last executing test programs:

23.624483471s ago: executing program 1 (id=3820):
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
poll(&(0x7f00000001c0), 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
close(0xffffffffffffffff)
socket$inet6(0xa, 0x3, 0x8000000003c)
r0 = epoll_create1(0x0)
epoll_ctl$EPOLL_CTL_ADD(r0, 0x1, 0xffffffffffffffff, 0x0)
epoll_ctl$EPOLL_CTL_MOD(0xffffffffffffffff, 0x3, 0xffffffffffffffff, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8)
r2 = bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
sched_setscheduler(0x0, 0x1, 0x0)
r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000006900000000000001000000940000000fad413e850000000700000095"], &(0x7f0000000180)='GPL\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r3}, 0x10)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000002ac0)={0x1b, 0x3, &(0x7f00000003c0)=ANY=[@ANYRESDEC=r0, @ANYRES16=r2, @ANYBLOB="8ee65146d8f04aa093a7a8305810397e33178ba5bf3ec903c550f84b5cc10c6afe42543a0042aa984dcc287610c4f9192bfdba41b3790943c22f85f8abd98ad2d5479e8682c966c9dfd4da5d8c6229b93f33a412c720df03afb79d122f0299e5522c26584459bbb48d84cb82c675d2d99c0f410bd63eb6cfc88b8453ea3ffcff3d012cbca4e02ca550ba30460727b0cfc3d5ba60a7d733261a50d9cd04a42fa8e9cd95886cd5ea0c84f7b872c785e12877837fc680c8fcae51591cd2aa3a8448e4020f6ae2063f0ea3701fd8995157d9db1a3fb0ea2957b3"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x2004}, 0x90)
r4 = socket$inet_udp(0x2, 0x2, 0x0)
syz_mount_image$hfsplus(&(0x7f0000000140), &(0x7f0000000200)='./file0\x00', 0x3a00014, &(0x7f0000001040)=ANY=[], 0xfe, 0x631, &(0x7f0000001800)="$eJzs3U9sHFcdB/DvrNeON0ip2yZthCphNVJBWCT+IxfMpQEh5EOFqnLgbCVOY2XjVraLTIWQCwWuHHpFKofcOCFx4xABZ3rr1cdKSFx6ssTBaGZnnXW8XrZJaq+Tzyd6+96bN/PmN7+Z2fHasRzgmbU8k+b9FFmeefONelF7997CuW47SdluJM1OlWI9af4xuZ5OyXjPdMVx+/l4bentz77Y/bzTa9alWr9xeIrk70e2/uhvg49ipy6ZTjJW10eNHz/D/v6x8904dr5hFQeZKRN2pax3HmtCeDL2j+hemf8dZvNj73fg7Cg6z80jppLzSSbrrwNSvzs0Tja6J8/zFwAAgKdVq6f93F72sp0LpxgOAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAnDn13/8v6tLotqdTdP/+/0S9LHX7jCkO9e6fWhwAAAAAAAAA8OR8Yy972c6Fbn+/qH7m/2rVuVi9fi3vZzOr2cjVbGclW9nKRuaSTPVMNLG9srW1MTfElvN9t5w/meMFAAAAAAAAgKfUr7P84Of/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwCopkrFNV5WK3PZVGM8lkkolyvZ3k0277LLt/2gEAAADACXhuL3vZzoVuf7+oPvO/VH3un8z7Wc9W1rKVdlZzs/reQOdTf2P33kJ7997C3bIcnfcH/+m2zg0TRjVjUs/fb8+XqzVauZW1asnV3Mi7aedmGtWWpcvdePrH9WEZU/FGRzFkgm7Wdbn+H+p6NExVGRk/yMhsHVuZjecHZ+LB2XmkPc2lcfCdn4vD5HwsnaQPub/zdV0ez+9GOufz9dX3aXnPDM5E8s2//vlnt9vrd27f2pwZnUN6RJ1MTO4060ws9NyHL3+pTHx48sE/UbNVJi4d9Jfz4/w0M5nOW9nIWn6elWxlNdP5UdVaqa/n8nVqcKauH+q99f8imajPS+dd9MvF9Gq17YWs5Sd5Nzezmterf/OZy3ezmMUs9ZzhS0Pc9Y36nXbIu/7Kt+pGK8nv63o0lHl9vievve+5U9VY75JGXqi3e+H4LBUPP48GZannEdr8et0oz8Rv6no0PJyJuZ7r5cXB18uf9svXzfb6nY3bK+8Nub/X6rpM5W8HPSWKk36AlNdLeQ00q97hq6Mce7Hv2Fw1dvFgrHFk7NLBWN87daO7/6Vq7Zf6zjRfjb3cd2yhGrvcM9bv6y0ARt75b5+faP279a/WJ62PWrdbb07+8Nz3zr0ykfF/jn+/OTv2WuOV4i/5JL968PkfAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4dJu/+ODOSru9unFqjfGDWIqRiEfjpBqZHIkwnoHG9TzC2QGecte27r53bbP1wXfW7q68s/rO6vr44uLS7NLi6wvXbq21V2c7r6cdJfBVePDQP+1IAAAAAAAAAAAAgGF1/v/fZL7KX0I4bt9TJ3uoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwBm1PJPm/RSZm706W/Z37y20y9Jtd9drpFm9JsUvk+IfyfV0SqZ6piuO28/Ha0tvf/bF7uedXrMu1fqNQdv1Nf7wgp26ZDrJWF0/hkPz3Xjs+YqDIywTdqWbODht/wsAAP//dTUIwQ==")
bind$inet(r4, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x5, 0x10001, 0x8003, 0x7e, 0x1, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2}, 0x48)
syz_mount_image$squashfs(&(0x7f0000000040), &(0x7f0000000240)='./file0\x00', 0x800, &(0x7f0000004140)=ANY=[], 0x1, 0x1cf, &(0x7f0000000780)="$eJzKKC4sZmdgYPj7sSaZQYABDBgZeBguMDAysDAwMKgzQsQYmCDUeij/BZSeCZW2gfKbofRCKF1xS3vdmlN+Z0566motk2VmaPXUlkcWk0vtMXKTXMwjwcwQmnpkUXFlVXZiTk5qUfFChopbyUkVp08wsFy3v6bSLMHp8EeewyFJ00GH6YiPR9aMxhLOSVKaYmxsmQpnz3yQX8emcYTh0QrmjXWeeY11halT89LykqqyqrLmTZy4cWZjZ2Pjyol1UWl+qxhbUlw2NXUyMjlsURPYzGyoPslGe8K79lUPkxxYezz8mk8ZK71OZb5kvLBI6tSKqpkTvijNZjT8znCHp2yFhIaGk8QVCYsGE4YjdbYNriAnpjQwpCmEMSapsYm1bTkzJ4SZn81tgUJL8gmm0KMcS2dKWBwQqjr501LzrUOi24xtTx3YzvAcPs6zpqBP0Oi4BIPTQsH/MiBjEhoayjTWMi21XfClSOOvhNdqY6cMBnd7pmWwAGVpAJEroTxZsJ6E5BUeOpqaRinJCQ2bJBKS3AoMlRm27uFcLdDAgBRtKgwMDNsZYXELAddgjFEwCkbBKBgFo2AUjIJRMApGwSgYBSMCAAIAAP//QJCYyw==")
mount$cgroup(0x0, &(0x7f00000002c0)='./file0\x00', &(0x7f0000000300), 0x180041, &(0x7f00000004c0)={[{@xattr}, {@none}, {@noprefix}, {@clone_children}, {@clone_children}, {@subsystem='devices'}], [{@dont_hash}]})
chdir(&(0x7f0000000100)='./file0\x00')
setreuid(0xee00, 0xee01)
r5 = open(&(0x7f0000000080)='./file0\x00', 0x0, 0x0)
read$FUSE(r5, &(0x7f0000000980)={0x2020}, 0x2020)

21.616411193s ago: executing program 1 (id=3825):
mkdirat(0xffffffffffffff9c, &(0x7f0000002040)='./file0\x00', 0x0)
capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280))
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={0xffffffffffffffff, <r0=>0xffffffffffffffff})
sendmmsg$unix(r0, &(0x7f0000004a40)=[{{0x0, 0x0, 0x0}}, {{&(0x7f00000017c0)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x2, 0x0)

21.369148071s ago: executing program 1 (id=3827):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @empty}, 0x1c)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r0, 0x84, 0x74, &(0x7f0000000080)={0x0, 0x0, 0x30}, &(0x7f0000000200)=0x18)

20.819052698s ago: executing program 3 (id=3834):
syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x42, &(0x7f00000000c0)=ANY=[@ANYBLOB="6673796e635f6d6f64653d706f7369782c6e6f696e6c696e655f646174612c6469736361726400aa19fd46b492dc6cf59d696e6c696e655f64656e7472792c00"], 0x1, 0x54f3, &(0x7f000000ab40)="$eJzs3M9rI+UbAPAn7XZ/f/dbRNDbDixCC5uw6XYXvVXdxR/Ypfjj4EnTZBqym2RKk6a1Jw8exYP/iSh48ujf4MGzt8WD4k1QMjPRrSgITRu7/Xxg8sz75s0zz5tD4ZkpCeDMWkx++akS1+JSRMxHxNWI/LxSHrm1IjwfEdcjYu6Jo1LO/zFxPiIuR8S1cfIiZ6V86/Oboxt3fnzz52++u3Duyhdffz+7XQOz9kJE9LaL871eEbN2ER+W841RJ4+91VEZizd6j8pxVsS9dDPPsNeYrGvk8Xa7WJ9t7w7GcavbaI5ju7OVz2/3iwsORu1JnvwDDxs7+biVbuaxM8jy2D4o6to/KP62HQyGRZ5Wme+jPH0Mh5NYzKf7abGf7Ud5bPaH5XyRN2ul++M4KmN5uWhm3VZex+ZRvun/trc6/d39ZJTuDDpZP7lTq79Yq9+t1neyVjpMV6uNXuvuarLU7o6XVYdpo7fWzrJ2N601s95ystRuNqv1erJ0L93sNPpJvV67XbtVvbNcnt1MXnvwXtJtJUvj+EqnvzvsdAfJVraTFJ9YTlZqt19aTm7Uk3fWN5KNt+/fX99494N77z94ef2NV8tFh8t6nK4mSyu3Vlaq9VvVlfryGdr/J2XRU9w/HEll1gUAnD76f2AWTnv/H/r/qThV/e+krLPa/x/D/uFI9P8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGfWDwtfvp6fLBbjK+X8/8qpZ8pxJSLmIuK3vzEf5w/lnC/zLPzD+oW/1PBtJfIM42tcKI/LEbFWHr/+/7i/BQAAAHh6ffXx9c+Kbr14WZx1QZyk4qbN3NUPp5SvEhELi4+nlG1u/PLslJLFcxFxLvanlC2/gXVxSsmKW27nppXtX5k/FC4+ESpFmDvRcgAAgBNxuBM42S4EAACAk/TprAtgNioxeZQ5eRac/+f9nw8ELx0aAQAAAKdQZdYFAAAAAMcu7//9/h8AAAA83Yrf/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5n535yUoeiOACfFvoe74+RGOduxRkswyU4dGhYgJtgCbgFN8AacOYSDBjaEq3BxKS3bSTfl7SX25Afp4TJuZcUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuvRcrOaP91cPbXO2u3bS3A0AAABwzKZYzcsX02r+r75+Vl+6qOdZROQRcax3H8WvRuaozim+eH/xqYaniDJh/xm/6+NvRFzXx+t5198CAAAAnK71YjmruvXqNB26IPpULdrk/28S5WURUUxfEqXl+9NlorDy9z2Ou0Rp5QLWJFFYteQ2TpX2LaPGMPkwZNWQ91oOAADQi2Yn0G8XAgAAQJ9uhy6AYWRx2Mo87AWX/7x/3xD805gBAAAAP1A2dAEAAABA58r+3/P/AAAA4LRVz/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgS5tiNV8vlrO2OdtdO2nuBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4Y3/eUSAEwiAM9q7vTOb+h5UGTU1NqkD4+BuDAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODN7/7yf2JqnEnmXhtLzyPJ2qmxdWrsnRtHfxhfvwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICL/XlJgRAIgiiYM/530vc/rCToGUSIgIZHFbVoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+KLf/fJ/YmqcSeZOG0vHI8naVWPrqrH3oHH0YLz9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICLnft5jaOKAwD+ZmZna6viGmUPEVHwoBe73dbWXj0owYN/ghDSbY1u/dHmYEsRcvEmOfciehQRlHjr/9BzC73UWw57iCAeI/MrmfwAt4TMbJLPB9687w6bed83CSHfeS8LAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFCZfLATJ9mhV8Rxee7R5r2lrH+8p888WHsyn7UsjppM+nh4vf4i6reXCAAAAKdHUtX3IYSn6fpC1se9vP5Pq/dkNf9PLxZxVc/vrfurvqr9s/bnHxuvbg/UK8bJLnp9eTy6sD+VztHNckb8u1XYc/ql//3CTn7n82cvSf4NiT9efWWS5vcz+uHhww+7eXjmqBIHAA7rfNWXQfX3UNYP20wMgFOjUyu8q/o/6bWbEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEATJqvh+SqOQgjznZ0483jz3tJB/YO1J/NVu3L//lr9mtkl0hDC9eXx6EKDc5l1t+/c/WJxPB7daj54I4TQ3uhl8OkU7wmhzQwFhw3i8md9VvI5HkHLv5gAADhx0rJldf3TdH0hOxfNhbD18+76/+1aHKas/zc+u/KoPla9/h82NsPZN1i5+fXg9p277y7fXLwxujH68r2Lw/eHl65evnx1kD8rGXhiAgAAwOF0y1av/+O5/ev/52pxmLL+/+bH4Xf1sRL1/4F2Fv3azgQAAOB0e/nNf/6ODjgfdbvh28WVlVvD4rj9+mJxbCHVZ3ambPX6P5lrOysAAACgCZPVaNf6/7VaHKZc/3/hl9d+q18zCSGcLdf/zy99Nb7W3HRmWhP/Ttz2HAEAAGjX2bLV1//TfP9/vL3lIQ4hvPNWEZcfAzhV/Z989P2v9bHq+/8vNTfFmRT3i/uR9/0QOv22MwIAAOAke65sWbH/V7q+8Pnv5z7p2v8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0LT/AgAA//8Yl0ni")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_all\x00', 0x275a, 0x0)
fallocate(r0, 0x0, 0x0, 0x8000001)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000003680)='sched_switch\x00'}, 0x10)
socket$packet(0x11, 0x3, 0x300)
fallocate(r0, 0x20, 0x2000, 0x140000)

20.759745327s ago: executing program 1 (id=3835):
mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0)
mount$fuse(0x0, 0x0, 0x0, 0x0, &(0x7f0000000400)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=0x0])
mount(0x0, &(0x7f0000000380)='./file1\x00', &(0x7f0000000040)='autofs\x00', 0x0, &(0x7f0000000400))
chdir(&(0x7f0000000080)='./file1\x00')
r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0)
mkdir(&(0x7f0000000300)='./bus\x00', 0x0)
chdir(&(0x7f0000000140)='./bus\x00')
syz_mount_image$squashfs(&(0x7f0000000180), &(0x7f00000001c0)='./file0\x00', 0x0, &(0x7f0000000200), 0x1, 0x174, &(0x7f0000000240)="$eJzskj9OAkEUxr9Zlj9aGE2saCCRKBbKsqgxNlpi7wEksCJxUWE3UQjFGmMoLIylJ+AaJl5AC+MBqCmItVkzs28ns17B+RV88755b2beY8+9npcF8DMfNXEEQQpL+GAMJoACi7yZEekz6SfpUyR4p7xj8u9J895geNFwXadfPChiJWEA+BaetLzDOwMzcdTXfNTki1MAYRiG3GsBPB1qTgpAT8nJm8CqaCKUObwRHmwAqPjd64o3GG51uo2203Yubbu2Z+1Y1q5dOeu4jhX9MuUKagVcNwHweS0o+2kAD5SziCRMeRrtM7U2o8ywvJasNZTaWBleZW0W8f8FnGAdOQA3AVPckjjFhGipDoYUBVVTeV90V05sbDev3NYYDCwum8CUZ1SnSMvAVoPafhA/e0xaIq2TTkinpIU/n4wpTnikqBwAGdw2fL9f5UOKVtKzpWcvB+rA+K0vRrK5NwMajUaj0Wg0Go1G89/5DQAA///T4Xqr")
ioctl$AUTOFS_IOC_PROTOSUBVER(r0, 0x40049366, &(0x7f0000000180))

20.529458058s ago: executing program 1 (id=3836):
r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0)
ioctl$SNDCTL_DSP_SYNC(r0, 0x5001, 0x0)
ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f00000002c0)=0x9)
read$dsp(r0, &(0x7f0000000200)=""/168, 0xa8)

20.135600802s ago: executing program 1 (id=3839):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
syz_read_part_table(0x5bc, &(0x7f0000000000)="$eJzs279rNEUYB/Dv7t3t3oFy2ljqwdtY+RbW4Y3KmxCwCIKdoK2NiGAhKNlD0UatbCz8B9KkEKysg+g/IEKIhaCdiIVamJG9X7nE8gojfD7F8jzPzDMzxWw54f+tTAfJ4FZxWNfVOp7+ncxffS5pZ4t8tKr3E14+fXhwNDuumk2tSn7tknq1Tv9pkic3C2e2ir4e5pPTw48+/ezdJl26y5MkXyRdUtr10Ra9+bz516H/rNaL8996+lZebT69Lo9lvIjuZ3XLBoty2j5qPtx5/7O98/mDPijLTSfN9e5J9tdBKaX01/Lk3jIf5berjOrZZubqNj1YHu+mdtE/2uT15i8Ybe327Dc/nmTeLEcGW729i0ny5sVLz1RbawAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcPeUlUWyn8fHSZUM++zL56tuOWm4rLzQDJf5X9tNuznbO5++/8Fbdd7Ze/37N9776fCX8e9JBrl/+Ehp282819JudQ2T+irJE5Nd9y/rZd9+Zbs8yzzf3vvhqXqQUqbX9VHVf79Kurx43QsAAAAAAAAAAAAAAAAAAAA7enhwNDuuJ+vX9fW6XjJOqlsP3MsfpZT9lOZGdZLku8tUSX5OqbaHmmT6aJL24yargS7ezd8h/wQAAP//eKJe6g==")
r2 = dup(r1)
r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0)
ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil})
syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000005c0)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000600)={0x0, 0x4000})
syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000640)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0)
ioctl$KVM_NMI(r3, 0xae9a)
ioctl$KVM_NMI(r3, 0xae9a)
ioctl$KVM_RUN(r3, 0xae80, 0x0)
sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000001e40)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000b80)={0x408, 0x0, 0x0, 0x0, 0x0, {}, [@nested={0x115, 0x0, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @ipv4=@empty}, @typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x8, 0x0, 0x0, 0x0, @u32}, @generic="04396f1bbbed654303a9e89795e652781039540da3cd8ad01e3fc224e70de170d7e0ca313e3c5a9e6b7cf34f0b088f0ab30507bf73d02a2f166d92afd788092c7db3c9f9a12031fb469b1566200213b245", @generic="05c4d21a9dbc354b262cf012a8cc7208ece990539a1d959a58136cb284ed5b0aec5e3f1e1addbd005ea0679a441a408c27ef102705724b114381d0491af0908817f6c4c7a498bbf2410da5811e21453e7f9da4a57caea6db8706d3265c03e0147258b45b57a094df3c0cdc6f9fee4b588e9aec8c00e1f0a1046a1378d5ef7d414813f4f852c955c449275903be59a8f537a79513d827e03b436e6b8f9399076200b5761cab153eae"]}, @generic="0e237e6498005318361a3ef91767811171c6340b6d36e919bdd7a8bfd7e159973d294bfa531cd4a2c823b2fdcea289841b339999e6e5e1ac60bca397b4ccfb77ddfe57d2e4d82aa3e34215bab0b8e371878752519ba451c15f24584bd911dbf27f4b6dd9d681e9769cbcc9bce0a671b0b8b35582418e08680d815832d2daeb5626494fb2718c88ba1d1d5cc51c08b9", @nested={0x24a, 0x0, 0x0, 0x1, [@typed={0x14, 0x0, 0x0, 0x0, @ipv6=@private0}, @generic="08f93b45dc2cac03618ad098bb6e1441cb02fd0a01c4b9f8273b7bb8066ee717fee54d03ff6f2d06005202bf2b485cbf0655162b1cab5db748b5270958afb161f440a39326da9ec4b22cb44850b416ef1164b153648c4f7e156a0ceffa383af44962e83d3360f8d9b3a2aaf709d0c3c64fd9e1031af9e13651d33649508307f561a91422cbff4b21e74a67edf70ade5b783ec123a9d0d10a3392272048eddcf26d542832839046ddfb69cf2488e3b9ccbda5917489007046c1832886c113622e10fae884bc2f32ca9f8cb00b07f1cac4288a157b9a907cbf196114753fcb690a9767f0c16a7a429d23a4eb3461491b4c76382a276dad507b8c1f2006da38a37309de72fb1f237d3cc270bb5abae40864bcaa82c06110c545ea466b7cf97811acf698fd75e7001b8cddff651e9c4884a2c7b6c9bf8b86c27ea1a5a4c41e4fa1a798183109aa6819368dc99e9da614786d429ab1534cda2f200541341d56d20c48c2ec50077aaddb02efa1f3c70d1795ff11511bbd54d34049c7c088a4fd642a1317a9dbefa49cf67031691a3d2e406e5caf647c54a2fb171fc2c4e997168b1156ae8c8432946ae4dd76bbf21b40fcab16ec995f83b91132a605222985f7beab7bb7fcf7e6bd045e026f66528d6d71368ca58e206a22363bf52bba5d5de58255952d97d88eac10e4d2da5d396262e5e02f98dc5e7f2657d4a70233b4fafeb0c678caf6c9d8ce5ea9897bb9dc7510615466b4f886c9060987c57e62e8198a76ab92c4c1276626e27abe5d08f7b696e2407765c5"]}]}, 0x408}}, 0x0)

17.063124505s ago: executing program 3 (id=3844):
r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x0)
ioctl$I2C_PEC(r0, 0x708, 0x40)
ioctl$I2C_SMBUS(r0, 0x720, &(0x7f0000000500)={0x1, 0x0, 0x2, &(0x7f0000000540)={0x0, "05000000434fd7f5e7d85c8bbfe6931aa54bce5d926e7908d52773897f00"}})

16.309937422s ago: executing program 3 (id=3848):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000580), 0xffffffffffffffff)
sendmsg$NL802154_CMD_SET_SHORT_ADDR(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)={0x20, r1, 0x1, 0x0, 0x0, {}, [@NL802154_ATTR_WPAN_DEV={0xc, 0x6, 0x100000001}]}, 0x20}}, 0x0)

14.673769056s ago: executing program 3 (id=3853):
socket$nl_xfrm(0x10, 0x3, 0x6)
r0 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=@base={0x12, 0x8, 0x8, 0x6, 0x0, 0x1}, 0x48)
r1 = socket(0x1, 0x2, 0x0)
bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000140)={r0, &(0x7f0000002040), &(0x7f0000000100)=@tcp6=r1}, 0x20)
ioctl$int_in(r1, 0x5452, &(0x7f0000000780)=0x20b)
recvmmsg(r1, &(0x7f0000001c40)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000001b00)=[{&(0x7f0000001a00)=""/49, 0x31}], 0x1}}], 0x2, 0x0, 0x0)
sendto$unix(r1, 0x0, 0x0, 0x0, &(0x7f0000000300)=@file={0x1, './file0\x00'}, 0x6e)
quotactl$Q_GETQUOTA(0x0, 0x0, 0x0, 0x0)
sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0)
syz_mount_image$ext4(&(0x7f00000002c0)='ext4\x00', &(0x7f0000000300)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x10, &(0x7f0000000680), 0xfe, 0x244, &(0x7f0000000400)="$eJzs3T9oJFUcB/DvzO565m6RUxtB/AMiooFwdoJNbBQCEoKIoEJExEZJhJhgl1jZWGitksomiJ3RUtIEG0WwipoiNoIGC4OFFiu7k0hMVqNu3Dkynw9MZibz3vzesPN9u83sBmisq0mmk7SSTCbpJCmON7i7Wq4e7q5PbM8nvd4TPxWDdtV+5ajflSRrSR5KslUWeamdrGw+s/fLzmP3vbncuff9zacnxnqRh/b3dh8/eG/2jY9mHlz54qsfZotMp/un6zp/xZD/tYvklv+j2HWiaNc9Av6Judc+/Lqf+1uT3DPIfydlqhfvraUbtjp54N2/6vv2j1/ePs6xAuev1+v03wPXekDjlEm6KcqpJNV2WU5NVZ/hv2ldLl9eXHp18sXF5YUX6p6pgPPSTXYf/eTSx1dO5P/7VpV/4OLq5//JuY1v+9sHrbpHA4zFHdWqn//J51bvj/xD48g/NJf8Q3PJPzSX/ENzyT80l/zDBdb5+8PyD80l/9Bc8g/NdTz/AECz9C7V/QQyUJe65x8AAAAAAAAAAAAAAAAAAOC09Ynt+aNlXDU/eyfZfyRJe1j91uD3iJMbB38v/1z0m/2hqLqN5Nm7RjzBiD6o+enrm76rt/7nd9Zbf3UhWXs9ybV2+/T9Vxzef//dzWcc7zw/YoF/qTix//BT461/0m8b9daf2Uk+7c8/14bNP2VuG6yHzz/ds79i+Uyv/DriCQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABib3wMAAP//+kBtTA==")
setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2e, &(0x7f00000000c0)={0x0, {{0x2, 0x0, @multicast2}}, {{0x2, 0x0, @broadcast}}}, 0x108)
r2 = syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00')
preadv(r2, &(0x7f0000000100)=[{&(0x7f0000000000)=""/9, 0x2c}], 0x1, 0x5e, 0x0)
r3 = open(&(0x7f0000000480)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_GETFSMAP(r3, 0xc0c0583b, &(0x7f0000000500)={0x0, 0x2904c, 0x0, 0x10003, '\x00', [{}, {0xffffffff}]})
recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0)
mkdir(&(0x7f00000002c0)='./file0\x00', 0x0)
mount(0x0, &(0x7f0000000180)='./file0\x00', &(0x7f0000000040)='sysfs\x00', 0x0, 0x0)
r4 = inotify_init1(0x0)
r5 = open$dir(&(0x7f0000000080)='./file0/bus\x00', 0x0, 0x0)
inotify_add_watch(r4, &(0x7f00000000c0)='./file0/bus\x00', 0x1000a10)
getdents(r5, &(0x7f00000001c0)=""/83, 0x53)
r6 = accept$alg(0xffffffffffffffff, 0x0, 0x0)
r7 = dup(0xffffffffffffffff)
r8 = open(&(0x7f0000000140)='./file1\x00', 0x10f0c2, 0x0)
ftruncate(r8, 0x200004)
ioctl$KDFONTOP_SET(r7, 0x4b72, &(0x7f0000000240)={0x0, 0x1, 0x6, 0x9, 0x11d, &(0x7f00000007c0)="e21b543356568ade9a942e7434bab43a786355ee727faeda0fd9a6db941a5cc622511f44035a7c403a59df97cf74e7ce2d699b0df110c70980430a193bd61ece16d0deaf9b8aab7e9c19c87d3a15be7e263a79e8f9a4391655acbb9d24efb960e97fbe8d75c005eb5d16564687a35e38954404409b68d943087bfa56035f0711efa81ffd2b26100d1615de8de0c5a2982e27169d318dc8cea2d097982d1205bc15c05091e118b124e5d76321dfc4450e23978066e7dab76bc97fc650a2eafdccfa22f9cce2da536585c530587ac434389aa5cb50a598952a3954b1e07d69b7e8e74f37cecf5b882d2d079239db9df7c4522a644643258c904c28557ce35426345a2271108b23cd5c52863da6811f987dbd9fa2ac9a4ccd54b693c56b34476febf5b0fb1b744133b9bdddbc541349b807a269986098e892be6b43a55d6477bbddba34b593a7b908b11e9a23115a6545d0c2dd0107b28721edb8613e818fea63fc89dac03592e0f13f38b569dd92ba068d27ee6a55f1105051b9123bbe8d38b27eecfddbc4b05d0eb110d4a24a37343e53b47ed56fcf6e811f6d9e3bee05e8cbcbf1203c13a6c03bbb50f696845a135987b7278a94898b9e91939a35f668a8ef0f08a8759f182e39e6b824d05d4a6d38909c1cd702ed1491003100b36d1e5408a00e001fd813fcfec777f03d203e4c54d8607e3193f88ed16af4da5763fb0a37c176dbfd239fa44285ad8a561aef57f69442a74ee5a30e85a73ce1c3aaac9a9bb733907f9115f8f37a3acd57583104f66b1450dc962ee4ea4948e5ac62802ada6c5cbfe8840816804359941492d40d23c4fdf96907f429486a8610d67f2e9a0528ec1710575e3c65bb81e7d6733b4324dc5fdfc833b441bb0018de91fef8ee8028df47336eb06d518aaa99a90a327406dfe8880acdd577668ef41beedd2156025524932d71fa7aec1e38351b7504c466f1056a0936b8e0d790670c94ba741373420776b500558f76fba8eae1bc9ac6e085530ce81107f1724161b37bd3bd517e2738bc190328fe22a7150f8d9433c1ec36c8259d5065dbcba1980f886b3243096a98b10f13aca9b3b64257fb362840195b58f741e4fd570f0c0573dbf904ec24f0b73b7431bff7740a6c6c393d6fe0d3365cfee02529ab222ccfecaed4c2e8ecddbb4b1fabf1b6121751db1f880078ef2d96c1062caa95a7cc6caf10f8e6fb417ee76f0af52bc2869af0c4b6579fc617c2c88fc4aba42b901c4e46520bbbab2f1a8c5afa3c74e7fa79ded433a447b1f5239278a8cb56422bbdce4ff60e82ee52c1149e1bb186dd288429182c48436627c532269bdff81b68a57f77b7aa5f67c0f0ccc6a09b17a91f0f45d1ea26757aa19b3172cba611a5e02f0ee3a86ef44c45cd832fd1996e16a2831503fdb307fba533a50d2be971aa1d8f4651fe937cfe8ddd"})
sendfile(r6, r8, 0x0, 0x80001d00c0d1)
mount$9p_fd(0x0, &(0x7f0000000000)='./file1\x00', &(0x7f0000000040), 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB='trans=fd,rfdno=', @ANYRESHEX=r7, @ANYBLOB=',wfdno=', @ANYBLOB='\x00\x00'])

14.090321663s ago: executing program 3 (id=3855):
mkdir(0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x14, r1, 0x1}, 0x14}}, 0x0)

9.59988945s ago: executing program 0 (id=3868):
r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
readv(r0, &(0x7f00000082c0)=[{&(0x7f0000006e80)=""/102, 0x66}, {&(0x7f0000006f00)=""/114, 0x72}, {&(0x7f0000006f80)=""/157, 0x9d}, {&(0x7f0000007040)=""/224, 0xe0}, {&(0x7f0000007140)=""/178, 0xb2}, {&(0x7f0000007200)=""/185, 0xb9}, {&(0x7f00000072c0)=""/4096, 0x1000}], 0x7)

9.391423034s ago: executing program 0 (id=3871):
syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f0000000080)='./file0\x00', 0x42, &(0x7f00000000c0)=ANY=[@ANYBLOB="6673796e635f6d6f64653d706f7369782c6e6f696e6c696e655f646174612c6469736361726400aa19fd46b492dc6cf59d696e6c696e655f64656e7472792c00"], 0x1, 0x54f3, &(0x7f000000ab40)="$eJzs3M9rI+UbAPAn7XZ/f/dbRNDbDixCC5uw6XYXvVXdxR/Ypfjj4EnTZBqym2RKk6a1Jw8exYP/iSh48ujf4MGzt8WD4k1QMjPRrSgITRu7/Xxg8sz75s0zz5tD4ZkpCeDMWkx++akS1+JSRMxHxNWI/LxSHrm1IjwfEdcjYu6Jo1LO/zFxPiIuR8S1cfIiZ6V86/Oboxt3fnzz52++u3Duyhdffz+7XQOz9kJE9LaL871eEbN2ER+W841RJ4+91VEZizd6j8pxVsS9dDPPsNeYrGvk8Xa7WJ9t7w7GcavbaI5ju7OVz2/3iwsORu1JnvwDDxs7+biVbuaxM8jy2D4o6to/KP62HQyGRZ5Wme+jPH0Mh5NYzKf7abGf7Ud5bPaH5XyRN2ul++M4KmN5uWhm3VZex+ZRvun/trc6/d39ZJTuDDpZP7lTq79Yq9+t1neyVjpMV6uNXuvuarLU7o6XVYdpo7fWzrJ2N601s95ystRuNqv1erJ0L93sNPpJvV67XbtVvbNcnt1MXnvwXtJtJUvj+EqnvzvsdAfJVraTFJ9YTlZqt19aTm7Uk3fWN5KNt+/fX99494N77z94ef2NV8tFh8t6nK4mSyu3Vlaq9VvVlfryGdr/J2XRU9w/HEll1gUAnD76f2AWTnv/H/r/qThV/e+krLPa/x/D/uFI9P8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGfWDwtfvp6fLBbjK+X8/8qpZ8pxJSLmIuK3vzEf5w/lnC/zLPzD+oW/1PBtJfIM42tcKI/LEbFWHr/+/7i/BQAAAHh6ffXx9c+Kbr14WZx1QZyk4qbN3NUPp5SvEhELi4+nlG1u/PLslJLFcxFxLvanlC2/gXVxSsmKW27nppXtX5k/FC4+ESpFmDvRcgAAgBNxuBM42S4EAACAk/TprAtgNioxeZQ5eRac/+f9nw8ELx0aAQAAAKdQZdYFAAAAAMcu7//9/h8AAAA83Yrf/wMAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAH5n535yUoeiOACfFvoe74+RGOduxRkswyU4dGhYgJtgCbgFN8AacOYSDBjaEq3BxKS3bSTfl7SX25Afp4TJuZcUAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAuvRcrOaP91cPbXO2u3bS3A0AAABwzKZYzcsX02r+r75+Vl+6qOdZROQRcax3H8WvRuaozim+eH/xqYaniDJh/xm/6+NvRFzXx+t5198CAAAAnK71YjmruvXqNB26IPpULdrk/28S5WURUUxfEqXl+9NlorDy9z2Ou0Rp5QLWJFFYteQ2TpX2LaPGMPkwZNWQ91oOAADQi2Yn0G8XAgAAQJ9uhy6AYWRx2Mo87AWX/7x/3xD805gBAAAAP1A2dAEAAABA58r+3/P/AAAA4LRVz/8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgS5tiNV8vlrO2OdtdO2nuBgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4Y3/eUSAEwiAM9q7vTOb+h5UGTU1NqkD4+BuDAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODN7/7yf2JqnEnmXhtLzyPJ2qmxdWrsnRtHfxhfvwYAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICL/XlJgRAIgiiYM/530vc/rCToGUSIgIZHFbVoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA+KLf/fJ/YmqcSeZOG0vHI8naVWPrqrH3oHH0YLz9GwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAICLnft5jaOKAwD+ZmZna6viGmUPEVHwoBe73dbWXj0owYN/ghDSbY1u/dHmYEsRcvEmOfciehQRlHjr/9BzC73UWw57iCAeI/MrmfwAt4TMbJLPB9687w6bed83CSHfeS8LAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFCZfLATJ9mhV8Rxee7R5r2lrH+8p888WHsyn7UsjppM+nh4vf4i6reXCAAAAKdHUtX3IYSn6fpC1se9vP5Pq/dkNf9PLxZxVc/vrfurvqr9s/bnHxuvbg/UK8bJLnp9eTy6sD+VztHNckb8u1XYc/ql//3CTn7n82cvSf4NiT9efWWS5vcz+uHhww+7eXjmqBIHAA7rfNWXQfX3UNYP20wMgFOjUyu8q/o/6bWbEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEATJqvh+SqOQgjznZ0483jz3tJB/YO1J/NVu3L//lr9mtkl0hDC9eXx6EKDc5l1t+/c/WJxPB7daj54I4TQ3uhl8OkU7wmhzQwFhw3i8md9VvI5HkHLv5gAADhx0rJldf3TdH0hOxfNhbD18+76/+1aHKas/zc+u/KoPla9/h82NsPZN1i5+fXg9p277y7fXLwxujH68r2Lw/eHl65evnx1kD8rGXhiAgAAwOF0y1av/+O5/ev/52pxmLL+/+bH4Xf1sRL1/4F2Fv3azgQAAOB0e/nNf/6ODjgfdbvh28WVlVvD4rj9+mJxbCHVZ3ambPX6P5lrOysAAACgCZPVaNf6/7VaHKZc/3/hl9d+q18zCSGcLdf/zy99Nb7W3HRmWhP/Ttz2HAEAAGjX2bLV1//TfP9/vL3lIQ4hvPNWEZcfAzhV/Z989P2v9bHq+/8vNTfFmRT3i/uR9/0QOv22MwIAAOAke65sWbH/V7q+8Pnv5z7p2v8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA0LT/AgAA//8Yl0ni")
r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cpuacct.usage_all\x00', 0x275a, 0x0)
fallocate(r0, 0x0, 0x0, 0x8000001)
mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x0, 0x12, r0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000003680)='sched_switch\x00'}, 0x10)
socket$packet(0x11, 0x3, 0x300)
fallocate(r0, 0x20, 0x2000, 0x140000)

9.367334706s ago: executing program 3 (id=3872):
r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0)
write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000080)={<r1=>0xffffffffffffffff}, 0x106}}, 0x20)
write$RDMA_USER_CM_CMD_QUERY(r0, &(0x7f0000000000)={0x13, 0x10, 0xfa00, {&(0x7f0000003300), r1}}, 0x18)

6.681427257s ago: executing program 0 (id=3878):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, 0x0, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket(0x10, 0x2, 0x0)
socket$nl_route(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6)
bind$inet(r1, &(0x7f00000000c0)={0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0x3c}}, 0x10)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)
setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x298)
r3 = syz_open_dev$vim2m(&(0x7f0000000040), 0x0, 0x2)
ioctl$vim2m_VIDIOC_REQBUFS(r3, 0xc0145608, &(0x7f0000000180)={0xff, 0x0, 0x2})
ioctl$vim2m_VIDIOC_DQBUF(r3, 0xc058560f, &(0x7f0000000240)=@multiplanar_overlay={0x2, 0x1, 0x4, 0x2, 0x1ff, {}, {0x0, 0x0, 0x5, 0x1, 0x3d, 0x9, "a767bd1c"}, 0x6, 0x3, {&(0x7f00000003c0)=[{0x230, 0x7, {}, 0x3}, {0x0, 0x3, {0x5}, 0x8000}]}, 0x0, 0x0, r2})
socket$inet6_tcp(0xa, 0x1, 0x0)
r4 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$netlink(r4, &(0x7f0000001f80)={0x0, 0x0, &(0x7f0000001f00)=[{&(0x7f0000000280)=ANY=[@ANYBLOB="e8000000270001000000000000000000d500008024d4e3455c7216da3484447f8a081f930884b55764ca84de3d0e7bc8d6f29cd84ba94079f2351604f1fcc3988de886d82375980e92e1ba2f8410b06773cbbf6293af17222761aa1289e6a8f1c888f4809cdccfe1c8695630dcb6bad9b53d1d97f2f820a715ce709fcaa40a70dc4c98ebbe761c0eec46d4f50508215e72fc781a471b1a7c769a074f2d6388253cfdd4b0057b788fbb7296ae39bb3543639c66437fa3347adfaca46f74fbc95f1b07200000008bb982eb4ec7e08b552a2807c0f129bbb5369dd1e04690a1267e29e81f000008247e5846bf1f7f000000000000005157b128759a05b14619ab1d6596bbb077daca1d7c125230d829abf300000000"], 0xe8}], 0x1, 0x0, 0x0, 0x90}, 0x840)
syz_emit_ethernet(0x49, 0x0, 0x0)
memfd_create(0x0, 0x0)
ioctl$BINDER_GET_EXTENDED_ERROR(0xffffffffffffffff, 0xc00c6211, &(0x7f0000000080))
ioctl$FS_IOC_RESVSP(0xffffffffffffffff, 0x40305828, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x8001})
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff)
r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0)
r6 = openat$cgroup_pressure(r5, &(0x7f0000000040)='memory.pressure\x00', 0x2, 0x0)
write$cgroup_pressure(r6, &(0x7f0000000080)={'some', 0x20, 0x2000000005, 0x20, 0x10000000fffff}, 0x2f)

4.700321842s ago: executing program 0 (id=3879):
unshare(0x22020600)
r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
bind$x25(r0, 0x0, 0x0)

4.611080657s ago: executing program 0 (id=3881):
mkdir(0x0, 0x0)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$TIPC_NL_BEARER_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x14, r1, 0x1}, 0x14}}, 0x0)

4.364868652s ago: executing program 0 (id=3884):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$inet6_tcp(0xa, 0x1, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r2 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
setsockopt$inet6_tcp_TCP_REPAIR(r1, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4)
syz_clone(0x40a68180, 0x0, 0x0, 0x0, 0x0, 0x0)
r5 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x0, 0x0)
ioctl$PPPIOCNEWUNIT(r5, 0xc004743e, &(0x7f0000000040))
ioctl$PPPIOCGNPMODE(r5, 0xc008744c, &(0x7f0000000000)={0x29})
sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000180)=@ipv4_delrule={0x24, 0x21, 0x1, 0x0, 0x0, {0x2, 0x0, 0x0, 0x8}, [@FRA_GENERIC_POLICY=@FRA_PROTOCOL={0x5}]}, 0x24}}, 0x0)
syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0xdc, 0xcf, 0x80, 0x40, 0x14cd, 0x6116, 0x160, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xe3, 0x38, 0xab}}]}}]}}, 0x0)
syslog(0x3, &(0x7f00000002c0)=""/168, 0xa8)

3.062702134s ago: executing program 4 (id=3888):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/key-users\x00', 0x0, 0x0)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0)
sendfile(r1, r0, &(0x7f0000000000)=0x9, 0xffb)

3.017622013s ago: executing program 4 (id=3889):
unshare(0x22020600)
r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
bind$x25(r0, 0x0, 0x0)

2.838704538s ago: executing program 4 (id=3890):
r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
readv(r0, &(0x7f00000082c0)=[{&(0x7f0000006e80)=""/102, 0x66}, {&(0x7f0000006f00)=""/114, 0x72}, {&(0x7f0000006f80)=""/157, 0x9d}, {&(0x7f0000007040)=""/224, 0xe0}, {&(0x7f0000007140)=""/178, 0xb2}, {&(0x7f0000007200)=""/185, 0xb9}, {&(0x7f00000072c0)=""/4096, 0x1000}], 0x7)

2.793637628s ago: executing program 4 (id=3891):
r0 = syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0)
syz_usb_control_io$hid(r0, 0x0, 0x0)
socket$netlink(0x10, 0x3, 0x0)
r1 = socket(0x10, 0x803, 0x0)
sendmsg$IPSET_CMD_PROTOCOL(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x14}}, 0x0)
ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'ipvlan1\x00'})
getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, <r2=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000180)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=@newqdisc={0x48, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18}]}}]}, 0x48}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000600)=@newtfilter={0x48, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {}, {0xfff1}}, [@filter_kind_options=@f_matchall={{0xd}, {0x14, 0x2, [@TCA_MATCHALL_CLASSID={0x8}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x1}]}}]}, 0x48}}, 0x0)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r3, &(0x7f00000002c0), 0x40000000000009f, 0x0)

2.60193047s ago: executing program 2 (id=3892):
prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680))
newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100), 0x0)

2.482560283s ago: executing program 2 (id=3893):
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x0, &(0x7f0000000200))
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001)
r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0)
sendmsg$inet(0xffffffffffffffff, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0)
r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0)
r3 = getpid()
sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r4=>0xffffffffffffffff, <r5=>0xffffffffffffffff})
connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
preadv(r2, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', 0x0, 0x0, 0x0)
mkdir(&(0x7f00000000c0)='./file0\x00', 0x0)
rmdir(&(0x7f0000000000)='./file0\x00')
r6 = socket$nl_route(0x10, 0x3, 0x0)
r7 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x10, 0xa702)
mmap(&(0x7f0000371000/0x5000)=nil, 0x5000, 0x7, 0x11, r7, 0x0)
mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x6)
sendmsg$nl_route_sched(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000300)=@newtaction={0x6c, 0x30, 0xffff, 0x0, 0x0, {}, [{0x58, 0x1, [@m_ife={0x54, 0x1, 0x0, 0x0, {{0x8}, {0x2c, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c, 0x1, {{0x0, 0x800000, 0x0, 0xfffffffc}}}, @TCA_IFE_SMAC={0xa, 0x4, @broadcast}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x6c}, 0x1, 0x0, 0x0, 0x28884}, 0x0)
preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0)

702.921075ms ago: executing program 2 (id=3894):
socket$inet_sctp(0x2, 0x5, 0x84)
socket$packet(0x11, 0x2, 0x300)
socket$inet_smc(0x2b, 0x1, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.controllers\x00', 0x275a, 0x0)
socket$l2tp(0x2, 0x2, 0x73)
socket$inet6(0xa, 0x1, 0x0)
syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
socket$nl_route(0x10, 0x3, 0x0)
socket$inet_udplite(0x2, 0x2, 0x88)
socket$nl_route(0x10, 0x3, 0x0)
openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0)
socket$alg(0x26, 0x5, 0x0)
socket$nl_generic(0x10, 0x3, 0x10)
bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=@base={0x2, 0x4, 0x4, 0x8}, 0x48)
socket(0x200000100000011, 0x3, 0x0)
socket$packet(0x11, 0x3, 0x300)
socket$inet6(0xa, 0x2, 0x0)
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000100)={0x0, 0x7}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f00000004c0)={0x0, 0x465f}, 0x8)
r1 = socket$inet6_sctp(0xa, 0x1, 0x84)
bind$inet6(r1, &(0x7f00000002c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
listen(r1, 0x4)
setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r1, 0x84, 0x76, &(0x7f0000000140)={0x0, 0x5}, 0x8)
setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000000)={0x0, 0x4}, 0x8)
sendmmsg$inet6(r0, &(0x7f0000000200)=[{{&(0x7f00000000c0)={0xa, 0x4e23, 0x0, @loopback}, 0x1c, &(0x7f0000000580)=[{&(0x7f0000000180)='i', 0x1}], 0x1}}], 0x1, 0x0)
setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000280)=ANY=[@ANYRES32, @ANYRES32=r1], 0xc)

322.773482ms ago: executing program 2 (id=3895):
openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000180), 0x800)
r0 = socket$qrtr(0x2a, 0x2, 0x0)
r1 = syz_io_uring_setup(0x7934, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000000)=<r2=>0x0)
syz_io_uring_setup(0xa91, &(0x7f00000002c0), &(0x7f0000000040)=<r3=>0x0, &(0x7f00000005c0))
syz_io_uring_submit(r3, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54})
io_uring_enter(r1, 0xec4, 0x0, 0x0, 0x0, 0x0)
connect$qrtr(r0, &(0x7f0000000040), 0xc)
r4 = socket$netlink(0x10, 0x3, 0x0)
dup2(r4, r0)

130.620742ms ago: executing program 4 (id=3896):
r0 = socket$pppl2tp(0x18, 0x1, 0x1)
r1 = socket$pppl2tp(0x18, 0x1, 0x1)
r2 = socket$inet_udp(0x2, 0x2, 0x0)
connect$pppl2tp(r1, &(0x7f0000000980)=@pppol2tpin6={0x18, 0x1, {0x0, r2, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x0, @local}}}, 0x32)
connect$pppl2tp(r0, &(0x7f0000000980)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @empty}, 0x1, 0x3}}, 0x26)
r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.events\x00', 0x275a, 0x0)
r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x275a, 0x0)
write$binfmt_script(r3, &(0x7f0000000100), 0xfecc)
mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r4, 0x0)
getsockopt$bt_BT_SECURITY(r0, 0x111, 0x5, 0x0, 0x20001f00)

115.953857ms ago: executing program 2 (id=3897):
r0 = openat$procfs(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/key-users\x00', 0x0, 0x0)
r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/sys/net/ipv4/vs/drop_entry\x00', 0x2, 0x0)
sendfile(r1, r0, &(0x7f0000000000)=0x9, 0xffb)

874.438µs ago: executing program 2 (id=3898):
unshare(0x22020600)
r0 = syz_init_net_socket$x25(0x9, 0x5, 0x0)
bind$x25(r0, 0x0, 0x0)

0s ago: executing program 4 (id=3899):
r0 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
readv(r0, &(0x7f00000082c0)=[{&(0x7f0000006e80)=""/102, 0x66}, {&(0x7f0000006f00)=""/114, 0x72}, {&(0x7f0000006f80)=""/157, 0x9d}, {&(0x7f0000007040)=""/224, 0xe0}, {&(0x7f0000007140)=""/178, 0xb2}, {&(0x7f0000007200)=""/185, 0xb9}, {&(0x7f00000072c0)=""/4096, 0x1000}], 0x7)

kernel console output (not intermixed with test programs):

89.015839][    C1] 
[  889.015839][    C1] Showing all locks held in the system:
[  889.023685][    C1] 4 locks held by kworker/u8:1/12:
[  889.028859][    C1]  #0: ffff888015edd948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  889.039813][    C1]  #1: ffffc90000117d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  889.050469][    C1]  #2: ffffffff8f5f2c10 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0
[  889.059969][    C1]  #3: ffffffff8e33ab00 (rcu_state.barrier_mutex){+.+.}-{3:3}, at: rcu_barrier+0x4c/0x530
[  889.070021][    C1] 3 locks held by kworker/1:1/46:
[  889.075086][    C1]  #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  889.086127][    C1]  #1: ffffc90000b67d00 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  889.097204][    C1]  #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xe/0x20
[  889.107734][    C1] 4 locks held by kworker/0:2/1148:
[  889.112979][    C1]  #0: ffff8880b943ea18 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0x2a/0x140
[  889.122993][    C1]  #1: ffff8880b9428948 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x441/0x770
[  889.134508][    C1]  #2: ffff8880b942a718 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x112/0x240
[  889.143927][    C1]  #3: ffff8880b943e198 (&pool->lock){-.-.}-{2:2}, at: __queue_work+0x6e5/0xee0
[  889.153099][    C1] 1 lock held by dhcpcd/4761:
[  889.157817][    C1]  #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: devinet_ioctl+0x2ce/0x1bc0
[  889.167060][    C1] 2 locks held by getty/4851:
[  889.171746][    C1]  #0: ffff88802a60e0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70
[  889.181570][    C1]  #1: ffffc900031332f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6b5/0x1e10
[  889.191788][    C1] 4 locks held by kworker/0:7/5176:
[  889.197051][    C1]  #0: ffff888015080948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x90a/0x1830
[  889.208143][    C1]  #1: ffffc90004047d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x945/0x1830
[  889.219215][    C1]  #2: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60
[  889.228330][    C1]  #3: ffffffff8e33ac38 (rcu_state.exp_mutex){+.+.}-{3:3}, at: synchronize_rcu_expedited+0x381/0x830
[  889.239368][    C1] 5 locks held by kworker/u8:15/7364:
[  889.244774][    C1]  #0: ffffffff8e335860 (rcu_read_lock){....}-{1:2}, at: raw_spin_rq_lock_nested+0x2a/0x140
[  889.254958][    C1]  #1: ffff8880b9428948 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x3a7/0x770
[  889.266461][    C1]  #2: ffff8880b942a718 (&base->lock){-.-.}-{2:2}, at: lock_timer_base+0x112/0x240
[  889.275812][    C1]  #3: ffffffff949c3ca8 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_activate+0x16d/0x510
[  889.286302][    C1]  #4: ffffffff8e1e4b08 (text_mutex){+.+.}-{3:3}, at: arch_jump_label_transform_apply+0x17/0x30
[  889.296903][    C1] 1 lock held by syz-executor/15967:
[  889.302285][    C1]  #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180
[  889.311901][    C1] 1 lock held by syz.0.2943/16039:
[  889.317100][    C1]  #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180
[  889.326768][    C1] 1 lock held by syz.3.2942/16038:
[  889.331913][    C1]  #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180
[  889.341511][    C1] 1 lock held by syz.1.2949/16056:
[  889.346709][    C1]  #0: ffffffff8f5ff788 (rtnl_mutex){+.+.}-{3:3}, at: rtnetlink_rcv_msg+0x847/0x1180
[  889.356332][    C1] 3 locks held by syz.4.2952/16061:
[  889.361577][    C1]  #0: ffff888068c74808 (&vma->vm_lock->lock){++++}-{3:3}, at: lock_vma_under_rcu+0x2f9/0x6e0
[  889.371976][    C1]  #1: ffff88802efbe518 (sb_pagefaults){.+.+}-{0:0}, at: ext4_page_mkwrite+0x1f0/0xdf0
[  889.381783][    C1]  #2: ffff88802efc2950 (jbd2_handle){++++}-{0:0}, at: start_this_handle+0x203f/0x22a0
[  889.391513][    C1] 
[  889.393868][    C1] =============================================
[  889.393868][    C1] 
[  889.722459][T15967] chnl_net:caif_netlink_parms(): no params data found
[  889.730231][T16072] netlink: 'syz.3.2955': attribute type 29 has an invalid length.
[  889.812629][T16072] netlink: 'syz.3.2955': attribute type 29 has an invalid length.
[  890.013715][T16075] netlink: 'syz.3.2955': attribute type 29 has an invalid length.
[  890.021901][   T46] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  890.226446][   T46] usb 1-1: Using ep0 maxpacket: 8
[  890.243961][   T46] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  890.263594][   T46] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  890.289740][   T46] usb 1-1: config 0 descriptor??
[  890.315699][T16094] loop1: detected capacity change from 0 to 736
[  891.329329][   T12] hsr_slave_0: left promiscuous mode
[  891.336186][   T12] hsr_slave_1: left promiscuous mode
[  891.358790][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  891.383084][   T12] batman_adv: batadv0: Removing interface: batadv_slave_0
[  891.421441][   T12] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  891.432951][   T12] batman_adv: batadv0: Removing interface: batadv_slave_1
[  891.475832][   T12] veth1_macvtap: left promiscuous mode
[  891.482042][   T12] veth0_macvtap: left promiscuous mode
[  891.489769][   T12] veth1_vlan: left promiscuous mode
[  891.502816][   T12] veth0_vlan: left promiscuous mode
[  891.520076][T16119] loop1: detected capacity change from 0 to 64
[  892.003751][T16124] netlink: 4068 bytes leftover after parsing attributes in process `syz.1.2965'.
[  892.762601][   T12] team0 (unregistering): Port device team_slave_1 removed
[  892.841486][   T12] team0 (unregistering): Port device team_slave_0 removed
[  893.084978][   T46] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0012: -71
[  893.098043][   T46] asix 1-1:0.0: probe with driver asix failed with error -71
[  893.111282][   T46] usb 1-1: USB disconnect, device number 20
[  894.002446][T16143] netlink: 'syz.0.2969': attribute type 29 has an invalid length.
[  894.089707][T15967] bridge0: port 1(bridge_slave_0) entered blocking state
[  894.097572][T15967] bridge0: port 1(bridge_slave_0) entered disabled state
[  894.105003][T15967] bridge_slave_0: entered allmulticast mode
[  894.115572][T15967] bridge_slave_0: entered promiscuous mode
[  894.146500][T16133] netlink: 'syz.3.2967': attribute type 27 has an invalid length.
[  894.548898][T16133] bridge0: port 2(bridge_slave_1) entered disabled state
[  894.559963][T16133] bridge0: port 1(bridge_slave_0) entered disabled state
[  894.653145][T16158] input: syz0 as /devices/virtual/input/input23
[  895.105506][T16133] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  895.177229][T16133] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  895.235199][T16176] loop1: detected capacity change from 0 to 4096
[  895.268142][T16176] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512).
[  895.679173][T16133] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  895.695355][T16133] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  897.366459][T16133] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  897.375468][T16133] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  897.796633][T16133] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0
[  897.806676][T16133] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0
[  897.815602][T16133] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0
[  897.824606][T16133] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0
[  897.924889][T16133] vxlan0: left promiscuous mode
[  897.952210][T16143] netlink: 'syz.0.2969': attribute type 29 has an invalid length.
[  897.977479][T15967] bridge0: port 2(bridge_slave_1) entered blocking state
[  897.980829][T16177] loop4: detected capacity change from 0 to 32768
[  898.003395][T15967] bridge0: port 2(bridge_slave_1) entered disabled state
[  898.056797][T15967] bridge_slave_1: entered allmulticast mode
[  898.084724][T15967] bridge_slave_1: entered promiscuous mode
[  898.274054][T15967] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  898.338652][T15967] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  898.361330][T16191] netlink: 4068 bytes leftover after parsing attributes in process `syz.3.2980'.
[  898.627105][T15967] team0: Port device team_slave_0 added
[  898.667387][T15967] team0: Port device team_slave_1 added
[  898.928867][T15967] batman_adv: batadv0: Adding interface: batadv_slave_0
[  898.935880][T15967] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  899.013152][T15967] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  899.077246][T15967] batman_adv: batadv0: Adding interface: batadv_slave_1
[  899.111115][T15967] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  899.191626][T16218] netlink: 'syz.4.2988': attribute type 29 has an invalid length.
[  899.203265][T15967] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  899.237339][T16213] netlink: 'syz.3.2987': attribute type 2 has an invalid length.
[  899.352737][T16218] netlink: 'syz.4.2988': attribute type 29 has an invalid length.
[  899.413282][T16187] loop1: detected capacity change from 0 to 32768
[  899.444533][T16187] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.2978 (16187)
[  899.466643][T16221] netlink: 'syz.4.2988': attribute type 29 has an invalid length.
[  899.488951][T16187] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  899.511145][T16187] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  899.570342][T16187] BTRFS info (device loop1): using free-space-tree
[  899.672697][T15967] hsr_slave_0: entered promiscuous mode
[  899.745263][T15967] hsr_slave_1: entered promiscuous mode
[  899.784720][T15967] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  899.818360][T15967] Cannot create hsr debugfs directory
[  900.868590][T16253] loop3: detected capacity change from 0 to 2048
[  900.930516][T16253] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  901.199393][T15312] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  901.913803][T16258] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2996'.
[  902.154423][T16234] loop4: detected capacity change from 0 to 32768
[  902.613672][T16279] netlink: 'syz.0.3000': attribute type 2 has an invalid length.
[  902.767125][T16284] netlink: 'syz.3.3002': attribute type 29 has an invalid length.
[  902.818302][T16284] netlink: 'syz.3.3002': attribute type 29 has an invalid length.
[  902.877420][T16284] netlink: 'syz.3.3002': attribute type 29 has an invalid length.
[  903.223340][T16303] loop1: detected capacity change from 0 to 128
[  903.242398][T16303] VFS: Found a Xenix FS (block size = 512) on device loop1
[  903.250950][T15967] netdevsim netdevsim2 netdevsim0: renamed from eth0
[  903.552563][T15967] netdevsim netdevsim2 netdevsim1: renamed from eth1
[  904.007924][T15967] netdevsim netdevsim2 netdevsim2: renamed from eth2
[  904.073596][T15967] netdevsim netdevsim2 netdevsim3: renamed from eth3
[  904.123160][T16309] netlink: 9286 bytes leftover after parsing attributes in process `syz.1.3009'.
[  904.389431][T16317] netlink: 'syz.4.3014': attribute type 2 has an invalid length.
[  904.400453][T16309] sysv_free_block: trying to free block not in datazone
[  905.420127][T15967] 8021q: adding VLAN 0 to HW filter on device bond0
[  905.525980][T15967] 8021q: adding VLAN 0 to HW filter on device team0
[  905.538333][T15312] sysv_free_inode: inode 0,1,2 or nonexistent inode
[  905.582444][T13106] bridge0: port 1(bridge_slave_0) entered blocking state
[  905.589698][T13106] bridge0: port 1(bridge_slave_0) entered forwarding state
[  905.671004][ T5176] bridge0: port 2(bridge_slave_1) entered blocking state
[  905.678226][ T5176] bridge0: port 2(bridge_slave_1) entered forwarding state
[  905.736611][T16334] loop1: detected capacity change from 0 to 736
[  905.981268][T15967] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network
[  906.249049][T15967] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  907.644370][T16363] loop3: detected capacity change from 0 to 512
[  907.696778][T16363] EXT4-fs error (device loop3): ext4_read_inode_bitmap:140: comm syz.3.3025: Invalid inode bitmap blk 4 in block_group 0
[  907.729362][T16363] EXT4-fs (loop3): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  907.742784][T15967] 8021q: adding VLAN 0 to HW filter on device batadv0
[  907.869434][T16363] EXT4-fs error (device loop3): ext4_read_inode_bitmap:140: comm syz.3.3025: Invalid inode bitmap blk 4 in block_group 0
[  908.005565][T16363] EXT4-fs error (device loop3) in ext4_free_inode:362: Corrupt filesystem
[  908.041126][T15967] veth0_vlan: entered promiscuous mode
[  908.144636][T12120] Bluetooth: Wrong link type (-57)
[  908.201902][T16379] iommufd_mock iommufd_mock0: Adding to iommu group 0
[  908.578412][T15967] veth1_vlan: entered promiscuous mode
[  908.632348][T14981] EXT4-fs (loop3): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  908.861496][T15967] veth0_macvtap: entered promiscuous mode
[  908.909609][T15967] veth1_macvtap: entered promiscuous mode
[  909.049301][T15967] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  909.106422][T15967] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  909.116403][T15967] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  909.127148][T15967] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  909.137835][T15967] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  909.148466][T15967] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  909.162136][T15967] batman_adv: batadv0: Interface activated: batadv_slave_0
[  909.183426][T15967] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  909.769585][T15967] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  910.000331][T15967] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  910.057726][T15967] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  910.120549][T15967] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  910.131141][T15967] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  910.142909][T15967] batman_adv: batadv0: Interface activated: batadv_slave_1
[  910.189530][T15967] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  910.241739][T15967] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  910.263556][T16398] loop1: detected capacity change from 0 to 8
[  910.265481][T15967] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  910.361855][T15967] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  910.459818][T16401] loop4: detected capacity change from 0 to 16
[  910.516132][T16401] MTD: Attempt to mount non-MTD device "/dev/loop4"
[  910.617286][ T1148] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  911.268662][ T1148] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  911.282565][ T1148] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[  911.877002][ T7377] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  911.908416][ T1148] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  911.917786][ T1148] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  911.926886][ T1148] usb 2-1: SerialNumber: syz
[  911.943362][ T1148] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22
[  911.954999][ T7377] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  912.080035][ T7364] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  912.140027][ T7364] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  912.203627][T16425] loop4: detected capacity change from 0 to 1024
[  913.445188][T16459] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3047'.
[  913.697559][T13106] usb 2-1: USB disconnect, device number 14
[  914.356744][T16422] loop3: detected capacity change from 0 to 32768
[  914.478651][T16422] XFS (loop3): Mounting V5 Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  914.720937][T16486] netlink: 'syz.2.3054': attribute type 21 has an invalid length.
[  914.766554][T16485] tipc: Enabling of bearer <udp:syz0> rejected, failed to enable media
[  914.820064][T16422] XFS (loop3): Ending clean mount
[  915.686087][T14981] XFS (loop3): Unmounting Filesystem c496e05e-540d-4c72-b591-04d79d8b4eeb
[  915.898805][T16504] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3061'.
[  916.386549][ T1148] usb 5-1: new high-speed USB device number 18 using dummy_hcd
[  916.596566][ T1148] usb 5-1: Using ep0 maxpacket: 8
[  916.730463][ T1148] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  917.086569][ T1148] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  917.157598][ T1148] usb 5-1: config 0 descriptor??
[  919.291062][T16551] loop1: detected capacity change from 0 to 256
[  919.302131][T16551] exfat: Deprecated parameter 'namecase'
[  919.308561][T16551] exfat: Deprecated parameter 'namecase'
[  919.550404][T16551] exFAT-fs (loop1): Invalid exboot-signature(sector = 7): 0xaa000000
[  919.581056][T16551] exFAT-fs (loop1): Invalid boot checksum (boot checksum : 0x1119abd0, checksum : 0xdc19abad)
[  919.591587][T16551] exFAT-fs (loop1): invalid boot region
[  919.597267][T16551] exFAT-fs (loop1): failed to recognize exfat type
[  922.036491][ T1148] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71
[  922.137939][ T1148] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write Medium Mode mode to 0x0306: ffffffb9
[  922.256825][ T1148] asix 5-1:0.0: probe with driver asix failed with error -71
[  922.305634][ T1148] usb 5-1: USB disconnect, device number 18
[  922.951804][T16597] fuse: Unknown parameter '000000000000000000000040x0000000000000004'
[  922.974968][T16598] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3084'.
[  923.011631][T12120] Bluetooth: hci1: Malformed HCI Event: 0x22
[  923.103320][T16598] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  923.112703][T16598] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  923.121612][T16598] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  923.130448][T16598] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  923.237627][T16602] input: syz0 as /devices/virtual/input/input24
[  925.716953][T16637] netlink: 'syz.1.3094': attribute type 21 has an invalid length.
[  926.867636][T16658] loop3: detected capacity change from 0 to 256
[  926.876500][T16658] exfat: Deprecated parameter 'namecase'
[  926.882299][T16658] exfat: Deprecated parameter 'namecase'
[  926.930339][T16658] exFAT-fs (loop3): Invalid exboot-signature(sector = 7): 0xaa000000
[  926.940068][T16658] exFAT-fs (loop3): Invalid boot checksum (boot checksum : 0x1119abd0, checksum : 0xdc19abad)
[  926.950555][T16658] exFAT-fs (loop3): invalid boot region
[  926.956144][T16658] exFAT-fs (loop3): failed to recognize exfat type
[  927.656387][T16163] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  927.726605][T13106] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  927.772774][T16670] loop4: detected capacity change from 0 to 4096
[  927.828359][T16677] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3103'.
[  927.872404][T16163] usb 3-1: device descriptor read/all, error -71
[  927.947248][T16677] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0
[  927.956205][T16677] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0
[  927.965270][T16677] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0
[  927.965426][T13106] usb 1-1: Using ep0 maxpacket: 32
[  927.974111][T16677] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0
[  928.047367][T13106] usb 1-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92
[  928.079300][T13106] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  928.110292][T13106] usb 1-1: config 0 descriptor??
[  928.137317][T13106] gspca_main: nw80x-2.14.0 probing 055f:d001
[  928.431922][   T29] audit: type=1107 audit(1720257623.458:923): pid=16688 uid=0 auid=4294967295 ses=4294967295 subj=unconfined msg='O'
[  928.765502][T13106] usb 1-1: USB disconnect, device number 21
[  928.806694][T16163] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  928.982739][ T5102] Bluetooth: hci5: command 0x0406 tx timeout
[  929.007972][T16163] usb 3-1: Using ep0 maxpacket: 8
[  929.021428][T16163] usb 3-1: New USB device found, idVendor=0403, idProduct=f0c8, bcdDevice= 2.56
[  929.043935][T16163] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  929.063349][T16163] usb 3-1: config 0 descriptor??
[  929.100791][T16163] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected
[  929.144743][T16163] ftdi_sio ttyUSB0: unknown device type: 0x256
[  929.378193][T16698] loop3: detected capacity change from 0 to 32768
[  929.407622][T16698] BTRFS: device fsid a6a605fc-d5f1-4e66-8595-3726e2b761d6 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.3111 (16698)
[  929.444282][T16698] BTRFS info (device loop3): first mount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  929.485387][T16698] BTRFS info (device loop3): using blake2b (blake2b-256-generic) checksum algorithm
[  929.544523][T16698] BTRFS info (device loop3): using free-space-tree
[  929.553047][T16704] netlink: 56 bytes leftover after parsing attributes in process `syz.4.3114'.
[  929.718934][T16690] Bluetooth: MGMT ver 1.23
[  929.775632][T16726] loop1: detected capacity change from 0 to 16
[  929.804784][T16726] erofs: (device loop1): mounted with root inode @ nid 36.
[  929.985780][T16690] loop2: detected capacity change from 0 to 2048
[  930.632616][T16732] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  930.668303][T16690] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  930.835796][ T1148] usb 3-1: USB disconnect, device number 16
[  930.845741][ T1148] ftdi_sio 3-1:0.0: device disconnected
[  930.926016][T14981] BTRFS info (device loop3): last unmount of filesystem a6a605fc-d5f1-4e66-8595-3726e2b761d6
[  930.966366][ T5147] usb 5-1: new high-speed USB device number 19 using dummy_hcd
[  931.190626][ T5147] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  931.210320][ T5147] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  931.219736][ T5147] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  931.235112][ T5147] usb 5-1: SerialNumber: syz
[  931.265223][ T5147] cdc_ether 5-1:1.0: skipping garbage
[  931.265466][T16740] bridge0: port 2(bridge_slave_1) entered disabled state
[  931.271344][T12337] usb 2-1: new high-speed USB device number 15 using dummy_hcd
[  931.279944][T16740] bridge0: port 1(bridge_slave_0) entered disabled state
[  931.298248][ T5147] usb 5-1: bad CDC descriptors
[  931.406006][T16741] bridge_slave_1: left allmulticast mode
[  931.413180][T16741] bridge_slave_1: left promiscuous mode
[  931.443992][T16741] bridge0: port 2(bridge_slave_1) entered disabled state
[  931.503686][ T5147] usb 5-1: USB disconnect, device number 19
[  931.510289][T12337] usb 2-1: Using ep0 maxpacket: 8
[  931.550400][T12337] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  931.578510][T12337] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  931.602079][T12337] usb 2-1: config 0 descriptor??
[  931.624588][T16741] bridge_slave_0: left allmulticast mode
[  931.650839][T16746] loop3: detected capacity change from 0 to 512
[  931.657950][T16741] bridge_slave_0: left promiscuous mode
[  931.704022][T16746] ext3: Unknown parameter 'hash'
[  931.715605][T16741] bridge0: port 1(bridge_slave_0) entered disabled state
[  931.780792][T15967] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  931.940158][ T1250] ieee802154 phy0 wpan0: encryption failed: -22
[  931.946856][ T1250] ieee802154 phy1 wpan1: encryption failed: -22
[  932.209597][T16752] loop2: detected capacity change from 0 to 64
[  932.546175][T16758] loop4: detected capacity change from 0 to 8
[  932.896827][ T1148] usb 5-1: new high-speed USB device number 20 using dummy_hcd
[  933.111734][ T1148] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  933.152107][ T1148] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18
[  933.180951][ T1148] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  933.193651][ T1148] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  933.210406][ T1148] usb 5-1: SerialNumber: syz
[  933.231410][ T1148] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22
[  933.319807][T16765] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3132'.
[  933.400378][T16767] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check.
[  933.634699][T16771] loop2: detected capacity change from 0 to 2048
[  933.692324][T16771] EXT4-fs (loop2): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  933.736646][T16771] ext4 filesystem being mounted at /24/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  933.789952][T16758] loop4: detected capacity change from 0 to 1764
[  933.857602][T16758] iso9660: Bad value for 'gid'
[  933.945071][T12337] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0012: -71
[  933.965811][T16781] loop3: detected capacity change from 0 to 2048
[  934.007160][T12337] asix 2-1:0.0: probe with driver asix failed with error -71
[  934.070628][T12337] usb 2-1: USB disconnect, device number 15
[  934.080855][T16781] NILFS (loop3): broken superblock, retrying with spare superblock (blocksize = 1024)
[  934.137057][T16785] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  934.137455][T16781] syz.3.3137: attempt to access beyond end of device
[  934.137455][T16781] loop3: rw=524288, sector=33554430, nr_sectors = 2 limit=2048
[  935.354137][T15967] EXT4-fs (loop2): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  935.641364][T16800] netlink: 56 bytes leftover after parsing attributes in process `syz.2.3140'.
[  935.877454][ T1148] usb 5-1: USB disconnect, device number 20
[  935.937992][T16809] loop2: detected capacity change from 0 to 16
[  935.970516][T16809] erofs: (device loop2): mounted with root inode @ nid 36.
[  936.236678][T16816] netlink: 20 bytes leftover after parsing attributes in process `syz.3.3149'.
[  936.375223][T16819] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3150'.
[  936.520639][T16804] loop1: detected capacity change from 0 to 32768
[  936.531198][ T1148] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  936.532280][T16804] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.3144 (16804)
[  936.567913][T16804] BTRFS info (device loop1): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  936.578726][T16804] BTRFS info (device loop1): using crc32c (crc32c-intel) checksum algorithm
[  936.588015][T16804] BTRFS info (device loop1): using free-space-tree
[  936.729252][ T1148] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  936.755796][ T1148] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  936.777180][ T1148] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  936.817048][ T1148] usb 4-1: New USB device found, idVendor=04d9, idProduct=a070, bcdDevice= 0.00
[  936.836975][ T1148] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  936.873304][ T1148] usb 4-1: config 0 descriptor??
[  936.940563][T16842] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3153'.
[  937.222389][T16844] loop4: detected capacity change from 0 to 4096
[  937.292942][T15312] BTRFS info (device loop1): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  937.307539][ T1148] usbhid 4-1:0.0: can't add hid device: -71
[  937.336568][ T1148] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  937.357013][ T1148] usb 4-1: USB disconnect, device number 13
[  937.598217][T16855] loop4: detected capacity change from 0 to 1024
[  938.319079][T16869] ipvlan2: entered promiscuous mode
[  938.381755][T16869] ipvlan2: entered allmulticast mode
[  938.404525][T16869] netdevsim netdevsim1 netdevsim1: entered allmulticast mode
[  938.551008][T16872] netlink: 56 bytes leftover after parsing attributes in process `syz.4.3166'.
[  938.761394][T16858] loop2: detected capacity change from 0 to 32768
[  938.791866][T16878] loop1: detected capacity change from 0 to 1024
[  938.896664][T16877] loop3: detected capacity change from 0 to 4096
[  939.017100][T16883] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  939.268517][T16877] syz.3.3169: attempt to access beyond end of device
[  939.268517][T16877] loop3: rw=524288, sector=2097320, nr_sectors = 8 limit=4096
[  939.363132][T16877] syz.3.3169: attempt to access beyond end of device
[  939.363132][T16877] loop3: rw=0, sector=2097320, nr_sectors = 8 limit=4096
[  939.995719][   T29] audit: type=1800 audit(1720257634.978:924): pid=16877 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.3.3169" name="file2" dev="loop3" ino=16 res=0 errno=0
[  941.809563][T16905] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  941.977159][   T29] audit: type=1326 audit(1720257637.008:925): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16915 comm="syz.2.3184" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7e7d175bd9 code=0x0
[  942.079361][T16921] 9pnet_fd: Insufficient options for proto=fd
[  942.100954][T16919] loop4: detected capacity change from 0 to 1024
[  942.112315][T16921] syz.2.3184 (16921): attempted to duplicate a private mapping with mremap.  This is not supported.
[  942.147010][T16921] tmpfs: Bad value for 'mpol'
[  942.251734][T16923] netlink: 'syz.0.3187': attribute type 27 has an invalid length.
[  942.333151][T16927] loop1: detected capacity change from 0 to 512
[  942.364957][T16927] EXT4-fs: Ignoring removed orlov option
[  942.413744][T16927] EXT4-fs (loop1): Test dummy encryption mode enabled
[  942.451112][T16927] [EXT4 FS bs=1024, gc=1, bpg=8192, ipg=32, mo=a054e09c, mo2=0002]
[  942.488564][T16927] System zones: 1-12
[  942.525486][T16927] EXT4-fs error (device loop1): ext4_orphan_get:1394: inode #15: comm syz.1.3188: casefold flag without casefold feature
[  942.573092][T16927] EXT4-fs error (device loop1): ext4_orphan_get:1399: comm syz.1.3188: couldn't read orphan inode 15 (err -117)
[  942.611146][T16927] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  943.696580][T12120] Bluetooth: hci3: Opcode 0x1407 failed: -110
[  943.785239][T16942] loop4: detected capacity change from 0 to 256
[  943.792425][T12120] Bluetooth: hci3: command 0x1407 tx timeout
[  943.869859][T16942] exfat: Deprecated parameter 'codepage'
[  943.907866][T16942] exfat: Bad value for 'codepage'
[  943.931186][T15312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  943.954195][T16923] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  944.122982][T16923] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  945.772203][T16961] loop1: detected capacity change from 0 to 512
[  945.826562][T16961] ext3: Unknown parameter 'hash'
[  946.901542][T16923] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0
[  946.902851][T16968] loop4: detected capacity change from 0 to 64
[  946.965500][T16923] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0
[  946.996531][T16923] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0
[  947.005477][T16923] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0
[  948.779621][T17000] loop4: detected capacity change from 0 to 512
[  948.788239][T17000] ext3: Unknown parameter 'hash'
[  948.966558][T12346] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  949.189036][T12346] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 0, changing to 7
[  949.208856][T17009] netlink: 'syz.0.3218': attribute type 27 has an invalid length.
[  949.242609][T12346] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xFF has invalid wMaxPacketSize 0
[  949.281723][T12346] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  949.296932][T12346] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  949.353949][T12346] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  949.377790][T12346] usb 3-1: config 0 descriptor??
[  949.416792][T17014] loop4: detected capacity change from 0 to 128
[  949.439659][T17012] loop1: detected capacity change from 0 to 256
[  949.917506][T12346] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0
[  949.934822][T12346] plantronics 0003:047F:FFFF.000A: No inputs registered, leaving
[  949.971676][T12346] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0
[  951.077103][T12346] usb 3-1: USB disconnect, device number 17
[  952.896045][T17050] loop1: detected capacity change from 0 to 128
[  953.216608][T12346] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  953.712604][T17059] loop1: detected capacity change from 0 to 1024
[  953.868687][T17059] hfsplus: unable to parse mount options
[  954.147648][T17059] loop1: detected capacity change from 0 to 64
[  954.266661][T12346] usb 3-1: Using ep0 maxpacket: 8
[  954.299130][T12346] usb 3-1: config 32 has an invalid interface number: 1 but max is 0
[  954.310560][T12346] usb 3-1: config 32 has an invalid descriptor of length 0, skipping remainder of the config
[  954.356435][T12346] usb 3-1: config 32 has no interface number 0
[  954.388569][T12346] usb 3-1: New USB device found, idVendor=20a6, idProduct=1105, bcdDevice=c2.eb
[  954.416473][T12346] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  954.445288][T12346] usb 3-1: Product: syz
[  954.453574][T12346] usb 3-1: Manufacturer: syz
[  954.476415][T12346] usb 3-1: SerialNumber: syz
[  954.508090][T12346] usb 3-1: bad CDC descriptors
[  954.518259][T12346] option 3-1:32.1: GSM modem (1-port) converter detected
[  954.624748][   T29] audit: type=1326 audit(1720257649.648:926): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17074 comm="syz.3.3241" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe375d75bd9 code=0x0
[  954.681117][T17078] 9pnet_fd: Insufficient options for proto=fd
[  954.822789][T17078] tmpfs: Bad value for 'mpol'
[  954.948402][ T5102] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  954.961612][ T5102] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  954.977286][ T5102] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  954.989691][ T5102] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  954.996028][T17085] loop1: detected capacity change from 0 to 1024
[  955.007472][ T5102] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  955.015123][ T5102] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  955.423489][ T7361] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  955.811730][T17096] loop3: detected capacity change from 0 to 128
[  956.088131][T17096] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  956.103564][   T35] hfsplus: b-tree write err: -5, ino 4
[  956.141693][ T7361] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  956.170357][T17096] ext4 filesystem being mounted at /91/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  956.601702][ T7361] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  956.665122][T17101] pim6reg1: entered promiscuous mode
[  956.670601][T17101] pim6reg1: entered allmulticast mode
[  956.814585][T14981] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  956.836720][ T7361] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  957.136998][T12120] Bluetooth: hci1: command tx timeout
[  957.249493][T17121] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98
[  957.522917][ T7361] bridge_slave_1: left allmulticast mode
[  957.545576][ T7361] bridge_slave_1: left promiscuous mode
[  957.555461][ T7361] bridge0: port 2(bridge_slave_1) entered disabled state
[  957.575070][ T7361] bridge_slave_0: left allmulticast mode
[  957.585182][ T7361] bridge_slave_0: left promiscuous mode
[  957.601957][ T7361] bridge0: port 1(bridge_slave_0) entered disabled state
[  957.931874][T16162] usb 3-1: USB disconnect, device number 18
[  957.939816][T16162] option 3-1:32.1: device disconnected
[  958.682172][T17156] cgroup: noprefix used incorrectly
[  958.806172][T12120] Bluetooth: hci5: unexpected event for opcode 0x0000
[  959.003743][ T7361] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  959.034689][ T7361] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  959.066731][ T7361] bond0 (unregistering): Released all slaves
[  959.121569][T17154] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  959.216613][T17158] Bluetooth: hci1: command tx timeout
[  959.281164][T17082] chnl_net:caif_netlink_parms(): no params data found
[  959.585039][T17168] loop2: detected capacity change from 0 to 2048
[  959.622352][T17158] Bluetooth: hci2: command 0x0406 tx timeout
[  959.643872][T17168] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  960.087164][T17182] loop1: detected capacity change from 0 to 164
[  960.908706][ T5102] Bluetooth: hci5: command 0x0406 tx timeout
[  961.186978][T17185] bond0: (slave bond_slave_0): Releasing backup interface
[  961.195865][T17185] bond0: (slave bond_slave_1): Releasing backup interface
[  961.281661][   T29] audit: type=1326 audit(1720257656.308:927): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17194 comm="syz.1.3284" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe8b7575bd9 code=0x0
[  961.304087][ T5102] Bluetooth: hci1: command tx timeout
[  961.305677][T17185] team0: Port device team_slave_0 removed
[  961.320138][T17200] loop2: detected capacity change from 0 to 64
[  961.341697][T17185] team0: Port device team_slave_1 removed
[  961.356233][T17185] batman_adv: batadv0: Removing interface: batadv_slave_0
[  961.360054][T17200] BFS-fs: bfs_fill_super(): Inode 0x00000032 corrupted on loop2
[  961.375089][T17185] batman_adv: batadv0: Removing interface: batadv_slave_1
[  961.417261][T17082] bridge0: port 1(bridge_slave_0) entered blocking state
[  961.424583][T17082] bridge0: port 1(bridge_slave_0) entered disabled state
[  961.489439][T17082] bridge_slave_0: entered allmulticast mode
[  961.518778][T17082] bridge_slave_0: entered promiscuous mode
[  961.609321][   T29] audit: type=1326 audit(1720257656.628:928): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17198 comm="syz.3.3286" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe375d75bd9 code=0x0
[  961.727225][ T7361] hsr_slave_0: left promiscuous mode
[  961.766801][ T7361] hsr_slave_1: left promiscuous mode
[  961.805825][ T7361] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  961.818745][ T7361] batman_adv: batadv0: Removing interface: batadv_slave_0
[  961.888575][ T7361] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  961.938417][ T7361] batman_adv: batadv0: Removing interface: batadv_slave_1
[  961.949074][T17227] loop3: detected capacity change from 0 to 16
[  962.166763][ T7361] veth1_macvtap: left promiscuous mode
[  962.189097][ T7361] veth0_macvtap: left promiscuous mode
[  962.212188][ T7361] veth1_vlan: left promiscuous mode
[  962.225477][ T7361] veth0_vlan: left promiscuous mode
[  962.822759][ T5102] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0
[  962.832548][ T5102] Bluetooth: hci5: Injecting HCI hardware error event
[  962.857681][T17158] Bluetooth: hci5: hardware error 0x00
[  963.115143][T17247] loop3: detected capacity change from 0 to 256
[  963.216825][ T5102] Bluetooth: hci2: command 0x0406 tx timeout
[  963.391336][ T5102] Bluetooth: hci1: command tx timeout
[  964.096064][T17259] loop1: detected capacity change from 0 to 8192
[  964.377393][ T7361] team0 (unregistering): Port device team_slave_1 removed
[  964.489896][T17263] loop3: detected capacity change from 0 to 8
[  964.755049][ T7361] team0 (unregistering): Port device team_slave_0 removed
[  965.000193][T17158] Bluetooth: hci5: Opcode 0x0c03 failed: -110
[  966.298710][T17082] bridge0: port 2(bridge_slave_1) entered blocking state
[  966.305931][T17082] bridge0: port 2(bridge_slave_1) entered disabled state
[  966.313776][T17082] bridge_slave_1: entered allmulticast mode
[  966.321830][T17082] bridge_slave_1: entered promiscuous mode
[  966.329195][T17226] netlink: 20 bytes leftover after parsing attributes in process `syz.2.3291'.
[  966.497854][T17082] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  966.552666][T17082] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  966.762551][T17284] loop1: detected capacity change from 0 to 512
[  966.801844][T17284] EXT4-fs (loop1): filesystem is read-only
[  966.841021][T17284] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  966.954296][T17284] EXT4-fs (loop1): filesystem is read-only
[  966.983743][T17284] EXT4-fs (loop1): orphan cleanup on readonly fs
[  966.994417][T17082] team0: Port device team_slave_0 added
[  967.041064][T17284] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.3310: bg 0: block 64: padding at end of block bitmap is not set
[  967.087429][T17082] team0: Port device team_slave_1 added
[  967.126565][T17284] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6551: Corrupt filesystem
[  967.158067][T17284] EXT4-fs (loop1): 1 orphan inode deleted
[  967.165539][T17284] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  967.308528][T17287] loop3: detected capacity change from 0 to 8192
[  967.327142][T17082] batman_adv: batadv0: Adding interface: batadv_slave_0
[  967.354982][T17082] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  967.413839][T17287]  loop3: p1 p2 p4
[  967.413839][T17287]  p1: <minix: p5 >
[  967.453126][T17287] loop3: p1 size 241106944 extends beyond EOD, truncated
[  967.453340][T17082] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  967.474521][T17287] loop3: p2 size 2130706432 extends beyond EOD, truncated
[  967.493074][T17287] loop3: p4 start 8323079 is beyond EOD, truncated
[  967.512202][T17287] loop3: p5 size 241106944 extends beyond EOD, truncated
[  967.514819][T17082] batman_adv: batadv0: Adding interface: batadv_slave_1
[  967.542319][T17082] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  967.570006][T13106] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  967.598942][T17304] xt_TCPMSS: Only works on TCP SYN packets
[  967.636506][T17082] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  967.777515][T13106] usb 3-1: Using ep0 maxpacket: 16
[  967.778608][T17309] loop3: detected capacity change from 0 to 512
[  967.785790][T13106] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  967.807210][T17309] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem
[  967.830926][T13106] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  967.830985][T17309] EXT4-fs error (device loop3): ext4_orphan_get:1394: inode #15: comm syz.3.3315: iget: bad i_size value: -67835469387268086
[  967.858256][T13106] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  967.882014][T17309] EXT4-fs error (device loop3): ext4_orphan_get:1399: comm syz.3.3315: couldn't read orphan inode 15 (err -117)
[  967.896087][T17309] EXT4-fs (loop3): mounted filesystem f7ff0000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[  967.907870][T13106] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  967.908459][T17309] ext2 filesystem being mounted at /103/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  967.925429][T13106] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  968.077862][T15312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  968.108679][T13106] usb 3-1: config 0 descriptor??
[  969.099746][T17082] hsr_slave_0: entered promiscuous mode
[  969.182716][T13106] microsoft 0003:045E:07DA.000B: ignoring exceeding usage max
[  969.204425][T13106] HID 045e:07da: Invalid code 65791 type 1
[  969.217653][T17082] hsr_slave_1: entered promiscuous mode
[  969.231716][T13106] HID 045e:07da: Invalid code 768 type 1
[  969.243479][T13106] HID 045e:07da: Invalid code 769 type 1
[  969.250055][T17082] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  969.260258][T13106] HID 045e:07da: Invalid code 770 type 1
[  969.269409][T17082] Cannot create hsr debugfs directory
[  969.277180][T13106] HID 045e:07da: Invalid code 771 type 1
[  969.297779][T13106] HID 045e:07da: Invalid code 772 type 1
[  969.316393][T13106] HID 045e:07da: Invalid code 773 type 1
[  969.340333][T13106] HID 045e:07da: Invalid code 774 type 1
[  969.378303][T13106] HID 045e:07da: Invalid code 775 type 1
[  969.384023][T13106] HID 045e:07da: Invalid code 776 type 1
[  969.485452][T13106] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.000B/input/input25
[  969.671907][T17325] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3318'.
[  969.695830][T13106] microsoft 0003:045E:07DA.000B: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0
[  969.771729][T13106] usb 3-1: USB disconnect, device number 19
[  970.482664][T17331] loop2: detected capacity change from 0 to 8192
[  970.844961][T14981] EXT4-fs (loop3): unmounting filesystem f7ff0000-0000-0000-0000-000000000000.
[  971.942744][T17356] xt_CT: No such helper "netbios-ns"
[  972.215778][T17363] loop3: detected capacity change from 0 to 128
[  972.226109][T17359] loop1: detected capacity change from 0 to 512
[  972.249566][T17359] EXT4-fs (loop1): filesystem is read-only
[  972.256095][T17359] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps block group descriptors
[  972.280613][T17363] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[  972.326546][T17363] ext4 filesystem being mounted at /105/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  972.365464][T17359] EXT4-fs (loop1): filesystem is read-only
[  972.412137][T17359] EXT4-fs (loop1): orphan cleanup on readonly fs
[  972.453139][T17359] EXT4-fs error (device loop1): ext4_validate_block_bitmap:441: comm syz.1.3326: bg 0: block 64: padding at end of block bitmap is not set
[  972.503411][T17359] EXT4-fs error (device loop1) in ext4_mb_clear_bb:6551: Corrupt filesystem
[  972.522827][T17359] EXT4-fs (loop1): 1 orphan inode deleted
[  972.537720][T17359] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 ro without journal. Quota mode: none.
[  972.693473][T14981] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[  972.723193][T17082] netdevsim netdevsim4 netdevsim0: renamed from eth0
[  972.770143][T17082] netdevsim netdevsim4 netdevsim1: renamed from eth1
[  972.829385][T17082] netdevsim netdevsim4 netdevsim2: renamed from eth2
[  972.865317][T17082] netdevsim netdevsim4 netdevsim3: renamed from eth3
[  973.229757][T17359] xt_TCPMSS: Only works on TCP SYN packets
[  973.266116][T17082] 8021q: adding VLAN 0 to HW filter on device bond0
[  973.369265][T17082] 8021q: adding VLAN 0 to HW filter on device team0
[  973.427648][T16155] bridge0: port 1(bridge_slave_0) entered blocking state
[  973.434889][T16155] bridge0: port 1(bridge_slave_0) entered forwarding state
[  973.506997][T13106] bridge0: port 2(bridge_slave_1) entered blocking state
[  973.514152][T13106] bridge0: port 2(bridge_slave_1) entered forwarding state
[  973.639516][T15312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  974.190965][T13106] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  974.598502][T13106] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  974.693665][T17414] loop1: detected capacity change from 0 to 16
[  974.802917][T17414] erofs: (device loop1): mounted with root inode @ nid 36.
[  975.612563][T13106] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  975.633431][T13106] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  975.646317][T13106] usb 4-1: SerialNumber: syz
[  975.678399][T13106] cdc_ether 4-1:1.0: skipping garbage
[  975.683880][T13106] usb 4-1: bad CDC descriptors
[  975.867350][T17419] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  975.874818][T17419] vhci_hcd: SetHubDepth req not supported for USB 2.0 roothub
[  975.985575][T13106] usb 4-1: USB disconnect, device number 14
[  976.173919][T17082] 8021q: adding VLAN 0 to HW filter on device batadv0
[  976.455763][T17442] netlink: 'syz.0.3347': attribute type 1 has an invalid length.
[  976.478501][T17442] netlink: 9352 bytes leftover after parsing attributes in process `syz.0.3347'.
[  976.508652][T17442] netlink: 'syz.0.3347': attribute type 1 has an invalid length.
[  976.544809][T17442] netlink: 'syz.0.3347': attribute type 2 has an invalid length.
[  976.569756][T17442] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3347'.
[  976.996113][T17082] veth0_vlan: entered promiscuous mode
[  977.132718][T17082] veth1_vlan: entered promiscuous mode
[  977.882255][T17082] veth0_macvtap: entered promiscuous mode
[  977.961202][T17082] veth1_macvtap: entered promiscuous mode
[  978.065378][T17082] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  978.120442][T17082] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  978.149523][T17082] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  978.180776][T17082] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  978.208540][T17082] batman_adv: batadv0: Interface activated: batadv_slave_0
[  978.230364][T17428] loop2: detected capacity change from 0 to 32768
[  978.254586][T17082] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  978.285979][T17428] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.3344 (17428)
[  978.306311][T17082] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  978.336431][T17082] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  978.381436][T17082] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  978.396337][T17428] BTRFS info (device loop2): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  978.428298][T17082] batman_adv: batadv0: Interface activated: batadv_slave_1
[  978.438565][T17428] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm
[  978.462058][T17082] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  978.476518][T17428] BTRFS info (device loop2): using free-space-tree
[  978.516800][T17082] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  978.562582][T17082] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  978.606427][T17082] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  978.632428][T17437] loop1: detected capacity change from 0 to 32768
[  978.853600][ T7369] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  978.873095][ T7369] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  978.874037][T17437] jfs_strtoUCS: char2uni returned -22.
[  978.936768][T17437] charset = euc-jp, char = 0xc9
[  979.042004][ T7341] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  979.063374][T15967] BTRFS info (device loop2): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  979.075731][ T7341] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  979.154446][T17493] loop3: detected capacity change from 0 to 1024
[  979.890333][T17509] loop4: detected capacity change from 0 to 128
[  980.621715][T17516] loop2: detected capacity change from 0 to 16
[  980.701280][T16107] hfsplus: b-tree write err: -5, ino 4
[  980.723114][T17516] erofs: (device loop2): mounted with root inode @ nid 36.
[  980.861779][T17516] syz.2.3357: attempt to access beyond end of device
[  980.861779][T17516] loop2: rw=0, sector=3489784, nr_sectors = 8 limit=16
[  980.946357][T17517] loop1: detected capacity change from 0 to 2048
[  980.983005][T17517] EXT4-fs (loop1): ext4_check_descriptors: Inode table for group 0 not in group (block 48976645947654148)!
[  981.069255][T17517] EXT4-fs (loop1): group descriptors corrupted!
[  983.531961][T17550] xt_CT: No such helper "netbios-ns"
[  983.780719][T17554] loop1: detected capacity change from 0 to 1024
[  983.869385][T17554] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: writeback.
[  984.079999][T17537] loop2: detected capacity change from 0 to 32768
[  984.127043][T17537] BTRFS: device fsid 5e4b7888-5e56-43f0-8345-635ad0fd87c6 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.3362 (17537)
[  984.191331][T17537] BTRFS info (device loop2): first mount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  984.249365][T17537] BTRFS info (device loop2): using blake2b (blake2b-256-generic) checksum algorithm
[  984.259907][T17554] EXT4-fs (loop1): re-mounted 00000000-0000-0000-0000-000000000000 ro. Quota mode: writeback.
[  984.306857][T17537] BTRFS info (device loop2): using free-space-tree
[  984.494119][T17582] loop4: detected capacity change from 0 to 256
[  984.507752][T15312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[  984.625137][T17586] usb usb8: usbfs: process 17586 (syz.1.3371) did not claim interface 0 before use
[  984.824622][T15967] BTRFS info (device loop2): last unmount of filesystem 5e4b7888-5e56-43f0-8345-635ad0fd87c6
[  985.305857][T17564] loop3: detected capacity change from 0 to 32768
[  985.321924][T17564] BTRFS: device fsid 3d39d0ba-bdae-447e-827b-b091e1a68885 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.3368 (17564)
[  986.301553][T17564] BTRFS info (device loop3): first mount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  986.387971][T17564] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[  986.398787][T17564] BTRFS info (device loop3): using free-space-tree
[  986.696544][T12346] usb 5-1: new high-speed USB device number 21 using dummy_hcd
[  986.939314][T12346] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  986.974109][T12346] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  987.014746][T12346] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  987.036558][T12346] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  987.045786][T12346] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  987.080869][T12346] usb 5-1: config 0 descriptor??
[  987.174187][T14981] BTRFS info (device loop3): last unmount of filesystem 3d39d0ba-bdae-447e-827b-b091e1a68885
[  987.802191][ T5143] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  987.831716][T12346] plantronics 0003:047F:FFFF.000C: unknown main item tag 0x0
[  987.870624][T12346] plantronics 0003:047F:FFFF.000C: No inputs registered, leaving
[  987.938058][T12346] plantronics 0003:047F:FFFF.000C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0
[  988.037316][ T5143] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  988.074784][ T5143] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  988.106461][ T5143] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1
[  988.115790][ T5143] usb 3-1: SerialNumber: syz
[  988.199736][ T5143] cdc_ether 3-1:1.0: skipping garbage
[  988.205176][ T5143] usb 3-1: bad CDC descriptors
[  988.244111][ T5143] usb 5-1: USB disconnect, device number 21
[  988.420367][T17630] loop1: detected capacity change from 0 to 32768
[  988.436578][T17630] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop1 (7:1) scanned by syz.1.3383 (17630)
[  988.457630][ T1148] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  988.504151][T17630] BTRFS info (device loop1): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  988.516599][T17630] BTRFS info (device loop1): using sha256 (sha256-avx2) checksum algorithm
[  988.535976][T17630] BTRFS info (device loop1): using free-space-tree
[  988.607066][ T5143] usb 3-1: USB disconnect, device number 20
[  988.678742][ T1148] usb 4-1: Using ep0 maxpacket: 16
[  988.711949][ T1148] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  988.766914][ T1148] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  988.781028][ T1148] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  988.796094][ T1148] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  988.806346][ T1148] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  988.867389][ T1148] usb 4-1: config 0 descriptor??
[  988.935432][T17654] netlink: 212 bytes leftover after parsing attributes in process `syz.0.3385'.
[  993.393207][ T1250] ieee802154 phy0 wpan0: encryption failed: -22
[  993.399868][ T1250] ieee802154 phy1 wpan1: encryption failed: -22
[  993.717175][ T1148] usbhid 4-1:0.0: can't add hid device: -71
[  993.723274][ T1148] usbhid 4-1:0.0: probe with driver usbhid failed with error -71
[  993.737150][ T1148] usb 4-1: USB disconnect, device number 15
[  993.839463][T15312] BTRFS info (device loop1): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  993.906632][T17665] loop2: detected capacity change from 0 to 16
[  993.971254][T17665] erofs: (device loop2): mounted with root inode @ nid 36.
[  994.058243][T17665] syz.2.3390: attempt to access beyond end of device
[  994.058243][T17665] loop2: rw=0, sector=3489784, nr_sectors = 8 limit=16
[  994.267516][T17673] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  994.987467][ T1148] usb 5-1: new high-speed USB device number 22 using dummy_hcd
[  995.203961][T17699] loop2: detected capacity change from 0 to 16
[  995.227109][ T1148] usb 5-1: Using ep0 maxpacket: 16
[  995.250643][ T1148] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  995.288132][T17699] erofs: (device loop2): mounted with root inode @ nid 36.
[  995.312529][ T1148] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  995.355416][ T1148] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  995.369069][T17699] syz.2.3405: attempt to access beyond end of device
[  995.369069][T17699] loop2: rw=0, sector=3489784, nr_sectors = 8 limit=16
[  995.423664][ T1148] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  995.474136][ T1148] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  995.549671][ T1148] usb 5-1: config 0 descriptor??
[  995.595156][T17703] loop3: detected capacity change from 0 to 24
[  995.637982][T17703] MTD: Attempt to mount non-MTD device "/dev/loop3"
[  995.695256][T17703] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  995.714042][T17705] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check.
[  995.976542][T17683] loop1: detected capacity change from 0 to 131072
[  995.989589][T17683] F2FS-fs (loop1): QUOTA feature is enabled, so ignore qf_name
[  996.000682][T17683] F2FS-fs (loop1): invalid crc value
[  996.014980][ T1148] microsoft 0003:045E:07DA.000D: ignoring exceeding usage max
[  996.035757][T17683] F2FS-fs (loop1): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387)
[  996.049094][ T1148] hid_map_usage: 11766 callbacks suppressed
[  996.049116][ T1148] HID 045e:07da: Invalid code 65791 type 1
[  996.102748][ T1148] HID 045e:07da: Invalid code 768 type 1
[  996.125365][T17683] F2FS-fs (loop1): Mounted with checkpoint version = 753bd00b
[  996.145999][ T1148] HID 045e:07da: Invalid code 769 type 1
[  996.176882][ T1148] HID 045e:07da: Invalid code 770 type 1
[  996.193598][ T1148] HID 045e:07da: Invalid code 771 type 1
[  996.200241][ T5145] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  996.255134][ T1148] HID 045e:07da: Invalid code 772 type 1
[  996.286009][ T1148] HID 045e:07da: Invalid code 773 type 1
[  996.307014][ T1148] HID 045e:07da: Invalid code 774 type 1
[  996.313140][ T1148] HID 045e:07da: Invalid code 775 type 1
[  996.323812][ T1148] HID 045e:07da: Invalid code 776 type 1
[  996.362340][ T1148] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.000D/input/input26
[  996.391645][ T5145] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  996.413469][ T5145] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  996.436318][ T5145] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  996.459732][ T1148] microsoft 0003:045E:07DA.000D: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0
[  996.467633][ T5145] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  996.492686][ T1148] usb 5-1: USB disconnect, device number 22
[  996.721348][ T5145] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  996.758512][ T5145] usb 1-1: config 0 descriptor??
[  997.745612][ T5145] plantronics 0003:047F:FFFF.000E: unknown main item tag 0x0
[  997.763031][ T5145] plantronics 0003:047F:FFFF.000E: No inputs registered, leaving
[  997.792504][ T5145] plantronics 0003:047F:FFFF.000E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0
[  998.009007][T17735] loop2: detected capacity change from 0 to 24
[  998.038682][T17735] MTD: Attempt to mount non-MTD device "/dev/loop2"
[  998.075266][ T1148] usb 1-1: USB disconnect, device number 22
[  998.085295][T17735] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  998.692355][T17746] loop3: detected capacity change from 0 to 4096
[  998.725533][T17746] ntfs3: loop3: Different NTFS sector size (4096) and media sector size (512).
[  998.864464][T17746] ntfs3: loop3: Mark volume as dirty due to NTFS errors
[  998.906200][T17746] ntfs3: loop3: Failed to load $Extend (-22).
[  998.923628][T17746] ntfs3: loop3: Failed to initialize $Extend.
[  999.042708][T17746] ntfs3: loop3: ino=21, "control" ntfs_rename
[  999.539537][ T1148] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  999.742904][ T1148] usb 1-1: New USB device found, idVendor=04e8, idProduct=6889, bcdDevice=6a.0a
[  999.756314][ T1148] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  999.774659][ T1148] usb 1-1: Product: syz
[  999.784836][ T1148] usb 1-1: Manufacturer: syz
[  999.795200][ T1148] usb 1-1: SerialNumber: syz
[  999.867621][ T1148] usb 1-1: config 0 descriptor??
[  999.898875][ T1148] kalmia 1-1:0.0: probe with driver kalmia failed with error -22
[ 1000.574736][T17768] loop4: detected capacity change from 0 to 32768
[ 1000.585749][ T1148] usb 1-1: USB disconnect, device number 23
[ 1000.942777][T17789] loop4: detected capacity change from 0 to 128
[ 1002.128540][T17793] syz.2.3439 (17793): drop_caches: 2
[ 1002.611618][T17801] loop4: detected capacity change from 0 to 4096
[ 1002.686740][ T5145] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[ 1002.908658][ T5145] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xFF has an invalid bInterval 255, changing to 11
[ 1002.940560][ T5145] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xFF has invalid maxpacket 59391, setting to 1024
[ 1002.972288][ T5145] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[ 1003.019027][ T5145] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[ 1003.030032][ T5145] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1003.268160][ T5145] usb 2-1: config 0 descriptor??
[ 1003.288272][T17797] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22
[ 1004.417842][ T5145] plantronics 0003:047F:FFFF.000F: unknown main item tag 0xd
[ 1004.461306][ T5145] plantronics 0003:047F:FFFF.000F: No inputs registered, leaving
[ 1004.500154][ T5145] plantronics 0003:047F:FFFF.000F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[ 1004.681052][ T5145] usb 2-1: USB disconnect, device number 16
[ 1005.079362][T17842] loop3: detected capacity change from 0 to 47
[ 1005.162875][T17843] xt_AUDIT: Audit type out of range (valid range: 0..2)
[ 1006.312373][T17829] loop2: detected capacity change from 0 to 32768
[ 1006.618460][   T29] audit: type=1326 audit(1720257701.648:929): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17865 comm="syz.1.3471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8b7575bd9 code=0x7ffc0000
[ 1006.747522][   T29] audit: type=1326 audit(1720257701.648:930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17865 comm="syz.1.3471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8b7575bd9 code=0x7ffc0000
[ 1006.791249][ T4547] udevd[4547]: worker [14744] terminated by signal 33 (Unknown signal 33)
[ 1006.824011][ T4547] udevd[4547]: worker [14744] failed while handling '/devices/virtual/block/loop2'
[ 1006.848304][T17868] xt_AUDIT: Audit type out of range (valid range: 0..2)
[ 1006.854332][   T29] audit: type=1326 audit(1720257701.688:931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17865 comm="syz.1.3471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe8b7575bd9 code=0x7ffc0000
[ 1006.899654][   T29] audit: type=1326 audit(1720257701.688:932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17865 comm="syz.1.3471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8b7575bd9 code=0x7ffc0000
[ 1006.975634][   T29] audit: type=1326 audit(1720257701.708:933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17865 comm="syz.1.3471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fe8b7575bd9 code=0x7ffc0000
[ 1007.056709][   T29] audit: type=1326 audit(1720257701.708:934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17865 comm="syz.1.3471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe8b7575bd9 code=0x7ffc0000
[ 1007.156348][   T29] audit: type=1326 audit(1720257701.708:935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17865 comm="syz.1.3471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fe8b756cc27 code=0x7ffc0000
[ 1007.237398][   T29] audit: type=1326 audit(1720257701.708:936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17865 comm="syz.1.3471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe8b75115c9 code=0x7ffc0000
[ 1007.294358][T17881] loop2: detected capacity change from 0 to 47
[ 1007.333039][   T29] audit: type=1326 audit(1720257701.708:937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17865 comm="syz.1.3471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fe8b756cc27 code=0x7ffc0000
[ 1007.412050][   T29] audit: type=1326 audit(1720257701.708:938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17865 comm="syz.1.3471" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fe8b75115c9 code=0x7ffc0000
[ 1007.424112][T17884] loop1: detected capacity change from 0 to 2048
[ 1007.578238][T17884] EXT4-fs (loop1): mounted filesystem 00000000-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1007.606699][T17884] ext4 filesystem being mounted at /135/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[ 1007.649577][T17884] fs-verity: sha512 using implementation "sha512-avx2"
[ 1007.712005][T17884] fs-verity (loop1, inode 13): Error -22 reading file data
[ 1007.725953][T17884] fs-verity (loop1, inode 13): Error -22 building Merkle tree
[ 1007.841384][T15312] EXT4-fs (loop1): unmounting filesystem 00000000-0000-0000-0000-000000000000.
[ 1007.989682][T17851] loop3: detected capacity change from 0 to 32768
[ 1008.228383][T17851] gfs2: fsid=syz:syz: Trying to join cluster "lock_nolock", "syz:syz"
[ 1008.272045][T17851] gfs2: fsid=syz:syz: Now mounting FS (format 1801)...
[ 1008.525036][T17851] gfs2: fsid=syz:syz.s: journal 0 mapped with 5 extents in 0ms
[ 1008.755889][T17851] gfs2: fsid=syz:syz.s: first mount done, others may mount
[ 1008.968760][T17890] loop2: detected capacity change from 0 to 32768
[ 1009.031641][T17904] loop4: detected capacity change from 0 to 2048
[ 1009.084345][T17890] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop2 (7:2) scanned by syz.2.3480 (17890)
[ 1009.208397][T17890] BTRFS info (device loop2): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[ 1009.246421][T17890] BTRFS info (device loop2): using crc32c (crc32c-intel) checksum algorithm
[ 1009.286147][T17890] BTRFS info (device loop2): using free-space-tree
[ 1009.575436][T17919] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3485'.
[ 1009.584654][T17919] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3485'.
[ 1009.593791][T17919] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3485'.
[ 1009.602990][T17919] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3485'.
[ 1010.351357][T17890] BTRFS info (device loop2): rebuilding free space tree
[ 1010.646972][T14087] udevd[14087]: '/usr/bin/udevadm trigger -s block -p ID_BTRFS_READY=0' [17908] terminated by signal 33 (Unknown signal 33)
[ 1010.733242][T15967] BTRFS info (device loop2): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[ 1011.963383][T17951] loop1: detected capacity change from 0 to 1024
[ 1012.309769][T17951] hfsplus: bad catalog entry used to create inode
[ 1012.317310][T17951] hfsplus: failed to load root directory
[ 1012.496391][T17158] Bluetooth: hci1: command tx timeout
[ 1012.575761][T17949] loop1: detected capacity change from 0 to 8
[ 1012.821670][   T29] kauditd_printk_skb: 108 callbacks suppressed
[ 1012.821691][   T29] audit: type=1326 audit(1720257707.848:1047): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17965 comm="syz.2.3500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e7d175bd9 code=0x7ffc0000
[ 1012.941240][   T29] audit: type=1326 audit(1720257707.848:1048): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17965 comm="syz.2.3500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e7d175bd9 code=0x7ffc0000
[ 1013.023527][   T29] audit: type=1326 audit(1720257707.888:1049): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17965 comm="syz.2.3500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7e7d175bd9 code=0x7ffc0000
[ 1013.088933][   T29] audit: type=1326 audit(1720257707.888:1050): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17965 comm="syz.2.3500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e7d175bd9 code=0x7ffc0000
[ 1013.118751][   T29] audit: type=1326 audit(1720257707.888:1051): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17965 comm="syz.2.3500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e7d175bd9 code=0x7ffc0000
[ 1013.118880][T13903] printk: udevd: 458 output lines suppressed due to ratelimiting
[ 1013.155289][   T29] audit: type=1326 audit(1720257707.908:1052): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17965 comm="syz.2.3500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f7e7d175bd9 code=0x7ffc0000
[ 1013.214440][   T29] audit: type=1326 audit(1720257707.908:1053): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17965 comm="syz.2.3500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7e7d175bd9 code=0x7ffc0000
[ 1013.283050][T17975] loop1: detected capacity change from 0 to 256
[ 1013.300780][T17975] exfat: Deprecated parameter 'utf8'
[ 1013.303840][   T29] audit: type=1326 audit(1720257707.908:1054): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17965 comm="syz.2.3500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7e7d16cc27 code=0x7ffc0000
[ 1013.316379][T17975] exfat: Deprecated parameter 'utf8'
[ 1013.361197][   T29] audit: type=1326 audit(1720257707.908:1055): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17965 comm="syz.2.3500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f7e7d1115c9 code=0x7ffc0000
[ 1013.405596][T17975] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0x36e00b20, utbl_chksum : 0xe619d30d)
[ 1013.421849][   T29] audit: type=1326 audit(1720257707.908:1056): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17965 comm="syz.2.3500" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f7e7d16cc27 code=0x7ffc0000
[ 1013.697261][T17987] netlink: 'syz.0.3508': attribute type 21 has an invalid length.
[ 1013.705327][T17987] netlink: 132 bytes leftover after parsing attributes in process `syz.0.3508'.
[ 1014.967910][T17963] loop3: detected capacity change from 0 to 32768
[ 1015.006877][T17963] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.3499 (17963)
[ 1015.060619][T17963] BTRFS info (device loop3): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[ 1015.101443][T17963] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[ 1015.131152][T17963] BTRFS info (device loop3): using free-space-tree
[ 1015.259382][T17963] BTRFS info (device loop3): rebuilding free space tree
[ 1015.382730][T18032] netlink: 'syz.1.3520': attribute type 11 has an invalid length.
[ 1015.572552][T18032] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3520'.
[ 1016.778286][T14981] BTRFS info (device loop3): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[ 1017.657491][T18056] loop4: detected capacity change from 0 to 4096
[ 1017.697698][T18056] ntfs3: Invalid value for fmask.
[ 1021.114454][T18085] loop2: detected capacity change from 0 to 40427
[ 1021.122489][T18085] F2FS-fs (loop2): Invalid Fs Meta Ino: node(0) meta(2) root(0)
[ 1021.130527][T18085] F2FS-fs (loop2): Can't find valid F2FS filesystem in 1th superblock
[ 1021.141342][T18085] F2FS-fs (loop2): invalid crc value
[ 1021.162277][T18085] F2FS-fs (loop2): Found nat_bits in checkpoint
[ 1021.227224][T18085] F2FS-fs (loop2): Try to recover 1th superblock, ret: 0
[ 1021.234342][T18085] F2FS-fs (loop2): Mounted with checkpoint version = 48b305e4
[ 1021.280108][T18083] syz.2.3537: attempt to access beyond end of device
[ 1021.280108][T18083] loop2: rw=2051, sector=36912, nr_sectors = 8152 limit=40427
[ 1021.297629][T18083] syz.2.3537: attempt to access beyond end of device
[ 1021.297629][T18083] loop2: rw=2051, sector=45096, nr_sectors = 20440 limit=40427
[ 1021.479987][T18083] F2FS-fs (loop2): Issue discard(4614, 4614, 1019) failed, ret: -5
[ 1021.488288][T18083] F2FS-fs (loop2): Issue discard(5637, 5637, 2555) failed, ret: -5
[ 1022.383498][T18108] netlink: 212 bytes leftover after parsing attributes in process `syz.4.3547'.
[ 1022.996487][T17158] Bluetooth: hci3: command 0x1407 tx timeout
[ 1023.320075][T18128] loop1: detected capacity change from 0 to 32768
[ 1025.010398][T17158] Bluetooth: hci3: unexpected event 0x3e length: 360 > 260
[ 1025.010443][T17158] Bluetooth: hci3: unexpected subevent 0x0d length: 359 > 260
[ 1025.025829][T17158] Bluetooth: hci3: Unknown advertising packet type: 0x1f
[ 1025.025979][T17158] Bluetooth: hci3: adv larger than maximum supported
[ 1025.036688][T18154] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma?
[ 1025.572303][T18165] loop1: detected capacity change from 0 to 512
[ 1025.633211][T18165] EXT4-fs (loop1): Test dummy encryption mode enabled
[ 1025.685242][T18165] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2234: inode #12: comm syz.1.3568: corrupted in-inode xattr: invalid ea_ino
[ 1025.913162][T18165] EXT4-fs error (device loop1): ext4_orphan_get:1399: comm syz.1.3568: couldn't read orphan inode 12 (err -117)
[ 1026.841743][T18165] EXT4-fs (loop1): mounted filesystem 00000005-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1027.519319][T15312] EXT4-fs (loop1): unmounting filesystem 00000005-0000-0000-0000-000000000000.
[ 1027.596169][T18164] loop2: detected capacity change from 0 to 32768
[ 1027.685947][T18164] find_entry called with index = 0
[ 1027.701011][T18164] read_mapping_page failed!
[ 1027.720237][T18164] ERROR: (device loop2): txCommit: 
[ 1027.720237][T18164] 
[ 1027.752326][T18164] ERROR: (device loop2): diFree: numfree > numinos
[ 1027.752326][T18164] 
[ 1029.201053][T18217] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[ 1030.007892][T18217] loop4: detected capacity change from 0 to 40427
[ 1030.503662][T16151] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[ 1030.697319][T18228] overlayfs: conflicting options: nfs_export=on,metacopy=on
[ 1030.758196][T16151] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[ 1030.787694][T16151] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47
[ 1030.817310][T16151] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[ 1030.832867][T16151] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1030.845630][T18210] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22
[ 1031.228680][T16151] usb 1-1: USB disconnect, device number 24
[ 1031.990745][T18245] vivid-003: disconnect
[ 1032.040205][T18243] vivid-003: reconnect
[ 1032.222897][T18231] loop4: detected capacity change from 0 to 32768
[ 1034.061287][T18285] loop4: detected capacity change from 0 to 512
[ 1034.088752][T18285] EXT4-fs: Ignoring removed i_version option
[ 1034.094816][T18285] EXT4-fs: Ignoring removed nobh option
[ 1034.227319][T18290] AppArmor: change_hat: Invalid input '—'
[ 1036.409418][T18333] IPVS: sync thread started: state = BACKUP, mcast_ifn = macvlan0, syncid = 0, id = 0
[ 1036.637667][T18335] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1037.284801][T18357] loop4: detected capacity change from 0 to 2048
[ 1037.970557][T18385] IPVS: sync thread started: state = BACKUP, mcast_ifn = macvlan0, syncid = 0, id = 0
[ 1038.849485][T18382] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1039.458636][ T5102] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[ 1039.477523][ T5102] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[ 1039.491372][ T5102] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[ 1039.502947][ T5102] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[ 1039.511901][ T5102] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[ 1039.521185][ T5102] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[ 1039.651349][T18427] xt_cluster: node mask cannot exceed total number of nodes
[ 1039.651390][T18428] input: syz0 as /devices/virtual/input/input28
[ 1039.839110][T18421] chnl_net:caif_netlink_parms(): no params data found
[ 1040.018876][T18444] netlink: 'syz.4.3667': attribute type 4 has an invalid length.
[ 1040.298898][T18421] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1040.300318][T18459] loop4: detected capacity change from 0 to 8
[ 1040.323651][T18421] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1040.355320][T18421] bridge_slave_0: entered allmulticast mode
[ 1040.369119][T18421] bridge_slave_0: entered promiscuous mode
[ 1040.401266][T18421] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1040.420435][T18421] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1040.447814][T18421] bridge_slave_1: entered allmulticast mode
[ 1040.460269][T18421] bridge_slave_1: entered promiscuous mode
[ 1040.639073][T18445] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1040.900693][T18421] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1040.926540][T18421] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1040.936597][T18467] xt_cluster: node mask cannot exceed total number of nodes
[ 1041.120030][T18421] team0: Port device team_slave_0 added
[ 1041.158703][T16151] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[ 1041.177921][T18421] team0: Port device team_slave_1 added
[ 1041.227723][T18475] loop1: detected capacity change from 0 to 2048
[ 1041.267881][T18475] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[ 1041.288759][T18475] EXT4-fs (loop1): group descriptors corrupted!
[ 1041.291674][T18421] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1041.327700][T18421] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1041.357822][T16151] usb 4-1: Using ep0 maxpacket: 32
[ 1041.382989][T16151] usb 4-1: New USB device found, idVendor=0584, idProduct=0008, bcdDevice= 1.02
[ 1041.407800][T18421] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1041.415308][T16151] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1041.445670][T16151] usb 4-1: Product: syz
[ 1041.450958][T16151] usb 4-1: Manufacturer: syz
[ 1041.465885][T18421] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1041.469665][T16151] usb 4-1: SerialNumber: syz
[ 1041.485289][T18421] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1041.513920][T18421] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1041.515183][T16151] usb 4-1: config 0 descriptor??
[ 1041.593924][T16151] ums-alauda 4-1:0.0: USB Mass Storage device detected
[ 1041.616506][T17158] Bluetooth: hci4: command tx timeout
[ 1041.776585][T17158] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0
[ 1041.788532][T17158] Bluetooth: hci1: Injecting HCI hardware error event
[ 1041.805271][T17158] Bluetooth: hci1: hardware error 0x00
[ 1041.825114][T18421] hsr_slave_0: entered promiscuous mode
[ 1041.967541][T18421] hsr_slave_1: entered promiscuous mode
[ 1042.072931][T18421] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1042.118228][T18421] Cannot create hsr debugfs directory
[ 1042.268536][T18497] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3681'.
[ 1042.483844][T18497] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3681'.
[ 1042.694982][T18511] tipc: Can't bind to reserved service type 0
[ 1042.730521][T18511] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3685'.
[ 1042.809152][T18421] netdevsim netdevsim2 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1042.820833][T18421] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1042.880293][T18513] loop4: detected capacity change from 0 to 2048
[ 1042.880985][T18514] platform regulatory.0: Direct firmware load for regulatory.db failed with error -2
[ 1042.899676][T18514] platform regulatory.0: Falling back to sysfs fallback for: regulatory.db
[ 1042.948562][T18513]  loop4: p3 < > p4 < >
[ 1042.954157][T18513] loop4: partition table partially beyond EOD, truncated
[ 1042.966152][T18513] loop4: p3 start 4284289 is beyond EOD, truncated
[ 1042.991164][T18421] netdevsim netdevsim2 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1043.003929][T18421] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1043.046390][T13106] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[ 1043.109592][T18421] netdevsim netdevsim2 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1043.128493][T18421] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1043.228628][T13106] usb 2-1: config 0 has no interfaces?
[ 1043.238920][T13106] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1043.259765][T13106] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1043.287888][T13106] usb 2-1: config 0 descriptor??
[ 1043.309635][T18421] netdevsim netdevsim2 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1043.320469][T18421] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1043.527692][T18519] netlink: 2040 bytes leftover after parsing attributes in process `syz.0.3687'.
[ 1043.540379][T18519] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3687'.
[ 1043.679293][T18421] netdevsim netdevsim2 netdevsim0: renamed from eth0
[ 1043.694632][T18421] netdevsim netdevsim2 netdevsim1: renamed from eth1
[ 1043.706276][ T5102] Bluetooth: hci4: command tx timeout
[ 1043.721057][T18421] netdevsim netdevsim2 netdevsim2: renamed from eth2
[ 1043.733230][T18421] netdevsim netdevsim2 netdevsim3: renamed from eth3
[ 1043.859201][T18421] 8021q: adding VLAN 0 to HW filter on device bond0
[ 1043.892855][T18421] 8021q: adding VLAN 0 to HW filter on device team0
[ 1043.930241][T16155] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1043.937594][T16155] bridge0: port 1(bridge_slave_0) entered forwarding state
[ 1043.969584][T16155] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1043.976859][T16155] bridge0: port 2(bridge_slave_1) entered forwarding state
[ 1044.176633][T17158] Bluetooth: hci1: Opcode 0x0c03 failed: -110
[ 1044.255033][T18421] 8021q: adding VLAN 0 to HW filter on device batadv0
[ 1044.361516][T18421] veth0_vlan: entered promiscuous mode
[ 1044.402176][T18421] veth1_vlan: entered promiscuous mode
[ 1044.506030][T18421] veth0_macvtap: entered promiscuous mode
[ 1044.542008][T18421] veth1_macvtap: entered promiscuous mode
[ 1044.594800][T18421] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1044.608630][T18421] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1044.624451][T18421] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1044.645787][T18421] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1044.669715][T18421] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[ 1044.682478][T18421] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1044.695758][T18421] batman_adv: batadv0: Interface activated: batadv_slave_0
[ 1044.716770][T18421] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1044.729890][T18421] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1044.759793][T18421] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1044.770852][T18421] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1044.782059][T18421] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[ 1044.810732][T18421] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[ 1044.828376][T18421] batman_adv: batadv0: Interface activated: batadv_slave_1
[ 1044.844546][T16167] usb 4-1: USB disconnect, device number 16
[ 1044.870623][T18421] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[ 1044.891861][T18421] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[ 1044.910880][T18421] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[ 1044.927030][T18421] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[ 1044.998056][T18546] netlink: 212 bytes leftover after parsing attributes in process `syz.0.3693'.
[ 1046.157055][T17158] Bluetooth: hci4: command tx timeout
[ 1046.258505][T16167] usb 2-1: USB disconnect, device number 17
[ 1046.380144][T18545] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3694'.
[ 1046.475495][T18551] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3696'.
[ 1046.497524][T18551] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3696'.
[ 1046.684061][ T7369] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1046.704980][ T7369] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1046.801110][ T7377] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[ 1046.822429][ T7377] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[ 1046.977354][T18568] netlink: 209852 bytes leftover after parsing attributes in process `syz.0.3703'.
[ 1046.998833][T18568] openvswitch: netlink: Flow key attribute not present in set flow.
[ 1047.579521][ T5143] usb 5-1: new high-speed USB device number 23 using dummy_hcd
[ 1047.949900][ T5143] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1048.092759][ T5143] usb 5-1: New USB device found, idVendor=0582, idProduct=0000, bcdDevice= 0.00
[ 1048.148898][ T5143] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1048.176999][T17158] Bluetooth: hci4: command tx timeout
[ 1048.369500][ T5143] snd-usb-audio 5-1:27.0: probe with driver snd-usb-audio failed with error -22
[ 1048.619835][   T29] kauditd_printk_skb: 13 callbacks suppressed
[ 1048.619859][   T29] audit: type=1326 audit(1720257743.648:1070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18588 comm="syz.2.3709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3665775bd9 code=0x7ffc0000
[ 1048.672610][T18590] iommufd_mock iommufd_mock0: Adding to iommu group 0
[ 1048.696933][   T29] audit: type=1326 audit(1720257743.648:1071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18588 comm="syz.2.3709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3665775bd9 code=0x7ffc0000
[ 1048.788040][   T29] audit: type=1326 audit(1720257743.648:1072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18588 comm="syz.2.3709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=262 compat=0 ip=0x7f3665775bd9 code=0x7ffc0000
[ 1048.854144][   T29] audit: type=1326 audit(1720257743.648:1073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18588 comm="syz.2.3709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3665775bd9 code=0x7ffc0000
[ 1048.926668][   T29] audit: type=1326 audit(1720257743.648:1074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18588 comm="syz.2.3709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3665775bd9 code=0x7ffc0000
[ 1048.999909][   T29] audit: type=1326 audit(1720257743.648:1075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18588 comm="syz.2.3709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=113 compat=0 ip=0x7f3665775bd9 code=0x7ffc0000
[ 1049.074076][   T29] audit: type=1326 audit(1720257743.648:1076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18588 comm="syz.2.3709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3665775bd9 code=0x7ffc0000
[ 1049.161660][   T29] audit: type=1326 audit(1720257743.648:1077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18588 comm="syz.2.3709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f3665775bd9 code=0x7ffc0000
[ 1049.246502][   T29] audit: type=1326 audit(1720257743.648:1078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18588 comm="syz.2.3709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3665775bd9 code=0x7ffc0000
[ 1049.286343][   T29] audit: type=1326 audit(1720257743.648:1079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18588 comm="syz.2.3709" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f3665775bd9 code=0x7ffc0000
[ 1049.388480][T18605] __nla_validate_parse: 1 callbacks suppressed
[ 1049.388508][T18605] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3715'.
[ 1049.698726][T16167] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[ 1049.789729][T18617] loop3: detected capacity change from 0 to 8
[ 1049.867299][T16162] usb 5-1: USB disconnect, device number 23
[ 1049.907977][T16167] usb 2-1: config 0 has no interfaces?
[ 1049.913960][T16167] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df
[ 1049.944273][T16167] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1049.960099][T16167] usb 2-1: config 0 descriptor??
[ 1050.815946][T18643] loop4: detected capacity change from 0 to 1024
[ 1052.704830][T16167] usb 2-1: USB disconnect, device number 18
[ 1052.738772][T18670] netlink: 209852 bytes leftover after parsing attributes in process `syz.3.3737'.
[ 1052.756908][T18670] openvswitch: netlink: Flow key attribute not present in set flow.
[ 1053.016432][T16151] usb 5-1: new high-speed USB device number 24 using dummy_hcd
[ 1053.195018][T18682] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3744'.
[ 1053.236310][T18682] team0: entered promiscuous mode
[ 1053.266489][T16151] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[ 1053.286401][T18682] team_slave_0: entered promiscuous mode
[ 1053.292173][T18682] team_slave_0: entered allmulticast mode
[ 1053.298230][T16151] usb 5-1: New USB device found, idVendor=0582, idProduct=0000, bcdDevice= 0.00
[ 1053.316277][T16151] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1053.342138][T18681] team0: left promiscuous mode
[ 1053.405300][T16151] snd-usb-audio 5-1:27.0: probe with driver snd-usb-audio failed with error -22
[ 1053.886379][T16151] usb 1-1: new high-speed USB device number 25 using dummy_hcd
[ 1054.096748][T16151] usb 1-1: Using ep0 maxpacket: 8
[ 1054.112545][T16151] usb 1-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4
[ 1054.127118][T16151] usb 1-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3
[ 1054.174975][T16151] usb 1-1: Product: syz
[ 1054.195315][T16151] usb 1-1: Manufacturer: syz
[ 1054.211121][T16151] usb 1-1: SerialNumber: syz
[ 1054.247787][T16151] usb 1-1: config 0 descriptor??
[ 1054.270173][T16151] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd
[ 1054.877604][ T1250] ieee802154 phy1 wpan1: encryption failed: -22
[ 1055.047161][T16151] gspca_zc3xx: reg_r err -110
[ 1055.051990][T16151] gspca_zc3xx 1-1:0.0: probe with driver gspca_zc3xx failed with error -110
[ 1055.245583][T16151] usb 1-1: USB disconnect, device number 25
[ 1055.650536][T16167] usb 5-1: USB disconnect, device number 24
[ 1055.761209][T18705] loop3: detected capacity change from 0 to 8192
[ 1055.783876][T18705] FAT-fs (loop3): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[ 1056.207398][   T29] kauditd_printk_skb: 115 callbacks suppressed
[ 1056.207419][   T29] audit: type=1326 audit(1720257751.238:1195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18711 comm="syz.0.3754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f146e375bd9 code=0x7ffc0000
[ 1056.330663][   T29] audit: type=1326 audit(1720257751.238:1196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18711 comm="syz.0.3754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f146e375bd9 code=0x7ffc0000
[ 1056.373336][   T29] audit: type=1326 audit(1720257751.278:1197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18711 comm="syz.0.3754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=262 compat=0 ip=0x7f146e375bd9 code=0x7ffc0000
[ 1056.437528][   T29] audit: type=1326 audit(1720257751.278:1198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18711 comm="syz.0.3754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f146e375bd9 code=0x7ffc0000
[ 1056.461306][T18716] loop1: detected capacity change from 0 to 2048
[ 1056.463720][   T29] audit: type=1326 audit(1720257751.278:1199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18711 comm="syz.0.3754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f146e375bd9 code=0x7ffc0000
[ 1056.495893][   T29] audit: type=1326 audit(1720257751.278:1200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18711 comm="syz.0.3754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=113 compat=0 ip=0x7f146e375bd9 code=0x7ffc0000
[ 1056.515722][T18716] EXT4-fs (loop1): ext4_check_descriptors: Block bitmap for group 0 overlaps superblock
[ 1056.552977][   T29] audit: type=1326 audit(1720257751.278:1201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18711 comm="syz.0.3754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f146e375bd9 code=0x7ffc0000
[ 1056.561297][T18716] EXT4-fs (loop1): group descriptors corrupted!
[ 1056.592894][   T29] audit: type=1326 audit(1720257751.278:1202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18711 comm="syz.0.3754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f146e375bd9 code=0x7ffc0000
[ 1056.627572][   T29] audit: type=1326 audit(1720257751.298:1203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18711 comm="syz.0.3754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f146e375bd9 code=0x7ffc0000
[ 1056.668701][   T29] audit: type=1326 audit(1720257751.298:1204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18711 comm="syz.0.3754" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f146e375bd9 code=0x7ffc0000
[ 1056.692940][T18712] binder: 18711:18712 unknown command 1684957538
[ 1056.721957][T18712] binder: 18711:18712 ioctl c0306201 200001c0 returned -22
[ 1057.078583][T18734] (unnamed net_device) (uninitialized): ARP target 1.0.0.0 is already present
[ 1057.111469][T18734] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (1)
[ 1057.626356][ T5143] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[ 1057.636571][T16167] usb 1-1: new high-speed USB device number 26 using dummy_hcd
[ 1057.809821][T18749] loop1: detected capacity change from 0 to 512
[ 1057.822533][T18749] EXT4-fs (loop1): Test dummy encryption mode enabled
[ 1057.848853][T16167] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[ 1057.858742][T16167] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1057.860934][ T5143] usb 4-1: Using ep0 maxpacket: 8
[ 1057.870243][T16167] usb 1-1: config 0 descriptor??
[ 1057.891721][T18749] EXT4-fs error (device loop1): ext4_xattr_ibody_find:2234: inode #12: comm syz.1.3766: corrupted in-inode xattr: invalid ea_ino
[ 1057.907006][T18749] EXT4-fs error (device loop1): ext4_orphan_get:1399: comm syz.1.3766: couldn't read orphan inode 12 (err -117)
[ 1057.923425][T18749] EXT4-fs (loop1): mounted filesystem 00000005-0000-0000-0000-000000000000 r/w without journal. Quota mode: none.
[ 1057.940283][ T5143] usb 4-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4
[ 1057.963209][ T5143] usb 4-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3
[ 1057.974378][ T5143] usb 4-1: Product: syz
[ 1057.993105][ T5143] usb 4-1: Manufacturer: syz
[ 1058.002177][ T5143] usb 4-1: SerialNumber: syz
[ 1058.044486][ T5143] usb 4-1: config 0 descriptor??
[ 1058.071983][ T5143] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd
[ 1058.528458][ T5143] gspca_zc3xx: reg_r err -71
[ 1058.534161][ T5143] gspca_zc3xx 4-1:0.0: probe with driver gspca_zc3xx failed with error -71
[ 1058.569109][ T5143] usb 4-1: USB disconnect, device number 17
[ 1058.671506][T15312] EXT4-fs (loop1): unmounting filesystem 00000005-0000-0000-0000-000000000000.
[ 1060.378717][T16167] usb 1-1: Cannot set autoneg
[ 1060.393852][T16167] MOSCHIP usb-ethernet driver 1-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[ 1060.438915][T16167] usb 1-1: USB disconnect, device number 26
[ 1060.777379][T18783] netlink: 'syz.3.3777': attribute type 1 has an invalid length.
[ 1061.240370][T18788] overlayfs: failed to resolve './file0': -2
[ 1061.658945][T18783] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3777'.
[ 1061.735684][T18783] 8021q: adding VLAN 0 to HW filter on device batadv1
[ 1061.852653][T18783] bond1: (slave batadv1): Enslaving as a backup interface with an up link
[ 1061.875703][T18793] TCP: request_sock_subflow_v6: Possible SYN flooding on port [fe80::aa]:20002. Sending cookies.
[ 1061.912171][T18786] bond1 (unregistering): (slave batadv1): Releasing backup interface
[ 1061.992896][T18786] bond1 (unregistering): Released all slaves
[ 1062.117255][T18796] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3782'.
[ 1062.172764][T18796] bridge0: port 1(bridge_slave_1) entered blocking state
[ 1062.190335][T18796] bridge0: port 1(bridge_slave_1) entered disabled state
[ 1062.224891][T18796] bridge_slave_1: entered allmulticast mode
[ 1062.269785][T18796] bridge_slave_1: entered promiscuous mode
[ 1062.333806][T18808] (unnamed net_device) (uninitialized): ARP target 1.0.0.0 is already present
[ 1062.374856][T18808] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (1)
[ 1063.526317][T13106] usb 5-1: new high-speed USB device number 25 using dummy_hcd
[ 1063.768546][T13106] usb 5-1: Using ep0 maxpacket: 8
[ 1063.786027][T13106] usb 5-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4
[ 1063.803222][T13106] usb 5-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3
[ 1064.366444][T13106] usb 5-1: Product: syz
[ 1064.390113][T13106] usb 5-1: Manufacturer: syz
[ 1064.418327][T13106] usb 5-1: SerialNumber: syz
[ 1064.711011][T13106] usb 5-1: config 0 descriptor??
[ 1064.754341][T13106] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08dd
[ 1065.048250][ T5143] usb 1-1: new high-speed USB device number 27 using dummy_hcd
[ 1065.203145][T13106] gspca_zc3xx: reg_r err -71
[ 1065.226532][T13106] gspca_zc3xx 5-1:0.0: probe with driver gspca_zc3xx failed with error -71
[ 1065.258615][T13106] usb 5-1: USB disconnect, device number 25
[ 1065.278295][ T5143] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33
[ 1065.288068][ T5143] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1065.314599][T18838] loop3: detected capacity change from 0 to 2048
[ 1065.327380][ T5143] usb 1-1: config 0 descriptor??
[ 1065.357011][T18838] UDF-fs: error (device loop3): udf_read_tagged: tag checksum failed, block 99: 0x27 != 0x4d
[ 1065.452010][T18842] loop1: detected capacity change from 0 to 2048
[ 1065.459219][T18838] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1065.536171][T18842]  loop1: p3 < > p4 < >
[ 1065.541125][T18842] loop1: partition table partially beyond EOD, truncated
[ 1065.544635][T18838] UDF-fs: error (device loop3): udf_verify_fi: directory (ino 1376) has entry where CRC length (63772) does not match entry length (28)
[ 1065.571643][T18842] loop1: p3 start 4284289 is beyond EOD, truncated
[ 1066.862454][ T5143] usb 1-1: Cannot set autoneg
[ 1066.867632][ T5143] MOSCHIP usb-ethernet driver 1-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71
[ 1066.968094][ T5143] usb 1-1: USB disconnect, device number 27
[ 1067.081385][T18872] loop4: detected capacity change from 0 to 2048
[ 1067.117591][T18872] UDF-fs: error (device loop4): udf_process_sequence: Primary Volume Descriptor not found!
[ 1067.176738][T18872] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[ 1067.277490][T18875] loop1: detected capacity change from 0 to 4096
[ 1067.296510][T18875] ntfs3: loop1: Different NTFS sector size (4096) and media sector size (512).
[ 1067.343627][T18855] loop3: detected capacity change from 0 to 32768
[ 1067.376580][   T29] kauditd_printk_skb: 129 callbacks suppressed
[ 1067.376603][   T29] audit: type=1800 audit(1720257762.398:1334): pid=18875 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.3812" name="bus" dev="loop1" ino=33 res=0 errno=0
[ 1067.395303][T18855] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop3 (7:3) scanned by syz.3.3805 (18855)
[ 1067.490737][T18855] BTRFS info (device loop3): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1067.537608][T18855] BTRFS info (device loop3): using crc32c (crc32c-intel) checksum algorithm
[ 1067.572867][T18855] BTRFS info (device loop3): using free-space-tree
[ 1067.648322][T18885] loop4: detected capacity change from 0 to 8
[ 1067.827101][T18898] Bluetooth: MGMT ver 1.23
[ 1067.853019][T18898] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3816'.
[ 1068.897553][T16151] usb 5-1: new high-speed USB device number 26 using dummy_hcd
[ 1069.438420][T16151] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[ 1069.566531][T16151] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[ 1069.599596][T16151] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00
[ 1069.626422][T16151] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1069.652858][T18909] loop1: detected capacity change from 0 to 1024
[ 1069.663117][T14981] BTRFS info (device loop3): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[ 1069.682677][T18909] hfsplus: bad catalog entry used to create inode
[ 1069.689354][T18909] hfsplus: failed to load root directory
[ 1069.711604][T16151] usb 5-1: config 0 descriptor??
[ 1069.743072][T18909] loop1: detected capacity change from 0 to 8
[ 1070.171432][T18919] overlayfs: failed to resolve './file0': -2
[ 1070.257186][T16151] usbhid 5-1:0.0: can't add hid device: -71
[ 1070.263300][T16151] usbhid 5-1:0.0: probe with driver usbhid failed with error -71
[ 1070.346777][T16151] usb 5-1: USB disconnect, device number 26
[ 1070.626651][T18935] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3832'.
[ 1070.836634][ T5145] usb 1-1: new high-speed USB device number 28 using dummy_hcd
[ 1070.850951][T18941] loop1: detected capacity change from 0 to 8
[ 1071.076447][ T5145] usb 1-1: Using ep0 maxpacket: 16
[ 1071.093342][T18943] loop4: detected capacity change from 0 to 256
[ 1071.104498][ T5145] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[ 1071.136186][ T5145] usb 1-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[ 1071.161526][ T5145] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1071.189170][ T5145] usb 1-1: config 0 descriptor??
[ 1071.731171][T18933] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1071.745623][ T7377] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1071.786788][T18933] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1071.815125][ T7377] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1072.230049][T18949] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1072.522930][T18949] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1072.549247][ T5145] hid (null): global environment stack underflow
[ 1072.586448][ T5145] hid (null): report_id 0 is invalid
[ 1072.598841][ T5145] hid (null): global environment stack underflow
[ 1072.686537][ T5145] hid (null): report_id 10502 is invalid
[ 1072.699541][ T5145] hid-generic 0003:0158:0100.0010: unknown main item tag 0x1
[ 1072.718276][ T5145] hid-generic 0003:0158:0100.0010: unexpected long global item
[ 1072.754764][T18939] loop3: detected capacity change from 0 to 40427
[ 1072.774915][ T5145] hid-generic 0003:0158:0100.0010: probe with driver hid-generic failed with error -22
[ 1072.812199][T18939] F2FS-fs (loop3): Found nat_bits in checkpoint
[ 1072.813242][ T7377] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1072.829520][T16162] usb 5-1: new high-speed USB device number 27 using dummy_hcd
[ 1072.855433][ T7377] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1072.939179][ T5145] usb 1-1: USB disconnect, device number 28
[ 1072.958038][T18939] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[ 1072.959892][T18960] 9pnet_fd: Insufficient options for proto=fd
[ 1073.037562][T16162] usb 5-1: New USB device found, idVendor=14cd, idProduct=6116, bcdDevice= 1.60
[ 1073.055049][T16162] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1073.085325][T16162] usb 5-1: config 0 descriptor??
[ 1073.091270][ T7377] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1073.105502][T16162] ums-cypress 5-1:0.0: USB Mass Storage device detected
[ 1073.126072][ T7377] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1073.323527][ T7377] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0
[ 1073.357240][ T5102] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1
[ 1074.235331][ T5102] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9
[ 1074.249345][ T5102] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9
[ 1074.272743][ T5102] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4
[ 1074.322551][ T5102] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3
[ 1074.338305][ T5102] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2
[ 1074.364241][ T7377] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[ 1074.455620][T14981] syz-executor: attempt to access beyond end of device
[ 1074.455620][T14981] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[ 1074.480362][T14981] F2FS-fs (loop3): Stopped filesystem due to reason: 3
[ 1074.788103][T18973] overlayfs: failed to resolve './file0': -2
[ 1074.862309][ T7377] bridge_slave_1: left allmulticast mode
[ 1074.887446][ T7377] bridge_slave_1: left promiscuous mode
[ 1074.913745][ T7377] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1075.015512][ T7377] bridge_slave_0: left allmulticast mode
[ 1075.041984][ T7377] bridge_slave_0: left promiscuous mode
[ 1075.074836][ T7377] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1075.180972][T16162] usb 5-1: USB disconnect, device number 27
[ 1076.166393][T16162] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[ 1076.390750][T16162] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[ 1076.401453][T16162] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1
[ 1076.422532][ T5102] Bluetooth: hci2: command tx timeout
[ 1076.437273][T16162] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[ 1076.450343][T16162] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[ 1076.459140][T16162] usb 3-1: Product: syz
[ 1076.463354][T16162] usb 3-1: Manufacturer: syz
[ 1076.468668][T16162] usb 3-1: SerialNumber: syz
[ 1076.483135][T16162] cdc_ncm 3-1:1.0: skipping garbage
[ 1076.645515][ T7377] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1076.700256][ T7377] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1076.720619][ T7377] bond0 (unregistering): Released all slaves
[ 1076.743704][T16162] cdc_ncm 3-1:1.0: bind() failure
[ 1076.779356][T16162] usb 3-1: USB disconnect, device number 21
[ 1076.998600][ T7377] IPVS: stopping backup sync thread 18333 ...
[ 1077.115035][T19001] loop3: detected capacity change from 0 to 128
[ 1077.168120][T19001] EXT4-fs (loop3): mounted filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09 r/w without journal. Quota mode: none.
[ 1077.183344][T19001] ext4 filesystem being mounted at /214/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[ 1077.199983][T18968] chnl_net:caif_netlink_parms(): no params data found
[ 1077.322681][   T29] audit: type=1800 audit(1720257772.358:1335): pid=19001 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.3853" name="file1" dev="loop3" ino=13 res=0 errno=0
[ 1077.337806][T19001] 9pnet_fd: Insufficient options for proto=fd
[ 1077.349827][T16148] usb 5-1: new high-speed USB device number 28 using dummy_hcd
[ 1077.468378][T14981] EXT4-fs error (device loop3): ext4_readdir:220: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 1024
[ 1077.483602][T14981] EXT4-fs error (device loop3): ext4_readdir:220: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 8192
[ 1077.502823][T14981] EXT4-fs error (device loop3): ext4_empty_dir:3071: inode #11: block 1: comm syz-executor: Directory block failed checksum
[ 1077.566617][T16148] usb 5-1: Using ep0 maxpacket: 16
[ 1077.576023][T14981] EXT4-fs error (device loop3): ext4_readdir:220: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 1024
[ 1077.620385][T16148] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[ 1077.631779][T16148] usb 5-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[ 1077.636940][T14981] EXT4-fs error (device loop3): ext4_readdir:220: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 8192
[ 1077.640981][T16148] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1077.679773][T16148] usb 5-1: config 0 descriptor??
[ 1077.697110][T14981] EXT4-fs error (device loop3): ext4_empty_dir:3071: inode #11: block 1: comm syz-executor: Directory block failed checksum
[ 1077.723429][ T7377] hsr_slave_0: left promiscuous mode
[ 1077.724680][T14981] EXT4-fs error (device loop3): ext4_readdir:220: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 1024
[ 1077.745361][T14981] EXT4-fs error (device loop3): ext4_readdir:220: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 8192
[ 1077.764275][T14981] EXT4-fs error (device loop3): ext4_empty_dir:3071: inode #11: block 1: comm syz-executor: Directory block failed checksum
[ 1077.780301][ T7377] hsr_slave_1: left promiscuous mode
[ 1077.789771][T14981] EXT4-fs error (device loop3): ext4_readdir:220: inode #11: comm syz-executor: path (unknown): directory fails checksum at offset 1024
[ 1077.814338][ T7377] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[ 1077.838980][ T7377] batman_adv: batadv0: Removing interface: batadv_slave_0
[ 1077.858493][ T7377] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[ 1077.876346][ T7377] batman_adv: batadv0: Removing interface: batadv_slave_1
[ 1078.027263][ T7377] veth1_macvtap: left promiscuous mode
[ 1078.027356][ T7377] veth0_macvtap: left promiscuous mode
[ 1078.027512][ T7377] veth1_vlan: left promiscuous mode
[ 1078.027640][ T7377] veth0_vlan: left promiscuous mode
[ 1078.258435][T19005] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1078.278394][T19005] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1078.377147][T19018] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1078.386748][T19018] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1078.418586][T16148] hid (null): global environment stack underflow
[ 1078.442264][T16148] hid (null): report_id 0 is invalid
[ 1078.449370][T16148] hid (null): global environment stack underflow
[ 1078.457756][T16148] hid (null): report_id 10502 is invalid
[ 1078.502425][ T5102] Bluetooth: hci2: command tx timeout
[ 1078.512898][T16148] hid-generic 0003:0158:0100.0011: unknown main item tag 0x1
[ 1078.550863][T16148] hid-generic 0003:0158:0100.0011: unexpected long global item
[ 1078.585299][T16148] hid-generic 0003:0158:0100.0011: probe with driver hid-generic failed with error -22
[ 1079.391147][ T7377] team0 (unregistering): Port device team_slave_1 removed
[ 1079.470955][ T7377] team0 (unregistering): Port device team_slave_0 removed
[ 1080.337884][T19040] netlink: 212 bytes leftover after parsing attributes in process `syz.0.3866'.
[ 1080.578061][ T5102] Bluetooth: hci2: command tx timeout
[ 1081.853020][T16151] usb 5-1: USB disconnect, device number 28
[ 1081.998650][T18968] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1082.006036][T18968] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1082.018115][T18968] bridge_slave_0: entered allmulticast mode
[ 1082.025734][T18968] bridge_slave_0: entered promiscuous mode
[ 1082.049178][T14981] EXT4-fs (loop3): unmounting filesystem 76b65be2-f6da-4727-8c75-0525a5b65a09.
[ 1082.062645][T18968] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1082.096789][T18968] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1082.123692][T18968] bridge_slave_1: entered allmulticast mode
[ 1082.125392][T18968] bridge_slave_1: entered promiscuous mode
[ 1082.377637][T18968] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1082.410269][T18968] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1082.636544][T18968] team0: Port device team_slave_0 added
[ 1082.663430][ T5102] Bluetooth: hci2: command tx timeout
[ 1082.730130][T18968] team0: Port device team_slave_1 added
[ 1082.842188][T18968] batman_adv: batadv0: Adding interface: batadv_slave_0
[ 1082.863593][T18968] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1082.922966][T18968] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[ 1082.996917][T17158] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1
[ 1083.008000][T17158] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9
[ 1083.028445][T17158] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9
[ 1083.046721][T17158] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4
[ 1083.058959][T18968] batman_adv: batadv0: Adding interface: batadv_slave_1
[ 1083.065957][T18968] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[ 1083.066561][T17158] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3
[ 1083.106698][T17158] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2
[ 1083.138948][T18968] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[ 1083.360542][T18968] hsr_slave_0: entered promiscuous mode
[ 1083.369627][T18968] hsr_slave_1: entered promiscuous mode
[ 1083.376184][T18968] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[ 1083.393720][T18968] Cannot create hsr debugfs directory
[ 1083.853216][T12346] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[ 1084.038060][T12346] usb 3-1: Using ep0 maxpacket: 16
[ 1084.552942][T12346] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024
[ 1084.597917][T12346] usb 3-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00
[ 1084.628589][T12346] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1084.650030][T12346] usb 3-1: config 0 descriptor??
[ 1084.958231][T19075] netlink: 212 bytes leftover after parsing attributes in process `syz.0.3878'.
[ 1085.219353][ T5102] Bluetooth: hci5: command tx timeout
[ 1086.818669][T19079] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1086.877910][T19079] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1086.914986][T19067] /dev/loop2: Can't open blockdev
[ 1087.008685][T19078] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[ 1087.009265][T19064] chnl_net:caif_netlink_parms(): no params data found
[ 1087.056730][T19078] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[ 1087.072082][T12346] hid (null): unknown global tag 0xa5
[ 1087.097588][T12346] hid (null): unknown global tag 0xd
[ 1087.103039][T12346] hid (null): unknown global tag 0xc
[ 1087.134907][T12346] hid-generic 0003:0158:0100.0012: unknown main item tag 0x1
[ 1087.151101][T12346] hid-generic 0003:0158:0100.0012: unexpected long global item
[ 1087.161918][T12346] hid-generic 0003:0158:0100.0012: probe with driver hid-generic failed with error -22
[ 1087.336380][ T5102] Bluetooth: hci5: command tx timeout
[ 1087.393457][ T7377] bridge_slave_1: left allmulticast mode
[ 1087.411367][T16151] usb 3-1: USB disconnect, device number 22
[ 1087.434031][ T7377] bridge_slave_1: left promiscuous mode
[ 1087.452711][ T7377] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1087.485612][ T7377] bridge_slave_0: left allmulticast mode
[ 1087.504904][ T7377] bridge_slave_0: left promiscuous mode
[ 1087.514085][ T7377] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1088.322265][T12346] usb 1-1: new high-speed USB device number 29 using dummy_hcd
[ 1088.530059][T12346] usb 1-1: New USB device found, idVendor=14cd, idProduct=6116, bcdDevice= 1.60
[ 1088.550483][T12346] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[ 1088.577618][T12346] usb 1-1: config 0 descriptor??
[ 1088.596172][T12346] ums-cypress 1-1:0.0: USB Mass Storage device detected
[ 1090.148067][ T5102] Bluetooth: hci5: command tx timeout
[ 1090.495977][ T7377] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[ 1090.506448][ T7377] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[ 1090.519787][ T7377] bond0 (unregistering): Released all slaves
[ 1090.536771][T19064] bridge0: port 1(bridge_slave_0) entered blocking state
[ 1090.543972][T19064] bridge0: port 1(bridge_slave_0) entered disabled state
[ 1090.551964][T19064] bridge_slave_0: entered allmulticast mode
[ 1090.559749][T19064] bridge_slave_0: entered promiscuous mode
[ 1090.585203][T19064] bridge0: port 2(bridge_slave_1) entered blocking state
[ 1090.593546][T19064] bridge0: port 2(bridge_slave_1) entered disabled state
[ 1090.603519][T19064] bridge_slave_1: entered allmulticast mode
[ 1090.614262][T19064] bridge_slave_1: entered promiscuous mode
[ 1090.875589][T19064] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[ 1091.057732][T19064] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[ 1091.280682][T19064] team0: Port device team_slave_0 added
[ 1091.373269][T18968] netdevsim netdevsim1 netdevsim0: renamed from eth0
[ 1091.400618][T19064] team0: Port device team_slave_1 added
[ 1091.418159][T18968] netdevsim netdevsim1 netdevsim1: renamed from eth1
[ 1091.540393][ T7341] ==================================================================
[ 1091.548542][ T7341] BUG: KASAN: slab-use-after-free in l2tp_tunnel_del_work+0xe5/0x330
[ 1091.556653][ T7341] Read of size 8 at addr ffff88806994d0b8 by task kworker/u8:10/7341
[ 1091.564778][ T7341] 
[ 1091.567133][ T7341] CPU: 1 UID: 0 PID: 7341 Comm: kworker/u8:10 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0
[ 1091.577579][ T7341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 1091.587842][ T7341] Workqueue: l2tp l2tp_tunnel_del_work
[ 1091.593363][ T7341] Call Trace:
[ 1091.596670][ T7341]  <TASK>
[ 1091.599642][ T7341]  dump_stack_lvl+0x241/0x360
[ 1091.604337][ T7341]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1091.609560][ T7341]  ? __pfx__printk+0x10/0x10
[ 1091.614186][ T7341]  ? _printk+0xd5/0x120
[ 1091.618363][ T7341]  ? __virt_addr_valid+0x183/0x530
[ 1091.623537][ T7341]  ? __virt_addr_valid+0x183/0x530
[ 1091.628697][ T7341]  print_report+0x169/0x550
[ 1091.633284][ T7341]  ? __virt_addr_valid+0x183/0x530
[ 1091.638435][ T7341]  ? __virt_addr_valid+0x183/0x530
[ 1091.643590][ T7341]  ? __virt_addr_valid+0x45f/0x530
[ 1091.648747][ T7341]  ? __phys_addr+0xba/0x170
[ 1091.653300][ T7341]  ? l2tp_tunnel_del_work+0xe5/0x330
[ 1091.658614][ T7341]  kasan_report+0x143/0x180
[ 1091.663158][ T7341]  ? l2tp_tunnel_del_work+0xe5/0x330
[ 1091.668478][ T7341]  l2tp_tunnel_del_work+0xe5/0x330
[ 1091.673715][ T7341]  ? process_scheduled_works+0x945/0x1830
[ 1091.679476][ T7341]  process_scheduled_works+0xa2c/0x1830
[ 1091.685080][ T7341]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1091.691189][ T7341]  ? assign_work+0x364/0x3d0
[ 1091.695822][ T7341]  worker_thread+0x86d/0xd40
[ 1091.700453][ T7341]  ? __kthread_parkme+0x169/0x1d0
[ 1091.705515][ T7341]  ? __pfx_worker_thread+0x10/0x10
[ 1091.710667][ T7341]  kthread+0x2f0/0x390
[ 1091.714783][ T7341]  ? __pfx_worker_thread+0x10/0x10
[ 1091.719940][ T7341]  ? __pfx_kthread+0x10/0x10
[ 1091.724571][ T7341]  ret_from_fork+0x4b/0x80
[ 1091.729024][ T7341]  ? __pfx_kthread+0x10/0x10
[ 1091.733651][ T7341]  ret_from_fork_asm+0x1a/0x30
[ 1091.738465][ T7341]  </TASK>
[ 1091.741509][ T7341] 
[ 1091.743943][ T7341] Allocated by task 19136:
[ 1091.748374][ T7341]  kasan_save_track+0x3f/0x80
[ 1091.753083][ T7341]  __kasan_kmalloc+0x98/0xb0
[ 1091.757702][ T7341]  __kmalloc_noprof+0x1fc/0x400
[ 1091.762592][ T7341]  l2tp_session_create+0x3b/0xc20
[ 1091.767646][ T7341]  pppol2tp_connect+0xca3/0x17a0
[ 1091.772705][ T7341]  __sys_connect+0x2df/0x310
[ 1091.777322][ T7341]  __x64_sys_connect+0x7a/0x90
[ 1091.782115][ T7341]  do_syscall_64+0xf3/0x230
[ 1091.786641][ T7341]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1091.792572][ T7341] 
[ 1091.794928][ T7341] Freed by task 3:
[ 1091.798669][ T7341]  kasan_save_track+0x3f/0x80
[ 1091.803374][ T7341]  kasan_save_free_info+0x40/0x50
[ 1091.808439][ T7341]  poison_slab_object+0xe0/0x150
[ 1091.813412][ T7341]  __kasan_slab_free+0x37/0x60
[ 1091.818210][ T7341]  kfree+0x149/0x360
[ 1091.822181][ T7341]  __sk_destruct+0x58/0x5f0
[ 1091.826736][ T7341]  rcu_core+0xaaa/0x17a0
[ 1091.831024][ T7341]  handle_softirqs+0x2c4/0x970
[ 1091.835826][ T7341]  __irq_exit_rcu+0xf4/0x1c0
[ 1091.840460][ T7341]  irq_exit_rcu+0x9/0x30
[ 1091.844738][ T7341]  sysvec_apic_timer_interrupt+0xa6/0xc0
[ 1091.850413][ T7341]  asm_sysvec_apic_timer_interrupt+0x1a/0x20
[ 1091.856430][ T7341] 
[ 1091.858780][ T7341] Last potentially related work creation:
[ 1091.859580][T19147] loop4: detected capacity change from 0 to 256
[ 1091.864502][ T7341]  kasan_save_stack+0x3f/0x60
[ 1091.875570][ T7341]  __kasan_record_aux_stack+0xac/0xc0
[ 1091.880982][ T7341]  call_rcu+0x167/0xa70
[ 1091.885180][ T7341]  pppol2tp_release+0x24b/0x350
[ 1091.890076][ T7341]  sock_close+0xbc/0x240
[ 1091.894357][ T7341]  __fput+0x24a/0x8a0
[ 1091.898372][ T7341]  task_work_run+0x24f/0x310
[ 1091.902990][ T7341]  syscall_exit_to_user_mode+0x168/0x370
[ 1091.908679][ T7341]  do_syscall_64+0x100/0x230
[ 1091.913301][ T7341]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1091.919237][ T7341] 
[ 1091.921590][ T7341] The buggy address belongs to the object at ffff88806994d000
[ 1091.921590][ T7341]  which belongs to the cache kmalloc-1k of size 1024
[ 1091.935679][ T7341] The buggy address is located 184 bytes inside of
[ 1091.935679][ T7341]  freed 1024-byte region [ffff88806994d000, ffff88806994d400)
[ 1091.949601][ T7341] 
[ 1091.951944][ T7341] The buggy address belongs to the physical page:
[ 1091.958387][ T7341] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x69948
[ 1091.967207][ T7341] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0
[ 1091.975729][ T7341] ksm flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff)
[ 1091.983636][ T7341] page_type: 0xfdffffff(slab)
[ 1091.988338][ T7341] raw: 00fff00000000040 ffff888015041dc0 ffffea0001a65000 0000000000000003
[ 1091.996966][ T7341] raw: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000
[ 1092.005568][ T7341] head: 00fff00000000040 ffff888015041dc0 ffffea0001a65000 0000000000000003
[ 1092.014253][ T7341] head: 0000000000000000 0000000000100010 00000001fdffffff 0000000000000000
[ 1092.022943][ T7341] head: 00fff00000000003 ffffea0001a65201 ffffffffffffffff 0000000000000000
[ 1092.031647][ T7341] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000
[ 1092.040347][ T7341] page dumped because: kasan: bad access detected
[ 1092.046848][ T7341] page_owner tracks the page as allocated
[ 1092.052587][ T7341] page last allocated via order 3, migratetype Unmovable, gfp_mask 0x1d2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC|__GFP_HARDWALL), pid 18765, tgid 18759 (syz.1.3768), ts 1059813857553, free_ts 818691323305
[ 1092.075047][ T7341]  post_alloc_hook+0x1f3/0x230
[ 1092.079859][ T7341]  get_page_from_freelist+0x2ccb/0x2d80
[ 1092.085439][ T7341]  __alloc_pages_noprof+0x256/0x6c0
[ 1092.090664][ T7341]  alloc_slab_page+0x5f/0x120
[ 1092.095379][ T7341]  allocate_slab+0x5a/0x2f0
[ 1092.099907][ T7341]  ___slab_alloc+0xcd1/0x14b0
[ 1092.104720][ T7341]  __slab_alloc+0x58/0xa0
[ 1092.109065][ T7341]  __kmalloc_node_track_caller_noprof+0x281/0x440
[ 1092.115511][ T7341]  kmalloc_reserve+0x111/0x2a0
[ 1092.120284][ T7341]  __alloc_skb+0x1f3/0x440
[ 1092.124707][ T7341]  xfrm_alloc_compat+0x1b6/0x1690
[ 1092.129746][ T7341]  xfrm_nlmsg_multicast+0xd7/0x1f0
[ 1092.134886][ T7341]  xfrm_send_acquire+0x932/0x1240
[ 1092.140017][ T7341]  km_query+0x120/0x220
[ 1092.144200][ T7341]  xfrm_state_find+0x328e/0x4d60
[ 1092.149161][ T7341]  xfrm_resolve_and_create_bundle+0x6d2/0x2c80
[ 1092.155345][ T7341] page last free pid 4547 tgid 4547 stack trace:
[ 1092.161683][ T7341]  free_unref_page+0xd22/0xea0
[ 1092.166468][ T7341]  __put_partials+0xeb/0x130
[ 1092.171086][ T7341]  put_cpu_partial+0x17c/0x250
[ 1092.175875][ T7341]  __slab_free+0x2ea/0x3d0
[ 1092.176502][ T5102] Bluetooth: hci5: command tx timeout
[ 1092.180281][ T7341]  qlist_free_all+0x9e/0x140
[ 1092.180308][ T7341]  kasan_quarantine_reduce+0x14f/0x170
[ 1092.195746][ T7341]  __kasan_slab_alloc+0x23/0x80
[ 1092.200631][ T7341]  __kmalloc_noprof+0x1a6/0x400
[ 1092.205608][ T7341]  tomoyo_realpath_from_path+0xcf/0x5e0
[ 1092.211225][ T7341]  tomoyo_path_perm+0x2b7/0x740
[ 1092.216099][ T7341]  security_inode_getattr+0xd8/0x130
[ 1092.221404][ T7341]  vfs_getattr+0x45/0x430
[ 1092.225742][ T7341]  vfs_fstatat+0xe4/0x190
[ 1092.230090][ T7341]  __x64_sys_newfstatat+0x11d/0x1a0
[ 1092.235320][ T7341]  do_syscall_64+0xf3/0x230
[ 1092.239843][ T7341]  entry_SYSCALL_64_after_hwframe+0x77/0x7f
[ 1092.245795][ T7341] 
[ 1092.248135][ T7341] Memory state around the buggy address:
[ 1092.253794][ T7341]  ffff88806994cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
[ 1092.261897][ T7341]  ffff88806994d000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1092.269993][ T7341] >ffff88806994d080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1092.278086][ T7341]                                         ^
[ 1092.284081][ T7341]  ffff88806994d100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1092.292255][ T7341]  ffff88806994d180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
[ 1092.300335][ T7341] ==================================================================
[ 1092.308477][ T7341] Kernel panic - not syncing: KASAN: panic_on_warn set ...
[ 1092.315701][ T7341] CPU: 1 UID: 0 PID: 7341 Comm: kworker/u8:10 Not tainted 6.10.0-rc6-next-20240703-syzkaller #0
[ 1092.326140][ T7341] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/07/2024
[ 1092.336263][ T7341] Workqueue: l2tp l2tp_tunnel_del_work
[ 1092.341773][ T7341] Call Trace:
[ 1092.345072][ T7341]  <TASK>
[ 1092.348017][ T7341]  dump_stack_lvl+0x241/0x360
[ 1092.352749][ T7341]  ? __pfx_dump_stack_lvl+0x10/0x10
[ 1092.357998][ T7341]  ? __pfx__printk+0x10/0x10
[ 1092.362633][ T7341]  ? vscnprintf+0x5d/0x90
[ 1092.366988][ T7341]  panic+0x349/0x870
[ 1092.370929][ T7341]  ? check_panic_on_warn+0x21/0xb0
[ 1092.376087][ T7341]  ? __pfx_panic+0x10/0x10
[ 1092.380525][ T7341]  ? mark_lock+0x9a/0x360
[ 1092.384887][ T7341]  ? _raw_spin_unlock_irqrestore+0xd8/0x140
[ 1092.390801][ T7341]  ? _raw_spin_unlock_irqrestore+0xdd/0x140
[ 1092.396731][ T7341]  ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10
[ 1092.403130][ T7341]  ? print_report+0x502/0x550
[ 1092.407834][ T7341]  check_panic_on_warn+0x86/0xb0
[ 1092.412808][ T7341]  ? l2tp_tunnel_del_work+0xe5/0x330
[ 1092.418123][ T7341]  end_report+0x77/0x160
[ 1092.422448][ T7341]  kasan_report+0x154/0x180
[ 1092.426976][ T7341]  ? l2tp_tunnel_del_work+0xe5/0x330
[ 1092.432288][ T7341]  l2tp_tunnel_del_work+0xe5/0x330
[ 1092.437427][ T7341]  ? process_scheduled_works+0x945/0x1830
[ 1092.443174][ T7341]  process_scheduled_works+0xa2c/0x1830
[ 1092.448758][ T7341]  ? __pfx_process_scheduled_works+0x10/0x10
[ 1092.454818][ T7341]  ? assign_work+0x364/0x3d0
[ 1092.459480][ T7341]  worker_thread+0x86d/0xd40
[ 1092.464118][ T7341]  ? __kthread_parkme+0x169/0x1d0
[ 1092.469167][ T7341]  ? __pfx_worker_thread+0x10/0x10
[ 1092.474318][ T7341]  kthread+0x2f0/0x390
[ 1092.478416][ T7341]  ? __pfx_worker_thread+0x10/0x10
[ 1092.483555][ T7341]  ? __pfx_kthread+0x10/0x10
[ 1092.488216][ T7341]  ret_from_fork+0x4b/0x80
[ 1092.492661][ T7341]  ? __pfx_kthread+0x10/0x10
[ 1092.497272][ T7341]  ret_from_fork_asm+0x1a/0x30
[ 1092.502085][ T7341]  </TASK>
[ 1092.505439][ T7341] Kernel Offset: disabled
[ 1092.509764][ T7341] Rebooting in 86400 seconds..