last executing test programs:

3m56.493037454s ago: executing program 3 (id=4):
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x21008, 0x0, 0x0, 0x0, 0x0)
mount$bind(&(0x7f0000000380)='./file0\x00', &(0x7f0000000200)='./file0\x00', 0x0, 0x2125099, 0x0)
chroot(&(0x7f0000000080)='./file0/../file0\x00')
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f00000003c0)='./file0\x00', 0x0, 0x2a0d006, 0x0)
pivot_root(&(0x7f0000000000)='./file0/../file0\x00', &(0x7f0000000180)='./file0\x00')

3m56.358005929s ago: executing program 3 (id=6):
r0 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000004c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x5, 0xfffffffffffffffb}, {0x0, 0x40000000000000, 0x200000000000000}, 0x2}}, 0xb8}, 0x1, 0x0, 0x0, 0x4000015}, 0x2c000010)
r1 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000e00000020000000000000000000000000000000000000000000000000000000100000000000000000a"], 0xb8}}, 0x0)
sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@updpolicy={0xb8, 0x15, 0x1, 0x0, 0x0, {{@in=@multicast1=0xe0000002, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x10}, {0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0xffffffff}, {}, 0x0, 0x6e6bb5, 0x0, 0x1}}, 0xb8}}, 0x0)

3m55.709048576s ago: executing program 3 (id=8):
r0 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @loopback}, 0xc)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)=ANY=[@ANYBLOB="e0000002ac1414aa0100000002"], 0x18)
syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x4, 0x2, 0x0, @empty, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x2, 0x4}}}}}, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x32}, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x4, 0x2, 0x0, @empty, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x10001}}}}}, 0x0)

3m55.398610627s ago: executing program 32 (id=8):
r0 = socket$inet(0x2, 0x3, 0x2)
setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local, @loopback}, 0xc)
setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)=ANY=[@ANYBLOB="e0000002ac1414aa0100000002"], 0x18)
syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x4, 0x2, 0x0, @empty, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x2, 0x4}}}}}, 0x0)
syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x32}, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x4, 0x2, 0x0, @empty, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x10001}}}}}, 0x0)

3m46.593618783s ago: executing program 0 (id=59):
r0 = socket$kcm(0x2, 0x200000000000001, 0x106)
r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000001740), 0x121c02, 0x0)
ioctl$PPPIOCNEWUNIT(r1, 0xc004743e, &(0x7f0000000100))
ioctl$PPPIOCSACTIVE(r1, 0x40107446, &(0x7f00000003c0)={0x1, &(0x7f0000000080)=[{0x6, 0x0, 0x3, 0x365}]})
close_range(r0, 0xffffffffffffffff, 0x0)

3m46.072907104s ago: executing program 0 (id=61):
r0 = fanotify_init(0x2, 0x0)
pipe2(&(0x7f00000000c0)={0xffffffffffffffff, <r1=>0xffffffffffffffff}, 0x0)
fanotify_mark(r0, 0x1, 0x8001008, r1, 0x0)
r2 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x2, 0x7fff7ffc}]})
close_range(r2, 0xffffffffffffffff, 0x200000000000000)

3m45.7318798s ago: executing program 0 (id=63):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10)
sendto$inet(r0, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10)
write(r0, &(0x7f0000000180)="f4", 0x1)
recvmmsg(r0, &(0x7f0000000b00)=[{{0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f0000000940)=""/249, 0xf9}], 0x1}, 0x2}], 0x1, 0x2, 0x0)

3m45.367816732s ago: executing program 0 (id=65):
r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_SETFLAGS(r0, 0x40086602, &(0x7f00000002c0)=0x20)
r1 = socket$unix(0x1, 0x1, 0x0)
bind$unix(r1, &(0x7f00000002c0)=@abs={0x1, 0x0, 0x4e24}, 0x6e)
bind$unix(r1, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e)

3m44.903144043s ago: executing program 0 (id=66):
r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8}, 0x48)
close(0x3)
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0xb, 0x7, 0x10001, 0x8, 0x1}, 0x48)
r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x14, &(0x7f0000000280)=ANY=[@ANYBLOB="180000000000000000000000000000001801000020646c2100000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000007500000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xe, '\x00', 0x0, @fallback=0x25, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_BIND_MAP(0xa, &(0x7f0000000080)={r1}, 0xc)

3m43.784621242s ago: executing program 0 (id=69):
personality(0x87bf5ac905ea0f7f)
pipe2$9p(&(0x7f00000027c0)={<r0=>0xffffffffffffffff}, 0x0)
clock_gettime(0x0, &(0x7f00000000c0)={<r1=>0x0, <r2=>0x0})
ppoll(&(0x7f0000000040)=[{r0}], 0x1, &(0x7f0000000100)={r1, r2+60000000}, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

3m42.843113674s ago: executing program 33 (id=69):
personality(0x87bf5ac905ea0f7f)
pipe2$9p(&(0x7f00000027c0)={<r0=>0xffffffffffffffff}, 0x0)
clock_gettime(0x0, &(0x7f00000000c0)={<r1=>0x0, <r2=>0x0})
ppoll(&(0x7f0000000040)=[{r0}], 0x1, &(0x7f0000000100)={r1, r2+60000000}, 0x0, 0x0)
close_range(r0, 0xffffffffffffffff, 0x0)

1m59.347502001s ago: executing program 4 (id=717):
pipe(&(0x7f0000000000)={<r0=>0xffffffffffffffff})
pipe(&(0x7f0000000080)={0xffffffffffffffff, <r1=>0xffffffffffffffff})
io_uring_setup(0x7ba, &(0x7f0000000080)={0x0, 0x581a, 0x40, 0x0, 0x3d5})
splice(r0, 0x0, r1, 0x0, 0x80, 0x0)
close_range(r1, 0xffffffffffffffff, 0x0)

1m59.104315004s ago: executing program 4 (id=718):
r0 = socket$inet6_tcp(0xa, 0x1, 0x0)
bind$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x11}}, 0x2006}, 0x1c)
connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x6, @ipv4={'\x00', '\xff\xff', @empty}, 0x4c}, 0x1c)
setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000100)='vlan0\x00', 0x10)
sendmmsg$inet(r0, &(0x7f0000000240)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000dc0)="9064533a7837407e683a09e451dd472e5f7aeef50aee94ac12f9fb32a0cce1fb5e534ad5d374dc00e818a685571957e1bef09c120c39c2396ef3d7e15f5877581d9e44c9fd79d22cc28ed899e4acffa42b5ce1a83273afc139a4acfbef126c783af5507886f6120404799e82fd9c52f23b9ac4076af50dccfc24f0ce35ed34e194f14cf1823788f09292f3cd0789e2f2d9556d63cdb77a059cd4bcf71980ba7da4440c217345cc49be28e49f9df1735aff9a53436d899ce9dcd18054a2a6995150ffd252d5a93136bd744f5d5b05af436ac730639dd83ab03250ba9b1dfbc54fc14c3575b462627a3ea50ceddabab31ec9a9f82f22b9dae044f75ecd687ccdaea93206958e72b7d8ca0f69bb1731e953639af370fb2b09949073b08abcb99ac0e2ebf8ccb6640894d2a1871ad1a8684b4148a3b28f5a9778", 0x138}], 0x1}}, {{0x0, 0x0, &(0x7f0000002b40)=[{&(0x7f0000000700)='n', 0x1}], 0x1}}], 0x2, 0x119e75c40673edef)

1m58.806275498s ago: executing program 4 (id=721):
r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0c02, 0x0)
ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0))
ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000200)=0x8)
ioctl$PPPIOCSFLAGS1(r0, 0x40047459, &(0x7f0000000100)=0x2000004)
pwritev(r0, &(0x7f0000000040)=[{&(0x7f0000000300)="00214717a70700000000030600000000007b0000000072e218461631ce4c431d58b62b74f72c6ddee14881839a1705759444", 0x32}], 0x1, 0xb, 0x1)

1m58.574057875s ago: executing program 4 (id=723):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
chroot(&(0x7f0000000100)='./file0\x00')
mount$bind(&(0x7f0000000040)='.\x00', &(0x7f0000000080)='./file0\x00', 0x0, 0x2a05004, 0x0)
pivot_root(&(0x7f0000000240)='./file0\x00', &(0x7f0000000000)='./file0/../file0\x00')

1m58.304679693s ago: executing program 4 (id=725):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r3=>0x0})
sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000080)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010000140000000000000200000008000300", @ANYRES32=r3, @ANYBLOB="0c009985f2330fd547793c000800a0003a0900080500390104000000080026"], 0x40}}, 0x0)

1m57.604192271s ago: executing program 4 (id=731):
r0 = gettid()
timer_create(0x2, &(0x7f000049efa0)={0x0, 0xb, 0x4, @tid=r0}, &(0x7f0000044000))
syz_clone(0x42164000, 0x0, 0x0, 0x0, 0x0, 0x0)
timer_settime(0x0, 0xffffffffffffffff, &(0x7f0000000080)={{0x77359400}, {0x0, 0x9}}, 0x0)
timer_settime(0x0, 0x1, &(0x7f0000040fe0)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)

1m57.253498485s ago: executing program 34 (id=731):
r0 = gettid()
timer_create(0x2, &(0x7f000049efa0)={0x0, 0xb, 0x4, @tid=r0}, &(0x7f0000044000))
syz_clone(0x42164000, 0x0, 0x0, 0x0, 0x0, 0x0)
timer_settime(0x0, 0xffffffffffffffff, &(0x7f0000000080)={{0x77359400}, {0x0, 0x9}}, 0x0)
timer_settime(0x0, 0x1, &(0x7f0000040fe0)={{0x0, 0x989680}, {0x0, 0x9}}, 0x0)

1m18.300726612s ago: executing program 6 (id=1015):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x1, &(0x7f0000000340)=[{0x6, 0x0, 0x0, 0x67b}]}, 0x10)
bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c)
setsockopt$inet_sctp6_SCTP_RTOINFO(r0, 0x84, 0x0, &(0x7f0000000200)={0x0, 0x3ff, 0x2, 0x10}, 0x10)

1m18.072404809s ago: executing program 6 (id=1018):
r0 = socket$can_bcm(0x1d, 0x2, 0x2)
ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000100)={'vcan0\x00', <r1=>0x0})
connect$can_bcm(r0, &(0x7f00000000c0)={0x1d, r1}, 0x10)
sendmsg$can_bcm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)={0x1, 0x920, 0x0, {0x0, 0x2710}, {0x0, 0x2710}, {}, 0x1, @canfd={{}, 0x20, 0x0, 0x0, 0x0, "5c91440132bb112240fcbcc3fa9d0431575f8614d3538ce09c50eecd6ac579e8e83b944b666113f3afed71231e6653a13532f17b33515bdd7e1be14f53b9fc9b"}}, 0x80}}, 0x40000)
sendmsg$can_bcm(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)={0x2, 0x0, 0x0, {0x0, 0x2710}, {}, {}, 0x1, @can={{}, 0x0, 0x0, 0x0, 0x0, "ee6a491530f05065"}}, 0x48}}, 0x0)

1m17.823989122s ago: executing program 6 (id=1031):
r0 = socket$inet_sctp(0x2, 0x5, 0x84)
syz_open_dev$ttys(0xc, 0x2, 0x1)
r1 = syz_open_dev$ptys(0xc, 0x3, 0x1)
read(r1, &(0x7f00000000c0)=""/147, 0xb6)
close_range(r0, 0xffffffffffffffff, 0x0)

1m17.615429363s ago: executing program 6 (id=1022):
syz_mount_image$ext4(&(0x7f0000000000)='ext4\x00', &(0x7f0000000080)='./file0\x00', 0x8002, &(0x7f00000000c0), 0x1, 0x4b4, &(0x7f0000000c80)="$eJzs3E9sFNUfAPDvbHdpgR8/KiIKoi6isdHYQkHh4AWjiQdMjHjQY9MWghRqaE2EECmJwaMh8W48evXgVb0ZTyZe8WhiSIjhAnhaM7sz7e52t//Y7oL7+SRL35t9s+99982bfTNvlwD6Vjn9J4n4X0TcjIidtWxjgXLtz707Vybv37kyGQuVyqm/k2q5u2k+k++3PcuMFCIKXyRNL1gzd+nyuYmZmemLWX5s/vwnY3OXLr969vzEmekz0xfGjx8/euTwsdfHX1t/UC3qS+O6u+/z2f173/noxruTxXz7UPa3Po5OKUe5VVOqXux0ZT22oy6dFHvYENZlICLS7ipVx//OGAidB/2iUqlUBts/vVBpdm3ZFuCRlUSvWwD0Rv5Bn17/5o8uTT0eCrdP1C6A0rjvZY/aM8UoZGVKTde3nTQUER8u/PNN+ohNug8BAFDvpxP5TLB5/leIPXXl/p+toQxHxGMRsSsiHo+I3RHxRES17JMR8VTT65cjorJC/eWm/PL5T+HWAwW4inT+90a2ttU4/8tnfzE8kOV2ROQT5ulD2XsyEqXB02dnpg+vUMfPb/3+VbvnynXzv/SR1p/PBbN23Co23aCbmpif2HDATW5fi9hXbI4/KUYkiysBSUTsjYh963jd4br02Ze/27+YKTWWWz3+qkrLdbQOLFVUvo14qdb/C9HQ/0s1JiuvT44Nxcz0obH0KDjUso5ff7v+Xrv6V43/hz+bd3n72I+nHjTsRWn/b6s7/iNfv12KfziJSBbXa+fWX8f1P75se02ztuP/asM+6fG/Jfmgmt6SbftsYn7+4uGILcnJ5dvHl/bN83n5NP6Rg63H/65sn/SdeDoi0oP4mYh4NiKey9p+ICKej4iDK8T/y5svfLzx+DdXGv9Uy/NfQ/8vrdfPncwTl9aaGDh34Ob9NiePtfX/0WpqJNvS+vyXNJwi1trADryFAAAA8NArRPW7/4XRxXShMDpauwe0O7YVZmbn5l85PfvphanabwSGo1TI73TV7geXkvz+53BdfrwpfyS7b/z1wNZqfnRydmaq18FDn9teHfPJsvGf+mug160DNp2f/ED/Wm3877nRpYYAXefzH/pX3fhfaFNkwTdl4L+p9ed/qevtALqv1fi/uoF9gEdLxViGvmb8Q/8qxvuL6UJPWwJ0m89/6Etr/xX/RhKVwdZPDcXywjG0Oc3Y2qKuniTSmVVPat+6kb3y/02hbZkorPY6xYZjbDCWlxmInvTFmT0dP/gr2XflO93U71cep/l0fRPeqO6ehwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADbLvwEAAP//cdfX0w==")
syz_mount_image$fuse(0x0, &(0x7f0000000740)='./bus\x00', 0x283016, 0x0, 0x11, 0x0, 0x0)
newfstatat(0xffffffffffffff9c, &(0x7f0000007480)='./file0/file1\x00', 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000a80)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
setxattr$security_capability(&(0x7f0000000240)='./file0/file1\x00', 0x0, 0x0, 0x0, 0x0)

1m16.882443964s ago: executing program 6 (id=1029):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan1\x00', <r3=>0x0})
sendmsg$NL80211_CMD_SET_BSS(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)={0x24, r2, 0x1, 0x70bd28, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_P2P_OPPPS={0x5}]}, 0x24}, 0x1, 0x0, 0x0, 0x44}, 0x24004100)

1m16.33222052s ago: executing program 6 (id=1036):
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
unshare(0x22020400)
r2 = fanotify_init(0x200, 0x0)
fanotify_mark(r2, 0x409, 0x4800003c, r1, 0x0)

1m16.052045567s ago: executing program 35 (id=1036):
r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101)
r1 = dup(r0)
unshare(0x22020400)
r2 = fanotify_init(0x200, 0x0)
fanotify_mark(r2, 0x409, 0x4800003c, r1, 0x0)

57.740156805s ago: executing program 7 (id=1167):
r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0)
ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f00000003c0)={0x0, &(0x7f0000000300)=[<r1=>0x0], &(0x7f0000000340)=[<r2=>0x0], 0x0, 0x0, 0x1, 0x1})
ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000040)={&(0x7f0000000640)=[r2, r1], 0x2, 0x0, 0x0, <r3=>0xffffffffffffffff})
ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r0, 0xc05064a7, &(0x7f0000000680)={0x0, 0x0, &(0x7f00000005c0)=[0x0, <r4=>0x0], &(0x7f0000000080), 0x0, 0x2, 0x0, 0x0, r2})
ioctl$DRM_IOCTL_MODE_SETPROPERTY(r3, 0xc01064ab, &(0x7f0000000700)={0x2, r4, r2})

56.12415323s ago: executing program 7 (id=1177):
syz_mount_image$fuse(0x0, &(0x7f0000002080)='./file0\x00', 0x210a055, 0x0, 0x0, 0x0, 0x0)
openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x401c2, 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000b80), 0x4008, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}, {@uuid_off}]})
setxattr$security_capability(&(0x7f0000000240)='./file0/file1\x00', &(0x7f0000000280), 0x0, 0x0, 0x0)

55.835094955s ago: executing program 7 (id=1180):
sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='4\x00'], 0x34}}, 0x2000004)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000000), 0xffffffffffffffff)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000005000000180001801400020073797a5f74756e00000008000000000018000380140003801000018004000300080001"], 0x44}}, 0x0)
sendmsg$ETHTOOL_MSG_LINKMODES_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000001180)={0x38, r1, 0x7, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0xc, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x4}, @ETHTOOL_A_BITSET_NOMASK={0x4}]}]}, 0x38}}, 0x0)

55.608274672s ago: executing program 7 (id=1182):
syz_mount_image$f2fs(&(0x7f000000e000), &(0x7f0000000080)='./file0\x00', 0x10, &(0x7f00000002c0)=ANY=[@ANYBLOB="6e6f6c617a7974696d652c6661756c745f696e6a656374696f6e3d30303030303030303030303030303030313235342c6661756c745f747970653d30303030303030303030303030303033323736372c6772706a71756f74613d2c6e6f666c7573685f6d657267652c6e6f636865636b706f696e745f6d657267652c61636c2c67635f6d657267652c636f6d70726573735f63616368652c616c6c6f635f6d6f64653d64656661756c742c6e6f696e6c696e655f78617474722c6261636b67726f756e645f67633d6f66662c636865636b706f696e743d64697361626c652c00cef235c93369e015a17ee2ff7fb3ad2b9406058804552c36be902e976d7836f82ef7fe1a91fd5fe53fa7c93ff6227910f46434ee3e5b851845bcaeb4a5731075f9887d22e18a989131940a04c4b9064af9cc9519dd7aa9078ad5ac798fbd81aa90dd19ce130ce6f37c3303199b6026122d39fdf5de1d4949e33dfbf7"], 0x4, 0x550c, &(0x7f00000089c0)="$eJzs3M1rI2UYAPAn7Xa/XYt48LYDi9DKJjT9WPRWdRc/sEtZ9eBJ0yQN2U0ypUnT2pMHj+LB/0QUPHn0b/Dg2Zt4ULwJSmYmuvUDhKaN3f5+MHnmffPmmecNy8IzUxLAuTWf/PJTKW7ElYiYjYjrEdl5qTgy63l4LiJuRsTMY0epmP9j4mJEXI2IG6Pkec5S8dZnt4e31n588+evv7104drnX303vV0D0/Z8RHR38vP9bh7TVh4fFvO1YTuL3dVhEfM3uo+KcZrH/eZWlmG/Nl5Xy+JKK1+f7uz1R3G7U6uPYqu9nc3v9PIL9oetcZ7sAw9ru9m40dzKYrufZrF1mNd1cJj/33bYH+R5GkW+D7P0MRiMYz7fPGjm+9l5lMV6b1DM53nTRvNgFIdFLC4X9bTTyOrYOs43/f/2Vru3d5AMm7v9dtpL1irVFyvVO+XqbtpoDpqr5Vq3cWc1WWh1RsvKg2atu95K01anWamn3cVkoVWvl6vVZOFuc6td6yXVamWlslReWyzObiev3X836TSShVF8pd3bG7Q7/WQ73U3yTywmy5WVlxaTW9Xk7Y3NZPPBvXsbm++8f/e9+y9vvPFqsehvZb0Qy0vLy+XqUnm5uniO9v9xUXSyMLH9w7GUpl0AwNmj/wem4eT6/90HESff/4f+fyLOVP87LmuC/e953z8ci/4fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAODc+n7ui9ezk/l8fK2Yf6qYeqYYlyJiJiJ++wezcfFIztkiz9y/rJ/7Sw3flCLLMLrGpeK4GhHrxfHr0yf9LQAAAMCT68uPbn6ad+v5y/y0C+I05TdtZq5/MKF8pYiYm/9hQtlmRi/PTihZ9u/7QhxMKFt2A+vyhJLlt9wuTCrbfzJ7JFx+LJTyMHOq5QAAAKfiaCdwul0IAAAAp+mTaRfAdJRi/Chz/Cw4+8v7Px8IXjkyAgAAAM6g0rQLAAAAAE5c1v/7/T8AAAB4suW//wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPzOzv3cJg5EcQB+Nnhh/2nRau/byt6gjC1hj3uMKCBNUEAOpIU0QA3klhIiiPA4BCIOkTy2lej7JGcylvnxBsFhZqQBAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACALt1X68Xt1e/rtjm7fTt5RgMAAABcsq3Wi/qfWep/be5/b279bPpFRJQRcWnuPopPZ5mjJqd6ef7m9PnqVQ13EXXC4T0mzfUlIv401+OPrj8FAAAA+Lg2y9U8zdbTn9nQBdGntGhTfvubKa+IiGr2kCmtPOT9yhRWf7/H8T9TWr2ANc0UlpbcxrnS3qT+uR9X7aYnTZGa8uLLjkVmGzsAANCj0VnT7ywEAACAPv0bugCGUcTzVuZxK3CSmmZ77/NZDwAAAHiHiqELAAAAADpXz/97Ov9v7/w/AAAAGEY6/w8AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIAubav1YrNczdvm7Pbt5BkNAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwxP68o0AIhEEY7F3fmcz9DysNmpqaVIHw8TcGAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAwJvf/eX/xNQ4k8y9NpaeR5K1U2Pr1Ng7N47+ML5+DQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAX+/OSAiEQBFEwZ/zvpO9/WEnQM4gQAQ2PKmrRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADwRb/75f/E1DiTzJ02lo5HkrWrxtZVY+9B4+jBePs3AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXO/fzGkcVBwD8zc7OxlbFNcoeIqLgQS92u62tvYkHJXjwTxBCuq2xW3+0OdhSxFy8Sc69iB5FBCXe+j/0nEAu8ZbDHiJ4jszszO7kB7j+6Mwm+XzgzfvuMMz7vlkI+c57CQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEBh+O4kjtNDexQ38nObew+W037rUJ96tL69kLY0jqpM+mR4ufwh6ozDvTqSAQAA4GyIi/o+hLCTbCymfaOd1f9JcU1a83//7Cgu6vnDdX/RF7V/2n77dffF8UDt0TjpTW+sDPoXj6bSfHKznG3P/e0VzezJZ+9e4uwLaXyw9sIwyZ5n9O3jx++1snCuimwBgH/jQtHnQfH7UNr36kwMgDOjWSq8i/o/btebEwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEAVhmvh6SKOQggLzUmc2tp7sHxc/2h9e6FoVx8+XA9fT+6Z3iIJIdxYGfQvVjqb2Xb33v1bS4NB/071wSshhLpGfyef/q2Pprg4hFqej+D/Cfbn8i97RvI5IUGNP5QAADiVkryldf1OsrGYnovmQ9j/4WD9/3opDlPW/7sfX90sj1Wu/3uVzXD2dVdvf969e+/+myu3l272b/Y/fetS7+3e5WtXrlzrZu9Kut6YAAAA8N+08lau/xvzR9f/z5fiMGX9/8V3va/KY8Xq/2NNFv3qzgQAAOBse/7VP/+IjjkftVrhy6XV1Tu90XH8+dLoWEOq/9hc3sr1fzxfd1YAAABAFYZr0YH1/+ulOEy5/v/Mjy/9XL5nHEI4l6//X1j+bHC9uunMtCr+nLjuOQIAAFCvc3krr/8n2f7/xnjLQyOE8MZrozj/N4BT1f/x+9/8VB6rvP//cnVTnEmNzuh5ZH0nhGan7owAAAA4zZ7KW1rs/55sLH7yy/kPW/b/AwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFTtrwAAAP//RAE/8A==")
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000100)='./bus\x00', &(0x7f0000000440), 0x8, &(0x7f0000000140)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

53.542329672s ago: executing program 7 (id=1195):
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000d90000850000000e00000095"], 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000780)={0xd, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000000008500000022000000180100002020702500000000002020207b0af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000073"], 0x0, 0x0, 0x0, 0x0, 0x40e00, 0x10, '\x00', 0x0, @sock_ops=0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x39, 0x0, 0x0, 0x0}, 0x94)
bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18090000000000000000000000000000850000006d0000001801000020696c2500000000002020097b1af8ff00000000bfa100000000000007010000b8ffffffb702000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1f, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x12, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94)
bpf$BPF_GET_PROG_INFO(0xa, &(0x7f0000000740)={r0, 0x0, 0x0}, 0x10)

51.590470883s ago: executing program 7 (id=1214):
r0 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r0)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x3, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)

51.113566483s ago: executing program 36 (id=1214):
r0 = syz_open_procfs(0x0, &(0x7f0000000480)='task\x00')
fchdir(r0)
bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x3, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="18"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94)
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0)

4.944190429s ago: executing program 2 (id=1490):
mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x181)
r0 = openat(0xffffffffffffff9c, &(0x7f00000013c0)='./file0/file0\x00', 0x42, 0x0)
r1 = socket$inet6_sctp(0xa, 0x5, 0x84)
sendto$inet6(r1, &(0x7f0000000300)="8b", 0x34000, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c)
mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f00000002c0), 0x10044, &(0x7f0000000440)={'trans=fd,', {'rfdno', 0x3d, r0}, 0x2c, {'wfdno', 0x3d, r1}})

4.765726153s ago: executing program 1 (id=1492):
sendmsg$kcm(0xffffffffffffffff, &(0x7f00000006c0)={&(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x4e24, @multicast1}, 0x4, 0x4, 0x0, 0x4}}, 0x80, 0x0}, 0x408c5)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d8001c00180081064e81f782db44b9b545c7910006007c09e8fe55a10a0017", 0x1f}], 0x1}, 0x0)
sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000000)="d8000000210081044e81f7d28344b904020000", 0x2}], 0x1}, 0x0)
r0 = socket$kcm(0x10, 0x2, 0x0)
write$cgroup_subtree(r0, &(0x7f0000000000)=ANY=[], 0x33fe0)

4.578396296s ago: executing program 5 (id=1494):
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0x0)
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000001c0)={0x1, r1})
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f0000010040)={0x1, r1})

4.411019183s ago: executing program 1 (id=1495):
r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x19, 0x4, 0x4, 0x2, 0x0, 0x1}, 0x48)
bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000240)={r0, &(0x7f00000006c0), &(0x7f0000000000)=""/3, 0x2}, 0x20)
r1 = socket$nl_route(0x10, 0x3, 0x0)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'batadv_slave_1\x00', <r2=>0x0})
sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xfff1}, {0xfff3}}}, 0x24}}, 0x800)

4.251649001s ago: executing program 5 (id=1498):
r0 = socket$kcm(0x11, 0x2, 0x300)
setsockopt$sock_attach_bpf(r0, 0x1, 0x28, &(0x7f0000000000), 0x4)
r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001700)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0ff0100000079a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00000000850000000d000000b70000000000000095000000000000005ecefab8f2e85c6c1ca711fcd0cdfa146ec561750379585e5a076d839240d29c034055b67dafe6c8dc3d5d0f65acc0d06d1a1434e4d5b3185fec0e07004e60c08dc8b8dbf11e6e94d75938321a3aa502cd2424a66e6d2ef831ab000e271f17e3946ef3bb622e03b538dfd8e012e79578e51bc53099e90f4580d760551b5b341a29f31e3106d1ddd6152f7cbdb9cd38bdb2209c67deca8eeb9c15ab0300817ac61e4dd11183a13477bf7e860e3670ef0e789f65f1328d6704902cbe7bc04b82d2789cb132b8667c2147661df28d9961b63e1a9cf6c2a660a1fe3c184b751c51160fb20b1c690220b87b20581e7be6ba0dc001c4110555850915148ba532e6ea09c346dfebd38608b3280080005d9a9500000000000000334d83239dd27080851dcac3c12233f9a1ff032aec61ce63a38d2fd50117b89a9ab359b4eea0c6e95767d42b4e54861d0227dbfd2e6d7f715a7f3deadd713089856f757036303767d2e24f29e5dad9796edb697a8ad004eea0182babd18cac1bd4f4390af9a9ceafd0002cab154ad029a1090000002780870014f51c3c975d5aec84222fd3a0ec4be3e563112f0b39501aafe234870072858dc06e7c337642d3e5a815232f5e16c1b30c3a6a71bc85018e5ff22dc518afc9ffc2cc788bee1b47683db01a2f9398685211dfbbae3e2ed0a50e7313bff5d4c391ddece00fc772dd6b4d4de2a41990f05ca3bdfc92c88c5b8dcd36e7487afa407e2edfae4f390a8337841cef386e22cc22ee17476d738952229682e24b92533ac2a9f5a699593f084419cae0b4532bcc97d3ae526aca54183fb01c73f979ca9857399537f5831808b0dc2a2d0e0000000000000578673f8b6e74ce23877a6b24db0e067345560942fa629fbef2461c96a088a22e8b15c3e233db00002e30d46a9d24d37cef099ece729aa218f9f44a3210223fdae7ed04935c3c90d3add8eebc8619d73415cda2130f5011e4845535a8b90dfae158b94f50adab988dd8e12baf5cc9398fff00404d5d99f82e20ee6a8c88e18c2977aab37d9ac4cfc1c7b400000000000007ff57c39495c826b956ba859ac8e3c177b91bd7d5e41ff868f7ca1664fe2f3ced846891180604b6dd2499d16d7d9158ffffffff00000000ef069dc42749a89f854797f29d0000002d8c38a967c1bbe09315c29877a308bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aabf4df517d90bdc01e73835d50200a90800c66ee2b1ad76dff9f9003f07000099d4894ee7f8249dc1e3428d2129369ee1b85af6eb2eea0d0df414b315f651c8412392191fa83ee830548f11e1036a8debd64cbe359454a3f2239cfe35f81b7a490f167e6d5c1109000000000000000042b8ff8c21ad702ccacad5b39eef213d1ca296d2a27798c8ce2a305c0c7d35cf4b22549a4bd92052188bd1f285f653b621491dc6aaee0200e2ff08644fb94c06006eff1be2f633c1d987595ec3db58a7bb3042ec3f771f7a1338a5c3dd35e926049fe86e09c58e273cd905deb28c13c1ed1c0d9cae846bcbfa8cce7b893e578af7dc7d5e87d44ff828de453f34c2b18660b080efc707e676e1fb4d5825c0ca177a4c7fbb4eda0545c00f576b2b5cc7f819abd0f885cc4806f40300966fcf1e54f5a2d38708294cd6f496e5dee734fe7da3770845cf442d488afd80e17000000000000000000000000000000000000000000000000000005205000000dc1c56d59f35d367632952a93466ae595c6a8cda690d192a070886df42b27098773b45198b4a34ac977ebd4450e121d01342703f5bf030e935878a6d169c80aa4252d4ea6b8f6216ff202b5b5a182cb5e838b307632d03a7ca6f6d0339f9953c3093c3690d10ecb65dc5b47481edbf1f000000000000004d16d29c28eb5167e9936ed327fb237a56224e49d9ea955a5f0dec1b3ccd35364600000000000000000000000000000000000000000000000000000000000026ded4dd6fe1518cc7802043ecfe69f743f1213bf8179ecd9e5a225d67521dc728eac7d80a5656ac2cbde21d3ebfbf69ff861f4394836ddf128d6d19079e64336e7c676505c78ad67548f4b192be1827fcd95cf107753cb0a6a979d3db08407081c6281e2d8429a8639034a75f4c7df3ea8fc2018d07af1491ef060cd4403a099f32468f65bd06b4092140faed0c329be610c3082d43e121861b5cc03f1a1561f0589e0d12969bc982ff5d8e9b986c0c6c747d9a1cc500bb892c3a16ff10feea20bdac0000000000000000ca06f256c8028e0f9b4c8787361f3289f86a6826c69fa35ba5cbc3f2db1516ffc5c6e3fa618b24a6ce16d6c7010bb37b61fa0a2d8974e69115d33394e86e4b838297ba20f96936b7e4746e92dea6c5d1d33d84d96b50fb000000ae07c65b71088dd7d5d1e1bab9000000000000000000000000b5ace293bec833c13e3229432ad71d646218b5229dd88137fc7c59aa242af3bb4efb82055a3b61227ad40f52c9f2500579aca11033bb9cc16bd83a00840e31d828ec78e116ae46c4897e0800000092e9a1e24b0b855c02f2b7add58ffb25f339297729a7a51810134d3dfbf71f6516737be55c06d9cdcfb1e2bb10b50000eb4acff90756dba1ecf9f58afd3c19b5c4558ba9af6b7333c894a1fb29ade9ad75c9c022e8d03fe28bc358684492aa771dbfe80745fe89ad349ffaad76ff9dd643796caffdf67af5dd476c37e7e9a84e2e5da2696e285a59b53f2fb0e16d8262c080c159ce1d9be7ef3e3f40c14089c82759106f422582b42e3e8484ea5a6ad9aa5200002fe0e0caea1ad4cb23f3c2b8a0f455ba69ea284c268d54b43158a8b1d128d02af263b3dc1cab794c9ac57a2a7332f4d8764c302ccd5aac114482b619fc575aa0dd2777e881e29a854380e2f1e49db5a1517ec40bb3fa44f9959bad67ccaba76408da35c9f1534c8bd48bbd61627a2e0a74b5e6aefb7eee403502734137ff47257f164391c673b6079e65d7295eed164ca63e4ea26dce0fb3ce0f6591d80dfb0972d39e4b5589829b6b0679b5d6fccbecfae5553d9950d48c774eaa35b24fce69a20d8bc410d9f48bf7eac90529cd6af061c9e501ddddc620ce73c5d177e3d097159f2768636fc10276c6a0adc57483b3f7083f66b87ef296ee85e9bb70a3009a5d30f479e293a3302e11350ea857b37e76ca2f50378e4092ce2c574ad278b9b7b717c571afb2077b019fd9d89efd59b41f051ec5a8ff87ecc8df917a1e386d849fcd10e2f9ca52e02339c2f4666b0c545e25f1cd62421c28d25994be0cff7271a0dee38d7ac4ac736b090e1d29f981179186e4000000000000646174b55d251f7f8ca5ccc22a5efb33b237eff5597a3c3a5f3a9bb54abb40e54593e1a7ce4cfa17b3c3fe91c06363496341eae20dcc59b6179b32ddddef5c34000096a54c0c571a91878f61f74912e2299e5501d4d6943bfd74c856511726f0ac8f7d17f1c6b4451c1bcdc6b6e1700e4cd87709d97afc5423c96fa981873d4369b04bbf1fb9f68f17991540868e408201ad1a74179e489aa61f021a437a3fa935588be2068f7ff9b253106326fde795e530b93626cc68e06e602198724249b4445eef08401cd1a3e266db41474e69902e4d8f5da4e94cc36794258fd4032de7ab36bc24c5efd5c8495c1ccd580033c55725f2d60354f8ad5914a0155eaa743350ddb388f486b6de0549ef3b1b3c3b7d4d3a830ff39885776119408029be3788dd8422b1ab7b4c9d5b7d8682fd759c713108e1bdfc64b9121bbf07099def5c0ce3c861ae4b5cad8bba5a0b605908000000f96a59320309e25df89484522bb1d6eaa92164f9e4042cb689a45a898354c17b08705205a9189772bcbcb6414e44b33a2470d3bc16f761c332c34812382e57c0e0d83f3f565b9da5e7991ad8482579cc1b16c1fcec815a5482ae8b1779c5e339971a6ec1217b6478c2434a9a18dcc6c7c791e444a79d7ce37f9cf2a434b9048ca6a2fa254aa02cd098026798a6d336348af0fc11fa2809a5ebbe17ca4d0f889d518f64ee50f562b5fdb1f76d4a7fe14701f8ed0c6a55d66a6efea3e449e6b4783d66661a92f174f2b88cd544b2a8e1b05ea7cf51578169fff7765f9978883b4b5983b42a35a05dabfc325ec2a2ec2f9b0882fdcf5d6f72272d2ff0d8eea60f5494ba42b4d40f144f0ab680a6f40f9094d3afb58a1efd6109894b8605c6b3b3f020c222f6446195b2274f634fbb737948a1f36ea729467e132385e9da614e4625175f4443b97a675934db90010e4b884200c3546c4d86d712c3939e11be3343f693846f509ad4c445ade5cd6d126d5694462ac5d3b527c3bd51c0a715a28d65fe94b255d02cdc1fab99b5b9c352f1b284115e4046285a824d22b6f0afbed8d6096a72fef72ebd6aae78b02fa1993e8fe2020ae93aae2bcfffa40b98549f1fb9fcefa74329909a207336d07f6f59da423ac5fa47852055d5ce6d2c56bdbbcdbf3458ba478c669f39d5272e65c90908ea2cb86d38f8ebf80a8cb85d8399b42403c94b8662af5cf1411526f177b4d476169a5d5a8c37d0d8893a77d0bd47b8a0bba60b3e26094209c889585f997ff556bcd2cc223f9c0c44de9d0fe1b5a8a815f652e79747d3e1f413fa0575d51f652d22883e143065c5ad74bdc864754ba3dad5a8fc8fc2c807d1a51dfb29884adee415c13f2ce14d307bd6165ec6ba68a766adfcbe444ea72d586bb47dd98a225467aab538a77667d19bae2e51727ba6d190e6d7"], &(0x7f0000000340)='syzkaller\x00'}, 0x48)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r1, 0x18000000000002a0, 0xf, 0x0, &(0x7f0000000100)="b9ff0b078059268cb89e14f088a82d", 0x0, 0x28e, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50)
recvmsg(r0, &(0x7f00000017c0)={0x0, 0x0, 0x0}, 0x20)

4.003046451s ago: executing program 8 (id=1499):
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0)
syz_mount_image$fuse(0x0, &(0x7f0000000740)='./bus\x00', 0x283016, 0x0, 0x11, 0x0, 0x0)
mount$overlay(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000000b80), 0x0, &(0x7f0000000a80)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})
umount2(&(0x7f00000002c0)='./file0\x00', 0x9)
mount$overlay(0x0, &(0x7f0000000200)='./bus\x00', &(0x7f0000000b80), 0x200008, &(0x7f0000000000)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './cgroup'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]})

3.877311666s ago: executing program 2 (id=1500):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0x203cfa, 0x110, 0x2000003, 0x8069}, &(0x7f0000000200)=<r2=>0x0, &(0x7f0000000280)=<r3=>0x0)
syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd=r0, 0x0, 0x0, 0x0, {0x3}})
io_uring_enter(r1, 0x47f6, 0x0, 0x2, 0x0, 0x0)
shutdown(r0, 0x1)

3.664122293s ago: executing program 5 (id=1501):
r0 = socket$inet6_sctp(0xa, 0x1, 0x84)
setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(r0, 0x84, 0x71, &(0x7f00000000c0), 0x8)
setsockopt$inet_sctp6_SCTP_ADAPTATION_LAYER(r0, 0x84, 0x7, &(0x7f0000000080)={0x3}, 0x4)
setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback, 0x6}], 0x1c)
sendto$inet6(r0, &(0x7f0000000100)="b8", 0xffe0, 0x2000c851, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c)

3.663929063s ago: executing program 8 (id=1502):
socket$vsock_stream(0x28, 0x1, 0x0)
openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x400, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xe}, 0x94)
unshare(0x22020600)
poll(&(0x7f0000000000), 0x20000000000000b5, 0x9)

3.572710855s ago: executing program 2 (id=1503):
syz_mount_image$ext4(&(0x7f0000000400)='ext4\x00', &(0x7f0000000440)='./file0\x00', 0x0, &(0x7f0000000480), 0x1, 0x3f7, &(0x7f00000004c0)="$eJzs281rXFUbAPDn3nyUt2nfxFq/2qrTBjGgJk2iQsBNRUVBcKE7FxKaaSlOmtKM2BYXKoKr4saVrlzpH+DGhSDuXQmudC+FIMW1jNyZe5txMhMzyYyjvb8fTHLO3DOc88yZZ+bcc2cCKK1K9ieJOBIRP0fEdKv61waV1r/fb793Prsl0Wi8/lvSbJfVi6bF46byylwakX6UxMku/W5ev/H2aq1WvZrXF+rrVxY2r9946tL66sXqxerl5ZVnzi4trzy7sjywWG/ePvXTxuev/fHJmV+mnr/51gvZeI/kx9rjGJRKVKKR6zz22KA7G7GjbeVkfIQDoS9jEZFN10Qz/6djLLYnbzpe/HCkgwOGKvtsOtT78PsN4C6WxKhHAIxG8UFfnNsP4zz432zrXOsEaGf845HmbSY6zm8HKTvbuvbmx99mtxjSPgQAQLvvsvXPk93WP2nc39bu//m1oZmIuCcijkXEvRFxPCLui2i2fSAiHuyz/0pHfef6J721r8D2KFv/Pdd1/Vus/mJmLK8dbcY/kVy4VKuezZ+TuZg4lNUXd+njx1e++rLXsUrb+i+7Zf0Xa8F8HLfGOzbo1lbrqweJud3WBxEnuq5/kztXApKIeCgiTuyzj2/ONT7rdezv4x+uxhcRj3ed/+2roMnu1ycXmq+HheJVsdOpd6+s9ep/1PFn83949/hnkvbrtZv99/H1zOmtXsf2+/qfTN5olifz+66t1utXFyMmk1d33r+0/diiXrTP4p+b7Z7/x2L7mTiZzWNEPBwRj0TEo/nYT0fEmYiY3SX+l2Zfru4//uHK4l/ra/77L6wvff9Dr/73Nv9PN0tz+T17ef/b6wAP8twBAADAf0Xa/A58ks7fKafp/HzrO/zH43Ba29isP3Fh453La63vys/ERFrsdE237Ycu5nvDRX2po76c7xt/Ova/Zn3+/Eat56YY8I+Y6pH/mV/HRj06YOj8XgvKS/5Decl/KC/5D+Ul/6G85D+Ul/yH8pL/UF7yH8pL/kMpHeR3/QoKCndrYdTvTAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIPxZwAAAP//jYTnFQ==")
r0 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file1\x00', 0x40800, 0x15a)
ioctl$FITRIM(r0, 0xc0185879, &(0x7f0000000040)={0x8, 0x40000cca8, 0x4010})
r1 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0)
ioctl$FS_IOC_REMOVE_ENCRYPTION_KEY(r1, 0xc0185879, &(0x7f0000000000)={@desc={0x1, 0x0, @desc4}})

3.368607864s ago: executing program 5 (id=1504):
r0 = memfd_create(&(0x7f0000000000)='\xf3e\t\x9f\x918\xc0y\x01c\x1fnux\x00sV\ad\xb0l \xfd\xd7\x8e\x7f\x89\xb8\xc5;~\x04\x03~K\xfbP\x84=\xfa\x81\f\x1et\x10\x0e\xcf^9\xbe\\', 0x1)
pwrite64(r0, &(0x7f00000008c0)='/', 0x1, 0x0)
mmap(&(0x7f0000001000/0x1000)=nil, 0x1000, 0x4, 0x11, r0, 0x0)
symlink(&(0x7f0000001000)='./file0\x00', &(0x7f00000000c0)='./file0\x00')
openat2$dir(0xffffffffffffff9c, &(0x7f0000000640)='./file0/file0/..\x00', &(0x7f0000000080)={0x200000, 0x0, 0x11}, 0x18)

3.316022563s ago: executing program 8 (id=1505):
r0 = openat$mice(0xffffffffffffff9c, &(0x7f00000000c0), 0x8501)
fcntl$setstatus(r0, 0x4, 0x2400)
write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x20, [0xe, 0x8, 0xfffffff1, 0xe, 0x7f, 0x7, 0x10001, 0x7f, 0x6, 0x4d, 0xfffffff2, 0x5f, 0x7fffffff, 0x40000000, 0xffff2d37, 0x1dd2, 0x6, 0x7, 0x2, 0xffff, 0x7, 0x9, 0xffff, 0x3c5b, 0x1, 0x24, 0x3, 0xfffffffe, 0x3ff, 0x2, 0x24, 0x3, 0x3, 0x43, 0x7fff, 0x4c74, 0xf, 0x8001, 0x4, 0xa, 0x9, 0x80071, 0x5, 0xfffff000, 0x104, 0x1, 0x5, 0x803c, 0x4, 0x1, 0x3, 0x3, 0x5, 0x4, 0x8, 0x0, 0x80, 0x2, 0x5, 0xa, 0x8, 0x7, 0x1, 0xfffffffe], [0x10000004, 0xfffd, 0xfff, 0x8000, 0xc, 0xfffffff5, 0x129432e6, 0x3, 0x6, 0x0, 0x2bf, 0x8, 0x9, 0xffff7ffe, 0x3, 0x4002, 0x101, 0x5, 0x2f, 0xe, 0xfff, 0x78, 0x10000ea3, 0xa, 0xe, 0x0, 0x8000, 0xfffffff8, 0x400, 0x101, 0x3, 0xfffffffd, 0xff, 0x1005, 0x7ff, 0x5f31, 0xc, 0x6000000, 0x6, 0x2, 0xc, 0x4, 0x9, 0x8, 0xfffffff9, 0x6, 0x5, 0x4, 0x1, 0x0, 0xffff, 0x0, 0x7f, 0xb, 0xfff, 0x1000, 0x4, 0x143, 0x7, 0xb, 0x9, 0x48c93690, 0x2, 0x3], [0xfffffff9, 0x4, 0xffffffff, 0x64e, 0xfffffdfe, 0x5, 0x8d2, 0x9, 0x5, 0xfffffff7, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x2, 0x10000009, 0x3ea, 0xb, 0x5, 0x6, 0x2, 0x14, 0x87, 0x0, 0x5, 0x3ae2, 0x3b, 0xda6, 0x5, 0x80, 0x7, 0xfffffffe, 0x202, 0x0, 0xa2, 0xa, 0x53cf697b, 0x3, 0x3, 0x1, 0xbf, 0x200, 0x0, 0x400002, 0x8, 0x4, 0x5, 0xf23, 0x0, 0x6, 0x8, 0x9, 0x3, 0x6, 0xd, 0x4, 0x3], [0x9, 0x7e06, 0x3, 0xb, 0x5, 0x938, 0x6, 0x3, 0xfffffffc, 0x5, 0xce7, 0x1ff, 0x6, 0x5, 0x5, 0x0, 0x101, 0x10003, 0x2006, 0x7ffb, 0x8ffff, 0x6, 0x100002, 0x2, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x6, 0x400006, 0xffffffa1, 0x5, 0x9, 0x8, 0x4, 0x50fd, 0x10001, 0x3, 0x9, 0x100, 0x9, 0xa, 0x2, 0x80000007, 0x6, 0x1, 0x7fffffff, 0xfffffffe, 0x8, 0x6, 0xa23, 0x8, 0x9, 0x1, 0x6c1b, 0x2d513b50, 0x4, 0x5, 0x4b1c, 0x1, 0xa, 0xffff7441, 0xfff]}, 0x45c)
r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x822b01)
write$char_usb(r1, &(0x7f0000000040)="e2", 0x918)

3.261493823s ago: executing program 1 (id=1506):
r0 = socket$inet_tcp(0x2, 0x1, 0x0)
setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f0000000000)=0x1, 0x4)
bind$inet(r0, &(0x7f00000001c0)={0x2, 0x4e22, @local}, 0x10)
connect$inet(r0, &(0x7f0000000040)={0x2, 0x0, @remote}, 0x10)
syz_emit_ethernet(0x82, &(0x7f0000000580)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x1b}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x9, 0x74, 0x68, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x4000000000000115, 0x1, 0x2, 0x0, 0x0, {[@eol, @md5sig={0x13, 0x12, "6e7bedf236dafc2462cdba45d0c59d14"}, @md5sig={0x13, 0x12, "4693c6ac149bb62237a7d71577d74029"}, @sack_perm, @md5sig={0x13, 0x12, "51d696aa9b83aab0111d60c636b4ec25"}]}}}}}}}, 0x0)

3.227376696s ago: executing program 2 (id=1507):
socket$nl_generic(0x10, 0x3, 0x10)
r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0)
r1 = syz_usb_connect(0x3, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000371055900090582eb1000000001020009050276"], 0x0)
syz_usb_control_io$cdc_ncm(r1, &(0x7f00000001c0)={0x14, 0x0, &(0x7f0000000180)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0)
syz_usb_ep_write$ath9k_ep1(r1, 0x82, 0xc38, &(0x7f0000000dc0)=ANY=[@ANYBLOB="7c2f0aec9d222ea5ee20e6b25cf191669d6293d87d67cbc22a8dca55b40c545d1439d9ab278a279afd807e25e3c9aacca664836fec718e063c9b06cd66442b6407fec5c3e5cd9d0f1001c90a801c4fadce8e13a5e0209edf5c5693acccefa24d4f5a2ef062e701d054d19e9e6340a1651e05fd87b70942c679234426f9b19c0723563d0e38ec970aec02a6154ab61081aae03050d00192bd9d59977bb2f1297a7cd0571a0dfc5688a8e3d5f4a226b7e397b43c186967c74821bc70005059ab5606c70045a6a9915285c8215b9abd839f50530dde8ad500d70d8f7c1a0093293e6d632f8e8939f3199ab4ec92caed14c26975b57578c8ea666a2e4253ca9516f3c07bdc5ad27c2ff29e1569795f9dfbd1b92919432e423ff4f9a35b77419d6a8540fc9431ca78e05e278bef5a21b1423a3c9f7c1e2bd16a1ecdfde51cfa4aef38e6afb92770bcefb5fcb277ccede1ddc8647db538661b3d10effa1b6f705ef1b74e5bea20b4f98421b7b4be4c5c6be101f5503a4ecaffae335ef565920d678ed5b41031122b21f9d9b7f270b95f94624a7ddc657c83d3722a8d01f321fd7f685fc74d61a4e1914dda6df4be639c4910c56a84c24a41b9ef07eee4083dd9a30a53a58b50186c12180da4186fe5845b6b325fd112378a82d53bee449bc9d4c2d4331a1323c69c99c778560fc2142d138b23000c5403156cd8223f07a73811ab5b81e287bd6ad95c2fefce002ac77a1ac74d5e868870f29277da69987652b0055b3072efab2fe56fe0fe287f7d51aa772b2e3ae77954a938be2792442e1ab2e6fc078d821c70222142568b6db9609f1db23e8a4a460b9fbbeb48469e6bf0acffd85af86e69535a95c02c30d5ad776002c48e19e134688780bbafaf81097358b0c8f63bcefb61d8f29aacb3dc1a485bb7343539387f1e83b9283674bdc0d7fe8bf86948439f4b4a20e2832c560c743e4c2d37eddbf341c47f71a93101a08a533e96601f98752531428944d88c836c7d7a082859a3120721afd99130e83f689720638e889ddf4a23228dc23e955ae67fe5447e134b63f4c72e5664d2ed8a7406568e08f3582661006cf5800615fc4a5ec88ef3361ea027d2a1a550ac3e017a212570cd145fcc2e1984e4fca28bf4110f33a5ac847fcd3605e546ee8ea49a7ddba1c89a19814c498e9d5259db7fd6f908c7a8657d42f895380c88ac85cdc183f6b61172b966a41888ceae895eaf18cb8da8d1918411b297959a8abacf8c4cee15ca87048aae13ffe068dee23a9edc2b259aeb0595b7ed2633431067a999f915934aef1be5f360f0db726f24e8eb89adb8db535de6fd7c06678831d17e47c67cd22f047b92d8fba83a49a1285def4dfdf634408cb05ae73f24df76e7393d1e90d40c50bd388bb53e281b889084a1a19efdfa6be16aed1a621d964c1ac332b65765e7440ccc75ef44851409c458905127bd161bf98cb6a3681af073e3650f52d5ee691c347e86360c3aebae4a691b2485d68c57d09e269656b1efbfd3413d54c8d3e467c0bfa84669d0cc5e9cfd50b9c79171f8b6a5e66e8c6f66c0916083b8e8a464498aed3badd2f267fb56adb0953b9ebd0370f941d796abffa81722d502c8d1e9d844802f4197067598b2394dddf76641f9c2ec0403bd379e8f712668b98e1121a27888b227104875999cd562fa9833458879652bfeffabc6bbb5c354dc36ad91354ccb5050d69b28b562a72bbf277f96bd1d5dc6408329f6f850a96762a6aebf2a7b5bacbbc032be8b29c453867a47094289f6b8aa38f85051fc4d4478a02af664b3250a396583001a7971cfa6f5a4931e32e7bfb7b4c3f7be3bc5f91ba46554773b9102dbd4aba4344c6fe87bd050f79175d7918d57bc137cde33a884bba63a1adf6e7e71ba783eb1fe689b23d3ad18627b0b229c0d982631308a88c4bf1e2079eb0fcc486ef864e7c6a75cce17b133577fa88d62807398b8a795ae2bb7610f8b17cfc56ff11b8ffc4aa316e60400000000000000467c4d632657d4cac3cc1bda8c2c6207915a89f76bf1fd61c156ba8720bb8048601cd1221f6996e6f04e44b842e00a4487cd59501a65db1f6ade7f22ba5d7ee8e67125e284eef41ad5f2069a48cc71c621eb08d832ef8592874199c5c03249d3ee03422535c2be6919c43724277d56a885ab67753ae8d7f1317b7e534bb1a111a0edb5d298c1374c7824a80fb00ae268f2fd641f1b2a12f712d9a5e027957941ffb4218c6d8a8e7950dca0b4c9018dcfb67244a30080d54781b5111c85cd89e08f51c55975301ff389baf2242ef0fb662122a2eb89c1dcaf82d6391906a1b235635e6c484cd5fa32bc80ce68d505df9a9c6b21e222c3b9330243b8e02a3e661c20e0da633d88f7debaf6643654050ab73613dbea6176109b5c35c4d280739aee77f81a1b58efa9e606259f45745b69523bc81828cfcfffd185ad51b4b183b7a1ef86757172ef67a4f153b7c3a3e99f15ef5b09d81cd1ccec8016ecc9864ccf2efdbf7a79ff9ba814a4a9e3124d735a591c649cdefa98bd569c5f4db18a537c55544c671d398ec50d9fc2b1ca1f9b0278acc9a21779c3815fcb0ee1c66c774b6591e8f6b5c9828db8a5d104213cd4513974be404a50c11009c15a1e2aaa81abc6c706c341f145f975717819c4429007ee648f6c3fca45d714981cd9240beea8b02a19e0ddb083dc8115d64d75ab087c87e00792b8b83551ca82b311444067923656b0e70015ca4775da3d5e984ea8af20955f92d9cbd9acca8cd258df4276a118505d440b74e93bd0b97caeb0e24dbb09e7dbdfe0c3b4bdc0983a7d1eee02bee9c5d381bfbd7dfbb6329539698477f3a8bc7f82c01588d679a167e91487f150e5923cbf3030f09c8fb89cf178f5e953618887b7e56afdfd6a6b5e3003cecdbcba76ed86bc48907fada5e0178f9194970323ae9c818215ae2feb1ee56b289d83e8e9d2ab27056ede5651d2a92a93dd3d6c519ac128a44f1414f93e96c55485a73f3cb7e4750d0f2a2acef87e46a7012a30712f7cfe2ac9372af0efcb6475e3a1a8db1961040002915038412b892eee569aae8f38fb07c27aef5bbab7750a244a7c3b0193004246afa1a72368db45cd3649a89b54e880ea12c92beb59e366d7893f725bb8080aebcd3585fff686d03eddc33af248cecc5198bda6f395b55294821f6853232cb5bde67a4166a35224cd9c5b54e6b5a38376b1fdfaeb7563a8ea93148997e2bf490c67916f059e3e1992a986f96d2720a6418cf8c57d6e72eb90d7ca59a3a20fd414e404900aa4a45f381ff7828e15558b4862055bf795c9134836878999200e71e9ba9f83a2e28955c7b37244f3abc8f9d15a5e6c3d9b2f76620b3b2bcb13c0c44c63b9bddd51e339aedfc3a4d995df0eca66c6891ca9099923577e7cd84cb58cf0d6d6eda2baeb00775c4e717e31dbc881615d5f1a0898017954e882a444017e947b1fc05fdcf4495c5dbe3b7b4ce4c1535070fbc64d135df094fe4f6cdd452e7a5f844145af9b746dc5eecede9a834de1ff65525ea3017478ee08dc1bcff852a9d2ad94f46840bdcf1b6226fb0cdb620787692e52aae3b9b703f30b3ce6ca6dcaeb8b3a5884c30c570b29741c70ad99f5d7f463c7e5e1b4bbaafae33e789c0ae1114674732d50c0a799bfa6388365c392d47c3e0d2992a61d21e4ca034ed3d386fe959a94601a4007f1f2060b59359747635b076db7697ba5ad45af0423dbb9966113fa5eb59118cac394c2e2b17ebec1b7ce18ede120b1f56956b12a95de708e780ba7a1ac3a9e31267a2c195acfcb3b20c2f5d20de288846045211da53649a6d8b23008449b763fe6a58243cde95093a9755e5725307af09c997520f159f4ec7d1e687a0cf5148721062ecc6b080f65a550730da9257f1515a10830e29b85de3138a77ee8d2f0cb129c971417d7bbcd982d684b697364084c5764bafb4e2211a82e8c962eefb1f000ac8f5f2567b580931676943cea9b95977d842c247a98672b5c73594eb51f927ee5ec2b0c45eda29fb83a092880e542c60113ca653923aa0c16e2e1604e5f437876cb7fa7d1668584f8800ff80804d41c7b89e9cba341fed8d260a6abd0fc242ba6b3d624c91c468e269069d0a121f0951c3765f18693a2c547d9bc924058d0ecece5c7802126d293d3033d6bbf83d4b8b0144d27cbb985dba465d75b62a93bf7a438cce59f", @ANYRES8=r0])

3.084153907s ago: executing program 1 (id=1508):
r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x2, 0x0)
r1 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0)
connect$bt_l2cap(r0, &(0x7f0000000740)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x14}, 0xfff}, 0xe)
r2 = syz_init_net_socket$bt_hidp(0x1f, 0x3, 0x6)
ioctl$sock_bt_hidp_HIDPCONNADD(r2, 0x400448c8, &(0x7f0000000280)={r0, r1, 0xc, 0x0, 0x0, 0x9, 0xc9, 0x15c2, 0x9, 0x9, 0x1, 0x1, 'syz0\x00'})

3.078238616s ago: executing program 8 (id=1509):
setrlimit(0x40000000000008, &(0x7f0000000000))
setuid(0xee01)
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$sock_linger(r0, 0x1, 0x3c, &(0x7f0000000180)={0x200000000000001}, 0x8)
sendto$inet6(r0, 0x0, 0x0, 0x404c881, &(0x7f0000000400)={0xa, 0x4e24, 0x0, @mcast2}, 0x1c)

3.008415082s ago: executing program 5 (id=1510):
r0 = socket$inet_sctp(0x2, 0x1, 0x84)
connect$inet(r0, &(0x7f00000001c0)={0x2, 0x4e23, @private=0xa010101}, 0x10)
sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e24, @rand_addr=0x5}, 0x10, &(0x7f0000000480)=[{&(0x7f0000000380)='^', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x0)
shutdown(r0, 0x1)
getsockopt$inet_sctp_SCTP_GET_PEER_ADDRS(r0, 0x84, 0x6c, &(0x7f0000000740), &(0x7f0000000440)=0x8)

2.84793382s ago: executing program 8 (id=1511):
syz_mount_image$f2fs(&(0x7f0000000000), &(0x7f0000000080)='./file1\x00', 0x0, &(0x7f00000069c0)=ANY=[@ANYBLOB="6c617a7974696d652c6e6f696e6c696e655f78617474722c6c617a7974696d652c6e6f626172726965722c6163746976655f6c6f67733d342c757365725f78617474722c6d6f64653d6c66732c616c6c6f635f6d6f64653d64656661756c742c00be9ee044c45511e65887f6fac9eba6d787c3684a836f23dbf8ad3dd5931c08b4d8bde7e8acbbf3bf3326f2faa5952a332ad2ced40c98a2affa2dad4d623f9ff3ffa81e45095548ab6200f069d0f63d20fd71d3043b0dd5c4cf9785f3f531abc19bc1678f5e0b33006bd1049ca45fd8500d67a5aa6e1c23d900000000007867738729e703bb122283fb2fae9813a0cfefcdf3dc968af1cf80e96649d943198a96d9b1af9c91506b30922be8537f54e65cf60c6b6a5798955796aea325770d6ccc93a95fad93b2c7bad114fcbc55036a301c23b07073c71555791db8919235022bb0ee4294211ab9b43f3fbedecd223722d937aa22b31e2e9c97e5ea94e4ab83d4e5811c7556813c334aec856af0a0c12b3c93ba5aa906c6e2268a0c6cbbb13f496d87c608604eb02b2c031d5ae40c75"], 0x1, 0x5531, &(0x7f0000000b00)="$eJzs3EtvG1UUAODrpOmbEiEW7DpShZRItVWnSQW7AK14iFQRjwUr6tiO5db2RLHjhKxYsEQs+CcIJFYs+Q0sWLNDLEDskIo89wY1PCpQHJsk3ydNz8yd6zPnjqpEZyZyAM6s+ezXn0vhWrgUQpgNIVwNodgvpa2wGsMLIYTrIYSZJ7ZSGv9j4HwI4XII4dooecxZSqc+vzm8sfLTW798892Fc1e++Pr76a0amLYXQwjdrbi/240xb8X4MI3Xhu0idpeHKcYT3UfpOI9xt7lRZNitHcyrFfF2K87Pt3b6o7jZqdVHsdXeLMa3evGC/WHrIE/xgYe17eK40dwoYrufF7G1H+va248/2/b7g5inkfJ9VKQPg8FBjOPNvWZcz9ajItZ7gzQe8+aN5t4oDlNMlwv1vNMo6tg4yp3+f3u73dvZy4bN7X4772UrlepLleqdcnU7bzQHzeVyrdu4s5wttDqjaeVBs9ZdbeV5q9Os1PPuYrbQqtfL1Wq2cLe50a71smq1crtyq7yymPZuZq/ffz/rNLKFUXy13dsZtDv9bDPfzuInFrOlyu2XF7Mb1ezdtfVs/Z1799bW3/vw7gf3X1l787U06S9lZQtLt5aWytVb5aXq4sld/+h3/X9a/yep6DGuH46k9LSTDyZXB8AJov8HpmGi/f9cGHv/H/T/Y6H/P7Prf5wc7QZytj21/wcAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA4DT7Ye7LN4qd+Xh8JY0/k4aeS8elEMJMCOHx35gN5w/lnE155v5h/tyfavi2FIoMo2tcSNvlEMJq2n579rjvAgAAAJxeX318/bPYrcd/5qddEJMUH9rMXH0wpnylEMLc/I9jyBLSw6bw/NGrikb/v8+FvTFlKx5gXRxTsvjI7dy4sv0rs4fCxSdCKYaZg5nnJ1oXAABwnA53ApPtQgAAAJikT6ddANNRvGlNf4ufXvNdiCG9ELx06AgAAAA4gUrTLgAAAAA4dkX/7/v/AAAA4HSL3/8HAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL+zcze5aQNRAICfDS609AdV3fcq3cExeoQuu4y4CkcgV8gFOAPZZZtdBBH2JAoRhBAbE6Lvk+xhbOvxjPDijUcDAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABzTdTEbX1787teNs1zV08zdAAAAANssitm4/DCs+oN0/Fs69DP1s4jII2Jb7d6JTxsxOylOseP64lkOVxFlhPV39NL2JSL+pO3ux7F/BQAAAPi45pPpqKrWq93w1AnRpmrQJv/6t6F4WUQUw5uGouXr3a9XXbraPz60/n934/+Os9lhqZUDW1F7ysyDcsit21S0/TrpcX9s+k+arGry9tIBAADaslkJtFiFAAAA0LJ/p06A0yjfeqa5+GkCf69q0gvBzxs9AAAA4AwdOusZAAAAeI8GL54t6/8zWP/v+631/wAAAODNqvX/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOKZFMRvPJ9NR3TjLVT3N3A0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAPfvzjsIwDAZhcJMor07oAr7/Lc2C3bp1MwOCj38rAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABceRwvzzNejZlso9eZ5N3zSvLp1Ph2avw6N/5Jxrr7NwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA7+/OSAiEQBFEwZ/zvpO9/WEnQM4gQAQ2PKmrRAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADAF/3ul/8TU+NMMnfaWDoeSdauGltXjb0HjaMH4+3fAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAXO/fvGzcVBwD8e+fzlRYQIaAMQYhKDLDQ9FpaujKAIgb+BKQovZbAlR9tBlpVoCxsKHMXBCNCSKCw9X/o3EpdytbhhiIxMYDss5PXo4iDKvaRfD7S8/vacvy+z4mifP2cAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAKA2fnMvzorNwiTuVsduP7i+XvR3pvrCze27y0Ur4s7fXP+L/Up8/r2Y7nSW2ksEAACAwyOr6/uIfuQ7q0XQXSjr/7w+p6j5v3l6Etf1/HTdX/d17V+0n3+6//zuQAuTcYqLXtgYDU/+NZVeto/znGfP/OMZvfLOl89esvIb0n1n67lxXt7Pzle3br3VL8MjTWQLAPwXJ+q+Cuq/h4p+0GZiABwavaoV7lX1f7bQbk4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATehvxZN13ImI5d5eXLjz4Pp62U/t39y+u1y3szdubKfXLC6RR8SFjdHwZFMT+R+4cvXah2uj0fBy88FLEdHe6FXw3gznRLSZoeBxg271sz7bVx2PiPZzbj9o+RcTAAAHTl61oq6/l++sFsc6ixF/fPtw/f9KEkda/0/1af1///2zt9Ox0vp/0NgM59/K5qVPVq5cvfbaxqW1i8OLw49ePzV4Y3D63Jkz51bKZyUrnpgAAADwePpVS+v/7mLEeGr9/1gSx4z1/6dfDz5Px8rU/4+0t+jXdiYAAACH27PHf/u184jjnX4/Plvb3Lw8mGx3909Nti2k+q8dqVpa/2eLbWcFAAAANGG81Xlo/f98EseM6/9PfffCD+k1s4g4Wq3/n1j/eHS+uem05PeZzmri34n3faoAAADMtaNVS9f/8/L9/+7uKw/diHj15UlcfQzgTPV/9vaX36djpe//n25uinOpuzS5H2W/FNFbajsjAAAADrInqlYU+7/kO6sf/Hjs3b73/wEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACa9mcAAAD//6vIRLE=")
r0 = open(&(0x7f0000000180)='./bus\x00', 0x14d27e, 0x0)
r1 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0)
fallocate(r1, 0x0, 0x8003, 0x7)
ioctl$EXT4_IOC_GET_ES_CACHE(r0, 0xc020660b, &(0x7f00000000c0)={0x0, 0x800e3, 0x0, 0x100, 0x1, 0x0, [{0x5, 0x100000001, 0xffffffff, '\x00', 0x201}]})

2.630827626s ago: executing program 9 (id=1513):
socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000300)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.swap.events\x00', 0x275a, 0x0)
setsockopt$sock_attach_bpf(r0, 0x1, 0x2a, &(0x7f0000000100)=r2, 0x4)
sendmsg$unix(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000140)="17fb95d1cff5", 0x6}], 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="14000000000000000100000001"], 0x18, 0x80}, 0x40000)
recvmsg$unix(r0, &(0x7f0000000980)={0x0, 0x0, 0x0}, 0x40000062)

2.422712754s ago: executing program 9 (id=1514):
setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f0000000040)={@ipv4={'\x00', '\xff\xff', @empty}, 0x4, 0x2, 0x0, 0x2, 0x0, 0x4}, 0x20)
r0 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan1\x00'})
r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1)
ioctl(r1, 0x8b32, &(0x7f0000000040))

2.136173917s ago: executing program 9 (id=1515):
unshare(0x26000400)
r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x0, 0x0)
syz_usb_disconnect(r0)
syz_usb_connect(0x6, 0x24, &(0x7f00000003c0)=ANY=[], 0x0)
ioctl$EVIOCRMFF(r0, 0xc0085508, &(0x7f00000000c0)=0x10000000)

2.080604837s ago: executing program 1 (id=1516):
r0 = syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0)
io_setup(0x3, &(0x7f0000000180)=<r1=>0x0)
io_submit(r1, 0x1, &(0x7f0000000800)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}])
r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80343, 0x0)
ioctl$SNDCTL_SEQ_RESET(r2, 0x5100)

1.945631129s ago: executing program 5 (id=1517):
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xf5b67000)
r0 = syz_open_procfs(0x0, &(0x7f0000000040)='smaps_rollup\x00')
mprotect(&(0x7f0000089000/0x3000)=nil, 0x3000, 0x5)
madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15)
lseek(r0, 0x2000, 0x0)

1.536118527s ago: executing program 1 (id=1518):
r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000003005740ed0b0011c3ec000000010902120001000000000904"], 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000))
timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0)
syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000004c0)={0x44, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})

1.066395103s ago: executing program 9 (id=1519):
r0 = gettid()
timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc))
timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0)
r1 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0)
ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f00000002c0)={0x10000000, 0x40000c, 0xd229})

539.992888ms ago: executing program 9 (id=1520):
r0 = socket$nl_generic(0x10, 0x3, 0x10)
r1 = socket(0x10, 0x80002, 0x0)
r2 = syz_genetlink_get_family_id$batadv(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f0000000280)={'batadv0\x00', <r3=>0x0})
sendmsg$BATADV_CMD_GET_NEIGHBORS(r0, &(0x7f0000004340)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000300)={0x1c, r2, 0x331, 0x70bd25, 0x40000000, {0x8}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r3}]}, 0x1c}, 0x1, 0x0, 0x0, 0x404400c}, 0x0)

468.235494ms ago: executing program 2 (id=1521):
r0 = socket$inet6(0xa, 0x800000000000002, 0x0)
setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000340)=0x63ba, 0x4)
setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000000)=0xb2, 0x4)
sendmmsg$inet6(r0, &(0x7f00000002c0)=[{{&(0x7f0000000b00)={0xa, 0x4e23, 0x0, @local}, 0x1c, 0x0}}], 0x1, 0x0)
recvmmsg(r0, &(0x7f0000000940)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001f80)=""/130, 0x82}, 0xdb30}], 0x1, 0x40002042, 0x0)

243.051058ms ago: executing program 8 (id=1522):
syz_mount_image$ext4(&(0x7f0000000040)='ext4\x00', &(0x7f0000000200)='./file1\x00', 0x200000, &(0x7f00000000c0)={[{}, {@usrquota}]}, 0xfe, 0x57b, &(0x7f0000006180)="$eJzs3U1rVFcfAPD/nSS+JD4aQeRpFyXgohbrxCR9sdCFXZZWKrR7OyTXIE4cyUzEpEJ1UTfdFCmUUmnpB+i+S+kX6KcQrCBFQrvoZsqduaNjMpOMMXFS5/eDq+fcc2/O/c+95+ScnBkmgIE1kf1TiHglIr5JIg61lQ1HXjjRPG710fXZbEuiXv/0zySSfF/r+CT/fyzP/D8ifvsq4kRhfb3V5ZVLpXI5Xczzk7WFK5PV5ZWTFxdK8+l8enl6Zub02zPT7737zvqT924t1jfO/f39J3c/PP31sdXvfnlw+HYSZ+JAXtYex3O40Z6ZiIn8NRmJM2sOnNqGynaTpN8XwJYM5e18JLI+4FAM5a0eePl9GRF1YEAl2j8MqOYMINOc2284D66/fLO8hx80J0Ct2J/EnzT/NhL7GnOj0dXkqZlR9kqMb0P9WR2//nHndrbF9v0dAmBTN25GxKnh4af6v4PR1v9t3akejllbh/4PXpy72fjnzb0dxj+Fx+Of6DD+GevQdrdi8/ZfeND5zC0uAq2Rjf/ej07jv8eLVuNDee5/jTHfSHLhYjnN+rasmzweI3uz/EbrOadX79W7lbWP/7Itq781Fsyv48HwmlDnSrXS88Tc7uHNiFc3Gf8mHe5/9nqc67GOo+md17qVbR7/zqr/HPF6x/v/ZK6TbLw+Odl4HiZbT8V6f906+nu3+vsdf3b/RzeOfzxpX6+tPnsdP+37J+1WNpHki6bP+PzvST5rpPfk+66VarXFqYg9ycfr90830z+25VvHZ/EfP9a5/W/0/O+PiM97jP/WkVtdD90N93/ume5/l0Q96Vp076MvfuhWf2/931uN1PF8Ty/9X+crHc1Ln+dpBgAAAAAAgN2rEBEHIikUH6cLhWKx+f6OIzFaKFeqtRMXKkuX56LxWdnxGCm0VrrH2t4PMZW/H7aVn16Tn4mIwxHx7dD+Rr44WynP9Tt4AAAAAAAAAAAAAAAAAAAA2CXGunz+P3N/qN9XB+w4X/kNg2vT9r8d3/QE7Ep+/8Pg0v5hcGn/MLh6b//3d/Q6gBfP738YXNo/DC7tHwaX9g8AAAAAAAAAAAAAAAAAAAAAAAAAAADb6tzZs9lWX310fTbLz11dXrpUuXpyLq1m2dnibGXxSnG+Upkvp8XZysJmP69cqVyZmo6la5O1NKlNVpdXzi9Uli7Xzl9cKM2n59ORFxEUAAAAAAAAAAAAAAAAAAAA/MdUl1culcrldPHlShTy8Ho4OGkkDuYn7IaL70NieOunD/f94iV2ItHHTgkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1vg3AAD///vcKao=")
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtfilter={0x24, 0x2c, 0xd27, 0x30bd29, 0x25dfdc00, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {}, {0x8, 0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x20000010}, 0x20000000)
syz_mount_image$msdos(&(0x7f00000002c0), &(0x7f0000000280)='./file0\x00', 0x180c8, &(0x7f0000000580)=ANY=[@ANYBLOB="6e66732c646f74732c636865636b3d7374726963742c646f74732c6572726f72733d72656d6f756e742d726f2c00fc403bb14281bbfb9b8213bd6284536d64789a24dd73b98b3e33cb47fed8a736464bb62e9e891aa832722dfc28bfa4489b3a127a503e72326b737d0f67c97be6f37ef46154dec39ef8718946ffc8cd4d735a0b101c1722477bbe2f923577ea51f7116f17c3ddf5c497fba2d0bb3272d123b31e9461d4e2d65a42e1174fa269de92e463fc1ca202650fe2628e15341e45dce6c0de2367bdb50cc5b2b462e1d45fc3265f1a88561ab6afb1b73a3b340b5c5fc6e601843a59f3cdeb36991cfa985453287d4c9d2d6e21adddc57a607369c682e821b20dc0efd51d12f386f3f8e53c05e696e50c7c3f79b1b0bd7e5cfaf3f63d8949c8dd2fd94aa0f259a4cb9412c30c45f9d4d63d267d2a43f03a47fa56b3"], 0x1, 0x242, &(0x7f0000000300)="$eJzs3bFqFFEUBuBjskmWNKYWiwEbq0WtbBeJIA4IK1No5UC0SUSYNKPVPIbP4CP5GKnSjZhZsklcbczm7s58Hyz3wM/Cuc3eLc6d+fDw8/HRl9NP7c/vMR5nMYpo2jbiILZiOzr35uvWRb0bVzUBAGya2aycpu6B1aqqabkTEXt/JMWPJA0BAAAAAAAAAADw35bN/8e5+X8A6DPz//1XVdNyf/7/7Trz/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEA65217v/3HJ3V/AMDtc/4DwPA4/wFgeJz/ADA8b9+9fz3N88NZlo0jzpq6qItu7fKXr/LDJ9mFg8W3zuq62L7Mn3Z5dj3fif15/mxpvhuPH3X57+zFm/xGvhdHq98+AAAAAAAAAAAAAAAAAAAArIVJdmnp/f7J5G95V115PsCN+/ujeDC6s20AAAAAAAAAAAAAAAAAAADARjv9+u24PDn5WCl6U8TztWjjrouItWijL0XqXyYAAAAAAAAAAAAAAAAAABiexaXf1J0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAQDqL9/+vroiIpu2k3i4AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADQY78CAAD//139ms4=")
mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1)
renameat2(0xffffffffffffff9c, &(0x7f0000000280)='./file1aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0)

110.903302ms ago: executing program 9 (id=1523):
socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={<r0=>0xffffffffffffffff, <r1=>0xffffffffffffffff})
setreuid(0x0, 0xee01)
r2 = getpgid(0x0)
fcntl$setownex(r1, 0xf, &(0x7f0000000140)={0x2, r2})
sendmmsg$unix(r0, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)="11", 0x1}], 0x1, 0x0, 0x0, 0x4000}}], 0x1, 0x40015)

0s ago: executing program 2 (id=1524):
r0 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0)
sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000480)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x14}]}, @NFT_MSG_NEWSETELEM={0x48, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x1c, 0x3, 0x0, 0x1, [{0x18, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xb4}, 0x1, 0x0, 0x0, 0x4000854}, 0x40)
r1 = socket$nl_netfilter(0x10, 0x3, 0xc)
sendmsg$NFT_MSG_GETSETELEM(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)={0x48, 0xd, 0xa, 0x801, 0x0, 0x0, {0xa, 0x0, 0x1}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x1c, 0x3, 0x0, 0x1, [{0x18, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, '\r\x00'}]}, @NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x4000805}, 0x8000)

kernel console output (not intermixed with test programs):

this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  223.323648][ T6891] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  223.361520][ T6891] batman_adv: batadv0: Adding interface: batadv_slave_1
[  223.373401][ T6891] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  223.408250][ T6891] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  223.485113][ T6891] device hsr_slave_0 entered promiscuous mode
[  223.494431][ T6891] device hsr_slave_1 entered promiscuous mode
[  223.509098][ T6891] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  223.522272][ T6891] Cannot create hsr debugfs directory
[  223.830901][    C0] vcan0: j1939_tp_rxtimer: 0xffff88805795a400: rx timeout, send abort
[  223.896267][ T6919] loop5: detected capacity change from 0 to 131072
[  223.907431][    C0] vcan0: j1939_xtp_rx_abort_one: 0xffff88805795a400: 0x40000: (3) A timeout occurred and this is the connection abort to close the session.
[  223.934462][ T6919] F2FS-fs (loop5): QUOTA feature is enabled, so ignore qf_name
[  223.945423][ T6919] F2FS-fs (loop5): invalid crc value
[  223.962239][ T6919] F2FS-fs (loop5): Disable nat_bits due to incorrect cp_ver (15359802341028777995, 275811881701387)
[  224.018728][ T6919] F2FS-fs (loop5): recover fsync data on readonly fs
[  224.030957][ T6919] F2FS-fs (loop5): Mounted with checkpoint version = 753bd00b
[  224.039967][ T4281] Bluetooth: hci3: command 0x0409 tx timeout
[  224.103253][ T6891] netdevsim netdevsim7 netdevsim0: renamed from eth0
[  224.118883][ T6891] netdevsim netdevsim7 netdevsim1: renamed from eth1
[  224.132390][ T6891] netdevsim netdevsim7 netdevsim2: renamed from eth2
[  224.143787][ T6891] netdevsim netdevsim7 netdevsim3: renamed from eth3
[  224.247644][ T6891] 8021q: adding VLAN 0 to HW filter on device bond0
[  224.297795][ T6891] 8021q: adding VLAN 0 to HW filter on device team0
[  224.304926][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  224.328677][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  224.351242][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  224.366645][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  224.376558][ T2935] bridge0: port 1(bridge_slave_0) entered blocking state
[  224.383888][ T2935] bridge0: port 1(bridge_slave_0) entered forwarding state
[  224.403633][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  224.414654][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  224.427327][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  224.436088][ T2935] bridge0: port 2(bridge_slave_1) entered blocking state
[  224.443469][ T2935] bridge0: port 2(bridge_slave_1) entered forwarding state
[  224.453752][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  224.474638][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  224.490794][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  224.512701][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  224.539206][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  224.555218][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  224.564616][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  224.582439][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  224.593756][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  224.616558][ T6891] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network
[  224.630846][ T6891] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  224.642834][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  224.652682][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  225.004786][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  225.013251][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  225.034498][ T6891] 8021q: adding VLAN 0 to HW filter on device batadv0
[  225.347531][ T4325] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  225.356551][ T4325] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  225.390525][ T4325] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  225.400236][ T4325] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  225.411878][ T4325] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  225.422066][ T4325] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  225.436071][ T6891] device veth0_vlan entered promiscuous mode
[  225.451753][ T6891] device veth1_vlan entered promiscuous mode
[  225.475567][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  225.484069][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  225.499886][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  225.509607][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  225.523890][ T6891] device veth0_macvtap entered promiscuous mode
[  225.540295][ T6891] device veth1_macvtap entered promiscuous mode
[  225.558415][ T6891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  225.571134][ T6891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  225.581454][ T6891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  225.592276][ T6891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  225.602608][ T6891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  225.613840][ T6891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  225.624290][ T6891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  225.634989][ T6891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  225.646197][ T6891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  225.657012][ T6891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  225.669053][ T6891] batman_adv: batadv0: Interface activated: batadv_slave_0
[  225.677504][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  225.686124][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  225.694621][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  225.703586][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  225.717611][ T6891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  225.728781][ T6891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  225.739910][ T6891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  225.754016][ T6891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  225.764130][ T6891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  225.775211][ T6891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  225.785539][ T6891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  225.796945][ T6891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  225.806813][ T6891] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  225.820046][ T6891] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  225.832132][ T6891] batman_adv: batadv0: Interface activated: batadv_slave_1
[  225.844524][ T4325] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  225.854981][ T4325] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  225.867277][ T6891] netdevsim netdevsim7 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  225.876058][ T6891] netdevsim netdevsim7 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  225.886380][ T6891] netdevsim netdevsim7 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  225.895775][ T6891] netdevsim netdevsim7 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  225.987856][   T11] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  226.001929][   T11] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  226.011788][ T4340] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  226.042385][ T4340] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  226.050870][ T4340] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  226.062715][ T4325] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  226.138301][ T4281] Bluetooth: hci3: command 0x041b tx timeout
[  226.215778][ T6934] loop5: detected capacity change from 0 to 512
[  226.499937][ T6934] loop5: detected capacity change from 0 to 8192
[  227.091686][ T6961] loop5: detected capacity change from 0 to 16
[  227.143848][ T6961] erofs: (device loop5): mounted with root inode @ nid 36.
[  227.205593][ T6961] syz.5.768: attempt to access beyond end of device
[  227.205593][ T6961] loop5: rw=524288, sector=1342177272, nr_sectors = 32 limit=16
[  227.299515][ T6961] syz.5.768: attempt to access beyond end of device
[  227.299515][ T6961] loop5: rw=0, sector=1342177272, nr_sectors = 8 limit=16
[  227.356334][ T6970] loop1: detected capacity change from 0 to 1024
[  227.397387][   T27] audit: type=1800 audit(1772255748.876:9): pid=6961 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.768" name="file1" dev="loop5" ino=86 res=0 errno=0
[  227.423350][ T6970] EXT4-fs: Ignoring removed nomblk_io_submit option
[  227.450376][ T6970] EXT4-fs: Warning: mounting with an experimental mount option 'dioread_nolock' for blocksize < PAGE_SIZE
[  227.563805][ T6970] [EXT4 FS bs=1024, gc=1, bpg=131072, ipg=32, mo=e855c01c, mo2=0003]
[  227.581827][ T6970] System zones: 0-1, 3-36
[  227.616707][ T6970] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  227.943455][ T4270] EXT4-fs (loop1): unmounting filesystem.
[  228.207219][ T4281] Bluetooth: hci3: command 0x040f tx timeout
[  228.432051][ T7002] loop6: detected capacity change from 0 to 512
[  228.452636][ T7002] EXT4-fs: Ignoring removed oldalloc option
[  228.524952][ T7004] overlayfs: upperdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  228.539938][ T7004] overlayfs: workdir is in-use as upperdir/workdir of another mount, accessing files from both mounts will result in undefined behavior.
[  228.560483][ T7002] EXT4-fs (loop6): 1 truncate cleaned up
[  228.564457][ T7004] overlayfs: failed to resolve './file1/file0': -2
[  228.607119][ T7002] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  228.796221][ T4608] EXT4-fs (loop6): unmounting filesystem.
[  229.031387][ T7012] IPVS: rr: UDP 224.0.0.2:0 - no destination available
[  229.356468][ T6996] loop1: detected capacity change from 0 to 40427
[  229.395786][ T6996] F2FS-fs (loop1): Found nat_bits in checkpoint
[  229.543644][ T6996] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  229.669213][    C1] vcan0: j1939_tp_rxtimer: 0xffff88802758d800: rx timeout, send abort
[  229.678302][    C1] vcan0: j1939_xtp_rx_abort_one: 0xffff88802758d800: 0x40000: (3) A timeout occurred and this is the connection abort to close the session.
[  229.869953][ T4270] syz-executor: attempt to access beyond end of device
[  229.869953][ T4270] loop1: rw=2049, sector=45096, nr_sectors = 16 limit=40427
[  230.167161][ T4863] usb 3-1: new full-speed USB device number 9 using dummy_hcd
[  230.298002][ T4284] Bluetooth: hci3: command 0x0419 tx timeout
[  230.391072][ T4863] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  230.412860][ T4863] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  230.459676][ T4863] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  230.493179][ T4863] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  230.539065][ T4284] Bluetooth: hci4: command 0x0406 tx timeout
[  230.851321][ T4863] usb 3-1: usb_control_msg returned -32
[  230.870506][ T4863] usbtmc 3-1:16.0: can't read capabilities
[  231.505321][ T7051] loop7: detected capacity change from 0 to 512
[  231.666445][ T7051] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a802c01c, mo2=0002]
[  231.698217][ T7051] System zones: 0-2, 18-18, 34-35
[  231.732336][ T7051] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback.
[  231.768162][ T7051] ext4 filesystem being mounted at /11/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  231.823398][ T7061] netlink: 84 bytes leftover after parsing attributes in process `syz.1.806'.
[  231.897319][ T4863] usb 7-1: new high-speed USB device number 8 using dummy_hcd
[  231.992222][ T6891] EXT4-fs (loop7): unmounting filesystem.
[  232.097232][ T4863] usb 7-1: Using ep0 maxpacket: 32
[  232.109952][ T4863] usb 7-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  232.130082][ T4863] usb 7-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[  232.150256][ T4863] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  232.165493][ T4863] usb 7-1: config 0 descriptor??
[  232.183038][ T4863] usbhid 7-1:0.0: couldn't find an input interrupt endpoint
[  232.216704][ T7069] loop7: detected capacity change from 0 to 2048
[  232.307986][ T7069] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: none.
[  232.402017][ T4863] usb 7-1: USB disconnect, device number 8
[  232.443926][ T6891] EXT4-fs (loop7): unmounting filesystem.
[  232.970984][ T4337] usb 3-1: USB disconnect, device number 9
[  233.694155][ T7096] loop1: detected capacity change from 0 to 32768
[  233.756721][ T7096] XFS (loop1): Mounting V5 Filesystem
[  233.840643][ T7096] XFS (loop1): Ending clean mount
[  233.870755][ T7096] XFS (loop1): Quotacheck needed: Please wait.
[  233.897102][ T4281] Bluetooth: hci5: command 0x1003 tx timeout
[  233.897639][ T4284] Bluetooth: hci5: Opcode 0x1003 failed: -110
[  234.093304][ T7096] XFS (loop1): Quotacheck: Done.
[  234.220281][ T4270] XFS (loop1): Unmounting Filesystem
[  234.560819][ T7116] loop6: detected capacity change from 0 to 256
[  234.660989][   T27] audit: type=1800 audit(1772255756.136:10): pid=7116 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.6.824" name="file1" dev="loop6" ino=1048641 res=0 errno=0
[  234.696184][ T7116] FAT-fs (loop6): error, corrupted file size (i_pos 196, 2097152)
[  234.726511][ T7116] FAT-fs (loop6): Filesystem has been set read-only
[  234.757377][ T7110] loop7: detected capacity change from 0 to 32768
[  234.861680][ T7119] netlink: 12 bytes leftover after parsing attributes in process `syz.5.825'.
[  235.861841][ T7150] Bluetooth: hci0: service_discovery: expected 4 bytes, got 7 bytes
[  236.620811][ T7173] loop5: detected capacity change from 0 to 4096
[  236.703441][ T7179] loop6: detected capacity change from 0 to 64
[  236.850868][ T7182] NILFS (loop5): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  236.913255][ T7177] loop7: detected capacity change from 0 to 4096
[  237.422865][ T7196] loop1: detected capacity change from 0 to 1024
[  237.444538][ T6891] ntfs3: loop7: ntfs_evict_inode r=5 failed, -22.
[  237.469369][ T6891] ntfs3: loop7: Mark volume as dirty due to NTFS errors
[  237.559545][ T7196] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  237.918424][ T4270] EXT4-fs (loop1): unmounting filesystem.
[  238.123619][ T7216] netlink: 48 bytes leftover after parsing attributes in process `syz.1.862'.
[  238.136276][ T7217] loop7: detected capacity change from 0 to 1024
[  238.219384][ T7217] EXT4-fs (loop7): ext4_check_descriptors: Inode bitmap for group 0 overlaps superblock
[  238.248705][ T7217] EXT4-fs (loop7): ext4_check_descriptors: Checksum for group 0 failed (42152!=20869)
[  238.317057][ T7217] EXT4-fs error (device loop7): ext4_get_journal_inode:5756: inode #5: comm syz.7.863: unexpected bad inode w/o EXT4_IGET_BAD
[  238.357325][ T7217] EXT4-fs (loop7): no journal found
[  238.371167][ T7217] EXT4-fs (loop7): can't get journal size
[  238.408656][ T7217] EXT4-fs (loop7): mounted filesystem without journal. Quota mode: writeback.
[  238.428101][ T7223] input: syz0 as /devices/virtual/input/input12
[  238.469939][ T7217] EXT4-fs (loop7): shut down requested (1)
[  238.601538][ T4368] udevd[4368]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory
[  238.707326][ T6891] EXT4-fs (loop7): unmounting filesystem.
[  238.956673][ T7239] loop7: detected capacity change from 0 to 1024
[  239.124457][ T7239] hfsplus: walked past end of dir
[  239.179084][ T7244] hfsplus: walked past end of dir
[  239.235801][ T7245] syz.5.873 sent an empty control message without MSG_MORE.
[  239.925662][ T7258] loop6: detected capacity change from 0 to 512
[  239.960025][ T7258] EXT4-fs: Warning: mounting with data=journal disables delayed allocation, dioread_nolock, O_DIRECT and fast_commit support!
[  239.991729][ T7258] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  240.117859][ T7258] EXT4-fs (loop6): 1 orphan inode deleted
[  240.123814][ T7258] EXT4-fs (loop6): 1 truncate cleaned up
[  240.170039][ T7258] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  240.319236][ T7258] EXT4-fs error (device loop6): ext4_check_all_de:666: inode #12: block 7: comm syz.6.879: bad entry in directory: directory entry overrun - offset=0, inode=13, rec_len=784, size=56 fake=0
[  240.338757][    C0] vkms_vblank_simulate: vblank timer overrun
[  240.381469][ T7258] EXT4-fs (loop6): Remounting filesystem read-only
[  240.495703][ T7249] IPVS: You probably need to specify IP address on multicast interface.
[  240.512719][ T7249] IPVS: Error connecting to the multicast addr
[  240.542187][ T4608] EXT4-fs (loop6): unmounting filesystem.
[  240.687611][    T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!!
[  241.037914][ T7286] loop5: detected capacity change from 0 to 1024
[  241.200286][ T7290] loop1: detected capacity change from 0 to 512
[  241.582972][ T7299] loop7: detected capacity change from 0 to 2048
[  241.666423][ T7299] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  242.022127][ T7313] netlink: 68 bytes leftover after parsing attributes in process `syz.5.902'.
[  242.330788][ T7325] netlink: 16 bytes leftover after parsing attributes in process `syz.7.907'.
[  242.347186][   T22] usb 2-1: new high-speed USB device number 6 using dummy_hcd
[  242.546640][ T7333] loop7: detected capacity change from 0 to 16
[  242.547465][   T22] usb 2-1: Using ep0 maxpacket: 16
[  242.569416][   T22] usb 2-1: config 0 has an invalid interface number: 105 but max is 0
[  242.586089][   T22] usb 2-1: config 0 has an invalid descriptor of length 128, skipping remainder of the config
[  242.601756][ T7333] erofs: (device loop7): mounted with root inode @ nid 36.
[  242.610905][   T22] usb 2-1: config 0 has no interface number 0
[  242.634279][   T22] usb 2-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28
[  242.659428][   T22] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  242.672312][ T7333] syz.7.911: attempt to access beyond end of device
[  242.672312][ T7333] loop7: rw=524288, sector=1342177272, nr_sectors = 32 limit=16
[  242.699572][   T22] usb 2-1: Product: syz
[  242.703826][   T22] usb 2-1: Manufacturer: syz
[  242.718172][   T22] usb 2-1: SerialNumber: syz
[  242.737413][ T7333] syz.7.911: attempt to access beyond end of device
[  242.737413][ T7333] loop7: rw=0, sector=1342177272, nr_sectors = 8 limit=16
[  242.763624][   T22] usb 2-1: config 0 descriptor??
[  242.793171][   T22] usb 2-1: Found UVC 0.00 device syz (046d:08f3)
[  242.820631][   T22] usb 2-1: No valid video chain found.
[  242.827331][   T27] audit: type=1800 audit(1772255764.276:11): pid=7333 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.7.911" name="file1" dev="loop7" ino=86 res=0 errno=0
[  243.032176][   T22] usb 2-1: USB disconnect, device number 6
[  243.157093][ T5730] usb 6-1: new high-speed USB device number 9 using dummy_hcd
[  243.196628][ T7344] 8021q: adding VLAN 0 to HW filter on device bond0
[  243.309553][ T7344] bond0: (slave rose0): Enslaving as an active interface with an up link
[  243.367129][ T5730] usb 6-1: Using ep0 maxpacket: 8
[  243.373563][ T4325] IPv6: ADDRCONF(NETDEV_CHANGE): bond0: link becomes ready
[  243.384132][ T5730] usb 6-1: config 179 has an invalid interface number: 65 but max is 0
[  243.393626][ T5730] usb 6-1: config 179 has no interface number 0
[  243.400444][ T5730] usb 6-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9
[  243.413329][ T5730] usb 6-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024
[  243.434256][ T5730] usb 6-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9
[  243.456104][ T5730] usb 6-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024
[  243.474079][ T5730] usb 6-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23
[  243.496937][ T5730] usb 6-1: config 179 interface 65 has no altsetting 0
[  243.514479][ T5730] usb 6-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00
[  243.574762][ T5730] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  243.674201][ T5730] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:179.65/input/input13
[  243.919890][ T4855] usb 6-1: USB disconnect, device number 9
[  243.925861][    C1] xpad 6-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19
[  243.941839][ T7359] loop1: detected capacity change from 0 to 4096
[  243.945608][ T4855] xpad 6-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19
[  244.087591][ T7364] NILFS (loop1): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  244.592242][ T7374] netlink: 4 bytes leftover after parsing attributes in process `syz.6.924'.
[  244.604143][ T7376] loop1: detected capacity change from 0 to 512
[  244.622017][ T7374] device bridge_slave_1 left promiscuous mode
[  244.687095][ T4284] Bluetooth: hci3: Controller not accepting commands anymore: ncmd = 0
[  244.693979][ T7374] bridge0: port 2(bridge_slave_1) entered disabled state
[  244.697667][ T4284] Bluetooth: hci3: Injecting HCI hardware error event
[  244.722116][ T4281] Bluetooth: hci3: hardware error 0x00
[  244.870368][ T7374] device bridge_slave_0 left promiscuous mode
[  244.906353][ T7374] bridge0: port 1(bridge_slave_0) entered disabled state
[  245.225191][ T7389] loop5: detected capacity change from 0 to 512
[  245.271740][ T7376] EXT4-fs (loop1): Test dummy encryption mode enabled
[  245.287043][ T7376] EXT4-fs (loop1): encrypted files will use data=ordered instead of data journaling mode
[  245.317519][ T7376] EXT4-fs error (device loop1): ext4_orphan_get:1425: comm syz.1.925: bad orphan inode 131083
[  245.331649][ T7376] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  245.401484][ T7389] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  245.418612][ T7389] ext4 filesystem being mounted at /173/bus supports timestamps until 2038-01-19 (0x7fffffff)
[  245.475663][ T7389] EXT4-fs error (device loop5): ext4_do_update_inode:5272: inode #2: comm syz.5.929: corrupted inode contents
[  245.527924][ T7400] vxcan1: tx drop: invalid sa for name 0x0000000000000004
[  245.584801][ T7389] EXT4-fs error (device loop5): ext4_dirty_inode:6137: inode #2: comm syz.5.929: mark_inode_dirty error
[  245.633450][ T7389] EXT4-fs error (device loop5): ext4_do_update_inode:5272: inode #2: comm syz.5.929: corrupted inode contents
[  245.656730][ T7376] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni"
[  245.678186][ T7389] EXT4-fs error (device loop5): __ext4_ext_dirty:202: inode #2: comm syz.5.929: mark_inode_dirty error
[  245.852730][ T4270] EXT4-fs (loop1): unmounting filesystem.
[  245.924695][ T4376] EXT4-fs (loop5): unmounting filesystem.
[  246.259044][ T7420] netlink: 'syz.1.935': attribute type 13 has an invalid length.
[  246.278446][ T7420] netlink: 24859 bytes leftover after parsing attributes in process `syz.1.935'.
[  246.546231][ T7428] loop1: detected capacity change from 0 to 64
[  246.767282][ T4281] Bluetooth: hci3: Opcode 0x0c03 failed: -110
[  247.336075][ T7444] loop5: detected capacity change from 0 to 2048
[  247.477957][ T7444] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: none.
[  247.599959][ T7444] EXT4-fs error (device loop5): ext4_mb_generate_buddy:1113: group 0, block bitmap and bg descriptor inconsistent: 0 vs 150994969 free clusters
[  247.777963][ T7438] loop6: detected capacity change from 0 to 32768
[  247.844872][ T7438] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 8 /dev/loop6 scanned by syz.6.941 (7438)
[  247.911852][ T7438] BTRFS info (device loop6): first mount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  247.941754][ T4376] EXT4-fs (loop5): unmounting filesystem.
[  247.965222][ T7438] BTRFS info (device loop6): using blake2b (blake2b-256-generic) checksum algorithm
[  248.047233][ T7438] BTRFS info (device loop6): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  248.108179][ T7438] BTRFS info (device loop6): use zstd compression, level 3
[  248.152488][ T7438] BTRFS info (device loop6): using free space tree
[  248.159741][ T4855] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  248.353642][ T7438] BTRFS info (device loop6): enabling ssd optimizations
[  248.360881][ T4855] usb 2-1: Using ep0 maxpacket: 16
[  248.373681][ T4855] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  248.453272][ T4855] usb 2-1: New USB device found, idVendor=05ac, idProduct=0249, bcdDevice= 0.00
[  248.483092][ T4855] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  248.539167][ T4855] usb 2-1: config 0 descriptor??
[  248.589466][ T4855] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  249.296390][ T4608] BTRFS info (device loop6): last unmount of filesystem 14d642db-7b15-43e4-81e6-4b8fac6a25f8
[  249.609039][ T4633] BTRFS: device fsid 14d642db-7b15-43e4-81e6-4b8fac6a25f8 devid 1 transid 11 /dev/loop6 scanned by udevd (4633)
[  250.701115][ T4281] block nbd2: Receive control failed (result -32)
[  250.722252][ T7521] block nbd2: shutting down sockets
[  250.922495][ T4854] usb 2-1: USB disconnect, device number 7
[  251.068549][ T7520] loop5: detected capacity change from 0 to 40427
[  251.092787][ T7520] F2FS-fs (loop5): build fault injection attr: rate: 14, type: 0x3ffff
[  251.113499][ T7520] F2FS-fs (loop5): build fault injection attr: rate: 0, type: 0xe4
[  251.177712][ T7520] F2FS-fs (loop5): invalid crc value
[  251.225698][ T7520] F2FS-fs (loop5): Found nat_bits in checkpoint
[  251.290264][ T4337] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  251.367018][ T7520] F2FS-fs (loop5) : inject page alloc in f2fs_grab_cache_page of f2fs_ra_meta_pages+0x432/0xa20
[  251.454297][ T7541] loop7: detected capacity change from 0 to 512
[  251.477200][ T7520] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e5
[  251.507776][ T4337] usb 3-1: too many configurations: 9, using maximum allowed: 8
[  251.520650][ T7520] F2FS-fs (loop5) : inject alloc nid in f2fs_alloc_nid of f2fs_get_dnode_of_data+0x6eb/0x1b10
[  251.537851][ T4337] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  251.574600][ T4337] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  251.626925][ T4337] usb 3-1: config 0 interface 0 has no altsetting 0
[  251.661043][ T4337] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  251.700713][ T4337] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  251.732473][ T4337] usb 3-1: config 0 interface 0 has no altsetting 0
[  251.783137][ T4337] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  251.833245][ T4337] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  251.881627][ T7543] F2FS-fs (loop5) : inject no more block in inc_valid_node_count of f2fs_new_node_page+0x178/0x910
[  251.913781][ T4337] usb 3-1: config 0 interface 0 has no altsetting 0
[  251.974821][ T4337] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  252.014205][ T4337] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  252.047969][ T4337] usb 3-1: config 0 interface 0 has no altsetting 0
[  252.076159][ T4337] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  252.106679][ T4337] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  252.185264][ T4337] usb 3-1: config 0 interface 0 has no altsetting 0
[  252.247818][ T4337] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  252.287190][ T4337] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  252.337682][ T4337] usb 3-1: config 0 interface 0 has no altsetting 0
[  252.413727][ T4337] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  252.426116][ T7556] loop6: detected capacity change from 0 to 22
[  252.437184][ T4337] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  252.468241][ T7556] MTD: Attempt to mount non-MTD device "/dev/loop6"
[  252.481384][ T4337] usb 3-1: config 0 interface 0 has no altsetting 0
[  252.531395][ T4337] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9
[  252.548356][ T7556] romfs: Mounting image 'rom 637cf1fa' through the block layer
[  252.574211][ T7538] loop1: detected capacity change from 0 to 32768
[  252.591239][ T4337] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7
[  252.634574][ T4337] usb 3-1: config 0 interface 0 has no altsetting 0
[  252.686030][ T4337] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e
[  252.809275][ T4337] usb 3-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168
[  252.875142][ T4337] usb 3-1: Product: syz
[  252.899477][ T4337] usb 3-1: Manufacturer: syz
[  252.916721][ T4337] usb 3-1: SerialNumber: syz
[  252.942927][ T7563] loop7: detected capacity change from 0 to 4096
[  252.967786][ T4337] usb 3-1: config 0 descriptor??
[  252.994994][ T7538] XFS (loop1): Mounting V5 Filesystem
[  253.014780][ T4337] yurex 3-1:0.0: USB YUREX device now attached to Yurex #0
[  253.183168][ T7538] XFS (loop1): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  253.252858][ T4337] usb 3-1: USB disconnect, device number 10
[  253.280066][ T4337] yurex 3-1:0.0: USB YUREX #0 now disconnected
[  253.319179][ T7538] XFS (loop1): Starting recovery (logdev: internal)
[  253.329066][ T7571] I/O error, dev loop13, sector 64 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  253.364253][ T7571] isofs_fill_super: bread failed, dev=loop13, iso_blknum=16, block=32
[  253.438023][ T7538] XFS (loop1): Ending recovery (logdev: internal)
[  253.622605][ T6891] ntfs3: loop7: ntfs_evict_inode r=5 failed, -22.
[  253.637024][ T6891] ntfs3: loop7: Mark volume as dirty due to NTFS errors
[  253.652580][ T7578] XFS (loop1): Metadata corruption detected at xfs_inobt_verify+0xc1/0x220, xfs_finobt block 0x8 
[  253.749358][ T7578] XFS (loop1): Unmount and run xfs_repair
[  253.787714][ T7578] XFS (loop1): First 128 bytes of corrupted metadata buffer:
[  253.795199][ T7578] 00000000: 41 42 33 42 00 00 00 02 ff ff ff ff ff ff ff ff  AB3B............
[  253.878252][ T7578] 00000010: 00 00 00 00 00 00 00 08 00 00 00 01 00 00 00 10  ................
[  253.907211][ T7578] 00000020: c4 96 e0 5e 54 0d 4c 72 b5 91 04 d7 9d 8b 4e eb  ...^T.Lr......N.
[  253.954436][ T7578] 00000030: 00 00 00 00 c8 fc 31 e4 00 00 04 4e 00 00 00 02  ......1....N....
[  254.005806][ T7578] 00000040: 00 00 04 60 00 00 0b a0 00 00 00 00 00 00 00 00  ...`............
[  254.024346][ T7578] 00000050: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  254.044166][ T7590] netlink: 28 bytes leftover after parsing attributes in process `syz.6.979'.
[  254.065134][ T7578] 00000060: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  254.080991][ T7578] 00000070: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00  ................
[  254.093415][ T7578] XFS (loop1): metadata I/O error in "xfs_btree_read_buf_block+0x1db/0x2d0" at daddr 0x8 len 8 error 117
[  254.295997][ T4270] XFS (loop1): Unmounting Filesystem
[  254.507467][ T4855] usb 6-1: new high-speed USB device number 10 using dummy_hcd
[  254.717253][ T4855] usb 6-1: Using ep0 maxpacket: 32
[  254.728808][ T4855] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  254.751300][ T4855] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1
[  254.775433][ T4855] usb 6-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f
[  254.793406][ T4855] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  254.803448][ T4855] usb 6-1: Product: syz
[  254.808090][ T4855] usb 6-1: Manufacturer: syz
[  254.812853][ T4855] usb 6-1: SerialNumber: syz
[  254.823979][ T4855] usb 6-1: config 0 descriptor??
[  255.227086][ T4337] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  255.252829][ T7610] loop6: detected capacity change from 0 to 1764
[  255.308143][ T7610] iso9660: Corrupted directory entry in block 2 of inode 1920
[  255.397165][ T5730] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  255.417215][ T4337] usb 2-1: Using ep0 maxpacket: 8
[  255.425162][ T4337] usb 2-1: config index 0 descriptor too short (expected 301, got 45)
[  255.433856][ T4337] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  255.444442][ T4337] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  255.454641][ T4337] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  255.466181][ T4337] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  255.479989][ T4337] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23
[  255.489911][ T4337] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  255.584296][ T5730] usb 3-1: Using ep0 maxpacket: 16
[  255.603529][ T5730] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping
[  255.612781][ T5730] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  255.616347][ T7616] loop6: detected capacity change from 0 to 512
[  255.625916][ T5730] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3
[  255.664788][ T7616] EXT4-fs (loop6): encrypted files will use data=ordered instead of data journaling mode
[  255.690964][ T7616] EXT4-fs error (device loop6): ext4_orphan_get:1425: comm syz.6.991: bad orphan inode 131083
[  255.703336][ T7616] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: none.
[  255.714331][ T5730] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  255.730860][ T4337] usb 2-1: usb_control_msg returned -32
[  255.736592][ T4337] usbtmc 2-1:16.0: can't read capabilities
[  255.771343][ T5730] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  255.801445][ T5730] usb 3-1: Product: syz
[  255.805734][ T5730] usb 3-1: Manufacturer: syz
[  255.811368][ T5730] usb 3-1: SerialNumber: syz
[  255.823317][ T4608] EXT4-fs (loop6): unmounting filesystem.
[  256.076460][ T7623] loop6: detected capacity change from 0 to 4096
[  256.120347][ T7623] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  256.140962][ T7624] usbtmc 2-1:16.0: INITIATE_ABORT_BULK_OUT returned 0
[  256.259953][ T5730] usb 3-1: 0:2 : does not exist
[  256.365270][ T4855] usb 2-1: USB disconnect, device number 8
[  256.418917][ T4608] EXT4-fs (loop6): unmounting filesystem.
[  256.961553][ T5730] usb 3-1: USB disconnect, device number 11
[  257.256270][ T4863] usb 6-1: USB disconnect, device number 10
[  257.301247][ T4633] udevd[4633]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  257.515580][ T7651] loop5: detected capacity change from 0 to 128
[  257.969749][ T7646] loop7: detected capacity change from 0 to 40427
[  258.044379][ T7646] F2FS-fs (loop7): Found nat_bits in checkpoint
[  258.248021][ T7661] loop5: detected capacity change from 0 to 8192
[  258.268409][ T7646] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  258.318693][ T7661] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  258.420658][   T27] audit: type=1800 audit(2000000004.720:12): pid=7661 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1006" name="file2" dev="loop5" ino=1048647 res=0 errno=0
[  258.463199][ T7661] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[  258.497011][ T7661] FAT-fs (loop5): Filesystem has been set read-only
[  258.503895][ T7661] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[  258.517973][ T6891] syz-executor: attempt to access beyond end of device
[  258.517973][ T6891] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  258.545177][ T7661] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[  258.580219][ T7661] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[  258.602723][ T7661] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[  258.656078][ T7661] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[  258.689667][ T7661] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[  258.699156][ T7661] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[  258.727282][ T7661] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[  258.736236][ T7661] FAT-fs (loop5): error, fat_get_cluster: invalid cluster chain (i_pos 1046)
[  260.436748][ T7687] IPVS: You probably need to specify IP address on multicast interface.
[  260.463901][ T7687] IPVS: Error connecting to the multicast addr
[  260.543829][ T7713] loop6: detected capacity change from 0 to 512
[  260.607522][ T7713] EXT4-fs error (device loop6): ext4_validate_block_bitmap:438: comm syz.6.1022: bg 0: block 393: padding at end of block bitmap is not set
[  260.677150][ T4855] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  260.733809][ T7713] EXT4-fs error (device loop6) in ext4_mb_clear_bb:6181: Corrupt filesystem
[  260.825577][ T7713] EXT4-fs (loop6): 2 truncates cleaned up
[  260.878014][ T7713] EXT4-fs (loop6): mounted filesystem without journal. Quota mode: writeback.
[  260.897150][ T4855] usb 3-1: Using ep0 maxpacket: 32
[  260.904335][ T4855] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  260.957126][ T4855] usb 3-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[  260.993837][ T4855] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  261.045080][ T4855] usb 3-1: config 0 descriptor??
[  261.067389][ T4855] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  261.191519][ T7729] capability: warning: `syz.5.1028' uses deprecated v2 capabilities in a way that may be insecure
[  261.477650][ T4863] usb 3-1: USB disconnect, device number 12
[  261.638202][ T7436] EXT4-fs (loop6): unmounting filesystem.
[  262.597955][ T7762] loop1: detected capacity change from 0 to 1024
[  262.853562][ T7765] hfsplus: invalid catalog entry type
[  262.933747][ T7762] hfsplus: invalid catalog entry type
[  263.095569][   T11] hfsplus: bad catalog folder entry
[  263.111888][ T4284] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1
[  263.127675][ T4284] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9
[  263.137606][   T11] hfsplus: bad catalog file entry
[  263.144423][ T4284] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9
[  263.154293][ T4284] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4
[  263.164737][ T4284] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3
[  263.173019][ T4284] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2
[  263.555846][ T7772] chnl_net:caif_netlink_parms(): no params data found
[  263.762619][ T7772] bridge0: port 1(bridge_slave_0) entered blocking state
[  263.790897][ T7772] bridge0: port 1(bridge_slave_0) entered disabled state
[  263.822480][ T7772] device bridge_slave_0 entered promiscuous mode
[  263.846244][ T7772] bridge0: port 2(bridge_slave_1) entered blocking state
[  263.874718][ T7772] bridge0: port 2(bridge_slave_1) entered disabled state
[  263.890512][ T7772] device bridge_slave_1 entered promiscuous mode
[  263.906668][ T7782] loop1: detected capacity change from 0 to 32768
[  263.992757][ T7772] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  264.033878][ T7772] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  264.201224][ T7772] team0: Port device team_slave_0 added
[  264.250010][ T7772] team0: Port device team_slave_1 added
[  264.301798][ T1278] ieee802154 phy0 wpan0: encryption failed: -22
[  264.308219][ T1278] ieee802154 phy1 wpan1: encryption failed: -22
[  264.358780][ T7772] batman_adv: batadv0: Adding interface: batadv_slave_0
[  264.381856][ T7772] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  264.450524][ T7772] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  264.509212][ T7772] batman_adv: batadv0: Adding interface: batadv_slave_1
[  264.516244][ T7772] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  264.559667][ T7772] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  264.577124][ T4855] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  264.750808][ T7772] device hsr_slave_0 entered promiscuous mode
[  264.769262][ T7772] device hsr_slave_1 entered promiscuous mode
[  264.779281][ T7772] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  264.795130][ T7772] Cannot create hsr debugfs directory
[  264.807279][ T4855] usb 2-1: Using ep0 maxpacket: 32
[  264.814415][ T4855] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  264.835259][ T4855] usb 2-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[  264.855031][ T4855] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  264.892310][ T4855] usb 2-1: config 0 descriptor??
[  264.940740][ T4855] usbhid 2-1:0.0: couldn't find an input interrupt endpoint
[  265.204291][ T7772] netdevsim netdevsim8 netdevsim0: renamed from eth0
[  265.244155][ T7772] netdevsim netdevsim8 netdevsim1: renamed from eth1
[  265.251381][ T4281] Bluetooth: hci0: command 0x0409 tx timeout
[  265.268455][ T4854] usb 2-1: USB disconnect, device number 9
[  265.292083][ T7772] netdevsim netdevsim8 netdevsim2: renamed from eth2
[  265.337742][ T7772] netdevsim netdevsim8 netdevsim3: renamed from eth3
[  265.594685][ T7772] 8021q: adding VLAN 0 to HW filter on device bond0
[  265.642792][ T5615] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  265.681691][ T5615] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  265.722142][ T7772] 8021q: adding VLAN 0 to HW filter on device team0
[  265.740687][ T5615] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  265.750942][ T5615] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  265.770139][ T5615] bridge0: port 1(bridge_slave_0) entered blocking state
[  265.777400][ T5615] bridge0: port 1(bridge_slave_0) entered forwarding state
[  265.988505][ T5615] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  266.027355][ T5615] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  266.078712][ T5615] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  266.097678][ T5615] bridge0: port 2(bridge_slave_1) entered blocking state
[  266.105017][ T5615] bridge0: port 2(bridge_slave_1) entered forwarding state
[  266.158250][ T5615] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  266.190034][ T5615] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  266.230300][ T5615] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  266.284087][ T5615] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  266.329652][ T5615] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  266.354282][ T5615] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  266.388505][ T5615] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  266.410479][ T5615] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  266.446493][ T5615] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  266.477479][ T5615] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  266.494429][ T5615] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  266.538839][ T7772] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  266.607715][    T0] NOHZ tick-stop error: local softirq work is pending, handler #208!!!
[  266.751769][ T7840] loop1: detected capacity change from 0 to 512
[  266.888301][ T7840] [EXT4 FS bs=2048, gc=1, bpg=16384, ipg=32, mo=a802c01c, mo2=0002]
[  266.920834][ T7840] System zones: 0-2, 18-18, 34-35
[  266.946040][ T7840] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  266.975897][ T7840] ext4 filesystem being mounted at /212/file0 supports timestamps until 2038-01-19 (0x7fffffff)
[  267.118427][ T7827] loop5: detected capacity change from 0 to 32768
[  267.316686][ T4270] EXT4-fs (loop1): unmounting filesystem.
[  267.328007][ T4281] Bluetooth: hci0: command 0x041b tx timeout
[  267.509647][  T106] ERROR: (device loop5): diFree: numfree > numinos
[  267.509647][  T106] 
[  267.566309][ T7858] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1074'.
[  267.689739][ T4543] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  267.705143][ T4543] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  267.747372][ T7772] 8021q: adding VLAN 0 to HW filter on device batadv0
[  267.910100][ T7864] loop1: detected capacity change from 0 to 512
[  268.014399][ T7864] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[  268.045604][ T7864] EXT4-fs (loop1): orphan cleanup on readonly fs
[  268.057300][ T7864] EXT4-fs error (device loop1): ext4_orphan_get:1425: comm syz.1.1078: bad orphan inode 15
[  268.206388][ T7864] ext4_test_bit(bit=14, block=18) = 1
[  268.241581][ T7864] is_bad_inode(inode)=0
[  268.245828][ T7864] NEXT_ORPHAN(inode)=1023
[  268.274486][ T7864] max_ino=32
[  268.284616][ T7864] i_nlink=0
[  268.325203][ T7864] EXT4-fs error (device loop1): ext4_xattr_delete_inode:2916: inode #15: comm syz.1.1078: corrupted xattr block 19
[  268.387090][ T7864] EXT4-fs warning (device loop1): ext4_evict_inode:299: xattr delete (err -117)
[  268.414803][ T7864] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  268.501353][ T7852] loop7: detected capacity change from 0 to 40427
[  268.524064][ T7864] EXT4-fs error (device loop1): ext4_lookup:1862: inode #2: comm syz.1.1078: deleted inode referenced: 15
[  268.562170][ T7852] F2FS-fs (loop7): build fault injection attr: rate: 690, type: 0x3ffff
[  268.606432][ T7852] F2FS-fs (loop7): build fault injection attr: rate: 0, type: 0x2
[  268.631018][ T7852] F2FS-fs (loop7): invalid crc value
[  268.660185][ T7852] F2FS-fs (loop7): Found nat_bits in checkpoint
[  268.703860][ T4270] EXT4-fs (loop1): unmounting filesystem.
[  268.946569][ T7852] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e5
[  268.986979][ T4855] usb 6-1: new high-speed USB device number 11 using dummy_hcd
[  269.077835][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  269.102341][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  269.194159][ T6891] syz-executor: attempt to access beyond end of device
[  269.194159][ T6891] loop7: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  269.217153][ T4855] usb 6-1: Using ep0 maxpacket: 32
[  269.220415][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  269.237730][ T4855] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  269.241839][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  269.276948][ T4855] usb 6-1: New USB device found, idVendor=1b1c, idProduct=0c10, bcdDevice= 0.00
[  269.299294][ T7772] device veth0_vlan entered promiscuous mode
[  269.307336][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  269.314367][ T4855] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  269.338165][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  269.350278][ T4855] usb 6-1: config 0 descriptor??
[  269.376439][ T7772] device veth1_vlan entered promiscuous mode
[  269.388944][ T4855] usbhid 6-1:0.0: couldn't find an input interrupt endpoint
[  269.412258][ T4281] Bluetooth: hci0: command 0x040f tx timeout
[  269.531944][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  269.550367][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  269.618113][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  269.655742][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  269.681608][ T7772] device veth0_macvtap entered promiscuous mode
[  269.691250][ T4854] usb 6-1: USB disconnect, device number 11
[  269.731733][ T7772] device veth1_macvtap entered promiscuous mode
[  269.792882][ T7772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  269.840330][ T7772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  269.870131][ T7772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  269.904035][ T7772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  269.924314][ T7772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  269.940446][ T7772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  269.952173][ T7772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  269.963074][ T7772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  269.973501][ T7772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  270.007181][ T7772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  270.026253][ T7772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  270.084385][ T7772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  270.099577][ T7772] batman_adv: batadv0: Interface activated: batadv_slave_0
[  270.120741][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  270.148113][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  270.181913][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  270.195164][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  270.227271][ T7772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  270.256971][ T7772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  270.357146][ T7772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  270.376939][ T7772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  270.391575][ T7772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  270.419020][ T7772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  270.447149][ T7772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  270.467177][ T7772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  270.485544][ T7772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  270.499387][ T7772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  270.510584][ T7772] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  270.524208][ T7772] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  270.542083][ T7772] batman_adv: batadv0: Interface activated: batadv_slave_1
[  270.561365][ T4543] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  270.604249][ T4543] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  270.632137][ T7772] netdevsim netdevsim8 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  270.661748][ T7772] netdevsim netdevsim8 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  270.684543][ T7772] netdevsim netdevsim8 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  270.704308][ T7772] netdevsim netdevsim8 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  271.089612][ T4543] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  271.116097][ T4543] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  271.167366][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  271.202855][ T7922] loop5: detected capacity change from 0 to 16
[  271.290459][ T7922] erofs: (device loop5): mounted with root inode @ nid 36.
[  271.364157][ T2935] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  271.379433][ T2935] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  271.413470][ T4543] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  271.439967][ T7922] erofs: (device loop5): z_erofs_do_map_blocks: invalid logical cluster 0 at nid 36
[  271.459472][ T7924] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input14
[  271.487568][ T4281] Bluetooth: hci0: command 0x0419 tx timeout
[  271.506343][ T7922] syz.5.1097: attempt to access beyond end of device
[  271.506343][ T7922] loop5: rw=0, sector=296, nr_sectors = 8 limit=16
[  271.546329][ T7904] loop7: detected capacity change from 0 to 32768
[  271.586105][ T7922] erofs: (device loop5): z_erofs_read_folio: failed to read, err [-117]
[  271.596016][ T7922] erofs: (device loop5): erofs_readdir: fail to readdir of logical block 0 of nid 36
[  271.633102][ T7927] erofs: (device loop5): z_erofs_extent_lookback: bogus lookback distance @ nid 36
[  271.660793][ T7927] erofs: (device loop5): z_erofs_read_folio: failed to read, err [-117]
[  271.761591][ T7904] XFS (loop7): Mounting V5 Filesystem
[  272.083998][ T7904] XFS (loop7): Torn write (CRC failure) detected at log block 0x30. Truncating head block from 0x51.
[  272.281933][ T7904] XFS (loop7): Starting recovery (logdev: internal)
[  272.323241][ T7904] XFS (loop7): Ending recovery (logdev: internal)
[  272.545264][ T7904] XFS (loop7): Metadata corruption detected at xfs_btree_lookup_get_block+0x447/0x650, xfs_bnobt block 0x8
[  272.576453][ T7904] XFS (loop7): Unmount and run xfs_repair
[  272.626408][ T7957] XFS (loop7): Internal error ltbno + ltlen > bno at line 1955 of file fs/xfs/libxfs/xfs_alloc.c.  Caller xfs_free_ag_extent+0xe67/0x1340
[  272.674560][ T7957] CPU: 1 PID: 7957 Comm: syz.7.1087 Not tainted syzkaller #0
[  272.682045][ T7957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  272.692166][ T7957] Call Trace:
[  272.695590][ T7957]  <TASK>
[  272.698586][ T7957]  dump_stack_lvl+0x188/0x24e
[  272.703335][ T7957]  ? __xfs_printk+0x90/0x90
[  272.707901][ T7957]  ? show_regs_print_info+0x12/0x12
[  272.713190][ T7957]  ? xfs_alloc_get_rec+0x286/0x570
[  272.718382][ T7957]  xfs_corruption_error+0x11e/0x170
[  272.723657][ T7957]  ? xfs_free_ag_extent+0xe67/0x1340
[  272.729024][ T7957]  xfs_free_ag_extent+0xea1/0x1340
[  272.734219][ T7957]  ? xfs_free_ag_extent+0xe67/0x1340
[  272.739700][ T7957]  ? xfs_free_agfl_block+0x340/0x340
[  272.745069][ T7957]  ? xfs_defer_finish_noroll+0xd46/0x1e60
[  272.750864][ T7957]  ? xfs_itruncate_extents_flags+0x2d5/0x9f0
[  272.756910][ T7957]  ? xfs_setattr_size+0x68c/0xbc0
[  272.762008][ T7957]  ? xfs_vn_setattr+0x260/0x310
[  272.766936][ T7957]  ? do_truncate+0x1ac/0x240
[  272.771600][ T7957]  ? path_openat+0x2861/0x2ee0
[  272.776492][ T7957]  ? do_filp_open+0x1f1/0x430
[  272.781256][ T7957]  __xfs_free_extent+0x243/0x3b0
[  272.786306][ T7957]  xfs_trans_free_extent+0x3e3/0x8b0
[  272.791696][ T7957]  ? xfs_efi_item_free+0xb0/0xb0
[  272.796721][ T7957]  ? slab_pre_alloc_hook+0x59/0x310
[  272.801999][ T7957]  ? xfs_trans_add_item+0x16f/0x330
[  272.807290][ T7957]  xfs_extent_free_finish_item+0x2e/0x90
[  272.812999][ T7957]  ? xfs_extent_free_create_done+0x150/0x150
[  272.819059][ T7957]  xfs_defer_finish_noroll+0xf4d/0x1e60
[  272.824703][ T7957]  ? xfs_defer_finish+0x18/0x180
[  272.829739][ T7957]  ? xfs_da3_node_add+0xb00/0xb00
[  272.834833][ T7957]  ? xlog_space_left+0xd4/0x2d0
[  272.839835][ T7957]  xfs_defer_finish+0x18/0x180
[  272.844738][ T7957]  xfs_itruncate_extents_flags+0x2d5/0x9f0
[  272.850623][ T7957]  ? xfs_iunlink_remove+0x7e0/0x7e0
[  272.855897][ T7957]  ? xfs_trans_log_inode+0x11b/0x190
[  272.861355][ T7957]  xfs_setattr_size+0x68c/0xbc0
[  272.866386][ T7957]  ? trace_xfs_setattr+0x240/0x240
[  272.871584][ T7957]  ? xfs_vn_setattr_size+0x153/0x170
[  272.876966][ T7957]  xfs_vn_setattr+0x260/0x310
[  272.881737][ T7957]  ? xfs_iflags_set+0x50/0x50
[  272.886492][ T7957]  ? evm_inode_setattr+0x91/0x790
[  272.891597][ T7957]  ? bpf_lsm_inode_setattr+0x5/0x10
[  272.896871][ T7957]  ? security_inode_setattr+0xd8/0x140
[  272.902400][ T7957]  ? try_break_deleg+0x79/0x120
[  272.907319][ T7957]  ? xfs_iflags_set+0x50/0x50
[  272.912076][ T7957]  notify_change+0xc74/0xf40
[  272.916836][ T7957]  do_truncate+0x1ac/0x240
[  272.921320][ T7957]  ? put_page_bootmem+0x2c0/0x2c0
[  272.926417][ T7957]  ? ima_bprm_check+0x200/0x200
[  272.931338][ T7957]  ? bpf_lsm_path_truncate+0x5/0x10
[  272.937149][ T7957]  path_openat+0x2861/0x2ee0
[  272.941828][ T7957]  ? do_syscall_64+0x4c/0xa0
[  272.946498][ T7957]  ? do_filp_open+0x430/0x430
[  272.951347][ T7957]  do_filp_open+0x1f1/0x430
[  272.955924][ T7957]  ? vfs_tmpfile+0x480/0x480
[  272.960604][ T7957]  ? _raw_spin_unlock+0x24/0x40
[  272.965515][ T7957]  ? alloc_fd+0x58f/0x630
[  272.969928][ T7957]  do_sys_openat2+0x150/0x4b0
[  272.974761][ T7957]  ? lockdep_hardirqs_on+0x94/0x140
[  272.980070][ T7957]  ? _raw_spin_unlock_irqrestore+0xc1/0x120
[  272.986025][ T7957]  ? do_sys_open+0xe0/0xe0
[  272.990532][ T7957]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  272.996600][ T7957]  ? lock_chain_count+0x20/0x20
[  273.001616][ T7957]  __x64_sys_openat+0x135/0x160
[  273.006591][ T7957]  do_syscall_64+0x4c/0xa0
[  273.011076][ T7957]  ? clear_bhb_loop+0x60/0xb0
[  273.015824][ T7957]  ? clear_bhb_loop+0x60/0xb0
[  273.020589][ T7957]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  273.026567][ T7957] RIP: 0033:0x7f83b299c799
[  273.031051][ T7957] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  273.050753][ T7957] RSP: 002b:00007f83b3868028 EFLAGS: 00000246 ORIG_RAX: 0000000000000101
[  273.059274][ T7957] RAX: ffffffffffffffda RBX: 00007f83b2c16090 RCX: 00007f83b299c799
[  273.067318][ T7957] RDX: 0000000000183341 RSI: 0000200000000080 RDI: ffffffffffffff9c
[  273.075382][ T7957] RBP: 00007f83b2a32bd9 R08: 0000000000000000 R09: 0000000000000000
[  273.083511][ T7957] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  273.091559][ T7957] R13: 00007f83b2c16128 R14: 00007f83b2c16090 R15: 00007ffe41800498
[  273.099619][ T7957]  </TASK>
[  273.257143][ T7957] XFS (loop7): Corruption detected. Unmount and run xfs_repair
[  273.327393][ T7957] XFS (loop7): Corruption of in-memory data (0x8) detected at xfs_defer_finish_noroll+0x1798/0x1e60 (fs/xfs/libxfs/xfs_defer.c:580).  Shutting down filesystem.
[  273.386977][ T7957] XFS (loop7): Please unmount the filesystem and rectify the problem(s)
[  273.459672][ T7966] loop5: detected capacity change from 0 to 4096
[  273.532767][ T7966] ntfs3: loop5: Mark volume as dirty due to NTFS errors
[  273.750057][ T6891] XFS (loop7): Unmounting Filesystem
[  273.948922][    T0] NOHZ tick-stop error: local softirq work is pending, handler #202!!!
[  274.185499][    T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!!
[  274.607158][ T5720] usb 6-1: new high-speed USB device number 12 using dummy_hcd
[  274.670949][ T7993] input: Bluetooth HID Boot Protocol Device as /devices/virtual/bluetooth/hci0/hci0:200/input15
[  274.803214][ T5720] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  274.874644][ T5720] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  274.913226][ T8000] netlink: 'syz.1.1125': attribute type 1 has an invalid length.
[  274.926030][ T5720] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  274.940542][ T8000] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  274.949163][ T8000] IPv6: NLM_F_CREATE should be set when creating new route
[  274.956467][ T8000] IPv6: NLM_F_CREATE should be set when creating new route
[  274.976807][ T5720] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  275.012667][ T5720] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  275.042819][ T5720] usb 6-1: config 0 descriptor??
[  275.050272][ T8002] netlink: 'syz.1.1125': attribute type 1 has an invalid length.
[  275.093974][ T8002] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE
[  275.498392][ T5720] plantronics 0003:047F:FFFF.000C: No inputs registered, leaving
[  275.536299][ T5720] plantronics 0003:047F:FFFF.000C: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0
[  275.660239][ T8012] loop8: detected capacity change from 0 to 1024
[  275.699454][ T8012] EXT4-fs: Ignoring removed orlov option
[  275.783425][ T8012] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  275.792680][ T5720] usb 6-1: USB disconnect, device number 12
[  276.005388][ T8001] loop7: detected capacity change from 0 to 32768
[  276.018227][ T4855] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  276.067276][ T8001] XFS: ikeep mount option is deprecated.
[  276.100422][ T8013] fido_id[8013]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[  276.189254][ T8001] XFS (loop7): Mounting V5 Filesystem
[  276.237037][ T4855] usb 3-1: Using ep0 maxpacket: 32
[  276.249338][ T4855] usb 3-1: unable to get BOS descriptor or descriptor too short
[  276.259025][ T4855] usb 3-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config
[  276.272574][ T4855] usb 3-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb
[  276.282837][ T4855] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  276.291574][ T4855] usb 3-1: Product: syz
[  276.293032][ T7772] EXT4-fs (loop8): unmounting filesystem.
[  276.295895][ T4855] usb 3-1: Manufacturer: syz
[  276.306517][ T4855] usb 3-1: SerialNumber: syz
[  276.453164][ T8001] XFS (loop7): Ending clean mount
[  276.475171][ T8001] XFS (loop7): Quotacheck needed: Please wait.
[  276.522952][ T4855] usb 3-1: Cannot retrieve CPort count: -71
[  276.539279][ T4855] usb 3-1: Cannot retrieve CPort count: -71
[  276.545303][ T4855] es2_ap_driver: probe of 3-1:7.0 failed with error -71
[  276.595909][ T4855] usb 3-1: USB disconnect, device number 13
[  276.675435][ T8001] XFS (loop7): Quotacheck: Done.
[  276.948146][ T6891] XFS (loop7): Unmounting Filesystem
[  277.188780][ T8048] loop5: detected capacity change from 0 to 256
[  277.225556][ T8048] exfat: Deprecated parameter 'namecase'
[  277.270127][ T8048] exFAT-fs (loop5): failed to load upcase table (idx : 0x00010000, chksum : 0x36dfe6b4, utbl_chksum : 0xe619d30d)
[  277.767718][ T8057] loop1: detected capacity change from 0 to 4096
[  277.847955][ T8057] EXT4-fs (loop1): Test dummy encryption mode enabled
[  277.890836][ T8057] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  278.148541][ T4270] EXT4-fs (loop1): unmounting filesystem.
[  278.822396][ T8089] sctp: [Deprecated]: syz.1.1159 (pid 8089) Use of int in max_burst socket option deprecated.
[  278.822396][ T8089] Use struct sctp_assoc_value instead
[  279.060093][ T8075] loop7: detected capacity change from 0 to 32768
[  279.089839][ T8075] BTRFS: device fsid c9fe44da-de57-406a-8241-57ec7d4412cf devid 1 transid 8 /dev/loop7 scanned by syz.7.1152 (8075)
[  279.144011][ T8075] BTRFS info (device loop7): first mount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  279.172264][ T8075] BTRFS info (device loop7): using crc32c (crc32c-intel) checksum algorithm
[  279.200379][ T8075] BTRFS info (device loop7): setting nodatasum
[  279.219072][ T8075] BTRFS info (device loop7): force zlib compression, level 3
[  279.252707][ T8075] BTRFS info (device loop7): setting incompat feature flag for COMPRESS_LZO (0x8)
[  279.287018][ T8075] BTRFS info (device loop7): use lzo compression, level 0
[  279.310004][ T8075] BTRFS info (device loop7): turning on flush-on-commit
[  279.334831][ T8075] BTRFS info (device loop7): enabling auto defrag
[  279.352777][ T8083] loop5: detected capacity change from 0 to 32768
[  279.362240][ T8075] BTRFS info (device loop7): max_inline at 4096
[  279.384514][ T8075] BTRFS info (device loop7): using free space tree
[  279.439232][ T8083] XFS (loop5): Mounting V5 Filesystem
[  279.643062][ T8083] XFS (loop5): Ending clean mount
[  279.681808][ T8075] BTRFS info (device loop7): enabling ssd optimizations
[  279.716293][ T8083] XFS (loop5): Quotacheck needed: Please wait.
[  279.885389][ T8083] XFS (loop5): Quotacheck: Done.
[  279.951035][   T27] audit: type=1800 audit(2000000026.250:13): pid=8083 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.5.1156" name="file1" dev="loop5" ino=9286 res=0 errno=0
[  279.999130][ T8127] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1164'.
[  280.351927][ T4376] XFS (loop5): Unmounting Filesystem
[  280.493923][ T6891] BTRFS info (device loop7): last unmount of filesystem c9fe44da-de57-406a-8241-57ec7d4412cf
[  281.348172][  T126] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  281.558960][  T126] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  281.596132][  T126] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  281.637558][  T126] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  281.676119][  T126] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  281.706191][  T126] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  281.762875][  T126] usb 2-1: config 0 descriptor??
[  282.115726][ T8158] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1178'.
[  282.150228][ T8160] loop8: detected capacity change from 0 to 2048
[  282.220505][  T126] plantronics 0003:047F:FFFF.000D: No inputs registered, leaving
[  282.278747][  T126] plantronics 0003:047F:FFFF.000D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0
[  282.307242][ T8160] UDF-fs: INFO Mounting volume 'LinuxUDF', timestamp 2022/11/22 14:59 (1000)
[  282.804440][ T8171] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  282.851823][ T8171] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  282.929159][ T8171] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  282.979975][ T8171] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  283.026655][ T8174] loop8: detected capacity change from 0 to 256
[  283.065997][ T8174] exFAT-fs (loop8): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  283.104603][ T8174] exFAT-fs (loop8): Medium has reported failures. Some data may be lost.
[  283.132775][ T8172] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  283.158340][ T8174] exFAT-fs (loop8): failed to load upcase table (idx : 0x00010000, chksum : 0x640de592, utbl_chksum : 0xe619d30d)
[  283.182389][ T8172] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  283.218018][ T8172] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  283.280985][ T8172] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check.
[  283.575203][    C1] plantronics 0003:047F:FFFF.000D: usb_submit_urb(ctrl) failed: -1
[  283.721308][ T8167] loop7: detected capacity change from 0 to 40427
[  283.739140][ T8167] F2FS-fs (loop7): build fault injection attr: rate: 684, type: 0x3ffff
[  283.782563][ T8167] F2FS-fs (loop7): build fault injection attr: rate: 0, type: 0x35f7
[  283.832856][ T8167] F2FS-fs (loop7): invalid crc value
[  283.872751][ T8167] F2FS-fs (loop7): Found nat_bits in checkpoint
[  284.013039][ T8167] F2FS-fs (loop7): Start checkpoint disabled!
[  284.051495][ T8167] F2FS-fs (loop7): Mounted with checkpoint version = 48b305e6
[  284.342170][ T8167] F2FS-fs (loop7) : inject checkpoint error in f2fs_balance_fs of f2fs_setxattr+0x1ae/0x310
[  284.471464][ T5730] usb 2-1: USB disconnect, device number 10
[  284.508338][ T6891] F2FS-fs (loop7): access invalid blkaddr:4043309056
[  284.550806][ T6891] CPU: 0 PID: 6891 Comm: syz-executor Not tainted syzkaller #0
[  284.558578][ T6891] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  284.568699][ T6891] Call Trace:
[  284.572030][ T6891]  <TASK>
[  284.575011][ T6891]  dump_stack_lvl+0x188/0x24e
[  284.579878][ T6891]  ? show_regs_print_info+0x12/0x12
[  284.585138][ T6891]  ? f2fs_get_next_page_offset+0x6a0/0x6a0
[  284.591010][ T6891]  f2fs_is_valid_blkaddr+0xc7e/0x1250
[  284.596454][ T6891]  f2fs_map_blocks+0xd2a/0x3410
[  284.601451][ T6891]  ? f2fs_get_block+0x140/0x140
[  284.606389][ T6891]  ? xa_load+0x2b3/0x2e0
[  284.610677][ T6891]  ? xa_load+0x60/0x2e0
[  284.614894][ T6891]  ? page_index+0xe7/0x470
[  284.619513][ T6891]  f2fs_mpage_readpages+0xa9a/0x2850
[  284.624907][ T6891]  ? dquot_release_reservation_block+0xa0/0xa0
[  284.631128][ T6891]  ? __mod_lruvec_page_state+0xa1/0x410
[  284.636767][ T6891]  ? f2fs_readahead+0x180/0x380
[  284.641681][ T6891]  ? blk_start_plug+0x94/0x110
[  284.646504][ T6891]  read_pages+0x185/0x850
[  284.650997][ T6891]  ? folio_put+0xd0/0xd0
[  284.655380][ T6891]  ? page_cache_ra_unbounded+0x770/0x770
[  284.661082][ T6891]  ? filemap_add_folio+0x188/0x3c0
[  284.666253][ T6891]  page_cache_ra_unbounded+0x690/0x770
[  284.671780][ T6891]  f2fs_readdir+0x487/0xa00
[  284.676360][ T6891]  ? f2fs_fill_dentries+0xce0/0xce0
[  284.681624][ T6891]  ? end_current_label_crit_section+0x14b/0x170
[  284.687930][ T6891]  ? iterate_dir+0x10d/0x560
[  284.692623][ T6891]  ? down_read_killable+0x1cc/0x340
[  284.697905][ T6891]  ? fsnotify_perm+0x248/0x550
[  284.702738][ T6891]  iterate_dir+0x218/0x560
[  284.707222][ T6891]  ? f2fs_fill_dentries+0xce0/0xce0
[  284.712482][ T6891]  __se_sys_getdents64+0xf2/0x270
[  284.717662][ T6891]  ? __x64_sys_getdents64+0x80/0x80
[  284.722932][ T6891]  ? filldir+0x700/0x700
[  284.727250][ T6891]  ? lockdep_hardirqs_on+0x94/0x140
[  284.732508][ T6891]  do_syscall_64+0x4c/0xa0
[  284.736985][ T6891]  ? clear_bhb_loop+0x60/0xb0
[  284.741716][ T6891]  ? clear_bhb_loop+0x60/0xb0
[  284.746459][ T6891]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  284.752427][ T6891] RIP: 0033:0x7f83b29c5133
[  284.756905][ T6891] Code: c7 c0 e8 ff ff ff 64 c7 00 16 00 00 00 31 c0 eb 9e e8 81 9b fd ff 90 b8 ff ff ff 7f 48 39 c2 48 0f 47 d0 b8 d9 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 05 c3 0f 1f 40 00 48 c7 c2 e8 ff ff ff f7 d8
[  284.776580][ T6891] RSP: 002b:00007ffe417fe5e8 EFLAGS: 00000293 ORIG_RAX: 00000000000000d9
[  284.785079][ T6891] RAX: ffffffffffffffda RBX: 000055556d083a30 RCX: 00007f83b29c5133
[  284.793203][ T6891] RDX: 0000000000008000 RSI: 000055556d083a60 RDI: 0000000000000005
[  284.801239][ T6891] RBP: 000055556d083a60 R08: 00007f83b2bebe20 R09: 0000000000000001
[  284.809270][ T6891] R10: 0000000000000000 R11: 0000000000000293 R12: 000055556d083a34
[  284.817298][ T6891] R13: ffffffffffffffe8 R14: 0000000000000010 R15: 00007ffe41800890
[  284.825344][ T6891]  </TASK>
[  284.828426][    C0] vkms_vblank_simulate: vblank timer overrun
[  284.883253][ T6891] syz-executor: attempt to access beyond end of device
[  284.883253][ T6891] loop7: rw=524288, sector=45064, nr_sectors = 8 limit=40427
[  284.913672][ T6891] syz-executor: attempt to access beyond end of device
[  284.913672][ T6891] loop7: rw=0, sector=45064, nr_sectors = 8 limit=40427
[  285.091179][   T27] audit: type=1326 audit(2000000031.390:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8203 comm="syz.8.1198" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6316d9c799 code=0x0
[  285.500071][ T8216] netlink: 'syz.2.1203': attribute type 12 has an invalid length.
[  285.508280][ T8216] netlink: 'syz.2.1203': attribute type 29 has an invalid length.
[  285.516159][ T8216] netlink: 148 bytes leftover after parsing attributes in process `syz.2.1203'.
[  285.526099][ T8216] netlink: 'syz.2.1203': attribute type 1 has an invalid length.
[  285.534764][ T8216] netlink: 'syz.2.1203': attribute type 2 has an invalid length.
[  285.872820][    T9] netdevsim netdevsim7 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  286.159688][ T8228] input: syz1 as /devices/virtual/input/input16
[  286.210701][    T9] netdevsim netdevsim7 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  286.233040][ T4633] udevd[4633]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory
[  286.425734][    T9] netdevsim netdevsim7 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  286.675711][    T9] netdevsim netdevsim7 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  287.423503][ T8259] input: syz0 as /devices/virtual/input/input17
[  287.997227][  T126] usb 6-1: new high-speed USB device number 13 using dummy_hcd
[  288.062682][ T4281] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1
[  288.076171][ T4281] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9
[  288.087132][ T4281] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9
[  288.104720][ T4281] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4
[  288.117902][ T4281] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3
[  288.125260][ T4281] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2
[  288.229515][  T126] usb 6-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  288.261075][  T126] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  288.302716][  T126] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  288.333422][  T126] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  288.427060][  T126] usb 6-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  288.457554][  T126] usb 6-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  288.466190][  T126] usb 6-1: Manufacturer: syz
[  288.513926][  T126] usb 6-1: config 0 descriptor??
[  288.626935][ T4317] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  288.830401][ T4317] usb 3-1: Using ep0 maxpacket: 32
[  288.845896][ T4317] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  288.906914][ T4317] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40
[  288.916138][ T4317] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  288.935299][  T126] appleir 0003:05AC:8243.000E: unknown main item tag 0x0
[  288.943860][ T4317] usb 3-1: config 0 descriptor??
[  288.960834][  T126] appleir 0003:05AC:8243.000E: No inputs registered, leaving
[  288.999321][ T4317] hub 3-1:0.0: USB hub found
[  289.037357][  T126] appleir 0003:05AC:8243.000E: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.5-1/input0
[  289.174199][ T4317] hub 3-1:0.0: 1 port detected
[  289.187683][ T8297] loop1: detected capacity change from 0 to 4096
[  289.213566][  T126] usb 6-1: USB disconnect, device number 13
[  289.313840][ T8297] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  289.501835][ T8298] fido_id[8298]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory
[  289.586648][ T4317] usb 3-1: USB disconnect, device number 14
[  289.952299][ T8312] input: syz1 as /devices/virtual/input/input18
[  290.209245][ T4281] Bluetooth: hci3: command 0x0409 tx timeout
[  290.269863][    C1] vkms_vblank_simulate: vblank timer overrun
[  290.322392][ T8272] chnl_net:caif_netlink_parms(): no params data found
[  290.537873][    T9] device hsr_slave_0 left promiscuous mode
[  290.568084][    T9] device hsr_slave_1 left promiscuous mode
[  290.587328][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  290.600741][    T9] batman_adv: batadv0: Removing interface: batadv_slave_0
[  290.657235][    T9] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  290.665049][    T9] batman_adv: batadv0: Removing interface: batadv_slave_1
[  290.705427][    T9] device bridge_slave_1 left promiscuous mode
[  290.717214][    T9] bridge0: port 2(bridge_slave_1) entered disabled state
[  290.730461][    T9] device bridge_slave_0 left promiscuous mode
[  290.737375][    T9] bridge0: port 1(bridge_slave_0) entered disabled state
[  290.780775][    T9] device veth1_macvtap left promiscuous mode
[  290.787585][    T9] device veth0_macvtap left promiscuous mode
[  290.793958][    T9] device veth1_vlan left promiscuous mode
[  290.804032][    T9] device veth0_vlan left promiscuous mode
[  290.967174][  T126] usb 9-1: new high-speed USB device number 2 using dummy_hcd
[  291.150951][    C1] vkms_vblank_simulate: vblank timer overrun
[  291.195375][  T126] usb 9-1: Using ep0 maxpacket: 8
[  291.204857][  T126] usb 9-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb
[  291.218865][  T126] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  291.259147][  T126] usb 9-1: config 0 descriptor??
[  291.272216][  T126] asix: probe of 9-1:0.0 failed with error -22
[  292.277980][    T9] team0 (unregistering): Port device team_slave_1 removed
[  292.288063][ T4281] Bluetooth: hci3: command 0x041b tx timeout
[  292.362482][    T9] team0 (unregistering): Port device team_slave_0 removed
[  292.439530][    T9] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  292.523341][    T9] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  293.183342][    T9] bond0 (unregistering): Released all slaves
[  293.439359][ T8272] bridge0: port 1(bridge_slave_0) entered blocking state
[  293.461050][ T8272] bridge0: port 1(bridge_slave_0) entered disabled state
[  293.518762][ T8272] device bridge_slave_0 entered promiscuous mode
[  293.552185][ T8272] bridge0: port 2(bridge_slave_1) entered blocking state
[  293.559531][ T8272] bridge0: port 2(bridge_slave_1) entered disabled state
[  293.568604][ T8272] device bridge_slave_1 entered promiscuous mode
[  293.734535][ T8272] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  293.837741][ T8272] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  293.852808][ T5730] usb 9-1: USB disconnect, device number 2
[  294.030267][ T8363] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1247'.
[  294.098326][ T8363] device bond1 entered promiscuous mode
[  294.104498][ T8363] 8021q: adding VLAN 0 to HW filter on device bond1
[  294.134263][    C1] vkms_vblank_simulate: vblank timer overrun
[  294.204486][ T8365] 8021q: adding VLAN 0 to HW filter on device bond2
[  294.213897][ T8365] device bond2 entered promiscuous mode
[  294.223570][ T8365] bond1: (slave bond2): Enslaving as an active interface with an up link
[  294.247883][ T8272] team0: Port device team_slave_0 added
[  294.358109][ T4325] IPv6: ADDRCONF(NETDEV_CHANGE): bond1: link becomes ready
[  294.367493][ T4284] Bluetooth: hci3: command 0x040f tx timeout
[  294.407138][ T5730] usb 9-1: new full-speed USB device number 3 using dummy_hcd
[  294.489231][ T8272] team0: Port device team_slave_1 added
[  294.587847][ T8272] batman_adv: batadv0: Adding interface: batadv_slave_0
[  294.594909][ T8272] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  294.620985][    C1] vkms_vblank_simulate: vblank timer overrun
[  294.633208][ T5730] usb 9-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  294.657060][ T5730] usb 9-1: config 1 has 1 interface, different from the descriptor's value: 3
[  294.699643][ T5730] usb 9-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  294.719570][ T5730] usb 9-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  294.742877][ T8272] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  294.754633][ T5730] usb 9-1: Product: syz
[  294.770476][ T5730] usb 9-1: Manufacturer: syz
[  294.775188][ T5730] usb 9-1: SerialNumber: syz
[  294.813710][ T8272] batman_adv: batadv0: Adding interface: batadv_slave_1
[  294.841395][ T8272] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  294.952068][ T8272] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  295.022890][ T5730] usb 9-1: 0:2 : does not exist
[  295.044331][ T5730] usb 9-1: 5:0: failed to get current value for ch 0 (-22)
[  295.138419][ T5730] usb 9-1: USB disconnect, device number 3
[  295.162547][ T8272] device hsr_slave_0 entered promiscuous mode
[  295.203191][ T4633] udevd[4633]: error opening ATTR{/sys/devices/platform/dummy_hcd.8/usb9/9-1/9-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  295.223254][ T8272] device hsr_slave_1 entered promiscuous mode
[  295.251541][ T8272] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  295.284784][ T8272] Cannot create hsr debugfs directory
[  295.388364][ T4270] EXT4-fs (loop1): unmounting filesystem.
[  296.396170][ T8272] netdevsim netdevsim9 netdevsim0: renamed from eth0
[  296.457050][ T4284] Bluetooth: hci3: command 0x0419 tx timeout
[  296.499543][ T8272] netdevsim netdevsim9 netdevsim1: renamed from eth1
[  296.531864][ T8272] netdevsim netdevsim9 netdevsim2: renamed from eth2
[  296.595215][ T8272] netdevsim netdevsim9 netdevsim3: renamed from eth3
[  296.982930][ T8272] 8021q: adding VLAN 0 to HW filter on device bond0
[  297.030306][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  297.050766][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  297.083754][ T8272] 8021q: adding VLAN 0 to HW filter on device team0
[  297.127857][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  297.143345][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  297.174970][ T2935] bridge0: port 1(bridge_slave_0) entered blocking state
[  297.182324][ T2935] bridge0: port 1(bridge_slave_0) entered forwarding state
[  297.193025][ T4863] usb 3-1: new full-speed USB device number 15 using dummy_hcd
[  297.248081][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  297.276184][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  297.307347][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  297.338734][   T11] bridge0: port 2(bridge_slave_1) entered blocking state
[  297.346039][   T11] bridge0: port 2(bridge_slave_1) entered forwarding state
[  297.382955][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  297.397626][ T4863] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  297.427548][ T4863] usb 3-1: New USB device found, idVendor=046d, idProduct=c50c, bcdDevice= 0.00
[  297.436751][ T4863] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  297.445459][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  297.446844][    C1] hrtimer: interrupt took 248082 ns
[  297.487642][ T4863] usb 3-1: config 0 descriptor??
[  297.513052][ T4863] usbhid 3-1:0.0: couldn't find an input interrupt endpoint
[  297.533739][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  297.560395][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  297.618475][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  297.657712][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  297.678701][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  297.698850][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  297.718117][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  297.744271][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  297.778020][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  297.809100][ T8272] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  298.115423][ T8432] loop8: detected capacity change from 0 to 40427
[  298.184220][ T8432] F2FS-fs (loop8): Invalid log blocks per segment (4278190089)
[  298.204345][ T8432] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock
[  298.244898][ T8432] F2FS-fs (loop8): invalid crc value
[  298.285244][ T8432] F2FS-fs (loop8): Found nat_bits in checkpoint
[  298.516640][ T8432] F2FS-fs (loop8): Try to recover 1th superblock, ret: 0
[  298.535695][ T8432] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  298.631773][ T8460] hugetlbfs: Bad value '0x00000000ffffffff' for mount option 'uid'
[  298.631773][ T8460] 
[  298.768160][ T8432] F2FS-fs (loop8): Corrupted max_depth of 3: 255
[  298.861583][ T8432] F2FS-fs (loop8): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  298.895401][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  298.909192][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  298.943552][ T8272] 8021q: adding VLAN 0 to HW filter on device batadv0
[  299.431724][ T8483] loop1: detected capacity change from 0 to 16
[  299.522302][ T8483] erofs: (device loop1): mounted with root inode @ nid 36.
[  299.977704][ T5720] usb 3-1: USB disconnect, device number 15
[  300.374170][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  300.395967][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  300.435892][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  300.445934][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  300.493024][ T8272] device veth0_vlan entered promiscuous mode
[  300.511585][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  300.528475][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  300.549680][ T8272] device veth1_vlan entered promiscuous mode
[  300.595116][ T4340] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  300.614955][ T4340] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  300.658591][ T4340] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  300.703492][ T8492] loop5: detected capacity change from 0 to 40427
[  300.711427][ T4340] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  300.763400][ T8492] F2FS-fs (loop5): invalid crc value
[  300.779891][ T8272] device veth0_macvtap entered promiscuous mode
[  300.802771][ T8492] F2FS-fs (loop5): Found nat_bits in checkpoint
[  300.825685][ T4340] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  300.846194][ T8272] device veth1_macvtap entered promiscuous mode
[  300.885272][ T8510] netlink: 27 bytes leftover after parsing attributes in process `syz.8.1281'.
[  300.949510][ T8272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  301.016551][ T8272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.075057][ T8492] F2FS-fs (loop5): Start checkpoint disabled!
[  301.082464][ T8272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  301.107633][ T8272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.126788][ T8492] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e6
[  301.135465][ T8272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  301.169739][ T8272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.195307][ T8515] loop8: detected capacity change from 0 to 256
[  301.206943][ T8272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  301.235910][ T8272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.251765][ T8515] exfat: Unknown parameter '0xffffffffffffffff0x0000000000000000ÿ'
[  301.260120][ T8272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  301.281971][ T8272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.292032][ T8272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  301.320252][ T8272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.348019][ T8272] batman_adv: batadv0: Interface activated: batadv_slave_0
[  301.357081][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  301.397619][   T33] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  301.436166][ T8272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  301.466931][ T8272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.507118][ T8272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  301.557058][ T8272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.587050][ T8272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  301.640037][ T8272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.665639][ T8492] syz.5.1277: attempt to access beyond end of device
[  301.665639][ T8492] loop5: rw=2049, sector=53248, nr_sectors = 2056 limit=40427
[  301.696318][ T8272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  301.726576][ T8272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.768412][ T8524] input: syz1 as /devices/virtual/input/input19
[  301.781224][ T8272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  301.796705][ T8524] input: failed to attach handler leds to device input19, error: -6
[  301.820212][ T8272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.866326][ T8272] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  301.890007][ T8492] syz.5.1277: attempt to access beyond end of device
[  301.890007][ T8492] loop5: rw=0, sector=55296, nr_sectors = 8 limit=40427
[  301.915045][ T8272] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  301.945977][ T8272] batman_adv: batadv0: Interface activated: batadv_slave_1
[  301.984602][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  302.026971][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  302.062824][ T8272] netdevsim netdevsim9 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  302.107123][ T8272] netdevsim netdevsim9 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  302.116007][ T8272] netdevsim netdevsim9 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  302.210465][ T8272] netdevsim netdevsim9 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  302.537260][ T4340] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  302.556971][ T4340] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  302.602283][ T4543] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  302.664328][   T33] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  302.675470][ T8541] loop1: detected capacity change from 0 to 256
[  302.682505][   T33] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  302.698507][   T27] audit: type=1326 audit(2000000049.000:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8538 comm="syz.2.1293" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9f4c79c799 code=0x0
[  302.721487][ T4340] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  302.857590][ T8541] FAT-fs (loop1): Directory bread(block 64) failed
[  302.889300][ T8541] FAT-fs (loop1): Directory bread(block 65) failed
[  302.928132][ T8541] FAT-fs (loop1): Directory bread(block 66) failed
[  302.934870][ T8541] FAT-fs (loop1): Directory bread(block 67) failed
[  303.022616][ T8545] loop6: detected capacity change from 0 to 8
[  303.031544][ T8541] FAT-fs (loop1): Directory bread(block 68) failed
[  303.072749][ T8541] FAT-fs (loop1): Directory bread(block 69) failed
[  303.079897][ T8545] loop6: detected capacity change from 8 to 7
[  303.095846][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  303.105595][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  303.133955][ T8541] FAT-fs (loop1): Directory bread(block 70) failed
[  303.140868][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  303.150133][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  303.158872][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  303.168190][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  303.170867][ T8541] FAT-fs (loop1): Directory bread(block 71) failed
[  303.194048][ T8541] FAT-fs (loop1): Directory bread(block 72) failed
[  303.232534][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  303.236666][ T8541] FAT-fs (loop1): Directory bread(block 73) failed
[  303.241910][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  303.257377][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  303.266658][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  303.295357][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  303.304709][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  303.314110][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  303.323378][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  303.409195][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  303.418501][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  303.437212][ T8545] ldm_validate_partition_table(): Disk read failed.
[  303.474031][    C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  303.483321][    C0] Buffer I/O error on dev loop6, logical block 0, async page read
[  303.503273][    C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 2
[  303.512671][    C1] Buffer I/O error on dev loop6, logical block 0, async page read
[  303.589312][ T8545] Dev loop6: unable to read RDB block 0
[  303.624492][ T8545]  loop6: unable to read partition table
[  303.639608][ T8545] loop6: partition table beyond EOD, truncated
[  303.687097][ T8545] loop_reread_partitions: partition scan of loop6 (aQ¤"¸ÍAZD–Îå0�̹¨Š¾<wÁ?ÿûF4Ç"@/}©~ZÍ.ž-îØb	?›e9u×®/5¸êÅ) failed (rc=-5)
[  303.986989][ T4863] usb 10-1: new high-speed USB device number 2 using dummy_hcd
[  304.162171][ T8575] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1303'.
[  304.191266][ T4863] usb 10-1: Using ep0 maxpacket: 16
[  304.199301][ T4863] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  304.224137][ T4863] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  304.256182][ T4863] usb 10-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  304.303968][ T4863] usb 10-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  304.341017][ T4863] usb 10-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  304.385539][ T4863] usb 10-1: config 0 descriptor??
[  304.646356][ T8560] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy
[  304.680694][ T8560] misc raw-gadget: fail, usb_gadget_register_driver returned -16
[  304.962750][ T4863] microsoft 0003:045E:07DA.000F: unknown main item tag 0x2
[  304.974562][ T4863] microsoft 0003:045E:07DA.000F: unknown main item tag 0x0
[  305.002753][ T4863] microsoft 0003:045E:07DA.000F: unknown main item tag 0x2
[  305.012817][ T4863] microsoft 0003:045E:07DA.000F: unknown main item tag 0x0
[  305.065872][ T4863] input: HID 045e:07da as /devices/platform/dummy_hcd.9/usb10/10-1/10-1:0.0/0003:045E:07DA.000F/input/input20
[  305.134569][ T4863] microsoft 0003:045E:07DA.000F: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.9-1/input0
[  305.229640][ T8598] loop5: detected capacity change from 0 to 64
[  305.238561][ T4863] usb 10-1: USB disconnect, device number 2
[  305.803737][ T8599] fido_id[8599]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.9/usb10/report_descriptor': No such file or directory
[  306.477044][ T4863] usb 10-1: new high-speed USB device number 3 using dummy_hcd
[  306.687040][ T4863] usb 10-1: Using ep0 maxpacket: 32
[  306.694522][ T4863] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024
[  306.778831][ T4863] usb 10-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  306.827266][ T4863] usb 10-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  306.906885][ T4863] usb 10-1: Product: syz
[  306.932021][ T4863] usb 10-1: Manufacturer: syz
[  306.977144][ T4863] usb 10-1: SerialNumber: syz
[  307.021810][ T4863] usb 10-1: config 0 descriptor??
[  307.048348][ T8609] raw-gadget.1 gadget.9: fail, usb_ep_enable returned -22
[  307.076361][ T4863] hub 10-1:0.0: bad descriptor, ignoring hub
[  307.103217][ T4863] hub: probe of 10-1:0.0 failed with error -5
[  307.121826][ T8620] loop5: detected capacity change from 0 to 256
[  307.176540][ T8620] exfat: Unknown parameter '0xffffffffffffffff0x0000000000000000ÿ'
[  307.460750][ T8603] loop1: detected capacity change from 0 to 262144
[  307.476982][ T4337] usb 9-1: new high-speed USB device number 4 using dummy_hcd
[  307.499946][ T8603] F2FS-fs (loop1): invalid crc value
[  307.559247][ T8603] F2FS-fs (loop1): Found nat_bits in checkpoint
[  307.627820][ T8603] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  307.737875][ T4337] usb 9-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30
[  307.769694][ T4337] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  307.781940][ T8603] F2FS-fs (loop1): sanity_check_inode: inode (ino=7, mode=33261) should not have inline_data, run fsck to fix
[  307.813983][ T4337] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  307.825185][ T4337] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253
[  307.840758][ T4337] usb 9-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40
[  307.850626][ T4337] usb 9-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0
[  307.878529][ T4337] usb 9-1: Manufacturer: syz
[  307.886220][ T4337] usb 9-1: config 0 descriptor??
[  308.008613][ T4863] usb 10-1: USB disconnect, device number 3
[  308.217218][ T4863] usb 10-1: new full-speed USB device number 4 using dummy_hcd
[  308.339671][ T4337] appleir 0003:05AC:8243.0010: unknown main item tag 0x0
[  308.358506][ T4337] appleir 0003:05AC:8243.0010: No inputs registered, leaving
[  308.418830][ T4863] usb 10-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 1024, setting to 64
[  308.429599][ T4337] appleir 0003:05AC:8243.0010: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.8-1/input0
[  308.452245][ T4863] usb 10-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79
[  308.533016][ T4863] usb 10-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2
[  308.572514][ T4863] usb 10-1: Product: syz
[  308.599107][ T4863] usb 10-1: Manufacturer: syz
[  308.609213][ T4863] usb 10-1: SerialNumber: syz
[  308.638823][ T4863] usb 10-1: config 0 descriptor??
[  308.659292][ T8621] raw-gadget.1 gadget.9: fail, usb_ep_enable returned -22
[  308.680151][ T4863] hub 10-1:0.0: bad descriptor, ignoring hub
[  308.695164][ T4337] usb 9-1: USB disconnect, device number 4
[  308.717417][ T4863] hub: probe of 10-1:0.0 failed with error -5
[  308.880647][ T8648] fido_id[8648]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.8/usb9/report_descriptor': No such file or directory
[  309.067218][ T4863] usb 10-1: USB disconnect, device number 4
[  309.258829][ T8663] loop1: detected capacity change from 0 to 512
[  309.337343][ T8663] EXT4-fs (loop1): external journal device major/minor numbers have changed
[  309.937080][ T8663] EXT4-fs (loop1): failed to open journal device unknown-block(11,127) -6
[  310.787111][ T8666] loop8: detected capacity change from 0 to 40427
[  310.822782][ T8666] F2FS-fs (loop8): Invalid log_blocksize (268), supports only 12
[  310.877301][ T8666] F2FS-fs (loop8): Can't find valid F2FS filesystem in 1th superblock
[  310.929421][ T8666] F2FS-fs (loop8): invalid crc value
[  310.987788][ T8666] F2FS-fs (loop8): Found nat_bits in checkpoint
[  311.223463][ T8666] F2FS-fs (loop8): Try to recover 1th superblock, ret: 0
[  311.238701][ T8702] netlink: 92 bytes leftover after parsing attributes in process `syz.9.1338'.
[  311.256319][ T8666] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  312.472348][ T8708] loop5: detected capacity change from 0 to 131072
[  312.517318][ T8708] F2FS-fs (loop5): Invalid log sectorsize (67108873)
[  312.524148][ T8708] F2FS-fs (loop5): Can't find valid F2FS filesystem in 1th superblock
[  312.537752][ T8708] F2FS-fs (loop5): invalid crc value
[  312.545558][   T33] F2FS-fs (loop8): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  312.627831][ T8708] F2FS-fs (loop5): Found nat_bits in checkpoint
[  312.675763][   T33] F2FS-fs (loop8): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  312.687494][ T8708] F2FS-fs (loop5): Try to recover 1th superblock, ret: 0
[  312.694707][ T8708] F2FS-fs (loop5): Mounted with checkpoint version = 48b305e4
[  313.144489][ T8732] loop1: detected capacity change from 0 to 128
[  313.277312][ T5730] usb 10-1: new high-speed USB device number 5 using dummy_hcd
[  313.490114][ T5730] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16
[  313.552065][ T5730] usb 10-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64
[  313.659091][ T5730] usb 10-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32
[  313.739152][ T5730] usb 10-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  313.749735][ T8739] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1351'.
[  313.780072][ T5730] usb 10-1: Product: syz
[  313.784415][ T5730] usb 10-1: Manufacturer: syz
[  313.877914][ T5730] usb 10-1: SerialNumber: syz
[  313.900460][ T5730] usb 10-1: config 0 descriptor??
[  313.968549][ T8730] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[  313.975939][ T8730] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[  314.077649][ T8746] ALSA: mixer_oss: invalid OSS volume 'sit0'
[  314.221231][ T8730] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[  314.251500][ T8730] raw-gadget.0 gadget.9: fail, usb_ep_enable returned -22
[  314.665037][ T8766] netlink: 4 bytes leftover after parsing attributes in process `syz.5.1359'.
[  314.693574][ T5730] dm9601: No valid MAC address in EEPROM, using 00:00:00:00:00:00
[  315.096334][ T5730] dm9601 10-1:0.0 (unnamed net_device) (uninitialized): Error reading chip ID
[  315.136892][ T5730] usb 10-1: USB disconnect, device number 5
[  315.232791][ T8780] loop5: detected capacity change from 0 to 512
[  315.290958][   T27] audit: type=1326 audit(2000000061.590:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8759 comm="syz.1.1358" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5542d9c799 code=0x7fc00000
[  315.318376][ T8780] EXT4-fs error (device loop5): ext4_iget_extra_inode:4756: inode #15: comm syz.5.1363: corrupted in-inode xattr
[  315.389081][ T8780] EXT4-fs error (device loop5): ext4_orphan_get:1404: comm syz.5.1363: couldn't read orphan inode 15 (err -117)
[  315.437547][ T8780] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  315.485988][ T8780] EXT4-fs error (device loop5): ext4_check_dx_root:2266: inode #2: comm syz.5.1363: Corrupt dir, invalid name_len for '.', running e2fsck is recommended
[  315.663791][ T4376] EXT4-fs (loop5): unmounting filesystem.
[  316.756401][ T8819] device syzkaller1 entered promiscuous mode
[  317.617169][  T951] usb 9-1: new high-speed USB device number 5 using dummy_hcd
[  317.718877][ T8826] loop1: detected capacity change from 0 to 32768
[  317.785951][ T8826] 
[  317.785951][ T8826]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  317.785951][ T8826] 
[  317.838433][  T951] usb 9-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  317.859262][  T951] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  317.901010][  T951] usb 9-1: config 0 descriptor??
[  317.931261][  T951] cp210x 9-1:0.0: cp210x converter detected
[  318.329716][  T951] cp210x 9-1:0.0: failed to get vendor val 0x000e size 3: -32
[  318.337263][ T4270] 
[  318.337263][ T4270]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  318.337263][ T4270] 
[  318.348977][ T4270] 
[  318.348977][ T4270]  ... Log Wrap ... Log Wrap ... Log Wrap ...
[  318.348977][ T4270] 
[  318.597919][  T951] usb 9-1: cp210x converter now attached to ttyUSB0
[  318.727563][ T5730] hid-generic 0005:0006:5508.0011: hidraw0: BLUETOOTH HID vc3.36 Device [syz0] on aa:aa:aa:aa:aa:aa
[  318.795642][ T5720] usb 9-1: USB disconnect, device number 5
[  318.841999][ T5720] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  318.899260][ T5730] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  318.930134][ T5720] cp210x 9-1:0.0: device disconnected
[  319.006611][ T8870] fido_id[8870]: Failed to open report descriptor at '/sys/devices/virtual/bluetooth/hci3/hci3:200/report_descriptor': No such file or directory
[  319.116999][ T5730] usb 2-1: Using ep0 maxpacket: 8
[  319.124781][ T5730] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  319.175213][ T5730] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22
[  319.185094][ T8858] loop5: detected capacity change from 0 to 32768
[  319.189064][ T5730] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  319.218118][ T5730] usb 2-1: config 0 descriptor??
[  319.287003][ T8858] XFS (loop5): Mounting V5 Filesystem
[  319.377023][ T8858] XFS (loop5): Ending clean mount
[  319.384876][ T8858] XFS (loop5): Quotacheck needed: Please wait.
[  319.442426][ T5730] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0
[  319.453853][ T8883] netlink: 8 bytes leftover after parsing attributes in process `syz.9.1398'.
[  319.519480][ T8858] XFS (loop5): Quotacheck: Done.
[  319.555584][ T8883] netlink: 'syz.9.1398': attribute type 1 has an invalid length.
[  319.617139][ T8883] netlink: 'syz.9.1398': attribute type 2 has an invalid length.
[  319.645831][ T8888] XFS (loop5): User initiated shutdown received.
[  319.703268][   T27] audit: type=1800 audit(2000000066.000:17): pid=8886 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.5.1392" name="file1" dev="loop5" ino=6150 res=0 errno=0
[  319.734563][ T8888] XFS (loop5): Metadata I/O Error (0x4) detected at xfs_fs_goingdown+0x6d/0x150 (fs/xfs/xfs_fsops.c:495).  Shutting down filesystem.
[  319.742113][ T5720] usb 2-1: USB disconnect, device number 11
[  319.852008][ T8888] XFS (loop5): Please unmount the filesystem and rectify the problem(s)
[  320.079795][ T4376] XFS (loop5): Unmounting Filesystem
[  321.403541][ T8896] loop9: detected capacity change from 0 to 32768
[  321.487803][ T8896] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 8 /dev/loop9 scanned by syz.9.1401 (8896)
[  321.538602][ T8896] BTRFS info (device loop9): first mount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  321.609454][ T8896] BTRFS info (device loop9): using crc32c (crc32c-intel) checksum algorithm
[  321.631707][ T8896] BTRFS info (device loop9): enabling disk space caching
[  321.676655][ T8896] BTRFS info (device loop9): force clearing of disk cache
[  321.713605][ T8896] BTRFS info (device loop9): setting incompat feature flag for COMPRESS_ZSTD (0x10)
[  321.747391][ T8896] BTRFS info (device loop9): use zstd compression, level 3
[  321.775260][ T8896] BTRFS info (device loop9): disk space caching is enabled
[  322.055250][ T8896] BTRFS info (device loop9): enabling ssd optimizations
[  322.082853][ T8896] BTRFS info (device loop9): rebuilding free space tree
[  322.139109][ T8961] loop5: detected capacity change from 0 to 256
[  322.146664][ T8961] FAT-fs (loop5): utf8 is not a recommended IO charset for FAT filesystems, filesystem will be case sensitive!
[  322.247858][ T8896] BTRFS info (device loop9): disabling free space tree
[  322.249161][ T8961] FAT-fs (loop5): Volume was not properly unmounted. Some data may be corrupt. Please run fsck.
[  322.255578][ T8896] BTRFS info (device loop9): clearing compat-ro feature flag for FREE_SPACE_TREE (0x1)
[  322.337371][ T8896] BTRFS info (device loop9): clearing compat-ro feature flag for FREE_SPACE_TREE_VALID (0x2)
[  322.698585][ T8272] BTRFS info (device loop9): last unmount of filesystem 24c7a497-3402-47dd-bef8-82358f5f30e0
[  322.718156][ T8934] loop1: detected capacity change from 0 to 32768
[  323.172612][ T8934] JBD2: Ignoring recovery information on journal
[  323.360753][ T8934] ocfs2: Mounting device (7,1) on (node local, slot 0) with ordered data mode.
[  323.464830][ T4368] BTRFS: device fsid 24c7a497-3402-47dd-bef8-82358f5f30e0 devid 1 transid 12 /dev/loop9 scanned by udevd (4368)
[  323.857903][ T8991] loop5: detected capacity change from 0 to 512
[  323.953348][ T8991] EXT4-fs error (device loop5): ext4_orphan_get:1399: inode #15: comm syz.5.1430: iget: bad i_size value: 38620345925642
[  323.967547][ T8991] EXT4-fs error (device loop5): ext4_orphan_get:1404: comm syz.5.1430: couldn't read orphan inode 15 (err -117)
[  323.980082][ T8991] EXT4-fs (loop5): mounted filesystem without journal. Quota mode: writeback.
[  323.994322][ T8991] EXT4-fs (loop5): shut down requested (1)
[  324.057583][ T4376] EXT4-fs (loop5): unmounting filesystem.
[  324.150707][ T8999] loop8: detected capacity change from 0 to 256
[  324.392030][ T4270] ocfs2: Unmounting device (7,1) on (node local)
[  324.594430][ T9007] loop8: detected capacity change from 0 to 512
[  324.627083][   T22] usb 6-1: new high-speed USB device number 14 using dummy_hcd
[  324.657477][ T9007] EXT4-fs: Ignoring removed orlov option
[  324.702008][ T9007] EXT4-fs: Ignoring removed i_version option
[  324.737724][ T9007] EXT4-fs: Ignoring removed nomblk_io_submit option
[  324.818622][ T9007] EXT4-fs (loop8): revision level too high, forcing read-only mode
[  324.838936][   T22] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  324.877440][ T9007] [EXT4 FS bs=4096, gc=1, bpg=32768, ipg=32, mo=c040e118, mo2=0002]
[  324.907144][   T22] usb 6-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024
[  324.948379][ T9007] EXT4-fs (loop8): orphan cleanup on readonly fs
[  324.954938][ T9007] Quota error (device loop8): v2_read_header: Failed header read: expected=8 got=0
[  324.988412][   T22] usb 6-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  325.037148][   T22] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  325.045303][   T22] usb 6-1: Product: syz
[  325.050276][ T9007] EXT4-fs warning (device loop8): ext4_enable_quotas:7087: Failed to enable quota tracking (type=1, err=-22, ino=4). Please run e2fsck to fix.
[  325.088434][   T22] usb 6-1: Manufacturer: syz
[  325.095806][   T22] usb 6-1: SerialNumber: syz
[  325.110015][ T9007] EXT4-fs (loop8): Cannot turn on quotas: error -22
[  325.128404][   T22] cdc_mbim 6-1:1.0: skipping garbage
[  325.172796][ T9007] EXT4-fs error (device loop8): ext4_validate_block_bitmap:438: comm syz.8.1437: bg 0: block 40: padding at end of block bitmap is not set
[  325.237626][ T9007] EXT4-fs error (device loop8) in ext4_mb_clear_bb:6181: Corrupt filesystem
[  325.257423][ T9007] EXT4-fs (loop8): 1 truncate cleaned up
[  325.263360][ T9007] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  325.332366][ T9002] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  325.356532][ T9007] EXT4-fs (loop8): shut down requested (1)
[  325.523983][ T7772] EXT4-fs (loop8): unmounting filesystem.
[  325.731294][ T1278] ieee802154 phy0 wpan0: encryption failed: -22
[  325.737764][ T1278] ieee802154 phy1 wpan1: encryption failed: -22
[  325.974474][ T9002] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22
[  326.001337][   T22] cdc_mbim 6-1:1.0: cdc-wdm0: USB WDM device
[  326.144417][   T22] cdc_mbim 6-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.5-1, CDC MBIM, 4e:86:13:0e:37:06
[  326.231590][   T22] usb 6-1: USB disconnect, device number 14
[  326.262271][   T22] cdc_mbim 6-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.5-1, CDC MBIM
[  326.316970][ T4317] usb 9-1: new high-speed USB device number 6 using dummy_hcd
[  326.548741][ T4317] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  326.581770][ T9026] loop9: detected capacity change from 0 to 40427
[  326.595619][ T4317] usb 9-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  326.630800][ T4317] usb 9-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21
[  326.637521][ T9026] F2FS-fs (loop9): invalid crc value
[  326.681294][ T4317] usb 9-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00
[  326.695264][ T9026] F2FS-fs (loop9): Found nat_bits in checkpoint
[  326.725176][ T4317] usb 9-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  326.754086][ T4317] usb 9-1: config 0 descriptor??
[  326.920139][ T9026] F2FS-fs (loop9): Start checkpoint disabled!
[  326.977380][ T9026] F2FS-fs (loop9): Mounted with checkpoint version = 48b305e6
[  327.078456][ T9044] device dummy0 entered promiscuous mode
[  327.131575][ T9044] device netdevsim0 entered promiscuous mode
[  327.177416][ T2935] IPv6: ADDRCONF(NETDEV_CHANGE): hsr1: link becomes ready
[  327.198371][ T4317] plantronics 0003:047F:FFFF.0012: No inputs registered, leaving
[  327.277588][ T4317] plantronics 0003:047F:FFFF.0012: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.8-1/input0
[  327.369445][    T9] kworker/u4:0: attempt to access beyond end of device
[  327.369445][    T9] loop9: rw=2049, sector=40960, nr_sectors = 16 limit=40427
[  327.393127][ T9035] loop1: detected capacity change from 0 to 32768
[  327.495808][ T4317] usb 9-1: USB disconnect, device number 6
[  327.544421][ T9035] XFS (loop1): Mounting V5 Filesystem
[  327.825079][ T9051] fido_id[9051]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.8/usb9/report_descriptor': No such file or directory
[  327.847419][ T9035] XFS (loop1): Ending clean mount
[  327.912125][ T9035] XFS (loop1): Quotacheck needed: Please wait.
[  328.204448][ T9035] XFS (loop1): Quotacheck: Done.
[  328.583554][ T4270] XFS (loop1): Unmounting Filesystem
[  328.983564][ T9086] loop5: detected capacity change from 0 to 4096
[  329.314084][ T9086] ntfs3: loop5: failed to convert "0080" to cp852
[  329.377432][ T9086] ntfs3: loop5: failed to convert name for inode 1e.
[  329.565016][ T9093] loop9: detected capacity change from 0 to 4095
[  329.949133][ T9082] loop8: detected capacity change from 0 to 32768
[  330.116232][ T9082] JBD2: Ignoring recovery information on journal
[  330.234879][ T9082] ocfs2: Mounting device (7,8) on (node local, slot 0) with ordered data mode.
[  330.574861][ T9121] loop9: detected capacity change from 0 to 128
[  330.742635][ T9121] EXT4-fs (loop9): mounted filesystem without journal. Quota mode: none.
[  330.793430][ T9121] ext4 filesystem being mounted at /26/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038-01-19 (0x7fffffff)
[  330.900634][ T7772] ocfs2: Unmounting device (7,8) on (node local)
[  331.379434][ T8272] EXT4-fs (loop9): unmounting filesystem.
[  331.437006][  T951] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  331.667413][  T951] usb 2-1: Using ep0 maxpacket: 16
[  331.675243][  T951] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  331.738218][  T951] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00
[  331.767866][  T951] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  331.820095][  T951] usb 2-1: config 0 descriptor??
[  332.262153][  T951] mcp2221 0003:04D8:00DD.0013: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.1-1/input0
[  332.663363][  T951] usb 2-1: USB disconnect, device number 12
[  332.839638][ T9179] loop8: detected capacity change from 0 to 128
[  332.859636][ T9182] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1487'.
[  332.898330][ T9182] netlink: 'syz.2.1487': attribute type 29 has an invalid length.
[  332.907833][ T9182] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1487'.
[  332.956065][ T9179] hpfs: filesystem error: invalid number of hotfixes: 2066844986, used: 2066844985; already mounted read-only
[  332.970438][ T9179] hpfs: filesystem error: improperly stopped
[  332.976504][ T9179] hpfs: filesystem error: warning: spare dnodes used, try chkdsk
[  332.985570][ T9179] hpfs: You really don't want any checks? You are crazy...
[  332.993607][ T9179] hpfs: hpfs_map_sector(): read error
[  333.027068][ T9179] hpfs: code page support is disabled
[  333.033133][ T9179] hpfs: hpfs_map_4sectors(): unaligned read
[  333.050483][ T9179] hpfs: hpfs_map_4sectors(): unaligned read
[  333.060353][ T9179] hpfs: filesystem error: unable to find root dir
[  333.194500][ T9179] hpfs: hpfs_map_4sectors(): unaligned read
[  333.236609][ T9179] hpfs: filesystem error: invalid bitmap block pointer 00000000 -> 7b3184b5 at aib
[  333.265454][ T9194] loop5: detected capacity change from 0 to 256
[  333.443954][ T9198] netlink: 176 bytes leftover after parsing attributes in process `syz.1.1492'.
[  333.779450][ T9209] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1495'.
[  333.830110][ T9209] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  334.227077][ T9219] overlayfs: failed to verify origin (/syz8, ino=367, err=-116)
[  334.250734][ T9209] batman_adv: batadv0: Removing interface: batadv_slave_1
[  334.257677][ T9219] overlayfs: failed to verify upper root origin
[  335.293085][ T4317] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  335.507002][ T4317] usb 3-1: Using ep0 maxpacket: 16
[  335.516180][ T4317] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  335.566096][ T4317] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7
[  335.601479][ T4317] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0
[  335.636002][ T4317] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0
[  335.668611][ T4317] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  335.709209][ T4317] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42
[  335.731211][ T4317] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0
[  335.747075][ T4317] usb 3-1: Manufacturer: syz
[  335.755419][ T4317] usb 3-1: config 0 descriptor??
[  336.328545][   T33] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  336.367123][ T4317] rc_core: IR keymap rc-hauppauge not found
[  336.380947][ T4317] Registered IR keymap rc-empty
[  336.416093][ T4317] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  336.477010][ T9253] loop8: detected capacity change from 0 to 40427
[  336.477552][ T4317] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  336.562918][ T4317] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0
[  336.581918][   T33] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  336.602958][ T9253] F2FS-fs (loop8): Invalid SB checksum offset: 0
[  336.610048][ T4317] input: Conexant Hybrid TV (cx231xx) MCE IR no TX (2040:b138) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input21
[  336.654990][ T4317] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  336.695903][ T9253] F2FS-fs (loop8): Can't find valid F2FS filesystem in 2th superblock
[  336.710588][ T4317] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  336.747381][ T4317] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  336.787069][ T4317] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  336.798987][ T9253] F2FS-fs (loop8): invalid crc value
[  336.828146][ T4317] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  336.828789][   T33] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  336.846444][ T4337] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  336.878205][ T4317] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  336.883275][ T9253] F2FS-fs (loop8): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[  336.956985][ T4317] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  336.987370][ T4317] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  337.041834][ T4317] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  337.095765][ T4317] mceusb 3-1:0.0: Error: mce write submit urb error = -90
[  337.098184][ T4337] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3
[  337.143807][ T4337] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  337.151994][ T4317] mceusb 3-1:0.0: Registered 424242424242 with mce emulator interface version 1
[  337.152024][ T4317] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active)
[  337.176972][ T4284] Bluetooth: hci3: command 0x0405 tx timeout
[  337.205161][ T4317] usb 3-1: USB disconnect, device number 16
[  337.212890][ T9253] F2FS-fs (loop8): Try to recover 2th superblock, ret: 0
[  337.220231][ T9253] F2FS-fs (loop8): Mounted with checkpoint version = 48b305e5
[  337.266223][   T33] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  337.290677][ T4337] usb 2-1: config 0 descriptor??
[  337.318733][ T4337] cp210x 2-1:0.0: cp210x converter detected
[  337.332643][   T27] audit: type=1800 audit(2000000083.630:18): pid=9253 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.8.1511" name="bus" dev="loop8" ino=10 res=0 errno=0
[  337.565517][ T4337] cp210x 2-1:0.0: failed to get vendor val 0x370b size 1: -71
[  337.586613][ T4337] cp210x 2-1:0.0: querying part number failed
[  337.641037][ T4337] usb 2-1: cp210x converter now attached to ttyUSB0
[  337.702876][ T4337] usb 2-1: USB disconnect, device number 13
[  337.761094][ T4337] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0
[  337.831110][ T4337] cp210x 2-1:0.0: device disconnected
[  338.017641][ T7772] syz-executor: attempt to access beyond end of device
[  338.017641][ T7772] loop8: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  338.177590][ T9299] 
[  338.180035][ T9299] =====================================================
[  338.187003][ T9299] WARNING: HARDIRQ-safe -> HARDIRQ-unsafe lock order detected
[  338.194571][ T9299] syzkaller #0 Not tainted
[  338.199026][ T9299] -----------------------------------------------------
[  338.206013][ T9299] syz.9.1523/9299 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire:
[  338.213783][ T9299] ffffffff8c80a058 (tasklist_lock){.+.+}-{2:2}, at: send_sigurg+0xec/0x3c0
[  338.222534][ T9299] 
[  338.222534][ T9299] and this task is already holding:
[  338.229931][ T9299] ffff88807c0d28b0 (&f->f_owner.lock){....}-{2:2}, at: send_sigurg+0x25/0x3c0
[  338.238875][ T9299] which would create a new lock dependency:
[  338.244827][ T9299]  (&f->f_owner.lock){....}-{2:2} -> (tasklist_lock){.+.+}-{2:2}
[  338.252646][ T9299] 
[  338.252646][ T9299] but this new dependency connects a HARDIRQ-irq-safe lock:
[  338.262131][ T9299]  (&dev->event_lock#2){-.-.}-{2:2}
[  338.262180][ T9299] 
[  338.262180][ T9299] ... which became HARDIRQ-irq-safe at:
[  338.275140][ T9299]   lock_acquire+0x1bb/0x4a0
[  338.279790][ T9299]   _raw_spin_lock_irqsave+0xb0/0x100
[  338.285204][ T9299]   input_event+0x76/0xb0
[  338.289576][ T9299]   psmouse_report_standard_packet+0x4f/0x200
[  338.295695][ T9299]   psmouse_process_byte+0x42b/0x620
[  338.301037][ T9299]   psmouse_handle_byte+0x43/0x490
[  338.306191][ T9299]   psmouse_interrupt+0x699/0x1130
[  338.311565][ T9299]   serio_interrupt+0x87/0x130
[  338.316383][ T9299]   i8042_interrupt+0x365/0x710
[  338.321294][ T9299]   __handle_irq_event_percpu+0x293/0xa50
[  338.327065][ T9299]   handle_irq_event+0x87/0x1e0
[  338.331961][ T9299]   handle_edge_irq+0x243/0xb20
[  338.337044][ T9299]   __common_interrupt+0xd7/0x1e0
[  338.342135][ T9299]   common_interrupt+0xb0/0xd0
[  338.346962][ T9299]   asm_common_interrupt+0x22/0x40
[  338.352148][ T9299]   default_idle+0xb/0x10
[  338.356537][ T9299]   default_idle_call+0x84/0xc0
[  338.361465][ T9299]   do_idle+0x20d/0x5a0
[  338.365676][ T9299]   cpu_startup_entry+0x3f/0x60
[  338.370573][ T9299]   start_secondary+0xe4/0xf0
[  338.375392][ T9299]   secondary_startup_64_no_verify+0xcf/0xdb
[  338.381520][ T9299] 
[  338.381520][ T9299] to a HARDIRQ-irq-unsafe lock:
[  338.388578][ T9299]  (tasklist_lock){.+.+}-{2:2}
[  338.388617][ T9299] 
[  338.388617][ T9299] ... which became HARDIRQ-irq-unsafe at:
[  338.401315][ T9299] ...
[  338.401326][ T9299]   lock_acquire+0x1bb/0x4a0
[  338.408659][ T9299]   _raw_read_lock+0x32/0x40
[  338.413304][ T9299]   do_wait+0x2b6/0xb60
[  338.417513][ T9299]   kernel_wait+0xd3/0x1c0
[  338.421975][ T9299]   call_usermodehelper_exec_work+0xb5/0x220
[  338.428019][ T9299]   process_one_work+0x8a2/0x1160
[  338.433090][ T9299]   worker_thread+0xaa2/0x1270
[  338.437903][ T9299]   kthread+0x29d/0x330
[  338.442258][ T9299]   ret_from_fork+0x1f/0x30
[  338.446853][ T9299] 
[  338.446853][ T9299] other info that might help us debug this:
[  338.446853][ T9299] 
[  338.457134][ T9299] Chain exists of:
[  338.457134][ T9299]   &dev->event_lock#2 --> &f->f_owner.lock --> tasklist_lock
[  338.457134][ T9299] 
[  338.470517][ T9299]  Possible interrupt unsafe locking scenario:
[  338.470517][ T9299] 
[  338.479043][ T9299]        CPU0                    CPU1
[  338.484436][ T9299]        ----                    ----
[  338.489840][ T9299]   lock(tasklist_lock);
[  338.494122][ T9299]                                local_irq_disable();
[  338.500905][ T9299]                                lock(&dev->event_lock#2);
[  338.508193][ T9299]                                lock(&f->f_owner.lock);
[  338.515265][ T9299]   <Interrupt>
[  338.518783][ T9299]     lock(&dev->event_lock#2);
[  338.523681][ T9299] 
[  338.523681][ T9299]  *** DEADLOCK ***
[  338.523681][ T9299] 
[  338.531861][ T9299] 2 locks held by syz.9.1523/9299:
[  338.537016][ T9299]  #0: ffff88802e870e80 (&u->lock){+.+.}-{2:2}, at: queue_oob+0x1de/0x4f0
[  338.545623][ T9299]  #1: ffff88807c0d28b0 (&f->f_owner.lock){....}-{2:2}, at: send_sigurg+0x25/0x3c0
[  338.554995][ T9299] 
[  338.554995][ T9299] the dependencies between HARDIRQ-irq-safe lock and the holding lock:
[  338.565439][ T9299]   -> (&dev->event_lock#2){-.-.}-{2:2} {
[  338.571265][ T9299]      IN-HARDIRQ-W at:
[  338.575452][ T9299]                         lock_acquire+0x1bb/0x4a0
[  338.582006][ T9299]                         _raw_spin_lock_irqsave+0xb0/0x100
[  338.589327][ T9299]                         input_event+0x76/0xb0
[  338.595610][ T9299]                         psmouse_report_standard_packet+0x4f/0x200
[  338.603645][ T9299]                         psmouse_process_byte+0x42b/0x620
[  338.610883][ T9299]                         psmouse_handle_byte+0x43/0x490
[  338.618029][ T9299]                         psmouse_interrupt+0x699/0x1130
[  338.625094][ T9299]                         serio_interrupt+0x87/0x130
[  338.631845][ T9299]                         i8042_interrupt+0x365/0x710
[  338.638672][ T9299]                         __handle_irq_event_percpu+0x293/0xa50
[  338.646358][ T9299]                         handle_irq_event+0x87/0x1e0
[  338.653199][ T9299]                         handle_edge_irq+0x243/0xb20
[  338.660018][ T9299]                         __common_interrupt+0xd7/0x1e0
[  338.667012][ T9299]                         common_interrupt+0xb0/0xd0
[  338.673751][ T9299]                         asm_common_interrupt+0x22/0x40
[  338.680819][ T9299]                         default_idle+0xb/0x10
[  338.687108][ T9299]                         default_idle_call+0x84/0xc0
[  338.693945][ T9299]                         do_idle+0x20d/0x5a0
[  338.700171][ T9299]                         cpu_startup_entry+0x3f/0x60
[  338.706987][ T9299]                         start_secondary+0xe4/0xf0
[  338.713808][ T9299]                         secondary_startup_64_no_verify+0xcf/0xdb
[  338.721763][ T9299]      IN-SOFTIRQ-W at:
[  338.725966][ T9299]                         lock_acquire+0x1bb/0x4a0
[  338.732526][ T9299]                         _raw_spin_lock_irqsave+0xb0/0x100
[  338.739857][ T9299]                         input_event+0x76/0xb0
[  338.746139][ T9299]                         atp_complete_geyser_3_4+0x1145/0x1d80
[  338.753856][ T9299]                         __usb_hcd_giveback_urb+0x35f/0x520
[  338.761289][ T9299]                         dummy_timer+0xbf6/0x3090
[  338.767834][ T9299]                         __hrtimer_run_queues+0x560/0xd70
[  338.775076][ T9299]                         hrtimer_run_softirq+0x183/0x2a0
[  338.782243][ T9299]                         handle_softirqs+0x2a1/0x930
[  338.789046][ T9299]                         __irq_exit_rcu+0x13b/0x230
[  338.795884][ T9299]                         irq_exit_rcu+0x5/0x20
[  338.802159][ T9299]                         sysvec_apic_timer_interrupt+0xa0/0xc0
[  338.809843][ T9299]                         asm_sysvec_apic_timer_interrupt+0x16/0x20
[  338.817888][ T9299]                         _raw_spin_unlock_irqrestore+0xbc/0x120
[  338.825643][ T9299]                         dummy_urb_enqueue+0x586/0x770
[  338.832619][ T9299]                         usb_hcd_submit_urb+0x30f/0x19c0
[  338.839771][ T9299]                         atp_open+0x5f/0xc0
[  338.845800][ T9299]                         input_open_device+0x16c/0x2e0
[  338.852789][ T9299]                         mousedev_open_device+0xc3/0x150
[  338.859947][ T9299]                         mousedev_open+0x2e5/0x4a0
[  338.866586][ T9299]                         chrdev_open+0x5c5/0x6a0
[  338.873068][ T9299]                         do_dentry_open+0x7e9/0x10d0
[  338.879880][ T9299]                         path_openat+0x2635/0x2ee0
[  338.886953][ T9299]                         do_filp_open+0x1f1/0x430
[  338.893530][ T9299]                         do_sys_openat2+0x150/0x4b0
[  338.900267][ T9299]                         __x64_sys_openat+0x135/0x160
[  338.907187][ T9299]                         do_syscall_64+0x4c/0xa0
[  338.913661][ T9299]                         entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  338.921619][ T9299]      INITIAL USE at:
[  338.925845][ T9299]                        lock_acquire+0x1bb/0x4a0
[  338.932322][ T9299]                        _raw_spin_lock_irqsave+0xb0/0x100
[  338.939660][ T9299]                        input_inject_event+0xa7/0x310
[  338.946553][ T9299]                        led_trigger_event+0x12f/0x210
[  338.953471][ T9299]                        kbd_led_trigger_activate+0xb9/0x100
[  338.960883][ T9299]                        led_trigger_set+0x50c/0x910
[  338.967630][ T9299]                        led_trigger_set_default+0x19c/0x1e0
[  338.975040][ T9299]                        led_classdev_register_ext+0x625/0x860
[  338.982626][ T9299]                        input_leds_connect+0x4e7/0x6b0
[  338.989694][ T9299]                        input_register_device+0xdfd/0x1310
[  338.997107][ T9299]                        atkbd_connect+0x6f8/0x9a0
[  339.003657][ T9299]                        serio_driver_probe+0x76/0x90
[  339.010471][ T9299]                        really_probe+0x2aa/0xc70
[  339.016934][ T9299]                        __driver_probe_device+0x18c/0x330
[  339.024171][ T9299]                        driver_probe_device+0x4f/0x420
[  339.031144][ T9299]                        __driver_attach+0x44a/0x6e0
[  339.037858][ T9299]                        bus_for_each_dev+0x182/0x1f0
[  339.044695][ T9299]                        serio_handle_event+0x29c/0x840
[  339.051691][ T9299]                        process_one_work+0x8a2/0x1160
[  339.058587][ T9299]                        worker_thread+0xaa2/0x1270
[  339.065313][ T9299]                        kthread+0x29d/0x330
[  339.071324][ T9299]                        ret_from_fork+0x1f/0x30
[  339.077725][ T9299]    }
[  339.080431][ T9299]    ... key      at: [<ffffffff96fbeba0>] input_allocate_device.__key.5+0x0/0x20
[  339.089703][ T9299]  -> (&new->fa_lock){....}-{2:2} {
[  339.095003][ T9299]     INITIAL USE at:
[  339.099155][ T9299]                      lock_acquire+0x1bb/0x4a0
[  339.105547][ T9299]                      _raw_write_lock_irq+0xab/0xf0
[  339.112363][ T9299]                      fasync_remove_entry+0xf0/0x1c0
[  339.119185][ T9299]                      lease_modify+0x1a2/0x390
[  339.125484][ T9299]                      locks_remove_file+0x52f/0xec0
[  339.132287][ T9299]                      __fput+0x188/0x920
[  339.138128][ T9299]                      task_work_run+0x1d0/0x260
[  339.144528][ T9299]                      exit_to_user_mode_loop+0xe6/0x110
[  339.151608][ T9299]                      exit_to_user_mode_prepare+0xee/0x180
[  339.158952][ T9299]                      syscall_exit_to_user_mode+0x16/0x40
[  339.166187][ T9299]                      do_syscall_64+0x58/0xa0
[  339.172384][ T9299]                      entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  339.180058][ T9299]     INITIAL READ USE at:
[  339.184501][ T9299]                           lock_acquire+0x1bb/0x4a0
[  339.191246][ T9299]                           _raw_read_lock_irqsave+0xb8/0x100
[  339.198735][ T9299]                           kill_fasync+0x18e/0x4b0
[  339.205370][ T9299]                           sock_wake_async+0x128/0x150
[  339.212361][ T9299]                           sk_wake_async+0x184/0x280
[  339.219167][ T9299]                           unix_release_sock+0x889/0xef0
[  339.226313][ T9299]                           unix_release+0x88/0xc0
[  339.232847][ T9299]                           sock_close+0xd5/0x240
[  339.239297][ T9299]                           __fput+0x22c/0x920
[  339.245485][ T9299]                           task_work_run+0x1d0/0x260
[  339.252385][ T9299]                           exit_to_user_mode_loop+0xe6/0x110
[  339.259924][ T9299]                           exit_to_user_mode_prepare+0xee/0x180
[  339.267734][ T9299]                           syscall_exit_to_user_mode+0x16/0x40
[  339.275448][ T9299]                           do_syscall_64+0x58/0xa0
[  339.282127][ T9299]                           entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  339.290333][ T9299]   }
[  339.292954][ T9299]   ... key      at: [<ffffffff96cc65a0>] fasync_insert_entry.__key+0x0/0x20
[  339.301864][ T9299]   ... acquired at:
[  339.305803][ T9299]    _raw_read_lock_irqsave+0xb8/0x100
[  339.311323][ T9299]    kill_fasync+0x18e/0x4b0
[  339.315969][ T9299]    mousedev_notify_readers+0x6eb/0xc00
[  339.321656][ T9299]    mousedev_event+0x568/0x11f0
[  339.326645][ T9299]    input_pass_values+0x9c7/0x12f0
[  339.332163][ T9299]    input_event_dispose+0x346/0x6c0
[  339.337484][ T9299]    input_inject_event+0x1f5/0x310
[  339.342767][ T9299]    evdev_write+0x35b/0x490
[  339.347453][ T9299]    vfs_write+0x2e6/0xa30
[  339.351914][ T9299]    ksys_write+0x14c/0x250
[  339.356471][ T9299]    do_syscall_64+0x4c/0xa0
[  339.361202][ T9299]    entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  339.367335][ T9299] 
[  339.369703][ T9299] -> (&f->f_owner.lock){....}-{2:2} {
[  339.375160][ T9299]    INITIAL USE at:
[  339.379099][ T9299]                    lock_acquire+0x1bb/0x4a0
[  339.385220][ T9299]                    _raw_write_lock_irq+0xab/0xf0
[  339.391781][ T9299]                    __f_setown+0x37/0x330
[  339.397629][ T9299]                    generic_setlease+0xf6a/0x1400
[  339.404168][ T9299]                    fcntl_setlease+0x262/0x330
[  339.410499][ T9299]                    do_fcntl+0x117/0x1270
[  339.416415][ T9299]                    __se_sys_fcntl+0xc9/0x190
[  339.422626][ T9299]                    do_syscall_64+0x4c/0xa0
[  339.428660][ T9299]                    entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  339.436161][ T9299]    INITIAL READ USE at:
[  339.440531][ T9299]                         lock_acquire+0x1bb/0x4a0
[  339.447081][ T9299]                         _raw_read_lock_irqsave+0xb8/0x100
[  339.454400][ T9299]                         send_sigurg+0x25/0x3c0
[  339.460823][ T9299]                         sk_send_sigurg+0x6b/0xc0
[  339.467382][ T9299]                         queue_oob+0x3ed/0x4f0
[  339.473771][ T9299]                         unix_stream_sendmsg+0x8cf/0xa70
[  339.480933][ T9299]                         ____sys_sendmsg+0x5be/0x970
[  339.487837][ T9299]                         ___sys_sendmsg+0x2a2/0x360
[  339.494561][ T9299]                         __se_sys_sendmsg+0x1bb/0x2a0
[  339.501454][ T9299]                         do_syscall_64+0x4c/0xa0
[  339.507918][ T9299]                         entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  339.515873][ T9299]  }
[  339.518407][ T9299]  ... key      at: [<ffffffff96cc5920>] __alloc_file.__key+0x0/0x10
[  339.526518][ T9299]  ... acquired at:
[  339.530348][ T9299]    _raw_read_lock_irqsave+0xb8/0x100
[  339.535851][ T9299]    send_sigio+0x2f/0x360
[  339.540323][ T9299]    kill_fasync+0x224/0x4b0
[  339.544962][ T9299]    sock_wake_async+0x128/0x150
[  339.549939][ T9299]    sk_wake_async+0x184/0x280
[  339.554738][ T9299]    unix_release_sock+0x889/0xef0
[  339.559887][ T9299]    unix_release+0x88/0xc0
[  339.564449][ T9299]    sock_close+0xd5/0x240
[  339.568987][ T9299]    __fput+0x22c/0x920
[  339.573211][ T9299]    task_work_run+0x1d0/0x260
[  339.578042][ T9299]    exit_to_user_mode_loop+0xe6/0x110
[  339.583545][ T9299]    exit_to_user_mode_prepare+0xee/0x180
[  339.589397][ T9299]    syscall_exit_to_user_mode+0x16/0x40
[  339.595079][ T9299]    do_syscall_64+0x58/0xa0
[  339.599717][ T9299]    entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  339.605827][ T9299] 
[  339.608190][ T9299] 
[  339.608190][ T9299] the dependencies between the lock to be acquired
[  339.608203][ T9299]  and HARDIRQ-irq-unsafe lock:
[  339.621777][ T9299] -> (tasklist_lock){.+.+}-{2:2} {
[  339.626956][ T9299]    HARDIRQ-ON-R at:
[  339.630969][ T9299]                     lock_acquire+0x1bb/0x4a0
[  339.637178][ T9299]                     _raw_read_lock+0x32/0x40
[  339.643367][ T9299]                     do_wait+0x2b6/0xb60
[  339.649131][ T9299]                     kernel_wait+0xd3/0x1c0
[  339.655159][ T9299]                     call_usermodehelper_exec_work+0xb5/0x220
[  339.662764][ T9299]                     process_one_work+0x8a2/0x1160
[  339.669509][ T9299]                     worker_thread+0xaa2/0x1270
[  339.675892][ T9299]                     kthread+0x29d/0x330
[  339.681666][ T9299]                     ret_from_fork+0x1f/0x30
[  339.687798][ T9299]    SOFTIRQ-ON-R at:
[  339.691826][ T9299]                     lock_acquire+0x1bb/0x4a0
[  339.698032][ T9299]                     _raw_read_lock+0x32/0x40
[  339.704222][ T9299]                     do_wait+0x2b6/0xb60
[  339.709987][ T9299]                     kernel_wait+0xd3/0x1c0
[  339.716011][ T9299]                     call_usermodehelper_exec_work+0xb5/0x220
[  339.723631][ T9299]                     process_one_work+0x8a2/0x1160
[  339.730292][ T9299]                     worker_thread+0xaa2/0x1270
[  339.736795][ T9299]                     kthread+0x29d/0x330
[  339.742545][ T9299]                     ret_from_fork+0x1f/0x30
[  339.748675][ T9299]    INITIAL USE at:
[  339.752607][ T9299]                    lock_acquire+0x1bb/0x4a0
[  339.758887][ T9299]                    _raw_write_lock_irq+0xab/0xf0
[  339.765423][ T9299]                    copy_process+0x2557/0x4030
[  339.771701][ T9299]                    kernel_clone+0x24b/0x900
[  339.777801][ T9299]                    user_mode_thread+0x10d/0x180
[  339.784344][ T9299]                    rest_init+0x23/0x300
[  339.790097][ T9299]                    start_kernel+0x0/0x53c
[  339.796135][ T9299]                    start_kernel+0x493/0x53c
[  339.802248][ T9299]                    secondary_startup_64_no_verify+0xcf/0xdb
[  339.809754][ T9299]    INITIAL READ USE at:
[  339.814126][ T9299]                         lock_acquire+0x1bb/0x4a0
[  339.820670][ T9299]                         _raw_read_lock+0x32/0x40
[  339.827312][ T9299]                         do_wait+0x2b6/0xb60
[  339.833438][ T9299]                         kernel_wait+0xd3/0x1c0
[  339.839814][ T9299]                         call_usermodehelper_exec_work+0xb5/0x220
[  339.847754][ T9299]                         process_one_work+0x8a2/0x1160
[  339.854817][ T9299]                         worker_thread+0xaa2/0x1270
[  339.861531][ T9299]                         kthread+0x29d/0x330
[  339.867636][ T9299]                         ret_from_fork+0x1f/0x30
[  339.874100][ T9299]  }
[  339.876623][ T9299]  ... key      at: [<ffffffff8c80a058>] tasklist_lock+0x18/0x40
[  339.884387][ T9299]  ... acquired at:
[  339.888216][ T9299]    _raw_read_lock+0x32/0x40
[  339.892930][ T9299]    send_sigurg+0xec/0x3c0
[  339.897479][ T9299]    sk_send_sigurg+0x6b/0xc0
[  339.902200][ T9299]    queue_oob+0x3ed/0x4f0
[  339.906664][ T9299]    unix_stream_sendmsg+0x8cf/0xa70
[  339.911988][ T9299]    ____sys_sendmsg+0x5be/0x970
[  339.916970][ T9299]    ___sys_sendmsg+0x2a2/0x360
[  339.921867][ T9299]    __sys_sendmmsg+0x2c3/0x510
[  339.926760][ T9299]    __x64_sys_sendmmsg+0x9c/0xb0
[  339.931915][ T9299]    do_syscall_64+0x4c/0xa0
[  339.936556][ T9299]    entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  339.942803][ T9299] 
[  339.945164][ T9299] 
[  339.945164][ T9299] stack backtrace:
[  339.951089][ T9299] CPU: 0 PID: 9299 Comm: syz.9.1523 Not tainted syzkaller #0
[  339.958533][ T9299] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026
[  339.968633][ T9299] Call Trace:
[  339.971949][ T9299]  <TASK>
[  339.974920][ T9299]  dump_stack_lvl+0x188/0x24e
[  339.979665][ T9299]  ? load_image+0x400/0x400
[  339.984210][ T9299]  ? show_regs_print_info+0x12/0x12
[  339.989451][ T9299]  ? load_image+0x400/0x400
[  339.994002][ T9299]  ? print_shortest_lock_dependencies+0xf0/0x160
[  340.000396][ T9299]  __lock_acquire+0x66c8/0x7d10
[  340.005347][ T9299]  ? verify_lock_unused+0x140/0x140
[  340.010621][ T9299]  ? verify_lock_unused+0x140/0x140
[  340.015898][ T9299]  lock_acquire+0x1bb/0x4a0
[  340.020557][ T9299]  ? send_sigurg+0xec/0x3c0
[  340.025127][ T9299]  ? read_lock_is_recursive+0x10/0x10
[  340.030633][ T9299]  ? do_raw_read_lock+0x39/0x80
[  340.035530][ T9299]  ? _raw_read_lock_irqsave+0xc4/0x100
[  340.041030][ T9299]  ? _raw_read_lock+0x40/0x40
[  340.045744][ T9299]  ? __lock_acquire+0x7d10/0x7d10
[  340.050818][ T9299]  ? do_raw_spin_lock+0x128/0x2f0
[  340.055888][ T9299]  _raw_read_lock+0x32/0x40
[  340.060458][ T9299]  ? send_sigurg+0xec/0x3c0
[  340.065003][ T9299]  send_sigurg+0xec/0x3c0
[  340.069378][ T9299]  sk_send_sigurg+0x6b/0xc0
[  340.073933][ T9299]  queue_oob+0x3ed/0x4f0
[  340.078223][ T9299]  ? scm_stat_add+0xc0/0xc0
[  340.082817][ T9299]  ? apparmor_socket_getpeersec_dgram+0x5/0x10
[  340.089010][ T9299]  ? security_socket_getpeersec_dgram+0x9d/0xc0
[  340.095302][ T9299]  unix_stream_sendmsg+0x8cf/0xa70
[  340.100469][ T9299]  ? __might_fault+0xa6/0x120
[  340.105192][ T9299]  ? unix_show_fdinfo+0x2c0/0x2c0
[  340.110257][ T9299]  ? tomoyo_socket_sendmsg_permission+0x1dd/0x2f0
[  340.116756][ T9299]  ? aa_sock_msg_perm+0x94/0x150
[  340.121742][ T9299]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  340.127335][ T9299]  ? security_socket_sendmsg+0x7c/0xa0
[  340.132934][ T9299]  ? unix_show_fdinfo+0x2c0/0x2c0
[  340.138019][ T9299]  ____sys_sendmsg+0x5be/0x970
[  340.142834][ T9299]  ? __sys_sendmsg_sock+0x30/0x30
[  340.147904][ T9299]  ? __import_iovec+0x315/0x500
[  340.152801][ T9299]  ? import_iovec+0x6f/0xa0
[  340.157437][ T9299]  ___sys_sendmsg+0x2a2/0x360
[  340.162172][ T9299]  ? __sched_text_start+0x8/0x8
[  340.167083][ T9299]  ? __sys_sendmsg+0x290/0x290
[  340.171925][ T9299]  __sys_sendmmsg+0x2c3/0x510
[  340.176657][ T9299]  ? __ia32_sys_sendmsg+0x80/0x80
[  340.181732][ T9299]  ? __ia32_sys_get_robust_list+0x100/0x100
[  340.187700][ T9299]  ? lockdep_hardirqs_on_prepare+0x409/0x770
[  340.193759][ T9299]  ? lock_chain_count+0x20/0x20
[  340.198691][ T9299]  __x64_sys_sendmmsg+0x9c/0xb0
[  340.203594][ T9299]  do_syscall_64+0x4c/0xa0
[  340.208082][ T9299]  ? clear_bhb_loop+0x60/0xb0
[  340.212802][ T9299]  ? clear_bhb_loop+0x60/0xb0
[  340.217520][ T9299]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  340.223551][ T9299] RIP: 0033:0x7f2230d9c799
[  340.228088][ T9299] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48
[  340.247738][ T9299] RSP: 002b:00007f2231d12028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133
[  340.256200][ T9299] RAX: ffffffffffffffda RBX: 00007f2231015fa0 RCX: 00007f2230d9c799
[  340.264299][ T9299] RDX: 0000000000000001 RSI: 00002000000001c0 RDI: 0000000000000003
[  340.272304][ T9299] RBP: 00007f2230e32bd9 R08: 0000000000000000 R09: 0000000000000000
[  340.280681][ T9299] R10: 0000000000040015 R11: 0000000000000246 R12: 0000000000000000
[  340.288729][ T9299] R13: 00007f2231016038 R14: 00007f2231015fa0 R15: 00007ffc7dbcf478
[  340.296871][ T9299]  </TASK>
[  340.300070][    C0] vkms_vblank_simulate: vblank timer overrun
[  340.670081][ T9306] loop8: detected capacity change from 0 to 1024
[  340.716117][ T9306] EXT4-fs (loop8): mounted filesystem without journal. Quota mode: writeback.
[  340.803155][ T7772] EXT4-fs (loop8): unmounting filesystem.
[  341.184943][   T33] device hsr_slave_0 left promiscuous mode
[  341.191962][   T33] device hsr_slave_1 left promiscuous mode
[  341.201403][   T33] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  341.210949][   T33] batman_adv: batadv0: Removing interface: batadv_slave_0
[  341.222189][   T33] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  341.231997][   T33] batman_adv: batadv0: Removing interface: batadv_slave_1
[  341.242306][   T33] device veth1_macvtap left promiscuous mode
[  341.251424][   T33] device veth0_macvtap left promiscuous mode
[  341.258080][   T33] device veth1_vlan left promiscuous mode
[  341.263944][   T33] device veth0_vlan left promiscuous mode
[  341.569690][   T33] team0 (unregistering): Port device team_slave_1 removed
[  341.617711][   T33] team0 (unregistering): Port device team_slave_0 removed
[  341.631068][   T33] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  341.678917][   T33] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  341.841786][   T33] bond0 (unregistering): Released all slaves
[  342.091047][    C0] vkms_vblank_simulate: vblank timer overrun
[  342.208455][    C0] vkms_vblank_simulate: vblank timer overrun