 0 to 128
[  142.452862][ T6760] EXT4-fs (loop8): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  142.472145][ T6760] ext4 filesystem being mounted at /30/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  142.500763][ T6760] EXT4-fs (loop8): re-mounted. Opts: . Quota mode: none.
[  142.516223][ T6760] overlayfs: Failed to create volatile/dirty file.
[  142.527133][ T6760] overlayfs: overlay with incompat feature 'volatile' cannot be mounted
[  142.622775][   T20] hid (null): global environment stack underflow
[  142.629410][   T20] hid (null): unknown global tag 0x8d
[  142.639278][   T20] hid (null): unknown global tag 0x35
[  142.831102][  T336] usb 10-1: USB disconnect, device number 3
[  142.848446][ T6783] loop6: detected capacity change from 0 to 1024
[  142.895253][ T6783] EXT4-fs (loop6): Ignoring removed orlov option
[  142.912671][ T6785] netlink: 128 bytes leftover after parsing attributes in process `syz.8.2715'.
[  142.922940][ T6783] EXT4-fs (loop6): mounted filesystem without journal. Opts: orlov,min_batch_time=0x0000000000000004,,errors=continue. Quota mode: writeback.
[  143.002096][ T6788] loop8: detected capacity change from 0 to 1024
[  143.102880][ T6788] EXT4-fs (loop8): mounted filesystem without journal. Opts: user_xattr,nodioread_nolock,,errors=continue. Quota mode: none.
[  143.121024][ T6788] ext4 filesystem being mounted at /33/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  143.500939][  T336] usb 9-1: new high-speed USB device number 3 using dummy_hcd
[  143.921058][  T336] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  143.931003][ T3985] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  143.932942][  T336] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  143.951061][  T336] usb 9-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00
[  143.964113][  T336] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  143.972317][   T20] usb 10-1: new high-speed USB device number 4 using dummy_hcd
[  143.989562][  T336] usb 9-1: config 0 descriptor??
[  144.031494][   T30] kauditd_printk_skb: 40 callbacks suppressed
[  144.031508][   T30] audit: type=1326 audit(2000002171.071:2272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6820 comm="syz.6.2731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbefb3429a9 code=0x7ffc0000
[  144.071845][   T30] audit: type=1326 audit(2000002171.101:2273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6820 comm="syz.6.2731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=233 compat=0 ip=0x7fbefb3429a9 code=0x7ffc0000
[  144.095729][   T30] audit: type=1326 audit(2000002171.101:2274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6820 comm="syz.6.2731" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbefb3429a9 code=0x7ffc0000
[  144.190926][ T3985] usb 2-1: Using ep0 maxpacket: 16
[  144.210982][   T20] usb 10-1: Using ep0 maxpacket: 16
[  144.330971][ T3985] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  144.331000][   T20] usb 10-1: config 0 interface 0 has no altsetting 0
[  144.349677][  T336] usbhid 9-1:0.0: can't add hid device: -71
[  144.350946][ T3985] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  144.355657][  T336] usbhid: probe of 9-1:0.0 failed with error -71
[  144.380939][   T20] usb 10-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  144.390210][   T20] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  144.400995][  T336] usb 9-1: USB disconnect, device number 3
[  144.415478][ T6834] netlink: 'syz.6.2736': attribute type 12 has an invalid length.
[  144.421837][   T20] usb 10-1: config 0 descriptor??
[  144.429477][ T6834] netlink: 'syz.6.2736': attribute type 29 has an invalid length.
[  144.437887][ T6834] netlink: 148 bytes leftover after parsing attributes in process `syz.6.2736'.
[  144.458562][ T6834] netlink: 51 bytes leftover after parsing attributes in process `syz.6.2736'.
[  144.536397][ T6840] loop6: detected capacity change from 0 to 128
[  144.551034][ T3985] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  144.560740][ T3985] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  144.569449][ T3985] usb 2-1: Product: syz
[  144.574779][ T6840] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  144.585448][ T3985] usb 2-1: Manufacturer: syz
[  144.590060][ T3985] usb 2-1: SerialNumber: syz
[  144.595539][ T6840] ext4 filesystem being mounted at /349/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  144.616392][ T6840] EXT4-fs (loop6): re-mounted. Opts: . Quota mode: none.
[  144.630561][ T6840] overlayfs: Failed to create volatile/dirty file.
[  144.642599][ T6840] overlayfs: overlay with incompat feature 'volatile' cannot be mounted
[  144.670923][ T6815] loop9: detected capacity change from 0 to 512
[  144.752296][ T6815] EXT4-fs error (device loop9): ext4_xattr_inode_iget:404: comm syz.9.2728: inode #1: comm syz.9.2728: iget: illegal inode #
[  144.783615][ T6815] EXT4-fs error (device loop9): ext4_xattr_inode_iget:409: comm syz.9.2728: error while reading EA inode 1 err=-117
[  144.809803][ T6815] EXT4-fs error (device loop9): ext4_xattr_inode_iget:404: comm syz.9.2728: inode #1: comm syz.9.2728: iget: illegal inode #
[  144.823289][ T6815] EXT4-fs error (device loop9): ext4_xattr_inode_iget:409: comm syz.9.2728: error while reading EA inode 1 err=-117
[  144.835807][ T6815] EXT4-fs (loop9): 1 orphan inode deleted
[  144.841601][ T6815] EXT4-fs (loop9): mounted filesystem without journal. Opts: nodioread_nolock,sysvgroups,debug_want_extra_isize=0x000000000000004c,auto_da_alloc=0x00000000000007ff,grpid,acl,usrjquota=,grpjquota=,usrquota,dioread_lock,,errors=continue. Quota mode: writeback.
[  144.921043][ T3985] usb 2-1: 0:2 : does not exist
[  144.928459][ T3985] usb 2-1: USB disconnect, device number 15
[  144.978309][ T4600] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  144.991138][ T6857] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  145.102265][   T20] hid (null): report_id 17622 is invalid
[  145.107956][   T20] hid (null): invalid report_count -301597146
[  145.121982][   T20] hid (null): report_id 10372 is invalid
[  145.131154][   T20] hid (null): global environment stack underflow
[  145.137611][   T20] hid (null): report_id 0 is invalid
[  145.161075][   T20] hid (null): global environment stack underflow
[  145.168979][   T20] hid (null): usage index exceeded
[  145.192548][   T20] hid (null): invalid report_count 497205603
[  145.198708][   T20] hid (null): invalid report_count -400155653
[  145.212858][   T20] hid (null): unknown global tag 0xe
[  145.224870][   T20] hid (null): unknown global tag 0xe
[  145.371618][   T20] usb 10-1: USB disconnect, device number 4
[  145.387833][ T6871] loop6: detected capacity change from 0 to 4096
[  145.416596][ T6871] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  145.494469][   T30] audit: type=1326 audit(2000002172.531:2275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6877 comm="syz.1.2755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff71486c9a9 code=0x7ffc0000
[  145.531015][   T30] audit: type=1326 audit(2000002172.551:2276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6877 comm="syz.1.2755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff71486c9a9 code=0x7ffc0000
[  145.555945][   T30] audit: type=1326 audit(2000002172.551:2277): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6877 comm="syz.1.2755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=36 compat=0 ip=0x7ff71486c9a9 code=0x7ffc0000
[  145.579495][   T30] audit: type=1326 audit(2000002172.551:2278): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6877 comm="syz.1.2755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff71486c9a9 code=0x7ffc0000
[  145.603649][   T30] audit: type=1326 audit(2000002172.551:2279): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=6877 comm="syz.1.2755" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff71486c9a9 code=0x7ffc0000
[  145.627088][   T30] audit: type=1400 audit(2000002172.561:2280): avc:  denied  { setattr } for  pid=6870 comm="syz.6.2752" name="file0" dev="loop6" ino=12 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  145.656260][ T6871] syz.6.2752 (6871) used greatest stack depth: 20320 bytes left
[  145.670977][   T30] audit: type=1400 audit(2000002172.571:2281): avc:  denied  { add_name } for  pid=6870 comm="syz.6.2752" name="file2" dev="overlay" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:unlabeled_t tclass=dir permissive=1
[  145.719189][   T20] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  145.728467][ T6884] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  145.925104][ T6894] loop6: detected capacity change from 0 to 1024
[  145.992508][ T6894] EXT4-fs (loop6): ext4_check_descriptors: Inode bitmap for group 0 overlaps block group descriptors
[  146.014979][ T6894] EXT4-fs (loop6): ext4_check_descriptors: Checksum for group 0 failed (51554!=20869)
[  146.050923][ T6894] JBD2: no valid journal superblock found
[  146.056896][ T6894] EXT4-fs (loop6): error loading journal
[  146.146323][ T6914] xt_hashlimit: size too large, truncated to 1048576
[  146.159228][ T6894] netlink: 8 bytes leftover after parsing attributes in process `syz.6.2761'.
[  146.275288][ T6923] loop9: detected capacity change from 0 to 512
[  146.362822][ T6923] EXT4-fs (loop9): Ignoring removed orlov option
[  146.371033][ T6923] EXT4-fs (loop9): encrypted files will use data=ordered instead of data journaling mode
[  146.425133][ T6923] EXT4-fs (loop9): 1 orphan inode deleted
[  146.432548][ T6932] device wireguard0 entered promiscuous mode
[  146.439685][ T6923] EXT4-fs (loop9): 1 truncate cleaned up
[  146.446014][ T6923] EXT4-fs (loop9): mounted filesystem without journal. Opts: init_itable=0x0000000000000957,nombcache,debug_want_extra_isize=0x000000000000002a,stripe=0x0000000000000008,orlov,noload,,errors=continue. Quota mode: none.
[  146.476004][ T6923] EXT4-fs error (device loop9): ext4_mb_generate_buddy:1152: group 0, block bitmap and bg descriptor inconsistent: 191 vs 220 free clusters
[  146.513979][ T6923] overlayfs: failed to set xattr on upper
[  146.540766][ T6923] EXT4-fs error (device loop9): ext4_lookup:1858: inode #15: comm syz.9.2773: iget: bad extra_isize 46 (inode size 256)
[  146.596752][ T6487] EXT4-fs error (device loop9): __ext4_iget:4925: inode #11: block 458766: comm syz-executor: invalid block
[  146.634255][ T6487] EXT4-fs error (device loop9): __ext4_iget:4925: inode #11: block 458766: comm syz-executor: invalid block
[  146.911350][ T6951] syz.8.2788[6951] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  146.911431][ T6951] syz.8.2788[6951] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  146.940951][ T1857] usb 2-1: new full-speed USB device number 16 using dummy_hcd
[  146.953711][ T6951] loop8: detected capacity change from 0 to 512
[  147.018082][ T6951] EXT4-fs (loop8): orphan cleanup on readonly fs
[  147.042659][ T6951] EXT4-fs error (device loop8): ext4_acquire_dquot:6198: comm syz.8.2788: Failed to acquire dquot type 1
[  147.076980][ T6951] EXT4-fs (loop8): 1 truncate cleaned up
[  147.083340][ T6952] bridge0: port 1(bridge_slave_0) entered blocking state
[  147.090373][ T6952] bridge0: port 1(bridge_slave_0) entered disabled state
[  147.099981][ T6951] EXT4-fs (loop8): mounted filesystem without journal. Opts: barrier,,errors=continue. Quota mode: writeback.
[  147.119215][ T6952] device bridge_slave_0 entered promiscuous mode
[  147.146607][ T6951] EXT4-fs (loop8): warning: mounting fs with errors, running e2fsck is recommended
[  147.162788][ T6952] bridge0: port 2(bridge_slave_1) entered blocking state
[  147.170531][ T6952] bridge0: port 2(bridge_slave_1) entered disabled state
[  147.183249][ T6951] EXT4-fs warning (device loop8): read_mmp_block:115: Error -117 while reading MMP block 8
[  147.198915][ T6952] device bridge_slave_1 entered promiscuous mode
[  147.331007][ T1857] usb 2-1: config 1 has an invalid descriptor of length 116, skipping remainder of the config
[  147.342062][ T1857] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3
[  147.417368][  T505] device bridge_slave_1 left promiscuous mode
[  147.426831][  T505] bridge0: port 2(bridge_slave_1) entered disabled state
[  147.441968][  T505] device bridge_slave_0 left promiscuous mode
[  147.448203][  T505] bridge0: port 1(bridge_slave_0) entered disabled state
[  147.456613][  T505] device veth1_macvtap left promiscuous mode
[  147.471011][  T505] device veth0_vlan left promiscuous mode
[  147.521032][ T1857] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  147.540406][ T1857] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  147.550503][ T1857] usb 2-1: Product: syz
[  147.560582][ T1857] usb 2-1: Manufacturer: syz
[  147.570672][ T1857] usb 2-1: SerialNumber: syz
[  147.623796][ T6966] loop6: detected capacity change from 0 to 512
[  147.662992][ T6966] EXT4-fs error (device loop6): ext4_orphan_get:1401: inode #15: comm syz.6.2790: casefold flag without casefold feature
[  147.685962][ T6966] EXT4-fs error (device loop6): ext4_orphan_get:1406: comm syz.6.2790: couldn't read orphan inode 15 (err -117)
[  147.690328][ T6952] bridge0: port 2(bridge_slave_1) entered blocking state
[  147.704877][ T6952] bridge0: port 2(bridge_slave_1) entered forwarding state
[  147.712177][ T6952] bridge0: port 1(bridge_slave_0) entered blocking state
[  147.719204][ T6952] bridge0: port 1(bridge_slave_0) entered forwarding state
[  147.728205][   T45] bridge0: port 1(bridge_slave_0) entered disabled state
[  147.735465][ T6966] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  147.746588][   T45] bridge0: port 2(bridge_slave_1) entered disabled state
[  147.800089][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  147.809919][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  147.829267][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  147.854763][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  147.877065][   T45] bridge0: port 1(bridge_slave_0) entered blocking state
[  147.884170][   T45] bridge0: port 1(bridge_slave_0) entered forwarding state
[  147.911044][ T1857] usb 2-1: 0:2 : does not exist
[  147.922978][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  147.941443][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  147.961155][   T45] bridge0: port 2(bridge_slave_1) entered blocking state
[  147.968237][   T45] bridge0: port 2(bridge_slave_1) entered forwarding state
[  147.980143][ T1857] usb 2-1: USB disconnect, device number 16
[  147.995262][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  148.008580][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  148.030247][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  148.038678][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  148.057861][ T6952] device veth0_vlan entered promiscuous mode
[  148.080490][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  148.101872][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  148.119039][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  148.135078][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  148.160556][ T6977] loop6: detected capacity change from 0 to 4096
[  148.172213][ T6952] device veth1_macvtap entered promiscuous mode
[  148.187485][ T6977] EXT4-fs (loop6): Test dummy encryption mode enabled
[  148.189077][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  148.211584][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  148.211796][  T765] udevd[765]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  148.226964][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  148.243240][ T6977] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  148.261180][ T6977] System zones: 0-5
[  148.271420][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  148.286669][ T6977] EXT4-fs (loop6): mounted filesystem without journal. Opts: debug,delalloc,journal_ioprio=0x0000000000000000,test_dummy_encryption,nodiscard,min_batch_time=0x0000000000000004,acl,debug_want_extra_isize=0x0000000000000040,,errors=continue. Quota mode: writeback.
[  148.318049][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  148.357612][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  148.376183][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  148.385487][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  148.393946][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  148.660972][    C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  148.706551][ T7007] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=7007 comm=syz.1.2807
[  149.255555][ T3747] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  149.431306][ T7086] overlayfs: failed to resolve './file0': -2
[  149.541398][ T3747] usb 9-1: Using ep0 maxpacket: 16
[  149.547247][ T7084] loop6: detected capacity change from 0 to 40427
[  149.654249][ T7084] F2FS-fs (loop6): fault_injection options not supported
[  149.671157][ T3747] usb 9-1: config 0 interface 0 has no altsetting 0
[  149.672509][ T7084] F2FS-fs (loop6): invalid crc value
[  149.680409][ T3747] usb 9-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  149.699794][ T7084] F2FS-fs (loop6): Found nat_bits in checkpoint
[  149.714034][ T3747] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  149.734799][ T3747] usb 9-1: config 0 descriptor??
[  149.771619][ T7084] F2FS-fs (loop6): Mounted with checkpoint version = 48b305e5
[  149.831291][ T7093] attempt to access beyond end of device
[  149.831291][ T7093] loop6: rw=2049, want=45104, limit=40427
[  149.994300][ T7055] loop8: detected capacity change from 0 to 512
[  150.094077][ T7055] EXT4-fs error (device loop8): ext4_xattr_inode_iget:404: comm syz.8.2828: inode #1: comm syz.8.2828: iget: illegal inode #
[  150.101058][    C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  150.151106][ T7055] EXT4-fs error (device loop8): ext4_xattr_inode_iget:409: comm syz.8.2828: error while reading EA inode 1 err=-117
[  150.210296][ T7055] EXT4-fs error (device loop8): ext4_xattr_inode_iget:404: comm syz.8.2828: inode #1: comm syz.8.2828: iget: illegal inode #
[  150.253969][ T7055] EXT4-fs error (device loop8): ext4_xattr_inode_iget:409: comm syz.8.2828: error while reading EA inode 1 err=-117
[  150.279994][ T7055] EXT4-fs (loop8): 1 orphan inode deleted
[  150.291475][ T7055] EXT4-fs (loop8): mounted filesystem without journal. Opts: nodioread_nolock,sysvgroups,debug_want_extra_isize=0x000000000000004c,auto_da_alloc=0x00000000000007ff,grpid,acl,usrjquota=,grpjquota=,usrquota,dioread_lock,,errors=continue. Quota mode: writeback.
[  150.527240][ T7114] syz.2.2852[7114] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  150.527327][ T7114] syz.2.2852[7114] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  150.553857][   T30] kauditd_printk_skb: 59 callbacks suppressed
[  150.553873][   T30] audit: type=1400 audit(2000000004.300:2339): avc:  denied  { shutdown } for  pid=7128 comm="syz.6.2860" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=vsock_socket permissive=1
[  150.613484][ T3747] hid (null): global environment stack underflow
[  150.619975][ T3747] hid (null): unknown global tag 0x8d
[  150.625545][   T30] audit: type=1326 audit(2000000004.360:2340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7130 comm="syz.6.2861" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbefb3429a9 code=0x7ffc0000
[  150.649596][ T3747] hid (null): unknown global tag 0x35
[  150.658206][   T30] audit: type=1326 audit(2000000004.360:2341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7130 comm="syz.6.2861" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbefb3429a9 code=0x7ffc0000
[  150.681860][   T30] audit: type=1326 audit(2000000004.360:2342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7130 comm="syz.6.2861" exe="/root/syz-executor" sig=0 arch=c000003e syscall=435 compat=0 ip=0x7fbefb3429a9 code=0x7ffc0000
[  150.705362][   T30] audit: type=1326 audit(2000000004.360:2343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7130 comm="syz.6.2861" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbefb3429a9 code=0x7ffc0000
[  150.728871][   T30] audit: type=1326 audit(2000000004.370:2344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7130 comm="syz.6.2861" exe="/root/syz-executor" sig=0 arch=c000003e syscall=61 compat=0 ip=0x7fbefb3429a9 code=0x7ffc0000
[  150.752513][   T30] audit: type=1326 audit(2000000004.370:2345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7134 comm="syz.6.2861" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fbefb375265 code=0x7ffc0000
[  150.776227][   T30] audit: type=1326 audit(2000000004.520:2346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7134 comm="syz.6.2861" exe="/root/syz-executor" sig=0 arch=c000003e syscall=60 compat=0 ip=0x7fbefb3429a9 code=0x7ffc0000
[  150.799773][   T30] audit: type=1326 audit(2000000004.530:2347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7130 comm="syz.6.2861" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbefb3429a9 code=0x7ffc0000
[  150.828280][   T30] audit: type=1326 audit(2000000004.530:2348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7130 comm="syz.6.2861" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbefb3429a9 code=0x7ffc0000
[  150.836978][    T6] usb 9-1: USB disconnect, device number 4
[  150.885982][ T7136] loop6: detected capacity change from 0 to 1024
[  150.923600][ T7136] EXT4-fs (loop6): Ignoring removed nobh option
[  150.929884][ T7136] EXT4-fs (loop6): Ignoring removed bh option
[  150.946389][ T7136] EXT4-fs (loop6): Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  150.972674][ T7136] EXT4-fs (loop6): mounted filesystem without journal. Opts: delalloc,data_err=abort,barrier=0x0000000000000002,nojournal_checksum,data_err=ignore,max_dir_size_kb=0x00000000004007b1,data_err=ignore,grpquota,nobh,user_xattr,bh,dioread_nolock,,errors=continue. Quota mode: writeback.
[  151.023924][ T7144] bridge0: port 1(bridge_slave_0) entered blocking state
[  151.031107][ T7144] bridge0: port 1(bridge_slave_0) entered disabled state
[  151.038638][ T7144] device bridge_slave_0 entered promiscuous mode
[  151.049146][ T7144] bridge0: port 2(bridge_slave_1) entered blocking state
[  151.056801][ T7144] bridge0: port 2(bridge_slave_1) entered disabled state
[  151.064552][ T7144] device bridge_slave_1 entered promiscuous mode
[  151.224616][ T7182] loop9: detected capacity change from 0 to 7
[  151.245092][ T7144] bridge0: port 2(bridge_slave_1) entered blocking state
[  151.252166][ T7144] bridge0: port 2(bridge_slave_1) entered forwarding state
[  151.259491][ T7144] bridge0: port 1(bridge_slave_0) entered blocking state
[  151.266551][ T7144] bridge0: port 1(bridge_slave_0) entered forwarding state
[  151.293676][  T430] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  151.304623][  T430] bridge0: port 1(bridge_slave_0) entered disabled state
[  151.321004][  T430] bridge0: port 2(bridge_slave_1) entered disabled state
[  151.334077][  T430] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  151.343387][  T430] bridge0: port 1(bridge_slave_0) entered blocking state
[  151.350435][  T430] bridge0: port 1(bridge_slave_0) entered forwarding state
[  151.358292][  T430] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  151.365669][ T7187] loop6: detected capacity change from 0 to 4096
[  151.382965][  T430] bridge0: port 2(bridge_slave_1) entered blocking state
[  151.390020][  T430] bridge0: port 2(bridge_slave_1) entered forwarding state
[  151.409867][  T430] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  151.417915][  T430] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  151.454450][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  151.471485][ T7187] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  151.517693][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  151.532101][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  151.550629][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  151.559650][ T7144] device veth0_vlan entered promiscuous mode
[  151.570370][ T7199] loop8: detected capacity change from 0 to 1024
[  151.593838][   T10] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  151.609930][ T7144] device veth1_macvtap entered promiscuous mode
[  151.626745][ T7199] EXT4-fs (loop8): mounted filesystem without journal. Opts: user_xattr,nodioread_nolock,,errors=continue. Quota mode: none.
[  151.661006][ T7199] ext4 filesystem being mounted at /58/file1 supports timestamps until 2038-01-19 (0x7fffffff)
[  151.681889][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  151.714631][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  151.732913][ T7199] EXT4-fs error (device loop8): ext4_map_blocks:740: inode #15: block 3: comm syz.8.2887: lblock 3 mapped to illegal pblock 3 (length 1)
[  151.761797][ T7199] EXT4-fs (loop8): Delayed block allocation failed for inode 15 at logical offset 3 with max blocks 1 with error 117
[  151.792307][ T7199] EXT4-fs (loop8): This should not happen!! Data will be lost
[  151.792307][ T7199] 
[  151.859508][ T7220] syz.0.2894[7220] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  151.859574][ T7220] syz.0.2894[7220] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  151.882704][ T7220] overlayfs: failed to resolve './file0': -2
[  151.934953][ T7224] loop6: detected capacity change from 0 to 512
[  151.973888][ T7224] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  151.975480][ T7226] loop8: detected capacity change from 0 to 4096
[  152.009711][ T7226] EXT4-fs (loop8): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: writeback.
[  152.133186][ T7241] loop8: detected capacity change from 0 to 4096
[  152.155049][ T7241] EXT4-fs (loop8): Test dummy encryption mode enabled
[  152.163369][ T7241] [EXT4 FS bs=4096, gc=1, bpg=524288, ipg=32, mo=a842c018, mo2=0003]
[  152.171713][ T7241] System zones: 0-5
[  152.176400][ T7241] EXT4-fs (loop8): mounted filesystem without journal. Opts: debug,delalloc,journal_ioprio=0x0000000000000000,test_dummy_encryption,nodiscard,min_batch_time=0x0000000000000004,acl,debug_want_extra_isize=0x0000000000000040,,errors=continue. Quota mode: writeback.
[  152.350947][ T3747] usb 3-1: new high-speed USB device number 3 using dummy_hcd
[  152.590929][ T3747] usb 3-1: Using ep0 maxpacket: 16
[  152.710964][ T3747] usb 3-1: config 153 has an invalid interface number: 4 but max is 2
[  152.719134][ T3747] usb 3-1: config 153 has an invalid interface number: 4 but max is 2
[  152.727312][ T3747] usb 3-1: config 153 has an invalid interface number: 35 but max is 2
[  152.735735][ T3747] usb 3-1: config 153 has 2 interfaces, different from the descriptor's value: 3
[  152.745111][ T3747] usb 3-1: config 153 has no interface number 0
[  152.751425][ T3747] usb 3-1: config 153 has no interface number 1
[  152.757703][ T3747] usb 3-1: config 153 interface 4 altsetting 72 endpoint 0x3 has invalid maxpacket 512, setting to 64
[  152.768710][ T3747] usb 3-1: config 153 interface 35 altsetting 8 endpoint 0xC has invalid maxpacket 1023, setting to 64
[  152.779766][ T3747] usb 3-1: config 153 interface 4 has no altsetting 1
[  152.786555][ T3747] usb 3-1: config 153 interface 35 has no altsetting 0
[  152.971023][ T3747] usb 3-1: New USB device found, idVendor=2c7c, idProduct=0296, bcdDevice=39.3c
[  152.980183][ T3747] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  152.988398][ T3747] usb 3-1: Product: syz
[  152.992696][ T3747] usb 3-1: Manufacturer: syz
[  152.997309][ T3747] usb 3-1: SerialNumber: syz
[  153.320711][ T7288] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=7288 comm=syz.8.2922
[  153.334469][ T7288] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=7288 comm=syz.8.2922
[  153.375114][ T3747] usb 3-1: USB disconnect, device number 3
[  153.401939][ T7290] loop8: detected capacity change from 0 to 512
[  153.970135][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_0: link becomes ready
[  153.988591][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  154.000079][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): bond_slave_1: link becomes ready
[  154.008596][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  154.016837][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  154.025849][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  154.034199][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  154.042924][   T45] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  154.194901][ T7311] loop8: detected capacity change from 0 to 40427
[  154.218598][ T7339] incfs: Options parsing error. -22
[  154.228767][ T7311] F2FS-fs (loop8): Invalid log_blocksize (268), supports only 12
[  154.239780][ T7311] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock
[  154.241771][ T7339] incfs: mount failed -22
[  154.249863][ T7311] F2FS-fs (loop8): invalid crc value
[  154.272753][ T7311] F2FS-fs (loop8): Found nat_bits in checkpoint
[  154.308863][ T7311] F2FS-fs (loop8): Try to recover 1th superblock, ret: 0
[  154.316085][ T7311] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  154.388003][ T7361] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2955'.
[  154.397152][ T7361] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2955'.
[  154.407023][ T7361] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2955'.
[  154.421199][ T3985] usb 7-1: new high-speed USB device number 18 using dummy_hcd
[  154.426579][ T7361] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2955'.
[  154.800961][ T3985] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  154.811023][ T3985] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5
[  154.829620][ T3985] usb 7-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00
[  154.839077][ T3985] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  154.851348][ T3985] usb 7-1: config 0 descriptor??
[  154.907272][ T7386] SELinux: failed to load policy
[  154.944815][ T7391] device wireguard0 entered promiscuous mode
[  155.333586][ T3985] kovaplus 0003:1E7D:2D50.001F: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.6-1/input0
[  155.596636][ T7430] syz.0.2984[7430] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  155.596728][ T7430] syz.0.2984[7430] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  155.612133][   T30] kauditd_printk_skb: 96 callbacks suppressed
[  155.612146][   T30] audit: type=1400 audit(2000000009.350:2445): avc:  denied  { create } for  pid=7429 comm="syz.0.2984" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  155.680254][   T30] audit: type=1400 audit(2000000009.360:2446): avc:  denied  { connect } for  pid=7429 comm="syz.0.2984" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  155.731776][   T30] audit: type=1400 audit(2000000009.360:2447): avc:  denied  { write } for  pid=7429 comm="syz.0.2984" path="socket:[50111]" dev="sockfs" ino=50111 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=pppox_socket permissive=1
[  155.960005][   T30] audit: type=1400 audit(2000000009.700:2448): avc:  denied  { write } for  pid=7440 comm="syz.8.2989" name="001" dev="devtmpfs" ino=184 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:usb_device_t tclass=chr_file permissive=1
[  155.993214][ T7441] hub 9-0:1.0: USB hub found
[  155.998367][ T7441] hub 9-0:1.0: 1 port detected
[  156.037183][   T30] audit: type=1400 audit(2000000009.780:2449): avc:  denied  { setopt } for  pid=7443 comm="syz.8.2990" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1
[  156.101012][    C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  156.159195][   T30] audit: type=1400 audit(2000000009.900:2450): avc:  denied  { block_suspend } for  pid=7452 comm="syz.2.2994" capability=36  scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1
[  156.191059][ T3985] kovaplus 0003:1E7D:2D50.001F: couldn't init struct kovaplus_device
[  156.202261][ T3985] kovaplus 0003:1E7D:2D50.001F: couldn't install mouse
[  156.217574][   T30] audit: type=1326 audit(2000000009.960:2451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7458 comm="syz.2.2997" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fc5cca9a9 code=0x7ffc0000
[  156.241788][ T3985] kovaplus: probe of 0003:1E7D:2D50.001F failed with error -71
[  156.254035][   T30] audit: type=1326 audit(2000000009.990:2452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7458 comm="syz.2.2997" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fc5cca9a9 code=0x7ffc0000
[  156.262012][ T3985] usb 7-1: USB disconnect, device number 18
[  156.318344][   T30] audit: type=1326 audit(2000000009.990:2453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7458 comm="syz.2.2997" exe="/root/syz-executor" sig=0 arch=c000003e syscall=114 compat=0 ip=0x7f7fc5cca9a9 code=0x7ffc0000
[  156.345699][   T30] audit: type=1326 audit(2000000009.990:2454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7458 comm="syz.2.2997" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7fc5cca9a9 code=0x7ffc0000
[  156.390792][ T7470] 9pnet: p9_errstr2errno: server reported unknown error �@���p��A���
��;
KZ�44�/@�q��k�p
[  156.390792][ T7470] �C<+
[  156.450936][    T6] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  156.611739][ T7494] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3013'.
[  156.839743][ T7528] netlink: 'syz.1.3028': attribute type 12 has an invalid length.
[  156.855762][ T7528] netlink: 'syz.1.3028': attribute type 29 has an invalid length.
[  156.863737][ T7528] netlink: 148 bytes leftover after parsing attributes in process `syz.1.3028'.
[  156.972445][    T6] usb 9-1: New USB device found, idVendor=6189, idProduct=182d, bcdDevice= 1.73
[  157.060917][    T6] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  157.068949][    T6] usb 9-1: Product: syz
[  157.130919][    T6] usb 9-1: Manufacturer: syz
[  157.135672][    T6] usb 9-1: SerialNumber: syz
[  157.181628][    T6] usb 9-1: config 0 descriptor??
[  158.281000][    T6] usb 9-1: can't set config #0, error -71
[  158.290397][    T6] usb 9-1: USB disconnect, device number 5
[  158.496801][ T7587] netlink: 96 bytes leftover after parsing attributes in process `syz.1.3053'.
[  158.913611][ T7638] SELinux:  policydb magic number 0x0 does not match expected magic number 0xf97cff8c
[  158.924316][ T7638] SELinux: failed to load policy
[  158.949496][ T7644] loop8: detected capacity change from 0 to 512
[  158.961034][ T3747] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  158.977651][ T7644] EXT4-fs (loop8): encrypted files will use data=ordered instead of data journaling mode
[  158.992249][ T7644] EXT4-fs (loop8): 1 truncate cleaned up
[  158.997917][ T7644] EXT4-fs (loop8): mounted filesystem without journal. Opts: init_itable,resuid=0x0000000000000000,stripe=0x0000000000000040,,errors=continue. Quota mode: none.
[  159.141394][    T6] usb 3-1: new high-speed USB device number 4 using dummy_hcd
[  159.173638][ T7666] loop8: detected capacity change from 0 to 1024
[  159.202154][ T7666] EXT4-fs (loop8): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  159.212776][ T3747] usb 2-1: Using ep0 maxpacket: 32
[  159.301046][    C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!
[  159.340966][ T3747] usb 2-1: config 0 has an invalid interface number: 184 but max is 0
[  159.349365][ T3747] usb 2-1: config 0 has no interface number 0
[  159.355538][ T3747] usb 2-1: config 0 interface 184 has no altsetting 0
[  159.370934][   T20] usb 1-1: new full-speed USB device number 3 using dummy_hcd
[  159.510988][    T6] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  159.521396][    T6] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  159.551054][ T3747] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee
[  159.560199][ T3747] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  159.568613][ T3747] usb 2-1: Product: syz
[  159.573069][ T3747] usb 2-1: Manufacturer: syz
[  159.577670][ T3747] usb 2-1: SerialNumber: syz
[  159.586975][ T3747] usb 2-1: config 0 descriptor??
[  159.598062][ T7683] loop6: detected capacity change from 0 to 512
[  159.604475][    T6] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00
[  159.613579][    T6] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3
[  159.621604][    T6] usb 3-1: SerialNumber: syz
[  159.631924][ T7683] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  159.642245][ T3747] smsc75xx v1.0.0
[  159.647211][ T7683] EXT4-fs (loop6): 1 truncate cleaned up
[  159.652975][ T7683] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  159.709125][ T7686] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=0 sclass=netlink_route_socket pid=7686 comm=syz.6.3095
[  159.741026][   T20] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  159.754046][   T20] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64
[  159.804830][ T7692] SELinux: failed to load policy
[  159.831639][ T7694] tmpfs: Unknown parameter 'nolazytime��'
[  159.850505][ T7696] loop6: detected capacity change from 0 to 512
[  159.869063][ T7696] EXT4-fs (loop6): Cannot turn on journaled quota: type 0: error -2
[  159.877748][ T7696] EXT4-fs (loop6): 1 truncate cleaned up
[  159.883618][ T7696] EXT4-fs (loop6): mounted filesystem without journal. Opts: jqfmt=vfsold,usrjquota="errors=continue,noload,data_err=ignore,usrjquota="errors=continue,errors=remount-ro,noblock_validity,. Quota mode: writeback.
[  159.901919][    T6] usb 3-1: 0:2 : does not exist
[  159.913304][ T7696] EXT4-fs (loop6): Unrecognized mount option "�Y��ڄy��Fm�����Z�1�(O[��
[  159.913304][ T7696] ^��+E���]0rQ#�
��{
�̎�c�p�6;�:�P�r�f�l���IG>���?υ-H"�&F�)�!I�|.z" or missing value
[  159.933039][   T20] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  159.942402][   T20] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  159.950650][   T20] usb 1-1: Product: syz
[  159.955584][   T20] usb 1-1: Manufacturer: syz
[  159.960206][   T20] usb 1-1: SerialNumber: syz
[  159.966398][    T6] usb 3-1: USB disconnect, device number 4
[  159.990990][ T7659] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[  159.992413][ T7701] loop6: detected capacity change from 0 to 1024
[  160.011532][ T7703] netlink: 96 bytes leftover after parsing attributes in process `syz.8.3103'.
[  160.056211][ T7701] EXT4-fs (loop6): Ignoring removed bh option
[  160.072507][ T7701] EXT4-fs (loop6): mounted filesystem without journal. Opts: nojournal_checksum,nombcache,barrier,norecovery,debug_want_extra_isize=0x0000000000000080,lazytime,nodelalloc,usrquota,noauto_da_alloc,bh,init_itable,,errors=continue. Quota mode: writeback.
[  160.165302][ T7705] loop8: detected capacity change from 0 to 40427
[  160.177639][ T7705] F2FS-fs (loop8): Invalid log_blocksize (268), supports only 12
[  160.189354][  T765] udevd[765]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card0/controlC0/../uevent} for writing: No such file or directory
[  160.203424][ T7705] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock
[  160.215381][ T7705] F2FS-fs (loop8): invalid crc value
[  160.224437][ T7705] F2FS-fs (loop8): Found nat_bits in checkpoint
[  160.247944][ T7718] loop6: detected capacity change from 0 to 512
[  160.266899][ T7705] F2FS-fs (loop8): Try to recover 1th superblock, ret: 0
[  160.267870][ T7718] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  160.274175][ T7705] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  160.311893][ T7718] EXT4-fs (loop6): shut down requested (1)
[  160.325603][ T7705] attempt to access beyond end of device
[  160.325603][ T7705] loop8: rw=0, want=77832, limit=40427
[  160.401345][ T7724] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=16 sclass=netlink_audit_socket pid=7724 comm=syz.2.3111
[  160.413968][ T7724] SELinux: unrecognized netlink message: protocol=9 nlmsg_type=0 sclass=netlink_audit_socket pid=7724 comm=syz.2.3111
[  160.493177][ T7733] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3114'.
[  160.626241][   T30] kauditd_printk_skb: 102 callbacks suppressed
[  160.626257][   T30] audit: type=1326 audit(2000000014.370:2557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7742 comm="syz.6.3118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbefb3429a9 code=0x7ffc0000
[  160.661113][   T30] audit: type=1400 audit(2000000014.410:2558): avc:  denied  { ioctl } for  pid=7658 comm="syz.0.3085" path="/dev/raw-gadget" dev="devtmpfs" ino=254 ioctlcmd=0x5502 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:device_t tclass=chr_file permissive=1
[  160.687810][   T30] audit: type=1326 audit(2000000014.410:2559): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7742 comm="syz.6.3118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbefb3429a9 code=0x7ffc0000
[  160.717851][   T30] audit: type=1400 audit(2000000014.410:2560): avc:  denied  { map_create } for  pid=7742 comm="syz.6.3118" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  160.737706][   T30] audit: type=1400 audit(2000000014.410:2561): avc:  denied  { map_read map_write } for  pid=7742 comm="syz.6.3118" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1
[  160.762910][   T30] audit: type=1326 audit(2000000014.410:2562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7742 comm="syz.6.3118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbefb3429a9 code=0x7ffc0000
[  160.786911][   T30] audit: type=1326 audit(2000000014.410:2563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7742 comm="syz.6.3118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbefb3429a9 code=0x7ffc0000
[  160.814855][   T30] audit: type=1326 audit(2000000014.410:2564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7742 comm="syz.6.3118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbefb3429a9 code=0x7ffc0000
[  160.839213][   T30] audit: type=1326 audit(2000000014.410:2565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7742 comm="syz.6.3118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbefb3429a9 code=0x7ffc0000
[  160.872391][   T30] audit: type=1326 audit(2000000014.410:2566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=7742 comm="syz.6.3118" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbefb3429a9 code=0x7ffc0000
[  160.931071][ T3747] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000044: -71
[  160.942864][ T3747] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_DATA
[  160.981119][ T3747] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71
[  160.992004][ T3747] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71
[  161.001944][ T3747] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): device not ready in smsc75xx_reset
[  161.023001][ T3747] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71
[  161.033822][ T3747] smsc75xx: probe of 2-1:0.184 failed with error -71
[  161.044750][ T3747] usb 2-1: USB disconnect, device number 17
[  161.121072][   T20] cdc_ncm 1-1:1.0: MAC-Address: 42:42:42:42:42:42
[  161.141571][   T20] cdc_ncm 1-1:1.0: setting tx_max = 184
[  161.146047][ T7780] netlink: 20 bytes leftover after parsing attributes in process `syz.8.3132'.
[  161.179167][ T7786] loop8: detected capacity change from 0 to 128
[  161.187464][ T7786] EXT4-fs (loop8): Test dummy encryption mode enabled
[  161.194445][ T7786] EXT4-fs (loop8): Test dummy encryption mode enabled
[  161.201402][ T7786] EXT4-fs (loop8): Ignoring removed nomblk_io_submit option
[  161.208945][ T7786] EXT4-fs (loop8): Ignoring removed nomblk_io_submit option
[  161.219451][ T7786] EXT4-fs (loop8): mounted filesystem without journal. Opts: test_dummy_encryption=v1,test_dummy_encryption=v1,nomblk_io_submit,nomblk_io_submit,,errors=continue. Quota mode: none.
[  161.238360][ T7786] ext4 filesystem being mounted at /104/mnt supports timestamps until 2038-01-19 (0x7fffffff)
[  161.331972][   T20] cdc_ncm 1-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.0-1, CDC NCM, 42:42:42:42:42:42
[  161.351600][   T20] usb 1-1: USB disconnect, device number 3
[  161.358183][   T20] cdc_ncm 1-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.0-1, CDC NCM
[  161.394879][ T7810] loop8: detected capacity change from 0 to 256
[  161.421051][ T1857] usb 3-1: new high-speed USB device number 5 using dummy_hcd
[  161.480414][ T7810] FAT-fs (loop8): bogus number of FAT sectors
[  161.486546][ T7810] FAT-fs (loop8): Can't find a valid FAT filesystem
[  161.520945][  T543] usb 7-1: new high-speed USB device number 19 using dummy_hcd
[  161.660957][ T1857] usb 3-1: Using ep0 maxpacket: 16
[  161.681356][ T7814] loop8: detected capacity change from 0 to 256
[  161.720999][ T3985] usb 2-1: new full-speed USB device number 18 using dummy_hcd
[  161.760990][  T543] usb 7-1: Using ep0 maxpacket: 16
[  161.781007][ T1857] usb 3-1: config 1 has an invalid interface number: 105 but max is 0
[  161.790590][ T1857] usb 3-1: config 1 has no interface number 0
[  161.797324][ T1857] usb 3-1: config 1 interface 105 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16
[  161.807633][ T1857] usb 3-1: config 1 interface 105 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64
[  161.817873][ T1857] usb 3-1: config 1 interface 105 has no altsetting 0
[  161.881038][  T543] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  161.892096][  T543] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  161.902187][  T543] usb 7-1: New USB device found, idVendor=07c0, idProduct=1525, bcdDevice= 0.00
[  161.911368][  T543] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  161.920505][  T543] usb 7-1: config 0 descriptor??
[  161.981006][ T1857] usb 3-1: New USB device found, idVendor=20f4, idProduct=e05a, bcdDevice=6c.6d
[  162.000216][ T1857] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  162.010297][ T1857] usb 3-1: Product: syz
[  162.020376][ T1857] usb 3-1: Manufacturer: syz
[  162.026898][ T7824] loop8: detected capacity change from 0 to 40427
[  162.033476][ T1857] usb 3-1: SerialNumber: syz
[  162.049439][ T7824] F2FS-fs (loop8): Invalid log_blocksize (268), supports only 12
[  162.057426][ T7782] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  162.064561][ T7782] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  162.071627][ T7824] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock
[  162.083355][ T7824] F2FS-fs (loop8): Found nat_bits in checkpoint
[  162.100998][ T3985] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10
[  162.120216][ T7824] F2FS-fs (loop8): Try to recover 1th superblock, ret: 0
[  162.120934][ T3985] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64
[  162.127487][ T7824] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  162.168435][ T3985] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid maxpacket 1024, setting to 64
[  162.188037][ T3985] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 512, setting to 64
[  162.192195][ T7824] attempt to access beyond end of device
[  162.192195][ T7824] loop8: rw=10241, want=45104, limit=40427
[  162.210150][ T3747] usb 7-1: USB disconnect, device number 19
[  162.351065][ T3985] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  162.360120][ T3985] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  162.369607][ T7847] kvm [7846]: vcpu2, guest rIP: 0x911d disabled perfctr wrmsr: 0xc1 data 0xffff
[  162.379139][ T7847] kvm [7846]: vcpu2, guest rIP: 0x911d disabled perfctr wrmsr: 0xc2 data 0xffff
[  162.394778][ T7847] kvm [7846]: vcpu2, guest rIP: 0x911d disabled perfctr wrmsr: 0xc1 data 0x100000100
[  162.400965][ T3985] usb 2-1: Product: syz
[  162.404444][ T7847] kvm [7846]: vcpu2, guest rIP: 0x9130 disabled perfctr wrmsr: 0xc1 data 0x100
[  162.408527][ T3985] usb 2-1: Manufacturer: syz
[  162.422746][ T3985] usb 2-1: SerialNumber: syz
[  162.428101][ T7847] kvm [7846]: vcpu2, guest rIP: 0x911d disabled perfctr wrmsr: 0xc2 data 0x100
[  162.437311][ T7847] kvm [7846]: vcpu2, guest rIP: 0x9130 disabled perfctr wrmsr: 0xc2 data 0x100
[  162.451018][ T7812] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[  162.460204][ T7847] kvm [7846]: vcpu2, guest rIP: 0x911d disabled perfctr wrmsr: 0xc1 data 0x100000100
[  162.469914][ T7847] kvm [7846]: vcpu2, guest rIP: 0x9130 disabled perfctr wrmsr: 0xc1 data 0x100
[  162.479276][ T7847] kvm [7846]: vcpu2, guest rIP: 0x911d disabled perfctr wrmsr: 0xc2 data 0x100
[  162.488425][ T7847] kvm [7846]: vcpu2, guest rIP: 0x9130 disabled perfctr wrmsr: 0xc2 data 0x100
[  162.511169][ T7782] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  162.518168][ T7782] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  162.676283][ T7812] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[  162.683491][ T7812] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[  162.771360][ T7869] overlayfs: failed to resolve './file0/../file0': -2
[  162.810960][ T3747] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[  162.948742][ T7887] syz.0.3173[7887] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  162.948818][ T7887] syz.0.3173[7887] is installing a program with bpf_probe_write_user helper that may corrupt user memory!
[  162.991013][ T1857] aqc111 3-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -32
[  163.043739][ T7904] netlink: 96 bytes leftover after parsing attributes in process `syz.6.3181'.
[  163.063427][ T3747] usb 9-1: Using ep0 maxpacket: 16
[  163.198068][ T7916] 9pnet: p9_errstr2errno: server reported unknown error �@��hQI���te}
[  163.206815][ T3747] usb 9-1: config 0 interface 0 has no altsetting 0
[  163.214735][ T3747] usb 9-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[  163.224775][ T3747] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  163.236192][ T3747] usb 9-1: config 0 descriptor??
[  163.271009][ T1857] aqc111 3-1:1.105 (unnamed net_device) (uninitialized): Failed to read(0x1) reg index 0x0001: -71
[  163.296863][ T1857] aqc111 3-1:1.105 eth1: register 'aqc111' at usb-dummy_hcd.2-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter, 20:fc:94:45:3a:41
[  163.320232][ T1857] usb 3-1: USB disconnect, device number 5
[  163.329275][ T1857] aqc111 3-1:1.105 eth1: unregister 'aqc111' usb-dummy_hcd.2-1, USB-C 3.1 to 5GBASE-T Ethernet Adapter
[  163.369109][ T7933] loop6: detected capacity change from 0 to 512
[  163.371325][ T7812] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[  163.382622][ T7812] raw-gadget.2 gadget: fail, usb_ep_enable returned -22
[  163.391143][ T1857] aqc111 3-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  163.400791][ T1857] aqc111 3-1:1.105 eth1 (unregistered): Failed to write(0x1) reg index 0x0002: -19
[  163.405465][ T7933] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  163.410636][ T1857] aqc111 3-1:1.105 eth1 (unregistered): Failed to write(0x61) reg index 0x0000: -19
[  163.433233][ T7933] EXT4-fs (loop6): 1 truncate cleaned up
[  163.438893][ T7933] EXT4-fs (loop6): mounted filesystem without journal. Opts: ,errors=continue. Quota mode: none.
[  163.456657][ T7933] EXT4-fs (loop6): shut down requested (1)
[  163.485508][ T7853] loop8: detected capacity change from 0 to 512
[  163.519608][ T7853] EXT4-fs error (device loop8): ext4_xattr_inode_iget:404: comm syz.8.3158: inode #1: comm syz.8.3158: iget: illegal inode #
[  163.542755][ T7853] EXT4-fs error (device loop8): ext4_xattr_inode_iget:409: comm syz.8.3158: error while reading EA inode 1 err=-117
[  163.559585][ T7853] EXT4-fs error (device loop8): ext4_xattr_inode_iget:404: comm syz.8.3158: inode #1: comm syz.8.3158: iget: illegal inode #
[  163.576640][ T7853] EXT4-fs error (device loop8): ext4_xattr_inode_iget:409: comm syz.8.3158: error while reading EA inode 1 err=-117
[  163.576720][ T7951] tipc: Started in network mode
[  163.589265][ T7853] EXT4-fs (loop8): 1 orphan inode deleted
[  163.594318][ T7951] tipc: Node identity ac14140f, cluster identity 4711
[  163.602509][ T7853] EXT4-fs (loop8): mounted filesystem without journal. Opts: nodioread_nolock,sysvgroups,debug_want_extra_isize=0x000000000000004c,auto_da_alloc=0x00000000000007ff,grpid,acl,usrjquota=,grpjquota=,usrquota,dioread_lock,,errors=continue. Quota mode: writeback.
[  163.606586][ T7951] tipc: New replicast peer: 255.255.255.255
[  163.637220][ T3985] cdc_ncm 2-1:1.0: MAC-Address: 42:42:42:42:42:42
[  163.645016][ T3985] cdc_ncm 2-1:1.0: dwNtbInMaxSize=4 is too small. Using 2048
[  163.652684][ T7951] tipc: Enabled bearer <udp:syz2>, priority 10
[  163.659922][ T3985] cdc_ncm 2-1:1.0: setting rx_max = 2048
[  163.821642][ T4600] usb 7-1: new high-speed USB device number 20 using dummy_hcd
[  163.841089][ T3985] cdc_ncm 2-1:1.0: setting tx_max = 88
[  163.849683][ T3985] cdc_ncm 2-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.1-1, CDC NCM, 42:42:42:42:42:42
[  163.884178][ T3985] usb 2-1: USB disconnect, device number 18
[  163.890479][ T3985] cdc_ncm 2-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.1-1, CDC NCM
[  163.900317][ T3747] hid (null): report_id 17622 is invalid
[  163.910094][ T3747] hid (null): invalid report_count -301597146
[  163.916867][ T3747] hid (null): report_id 10372 is invalid
[  163.926178][ T3747] hid (null): global environment stack underflow
[  163.932726][ T3747] hid (null): report_id 0 is invalid
[  163.938216][ T3747] hid (null): global environment stack underflow
[  163.945633][ T3747] hid (null): usage index exceeded
[  163.956608][ T3747] hid (null): invalid report_count 497205603
[  163.962707][ T3747] hid (null): invalid report_count -400155653
[  163.969215][ T3747] hid (null): unknown global tag 0xe
[  163.980666][ T3747] hid (null): unknown global tag 0xe
[  163.995050][ T3747] ==================================================================
[  164.003131][ T3747] BUG: KASAN: use-after-free in __list_del_entry_valid+0xa6/0x120
[  164.010946][ T3747] Read of size 8 at addr ffff888119510c70 by task kworker/1:5/3747
[  164.018836][ T3747] 
[  164.021157][ T3747] CPU: 1 PID: 3747 Comm: kworker/1:5 Tainted: G        W         5.15.189-syzkaller-00079-ga71626bd56a5 #0
[  164.032525][ T3747] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025
[  164.042578][ T3747] Workqueue: events_long br_fdb_cleanup
[  164.048127][ T3747] Call Trace:
[  164.051396][ T3747]  <TASK>
[  164.054311][ T3747]  __dump_stack+0x21/0x30
[  164.058622][ T3747]  dump_stack_lvl+0xee/0x150
[  164.063206][ T3747]  ? show_regs_print_info+0x20/0x20
[  164.068389][ T3747]  ? load_image+0x3a0/0x3a0
[  164.072883][ T3747]  ? __kasan_check_write+0x14/0x20
[  164.077979][ T3747]  print_address_description+0x7f/0x2c0
[  164.083515][ T3747]  ? __list_del_entry_valid+0xa6/0x120
[  164.088957][ T3747]  kasan_report+0xf1/0x140
[  164.093355][ T3747]  ? __list_del_entry_valid+0xa6/0x120
[  164.098813][ T3747]  __asan_report_load8_noabort+0x14/0x20
[  164.104465][ T3747]  __list_del_entry_valid+0xa6/0x120
[  164.109736][ T3747]  process_one_work+0x453/0xba0
[  164.114624][ T3747]  worker_thread+0xa59/0x1200
[  164.119296][ T3747]  ? _raw_spin_lock_irqsave+0xb0/0x110
[  164.124742][ T3747]  kthread+0x411/0x500
[  164.128796][ T3747]  ? worker_clr_flags+0x190/0x190
[  164.133812][ T3747]  ? kthread_blkcg+0xd0/0xd0
[  164.138398][ T3747]  ret_from_fork+0x1f/0x30
[  164.142818][ T3747]  </TASK>
[  164.145821][ T3747] 
[  164.148139][ T3747] Allocated by task 3985:
[  164.152455][ T3747]  __kasan_kmalloc+0xda/0x110
[  164.157135][ T3747]  __kmalloc+0x13d/0x2c0
[  164.161404][ T3747]  kvmalloc_node+0x242/0x330
[  164.165983][ T3747]  alloc_netdev_mqs+0x8d/0xc90
[  164.170745][ T3747]  alloc_etherdev_mqs+0x34/0x40
[  164.175598][ T3747]  usbnet_probe+0x219/0x2860
[  164.180173][ T3747]  usb_probe_interface+0x5ff/0xae0
[  164.185271][ T3747]  really_probe+0x285/0x970
[  164.189760][ T3747]  __driver_probe_device+0x198/0x280
[  164.195057][ T3747]  driver_probe_device+0x54/0x3e0
[  164.200095][ T3747]  __device_attach_driver+0x2a6/0x460
[  164.205452][ T3747]  bus_for_each_drv+0x175/0x200
[  164.210285][ T3747]  __device_attach+0x2a2/0x400
[  164.215030][ T3747]  device_initial_probe+0x1a/0x20
[  164.220033][ T3747]  bus_probe_device+0xc0/0x1e0
[  164.224795][ T3747]  device_add+0xb31/0xed0
[  164.229106][ T3747]  usb_set_configuration+0x19c2/0x1f10
[  164.234548][ T3747]  usb_generic_driver_probe+0x91/0x150
[  164.239990][ T3747]  usb_probe_device+0x148/0x260
[  164.244823][ T3747]  really_probe+0x285/0x970
[  164.249333][ T3747]  __driver_probe_device+0x198/0x280
[  164.254602][ T3747]  driver_probe_device+0x54/0x3e0
[  164.259609][ T3747]  __device_attach_driver+0x2a6/0x460
[  164.264987][ T3747]  bus_for_each_drv+0x175/0x200
[  164.269819][ T3747]  __device_attach+0x2a2/0x400
[  164.274561][ T3747]  device_initial_probe+0x1a/0x20
[  164.279565][ T3747]  bus_probe_device+0xc0/0x1e0
[  164.284310][ T3747]  device_add+0xb31/0xed0
[  164.288621][ T3747]  usb_new_device+0xd06/0x1620
[  164.293365][ T3747]  hub_event+0x27d8/0x42c0
[  164.297762][ T3747]  process_one_work+0x6be/0xba0
[  164.302600][ T3747]  worker_thread+0xa59/0x1200
[  164.307259][ T3747]  kthread+0x411/0x500
[  164.311317][ T3747]  ret_from_fork+0x1f/0x30
[  164.315716][ T3747] 
[  164.318022][ T3747] Freed by task 3985:
[  164.322017][ T3747]  kasan_set_track+0x4a/0x70
[  164.326585][ T3747]  kasan_set_free_info+0x23/0x40
[  164.331504][ T3747]  ____kasan_slab_free+0x125/0x160
[  164.336592][ T3747]  __kasan_slab_free+0x11/0x20
[  164.341336][ T3747]  slab_free_freelist_hook+0xc2/0x190
[  164.346687][ T3747]  kfree+0xc4/0x270
[  164.350475][ T3747]  kvfree+0x35/0x40
[  164.354261][ T3747]  netdev_freemem+0x3f/0x60
[  164.358852][ T3747]  netdev_release+0x7f/0xb0
[  164.363339][ T3747]  device_release+0x96/0x1c0
[  164.367911][ T3747]  kobject_put+0x18a/0x270
[  164.372318][ T3747]  put_device+0x1f/0x30
[  164.376452][ T3747]  free_netdev+0x34b/0x450
[  164.380846][ T3747]  usbnet_disconnect+0x24b/0x3a0
[  164.385767][ T3747]  usb_unbind_interface+0x212/0x8c0
[  164.390945][ T3747]  device_release_driver_internal+0x4c1/0x760
[  164.396989][ T3747]  device_release_driver+0x19/0x20
[  164.402078][ T3747]  bus_remove_device+0x2dd/0x340
[  164.407026][ T3747]  device_del+0x696/0xe90
[  164.411373][ T3747]  usb_disable_device+0x3a8/0x750
[  164.416379][ T3747]  usb_disconnect+0x31e/0x850
[  164.421038][ T3747]  hub_event+0x190c/0x42c0
[  164.425437][ T3747]  process_one_work+0x6be/0xba0
[  164.430271][ T3747]  worker_thread+0xd7b/0x1200
[  164.434932][ T3747]  kthread+0x411/0x500
[  164.438982][ T3747]  ret_from_fork+0x1f/0x30
[  164.443377][ T3747] 
[  164.445681][ T3747] Last potentially related work creation:
[  164.451374][ T3747]  kasan_save_stack+0x3a/0x60
[  164.456030][ T3747]  __kasan_record_aux_stack+0xd2/0x100
[  164.461471][ T3747]  kasan_record_aux_stack_noalloc+0xb/0x10
[  164.467264][ T3747]  insert_work+0x51/0x310
[  164.471618][ T3747]  __queue_work+0x8e5/0xc60
[  164.476131][ T3747]  queue_work_on+0xd2/0x140
[  164.480614][ T3747]  usbnet_link_change+0x176/0x1a0
[  164.485617][ T3747]  usbnet_probe+0x1dfd/0x2860
[  164.490276][ T3747]  usb_probe_interface+0x5ff/0xae0
[  164.495375][ T3747]  really_probe+0x285/0x970
[  164.499858][ T3747]  __driver_probe_device+0x198/0x280
[  164.505123][ T3747]  driver_probe_device+0x54/0x3e0
[  164.510126][ T3747]  __device_attach_driver+0x2a6/0x460
[  164.515477][ T3747]  bus_for_each_drv+0x175/0x200
[  164.520319][ T3747]  __device_attach+0x2a2/0x400
[  164.525095][ T3747]  device_initial_probe+0x1a/0x20
[  164.530100][ T3747]  bus_probe_device+0xc0/0x1e0
[  164.534846][ T3747]  device_add+0xb31/0xed0
[  164.539155][ T3747]  usb_set_configuration+0x19c2/0x1f10
[  164.544622][ T3747]  usb_generic_driver_probe+0x91/0x150
[  164.550062][ T3747]  usb_probe_device+0x148/0x260
[  164.554896][ T3747]  really_probe+0x285/0x970
[  164.559388][ T3747]  __driver_probe_device+0x198/0x280
[  164.564651][ T3747]  driver_probe_device+0x54/0x3e0
[  164.569655][ T3747]  __device_attach_driver+0x2a6/0x460
[  164.575004][ T3747]  bus_for_each_drv+0x175/0x200
[  164.579868][ T3747]  __device_attach+0x2a2/0x400
[  164.584614][ T3747]  device_initial_probe+0x1a/0x20
[  164.589619][ T3747]  bus_probe_device+0xc0/0x1e0
[  164.594362][ T3747]  device_add+0xb31/0xed0
[  164.598676][ T3747]  usb_new_device+0xd06/0x1620
[  164.603448][ T3747]  hub_event+0x27d8/0x42c0
[  164.607845][ T3747]  process_one_work+0x6be/0xba0
[  164.612685][ T3747]  worker_thread+0xa59/0x1200
[  164.617364][ T3747]  kthread+0x411/0x500
[  164.621417][ T3747]  ret_from_fork+0x1f/0x30
[  164.625813][ T3747] 
[  164.628117][ T3747] The buggy address belongs to the object at ffff888119510000
[  164.628117][ T3747]  which belongs to the cache kmalloc-4k of size 4096
[  164.642153][ T3747] The buggy address is located 3184 bytes inside of
[  164.642153][ T3747]  4096-byte region [ffff888119510000, ffff888119511000)
[  164.655589][ T3747] The buggy address belongs to the page:
[  164.661197][ T3747] page:ffffea0004654400 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x119510
[  164.671413][ T3747] head:ffffea0004654400 order:3 compound_mapcount:0 compound_pincount:0
[  164.679713][ T3747] flags: 0x4000000000010200(slab|head|zone=1)
[  164.685767][ T3747] raw: 4000000000010200 0000000000000000 dead000000000122 ffff888100043380
[  164.694330][ T3747] raw: 0000000000000000 0000000000040004 00000001ffffffff 0000000000000000
[  164.702886][ T3747] page dumped because: kasan: bad access detected
[  164.709278][ T3747] page_owner tracks the page as allocated
[  164.714967][ T3747] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 7850, ts 162472573343, free_ts 162429866330
[  164.735605][ T3747]  post_alloc_hook+0x192/0x1b0
[  164.740382][ T3747]  prep_new_page+0x1c/0x110
[  164.744871][ T3747]  get_page_from_freelist+0x2cc5/0x2d50
[  164.750398][ T3747]  __alloc_pages+0x18f/0x440
[  164.754969][ T3747]  new_slab+0xa1/0x4d0
[  164.759028][ T3747]  ___slab_alloc+0x381/0x810
[  164.763600][ T3747]  __slab_alloc+0x49/0x90
[  164.767912][ T3747]  kmem_cache_alloc_trace+0x146/0x270
[  164.773271][ T3747]  kobject_uevent_env+0x272/0x700
[  164.778287][ T3747]  kvm_uevent_notify_change+0x302/0x3b0
[  164.783839][ T3747]  kvm_dev_ioctl+0x12aa/0x1b10
[  164.788595][ T3747]  __se_sys_ioctl+0x121/0x1a0
[  164.793254][ T3747]  __x64_sys_ioctl+0x7b/0x90
[  164.797827][ T3747]  x64_sys_call+0x2f/0x9a0
[  164.802229][ T3747]  do_syscall_64+0x4c/0xa0
[  164.806631][ T3747]  entry_SYSCALL_64_after_hwframe+0x66/0xd0
[  164.812509][ T3747] page last free stack trace:
[  164.817163][ T3747]  free_unref_page_prepare+0x542/0x550
[  164.822607][ T3747]  free_unref_page+0xa2/0x550
[  164.827285][ T3747]  __free_pages+0x6c/0x100
[  164.831705][ T3747]  __free_slab+0xe8/0x1e0
[  164.836021][ T3747]  __unfreeze_partials+0x160/0x190
[  164.841119][ T3747]  put_cpu_partial+0xc6/0x120
[  164.845781][ T3747]  __slab_free+0x1d4/0x290
[  164.850220][ T3747]  ___cache_free+0x104/0x120
[  164.854798][ T3747]  qlink_free+0x4d/0x90
[  164.858935][ T3747]  qlist_free_all+0x5f/0xb0
[  164.863420][ T3747]  kasan_quarantine_reduce+0x14a/0x170
[  164.868862][ T3747]  __kasan_slab_alloc+0x2f/0xf0
[  164.873694][ T3747]  slab_post_alloc_hook+0x4f/0x2b0
[  164.878789][ T3747]  kmem_cache_alloc+0xf7/0x260
[  164.883540][ T3747]  getname_flags+0xb9/0x500
[  164.888055][ T3747]  getname+0x19/0x20
[  164.891967][ T3747] 
[  164.894273][ T3747] Memory state around the buggy address:
[  164.899882][ T3747]  ffff888119510b00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  164.907941][ T3747]  ffff888119510b80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  164.915986][ T3747] >ffff888119510c00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  164.924025][ T3747]                                                              ^
[  164.931718][ T3747]  ffff888119510c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  164.939757][ T3747]  ffff888119510d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[  164.947797][ T3747] ==================================================================
[  164.955840][ T3747] Disabling lock debugging due to kernel taint
[  164.963677][ T1857] tipc: Node number set to 2886997007
[  164.983260][ T1857] usb 9-1: USB disconnect, device number 6
[  165.040934][ T4600] usb 7-1: Using ep0 maxpacket: 8
[  165.160952][ T4600] usb 7-1: config 179 has an invalid interface number: 65 but max is 0
[  165.169335][ T4600] usb 7-1: config 179 has no interface number 0
[  165.175644][ T4600] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7
[  165.186699][ T4600] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024
[  165.197928][ T4600] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  165.209078][ T4600] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024
[  165.220462][ T4600] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  165.233694][ T4600] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb
[  165.242731][ T4600] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  165.270963][ T7949] raw-gadget.0 gadget: fail, usb_ep_enable returned -22
[  165.511428][    T6] input: Generic X-Box pad as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:179.65/input/input27
[  165.697098][ T7949] UDC core: couldn't find an available UDC or it's busy: -16
[  165.704888][ T7949] misc raw-gadget: fail, usb_gadget_probe_driver returned -16
[  165.913829][    T6] usb 7-1: USB disconnect, device number 20
[  165.920952][    C0] xpad 7-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19
[  170.180999][    C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured!