last executing test programs:

28.182127406s ago: executing program 0 (id=1089):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23}, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x8, 0x0, 0x0)
r1 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r2 = socket(0x10, 0x3, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00', <r5=>0x0})
sendmsg$ETHTOOL_MSG_LINKINFO_GET(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB='4\x00\x00', @ANYRES16=r4, @ANYBLOB="01000000005d3dac0d001b4000002000018014008870ffffffffffff7f736c6176445f31000008000100", @ANYRES32=r5, @ANYBLOB], 0x34}}, 0x0)
r6 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r6, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000000c0)=ANY=[@ANYBLOB="7c020000190001000000000000000000fe07000000000000000000", @ANYRES32=r6, @ANYRESDEC=r1, @ANYRES16=r1], 0x27c}}, 0x0)
r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0)
r9 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1080}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_ERSPAN_VER={0x5, 0x16, 0x1}, @IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_INDEX={0x8, 0x15, 0x4000000}]}}}]}, 0x4c}}, 0x0)
r10 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0)
r11 = dup(r10)
ioctl$KVM_SET_MSRS(r11, 0x4048aecb, &(0x7f0000000040)=ANY=[@ANYRES16])

27.480262755s ago: executing program 0 (id=1093):
r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10)
r1 = syz_genetlink_get_family_id$netlbl_cipso(&(0x7f0000000180), r0)
sendmsg$NLBL_CIPSOV4_C_ADD(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f00000001c0)={0x24, r1, 0x1, 0x0, 0x0, {}, [@NLBL_CIPSOV4_A_MTYPE={0x8}, @NLBL_CIPSOV4_A_DOI={0x8, 0x1, 0x1}]}, 0x24}}, 0x0)

13.2946319s ago: executing program 4 (id=1129):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
listen(r3, 0x0)

10.974489657s ago: executing program 2 (id=1131):
syz_emit_ethernet(0x42, &(0x7f0000000080)={@local, @empty, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev}, @dest_unreach={0x4, 0x0, 0x0, 0x0, 0x0, 0x0, {0x5, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2f, 0x0, @loopback}, '\x00\x00\x00\x00'}}}}}, 0x0)

10.82597786s ago: executing program 2 (id=1134):
syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000080)='./file0\x00', 0xa08886, &(0x7f0000000040)=ANY=[@ANYRES32=0x0], 0x9, 0x2a8, &(0x7f0000000500)="$eJzs3F9IU38Yx/HHPz/1Z+hGRFBQPeVNRRzcrgMdoRENjHJhCcExz2rstI2dsZqEWxB400U3/buuIEIQoosgELvoKpTwrovuvPMiu0oiOjGnudnUMnWS79fF9rDn+zl8z58dtu9g08fvXouGHSNspqS6oUqq2yUns1XilWpZkJMj10fe7zt34eLpQDDYcVa1M9Dt86tq84HR3pvDh8ZSO86/bH5dL+PeS9Mz/qnx3eN7pr93X404GnE0Fk+pqX3xeMrssy3tv+9EDdUztmU6lkZijpUs6YfteCKRUTPW39SYSFqOo2Yso1Ero6m4ppIZNa+YkZgahqFNjYKVDacfBZbvhp7Puq7MpN65bn1OXNfNv9iwidNDhc2df9ctOv93Kj0lbKKim3qDiD2UDqVDhedCPxCWiNhiSat45JvkrxH38Yg7d6nkH2/4R4KTR9++UVWvDNrZ+Xw2HaopzfvEI95CpqBQd54Kdvi0oDT/nzQW5/3ikV3l8/6y+To53FKUN8Qjk5clLrZMjB78MtU19GAhP+hTPdEVXJL/X/oXD9OzzxU6PwAAAAAAAAAArIWhP5VdvzfyA24PqGrTkn4hX+73gaXr861l1+drZW9tZfcdAAAAAIDtwskMRE3btpJ/WeS/yq/Hdv694smt3x+8v3PlMS1tNRPtH3KJrbBff1B87dkS0ygtZH71abXBNev8TlksPq3Ldqrm57f8mJO9H1+sup26X47PcsY2/q4EAAAAYCMsfuhvk2z4VTrbc+xepecEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB2s4a/HJt4WK6l+WLn03KtSu8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADASn4EAAD//xAR0Ao=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=ANY=[@ANYBLOB="2c00000068000102000000000000000000000000000000000c000200000000000002000006000300000000009b342d78ec55c29d4cf630d6d0606cf44d31d868bc2fad8f67648407c6abba1134ee09ca"], 0x2c}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000007c0)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1000001, 0x110, r3, 0xf7c01000)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32], 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x50, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x90)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5}, 0x10)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r6, 0x6, 0x1e, &(0x7f0000000400)=0x400000001, 0x4)

8.738734638s ago: executing program 1 (id=1137):
syz_mount_image$ext4(&(0x7f0000000080)='ext4\x00', &(0x7f0000000480)='./file0\x00', 0x10, &(0x7f00000000c0)={[{@grpjquota, 0x4a}, {@debug}, {@jqfmt_vfsold}, {@noquota}, {@bsdgroups}, {@nobh, 0x22}], [], 0x2c}, 0x1, 0x4c2, &(0x7f0000000980)="$eJzs3DtvHEUcAPD/rh+JSYxNeOYBMQSExcOOnWdBAwIpDRIIhEJpbCcKcRIUGymJLGwQCiXKJwBKJD4BFTQIqEC0IFqEFCE3CRRo0d7tOWff+fyIz0dyv5909uzu7M7Mzoy9M6O9ANrWQP4jidgZEb9GRF95c2mEgfKvmwuz438vzI4nkWVv/JWU4t1YmB2vRK2ct6PYGEwj0o+T2Fsn3enLV86OTU1NXiy2h2fOvTc8ffnK82fOjZ2ePD15fvT48cOHeo4dHT2yKeXszfO654ML+3afePvaq+Mnr73zw1d5frPi+PaaM/rXmUJHzZ6BGFh6L6s8tc6r/9/1VoWTzhZmhHXJW21eXV2l/t8XHXGr8vrilY9amjmgqbIsy7bV7F38XzafVUuS8gnAXSLRpaFNVf7R31jIR6qz49Xj+XZw/cUojYDyct8sPuUjnZHmY/j+8tioWR6IiJPz/3yWf2LZfAoAQDN8kz//PFd+7qh8ykfSeKgq3r3F2lB/RNwXEbsi4v7i+eXBiFLchyPikSVXn1s1/YFl27XPPz/3bLhwa5A//71QrG0tff5LK1H6O4qt3lL5u5JTZ6YmDxb3ZDC6tuXbI7WXXpxW+/blXz5dKf2Bque//JOnX3kWLPLxZ+eyCbqJsZmx2y13xfUPS1N6c7XlTxZXAvKRwe6I2LOB6+f37MwzX+6re7ByixuWv4FNWGfKvoh4ulz/87Gs/LnuIlR/fXLk2NHRI8PbY2ry4HClVdT68aerrxXBmqHE6vXfXHn937PY/su/y0cWVy77k+r12un1p3H1t09WHNNstP13J2+Wwt3FvktjMzMXRyK6k/na/aO3zr001rMkfl7+wQP1+/+uiH8/L87bGxF5I340Ih6LiP1F3h+PiCci4kCD8n//0pPv1qv7tZW/ufLyT9T9+7dS/a8/0HH2u69XSn9t9X+4FBos9kyMzdQu1y+z1gzezr0DAACAO8X+iNgZSTpUTMftjDQdGorYsTiDMj3z7KkL75+fKL8j0B9daWWmq69qPnSkmBvOt/OzRqu28+OHSvPGWZZlPaXtofELU72tLTq0vR0r9P/cH7WvtAB3m3Wto630RhtwR9r4Onq2qfkAtp73taF96f/Qvtbc/5v5JhzQEvX6/1zEzRZkBdhi9fr/Wy3IB7D1jP+hfen/0L5q+3/aknwAW+p23utvFNh1okGcpLM5ia4cSKPxtwD0R6zvgr+nEZuTw45NLWnPGup0e2xGWpGuGqezwRcxvF57w/PoW9Qk0q1tfo0D2yJilda72NjmKoErzc5Yq/8yAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAbI7/AgAA//+7BdPO")
r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x10)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0)
recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, 0x0, 0x0)
bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="9feb0100180000000000000040000000400000000200000000000000000000040400000000000000000000010500000008000000000000000000000300000000020000000200000000000000000000000000000d", @ANYRES8=r2, @ANYRES64=r0], 0x0, 0x5a}, 0x20)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000400)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x37, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x90)
mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff)
r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040), 0x200002, 0x0)
r5 = openat$cgroup_devices(r4, &(0x7f0000000080)='devices.deny\x00', 0x2, 0x0)
write$cgroup_devices(r5, &(0x7f00000000c0)=ANY=[@ANYBLOB="5c6dfb370f83d2d03ae1"], 0x5)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x0, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fc00100}]})
openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0)
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r6, 0xc0502100, &(0x7f0000000680)={<r7=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r6, 0xc0182101, &(0x7f0000000200)={r7})
ioctl$SECCOMP_IOCTL_NOTIF_RECV(r6, 0xc0502100, &(0x7f0000000300)={<r8=>0x0})
ioctl$SECCOMP_IOCTL_NOTIF_SEND(r6, 0xc0182101, &(0x7f0000000280)={r8})
bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)

8.672061323s ago: executing program 4 (id=1138):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23}, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x8, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00', <r4=>0x0})
sendmsg$ETHTOOL_MSG_LINKINFO_GET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000005d3dac0d001b4000002000018014008870ffffffffffff7f736c6176445f31000008000100", @ANYRES32=r4, @ANYBLOB], 0x34}}, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1080}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_ERSPAN_VER={0x5, 0x16, 0x1}, @IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_INDEX={0x8, 0x15, 0x4000000}]}}}]}, 0x4c}}, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
r10 = dup(r9)
ioctl$KVM_SET_MSRS(r10, 0x4048aecb, &(0x7f0000000040)=ANY=[@ANYRES16])

8.567892812s ago: executing program 2 (id=1140):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000001a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
writev(r1, &(0x7f0000000440)=[{0x0}], 0x1)

7.41146436s ago: executing program 1 (id=1142):
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x4048aec9, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000}, {0x0, 0x0, 0x1, 0x47}]})
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[], 0x38}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="020100090e000000030000000000000405000600000000000a0000000000000400000000000000000000002100000000000100000000000002000100010000000000010200fd000005000500000000000a"], 0x70}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0)

7.342259736s ago: executing program 3 (id=1143):
fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7)
r0 = getpid()
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4)
r3 = socket$netlink(0x10, 0x3, 0x0)
sendmsg$nl_generic(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x14, 0x3a, 0x229, 0x0, 0x0, {0xa}}, 0x14}}, 0x0)
mkdir(0x0, 0x0)
r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
fadvise64(r4, 0x8, 0x2, 0x2)
syz_init_net_socket$bt_l2cap(0x1f, 0x0, 0x3)
prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, 0x0)
r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f0000000100))
r6 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0)
ioctl$BINDER_WRITE_READ(r6, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0})
ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, &(0x7f0000000540)={0x18, 0x0, &(0x7f0000000480)=[@request_death, @decrefs], 0x0, 0x0, 0x0})

7.272255912s ago: executing program 4 (id=1144):
bpf$MAP_CREATE(0x0, 0x0, 0x0)
syz_mount_image$exfat(&(0x7f00000000c0), &(0x7f00000002c0)='./file0\x00', 0x121008e, &(0x7f0000000100)=ANY=[@ANYBLOB='discard,errors=continue,utf8,errovs=remount-ro,fmask=00000000000000000000777,namecase=1,iocharset=iso8859-1,allow_utime=00000000000000000107424,\x00'], 0x2, 0x151e, &(0x7f0000001a40)="$eJzs3Am4jtXXMPC19t43h6QnyZS99rp5kmGTJBmSZEiSJEnmhCRJkpA4ZEpCEjInmUMyhWSep8xJ8pckSUhIsr9Lw+f91/u/6vv+vZ/3e8/6Xdd9nb3O86z1rPtZ5zr38FznfN1+YKU6lcvXYmb4t+AvX1IBIAUA+gDAVQAQAUDxLMWzXHw8g8bUf+9FxN/rwSmXuwNxOcn80zaZf9om80/bZP5pm8w/bZP5p20y/7RN5i9EWrZlas6rZUu726/3/1NA7v+nQXL8T9tk/mmbzD9tk/mnbTL/tE3mn7bJ/NM2mX/aJvMXIi37W+4jp/+12L98jvr/+XOG396qy93Hn2zR/1Xe5fvJE0IIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgiRlpwNlxgA+G19ufsSQgghhBBCCCHE3yekv9wdCCGEEEIIIYQQ4r8eAhgNBiJIB+khBTJARrgCMsGVkBmuggRcDVngGsgK10I2yA45ICfkgusgN1ggcMAQQx7IC0m4HvLBDZAfCkBBKAQeCkMRuBGKwk1QDG6G4nALlIBboSSUgtJQBm6DsnA7lIM7oDzcCRWgIlSCynAXVMG7oSrcA9XgXqgO90ENuB9qwgNQCx6E2vAQ1IGHoS7Ug/rQABpCI2j8+3z4K/nPQ2d4AbpAV0iFbtAdXoQe0BN6QW/oAy9BX3gZ+sEr0B8GwEB4FQbBazAYXochMBSGwRswHEbASBgFo2EMjIU3YRy8BePhbZgAE2ESTIYpMBWmwTswHWbATHgXZsF7MBvmwFyYB/PhfVgAC2ERfACL4UNYAkthGSyHFbASVsFqWANrYR2shw2wETbBZtgCH8FW2AbbYQfshF2wGz6GPfAJ7IVPYR989n+Yf+Z3+R0QEFChQoMG02E6TMEUzIgZMRNmwsyYGROYwCyYBbNiVsyG2TAH5sBcmAtzY24kJGRkzIN5MIlJzIf5MD/mx4JYED16LIJFsCjehMWwGBbH4lgCS2BJLIWlsAyWwbJYFsthOSx/6xwArICVsBLehXfh3VgVq2I1rIbVsTrWwBpYE2tiLayFtbE21sE6WBfrYn2sjw2xITbGxtgEm2BTbIrNsTm2wBbYEltiK2yFrbE1tsE22BbbYjtsh+2xPXbAjtgRn8fn8QV8AbtiBdUNu2N37IE9sBf2xt74EvbFl/FlfAX74wAciK/iq/gaDsbTOASH4jAchmXVCByJo5DVGByLY3EcjsPxOB4n4ESciJNxCk7FaTgNp+MMnIHv4ix8D9/DOTgH5+F8nI8LcCEuwkW4GM/gElyKy3A5rgDAFbga1+BqXIfrcR1uxI24GTfjR/gRbsNtuAN34C7chR/jx/gJfoL9sR4A7Mf9eAAP4EE8iIfwEB7Gw3gEj+BRPIrH8BgexxN4Ek/gKTyFp/EMnsWzeA7P4Xl8NteXtXcVWNsf1EVGGZVOpVMpKkVlVBlVJpVJZVaZVUIlVBaVRWVVWVU2lU3lUDlULpVL5Va5FSlSrGKVR+VRSZVU+VQ+lV/lVwVVQdVNeVVEFVFFVVFVTBVTxdUtqoS6VZVUpVQzX0aVUWVVc19O3aHKq/KqgqqoKqnKqrKqoqqoqqqqqqaqqeqquqqh7lc1VTfshQ+qi5OpowZgXTUQ66sGqqFqpF7DR1QTNRibqmaquXpMDcUh2FI18a3Uk6q1Golt1NNqFD6j2qkx2F49pzqojqqTel51Vk19F9VVTcBuqruajD1UT9VL9VbTsaK6OLFK6hXVXw1QA9Wrah6+pgar19UQNVQNU2+o4WqEGqlGqdFqjBqr3lTj1FtqvHpbTVAT1SQ1WU1RU9U09Y6armaomepdNUu9p2arOWqumqfmq/fVArVQLVIfqMXqQ7VELVXL1HK1Qq1Uq9RqtUatVevUerVBbVSb1Ga1RX2ktqptarvaoXaqXWq3+ljtUZ+ovepTtU99pvarf6gD6nN1UH2hDqkv1WH1lTqivlZH1TfqmOqqjqsT6qT6Tp1S36vT6ow6q35Q59SP6rz6SV1QQYFGrbTWRkc6nU6vU3QGnVFfoTPpK3VmfZVO6Kt1Fn2Nzqqv1dl0dp1D59S59HU6t7aatNOsY51H59VJfb3Op2/Q+XUBXVAX0l4X1kX0jbqovkkX0zfr4voWXULfqkvqUrq0LqNv02X17bqcvkOX13fqCrqirqQr67t0FX23rqrv0dX0vbq6vk/X0PfrmvoBXUs/qGvrh3Qd/bCuq+vp+rqBbqgb6cb6Ed1EP6qb6ma6uX5Mt9CP65b6Cd1KP6lb66d0G/20bquf0e30s7q9fk530B11J/2TvqCD7qK76lTdTXfXL+oe+uKxsLfuo1/SffXLup9+RffXA/RA/aoepF/Tg/XreogeqofpN/RwPUKP1KP0aD1Gj9Vv6nH6LT1ev60n6Il6kp6sp+iputevlWb+hfy3fssP+MshWU/V/VL76wGpm/UW/ZHeqrfp7XqH3ql36d16t96j9+i9eq/ep/fp/Xq/PqAP6IP6oD6kD+nD+rA+oo/oo/qoPqaP6eP6hP5Bf6dP6e/1aX1Gn9E/6HP6nD7/63sABo0y2hgTmXQmvUkxGUxGc4XJZK40mRUAmKtNFnONyWquNdlMdpPD5DS5zHUmt7GGjDNsYpPH5DVJc73JZ24w+U0BU9AUMt4UNkXMjSbxb+b/c3/6t/6WT/rlnTKNTWPTxDQxTU1T09w0Ny1MC9PStDStTCvT2rQ2bUwb09a0Ne1MO9PetDcdTAfTyXQynU1n0wXBpJpU0928aHqYnqaX6W36mJdMX9PX9DP9TH/T3ww0A80gM8gMNoPNEDPEDDPDzHAz3Iw0I81oM9qMNWPNODPOjDfjzQQzwUwyk8wUM8VMM9PMdDPdzDQzzSwzy8w2s81cM9fMN/PNArPALDKLzGKz2CwxS81Ss9wsNyvNSrParDZrzVqz3qw3G81Gs8RsMVvMVrPVbDfbzU6z0+w2u80es8fsNXvNPrPP7Df7zQFzwBw0B80hc8gcNofNEXPEHDVHzTFzzBw3x81Jc9KcMqfMaXPanDVnzTlzzpw3580Fc+HiaV+kIhWZyETponRRSpQSZYwyRpmiTFHmKHOUiBJRlihLlDW6NsoWZY9yRDmjXNF1Ue7IRhS5iKM4yhPljZLR9VG+6IYof1QgKhgVinxUOCoS3RgVjW6KikU3R8WjW6IS0a1RyahUVDoqE90WlY1uj8pFd0TlozujClHFqFJUOborqhLdHVWN7omqRfdG1aP7ohrR/VHN6IGoVvRgVDt6KKoTPRzVjepF9aMGUcOoUdT476qPF+uHcDr7o76L7WrTQzfb3b5oe9ietpftbfvYl2xf+7LtZ1+x/e0AOzDlVTvIvmYH29ftEDvUDrNv2OF2hB1pR9nRdowda9+04+xbdrx9206wE+0kO9lOsVPtNPuOnW5n2Jn2XTvLvmdn2zl2rp1n59v37QK70C6yH9jF9kO7xC61y+xyu8KutKvsarvGrrXr7Hq7wW60m+xmu8V+ZLfabXa73WF32l12t/3Y7rGf2L32U7vPfmb323/YA/Zze9B+YQ/ZL+1h+5U9Yr+2R+039pj91h63J+xJ+509Zb+3p+0Ze9b+YM/ZH+15+5O9YMPFk/uLh3cyZCgdpaMUSqGMlJEyUSbKTJkpQQnKQlkoK2WlbJSNclAOykW5KDflpouYmPJQHkpSkvJRPspP+akgFSRPnopQESpKRakYFaPiVJxKUAkqSSWpNJWm2+g2up1upzvoDrqT7qSKVJEqU2WqQlWoKlWlalSNqlN1qkE1qCbVpFpUi2pTbapDdagu1aX6VJ8aUkNqTI2pCTWhptSUmlNzakEtqCW1pFbUilpTa2pDbagttaV21I7aU3vqQB2oE3WiztSZulAXSqVU6k7dqQf1oF7Ui/pQH+pLfakf9aP+1J8G0kAaRINoMA2mITSUhtEbNJxG0EgaRaNpDI2lsTSOxtF4Gk8TaAJNokk0habQNJpG02k6zaSZNItm0WyaTXNpLs2n+bSAFtAiWkSLaTEtoSW0jJbRClpBq2gVraE1tI7W0QbaQJtoE22hLbSVttJ22k47aSftpt20h/bQXtpL+2gf7af9dIAOUAocpEN0iA7TYTpCR+goHaVjdIyO03E6SSfpFJ2i03SaztJZOkc/0nn6iS5QoBSXwWV0V7hM7kqX2V3lfh/ncDldLnedy+2sy+ay/1NMzrn8roAr6Ao57wq7Iu7GP8QlXSlX2pVxt7my7nZX7g9xFXe3q+rucdXcva6yu+uf4uruPlfDPexqunqulmvgartGro572NV19Vx918A1dI1cC/e4a+mecK3ck661e+oP8QK30K1xa906t97tcZ+4s+4Hd8R97c65H10X19X1cS+5vu5l18+94vq7AX+Ih7k33HA3wo10o9xoN+YP8SQ32U1xU900946b7mb8IZ7v3nez3CI3281xc928n+OLPS1yH7jF7kO3xC11y9xyt8KtdKvc6v/d63K30W1ym91u97Hb6ra57W6H2+l2/Rxf3I+97lO3z33mDruv3AH3uTvojrpD7suf44v7d9R94465b91xd8KddN+5U+57d9qd+Xn/L+77d+4nd8EFB4ysWLPhiNNxek7hDJyRr+BMfCVn5qs4wVdzFr6Gs/K1nI2zcw7Oybn4Os7NlokdM8ech/Nykq/nfHwD5+cCXJALsefCXIRv5KJ8Exfjm7k438Il+FYuyaW4NJfh27gs387l+A4uz3dyBa7Ilbgy38VV+G6uyvdwNb6Xq/N9XIPv55r8ANfiB7k2P8R1+GGuy/W4PjfghtyIG/Mj3IQf5abcjJvzY9yCH+eW/AS34ie5NT/FbfhpbsvPcDt+ltvzc9yBO3Infp478wvchbtyKnfj7vwi9+Ce3It7cx9+qQIAcD9+hfvzAB7Ir/Igfo0H8+s8hIfyMH6Dh/MIHsmjeDSP4bH8Jo/jt3g8v80TeCJP4sk8hafyNH6Hp/MMnsnv8ix+j2fzHJ7L83g+v88LeCEv4g94MX/IS3gpL+PlvIJX8ipeHdID8Dpezxt4I2/izbyFP+KtvI2Rd/BO3sW7+WPew5/wXv6U9/FnvJ8RD/DnfJC/4EP8JR/mr/gIf81H+Rs+xt/ycT7BJ/k7PsXf82k+w2f5Bz7HP/J5/okvcGCIMVaxjk0cxeni9HFKnCHOGF8RZ4qvjDPHV8WJ+Oo4S3xNnDW+Ns4WZ49zxDnjXPF1ce7YxhS7mOM4zhPnjZPx9XG++IY4f1wgLhgXin1cOC4S3xgXjW+Ki8U3x8XjW+IS8a1xybhU/PC9ZeLb4rLx7XG5+I64fHxnXCGuGFeKK8d3xVXiu+Oq8T1xtfjeuFh8X1wjvj+uGT8Q14ofjGvHD8V14ofjunG9uH7cIG4YN4obx4/ETeJH46Zxs7h5/FjcIn48bhk/EbeKn4xbx0/96eOpcbe4e/xi/GIcwj16bnJecn7y/eSC5MLkouQHycXJD5NLkkuTy5LLkyuSK5OrkquTa5Jrk+uS65MbkhuTm5KbkyFUTg8evfLaGx/5dD69T/EZfEZ/hc/kr/SZ/VU+4a/2Wfw1Pqu/1mfz2X0On9Pn8tf53N568s6zj30en9cn/fU+n7/B5/cFfEFfyHtf2BfxjXxj39g38Y/6pr6Zb+4f84/5x/3j/gn/hH/St/ZP+Tb+ad/WP+Pb+Wf9s/4538F39J38876zf8F38V19qk/13X1338P38L18L9/H9/F9fV/fz/fz/X1/P9AP9IP8ID/YD/ZD/BA/zA/zw/1wP9KP9KPDaD/Wj/Xj/Dg/3o/3E/wEP8lP8lP8FD/NT/PT/XQ/08/0s/LP8rP9bD/Xz/Xz/Xy/wC/wi/wiv9gv9kv8Er/ML/Mr/Aq/yq/ya/wav86v8xv8Br/Jb/Jb/Ba/1W/12/12v9Pv9Lv9br/H7/F7/V6/z+/z+/3+s8Ef8Af9F/6Q/9If9l/5I/5rf9R/44/5b/1xf8Kf9N/5U/57f9qf8Wf9D/6c/9Gf9z/5Cz74sYk3E+MSbyXGJ95OTEhMTExKTE5MSUxNTEu8k5iemJGYmUCYlXgvMTsxJzE3MS8xP/F+YkFiYWJR4oPE4sSHiSWJpYllieWJFYmViRCu2xqHPCFvSIbrQ75wQ8gfCoSCoVDwoXAoEm4MRcNNoVi4ORQPt4QS4dZQMpQKpUO9UD80CA1Do9A4PBKahEdD09AsNA+PhRbh8dAyPBFahSdD6/BUaBOeDm3DM6FdeDa0D8+FDqFj6BSeD53DC6FL6BpSQ7fQPbwYeoSeoVfoHfqEl0Lf8HLoF14J/cOAMDC8GgaF18Lg8HoYEoaGYeGNMDyMCCPDqDA6jAljw5thXHgrjA9vhwlhYpgUJocpYWqYFt4J08OMMDO8G2aF98LsMCfMDfPC/PB+WBAWhkXhg7A4fBiWhKVhWVgeIGVlWBVWhzVhbVgX1ocNYWPYFDaHLeGjsDVsC9vDjrAz7Aq7w8dhT/gk7A2fhn3hs7A//CMcCJ+Hg+GLcCh8GQ6Hr8KR8HU4Gr4Jx8K34Xg4EU6G78Kp8H04Hc6Es+GHcC78GM6Hn8IF+Zs1IYQQQoi/RP/J493+k++pX7eLugPAldtyHvp9zQ3Zfln3VLlaJADgya7tH/z1043UChVSU1N/fe4SDVHeOQCQuJSfDi7FS6E5PA6toBkU/U/766k6nuNf6/+2/b5+8haAjP8hJwUuxZfq3/Qv6o+Y9af15wDkz3spJwNcii/VL/Yv6mdv8if1M3w+FqDpf8jJBJfiS/WLwKPwFLT6s4H+Yv9fepYQQgghhBBCiP8xeqrSbf/s+vbi9XkucyknPVyK/+z6/Gd/7ZpUCCGEEEIIIYQQ/0We6djpiUdatWrW9nItAC7nq8viryzS/fdo43/YQv/3aONfLS73byYhhBBCCCHE3+3SSf/l7kQIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhEi7/l/8O7HLvY9CCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCGEEEIIIYQQQgghhBBCCCHE5fa/AgAA//9K5iJb")
openat(0xffffffffffffff9c, 0x0, 0x0, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce)
r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0)
ioctl$F2FS_IOC_FLUSH_DEVICE(0xffffffffffffffff, 0x4008f50a, &(0x7f0000000040)={0xb22, 0x6})
read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8)
munmap(&(0x7f0000ffc000/0x4000)=nil, 0x4000)
mprotect(&(0x7f0000ff2000/0xe000)=nil, 0xe000, 0x4)
openat(0xffffffffffffffff, 0x0, 0x202000, 0x0)
r1 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0)
ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000180)={{}, 'syz1\x00', 0x50})
ioctl$UI_DEV_CREATE(r1, 0x5501)
readv(r1, 0x0, 0x0)
write$input_event(r1, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f)

7.098466917s ago: executing program 1 (id=1145):
r0 = socket$nl_route(0x10, 0x3, 0x0)
r1 = socket$nl_generic(0x10, 0x3, 0x10)
ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', <r2=>0x0})
sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000780)=@newlink={0x28, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r2}, [@IFLA_VFINFO_LIST={0x8, 0x16, 0x0, 0x1, [{0x4}]}]}, 0x28}}, 0x0)

6.292162556s ago: executing program 3 (id=1146):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
r0 = getpid()
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x0, 0x0, 0x8}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018", @ANYRES32=r1, @ANYBLOB], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r2}, 0x10)
sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="240000006800b9f900000000000000000a000000000000000805ffffff00000004000b00"], 0x24}}, 0x0)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x2)
syz_mount_image$ext4(&(0x7f00000004c0)='ext4\x00', &(0x7f0000000500)='./bus\x00', 0x0, &(0x7f0000000240), 0x21, 0x4a6, &(0x7f0000000a40)="$eJzs3cFPG9kZAPBvBgiEkEDaHNqqbdI0bVpFscFJUJRTemlVRZGqRj31kFBwEMLGCJs00BzI/1CpkXpq/4QeKvVQKae97233tpfsYaXsbrSrsNIevJqxIYRgYDcES/j3k55m3jzj7z2sec98gF8APetcRKxFxLGIuBcRo+3rSbvEzVbJHvfyxaPp9RePppNoNu98luTt2bXY8jWZE+3nHIqIP/4u4i/Jm3HrK6vzU5VKealdLzaqi8X6yurluerUbHm2vFAqTU5Mjl+/cq10YGM9W/3P89/O3frT///3k2fvr/36b1m3RtptW8dxkFpDH9iMk+mPiFvvIlgX9LXHc6zbHeE7SSPiexFxPr//R6MvfzUBgKOs2RyN5ujWOgBw1KV5DixJC+1cwEikaaHQyuGdieG0Uqs3Lt2vLS/MtHJlYzGQ3p+rlMfbucKxGEiy+kR+/qpe2la/EhGnI+Lvg8fzemG6Vpnp5hsfAOhhJ7at/18OttZ/AOCIG+p2BwCAQ2f9B4DeY/0HgN5j/QeA3mP9B4DeY/0HgN5j/QeAnvKH27ez0lxvf/71zIOV5fnag8sz5fp8obo8XZiuLS0WZmu12fwze6p7PV+lVlucuBrLD4uNcr1RrK+s3q3Wlhcad/PP9b5bHjiUUQEAuzl99umHSUSs3Tiel9iyl4O1Go62tNsdALqmr9sdALrGbl/Qu/yMD+ywRe9rOv6J0JOD7wtwOC7+UP4fepX8P/Qu+X/oXfL/0LuazcSe/wDQY+T4Ab//BwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgG9vJC9JWmjvBT4SaVooRJyMiLEYSO7PVcrjEXEqIj4YHBjM6hPd7jQA8JbST5L2/l8XRy+MbG89lnw1mB8j4q//vPOPh1ONxtJEdv3zzeuNJ+3rpW70HwDYy8Y6vbGOb3j54tH0RjnM/jz/TWtz0Szueru0WvqjPz8OxUBEDH+RtOst2fuVvgOIv/Y4In6w0/iTPDcy1t75dHv8LPbJQ42fvhY/zdtax+x78f0D6Av0mqfZ/HNzp/svjXP5cef7fyifod7exvy3/sb8l27Of30d5r9z+41x9b3fd2x7HPGj/p3iJ5vxkw7xL+wz/kc//un5Tm3Nf0VcjJ3jb41VbFQXi/WV1ctz1anZ8mx5oVSanJgcv37lWqmY56iLG5nqN31649Kp3cY/3CH+0B7j/8U+x//vr+/9+We7xP/Vz3d+/c/sEj9bE3+5z/hTw//tuH13Fn+mw/j3ev0v7TP+s49XZ/b5UADgENRXVuenKpXykhMnTpxsnnR7ZgLetVc3fbd7AgAAAAAAAAAAAAAAdHIY/07U7TECAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABwdH0TAAD//yyP2UE=")
sched_setscheduler(0x0, 0x1, 0x0)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r3=>0xffffffffffffffff, <r4=>0xffffffffffffffff})
sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2)
connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0)
recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
syz_mount_image$fuse(0x0, &(0x7f00000016c0)='./bus\x00', 0x0, 0x0, 0x0, 0x0, 0x0)
sendmmsg$inet(r4, &(0x7f0000000300)=[{{&(0x7f00000001c0)={0x2, 0x4e24, @multicast2}, 0x10, &(0x7f00000002c0), 0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="1c000e000000000000000000080000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB], 0xd8}}], 0x1, 0xc1)
mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./bus/file0\x00', 0x0)
setxattr(&(0x7f0000000340)='./bus/file0\x00', &(0x7f0000000400)=@known='security.apparmor\x00', &(0x7f00000003c0)='overlay\x00', 0xe407, 0x0)
rmdir(&(0x7f0000000000)='./bus/file0\x00')
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, &(0x7f00000009c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000180)='kfree\x00', r5}, 0x10)
getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x15, &(0x7f0000000080)={@local}, &(0x7f0000000280)=0x14)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0)
r6 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00')
writev(r6, &(0x7f0000000100)=[{&(0x7f0000000300)='5', 0x1}], 0x1)

6.227052361s ago: executing program 1 (id=1147):
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0)
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1801000000000000000000000000ea04850000005000000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000040)='sched_switch\x00', r0}, 0x10)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x90)
socketpair(0x1e, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, <r3=>0xffffffffffffffff})
listen(r3, 0x0)

6.205033543s ago: executing program 0 (id=1094):
r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="18010000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000140)={&(0x7f0000000180)='tlb_flush\x00', r0}, 0x10)
r1 = getpid()
process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0)
prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0)
move_pages(0x0, 0x2064, &(0x7f0000000040)=[&(0x7f0000ff9000/0x2000)=nil], &(0x7f0000001180), &(0x7f0000000000), 0x0)

4.757819026s ago: executing program 4 (id=1148):
r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0)
r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0)
r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0)
ioctl$KVM_TRANSLATE(r2, 0xc018ae85, &(0x7f0000000040)={0x0, 0x1000})

4.70377161s ago: executing program 2 (id=1149):
syz_mount_image$vfat(&(0x7f0000000200), &(0x7f0000000080)='./file0\x00', 0xa08886, &(0x7f0000000040)=ANY=[@ANYRES32=0x0], 0x9, 0x2a8, &(0x7f0000000500)="$eJzs3F9IU38Yx/HHPz/1Z+hGRFBQPeVNRRzcrgMdoRENjHJhCcExz2rstI2dsZqEWxB400U3/buuIEIQoosgELvoKpTwrovuvPMiu0oiOjGnudnUMnWS79fF9rDn+zl8z58dtu9g08fvXouGHSNspqS6oUqq2yUns1XilWpZkJMj10fe7zt34eLpQDDYcVa1M9Dt86tq84HR3pvDh8ZSO86/bH5dL+PeS9Mz/qnx3eN7pr93X404GnE0Fk+pqX3xeMrssy3tv+9EDdUztmU6lkZijpUs6YfteCKRUTPW39SYSFqOo2Yso1Ero6m4ppIZNa+YkZgahqFNjYKVDacfBZbvhp7Puq7MpN65bn1OXNfNv9iwidNDhc2df9ctOv93Kj0lbKKim3qDiD2UDqVDhedCPxCWiNhiSat45JvkrxH38Yg7d6nkH2/4R4KTR9++UVWvDNrZ+Xw2HaopzfvEI95CpqBQd54Kdvi0oDT/nzQW5/3ikV3l8/6y+To53FKUN8Qjk5clLrZMjB78MtU19GAhP+hTPdEVXJL/X/oXD9OzzxU6PwAAAAAAAAAArIWhP5VdvzfyA24PqGrTkn4hX+73gaXr861l1+drZW9tZfcdAAAAAIDtwskMRE3btpJ/WeS/yq/Hdv694smt3x+8v3PlMS1tNRPtH3KJrbBff1B87dkS0ygtZH71abXBNev8TlksPq3Ldqrm57f8mJO9H1+sup26X47PcsY2/q4EAAAAYCMsfuhvk2z4VTrbc+xepecEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAMB2s4a/HJt4WK6l+WLn03KtSu8jAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADASn4EAAD//xAR0Ao=")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8a}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0xfff, 0x7}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000020850000007000000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r3 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000580)=ANY=[@ANYBLOB="2c00000068000102000000000000000000000000000000000c000200000000000002000006000300000000009b342d78ec55c29d4cf630d6d0606cf44d31d868bc2fad8f67648407c6abba1134ee09ca"], 0x2c}}, 0x0)
bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x18, &(0x7f00000007c0)=ANY=[], &(0x7f0000000600)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
mmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x1000001, 0x110, r3, 0xf7c01000)
bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000", @ANYRES32], 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x50, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x90)
r4 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1, 0x4, 0xfff, 0x5}, 0x48)
bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x3f, &(0x7f0000000440)=ANY=[@ANYBLOB="1801000000000020000000000000000018190000", @ANYRES32=r4, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000024"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r5}, 0x10)
r6 = socket$inet6_tcp(0xa, 0x1, 0x0)
setsockopt$inet6_tcp_int(r6, 0x6, 0x1e, &(0x7f0000000400)=0x400000001, 0x4)

4.70351272s ago: executing program 0 (id=1150):
r0 = dup(0xffffffffffffffff)
read$FUSE(r0, &(0x7f0000000a00)={0x2020}, 0x2020)
ioctl$VIDIOC_S_CTRL(r0, 0xc008561c, &(0x7f0000000000)={0xf0f046})

4.376326198s ago: executing program 0 (id=1151):
r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x141141, 0x0)
ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2})
r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0)
close(r1)
socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0))
ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @link_local})
write$cgroup_subtree(r0, &(0x7f0000000440)=ANY=[@ANYBLOB="8fedcb5d07081175f37538e486dd"], 0xfdef)

3.635192201s ago: executing program 4 (id=1152):
ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0)
r0 = socket(0x2a, 0x2, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000680)=@newqdisc={0x24}, 0x24}}, 0x0)
getsockname$packet(r0, &(0x7f0000000200)={0x11, 0x0, <r1=>0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000540)=@newqdisc={0x2c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}}, 0x0)
sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=@newtfilter={0x50, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r1, {}, {}, {0x2}}, [@filter_kind_options=@f_flow={{0x9}, {0x20, 0x2, [@TCA_FLOW_EMATCHES={0x1c, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x4}}, @TCA_EMATCH_TREE_LIST={0x10, 0x2, 0x0, 0x1, [@TCF_EM_META={0xc, 0x1}]}]}]}}]}, 0x50}}, 0x0)
r2 = socket$netlink(0x10, 0x3, 0x0)
sendmmsg(r2, &(0x7f00000002c0), 0x40000000000009f, 0x0)
socket(0x10, 0x3, 0x0)

3.634680171s ago: executing program 2 (id=1153):
r0 = socket$inet(0x2, 0x4000000000000001, 0x0)
bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e23}, 0x10)
socket$inet_tcp(0x2, 0x1, 0x0)
sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000040)={0x2, 0x4e23}, 0x10)
setsockopt$sock_int(r0, 0x1, 0x8, 0x0, 0x0)
openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0)
r1 = socket(0x10, 0x3, 0x0)
r2 = socket$nl_generic(0x10, 0x3, 0x10)
r3 = syz_genetlink_get_family_id$ethtool(&(0x7f00000004c0), 0xffffffffffffffff)
ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f00000001c0)={'batadv_slave_1\x00', <r4=>0x0})
sendmsg$ETHTOOL_MSG_LINKINFO_GET(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="01000000005d3dac0d001b4000002000018014008870ffffffffffff7f736c6176445f31000008000100", @ANYRES32=r4, @ANYBLOB], 0x34}}, 0x0)
r5 = socket$nl_xfrm(0x10, 0x3, 0x6)
sendmsg$nl_xfrm(r5, &(0x7f0000000080)={0x0, 0x0, 0x0}, 0x0)
r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0)
r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0)
r8 = socket$nl_route(0x10, 0x3, 0x0)
sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=@newlink={0x4c, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x1080}, [@IFLA_LINKINFO={0x2c, 0x12, 0x0, 0x1, @ip6erspan={{0xe}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_ERSPAN_VER={0x5, 0x16, 0x1}, @IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_ERSPAN_INDEX={0x8, 0x15, 0x4000000}]}}}]}, 0x4c}}, 0x0)
r9 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0)
r10 = dup(r9)
ioctl$KVM_SET_MSRS(r10, 0x4048aecb, &(0x7f0000000040)=ANY=[@ANYRES16])

3.395494751s ago: executing program 3 (id=1154):
ioctl$KVM_SET_PIT(0xffffffffffffffff, 0x4048aec9, &(0x7f0000000080)={[{}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000}, {0x0, 0x0, 0x1, 0x47}]})
r0 = socket$key(0xf, 0x3, 0x2)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={0x0}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[], 0x38}}, 0x0)
sendmsg$key(0xffffffffffffffff, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="020100090e000000030000000000000405000600000000000a0000000000000400000000000000000000002100000000000100000000000002000100010000000000010200fd000005000500000000000a"], 0x70}}, 0x0)
sendmmsg(r0, &(0x7f0000000180), 0x3ef, 0x0)

3.240846174s ago: executing program 1 (id=1155):
socket$nl_netfilter(0x10, 0x3, 0xc)
socket$nl_netfilter(0x10, 0x3, 0xc)
open(&(0x7f00009e1000)='./file0\x00', 0x8060, 0x0)
ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0)
r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0)
ioctl$VHOST_SET_VRING_BASE(r0, 0xaf01, 0x0)
r1 = eventfd(0x0)
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f00000002c0)=""/138, 0x0})
ioctl$VHOST_SET_LOG_FD(r0, 0x4004af07, &(0x7f0000000240)=r1)
socket$nl_route(0x10, 0x3, 0x0)
pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x1fffffffffff, 0x0, 0x0, 0x0, 0x3}, 0x0, &(0x7f0000000140)={0x1ff}, 0x0, 0x0)
ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000040)={0x1, r1})
ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000000c0)=""/87, &(0x7f0000000600)=""/81})
ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000900))
ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f0000000140)={0x1, r1})
ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f0000000000)=0x20000)

3.240283124s ago: executing program 3 (id=1156):
syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f00000000c0)='./file2\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0000000000000000617474722c616374697665c72c6191138918655f2c6f67733d342c9b756f74082c66b2d1c46f4b2a3d159dce99edb2a4ea6173670000000000dbb374615f666c7573682c70726a6a71756f74613d2d7b2c6a7166748dba745fe3616368652c66611d229b3547dadba6d8f9bfb74f705a8b2786d610d1f2335eb1dbbc87d1b7692ffe82e508d80bdcf88ebdd5523426b8a12703418316731cf8b17ccf39330769e5a4a505efbc7f3c5c2d958ffa4d22b0e082b7d907739b8adf1841440857364bd0ce880b4e382a53b6db010b536c4453c83641a4dbf3d147b6a4cced9500000000000000a9842380695333b8de7b86b28ca33d0553231dae70b0939ae315df79727bd626461089d02408b11aedcbf812b43ce60900"/297], 0x1, 0x54f9, &(0x7f000000ab40)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYogbSQBqiB3FJCBBEeB4WIRJE8thX0fZIZxoIfMwgO80YaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgS3fVenFz9fu6bc5u306e2QAAAADnbKv1on4yS/2vzf3vza2fTb+IiDIizq3dR/HpJHPU5FSvvL56MYbbiDrh8BmT5voSEX+a6+FH198CAAAAXK7NcjVPq/X0MBt6QPQpFW3Kb38z5RURUc3uM6WVh7xfmcLq3/c4/mdKqwtY00xhqeQ2zpX2LvXf/Vi1mz5ritSUb78/29wBAIAejU6aflchAAAA9Onf0ANgGEU8bWUetwInqWm29z6f9AAAAIAPqBh6AAAAAEDn6vW/8/8AAADgsqXz/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjStlovNsvVvG3Obt9OntkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI/szzsKhEAYhMHe9Z3J3P+w0qCpqUkVCB9/YzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvPndX/5PTI0zydxrY+l5JFk7NbZOjb1z4+gP4+vXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcLE/LykQAkEQBXPG/076/oeVBD2DCBHQ8KiiFg0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABf9Ltf/k9MjTPJ3Glj6XgkWbtqbF019h40jh6Mt38DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcLFzP69xVHEAwN/M7GxtVVyj7CEiCh70Yrfb2tqbeFCCB/8EIaTbGrv1R5uDLUXIxZvknIvoUURQ4i3/Q84J5BJvOewhgmdlZmeSyQ9w/dGZTfL5wJv33WGY932zEPKd9xIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNLo3YM4yQ6dcRwX5zb3Hi9k/daRPrO+sj2btSyO6kz6dHi5+iHqNpcIAAAA50dS1vchhJ10bS7r405e/6flNVnN/92z47is54/W/WVf1v5Z+/WX3Rf3B+qMx8luentxOLhyPJXWk5vldHvub69o5U8+f/eS5F9I/MHyC6M0f57RNxsb77Xz8EId2QIA/8blsi+C8vehrO83mRgA50arUniX9X/SaTYnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDqMlsPTZRyFEGZbB3Fma+/xwkn9+sr2bNlurK6uVO+Z3SINIdxeHA6u1DiXaffg4aO788Ph4H79wSshhKZGf6eY/t2PJrg4hEaej+B/CuLiy56WfE5H0OAPJQAAzqS0aFldv5OuzWXnopkQ/vz+cP3/eiUOE9b/ux/f2KyOVa3/+7XNcPr1lu593nvw8NGbi/fm7wzuDD5962r/7f61m9ev3+zl70p63pgAAADw37SLVq3/45nj6/+XKnGYsP7/4tv+V9WxEvX/iQ4W/ZrOBAAA4Hx7/tU/fo9OOB+12+HL+aWl+/3xcf/z1fGxgVT/sQtFq9b/yUzTWQEAAAB1GC1Hh9b/b1XiMOH6/zM/vPRT9Z5JCOFisf5/eeGz4a36pjPV6vhz4qbnCAAAQLMuFq26/p/m+//j/S0PcQjhjdfGcfFvACeq/5P3v/6xOlZ1//+1+qY4leLu+HnkfTeEVrfpjAAAADjLnipaVuz/lq7NffLzpQ/b9v8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1O2vAAAA//+END5e")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
inotify_init1(0x80000)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000008000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x20000004, 0x1001, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x48)
madvise(&(0x7f0000e3a000/0x2000)=nil, 0x2000, 0x17)
madvise(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x8)
syz_clone3(&(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000740)=[0xffffffffffffffff], 0x1}, 0x58)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}})
syz_io_uring_setup(0x46a8, &(0x7f0000000000)={0x0, 0x0, 0x4}, &(0x7f0000000100), &(0x7f0000000140))
seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0})
rt_sigaction(0x19, &(0x7f0000000000)={0xfffffffffffffffc, 0xdc000007, 0x0}, 0x0, 0x8, &(0x7f0000000040))
unshare(0x22020400)
socket$unix(0x1, 0x1, 0x0)

1.778060299s ago: executing program 1 (id=1157):
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000340)={<r0=>0xffffffffffffffff})
r1 = socket$nl_generic(0x10, 0x3, 0x10)
r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff)
sendmsg$NL80211_CMD_START_AP(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r2], 0x24}}, 0x0)
syz_usb_connect(0x0, 0x41, &(0x7f0000000040)=ANY=[@ANYBLOB="12010000e518a708ac0501859d200000690109022f00010000000009040004000e010008152403"], 0x0)
socket$inet_icmp(0x2, 0x2, 0x1)
sendmsg$ETHTOOL_MSG_COALESCE_SET(0xffffffffffffffff, 0x0, 0x0)
write(0xffffffffffffffff, 0x0, 0x0)
bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x10, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="170100000000b2000500000000000000850000007b00000095"], &(0x7f0000000140)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80)
socket$inet6(0xa, 0x80001, 0x0)
setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x2a, 0x0, 0x0)
r3 = socket$nl_generic(0x10, 0x3, 0x10)
r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff)
ioctl$EXT4_IOC_CLEAR_ES_CACHE(r3, 0x6628)
r5 = socket$unix(0x1, 0x5, 0x0)
ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000000)={'wlan0\x00', <r6=>0x0})
write(0xffffffffffffffff, &(0x7f0000000000)="fc0000001a000708ab092500090007000aab0700a90100001d60519321000180fe800000000000000000ffff00039815fa2c1ec28656aaa79bb94b46fe000000bc00030005000000140000270400117c22ebc205214000000000008935d0730206001720d7d5bbc91a3e3280775e9ddefd5a32e280fc83ab820d9473decc9204d287f605f7029ddef2fe082038f4f8b29d3ef3d92c83170c5bba4a46d284a710af", 0xa1)
syz_genetlink_get_family_id$tipc(&(0x7f0000000080), 0xffffffffffffffff)
r7 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x5, 0x1, 0x40, 0x40, 0x41}, 0x48)
bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080), &(0x7f0000000180), 0x1003, r7}, 0x38)
sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r4, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0)
r8 = socket$nl_generic(0x10, 0x3, 0x10)
r9 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000f80), 0xffffffffffffffff)
ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000300)={'wlan0\x00', <r10=>0x0})
sendmsg$NL80211_CMD_NEW_STATION(r8, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000001040)={&(0x7f0000000000)={0x44, r9, 0xb97534d5fe9704cf, 0x0, 0x0, {{}, {@val={0x8, 0x3, r10}, @void}}, [@NL80211_ATTR_STA_SUPPORTED_RATES={0x4}, @NL80211_ATTR_MAC={0xa, 0x6, @device_b}, @NL80211_ATTR_STA_AID={0x6, 0x10, 0x580}, @NL80211_ATTR_STA_LISTEN_INTERVAL={0x6}, @NL80211_ATTR_STA_SUPPORTED_CHANNELS={0x6, 0xbd, [0x0]}]}, 0x44}}, 0x0)

1.572319856s ago: executing program 3 (id=1158):
r0 = socket$netlink(0x10, 0x3, 0x0)
recvmmsg(r0, &(0x7f0000006d80), 0x0, 0x2101, 0x0)
sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000001000070100dd21200100005b91325b38", @ANYRES32=0x0, @ANYBLOB="000000000080000008001b00000000000500100005"], 0x30}}, 0x0)
sendmsg$nl_route(r0, 0x0, 0x0)

118.03465ms ago: executing program 4 (id=1159):
r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0)
syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000001a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0})
r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0)
writev(r1, &(0x7f0000000440)=[{0x0}, {0x0}], 0x2)

117.5624ms ago: executing program 2 (id=1160):
r0 = bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x3, 0x4, &(0x7f0000000740)=ANY=[@ANYBLOB="8500000011000000350000000000000085000000070000009500000000000000f4670880271e3503200ffa95b2c8c037c5a142c9a8d76287066c51adde96fcc309926fa397fabd5f9810e81ae03737136ea6f7be39cd34d5ae35de38dd5a1163a35c79949c00a7c09cc28d7673294f42a5f0a8321313822c45c0f8612c10b100000000b0d3712c7e93363af3c075ff1e23166a32d95433bb755a2dd576090c4877a7b6393e366c6386d5ec7209d031f40f3012e9176e51a7f578602f5807785b92a544fc46c744ae6af3e4195cc037102124d85cec074c6949e1298901ebb395000000000000977e82f5fe47fe5f17f9ab800f4104dbffff0000000000005c6d5d224b64be6c4d0400ef21eb7e46f9aa4a9779f8555eaea768c1f2c221c410ef4b253d110ee282ab94de930a060000846be6277c04b4c50000000000000063ffffdc8dcba00bfbffffffc45b0c01887b5efabf84960ba0e3c4c00356ffebfb19a34268335648e1f822de328c10752a42dca52fb98c1452b6518a6ef7297f7b2744706d27ed0b05b1b9555f419a2f238f173d0cc56dafc7ac5500f53e7309ec91d83cf408000000000000001a4d8c60ff000000b78863e629b3b200000000000000000000000000008b00000000449c810d3174c87ee545867a3126af7a8b20744ea9875b9cba935b9594aa904e5ac04bb2c3dfa8ea63e3e7000860000000004a2147c1128c697d9966b3c9f0e9e203911a3fac929a4fc6e625247510bc24e20ad88d4fe6a3ae6c4aae83352106057ab9cd4b3442a5d10451b95e22f30a85f5681ca3000000000000e1e682ec6c5f73983a000000000396e7b6e1aa007018f6d93e79fce95d405b809238cca421c800800000fa978bee51f581d124216e8bd9b1855f77138e438bdc037865f0db98c068be4c6155ec27365410866019475714844a3ea4cbe37e0000000000ef6dc4bd63bb928ff58b3bd2a646a89d172a884dcdb8b9f905e72ce1a66f08d9b385a8cfb52cbe2c0b160159202d4f37c496a8d2dab79d4242a353917ebdf2dc7926d80260898d4e1cd57f7b913a31a36f5d2a666537f920a9588a712be006c85db574e951fb65c103024d3c169e3b791e12b3c9905e0810f7ce80fa133c8af5ea4edbcd54e5a01b74f9dc015f5b7811cd7627993dd965e56b2d666f722bc26e3f62b2163756d68ef7318d3a1b910000bd9145909eaf13492dcb2867a2979efe0b61627dd96f8e0400000000000000fb9b190c3cf040549a1bbe7ca6adce2dec7c40c628e90b30cc8d8c0b3c6c95e21c7ff037166302e6984285eabb1ae5f553e3b54e804b9d8107c026d6f0817f5f65acd608191c2abce2f1ca3869757201b3f7e8d0b5b9697aac79cd2fb8dea8c761fab4871cea4bccdb2416cd6c3e41d14d0ecfa8ec47e7153d3cd682d99fb255fb9ed12bf785612c2049a4d2116da6f3d3d90376cdc4128fcf5b2a7e3e57e6d8a8ebe5b35352ab25b20ccda777a024f7e80e82dd691d4b75f55fd529ff5a31fcee1fa7b1fa997815238deb2d5a9517b8fee39152fb7ec435353163664162a460a51857acbf5a5db47a1e220bcf356450d1ab3dd99ddf39bf7db13752b391969d9c1097379f6ca23c4ceb47e0f2e4c688777f44d065e3ea83152af906f5c2f7092889e82ffce9fa63b14a111c3428d604909205156f9a287d0c12b92bf0"], &(0x7f0000000140)='GPL\x00', 0x0, 0xe0, &(0x7f0000000180)=""/153, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffc1a}, 0x15)
bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={r0, 0xfffff002, 0xe, 0x0, &(0x7f00000000c0)="61df712bc884fed5722780b6c2a7", 0x0, 0x8000, 0x0, 0x0, 0x0, &(0x7f0000000000), 0x0}, 0x50)

208.3µs ago: executing program 0 (id=1161):
syz_mount_image$f2fs(&(0x7f0000000040), &(0x7f00000000c0)='./file2\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="0000000000000000617474722c616374697665c72c6191138918655f2c6f67733d342c9b756f74082c66b2d1c46f4b2a3d159dce99edb2a4ea6173670000000000dbb374615f666c7573682c70726a6a71756f74613d2d7b2c6a7166748dba745fe3616368652c66611d229b3547dadba6d8f9bfb74f705a8b2786d610d1f2335eb1dbbc87d1b7692ffe82e508d80bdcf88ebdd5523426b8a12703418316731cf8b17ccf39330769e5a4a505efbc7f3c5c2d958ffa4d22b0e082b7d907739b8adf1841440857364bd0ce880b4e382a53b6db010b536c4453c83641a4dbf3d147b6a4cced9500000000000000a9842380695333b8de7b86b28ca33d0553231dae70b0939ae315df79727bd626461089d02408b11aedcbf812b43ce60900"/297], 0x1, 0x54f9, &(0x7f000000ab40)="$eJzs3E1rY9UbAPAn7XTe//Mv4sLdXBiEFiZh0nlBd6PO4At2KKMuXGmapCEzSW5p0rR25cKluPCbiIIrl34GF67diQvFnaDknlud+gJC08ZOfz+4ee45OXnuc8Iw8NxbEsCptZj9/GMlrsSFiJiPiMsRxXmlPAp3U3guIq5GxNwTR6Wc/33ibERcjIgrk+QpZ6V869Pr42u3f3jjp6++OXfm0mdffju7XQOz9nxE9DfT+U4/xbyT4qNyvjHuFrF/a1zG9Eb/cTnOU9xprxcZdhr76xpFvNlJ6/PN7eEkbvQazUnsdDeK+c1BuuBw3NnPU3zgUWOrGLfa60XsDvMidvZSXbt76f+2veEo5WmV+T4o0sdotB/TfHu3nfaz+biIzcGonE9581Z7dxLHZSwvF8281yrqWD/MN/3f9mZ3sL2bjdtbw24+yG7X6i/U6neq9a281R61b1Ub/dadW9lSpzdZVh21G/27nTzv9Nq1Zt5fzpY6zWa1Xs+W7rXXu41BVq/XbtZuVG8vl2fXs1cfvJP1WtnSJL7cHWyPur1htpFvZekTy9lK7eaLy9m1evbW6lq29vD+/dW1t9+79+6Dl1Zff6Vc9JeysqWVGysr1fqN6kp9+RTt/6Oy6CnuHw6lMusCAE4e/T8wC0fX/289jDj6/j/0/1Nxovrf097/H8H+4VD0/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAp9Z3C5+/VpwspvGlcv5/5dQz5bgSEXMR8evfmI+zB3LOl3kW/mH9wp9q+LoSRYbJNc6Vx8WIuFsev/z/qL8FAAAAeHp98eHVT1K3nl4WZ10QxyndtJm7/P6U8lUiYmHx+yllm5u8PDulZMW/7zOxO6VsxQ2s81NKlm65nZlWtn9l/kA4/0SopDB3rOUAAADH4mAncLxdCAAAAMfp41kXwGxUYv9R5v6z4OIv7/94IHjhwAgAAAA4gSqzLgAAAAA4ckX/7/f/AAAA4OmWfv8PAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAfmPnfm4TB6I4AD8bvLD/tGi1921lb1DGlrDHPUYUkCYogbSQBqiB3FJCBBEeB4WIRJE8thX0fZIZxoIfMwgO80YaAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACgS3fVenFz9fu6bc5u306e2QAAAADnbKv1on4yS/2vzf3vza2fTb+IiDIizq3dR/HpJHPU5FSvvL56MYbbiDrh8BmT5voSEX+a6+FH198CAAAAXK7NcjVPq/X0MBt6QPQpFW3Kb38z5RURUc3uM6WVh7xfmcLq3/c4/mdKqwtY00xhqeQ2zpX2LvXf/Vi1mz5ritSUb78/29wBAIAejU6aflchAAAA9Onf0ANgGEU8bWUetwInqWm29z6f9AAAAIAPqBh6AAAAAEDn6vW/8/8AAADgsqXz/wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAOjStlovNsvVvG3Obt9OntkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAI/szzsKhEAYhMHe9Z3J3P+w0qCpqUkVCB9/YzAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAvPndX/5PTI0zydxrY+l5JFk7NbZOjb1z4+gP4+vXAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcLE/LykQAkEQBXPG/076/oeVBD2DCBHQ8KiiFg0AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABf9Ltf/k9MjTPJ3Glj6XgkWbtqbF019h40jh6Mt38DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAcLFzP69xVHEAwN/M7GxtVVyj7CEiCh70Yrfb2tqbeFCCB/8EIaTbGrv1R5uDLUXIxZvknIvoUURQ4i3/Q84J5BJvOewhgmdlZmeSyQ9w/dGZTfL5wJv33WGY932zEPKd9xIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgNLo3YM4yQ6dcRwX5zb3Hi9k/daRPrO+sj2btSyO6kz6dHi5+iHqNpcIAAAA50dS1vchhJ10bS7r405e/6flNVnN/92z47is54/W/WVf1v5Z+/WX3Rf3B+qMx8luentxOLhyPJXWk5vldHvub69o5U8+f/eS5F9I/MHyC6M0f57RNxsb77Xz8EId2QIA/8blsi+C8vehrO83mRgA50arUniX9X/SaTYnAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAgDqMlsPTZRyFEGZbB3Fma+/xwkn9+sr2bNlurK6uVO+Z3SINIdxeHA6u1DiXaffg4aO788Ph4H79wSshhKZGf6eY/t2PJrg4hEaej+B/CuLiy56WfE5H0OAPJQAAzqS0aFldv5OuzWXnopkQ/vz+cP3/eiUOE9b/ux/f2KyOVa3/+7XNcPr1lu593nvw8NGbi/fm7wzuDD5962r/7f61m9ev3+zl70p63pgAAADw37SLVq3/45nj6/+XKnGYsP7/4tv+V9WxEvX/iQ4W/ZrOBAAA4Hx7/tU/fo9OOB+12+HL+aWl+/3xcf/z1fGxgVT/sQtFq9b/yUzTWQEAAAB1GC1Hh9b/b1XiMOH6/zM/vPRT9Z5JCOFisf5/eeGz4a36pjPV6vhz4qbnCAAAQLMuFq26/p/m+//j/S0PcQjhjdfGcfFvACeq/5P3v/6xOlZ1//+1+qY4leLu+HnkfTeEVrfpjAAAADjLnipaVuz/lq7NffLzpQ/b9v8DAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA1O2vAAAA//+END5e")
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r0 = getpid()
sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2)
sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r1=>0xffffffffffffffff, <r2=>0xffffffffffffffff})
connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0)
recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0)
r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48)
r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000008000850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000740)={&(0x7f00000006c0)='sched_switch\x00', r4}, 0x10)
mount(0x0, 0x0, 0x0, 0x0, 0x0)
bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x20000004, 0x1001, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0xffffffff}, 0x48)
madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe)
madvise(&(0x7f0000e3a000/0x2000)=nil, 0x2000, 0x17)
madvise(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x8)
syz_clone3(&(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000740)=[0xffffffffffffffff], 0x1}, 0x58)
ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}})
syz_io_uring_setup(0x46a8, &(0x7f0000000000)={0x0, 0x0, 0x4}, &(0x7f0000000100), &(0x7f0000000140))

0s ago: executing program 3 (id=1162):
socket$kcm(0x10, 0x400000002, 0x0)
r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000001afc180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000002000000b703000000090000850000000400000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x15, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90)
prlimit64(0x0, 0xe, &(0x7f0000000140)={0x88, 0x8b}, 0x0)
sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7)
r1 = getpid()
sched_setscheduler(r1, 0x2, &(0x7f0000000040)=0x3)
mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee6, 0x8031, 0xffffffffffffffff, 0x0)
socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={<r2=>0xffffffffffffffff, <r3=>0xffffffffffffffff})
connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e)
sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0)
bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10)
r4 = socket$kcm(0x10, 0x2, 0x0)
sendmsg$kcm(r4, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000300)="2e00000010008188040f80ec59acbc0413a181003f000000000100000010001f0e0027000f00000000800200121f", 0x2e}], 0x1}, 0x0)

kernel console output (not intermixed with test programs):

625] usb 1-1: config 246 has 1 interface, different from the descriptor's value: 42
[  171.623733][ T3625] usb 1-1: config 246 interface 0 altsetting 0 has an invalid endpoint with address 0x3F, skipping
[  171.648005][ T3625] usb 1-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  171.661804][ T3625] usb 1-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  171.689481][   T22] mxuport 5-1:0.0: mxuport_send_ctrl_data_urb - usb_control_msg failed (-71)
[  171.723116][   T22] mxuport 5-1:0.0: mxuport_send_ctrl_data_urb - usb_control_msg failed (-71)
[  171.733527][   T22] mxuport: probe of 5-1:0.0 failed with error -71
[  171.745037][   T22] usb 5-1: USB disconnect, device number 8
[  171.752795][ T3625] usb 1-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  171.770854][ T3625] usb 1-1: config 246 descriptor has 1 excess byte, ignoring
[  171.780380][ T3625] usb 1-1: config 246 has 1 interface, different from the descriptor's value: 42
[  171.790494][ T3625] usb 1-1: config 246 interface 0 altsetting 0 has an invalid endpoint with address 0x3F, skipping
[  171.801847][ T3625] usb 1-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  171.816519][ T3625] usb 1-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  171.983959][ T3680] usb 2-1: new high-speed USB device number 7 using dummy_hcd
[  172.098038][ T3625] usb 1-1: string descriptor 0 read error: -22
[  172.109356][ T3625] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  172.124590][ T3625] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  172.184148][ T3625] adutux 1-1:246.0: interrupt endpoints not found
[  172.266765][ T5282] netlink: 92 bytes leftover after parsing attributes in process `syz.4.436'.
[  172.392882][ T4165] usb 1-1: USB disconnect, device number 13
[  172.542884][ T3680] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  172.556949][ T3680] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  172.573962][ T3680] usb 2-1: Product: syz
[  172.582934][ T3680] usb 2-1: Manufacturer: syz
[  172.585825][ T5286] program syz.4.439 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  172.592054][ T3680] usb 2-1: SerialNumber: syz
[  172.617848][ T3680] usb 2-1: config 0 descriptor??
[  172.873383][ T5290] input: syz0 as /devices/virtual/input/input5
[  173.233285][   T26] audit: type=1326 audit(1724356040.640:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5297 comm="syz.2.443" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8373f79e79 code=0x0
[  173.282598][ T3683] usb 1-1: new high-speed USB device number 14 using dummy_hcd
[  173.532657][ T3683] usb 1-1: Using ep0 maxpacket: 8
[  173.623682][ T3680] usb 2-1: Firmware version (0.0) predates our first public release.
[  173.637231][ T3680] usb 2-1: Please update to version 0.2 or newer
[  173.652866][ T3683] usb 1-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  173.762858][   T22] usb 4-1: new high-speed USB device number 11 using dummy_hcd
[  173.972883][   T22] usb 4-1: device descriptor read/64, error -71
[  174.245240][ T3683] usb 1-1: config 246 descriptor has 1 excess byte, ignoring
[  174.252764][ T3683] usb 1-1: config 246 has 1 interface, different from the descriptor's value: 42
[  174.261918][ T3683] usb 1-1: config 246 interface 0 altsetting 0 has an invalid endpoint with address 0x3F, skipping
[  174.272695][ T3683] usb 1-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  174.282661][   T22] usb 4-1: new high-speed USB device number 12 using dummy_hcd
[  174.291862][ T3680] usb 2-1: USB disconnect, device number 7
[  174.302588][ T3683] usb 1-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  174.492718][   T22] usb 4-1: device descriptor read/64, error -71
[  174.492921][ T3683] usb 1-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  174.514065][ T3683] usb 1-1: config 246 descriptor has 1 excess byte, ignoring
[  174.527889][ T3683] usb 1-1: config 246 has 1 interface, different from the descriptor's value: 42
[  174.543976][ T3683] usb 1-1: config 246 interface 0 altsetting 0 has an invalid endpoint with address 0x3F, skipping
[  174.561560][ T3683] usb 1-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  174.574805][ T3683] usb 1-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  174.622806][   T22] usb usb4-port1: attempt power cycle
[  174.672866][ T3683] usb 1-1: config 246 has too many interfaces: 42, using maximum allowed: 32
[  174.681840][ T3683] usb 1-1: config 246 descriptor has 1 excess byte, ignoring
[  174.695692][ T3683] usb 1-1: config 246 has 1 interface, different from the descriptor's value: 42
[  174.707662][ T3683] usb 1-1: config 246 interface 0 altsetting 0 has an invalid endpoint with address 0x3F, skipping
[  174.728391][ T3683] usb 1-1: config 246 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7
[  174.756298][ T3683] usb 1-1: config 246 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  174.771514][ T5321] binder: 5319:5321 ioctl c0306201 0 returned -14
[  174.789131][ T5321] binder: 5319:5321 ioctl 4018620d 0 returned -22
[  175.012754][ T3683] usb 1-1: string descriptor 0 read error: -22
[  175.019405][ T3683] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e
[  175.030546][ T3683] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  175.052866][   T22] usb 4-1: new high-speed USB device number 13 using dummy_hcd
[  175.073956][ T3683] adutux 1-1:246.0: interrupt endpoints not found
[  175.152831][   T22] usb 4-1: device descriptor read/8, error -71
[  175.282427][ T3680] usb 1-1: USB disconnect, device number 14
[  175.425730][   T22] usb 4-1: new high-speed USB device number 14 using dummy_hcd
[  175.522668][   T22] usb 4-1: device descriptor read/8, error -71
[  175.654679][   T22] usb usb4-port1: unable to enumerate USB device
[  175.732988][ T3644] Bluetooth: hci3: command 0x0406 tx timeout
[  175.739298][ T3644] Bluetooth: hci4: command 0x0406 tx timeout
[  175.745712][ T3651] Bluetooth: hci1: command 0x0406 tx timeout
[  176.390940][ T5347] team0: Port device team_slave_1 removed
[  176.432091][ T5350] bond0: up delay (5) is not a multiple of miimon (4), value rounded to 4 ms
[  176.451072][ T5347] device team_slave_0 entered promiscuous mode
[  176.472599][   T22] usb 1-1: new high-speed USB device number 15 using dummy_hcd
[  176.482357][ T5347] team0: Port device team_slave_0 removed
[  176.492047][ T5350] netlink: 'syz.3.463': attribute type 10 has an invalid length.
[  176.503016][ T5350] bridge0: port 2(bridge_slave_1) entered disabled state
[  176.512165][ T5350] bridge0: port 1(bridge_slave_0) entered disabled state
[  176.559639][ T5350] bridge0: port 2(bridge_slave_1) entered blocking state
[  176.566854][ T5350] bridge0: port 2(bridge_slave_1) entered forwarding state
[  176.574308][ T5350] bridge0: port 1(bridge_slave_0) entered blocking state
[  176.581435][ T5350] bridge0: port 1(bridge_slave_0) entered forwarding state
[  176.648473][ T5350] bond0: (slave bridge0): Enslaving as an active interface with an up link
[  176.693847][ T3721] bond0: (slave bridge0): link status definitely up, 0 Mbps full duplex
[  176.803719][ T5356] binder: 5352:5356 ioctl c0306201 0 returned -14
[  176.825028][ T5356] binder: 5352:5356 ioctl 4018620d 0 returned -22
[  177.029780][ T5345] loop1: detected capacity change from 0 to 40427
[  177.042841][   T22] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  177.081788][ T5345] F2FS-fs (loop1): Found nat_bits in checkpoint
[  177.087490][   T22] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  177.112955][   T22] usb 1-1: Product: syz
[  177.128054][   T22] usb 1-1: Manufacturer: syz
[  177.137846][   T22] usb 1-1: SerialNumber: syz
[  177.151904][   T22] usb 1-1: config 0 descriptor??
[  177.170233][ T5345] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  177.421160][ T5358] loop3: detected capacity change from 0 to 40427
[  177.434462][ T5358] F2FS-fs (loop3): Invalid SB checksum offset: 0
[  177.441127][ T5358] F2FS-fs (loop3): Can't find valid F2FS filesystem in 2th superblock
[  177.994169][ T5358] F2FS-fs (loop3): Disable nat_bits due to incorrect cp_ver (10241045589465957861, 585327988383614437)
[  178.170519][ T5358] F2FS-fs (loop3): Try to recover 2th superblock, ret: 0
[  178.191647][ T5358] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  178.522794][   T22] usb 1-1: Firmware version (0.0) predates our first public release.
[  178.530928][   T22] usb 1-1: Please update to version 0.2 or newer
[  178.663575][ T5384] syz.3.466: attempt to access beyond end of device
[  178.663575][ T5384] loop3: rw=2049, sector=53248, nr_sectors = 8 limit=40427
[  179.083751][   T22] usb 1-1: USB disconnect, device number 15
[  179.409903][ T3641] syz-executor: attempt to access beyond end of device
[  179.409903][ T3641] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  179.630900][ T5397] loop0: detected capacity change from 0 to 128
[  179.792590][ T3625] usb 5-1: new high-speed USB device number 9 using dummy_hcd
[  179.952646][ T4165] usb 3-1: new high-speed USB device number 10 using dummy_hcd
[  180.062798][ T3625] usb 5-1: Using ep0 maxpacket: 16
[  180.092689][ T4161] usb 4-1: new high-speed USB device number 15 using dummy_hcd
[  180.182769][ T3625] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0
[  180.192614][ T4165] usb 3-1: Using ep0 maxpacket: 8
[  180.283047][ T4161] usb 4-1: device descriptor read/64, error -71
[  180.308075][ T5405] loop1: detected capacity change from 0 to 128
[  180.323087][ T3625] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1
[  180.340006][ T3625] usb 5-1: New USB device strings: Mfr=1, Product=0, SerialNumber=14
[  180.348699][ T3625] usb 5-1: Manufacturer: syz
[  180.353823][ T3625] usb 5-1: SerialNumber: syz
[  180.360674][ T3625] usb 5-1: config 0 descriptor??
[  180.400479][ T5407] loop1: detected capacity change from 0 to 128
[  180.410314][ T3625] em28xx 5-1:0.0: New device syz  @ 480 Mbps (2040:0264, interface 0, class 0)
[  180.419603][ T3625] em28xx 5-1:0.0: DVB interface 0 found: bulk
[  180.429958][ T5407] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[  180.446242][ T5407] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  180.458052][ T5407] ext2 filesystem being mounted at /93/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[  180.472829][ T4165] usb 3-1: New USB device found, idVendor=052b, idProduct=1803, bcdDevice=28.77
[  180.502809][ T4165] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  180.511027][ T4165] usb 3-1: Product: syz
[  180.515611][ T4165] usb 3-1: Manufacturer: syz
[  180.520321][ T4165] usb 3-1: SerialNumber: syz
[  180.540924][ T4165] usb 3-1: config 0 descriptor??
[  180.566947][ T3639] EXT4-fs (loop1): unmounting filesystem.
[  180.572765][ T4161] usb 4-1: new high-speed USB device number 16 using dummy_hcd
[  180.588639][ T4165] gspca_main: sunplus-2.14.0 probing 052b:1803
[  180.671256][ T5411] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  180.692946][ T5411] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  180.714880][ T5411] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  180.722399][ T5411] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  180.759654][ T5414] loop0: detected capacity change from 0 to 128
[  180.782661][ T4161] usb 4-1: device descriptor read/64, error -71
[  180.832679][ T4165] gspca_sunplus: reg_r err -71
[  180.837742][ T4165] sunplus: probe of 3-1:0.0 failed with error -71
[  180.892723][ T4165] usb 3-1: USB disconnect, device number 10
[  180.912862][ T4161] usb usb4-port1: attempt power cycle
[  181.333032][ T4161] usb 4-1: new high-speed USB device number 17 using dummy_hcd
[  181.432686][ T4161] usb 4-1: device descriptor read/8, error -71
[  181.577086][ T3625] em28xx 5-1:0.0: unknown em28xx chip ID (0)
[  181.702690][ T4161] usb 4-1: new high-speed USB device number 18 using dummy_hcd
[  181.757972][ T3625] em28xx 5-1:0.0: reading from i2c device at 0xa0 failed (error=-5)
[  181.768344][ T3625] em28xx 5-1:0.0: board has no eeprom
[  181.802874][ T4161] usb 4-1: device descriptor read/8, error -71
[  181.902784][ T3625] em28xx 5-1:0.0: Identified as PCTV tripleStick (292e) (card=94)
[  181.916623][ T3625] em28xx 5-1:0.0: dvb set to bulk mode.
[  181.922746][ T4161] usb usb4-port1: unable to enumerate USB device
[  181.928587][ T3625] usb 5-1: USB disconnect, device number 9
[  181.940550][ T3625] em28xx 5-1:0.0: Disconnecting em28xx
[  181.949200][ T3680] em28xx 5-1:0.0: Binding DVB extension
[  182.102918][ T3680] em28xx 5-1:0.0: Registering input extension
[  182.124647][ T3625] em28xx 5-1:0.0: Closing input extension
[  182.164026][ T3625] em28xx 5-1:0.0: Freeing device
[  182.250730][ T5438] loop0: detected capacity change from 0 to 128
[  182.490582][ T3798] I/O error, dev loop0, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  183.477172][ T5457] binder: 5455:5457 ioctl c0306201 0 returned -14
[  183.534890][ T5457] binder: 5455:5457 ioctl 4018620d 0 returned -22
[  183.605355][ T5463] loop1: detected capacity change from 0 to 256
[  183.648385][ T5463] exFAT-fs (loop1): failed to load upcase table (idx : 0x00010000, chksum : 0xb89b369d, utbl_chksum : 0xe619d30d)
[  185.962813][ T3653] Bluetooth: hci2: command 0x0406 tx timeout
[  186.002636][ T3683] usb 1-1: new high-speed USB device number 16 using dummy_hcd
[  186.155971][ T5489] bridge0: port 2(bridge_slave_1) entered disabled state
[  186.163571][ T5489] bridge0: port 1(bridge_slave_0) entered disabled state
[  186.192735][ T3683] usb 1-1: device descriptor read/64, error -71
[  186.368253][ T5495] netlink: 4 bytes leftover after parsing attributes in process `syz.1.506'.
[  186.472800][ T3683] usb 1-1: new high-speed USB device number 17 using dummy_hcd
[  186.672635][ T3683] usb 1-1: device descriptor read/64, error -71
[  186.792776][ T3683] usb usb1-port1: attempt power cycle
[  187.202597][ T3683] usb 1-1: new high-speed USB device number 18 using dummy_hcd
[  187.243482][ T5506] binder: 5504:5506 ioctl c0306201 0 returned -14
[  187.275378][ T5506] binder: 5504:5506 ioctl 4018620d 0 returned -22
[  187.320507][ T3683] usb 1-1: device descriptor read/8, error -71
[  187.458059][ T5501] loop2: detected capacity change from 0 to 32768
[  187.572794][ T5501] XFS (loop2): Mounting V5 Filesystem
[  187.596888][ T3683] usb 1-1: new high-speed USB device number 19 using dummy_hcd
[  187.692997][ T3683] usb 1-1: device descriptor read/8, error -71
[  187.716297][ T5501] XFS (loop2): Ending clean mount
[  187.752173][ T5501] XFS (loop2): Quotacheck needed: Please wait.
[  187.813918][ T3683] usb usb1-port1: unable to enumerate USB device
[  187.844909][ T5501] XFS (loop2): Quotacheck: Done.
[  187.998590][ T3638] XFS (loop2): Unmounting Filesystem
[  189.450562][ T5539] loop1: detected capacity change from 0 to 512
[  189.575858][ T5539] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  189.602738][ T5539] ext4 filesystem being mounted at /108/bus supports timestamps until 2038 (0x7fffffff)
[  190.472968][ T3639] EXT4-fs (loop1): unmounting filesystem.
[  190.521782][ T5556] binder: 5554:5556 ioctl c0306201 0 returned -14
[  190.590943][ T5556] binder: 5554:5556 ioctl 4018620d 0 returned -22
[  190.822755][ T4161] usb 5-1: new high-speed USB device number 10 using dummy_hcd
[  190.852649][   T22] usb 2-1: new high-speed USB device number 8 using dummy_hcd
[  191.063340][   T22] usb 2-1: device descriptor read/64, error -71
[  191.072892][ T4161] usb 5-1: Using ep0 maxpacket: 16
[  191.192804][ T4161] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  191.234456][ T4161] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  191.318548][ T4161] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  191.333650][   T22] usb 2-1: new high-speed USB device number 9 using dummy_hcd
[  191.372700][ T4161] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  191.416174][ T5546] loop3: detected capacity change from 0 to 32768
[  191.493880][ T4161] usb 5-1: config 0 descriptor??
[  191.635086][ T5546] XFS (loop3): Mounting V5 Filesystem
[  191.652746][   T22] usb 2-1: device descriptor read/64, error -71
[  191.783361][   T22] usb usb2-port1: attempt power cycle
[  192.263797][   T22] usb 2-1: new high-speed USB device number 10 using dummy_hcd
[  192.532998][   T22] usb 2-1: device descriptor read/8, error -71
[  192.923767][   T22] usb 2-1: new high-speed USB device number 11 using dummy_hcd
[  193.124023][   T22] usb 2-1: device descriptor read/8, error -71
[  193.137670][ T5546] XFS (loop3): log mount failed
[  193.272997][   T22] usb usb2-port1: unable to enumerate USB device
[  194.132897][ T1266] ieee802154 phy0 wpan0: encryption failed: -22
[  194.139247][ T1266] ieee802154 phy1 wpan1: encryption failed: -22
[  194.202769][ T4161] usbhid 5-1:0.0: can't add hid device: -71
[  194.208874][ T4161] usbhid: probe of 5-1:0.0 failed with error -71
[  194.283024][ T4161] usb 5-1: USB disconnect, device number 10
[  194.621830][ T5598] loop4: detected capacity change from 0 to 512
[  194.726993][ T5598] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  194.750666][ T5598] ext4 filesystem being mounted at /113/bus supports timestamps until 2038 (0x7fffffff)
[  195.713800][ T3634] EXT4-fs (loop4): unmounting filesystem.
[  196.844113][ T5618] loop0: detected capacity change from 0 to 128
[  197.062253][ T5616] device veth0_vlan left promiscuous mode
[  197.103773][ T5616] device veth0_vlan entered promiscuous mode
[  197.234872][ T3836] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  197.405750][ T3836] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  197.703550][ T3836] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  198.042762][ T3685] usb 2-1: new high-speed USB device number 12 using dummy_hcd
[  198.205008][ T5609] loop3: detected capacity change from 0 to 40427
[  198.232736][ T5264] usb 1-1: new high-speed USB device number 20 using dummy_hcd
[  198.242598][ T3685] usb 2-1: device descriptor read/64, error -71
[  198.342977][ T5609] F2FS-fs (loop3): Found nat_bits in checkpoint
[  198.505690][ T5264] usb 1-1: Using ep0 maxpacket: 16
[  198.532607][ T3685] usb 2-1: new high-speed USB device number 13 using dummy_hcd
[  198.582069][ T5609] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  198.632870][ T5264] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  198.823575][ T5264] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  198.862601][ T5264] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  198.871706][ T5264] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  198.882640][ T3685] usb 2-1: device descriptor read/64, error -71
[  199.161842][ T3685] usb usb2-port1: attempt power cycle
[  199.293302][ T5264] usb 1-1: config 0 descriptor??
[  199.923441][ T3685] usb 2-1: new high-speed USB device number 14 using dummy_hcd
[  200.157155][ T3685] usb 2-1: device descriptor read/8, error -71
[  201.633749][ T5658] loop2: detected capacity change from 0 to 128
[  201.652915][ T5264] usbhid 1-1:0.0: can't add hid device: -71
[  201.658943][ T5264] usbhid: probe of 1-1:0.0 failed with error -71
[  201.710437][ T5264] usb 1-1: USB disconnect, device number 20
[  201.927760][ T5677] loop3: detected capacity change from 0 to 128
[  202.141030][ T5677] EXT4-fs (loop3): mounting ext2 file system using the ext4 subsystem
[  202.238717][ T5677] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  202.336077][ T5677] ext2 filesystem being mounted at /116/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[  202.546335][ T3641] EXT4-fs (loop3): unmounting filesystem.
[  202.843789][ T5692] binder: 5689:5692 ioctl c0306201 0 returned -14
[  202.923236][ T5692] binder: 5689:5692 ioctl 4018620d 0 returned -22
[  203.038224][ T5696] netlink: 'syz.1.562': attribute type 4 has an invalid length.
[  203.103768][ T5697] netlink: 'syz.1.562': attribute type 4 has an invalid length.
[  203.275202][ T5697] syz.1.562 (5697) used greatest stack depth: 19704 bytes left
[  204.240341][ T5670] loop4: detected capacity change from 0 to 40427
[  204.653055][ T3685] usb 3-1: new high-speed USB device number 11 using dummy_hcd
[  204.730510][ T5670] F2FS-fs (loop4): Found nat_bits in checkpoint
[  205.122666][ T3685] usb 3-1: Using ep0 maxpacket: 16
[  205.573121][ T3685] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  205.622864][ T3685] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  205.697406][ T3685] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  205.752592][ T3685] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  205.818505][ T3685] usb 3-1: config 0 descriptor??
[  205.897090][ T5724] loop3: detected capacity change from 0 to 128
[  205.991230][ T5726] loop1: detected capacity change from 0 to 128
[  206.087586][ T5726] EXT4-fs (loop1): mounting ext2 file system using the ext4 subsystem
[  206.966339][ T5726] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  207.244271][ T5726] ext2 filesystem being mounted at /122/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[  207.589819][ T3639] EXT4-fs (loop1): unmounting filesystem.
[  208.482923][ T3685] usbhid 3-1:0.0: can't add hid device: -71
[  208.488962][ T3685] usbhid: probe of 3-1:0.0 failed with error -71
[  208.533319][ T3685] usb 3-1: USB disconnect, device number 11
[  209.397147][ T5757] loop3: detected capacity change from 0 to 512
[  209.516515][ T5757] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  209.542987][ T5757] ext4 filesystem being mounted at /122/bus supports timestamps until 2038 (0x7fffffff)
[  209.556120][ T5760] binder: 5755:5760 ioctl c0306201 0 returned -14
[  209.588146][ T5760] binder: 5755:5760 ioctl 4018620d 0 returned -22
[  209.622651][ T4166] usb 1-1: new high-speed USB device number 21 using dummy_hcd
[  210.356704][ T5775] loop4: detected capacity change from 0 to 128
[  210.371965][ T3641] EXT4-fs (loop3): unmounting filesystem.
[  210.392771][ T4166] usb 1-1: Using ep0 maxpacket: 32
[  210.512855][ T4166] usb 1-1: config 0 has an invalid interface number: 1 but max is 0
[  210.548670][ T4166] usb 1-1: config 0 has no interface number 0
[  210.592716][ T4166] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  211.149988][ T4166] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  211.831087][ T4166] usb 1-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[  211.840228][ T4166] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  211.863497][ T4166] usb 1-1: config 0 descriptor??
[  211.882911][ T4166] usb 1-1: can't set config #0, error -71
[  211.893139][ T4166] usb 1-1: USB disconnect, device number 21
[  212.392644][ T5264] usb 4-1: new high-speed USB device number 19 using dummy_hcd
[  212.662693][ T5264] usb 4-1: Using ep0 maxpacket: 16
[  213.093285][ T5264] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  213.279236][ T5264] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  213.292684][ T5264] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  213.301745][ T5264] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  213.323720][ T5264] usb 4-1: config 0 descriptor??
[  213.959905][ T5811] loop4: detected capacity change from 0 to 512
[  214.387667][ T5818] loop0: detected capacity change from 0 to 128
[  214.485596][ T5811] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  214.841372][ T5811] ext4 filesystem being mounted at /127/bus supports timestamps until 2038 (0x7fffffff)
[  215.693501][ T5831] program syz.0.599 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  216.050415][ T5264] usbhid 4-1:0.0: can't add hid device: -71
[  216.056440][ T5264] usbhid: probe of 4-1:0.0 failed with error -71
[  216.133857][ T5264] usb 4-1: USB disconnect, device number 19
[  216.695155][ T3634] EXT4-fs (loop4): unmounting filesystem.
[  217.457892][ T3683] usb 3-1: new high-speed USB device number 12 using dummy_hcd
[  217.584449][ T5853] netdevsim netdevsim1: Direct firmware load for ng failed with error -2
[  217.642963][ T5853] netdevsim netdevsim1: Falling back to sysfs fallback for: ng
[  217.673430][ T5857] loop4: detected capacity change from 0 to 128
[  217.881623][ T5835] loop3: detected capacity change from 0 to 40427
[  218.237123][ T5835] F2FS-fs (loop3): Found nat_bits in checkpoint
[  218.619995][ T3683] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a
[  218.629313][ T3683] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  218.637408][ T3683] usb 3-1: Product: syz
[  218.641579][ T3683] usb 3-1: Manufacturer: syz
[  218.648833][ T3683] usb 3-1: SerialNumber: syz
[  218.658166][ T3683] usb 3-1: config 0 descriptor??
[  218.752068][ T5835] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  219.016688][ T4166] usb 2-1: new high-speed USB device number 16 using dummy_hcd
[  220.397127][ T3650] Bluetooth: hci4: command 0x0406 tx timeout
[  220.516108][ T3641] syz-executor: attempt to access beyond end of device
[  220.516108][ T3641] loop3: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  220.523690][ T3683] usb 3-1: Firmware version (0.0) predates our first public release.
[  220.539020][ T4166] usb 2-1: Using ep0 maxpacket: 16
[  220.545637][ T3683] usb 3-1: Please update to version 0.2 or newer
[  220.661213][ T4166] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  220.673617][ T3683] usb 3-1: USB disconnect, device number 12
[  220.729435][ T4166] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  220.822149][ T4166] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  220.836955][ T4166] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  220.957910][ T4166] usb 2-1: config 0 descriptor??
[  222.269710][ T5904] loop3: detected capacity change from 0 to 512
[  222.521768][ T5904] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  222.586679][ T5913] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  222.606199][ T5904] ext4 filesystem being mounted at /126/bus supports timestamps until 2038 (0x7fffffff)
[  223.379973][ T3641] EXT4-fs (loop3): unmounting filesystem.
[  223.419856][ T4166] usbhid 2-1:0.0: can't add hid device: -71
[  223.425883][ T4166] usbhid: probe of 2-1:0.0 failed with error -71
[  223.512336][ T4166] usb 2-1: USB disconnect, device number 16
[  224.315112][ T3680] usb 4-1: new high-speed USB device number 20 using dummy_hcd
[  224.365125][ T4166] usb 2-1: new high-speed USB device number 17 using dummy_hcd
[  224.640004][ T3680] usb 4-1: Using ep0 maxpacket: 8
[  225.418190][ T4166] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e
[  225.441821][ T4166] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  225.477386][ T3680] usb 4-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  225.497228][ T3680] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  225.531211][ T3680] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  225.550217][ T3680] usb 4-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  225.592913][ T4166] usb 2-1: config 0 descriptor??
[  225.594038][ T3680] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  225.628082][ T3680] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  225.695121][ T3680] usbtmc 4-1:16.0: bulk endpoints not found
[  226.010839][ T5920] netlink: 12 bytes leftover after parsing attributes in process `syz.1.623'.
[  226.039321][ T4166] ath6kl: Failed to submit usb control message: -71
[  226.046100][ T4166] ath6kl: unable to send the bmi data to the device: -71
[  226.810015][ T4166] ath6kl: Unable to send get target info: -71
[  226.821405][ T4166] ath6kl: Failed to init ath6kl core: -71
[  226.891244][ T4166] ath6kl_usb: probe of 2-1:0.0 failed with error -71
[  226.936214][ T4166] usb 2-1: USB disconnect, device number 17
[  227.093921][ T5937] loop2: detected capacity change from 0 to 40427
[  227.253489][ T5953] netlink: 32 bytes leftover after parsing attributes in process `syz.0.629'.
[  229.617076][ T5937] F2FS-fs (loop2): Failed to initialize F2FS segment manager (-4)
[  229.706428][ T4166] usb 4-1: USB disconnect, device number 20
[  229.771739][ T5960] loop0: detected capacity change from 0 to 128
[  229.933000][ T5966] netlink: 'syz.4.632': attribute type 4 has an invalid length.
[  230.860423][ T5968] netlink: 'syz.4.632': attribute type 4 has an invalid length.
[  230.880249][ T4166] usb 4-1: new high-speed USB device number 21 using dummy_hcd
[  231.117716][ T4166] usb 4-1: Using ep0 maxpacket: 16
[  231.236669][ T4166] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  231.236700][ T4166] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  231.236734][ T4166] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  231.236755][ T4166] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  231.239200][ T4166] usb 4-1: config 0 descriptor??
[  231.496197][ T5982] netlink: 24 bytes leftover after parsing attributes in process `syz.2.634'.
[  234.070434][ T4166] usbhid 4-1:0.0: can't add hid device: -71
[  234.077794][ T4166] usbhid: probe of 4-1:0.0 failed with error -71
[  234.212515][ T4166] usb 4-1: USB disconnect, device number 21
[  235.614216][ T6011] IPVS: Error connecting to the multicast addr
[  235.816642][ T3683] usb 3-1: new high-speed USB device number 13 using dummy_hcd
[  235.971528][ T6020] overlayfs: missing 'lowerdir'
[  236.056194][ T6021] netlink: 'syz.1.647': attribute type 39 has an invalid length.
[  236.104386][   T26] audit: type=1326 audit(1724356103.888:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6016 comm="syz.1.647" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0226379e79 code=0x0
[  236.700671][ T4161] usb 5-1: new high-speed USB device number 11 using dummy_hcd
[  236.749604][ T3683] usb 3-1: Using ep0 maxpacket: 8
[  237.018132][ T3683] usb 3-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config
[  237.018296][ T4161] usb 5-1: Using ep0 maxpacket: 32
[  237.035886][ T3683] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  237.525889][ T3683] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  237.539506][ T3683] usb 3-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3
[  237.552976][ T3683] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  237.562652][ T3683] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  237.616132][ T3683] usbtmc 3-1:16.0: bulk endpoints not found
[  237.653816][ T4161] usb 5-1: config 0 has an invalid interface number: 1 but max is 0
[  237.675733][ T6033] netlink: 4 bytes leftover after parsing attributes in process `syz.1.651'.
[  237.685329][ T4161] usb 5-1: config 0 has no interface number 0
[  237.693731][ T4161] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  237.745138][ T4161] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  237.784745][ T4161] usb 5-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00
[  237.849695][ T4161] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  237.917015][ T4161] usb 5-1: config 0 descriptor??
[  238.629045][ T6042] loop1: detected capacity change from 0 to 512
[  238.738840][ T6042] EXT4-fs (loop1): 1 truncate cleaned up
[  238.752491][ T6042] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  239.711092][ T4161] uclogic 0003:28BD:0094.0007: failed retrieving string descriptor #100: -71
[  239.753811][ T3685] usb 3-1: USB disconnect, device number 13
[  239.806554][ T4161] uclogic 0003:28BD:0094.0007: failed retrieving pen parameters: -71
[  239.846662][ T4161] uclogic 0003:28BD:0094.0007: pen probing failed: -71
[  239.991309][ T4161] uclogic 0003:28BD:0094.0007: failed probing parameters: -71
[  240.724968][ T4161] uclogic: probe of 0003:28BD:0094.0007 failed with error -71
[  240.785123][ T4161] usb 5-1: USB disconnect, device number 11
[  240.876024][ T3639] EXT4-fs (loop1): unmounting filesystem.
[  241.664088][ T6071] overlayfs: missing 'lowerdir'
[  241.775149][ T6073] iwpm_register_pid: Unable to send a nlmsg (client = 2)
[  241.857849][ T6073] infiniband syz2: RDMA CMA: cma_listen_on_dev, error -98
[  242.119873][ T6087] netlink: 'syz.3.662': attribute type 39 has an invalid length.
[  242.174269][   T26] audit: type=1326 audit(1724356109.995:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6074 comm="syz.3.662" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe408179e79 code=0x0
[  242.970135][ T6097] loop1: detected capacity change from 0 to 512
[  244.020932][ T6097] EXT4-fs (loop1): 1 truncate cleaned up
[  244.026628][ T6097] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  244.064186][ T6109] tipc: Enabling of bearer <udp:syz1> rejected, failed to enable media
[  245.271455][ T6123] overlayfs: missing 'lowerdir'
[  245.403389][ T3639] EXT4-fs (loop1): unmounting filesystem.
[  245.692240][ T6139] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  248.429582][ T5264] usb 3-1: new high-speed USB device number 14 using dummy_hcd
[  248.447495][ T6154] netlink: 'syz.0.685': attribute type 11 has an invalid length.
[  249.741215][ T6161] overlayfs: missing 'lowerdir'
[  249.764214][ T6163] loop0: detected capacity change from 0 to 512
[  249.817506][ T6163] EXT4-fs (loop0): 1 truncate cleaned up
[  249.848734][ T6163] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  250.136478][ T5264] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  250.157842][ T5264] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  250.217292][ T5264] usb 3-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00
[  250.256055][ T3683] usb 2-1: new high-speed USB device number 18 using dummy_hcd
[  250.299439][ T5264] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  250.390647][ T5264] usb 3-1: config 0 descriptor??
[  250.505399][ T3683] usb 2-1: Using ep0 maxpacket: 16
[  250.625577][ T3683] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  250.641138][ T3637] EXT4-fs (loop0): unmounting filesystem.
[  250.643263][ T3683] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  250.660397][ T3683] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  250.671155][ T3683] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  250.683524][ T3683] usb 2-1: config 0 descriptor??
[  250.922124][ T5264] hid-multitouch 0003:1FD2:6007.0008: unknown main item tag 0x0
[  251.060337][ T5264] hid-multitouch 0003:1FD2:6007.0008: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.2-1/input0
[  251.161529][ T4166] usb 3-1: USB disconnect, device number 14
[  252.318933][ T6194] process 'syz.4.700' launched './file0' with NULL argv: empty string added
[  252.610701][ T6202] overlayfs: missing 'lowerdir'
[  253.049338][ T3683] usbhid 2-1:0.0: can't add hid device: -71
[  253.081010][ T3683] usbhid: probe of 2-1:0.0 failed with error -71
[  253.137881][ T3683] usb 2-1: USB disconnect, device number 18
[  253.171088][ T6209] program syz.3.706 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  253.713511][ T6222] netlink: 'syz.0.709': attribute type 39 has an invalid length.
[  253.729823][   T26] audit: type=1326 audit(1724356121.586:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6215 comm="syz.0.709" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb88dd79e79 code=0x0
[  255.315152][ T1266] ieee802154 phy0 wpan0: encryption failed: -22
[  255.321473][ T1266] ieee802154 phy1 wpan1: encryption failed: -22
[  256.480968][   T22] usb 4-1: new high-speed USB device number 22 using dummy_hcd
[  256.670694][ T4161] usb 1-1: new high-speed USB device number 22 using dummy_hcd
[  256.880427][   T22] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config
[  256.930312][ T4161] usb 1-1: Using ep0 maxpacket: 16
[  256.940302][   T22] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7
[  257.041049][   T22] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  257.090186][ T4161] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  257.129689][   T22] usb 4-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2
[  257.143518][ T4161] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  257.217090][ T6254] program syz.1.720 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  257.233930][   T22] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d
[  257.298072][ T4161] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  257.325553][   T22] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  257.374142][ T4161] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  257.479424][ T4161] usb 1-1: config 0 descriptor??
[  257.519148][   T22] usb 4-1: can't set config #27, error -71
[  257.532575][   T22] usb 4-1: USB disconnect, device number 22
[  258.047537][ T6269] netlink: 'syz.3.725': attribute type 39 has an invalid length.
[  258.061865][   T26] audit: type=1326 audit(1724356125.934:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6260 comm="syz.3.725" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe408179e79 code=0x0
[  259.228643][ T6280] loop1: detected capacity change from 0 to 512
[  259.279667][ T6279] tipc: New replicast peer: fe80:0000:0000:0000:0000:0000:0000:00bb
[  259.381218][ T6279] tipc: Enabled bearer <udp:syz1>, priority 10
[  259.419995][ T6280] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  259.534211][ T6280] ext4 filesystem being mounted at /158/bus supports timestamps until 2038 (0x7fffffff)
[  259.630286][ T4161] usbhid 1-1:0.0: can't add hid device: -71
[  259.648641][ T4161] usbhid: probe of 1-1:0.0 failed with error -71
[  259.708200][ T4161] usb 1-1: USB disconnect, device number 22
[  259.856528][ T6296] program syz.0.733 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  260.423400][ T3639] EXT4-fs (loop1): unmounting filesystem.
[  260.468253][ T6305] loop2: detected capacity change from 0 to 128
[  260.614551][   T26] audit: type=1326 audit(1724356128.469:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6307 comm="syz.1.737" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0226379e79 code=0x0
[  261.720628][ T6324] netlink: 16 bytes leftover after parsing attributes in process `syz.0.742'.
[  261.804338][ T6295] loop4: detected capacity change from 0 to 40427
[  261.886360][ T6295] F2FS-fs (loop4): Found nat_bits in checkpoint
[  262.086303][ T6333] program syz.0.745 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  262.237561][ T6335] raw_sendmsg: syz.3.744 forgot to set AF_INET. Fix it!
[  262.321424][ T3680] usb 3-1: new high-speed USB device number 15 using dummy_hcd
[  262.581198][ T3680] usb 3-1: Using ep0 maxpacket: 16
[  262.701257][ T3680] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  262.740368][ T3680] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  262.824007][ T3680] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  262.886415][ T3680] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  262.954982][ T3680] usb 3-1: config 0 descriptor??
[  263.619934][ T4166] usb 4-1: new high-speed USB device number 23 using dummy_hcd
[  264.550393][ T6345] loop1: detected capacity change from 0 to 512
[  264.670739][ T4166] usb 4-1: Using ep0 maxpacket: 8
[  264.788799][ T4166] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x0, skipping
[  264.828261][ T4166] usb 4-1: config 0 interface 0 altsetting 0 has an invalid endpoint descriptor of length 6, skipping
[  264.965628][ T6345] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  265.058165][ T6345] ext4 filesystem being mounted at /162/bus supports timestamps until 2038 (0x7fffffff)
[  265.067098][ T4166] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1
[  265.148322][ T3680] usbhid 3-1:0.0: can't add hid device: -71
[  265.154740][ T3680] usbhid: probe of 3-1:0.0 failed with error -71
[  265.219953][ T3680] usb 3-1: USB disconnect, device number 15
[  266.492922][ T3639] EXT4-fs (loop1): unmounting filesystem.
[  266.516566][ T4166] usb 4-1: string descriptor 0 read error: -71
[  266.522853][ T4166] usb 4-1: New USB device found, idVendor=0471, idProduct=0311, bcdDevice=81.d5
[  266.533537][ T4166] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  266.545446][ T4166] usb 4-1: config 0 descriptor??
[  266.564820][ T6359] loop2: detected capacity change from 0 to 128
[  266.571436][ T4166] usb 4-1: can't set config #0, error -71
[  266.605289][ T4166] usb 4-1: USB disconnect, device number 23
[  267.231188][   T26] audit: type=1326 audit(1724356135.117:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6366 comm="syz.1.752" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f0226379e79 code=0x0
[  267.267078][ T6371] program syz.4.757 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  267.457031][ T6373] team0: Port device team_slave_1 removed
[  267.561567][ T6374] device team_slave_0 entered promiscuous mode
[  268.452029][ T6374] team0: Port device team_slave_0 removed
[  268.622497][ T6387] loop1: detected capacity change from 0 to 512
[  268.836039][ T6387] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  268.886218][ T6387] ext4 filesystem being mounted at /165/bus supports timestamps until 2038 (0x7fffffff)
[  269.014102][ T5266] usb 5-1: new high-speed USB device number 12 using dummy_hcd
[  269.903996][ T5266] usb 5-1: Using ep0 maxpacket: 16
[  270.213306][ T5266] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  270.290464][ T5266] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  270.393151][ T5266] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  270.465934][ T5266] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  270.474132][ T6409] program syz.2.769 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  270.523691][ T5266] usb 5-1: config 0 descriptor??
[  270.568228][ T3639] EXT4-fs (loop1): unmounting filesystem.
[  270.872121][ T6416] fuse: Bad value for 'fd'
[  270.998247][ T6418] loop2: detected capacity change from 0 to 128
[  272.482212][ T6433] netlink: 44 bytes leftover after parsing attributes in process `syz.2.775'.
[  272.511481][ T5266] usbhid 5-1:0.0: can't add hid device: -71
[  272.518443][ T5266] usbhid: probe of 5-1:0.0 failed with error -71
[  272.539405][ T6433] netlink: 24 bytes leftover after parsing attributes in process `syz.2.775'.
[  272.560658][ T5266] usb 5-1: USB disconnect, device number 12
[  273.747436][ T6447] program syz.0.781 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  273.833264][ T6455] netlink: 'syz.4.780': attribute type 39 has an invalid length.
[  273.864179][   T26] audit: type=1326 audit(1724356141.752:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6444 comm="syz.4.780" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f41f8379e79 code=0x0
[  274.659491][ T6461] loop4: detected capacity change from 0 to 128
[  275.340837][ T5266] usb 1-1: new high-speed USB device number 23 using dummy_hcd
[  275.641382][ T5266] usb 1-1: Using ep0 maxpacket: 16
[  275.759496][ T5266] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  275.794646][ T5266] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  275.807803][ T6475] netlink: 8 bytes leftover after parsing attributes in process `syz.2.789'.
[  275.865436][ T5266] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  275.915856][ T6475] netlink: 12 bytes leftover after parsing attributes in process `syz.2.789'.
[  275.927339][ T5266] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  275.960048][ T5266] usb 1-1: config 0 descriptor??
[  276.049251][ T4161] usb 2-1: new high-speed USB device number 19 using dummy_hcd
[  276.137768][ T6480] netlink: 12 bytes leftover after parsing attributes in process `syz.4.790'.
[  276.326683][ T6480] netlink: 4 bytes leftover after parsing attributes in process `syz.4.790'.
[  276.349095][ T4161] usb 2-1: Using ep0 maxpacket: 8
[  276.490558][ T4161] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  276.534575][ T4161] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  276.683821][ T4161] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  276.812450][ T4161] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  276.905407][ T4161] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  276.996495][ T4161] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  277.060446][ T4161] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  277.259551][ T4161] usbtmc: probe of 2-1:16.0 failed with error -22
[  277.919233][ T5266] usbhid 1-1:0.0: can't add hid device: -71
[  277.925260][ T5266] usbhid: probe of 1-1:0.0 failed with error -71
[  277.934322][ T6502] program syz.0.797 is using a deprecated SCSI ioctl, please convert it to SG_IO
[  277.965230][ T5266] usb 1-1: USB disconnect, device number 23
[  278.187425][ T6509] loop3: detected capacity change from 0 to 128
[  278.825836][ T4161] usb 2-1: USB disconnect, device number 19
[  279.063395][ T3650] Bluetooth: hci2: unexpected event for opcode 0x2002
[  279.747296][ T5266] usb 5-1: new high-speed USB device number 13 using dummy_hcd
[  280.007362][ T5266] usb 5-1: Using ep0 maxpacket: 16
[  280.127712][ T5266] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  280.178694][ T5266] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9
[  280.322957][ T5266] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00
[  280.390032][ T6507] loop0: detected capacity change from 0 to 40427
[  280.407266][ T5266] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  280.437979][ T5266] usb 5-1: config 0 descriptor??
[  280.704180][ T6507] F2FS-fs (loop0): Found nat_bits in checkpoint
[  281.628149][ T6551] overlayfs: missing 'workdir'
[  282.196361][ T4161] usb 4-1: new high-speed USB device number 24 using dummy_hcd
[  282.446278][ T4161] usb 4-1: Using ep0 maxpacket: 8
[  282.580779][ T4161] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  282.619900][ T5266] usbhid 5-1:0.0: can't add hid device: -71
[  282.626171][ T5266] usbhid: probe of 5-1:0.0 failed with error -71
[  282.630817][ T4161] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  282.655751][ T5266] usb 5-1: USB disconnect, device number 13
[  282.657989][ T4161] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0
[  282.691540][ T4161] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0
[  282.728436][ T4161] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  282.732185][ T6565] loop0: detected capacity change from 0 to 128
[  282.744730][ T4161] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  282.787283][ T4161] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  282.868496][ T4161] usbtmc: probe of 4-1:16.0 failed with error -22
[  283.429984][ T3650] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0
[  283.439136][ T3650] Bluetooth: hci2: Injecting HCI hardware error event
[  283.450506][ T3644] Bluetooth: hci2: hardware error 0x00
[  283.814577][ T6582] team0 speed is unknown, defaulting to 1000
[  285.375522][ T6593] netlink: 'syz.0.821': attribute type 39 has an invalid length.
[  285.683832][ T3644] Bluetooth: hci2: Opcode 0x0c03 failed: -110
[  285.792320][ T3647] usb 4-1: USB disconnect, device number 24
[  286.901885][ T6615] loop2: detected capacity change from 0 to 128
[  288.088329][ T6597] loop0: detected capacity change from 0 to 40427
[  288.164511][ T4161] usb 4-1: new high-speed USB device number 25 using dummy_hcd
[  288.179169][ T6597] F2FS-fs (loop0): Found nat_bits in checkpoint
[  288.312805][ T6597] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  288.424354][ T4161] usb 4-1: Using ep0 maxpacket: 16
[  289.055090][ T4161] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  289.085433][ T4161] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3
[  289.166805][ T3637] syz-executor: attempt to access beyond end of device
[  289.166805][ T3637] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  289.300193][ T4161] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  289.322952][ T4161] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  290.087019][ T4161] usb 4-1: Product: syz
[  290.244860][ T4161] usb 4-1: Manufacturer: syz
[  290.254761][ T4161] usb 4-1: SerialNumber: syz
[  290.915761][ T4161] usb 4-1: skipping empty audio interface (v1)
[  290.997083][ T4161] snd-usb-audio: probe of 4-1:1.0 failed with error -22
[  291.018735][ T4161] usb 4-1: USB disconnect, device number 25
[  291.019452][ T3798] udevd[3798]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  291.326032][ T6661] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium
[  293.449588][ T6678] loop4: detected capacity change from 0 to 128
[  294.519497][ T6696] netlink: 16 bytes leftover after parsing attributes in process `syz.1.849'.
[  294.785305][ T6708] netlink: 'syz.2.851': attribute type 39 has an invalid length.
[  297.195729][ T6727] loop4: detected capacity change from 0 to 1024
[  297.223229][ T6727] EXT4-fs: quotafile must be on filesystem root
[  298.085414][ T6736] loop2: detected capacity change from 0 to 128
[  299.454959][ T6725] loop3: detected capacity change from 0 to 40427
[  299.487080][ T6725] F2FS-fs (loop3): invalid crc value
[  299.777397][ T6725] F2FS-fs (loop3): Mismatch valid blocks 256 vs. 0
[  299.911390][ T6725] F2FS-fs (loop3): Failed to initialize F2FS segment manager (-117)
[  300.143229][ T6739] device ip6tnl1 entered promiscuous mode
[  302.972017][ T3680] usb 3-1: new high-speed USB device number 16 using dummy_hcd
[  304.078315][ T6780] loop4: detected capacity change from 0 to 128
[  304.112060][ T3680] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid wMaxPacketSize 0
[  304.150095][ T3680] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 0
[  304.276533][ T3680] usb 3-1: config 0 interface 0 altsetting 0 has an invalid endpoint with address 0x92, skipping
[  305.272234][ T3680] usb 3-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=9e.7f
[  305.299549][ T3680] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  305.331797][ T3680] usb 3-1: Product: syz
[  305.355166][ T3680] usb 3-1: config 0 descriptor??
[  305.402394][ T3680] usb 3-1: can't set config #0, error -71
[  305.434981][ T3680] usb 3-1: USB disconnect, device number 16
[  306.363431][   T26] audit: type=1326 audit(1724356174.261:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6802 comm="syz.0.882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb88dd79e79 code=0x7ffc0000
[  306.456308][   T26] audit: type=1326 audit(1724356174.261:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6802 comm="syz.0.882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb88dd79e79 code=0x7ffc0000
[  306.501685][   T26] audit: type=1326 audit(1724356174.291:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6802 comm="syz.0.882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=448 compat=0 ip=0x7fb88dd79e79 code=0x7ffc0000
[  306.725107][   T26] audit: type=1326 audit(1724356174.291:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6802 comm="syz.0.882" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb88dd79e79 code=0x7ffc0000
[  306.849957][ T6816] netlink: 'syz.0.886': attribute type 39 has an invalid length.
[  307.808823][   T26] audit: type=1326 audit(1724356174.911:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6811 comm="syz.0.886" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb88dd79e79 code=0x0
[  307.877153][ T6821] loop4: detected capacity change from 0 to 128
[  308.178311][ T5264] usb 4-1: new high-speed USB device number 26 using dummy_hcd
[  308.431911][ T5264] usb 4-1: Using ep0 maxpacket: 8
[  308.552332][ T5264] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  308.589348][ T5264] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  308.743533][ T5264] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  308.764131][ T5264] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  308.791600][ T5264] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  308.824972][ T5264] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  309.101926][ T5264] usb 4-1: GET_CAPABILITIES returned 0
[  309.107870][ T5264] usbtmc 4-1:16.0: can't read capabilities
[  309.325995][ T5264] usb 4-1: USB disconnect, device number 26
[  309.539927][ T6837] 9pnet_fd: Insufficient options for proto=fd
[  309.842147][ T6848] loop4: detected capacity change from 0 to 40427
[  309.843483][ T6841] loop1: detected capacity change from 0 to 40427
[  309.880363][ T6841] F2FS-fs (loop1): Invalid Fs Meta Ino: node(1) meta(2) root(0)
[  309.880595][ T6848] F2FS-fs (loop4): invalid crc value
[  309.894174][ T6841] F2FS-fs (loop1): Can't find valid F2FS filesystem in 1th superblock
[  309.925002][ T6841] F2FS-fs (loop1): invalid crc value
[  309.930596][ T6848] F2FS-fs (loop4): Found nat_bits in checkpoint
[  309.967849][ T6841] F2FS-fs (loop1): Found nat_bits in checkpoint
[  310.067317][ T6848] F2FS-fs (loop4): Cannot turn on quotas: -2 on 0
[  310.098173][ T6848] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e4
[  310.140825][ T6841] F2FS-fs (loop1): Try to recover 1th superblock, ret: 0
[  310.155422][ T6841] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  311.266597][ T6873] syz.1.893: attempt to access beyond end of device
[  311.266597][ T6873] loop1: rw=2049, sector=53248, nr_sectors = 408 limit=40427
[  311.355902][ T6874] netlink: 'syz.2.898': attribute type 39 has an invalid length.
[  312.345461][   T26] audit: type=1326 audit(1724356179.971:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6863 comm="syz.2.898" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8373f79e79 code=0x0
[  312.972486][ T3639] syz-executor: attempt to access beyond end of device
[  312.972486][ T3639] loop1: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  313.094299][ T6879] loop3: detected capacity change from 0 to 128
[  315.457841][ T6922] netlink: 'syz.3.915': attribute type 39 has an invalid length.
[  315.491260][ T3680] usb 2-1: new high-speed USB device number 20 using dummy_hcd
[  315.542058][   T26] audit: type=1326 audit(1724356183.381:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6909 comm="syz.3.915" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe408179e79 code=0x0
[  315.687439][ T6919] overlayfs: failed to resolve './file0': -2
[  315.861345][ T3680] usb 2-1: Using ep0 maxpacket: 8
[  315.979160][ T6927] loop0: detected capacity change from 0 to 128
[  315.985874][ T3680] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7
[  316.026552][ T3680] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0
[  316.203356][ T3680] usb 2-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00
[  316.222097][ T3680] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  316.248990][ T3680] usb 2-1: config 0 descriptor??
[  316.836988][ T1266] ieee802154 phy0 wpan0: encryption failed: -22
[  316.844059][ T1266] ieee802154 phy1 wpan1: encryption failed: -22
[  316.920157][ T6937] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  316.980798][ T6937] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  317.044211][ T6937] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  317.379950][ T3680] hid-picolcd 0003:04D8:F002.0009: unknown main item tag 0x0
[  317.388640][ T3680] hid-picolcd 0003:04D8:F002.0009: item fetching failed at offset 5/7
[  317.398184][ T6941] bridge0: port 2(bridge_slave_1) entered disabled state
[  317.405662][ T6941] bridge0: port 1(bridge_slave_0) entered disabled state
[  317.405892][ T3680] hid-picolcd 0003:04D8:F002.0009: device report parse failed
[  317.420321][ T3680] hid-picolcd: probe of 0003:04D8:F002.0009 failed with error -22
[  318.139160][ T4166] usb 2-1: USB disconnect, device number 20
[  318.689384][ T6963] netlink: 'syz.4.934': attribute type 39 has an invalid length.
[  318.728220][   T26] audit: type=1326 audit(1724356186.621:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6958 comm="syz.4.934" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f41f8379e79 code=0x0
[  320.377836][ T6973] loop1: detected capacity change from 0 to 128
[  320.519297][ T6976] IPv6: ADDRCONF(NETDEV_CHANGE): ip6gre0: link becomes ready
[  320.547606][ T6976] IPv6: ADDRCONF(NETDEV_CHANGE): ip6gre0: link becomes ready
[  320.598327][ T6976] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  320.641665][ T6976] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  320.663666][ T6976] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  321.135919][ T6976] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  321.151333][   T22] usb 4-1: new full-speed USB device number 27 using dummy_hcd
[  321.273658][ T6984] loop0: detected capacity change from 0 to 64
[  322.751446][   T22] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 512, setting to 64
[  322.780901][   T22] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  322.961003][   T22] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40
[  323.040353][ T7006] netlink: 'syz.4.947': attribute type 39 has an invalid length.
[  323.069579][   T26] audit: type=1326 audit(1724356190.962:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6999 comm="syz.4.947" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f41f8379e79 code=0x0
[  323.610934][   T22] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  323.619068][   T22] usb 4-1: Product: syz
[  323.641355][   T22] usb 4-1: Manufacturer: syz
[  323.646548][   T22] usb 4-1: SerialNumber: syz
[  323.741017][   T22] usb 4-1: can't set config #1, error -71
[  323.761384][   T22] usb 4-1: USB disconnect, device number 27
[  323.865963][ T7016] ptrace attach of "./syz-executor exec"[3639] was attempted by "./syz-executor exec"[7016]
[  323.880913][ T5266] usb 3-1: new high-speed USB device number 17 using dummy_hcd
[  324.281153][ T5266] usb 3-1: Using ep0 maxpacket: 8
[  324.412082][ T5266] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  324.488361][ T5266] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  324.659234][ T5266] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  324.783347][ T5266] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  324.795269][ T7003] loop0: detected capacity change from 0 to 40427
[  324.826327][ T5266] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  324.846395][ T5266] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  324.939690][ T7012] loop4: detected capacity change from 0 to 32768
[  324.964783][ T7003] F2FS-fs (loop0): Found nat_bits in checkpoint
[  324.979592][ T7012] BTRFS: device fsid ed167579-eb65-4e76-9a50-61ac97e9b59d devid 1 transid 8 /dev/loop4 scanned by syz.4.950 (7012)
[  325.028676][ T7012] BTRFS info (device loop4): first mount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  325.040483][ T7012] BTRFS info (device loop4): using sha256 (sha256-avx2) checksum algorithm
[  325.049995][ T7012] BTRFS info (device loop4): enabling auto defrag
[  325.066978][ T7012] BTRFS info (device loop4): doing ref verification
[  325.080267][ T7012] BTRFS info (device loop4): force clearing of disk cache
[  325.097579][ T7012] BTRFS info (device loop4): turning on sync discard
[  325.109698][ T7012] BTRFS info (device loop4): setting nodatacow, compression disabled
[  325.126460][ T7003] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  325.141307][ T7012] BTRFS info (device loop4): using free space tree
[  325.213962][   T26] audit: type=1326 audit(1724356193.102:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7032 comm="syz.3.957" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe408179e79 code=0x0
[  325.321986][ T5266] usb 3-1: usb_control_msg returned -71
[  325.327610][ T5266] usbtmc 3-1:16.0: can't read capabilities
[  325.349605][ T7040] loop1: detected capacity change from 0 to 256
[  325.941158][ T5266] usb 3-1: USB disconnect, device number 17
[  326.084635][ T3637] syz-executor: attempt to access beyond end of device
[  326.084635][ T3637] loop0: rw=2049, sector=45096, nr_sectors = 8 limit=40427
[  326.319151][ T7012] BTRFS info (device loop4): enabling ssd optimizations
[  326.347099][ T7012] BTRFS info (device loop4): rebuilding free space tree
[  326.349129][ T7067] netlink: 44 bytes leftover after parsing attributes in process `syz.1.964'.
[  326.391545][ T7067] netlink: 24 bytes leftover after parsing attributes in process `syz.1.964'.
[  326.460982][ T3647] usb 4-1: new high-speed USB device number 28 using dummy_hcd
[  326.552842][ T7012] loop4: detected capacity change from 32768 to 0
[  326.675623][ T7075] can0: slcan on ttyS3.
[  326.711047][ T3647] usb 4-1: Using ep0 maxpacket: 32
[  326.894615][ T3634] BTRFS info (device loop4): last unmount of filesystem ed167579-eb65-4e76-9a50-61ac97e9b59d
[  326.957573][ T3647] usb 4-1: config 64 has an invalid interface number: 110 but max is 0
[  326.980846][ T3647] usb 4-1: config 64 has no interface number 0
[  326.987529][ T3647] usb 4-1: config 64 interface 110 altsetting 0 has an invalid endpoint with address 0x0, skipping
[  326.999797][ T3647] usb 4-1: config 64 interface 110 altsetting 0 has an invalid endpoint with address 0xDB, skipping
[  327.080478][ T7085] netlink: 'syz.0.960': attribute type 39 has an invalid length.
[  327.109520][   T26] audit: type=1326 audit(1724356195.002:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7080 comm="syz.0.960" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb88dd79e79 code=0x0
[  327.743477][ T3647] usb 4-1: config 64 interface 110 altsetting 0 bulk endpoint 0xB has invalid maxpacket 16
[  327.755162][ T3647] usb 4-1: config 64 interface 110 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2
[  327.951010][ T3647] usb 4-1: New USB device found, idVendor=04fc, idProduct=0231, bcdDevice=6f.a9
[  327.975637][ T3647] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  328.009091][ T3647] usb 4-1: Product: syz
[  328.035392][ T3647] usb 4-1: Manufacturer: syz
[  328.040020][ T3647] usb 4-1: SerialNumber: syz
[  328.046559][ T7070] can0 (unregistered): slcan off ttyS3.
[  328.081300][ T7058] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  328.102659][ T7058] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22
[  328.132200][ T3647] spcp8x5 4-1:64.110: required endpoints missing
[  328.344027][   T22] usb 4-1: USB disconnect, device number 28
[  328.608639][ T7115] netlink: 44 bytes leftover after parsing attributes in process `syz.4.977'.
[  328.638073][ T7115] netlink: 24 bytes leftover after parsing attributes in process `syz.4.977'.
[  328.660652][ T7115] bridge0: port 2(bridge_slave_1) entered disabled state
[  328.668664][ T5264] usb 3-1: new high-speed USB device number 18 using dummy_hcd
[  328.681068][ T7115] bridge0: port 2(bridge_slave_1) entered blocking state
[  328.688260][ T7115] bridge0: port 2(bridge_slave_1) entered forwarding state
[  328.804492][ T7119] Bluetooth: MGMT ver 1.22
[  328.917042][ T5264] usb 3-1: Using ep0 maxpacket: 8
[  329.041021][ T5264] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  329.080900][ T5264] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  329.111042][ T5264] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  329.130088][ T7099] loop1: detected capacity change from 0 to 40427
[  329.140810][ T5264] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  329.180124][ T5264] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  329.189523][ T5264] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  329.357883][ T7099] F2FS-fs (loop1): Found nat_bits in checkpoint
[  329.425402][ T7135] netlink: 'syz.0.982': attribute type 39 has an invalid length.
[  329.455078][   T26] audit: type=1326 audit(1724356197.352:43): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7128 comm="syz.0.982" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb88dd79e79 code=0x0
[  329.872450][ T7099] F2FS-fs (loop1): Mounted with checkpoint version = 48b305e5
[  329.947170][   T22] usb 4-1: new high-speed USB device number 29 using dummy_hcd
[  330.187386][ T5264] usb 3-1: GET_CAPABILITIES returned 0
[  330.195351][ T5264] usbtmc 3-1:16.0: can't read capabilities
[  330.207591][ T7121] loop4: detected capacity change from 0 to 40427
[  330.222879][ T7121] F2FS-fs (loop4): Invalid log_blocksize (268), supports only 12
[  330.233724][ T7121] F2FS-fs (loop4): Can't find valid F2FS filesystem in 1th superblock
[  330.492489][   T22] usb 4-1: Using ep0 maxpacket: 16
[  330.534520][ T5264] usb 3-1: USB disconnect, device number 18
[  330.644591][ T7121] F2FS-fs (loop4): invalid crc value
[  330.681399][   T22] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 11
[  330.717177][   T22] usb 4-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0
[  330.777631][ T7121] F2FS-fs (loop4): Found nat_bits in checkpoint
[  330.784344][   T22] usb 4-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0
[  330.843224][   T22] usb 4-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0
[  330.897199][ T7121] F2FS-fs (loop4): Try to recover 1th superblock, ret: 0
[  330.900147][   T22] usb 4-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0
[  330.915361][ T7121] F2FS-fs (loop4): Mounted with checkpoint version = 48b305e5
[  330.922059][   T22] usb 4-1: config 1 interface 0 has no altsetting 0
[  330.930025][   T22] usb 4-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77
[  330.951731][   T22] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  331.023199][   T22] ums-sddr09 4-1:1.0: USB Mass Storage device detected
[  331.319369][   T22] scsi host1: usb-storage 4-1:1.0
[  331.357545][ T7169] loop0: detected capacity change from 0 to 2048
[  331.380453][ T7167] syz.4.979: attempt to access beyond end of device
[  331.380453][ T7167] loop4: rw=2049, sector=77824, nr_sectors = 544 limit=40427
[  331.735135][ T7174] NILFS (loop0): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  331.766800][  T102] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=1, run fsck to fix.
[  331.897921][  T102] F2FS-fs (loop4): f2fs_check_nid_range: out-of-range nid=2, run fsck to fix.
[  332.013842][ T7182] netlink: 'syz.1.990': attribute type 39 has an invalid length.
[  332.331872][ T7188] netlink: 'syz.0.993': attribute type 39 has an invalid length.
[  332.421357][   T26] audit: type=1326 audit(1724356200.262:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7185 comm="syz.0.993" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb88dd79e79 code=0x0
[  332.980849][   T46] scsi 1:0:0:0: Direct-Access     Sandisk  ImageMate SDDR09 0177 PQ: 0 ANSI: 0
[  333.061825][   T46] sd 1:0:0:0: Attached scsi generic sg1 type 0
[  333.094675][ T5266] usb 4-1: USB disconnect, device number 29
[  333.162541][ T3835] sd 1:0:0:0: [sdb] Read Capacity(10) failed: Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK
[  333.228796][ T3835] sd 1:0:0:0: [sdb] Sense not available.
[  333.245718][ T3835] sd 1:0:0:0: [sdb] 0 512-byte logical blocks: (0 B/0 B)
[  333.268285][ T3835] sd 1:0:0:0: [sdb] 0-byte physical blocks
[  333.285721][ T3835] sd 1:0:0:0: [sdb] Write Protect is off
[  333.306218][ T3835] sd 1:0:0:0: [sdb] Asking for cache data failed
[  333.328546][ T3835] sd 1:0:0:0: [sdb] Assuming drive cache: write through
[  333.494936][ T3835] sd 1:0:0:0: [sdb] Attached SCSI removable disk
[  333.588533][ T7208] loop3: detected capacity change from 0 to 256
[  333.720792][ T4160] usb 3-1: new high-speed USB device number 19 using dummy_hcd
[  333.894434][ T3626] udevd[3626]: inotify_add_watch(7, /dev/sdb, 10) failed: No such file or directory
[  333.946790][ T7216] netlink: 'syz.4.1004': attribute type 5 has an invalid length.
[  333.999559][ T7216] IPv6: ADDRCONF(NETDEV_CHANGE): ip6gre0: link becomes ready
[  334.010768][ T4160] usb 3-1: Using ep0 maxpacket: 8
[  334.017666][ T7216] IPv6: ADDRCONF(NETDEV_CHANGE): ip6gre0: link becomes ready
[  334.035274][ T7216] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  334.058796][ T7216] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  334.165519][ T7216] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  334.193512][ T7216] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  334.219541][ T3798] udevd[3798]: inotify_add_watch(7, /dev/sdb, 10) failed: No such file or directory
[  334.245566][ T7216] device team_slave_0 left promiscuous mode
[  334.260889][ T4160] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  334.271084][ T4160] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  334.282080][ T7223] bridge0: port 2(bridge_slave_1) entered disabled state
[  334.289585][ T7223] bridge0: port 1(bridge_slave_0) entered disabled state
[  334.290882][ T4160] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  334.312817][ T4160] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  334.326519][ T7224] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1007'.
[  334.326880][ T4160] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  334.346872][ T4160] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  334.355291][ T7224] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1007'.
[  334.390255][ T7225] netlink: 'syz.0.1005': attribute type 39 has an invalid length.
[  334.444037][ T3835] bond0: (slave bridge0): link status definitely down, disabling slave
[  334.484029][ T7229] netlink: 452 bytes leftover after parsing attributes in process `syz.3.1009'.
[  334.522526][   T22] libceph: connect (1)[c::]:6789 error -101
[  334.536683][   T22] libceph: mon0 (1)[c::]:6789 connect error
[  334.597135][ T7238] loop1: detected capacity change from 0 to 128
[  334.608521][ T7238] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: none.
[  334.629153][ T7227] ceph: No mds server is up or the cluster is laggy
[  334.636553][ T4160] usb 3-1: GET_CAPABILITIES returned 0
[  334.642280][ T4160] usbtmc 3-1:16.0: can't read capabilities
[  334.652018][ T7238] ext4 filesystem being mounted at /217/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa supports timestamps until 2038 (0x7fffffff)
[  334.873582][   T22] usb 3-1: USB disconnect, device number 19
[  335.161473][   T26] audit: type=1804 audit(1724356202.932:45): pid=7244 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.1.1011" name="/newroot/217/file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa/bus" dev="loop1" ino=13 res=1 errno=0
[  335.722401][ T7253] loop3: detected capacity change from 0 to 512
[  335.733176][ T7253] EXT4-fs (loop3): 1 truncate cleaned up
[  335.738953][ T7253] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: none.
[  335.796619][ T7256] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET.
[  335.820811][ T7238] loop1: detected capacity change from 128 to 127
[  335.913930][ T3639] EXT4-fs warning (device loop1): ext4_dirblock_csum_verify:406: inode #2: comm syz-executor: No space for directory leaf checksum. Please run e2fsck -D.
[  335.943972][ T3641] EXT4-fs (loop3): unmounting filesystem.
[  335.953815][ T3639] EXT4-fs error (device loop1): htree_dirblock_to_tree:1083: inode #2: comm syz-executor: Directory block failed checksum
[  336.015272][ T3639] EXT4-fs (loop1): unmounting filesystem.
[  336.058302][ T7261] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1018'.
[  336.119599][ T7261] IPv6: ADDRCONF(NETDEV_CHANGE): vcan0: link becomes ready
[  336.120822][   T22] usb 5-1: new high-speed USB device number 14 using dummy_hcd
[  336.130717][ T7261] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  336.181013][ T7261] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  336.245972][ T7263] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1020'.
[  336.255682][ T7263] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1020'.
[  336.273786][ T7263] bridge0: port 2(bridge_slave_1) entered disabled state
[  336.302700][ T7263] bridge0: port 2(bridge_slave_1) entered blocking state
[  336.309889][ T7263] bridge0: port 2(bridge_slave_1) entered forwarding state
[  336.356402][ T7248] loop0: detected capacity change from 0 to 32768
[  336.390959][   T22] usb 5-1: Using ep0 maxpacket: 8
[  336.449776][ T7271] loop3: detected capacity change from 0 to 128
[  336.471453][ T7273] netlink: 452 bytes leftover after parsing attributes in process `syz.2.1022'.
[  336.498335][ T7248] XFS (loop0): Mounting V5 Filesystem
[  336.583560][  T102] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  336.662817][   T22] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  336.679538][   T22] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  336.691274][   T22] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  336.701565][   T22] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  336.714971][   T22] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  336.724559][   T22] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  337.063956][   T22] usb 5-1: usb_control_msg returned -71
[  337.144778][   T22] usbtmc 5-1:16.0: can't read capabilities
[  337.344995][   T22] usb 5-1: USB disconnect, device number 14
[  337.383166][  T102] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  337.397715][ T7248] XFS (loop0): Ending clean mount
[  337.608974][ T3637] XFS (loop0): Unmounting Filesystem
[  337.632456][  T102] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  337.767474][  T102] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  337.876902][ T3650] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1
[  337.998163][ T3653] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9
[  338.011991][ T3653] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9
[  338.157491][ T7296] team0 speed is unknown, defaulting to 1000
[  338.431884][ T3653] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4
[  338.445620][ T3653] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3
[  338.454519][ T3653] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2
[  338.846697][ T7292] team0 speed is unknown, defaulting to 1000
[  338.848571][ T7304] loop3: detected capacity change from 0 to 512
[  338.957240][ T7304] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  339.010274][ T7304] ext4 filesystem being mounted at /204/bus supports timestamps until 2038 (0x7fffffff)
[  339.199827][  T102] tipc: Disabling bearer <udp:s>
[  339.203641][ T7312] loop0: detected capacity change from 0 to 512
[  339.218128][  T102] tipc: Left network mode
[  339.715528][ T7312] EXT4-fs (loop0): 1 truncate cleaned up
[  339.760756][ T7312] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  339.844319][ T3641] EXT4-fs (loop3): unmounting filesystem.
[  339.873819][ T7326] loop4: detected capacity change from 0 to 128
[  340.077374][ T7329] loop3: detected capacity change from 0 to 16
[  340.091831][ T7329] erofs: Unknown parameter '00000000000000000000'
[  340.512282][ T3653] Bluetooth: hci4: command tx timeout
[  340.989799][ T7329] loop3: detected capacity change from 0 to 4096
[  341.089774][ T3798] I/O error, dev loop3, sector 3968 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 2
[  341.168783][ T7341] netlink: 452 bytes leftover after parsing attributes in process `syz.4.1036'.
[  341.193286][ T3637] EXT4-fs (loop0): unmounting filesystem.
[  341.227954][ T7329] loop3: detected capacity change from 0 to 2048
[  341.327374][ T7292] chnl_net:caif_netlink_parms(): no params data found
[  341.348616][ T7345] NILFS (loop3): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  341.534516][ T7350] loop0: detected capacity change from 0 to 1024
[  341.620293][ T7292] bridge0: port 1(bridge_slave_0) entered blocking state
[  341.650924][ T7292] bridge0: port 1(bridge_slave_0) entered disabled state
[  341.714564][   T26] audit: type=1800 audit(1724356209.612:46): pid=7347 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1034" name="file1" dev="loop3" ino=15 res=0 errno=0
[  341.739900][ T7292] device bridge_slave_0 entered promiscuous mode
[  342.222424][   T26] audit: type=1326 audit(1724356209.922:47): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7360 comm="syz.4.1039" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f41f8379e79 code=0x0
[  342.590873][ T3653] Bluetooth: hci4: command tx timeout
[  342.753024][ T7292] bridge0: port 2(bridge_slave_1) entered blocking state
[  342.761184][ T7292] bridge0: port 2(bridge_slave_1) entered disabled state
[  342.791247][ T7292] device bridge_slave_1 entered promiscuous mode
[  342.970663][ T3685] usb 1-1: new high-speed USB device number 24 using dummy_hcd
[  343.043907][ T7292] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  343.127776][ T7292] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  343.261210][ T3685] usb 1-1: Using ep0 maxpacket: 8
[  343.270709][ T4163] usb 5-1: new high-speed USB device number 15 using dummy_hcd
[  343.335490][ T7292] team0: Port device team_slave_0 added
[  343.380893][ T3685] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  343.407101][ T3685] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  343.476464][ T3685] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  343.541250][ T3685] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  343.560907][ T4163] usb 5-1: Using ep0 maxpacket: 16
[  343.588023][ T3685] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  343.638578][ T3685] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  343.690978][ T4163] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config
[  343.721731][ T4163] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3
[  343.755256][ T7386] loop2: detected capacity change from 0 to 512
[  343.799810][ T7386] EXT4-fs (loop2): mounted filesystem without journal. Quota mode: writeback.
[  343.810673][ T7386] ext4 filesystem being mounted at /206/bus supports timestamps until 2038 (0x7fffffff)
[  343.888922][ T7292] team0: Port device team_slave_1 added
[  343.901843][ T4163] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40
[  343.913163][ T4163] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  343.921429][ T4163] usb 5-1: Product: syz
[  343.925744][ T4163] usb 5-1: Manufacturer: syz
[  343.930346][ T4163] usb 5-1: SerialNumber: syz
[  343.980641][ T3685] usb 1-1: usb_control_msg returned -71
[  343.986263][ T3685] usbtmc 1-1:16.0: can't read capabilities
[  343.993990][ T7292] batman_adv: batadv0: Adding interface: batadv_slave_0
[  344.009491][ T7292] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  344.053798][ T7292] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  344.672563][ T3653] Bluetooth: hci4: command tx timeout
[  344.694602][ T7292] batman_adv: batadv0: Adding interface: batadv_slave_1
[  344.715567][ T7292] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  344.734790][ T3685] usb 1-1: USB disconnect, device number 24
[  344.744098][ T7292] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  344.846944][ T3638] EXT4-fs (loop2): unmounting filesystem.
[  344.930870][ T4163] usb 5-1: skipping empty audio interface (v1)
[  344.975561][ T4163] snd-usb-audio: probe of 5-1:1.0 failed with error -22
[  344.995977][ T4163] usb 5-1: USB disconnect, device number 15
[  345.006758][ T3798] udevd[3798]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory
[  345.146794][ T7292] device hsr_slave_0 entered promiscuous mode
[  345.159936][ T7292] device hsr_slave_1 entered promiscuous mode
[  345.175606][ T7292] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  345.186687][ T7292] Cannot create hsr debugfs directory
[  345.210069][  T102] device hsr_slave_0 left promiscuous mode
[  345.220265][  T102] device hsr_slave_1 left promiscuous mode
[  345.230873][  T102] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  345.239714][  T102] batman_adv: batadv0: Removing interface: batadv_slave_0
[  345.265191][  T102] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  345.276695][  T102] batman_adv: batadv0: Removing interface: batadv_slave_1
[  345.289304][  T102] device bridge_slave_1 left promiscuous mode
[  345.302037][  T102] bridge0: port 2(bridge_slave_1) entered disabled state
[  345.376545][  T102] device bridge_slave_0 left promiscuous mode
[  346.104455][  T102] bridge0: port 1(bridge_slave_0) entered disabled state
[  346.280280][ T7407] netlink: 452 bytes leftover after parsing attributes in process `syz.2.1047'.
[  346.311372][  T102] device veth1_macvtap left promiscuous mode
[  346.341067][  T102] device veth0_macvtap left promiscuous mode
[  346.352543][  T102] device veth1_vlan left promiscuous mode
[  346.359709][  T102] device veth0_vlan left promiscuous mode
[  346.430731][ T4160] usb 5-1: new high-speed USB device number 16 using dummy_hcd
[  346.700774][ T4160] usb 5-1: Using ep0 maxpacket: 16
[  346.841434][ T4160] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7
[  346.932501][ T3653] Bluetooth: hci4: command tx timeout
[  346.943175][  T102] bond1 (unregistering): Released all slaves
[  347.038728][ T4160] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e
[  347.048236][ T4160] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[  347.057300][ T4160] usb 5-1: Product: syz
[  347.062196][ T4160] usb 5-1: Manufacturer: syz
[  347.067026][ T4160] usb 5-1: SerialNumber: syz
[  347.089986][ T4160] usb 5-1: config 0 descriptor??
[  347.117436][ T7418] 9pnet_fd: Insufficient options for proto=fd
[  347.163090][ T4160] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input7
[  347.286750][ T7420] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1049'.
[  347.404026][ T3680] usb 5-1: USB disconnect, device number 16
[  347.576870][  T102] team0 (unregistering): Port device team_slave_1 removed
[  347.617002][  T102] team0 (unregistering): Port device team_slave_0 removed
[  347.658484][  T102] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  347.699304][  T102] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  348.061928][ T7422] loop4: detected capacity change from 0 to 512
[  348.076238][ T7422] EXT4-fs: Ignoring removed nomblk_io_submit option
[  348.099725][ T7422] EXT4-fs (loop4): Test dummy encryption mode enabled
[  348.125983][ T7422] EXT4-fs error (device loop4): ext4_orphan_get:1396: inode #17: comm syz.4.1050: iget: bogus i_mode (0)
[  348.138064][ T7422] EXT4-fs error (device loop4): ext4_orphan_get:1401: comm syz.4.1050: couldn't read orphan inode 17 (err -117)
[  348.152177][ T7422] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  348.558631][  T102] bond0 (unregistering): Released all slaves
[  348.776659][ T7426] fscrypt: AES-256-CTS-CBC using implementation "cts-cbc-aes-aesni"
[  348.786531][ T7426] EXT4-fs error (device loop4): ext4_validate_block_bitmap:429: comm syz.4.1050: bg 0: block 7: invalid block bitmap
[  348.828789][ T3634] EXT4-fs (loop4): unmounting filesystem.
[  348.992638][ T7413] team0 speed is unknown, defaulting to 1000
[  349.856848][ T7439] loop0: detected capacity change from 0 to 512
[  350.039583][ T7439] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  350.159832][ T7439] ext4 filesystem being mounted at /194/bus supports timestamps until 2038 (0x7fffffff)
[  351.330356][   T26] audit: type=1326 audit(1724356218.282:48): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7448 comm="syz.3.1056" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fe408179e79 code=0x0
[  351.352315][    C1] vkms_vblank_simulate: vblank timer overrun
[  351.813855][ T3637] EXT4-fs (loop0): unmounting filesystem.
[  351.821874][   T22] libceph: connect (1)[c::]:6789 error -101
[  351.828034][   T22] libceph: mon0 (1)[c::]:6789 connect error
[  351.868712][ T3685] libceph: connect (1)[c::]:6789 error -101
[  351.883386][ T3685] libceph: mon0 (1)[c::]:6789 connect error
[  351.939776][ T7453] netlink: 'syz.3.1056': attribute type 39 has an invalid length.
[  352.017907][ T7452] ceph: No mds server is up or the cluster is laggy
[  352.163456][ T3680] libceph: connect (1)[c::]:6789 error -101
[  352.177405][ T3680] libceph: mon0 (1)[c::]:6789 connect error
[  352.929753][ T3685] libceph: connect (1)[c::]:6789 error -101
[  352.950707][ T3685] libceph: mon0 (1)[c::]:6789 connect error
[  353.117841][ T7484] netlink: 452 bytes leftover after parsing attributes in process `syz.2.1061'.
[  354.091574][ T7494] ecryptfs_parse_options: You must supply at least one valid auth tok signature as a mount parameter; see the eCryptfs README
[  354.121822][ T7494] Error parsing options; rc = [-22]
[  354.142767][ T7499] team0 speed is unknown, defaulting to 1000
[  354.623991][ T7514] fuse: Bad value for 'fd'
[  355.051508][ T7508] loop4: detected capacity change from 0 to 2048
[  355.182861][ T7512] loop0: detected capacity change from 0 to 512
[  355.263084][ T7292] netdevsim netdevsim1 netdevsim0: renamed from eth0
[  355.446579][ T7512] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: writeback.
[  355.455934][ T7518] NILFS (loop4): segctord starting. Construction interval = 5 seconds, CP frequency < 30 seconds
[  355.490080][ T7292] netdevsim netdevsim1 netdevsim1: renamed from eth1
[  355.590112][ T7512] ext4 filesystem being mounted at /198/bus supports timestamps until 2038 (0x7fffffff)
[  355.652958][ T7292] netdevsim netdevsim1 netdevsim2: renamed from eth2
[  355.868455][ T7292] netdevsim netdevsim1 netdevsim3: renamed from eth3
[  355.910066][ T7520] netlink: 'syz.4.1067': attribute type 1 has an invalid length.
[  356.366229][ T7292] 8021q: adding VLAN 0 to HW filter on device bond0
[  356.459481][ T3721] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  356.490379][ T3721] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  356.514308][ T7292] 8021q: adding VLAN 0 to HW filter on device team0
[  356.538231][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  356.559716][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  356.595888][   T46] bridge0: port 1(bridge_slave_0) entered blocking state
[  356.604496][   T46] bridge0: port 1(bridge_slave_0) entered forwarding state
[  356.664131][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  356.689396][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  356.715512][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  356.737553][   T46] bridge0: port 2(bridge_slave_1) entered blocking state
[  356.746256][   T46] bridge0: port 2(bridge_slave_1) entered forwarding state
[  356.765174][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  356.788669][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  356.814569][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  356.842379][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  356.875571][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  356.901634][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  356.944497][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  357.015378][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  357.032743][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  357.066066][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  357.085003][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  357.129303][ T7292] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  358.145870][ T7553] team0 speed is unknown, defaulting to 1000
[  358.454556][ T7550] netlink: 452 bytes leftover after parsing attributes in process `syz.2.1075'.
[  358.910420][ T7571] loop4: detected capacity change from 0 to 128
[  358.930210][ T3637] EXT4-fs (loop0): unmounting filesystem.
[  360.508602][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  360.519483][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  360.695976][   T26] audit: type=1326 audit(1724356228.592:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7585 comm="syz.4.1081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41f8379e79 code=0x7ffc0000
[  361.333949][ T7292] 8021q: adding VLAN 0 to HW filter on device batadv0
[  361.425959][   T26] audit: type=1326 audit(1724356228.592:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7585 comm="syz.4.1081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=252 compat=0 ip=0x7f41f8379e79 code=0x7ffc0000
[  361.474285][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  361.523097][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  361.546355][ T7594] loop0: detected capacity change from 0 to 512
[  361.554162][   T26] audit: type=1326 audit(1724356228.592:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7585 comm="syz.4.1081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41f8379e79 code=0x7ffc0000
[  361.622123][ T3717] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  361.631260][ T7594] EXT4-fs: Ignoring removed bh option
[  361.650731][ T3647] usb 3-1: new high-speed USB device number 20 using dummy_hcd
[  361.681799][ T3717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  361.708968][ T7292] device veth0_vlan entered promiscuous mode
[  361.725058][ T7594] EXT4-fs error (device loop0): __ext4_iget:5055: inode #15: block 1803188595: comm syz.0.1083: invalid block
[  361.746068][   T26] audit: type=1326 audit(1724356228.672:52): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7585 comm="syz.4.1081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f41f8379e79 code=0x7ffc0000
[  361.748004][ T3717] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  361.775784][ T7594] EXT4-fs error (device loop0): ext4_orphan_get:1401: comm syz.0.1083: couldn't read orphan inode 15 (err -117)
[  361.855584][ T3717] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  361.897687][ T7594] EXT4-fs (loop0): mounted filesystem without journal. Quota mode: none.
[  361.909689][ T7292] device veth1_vlan entered promiscuous mode
[  361.915936][ T3647] usb 3-1: Using ep0 maxpacket: 8
[  361.928841][   T26] audit: type=1326 audit(1724356228.712:53): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7585 comm="syz.4.1081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41f8379e79 code=0x7ffc0000
[  362.033598][   T26] audit: type=1326 audit(1724356228.762:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7585 comm="syz.4.1081" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41f8379e79 code=0x7ffc0000
[  362.061233][ T7602] loop4: detected capacity change from 0 to 2048
[  362.085851][ T3647] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  362.108339][ T3717] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  362.120717][ T7594] loop0: detected capacity change from 512 to 11
[  362.130488][ T3647] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  362.139719][ T3717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  362.148874][ T7605] syz.0.1083: attempt to access beyond end of device
[  362.148874][ T7605] loop0: rw=524288, sector=12, nr_sectors = 2 limit=11
[  362.167642][ T3647] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  362.178522][ T7602] UDF-fs: INFO Mounting volume 'LiuxUDF', timestamp 2022/11/22 14:59 (1000)
[  362.200134][ T7292] device veth0_macvtap entered promiscuous mode
[  362.224251][ T7292] device veth1_macvtap entered promiscuous mode
[  362.234378][ T3647] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  362.290373][ T7292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  362.301113][ T3647] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  362.322611][ T7605] syz.0.1083: attempt to access beyond end of device
[  362.322611][ T7605] loop0: rw=12288, sector=14, nr_sectors = 2 limit=11
[  362.336920][ T3647] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  362.354753][ T7292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  362.600720][ T7605] EXT4-fs error (device loop0): ext4_get_inode_loc:4644: inode #12: block 7: comm syz.0.1083: unable to read itable block
[  362.609942][ T7602] UDF-fs: error (device loop4): udf_read_inode: (ino 1345) failed !bh
[  362.637234][ T7609] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount.
[  362.655723][ T7292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  362.663818][ T7609] CIFS mount error: No usable UNC path provided in device string!
[  362.663818][ T7609] 
[  362.675336][ T7292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  362.684286][ T7609] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string!
[  362.699445][ T7292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  362.911484][ T3647] usb 3-1: GET_CAPABILITIES returned 0
[  362.915143][ T7605] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5879: Out of memory
[  362.917001][ T3647] usbtmc 3-1:16.0: can't read capabilities
[  362.933246][ T7605] EXT4-fs error (device loop0): __ext4_new_inode:1346: inode #19: comm syz.0.1083: mark_inode_dirty error
[  362.950607][ T7292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  363.007398][ T7292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  363.058807][ T7292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  363.069152][ T7605] EXT4-fs error (device loop0) in __ext4_new_inode:1348: Out of memory
[  363.105629][ T7292] batman_adv: batadv0: Interface activated: batadv_slave_0
[  363.122617][ T5266] usb 3-1: USB disconnect, device number 20
[  363.131066][ T7605] EXT4-fs error (device loop0) in ext4_reserve_inode_write:5879: Out of memory
[  363.160557][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  363.176188][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  363.184494][ T7605] EXT4-fs error (device loop0): ext4_evict_inode:279: inode #19: comm syz.0.1083: mark_inode_dirty error
[  363.205447][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  363.226369][   T11] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  363.240114][ T7605] EXT4-fs warning (device loop0): ext4_evict_inode:282: couldn't mark inode dirty (err -12)
[  363.297018][ T7292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  363.337938][ T7292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  363.364758][ T7292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  363.366483][ T3637] EXT4-fs warning (device loop0): htree_dirblock_to_tree:1083: inode #2: lblock 0: comm syz-executor: error -12 reading directory block
[  363.383255][ T7292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  363.409165][ T7622] loop4: detected capacity change from 0 to 512
[  363.411427][ T7292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  363.445121][ T7622] EXT4-fs (loop4): mounted filesystem without journal. Quota mode: writeback.
[  363.454638][ T7622] ext4 filesystem being mounted at /228/bus supports timestamps until 2038 (0x7fffffff)
[  363.478114][ T7292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  363.500596][ T7292] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  363.528983][ T7292] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  363.557864][ T7292] batman_adv: batadv0: Interface activated: batadv_slave_1
[  363.586585][ T7292] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  363.606086][ T7292] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  363.627423][ T3637] EXT4-fs (loop0): unmounting filesystem.
[  363.658279][ T7292] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  363.667406][ T7292] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  363.760620][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  363.776109][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  363.881583][ T7633] loop2: detected capacity change from 0 to 128
[  365.020264][ T1070] block nbd3: Attempted send on invalid socket
[  365.027089][ T1070] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 1
[  365.042795][ T7643] (syz.3.1092,7643,0):ocfs2_get_sector:1771 ERROR: status = -5
[  365.050969][ T7643] (syz.3.1092,7643,0):ocfs2_sb_probe:749 ERROR: status = -5
[  365.058284][ T7643] (syz.3.1092,7643,0):ocfs2_fill_super:990 ERROR: superblock probe failed!
[  365.066989][ T7643] (syz.3.1092,7643,0):ocfs2_fill_super:1176 ERROR: status = -5
[  365.267547][   T46] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  365.306639][   T46] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  365.368333][   T46] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  365.457911][ T3835] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  365.473926][ T3835] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  365.491256][ T3721] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  365.868192][  T102] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  365.940521][ T5266] usb 2-1: new high-speed USB device number 21 using dummy_hcd
[  366.056492][ T3653] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1
[  366.067448][ T3653] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9
[  366.094965][  T102] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  366.116110][ T3653] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9
[  366.129885][ T3653] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4
[  366.140361][ T3653] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3
[  366.147919][ T3653] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2
[  366.180681][ T5266] usb 2-1: Using ep0 maxpacket: 8
[  366.242175][ T7660] team0 speed is unknown, defaulting to 1000
[  366.310533][ T5266] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  366.322264][  T102] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  366.330803][ T5266] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  366.360813][ T5266] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  366.393856][ T5266] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  366.427138][ T5266] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  366.455578][ T5266] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  366.506881][  T102] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0
[  366.750720][ T5266] usb 2-1: GET_CAPABILITIES returned 0
[  366.756259][ T5266] usbtmc 2-1:16.0: can't read capabilities
[  366.929607][ T7660] chnl_net:caif_netlink_parms(): no params data found
[  366.985981][ T3647] usb 2-1: USB disconnect, device number 21
[  367.105802][ T3634] EXT4-fs (loop4): unmounting filesystem.
[  367.122163][  T102] tipc: Disabling bearer <udp:s>
[  367.127723][  T102] tipc: Left network mode
[  367.310238][ T7660] bridge0: port 1(bridge_slave_0) entered blocking state
[  367.340939][ T7660] bridge0: port 1(bridge_slave_0) entered disabled state
[  367.349152][ T7660] device bridge_slave_0 entered promiscuous mode
[  367.401938][ T7660] bridge0: port 2(bridge_slave_1) entered blocking state
[  367.420737][ T7660] bridge0: port 2(bridge_slave_1) entered disabled state
[  367.421959][ T7660] device bridge_slave_1 entered promiscuous mode
[  367.505971][ T7660] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link
[  367.699486][ T7660] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link
[  368.194671][ T3644] Bluetooth: hci1: command tx timeout
[  368.317885][ T7660] team0: Port device team_slave_0 added
[  368.357481][ T7660] team0: Port device team_slave_1 added
[  368.601763][ T7700] sctp: [Deprecated]: syz.1.1099 (pid 7700) Use of int in max_burst socket option deprecated.
[  368.601763][ T7700] Use struct sctp_assoc_value instead
[  369.482183][ T7660] batman_adv: batadv0: Adding interface: batadv_slave_0
[  369.529824][ T7660] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  369.650259][ T7660] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active
[  369.847545][ T7660] batman_adv: batadv0: Adding interface: batadv_slave_1
[  369.855610][ T7660] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem.
[  369.969556][ T7660] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active
[  370.090334][ T7724] loop4: detected capacity change from 0 to 128
[  370.194337][ T7660] device hsr_slave_0 entered promiscuous mode
[  370.277038][ T3644] Bluetooth: hci1: command tx timeout
[  370.320912][ T7660] device hsr_slave_1 entered promiscuous mode
[  370.514115][ T7734] loop1: detected capacity change from 0 to 512
[  370.999416][ T7660] debugfs: Directory 'hsr0' with parent 'hsr' already present!
[  371.038190][ T7734] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  371.040385][ T7660] Cannot create hsr debugfs directory
[  371.068584][ T7734] ext4 filesystem being mounted at /4/bus supports timestamps until 2038 (0x7fffffff)
[  371.270559][ T5266] usb 4-1: new high-speed USB device number 30 using dummy_hcd
[  371.530884][ T5266] usb 4-1: Using ep0 maxpacket: 8
[  371.650911][ T5266] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  371.681656][ T5266] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  371.730722][ T5266] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  372.180516][ T5266] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  372.361015][ T3644] Bluetooth: hci1: command tx timeout
[  372.581189][ T5266] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  372.590280][ T5266] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  372.910655][ T5266] usb 4-1: GET_CAPABILITIES returned 0
[  372.916195][ T5266] usbtmc 4-1:16.0: can't read capabilities
[  373.114039][ T5266] usb 4-1: USB disconnect, device number 30
[  373.576502][ T7781] loop4: detected capacity change from 0 to 512
[  373.583736][  T102] device hsr_slave_0 left promiscuous mode
[  373.615366][ T7781] ext4: Unknown parameter 'nobh"'
[  373.630824][  T102] device hsr_slave_1 left promiscuous mode
[  373.639298][  T102] batman_adv: batadv0: Interface deactivated: batadv_slave_0
[  373.649227][  T102] batman_adv: batadv0: Removing interface: batadv_slave_0
[  373.674489][  T102] batman_adv: batadv0: Interface deactivated: batadv_slave_1
[  373.716290][  T102] batman_adv: batadv0: Removing interface: batadv_slave_1
[  373.811509][  T102] device bridge_slave_1 left promiscuous mode
[  373.817768][  T102] bridge0: port 2(bridge_slave_1) entered disabled state
[  373.894106][  T102] device bridge_slave_0 left promiscuous mode
[  373.905916][  T102] bridge0: port 1(bridge_slave_0) entered disabled state
[  373.911620][ T7292] EXT4-fs (loop1): unmounting filesystem.
[  374.269769][   T26] audit: type=1326 audit(1724356242.162:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7779 comm="syz.4.1116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41f8379e79 code=0x7fc00000
[  374.340563][  T102] device veth0_macvtap left promiscuous mode
[  374.532589][ T3644] Bluetooth: hci1: command tx timeout
[  374.555034][  T102] device veth1_vlan left promiscuous mode
[  374.571523][   T26] audit: type=1326 audit(1724356242.162:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7779 comm="syz.4.1116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f41f8379e79 code=0x7fc00000
[  374.594301][   T26] audit: type=1326 audit(1724356242.432:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7779 comm="syz.4.1116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41f8379e79 code=0x7fc00000
[  374.615165][  T102] device veth0_vlan left promiscuous mode
[  374.616839][   T26] audit: type=1326 audit(1724356242.432:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7779 comm="syz.4.1116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f41f8379e79 code=0x7fc00000
[  374.646916][   T26] audit: type=1326 audit(1724356242.432:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7779 comm="syz.4.1116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41f8379e79 code=0x7fc00000
[  374.669352][   T26] audit: type=1326 audit(1724356242.432:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7779 comm="syz.4.1116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41f8379e79 code=0x7fc00000
[  374.701309][ T7794] loop1: detected capacity change from 0 to 128
[  374.722121][   T26] audit: type=1326 audit(1724356242.432:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7779 comm="syz.4.1116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41f8379e79 code=0x7fc00000
[  374.770557][   T26] audit: type=1326 audit(1724356242.432:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7779 comm="syz.4.1116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41f8379e79 code=0x7fc00000
[  374.842988][   T26] audit: type=1326 audit(1724356242.432:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7779 comm="syz.4.1116" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f41f8379e79 code=0x7fc00000
[  375.721033][ T7788] loop3: detected capacity change from 0 to 32768
[  375.728693][ T7788] BTRFS: device fsid 395ef67a-297e-477c-816d-cd80a5b93e5d devid 1 transid 8 /dev/loop3 scanned by syz.3.1118 (7788)
[  375.760530][ T7788] BTRFS info (device loop3): first mount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  375.770987][ T7788] BTRFS info (device loop3): using sha256 (sha256-avx2) checksum algorithm
[  375.779751][ T7788] BTRFS info (device loop3): using free space tree
[  375.817479][ T7788] BTRFS info (device loop3): enabling ssd optimizations
[  375.868681][ T7788] BTRFS info (device loop3): balance: start 
[  375.898789][ T7788] BTRFS info (device loop3): balance: ended with status: 0
[  376.021733][ T3641] BTRFS info (device loop3): last unmount of filesystem 395ef67a-297e-477c-816d-cd80a5b93e5d
[  376.575026][ T7826] netlink: 44 bytes leftover after parsing attributes in process `syz.3.1123'.
[  376.812961][  T102] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface
[  376.871302][  T102] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface
[  377.661590][  T102] bond0 (unregistering): Released all slaves
[  377.873749][ T5266] team0 speed is unknown, defaulting to 1000
[  377.903646][ T7660] netdevsim netdevsim0 netdevsim0: renamed from eth0
[  377.953097][ T1266] ieee802154 phy0 wpan0: encryption failed: -22
[  377.959424][ T1266] ieee802154 phy1 wpan1: encryption failed: -22
[  377.989137][ T7660] netdevsim netdevsim0 netdevsim1: renamed from eth1
[  378.073592][ T7660] netdevsim netdevsim0 netdevsim2: renamed from eth2
[  378.132596][ T7660] netdevsim netdevsim0 netdevsim3: renamed from eth3
[  378.333833][ T7839] loop1: detected capacity change from 0 to 512
[  378.390493][ T3647] usb 3-1: new high-speed USB device number 21 using dummy_hcd
[  378.437198][ T7839] EXT4-fs (loop1): mounted filesystem without journal. Quota mode: writeback.
[  378.456724][ T7839] ext4 filesystem being mounted at /7/bus supports timestamps until 2038 (0x7fffffff)
[  378.468132][ T7660] 8021q: adding VLAN 0 to HW filter on device bond0
[  378.580794][ T3717] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready
[  378.594154][ T3717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready
[  378.637146][ T3647] usb 3-1: Using ep0 maxpacket: 8
[  378.662643][ T7660] 8021q: adding VLAN 0 to HW filter on device team0
[  378.702420][ T3721] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready
[  378.723324][ T3721] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready
[  378.771085][ T3647] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  378.790843][ T3721] bridge0: port 1(bridge_slave_0) entered blocking state
[  378.798008][ T3721] bridge0: port 1(bridge_slave_0) entered forwarding state
[  378.817289][ T3647] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  378.858529][ T3647] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  378.879500][ T3721] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready
[  378.910276][ T3721] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready
[  378.929725][ T3647] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  378.951577][ T3721] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready
[  378.968592][ T3647] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  378.988349][ T3721] bridge0: port 2(bridge_slave_1) entered blocking state
[  378.995558][ T3721] bridge0: port 2(bridge_slave_1) entered forwarding state
[  379.010545][ T3647] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  379.047161][ T3721] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready
[  379.096118][ T3721] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready
[  379.171263][ T3721] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready
[  379.194748][ T3721] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready
[  379.222246][ T3721] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready
[  379.251683][ T3721] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready
[  379.273247][ T3721] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready
[  379.292460][ T3721] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready
[  379.310908][ T3647] usb 3-1: GET_CAPABILITIES returned 0
[  379.316443][ T3647] usbtmc 3-1:16.0: can't read capabilities
[  379.318013][ T3721] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready
[  379.351340][ T3721] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready
[  379.382713][ T7660] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready
[  379.406619][ T3721] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready
[  379.514429][ T3647] usb 3-1: USB disconnect, device number 21
[  380.721339][ T3927] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready
[  380.728902][ T3927] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready
[  380.816847][ T7878] loop2: detected capacity change from 0 to 128
[  380.925615][ T7660] 8021q: adding VLAN 0 to HW filter on device batadv0
[  381.660595][ T3721] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready
[  381.697023][ T3721] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready
[  381.768540][ T3717] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready
[  381.799850][ T3717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready
[  381.830259][ T7660] device veth0_vlan entered promiscuous mode
[  381.863206][ T3717] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready
[  381.871754][ T3717] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready
[  381.910356][ T7660] device veth1_vlan entered promiscuous mode
[  381.982028][ T3717] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready
[  382.006533][ T3717] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready
[  382.026374][ T3717] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready
[  382.061475][ T3717] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready
[  382.113915][ T7660] device veth0_macvtap entered promiscuous mode
[  382.147896][ T7660] device veth1_macvtap entered promiscuous mode
[  382.245666][ T7660] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  382.290305][ T7660] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  382.328964][ T7660] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  382.451022][ T7660] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  382.833961][ T7660] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  382.844504][ T7660] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  382.876913][ T7660] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0
[  382.887626][ T7660] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  382.899175][ T7660] batman_adv: batadv0: Interface activated: batadv_slave_0
[  382.905420][ T7292] EXT4-fs (loop1): unmounting filesystem.
[  382.950829][ T7660] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  383.033186][ T7660] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  383.047945][ T7660] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  383.058466][ T7660] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  383.086484][ T7660] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  383.116331][ T7898] loop1: detected capacity change from 0 to 512
[  383.146776][ T7660] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  383.165546][ T7660] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1
[  383.177963][ T7660] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems!
[  383.198594][ T7898] ext4: Unknown parameter 'nobh"'
[  383.207417][ T7660] batman_adv: batadv0: Interface activated: batadv_slave_1
[  383.221453][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready
[  383.237334][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready
[  383.271805][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready
[  383.284351][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready
[  383.296663][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready
[  383.307607][    T9] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready
[  383.411441][ T7660] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0
[  383.455469][ T7660] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0
[  383.817578][   T26] audit: type=1326 audit(1724356251.712:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7897 comm="syz.1.1137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f07b79e79 code=0x7fc00000
[  383.855807][ T7660] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0
[  384.020578][ T7660] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0
[  384.039795][   T26] audit: type=1326 audit(1724356251.712:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7897 comm="syz.1.1137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f6f07b79e79 code=0x7fc00000
[  384.085437][   T26] audit: type=1326 audit(1724356251.902:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7897 comm="syz.1.1137" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6f07b79e79 code=0x7fc00000
[  384.230505][   T14] usb 3-1: new high-speed USB device number 22 using dummy_hcd
[  384.352997][ T7913] loop4: detected capacity change from 0 to 256
[  384.388509][ T3721] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  384.428690][ T3721] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  384.441210][ T7913] exfat: Deprecated parameter 'utf8'
[  384.446554][ T7913] exfat: Unknown parameter 'errovs'
[  384.549330][ T3835] IPv6: ADDRCONF(NETDEV_CHANGE): wlan0: link becomes ready
[  384.570505][   T14] usb 3-1: Using ep0 maxpacket: 8
[  384.617721][ T4267] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50
[  384.831609][ T4267] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50
[  385.207143][ T4840] IPv6: ADDRCONF(NETDEV_CHANGE): wlan1: link becomes ready
[  385.267868][ T7920] input: syz1 as /devices/virtual/input/input8
[  385.360738][   T14] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  385.395949][   T14] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  385.418572][ T7923] loop3: detected capacity change from 0 to 512
[  385.486685][   T14] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  385.498720][ T7923] EXT4-fs (loop3): mounted filesystem without journal. Quota mode: writeback.
[  385.527132][ T7923] ext4 filesystem being mounted at /236/bus supports timestamps until 2038 (0x7fffffff)
[  385.557560][   T14] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  385.607152][   T14] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  385.649000][   T14] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  385.930637][   T14] usb 3-1: GET_CAPABILITIES returned 0
[  385.937222][   T14] usbtmc 3-1:16.0: can't read capabilities
[  386.138774][ T3647] usb 3-1: USB disconnect, device number 22
[  386.959906][ T7939] loop2: detected capacity change from 0 to 128
[  388.186173][ T3641] EXT4-fs (loop3): unmounting filesystem.
[  388.958603][ T7959] loop3: detected capacity change from 0 to 40427
[  389.036011][ T7959] F2FS-fs (loop3): Found nat_bits in checkpoint
[  389.137771][ T7959] F2FS-fs (loop3): Mounted with checkpoint version = 48b305e5
[  390.176062][ T3625] usb 2-1: new high-speed USB device number 22 using dummy_hcd
[  390.426535][ T3625] usb 2-1: Using ep0 maxpacket: 8
[  390.554410][ T3625] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config
[  390.564749][ T3625] usb 2-1: config 0 interface 0 has no altsetting 0
[  390.652893][ T3625] usb 2-1: New USB device found, idVendor=05ac, idProduct=8501, bcdDevice=20.9d
[  390.662249][ T3625] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=105
[  390.670947][ T3625] usb 2-1: SerialNumber: syz
[  390.686615][ T3625] usb 2-1: config 0 descriptor??
[  391.576861][ T7974] 
[  391.580116][ T7974] =============================
[  391.585292][ T7974] WARNING: suspicious RCU usage
[  391.590199][ T7974] 6.1.106-syzkaller #0 Not tainted
[  391.595377][ T7974] -----------------------------
[  391.600241][ T7974] net/mac80211/sta_info.c:361 suspicious rcu_dereference_protected() usage!
[  391.609013][ T7974] 
[  391.609013][ T7974] other info that might help us debug this:
[  391.609013][ T7974] 
[  391.619315][ T7974] 
[  391.619315][ T7974] rcu_scheduler_active = 2, debug_locks = 1
[  391.627457][ T7974] 3 locks held by syz.1.1157/7974:
[  391.632752][ T7974]  #0: ffffffff8e557930 (cb_lock){++++}-{3:3}, at: genl_rcv+0x15/0x40
[  391.641058][ T7974]  #1: ffff8880741d07c8 (&rdev->wiphy.mtx){+.+.}-{3:3}, at: nl80211_pre_doit+0x58b/0x8a0
[  391.650985][ T7974]  #2: ffff8880584c0d40 (&wdev->mtx){+.+.}-{3:3}, at: nl80211_new_station+0x1c31/0x24f0
[  391.660856][ T7974] 
[  391.660856][ T7974] stack backtrace:
[  391.666793][ T7974] CPU: 0 PID: 7974 Comm: syz.1.1157 Not tainted 6.1.106-syzkaller #0
[  391.674948][ T7974] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024
[  391.685038][ T7974] Call Trace:
[  391.688360][ T7974]  <TASK>
[  391.691315][ T7974]  dump_stack_lvl+0x1e3/0x2cb
[  391.696023][ T7974]  ? nf_tcp_handle_invalid+0x642/0x642
[  391.701496][ T7974]  ? panic+0x764/0x764
[  391.705599][ T7974]  lockdep_rcu_suspicious+0x21c/0x330
[  391.711022][ T7974]  sta_remove_link+0x353/0x4a0
[  391.715814][ T7974]  sta_info_free+0x4f/0x750
[  391.720333][ T7974]  ieee80211_add_station+0x369/0x560
[  391.725641][ T7974]  rdev_add_station+0x121/0x2f0
[  391.730604][ T7974]  nl80211_new_station+0x1d33/0x24f0
[  391.735929][ T7974]  ? nl80211_set_station+0x1f50/0x1f50
[  391.741486][ T7974]  ? netdev_run_todo+0xedc/0xf40
[  391.746456][ T7974]  genl_rcv_msg+0xc1a/0xf70
[  391.750965][ T7974]  ? genl_bind+0x400/0x400
[  391.755423][ T7974]  ? read_lock_is_recursive+0x10/0x10
[  391.760846][ T7974]  ? ref_tracker_free+0x638/0x7d0
[  391.765895][ T7974]  ? nl80211_set_station+0x1f50/0x1f50
[  391.771376][ T7974]  ? refcount_inc+0x80/0x80
[  391.775898][ T7974]  ? __copy_skb_header+0x47b/0x600
[  391.781048][ T7974]  netlink_rcv_skb+0x1cd/0x410
[  391.785954][ T7974]  ? genl_bind+0x400/0x400
[  391.790396][ T7974]  ? netlink_ack+0x1290/0x1290
[  391.795201][ T7974]  genl_rcv+0x24/0x40
[  391.799207][ T7974]  netlink_unicast+0x7d8/0x970
[  391.804010][ T7974]  ? netlink_detachskb+0x90/0x90
[  391.808981][ T7974]  ? __virt_addr_valid+0x45b/0x530
[  391.814206][ T7974]  ? __phys_addr_symbol+0x2b/0x70
[  391.819380][ T7974]  ? __check_object_size+0x4dd/0xa30
[  391.821690][   T27] usb 5-1: new high-speed USB device number 17 using dummy_hcd
[  391.824716][ T7974]  ? bpf_lsm_netlink_send+0x5/0x10
[  391.837818][ T7974]  netlink_sendmsg+0xa26/0xd60
[  391.842621][ T7974]  ? netlink_getsockopt+0x580/0x580
[  391.847948][ T7974]  ? aa_sock_msg_perm+0x91/0x150
[  391.852919][ T7974]  ? bpf_lsm_socket_sendmsg+0x5/0x10
[  391.858247][ T7974]  ? security_socket_sendmsg+0x7d/0xa0
[  391.863773][ T7974]  ? netlink_getsockopt+0x580/0x580
[  391.868997][ T7974]  ____sys_sendmsg+0x5a5/0x8f0
[  391.873799][ T7974]  ? __sys_sendmsg_sock+0x30/0x30
[  391.879128][ T7974]  __sys_sendmsg+0x2a9/0x390
[  391.883751][ T7974]  ? ____sys_sendmsg+0x8f0/0x8f0
[  391.888729][ T7974]  ? __fget_files+0x28/0x4a0
[  391.893355][ T7974]  ? lockdep_hardirqs_on_prepare+0x438/0x7a0
[  391.899369][ T7974]  ? syscall_enter_from_user_mode+0x2e/0x230
[  391.905378][ T7974]  ? lockdep_hardirqs_on+0x94/0x130
[  391.910593][ T7974]  ? syscall_enter_from_user_mode+0x2e/0x230
[  391.916592][ T7974]  do_syscall_64+0x3b/0xb0
[  391.921085][ T7974]  ? clear_bhb_loop+0x45/0xa0
[  391.925884][ T7974]  entry_SYSCALL_64_after_hwframe+0x68/0xd2
[  391.931829][ T7974] RIP: 0033:0x7f6f07b79e79
[  391.936299][ T7974] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48
[  391.956020][ T7974] RSP: 002b:00007f6f08981038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e
[  391.964651][ T7974] RAX: ffffffffffffffda RBX: 00007f6f07d16058 RCX: 00007f6f07b79e79
[  391.972648][ T7974] RDX: 0000000000000000 RSI: 0000000020001080 RDI: 000000000000000d
[  391.980740][ T7974] RBP: 00007f6f07be7916 R08: 0000000000000000 R09: 0000000000000000
[  391.988828][ T7974] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000
[  391.996831][ T7974] R13: 0000000000000000 R14: 00007f6f07d16058 R15: 00007ffe34f34fc8
[  392.004851][ T7974]  </TASK>
[  392.210717][   T27] usb 5-1: Using ep0 maxpacket: 8
[  392.220187][ T7985] netlink: 'syz.3.1162': attribute type 39 has an invalid length.
[  392.229084][ T3625] usb 2-1: Found UVC 0.00 device <unnamed> (05ac:8501)
[  392.239216][ T3625] usb 2-1: No valid video chain found.
[  392.247655][ T3625] usb 2-1: USB disconnect, device number 22
[  392.286755][ T7984] loop0: detected capacity change from 0 to 40427
[  392.308322][ T7984] F2FS-fs (loop0): Found nat_bits in checkpoint
[  392.330813][   T27] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0
[  392.345741][   T27] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0
[  392.356160][   T27] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32
[  392.367179][   T27] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3
[  392.371666][ T7984] F2FS-fs (loop0): Mounted with checkpoint version = 48b305e5
[  392.380345][   T27] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23
[  392.415421][   T27] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0
[  393.001014][   T27] usb 5-1: GET_CAPABILITIES returned 0
[  393.039333][   T27] usbtmc 5-1:16.0: can't read capabilities
[  393.247619][ T3625] usb 5-1: USB disconnect, device number 17